Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 3.1
show debug through show ipv6 traffic
Download this chapter
show debug through show ipv6 trafficshow debug through show ipv6 traffic
Download the complete book
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.3 -- Whole Book PDF Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 2.3 -- Whole Book PDF (PDF - 23 MB)
give_us_feedback

Table Of Contents

show debug through show ipv6 traffic Commands

show debug

show dhcprelay state

show dhcprelay statistics

show disk

show dns-hosts

show failover

show file

show firewall

show fragment

show gc

show h225

show h245

show h323-ras

show history

show idb

show igmp groups

show igmp traffic

show interface

show interface ip brief

show ip address

show ip verify statistics

show ipsec sa

show ipsec sa summary

show ipsec stats

show ipv6 access-list

show ipv6 interface

show ipv6 neighbor

show ipv6 route

show ipv6 routers

show ipv6 traffic


show debug through show ipv6 traffic Commands

show debug

To show the current debugging configuration in privileged EXEC mode, use the show debug command.

show debug [command [keywords]]

Syntax Description

command [keywords]

(Optional) Specifies the debug command whose current configuration you want to view. For each command, the syntax following command is identical to the syntax supported by the associated debug command. For example, valid keywords following show debug aaa are the same as the valid keywords for the debug aaa command. Thus, show debug aaa supports an accounting keyword, which lets you specify that you want to see the debugging configuration for that portion of AAA debugging.


Defaults

This command has no default settings.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.


Usage Guidelines

The valid command values follow. For information about valid syntax after command, see the entry for debug command, as applicable.

Note The availability of each command value depends upon the command modes that support the applicable debug command.

aaa

appfw

arp

asdm

context

crypto

ctiqbe

ctm

dhcpc

dhcpd

dhcprelay

disk

dns

email

entity

fixup

fover

fsm

ftp

generic

gtp

h323

http

http-map

icmp

igmp

ils

imagemgr

ipsec-over-tcp

ipv6

iua-proxy

kerberos

ldap

mfib

mgcp

mrib

ntdomain

ntp

ospf

parser

pim

pix

pptp

radius

rip

rtsp

sdi

sequence

sip

skinny

smtp

sqlnet

ssh

ssl

sunrpc

tacacs

timestamps

vpn-sessiondb

xdmcp

Examples

The following commands enable debugging for authentication, accounting, and Flash memory. The show debug command is used in three ways to demonstrate how you can use it to view all debugging configuration, debugging configuration for a specific feature, and even debugging configuration for a subset of a feature. 

hostname# debug aaa authentication 

debug aaa authentication enabled at level 1

hostname# debug aaa accounting

debug aaa accounting enabled at level 1

hostname# debug disk filesystem

debug disk filesystem enabled at level 1

hostname# show debug

debug aaa authentication enabled at level 1

debug aaa accounting enabled at level 1

debug disk filesystem enabled at level 1

hostname# show debug aaa

debug aaa authentication enabled at level 1

debug aaa authorization is disabled.

debug aaa accounting enabled at level 1

debug aaa internal is disabled.

debug aaa vpn is disabled.

hostname# show debug aaa accounting

debug aaa accounting enabled at level 1

hostname#

Related Commands

Command
Description

debug

See all debug commands.


show dhcprelay state

To view the state of the DHCP relay agent, use the show dhcprelay state command in privileged EXEC or global configuration mode.

show dhcprelay state

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC or global configuration


Command History

Release
Modification

2.2(1)

This command was introduced.

3.1(1)

This command was changed from show dhcprelay.


Usage Guidelines

This command displays the DHCP relay agent state information for the current context and each interface.

Examples

The following is sample output from the show dhcprelay state command: 

hostname# show dhcprelay state


Context Configured as DHCP Relay

Interface outside, Not Configured for DHCP

Interface infrastructure, Configured for DHCP RELAY SERVER

Interface inside, Configured for DHCP RELAY

Related Commands

Command
Description

show dhcpd

Displays DHCP server statistics and state information.

show dhcprelay statistics

Displays the DHCP relay statistics.

show running-config dhcprelay

Displays the current DHCP relay agent configuration.


show dhcprelay statistics

To display the DHCP relay statistics, use the show dhcprelay statistics command in privileged EXEC mode.

show dhcprelay statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

2.2(1)

This command was introduced.

3.1(1)

This command was changed from show dhcprelay.


Usage Guidelines

The output of the show dhcprelay statistics command increments until you enter the clear dhcprelay statistics command.

Examples

The following is sample output for the show dhcprelay statistics command: 

hostname# show dhcprelay statistics


DHCP UDP Unreachable Errors: 0

DHCP Other UDP Errors: 0


Packets Relayed

BOOTREQUEST          0

DHCPDISCOVER         7

DHCPREQUEST          3

DHCPDECLINE          0

DHCPRELEASE          0

DHCPINFORM           0


BOOTREPLY            0

DHCPOFFER            7

DHCPACK              3

DHCPNAK              0

FeralPix(config)#

Related Commands

Command
Description

clear configure dhcprelay

Removes all DHCP relay agent settings.

clear dhcprelay statistics

Clears the DHCP relay agent statistic counters.

debug dhcprelay

Displays debug information for the DHCP relay agent.

show dhcprelay state

Displays the state of the DHCP relay agent.

show running-config dhcprelay

Displays the current DHCP relay agent configuration.


show disk

To display the contents of the Flash memory, use the show disk command in privileged EXEC mode.

show disk [filesys | all]

Syntax Description

filesys

Shows information about the compact Flash card.

all

Shows the contents of Flash memory plus the file system information,


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

2.2(1)

This command was introduced.


Examples

The following is sample output from the show disk command: 

hostname# show disk

-#- --length-- -----date/time------ path

 11 1301       Feb 21 2005 18:01:34 test.cfg

 12 1949       Feb 21 2005 20:13:36 test1.cfg

 13 2551       Jan 06 2005 10:07:36 test2.cfg

 14 609223     Jan 21 2005 07:14:18 test3.cfg

 15 1619       Jul 16 2004 16:06:48 test4.cfg

 16 3184       Aug 03 2004 07:07:00 old_running.cfg

 17 4787       Mar 04 2005 12:32:18 test5.cfg

 20 1792       Jan 21 2005 07:29:24 test6.cfg

 21 7765184    Mar 07 2005 19:38:30 test7.cfg

 22 1674       Nov 11 2004 02:47:52 test8.cfg

 23 1863       Jan 21 2005 07:29:18 test9.cfg

 24 1197       Jan 19 2005 08:17:48 test10.cfg

 25 608554     Jan 13 2005 06:20:54 backupconfig.cfg

 26 5124096    Feb 20 2005 08:49:28 cdisk1

 27 5124096    Mar 01 2005 17:59:56 cdisk2

 28 2074       Jan 13 2005 08:13:26 test11.cfg

 29 5124096    Mar 07 2005 19:56:58 cdisk3

 30 1276       Jan 28 2005 08:31:58 lead

 31 7756788    Feb 24 2005 12:59:46 asdmfile.dbg

 32 7579792    Mar 08 2005 11:06:56 asdmfile1.dbg

 33 7764344    Mar 04 2005 12:17:46 asdmfile2.dbg

 34 5124096    Feb 24 2005 11:50:50 cdisk4

 35 15322      Mar 04 2005 12:30:24 hs_err.log


10170368 bytes available (52711424 bytes used)

The following is sample output from the show disk filesys command: 

hostname# show disk filesys

******** Flash Card Geometry/Format Info ********


COMPACT FLASH CARD GEOMETRY

   Number of Heads:            4

   Number of Cylinders       978

   Sectors per Cylinder       32

   Sector Size               512

   Total Sectors          125184


COMPACT FLASH CARD FORMAT

   Number of FAT Sectors      61

   Sectors Per Cluster         8

   Number of Clusters      15352

   Number of Data Sectors 122976

   Base Root Sector          123

   Base FAT Sector             1

   Base Data Sector          155

Related Commands

Command
Description

dir

Displays the directory contents.


show dns-hosts

To show the DNS cache, use the show dns-hosts command in privileged EXEC mode.The DNS cache includes dynamically learned entries from a DNS server as well as manually entered name and IP addresses using the name command.

show dns-hosts

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

This command was introduced.


Usage Guidelines

See the "Examples" section for a description of the display output.

Examples

The following is sample output from the show dns-hosts command: 

hostname# show dns-hosts

Host                       Flags      Age Type   Address(es)

ns2.example.com            (temp, OK) 0    IP    10.102.255.44

ns1.example.com            (temp, OK) 0    IP    192.168.241.185

snowmass.example.com       (temp, OK) 0    IP    10.94.146.101

server.example.com         (temp, OK) 0    IP    10.94.146.80

The show dns-hosts field descriptions are as follows:

Field
Description

Host

Shows the hostname.

Flags

Shows the entry status, as a combination of the following:

temp—This entry is temporary because it comes from a DNS server. The FWSM removes this entry after 72 hours of inactivity.

perm—This entry is permanent because it was added with the name command.

OK—This entry is valid.

??—This entry is suspect and needs to be revalidated.

EX—This entry is expired.

Age

Shows the number of hours since this entry was last referenced.

Type

Shows the type of DNS record; this value is always IP.

Address(es)

The IP addresses.


Related Commands

Command
Description

clear dns-hosts cache

Clears the DNS cache.

dns domain-lookup

Enables the FWSM to perform a name lookup.

dns name-server

Configures a DNS server address.

dns retries

Specifies the number of times to retry the list of DNS servers when the FWSM does not receive a response.

dns timeout

Specifies the amount of time to wait before trying the next DNS server.


show failover

To display information about the failover status of the unit, use the show failover command in privileged EXEC mode.

show failover [group num | history | interface | state | statistics]

Syntax Description

group

Displays the running state of the specified failover group.

history

Displays failover history. The failover history displays past failover state changes and the reason for the state change.

interface

Displays failover command and stateful link information.

num

Failover group number.

state

Displays the failover state of both failover units. The information displayed includes the primary or secondary status of the unit, the Active/Standby status of the unit, and, if a unit is in the failed state, the reason for the failure.

statistics

Displays transmit and receive packet count of failover command interface.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.

2.1(1)

Support for the Autostate feature and suspend configuration synchronization were added.

3.1(1)

This command was modified to include failover groups. The output includes additional information.


Usage Guidelines

The show failover command displays the dynamic failover information, interface status, and Stateful Failover statistics. The Stateful Failover Logical Update Statistics output appears only when Stateful Failover is enabled. The "xerr" and "rerr" values do not indicate errors in failover, but rather the number of packet transmit or receive errors.

In the show failover command output, the fields have the following values:

Stateful Obj has these values:

xmit—Indicates the number of packets transmitted.

xerr—Indicates the number of transmit errors.

rcv—Indicates the number of packets received.

rerr—Indicates the number of receive errors.

Each row is for a particular object static count as follows:

General—Indicates the sum of all stateful objects.

sys cmd—Refers to the logical update system commands, such as login or stay alive.

up time—Indicates the value for the FWSM up time, which the active FWSM passes on to the standby FWSM.

RPC services—Remote Procedure Call connection information.

TCP conn—Dynamic TCP connection information.

UDP conn—Dynamic UDP connection information.

ARP tbl—Dynamic ARP table information.

Xlate_Timeout—Indicates connection translation timeout information.

VPN IKE upd—IKE connection information.

VPN IPSEC upd—IPSec connection information.

VPN CTCP upd—cTCP tunnel connection information.

VPN SDI upd—SDI AAA connection information.

VPN DHCP upd—Tunneled DHCP connection information.

If you do not enter a failover IP address, the show failover command displays 0.0.0.0 for the IP address, and monitoring of the interfaces remain in a "waiting" state. You must set a failover IP address for failover to work.

In multiple configuration mode, only the show failover command is available in a security context; you cannot enter the optional keywords.

Examples

The following is sample output from the show failover command for Active/Standby Failover. 

hostname# show failover


Failover On

Failover unit Primary 

Failover LAN Interface: fover Vlan 101 (up) 

Unit Poll frequency 1 seconds, holdtime 3 seconds 

Interface Poll frequency 15 seconds 

Interface Policy 1 

Monitored Interfaces 2 of 250 maximum 

failover replication http 

Last Failover at: 22:44:03 UTC Dec 8 2004

        This host: Primary - Active 

                Active time: 13434 (sec)

                Interface inside (10.130.9.3): Normal 

                Interface outside (10.132.9.3): Normal 

        Other host: Secondary - Standby Ready 

                Active time: 0 (sec)

                Interface inside (10.130.9.4): Normal 

                Interface outside (10.132.9.4): Normal 


Stateful Failover Logical Update Statistics

        Link : fover Vlan 101 (up)

        Stateful Obj    xmit       xerr       rcv        rerr      

        General         0          0          0          0         

        sys cmd         1733       0          1733       0         

        up time         0          0          0          0         

        RPC services    0          0          0          0         

        TCP conn        6          0          0          0         

        UDP conn        0          0          0          0         

        ARP tbl         106        0          0          0         

        Xlate_Timeout   0          0          0          0

        VPN IKE upd     15         0          0          0

        VPN IPSEC upd   90         0          0          0

        VPN CTCP upd    0          0          0          0

        VPN SDI upd     0          0          0          0

        VPN DHCP upd    0          0          0          0


        Logical Update Queue Information

                        Cur     Max     Total

        Recv Q:         0       2       1733

        Xmit Q:         0       2       15225

The following is sample output from the show failover command for Active/Active Failover. 

hostname# show failover


Failover On

Failover unit Primary

Failover LAN Interface: third Vlan 101(up) 

Unit Poll frequency 1 seconds, holdtime 15 seconds 

Interface Poll frequency 4 seconds 

Interface Policy 1 

Monitored Interfaces 8 of 250 maximum 

failover replication http 

Group 1 last failover at: 13:40:18 UTC Dec 9 2004 

Group 2 last failover at: 13:40:06 UTC Dec 9 2004


  This host:    Primary

  Group 1       State:          Active

                Active time:    2896 (sec)

  Group 2       State:          Standby Ready

                Active time:    0 (sec)


                admin Interface outside (10.132.8.5): Normal 

                admin Interface third (10.132.9.5): Normal 

                admin Interface inside (10.130.8.5): Normal 

                admin Interface fourth (10.130.9.5): Normal 

                ctx1 Interface outside (10.1.1.1): Normal 

                ctx1 Interface inside (10.2.2.1): Normal 

                ctx2 Interface outside (10.3.3.2): Normal 

                ctx2 Interface inside (10.4.4.2): Normal 


  Other host:   Secondary

  Group 1       State:          Standby Ready

                Active time:    190 (sec)

  Group 2       State:          Active

                Active time:    3322 (sec)


                admin Interface outside (10.132.8.6): Normal 

                admin Interface third (10.132.9.6): Normal 

                admin Interface inside (10.130.8.6): Normal 

                admin Interface fourth (10.130.9.6): Normal 

                ctx1 Interface outside (10.1.1.2): Normal 

                ctx1 Interface inside (10.2.2.2): Normal 

                ctx2 Interface outside (10.3.3.1): Normal 

                ctx2 Interface inside (10.4.4.1): Normal 


Stateful Failover Logical Update Statistics

        Link : third Vlan 101 (up)

        Stateful Obj    xmit       xerr       rcv        rerr      

        General         0          0          0          0         

        sys cmd         380        0          380        0         

        up time         0          0          0          0         

        RPC services    0          0          0          0         

        TCP conn        1435       0          1450       0         

        UDP conn        0          0          0          0         

        ARP tbl         124        0          65         0         

        Xlate_Timeout   0          0          0          0 

        VPN IKE upd     15         0          0          0

        VPN IPSEC upd   90         0          0          0

        VPN CTCP upd    0          0          0          0

        VPN SDI upd     0          0          0          0

        VPN DHCP upd    0          0          0          0


        Logical Update Queue Information

                        Cur     Max     Total

        Recv Q:         0       1       1895

        Xmit Q:         0       0       1940

Related Commands

Command
Description

show running-config failover

Displays the failover commands in the current configuration.


show file

To display information about the file system, use the show file command in privileged EXEC mode.

show file descriptors | system | information filename

Syntax Description

descriptors

Displays all open file descriptors.

information

Displays information about a specific file.

filename

Specifies the filename.

system

Displays the size, bytes available, type of media, flags, and prefix information about the disk file system.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

3.1(1)

Support for this command was introduced.


Examples

The following example shows how to display the file system information: 

hostname# show file descriptors

No open file descriptors

hostname# show file system

File Systems:

   Size(b)     Free(b)    Type  Flags  Prefixes

* 60985344    60973056    disk    rw     disk:

Related Commands

Command
Description

dir

Displays the directory contents.

pwd

Displays the current working directory.


show firewall

To show the current firewall mode (routed or transparent), use the show firewall command in privileged EXEC mode.

show firewall

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

2.2(1)

This command was introduced.

3.1(1)

In the system execution space, this command now shows the firewall mode for each context. You can now set the firewall mode independently for each context.


Examples

The following is sample output from the show firewall command in single mode or within a context: 

hostname# show firewall

Firewall mode: Router

The following is sample output from the show firewall command within a context: 

hostname# show firewall


Context      Mode

-------------------------

customerA    Transparent

customerB    Routed

Related Commands

Command
Description

firewall transparent

Sets the firewall mode.

show mode

Shows the current context mode, either single or multiple.


show fragment

To display the operational data of the IP fragment reassembly module, enter the show fragment command in privileged EXEC mode.

show fragment [interface]

Syntax Description

interface

(Optional) Specifies the FWSM interface.


Defaults

If an interface is not specified, the command applies to all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC mode

·

·

·

·

 

Command History

Release
Modification

1.1(1)

This command was introduced.

3.1(1)

The command was separated into two commands, show fragment and show running-config fragment, to separate the configuration data from the operational data.


Examples

This example shows how to display the operational data of the IP fragment reassembly module: 

hostname# show fragment 

Interface: inside

    Size: 200, Chain: 24, Timeout: 5, Threshold: 133

    Queue: 0, Assembled: 0, Fail: 0, Overflow: 0

Interface: outside1

    Size: 200, Chain: 24, Timeout: 5, Threshold: 133

    Queue: 0, Assembled: 0, Fail: 0, Overflow: 0

Interface: test1

    Size: 200, Chain: 24, Timeout: 5, Threshold: 133

    Queue: 0, Assembled: 0, Fail: 0, Overflow: 0

Interface: test2

    Size: 200, Chain: 24, Timeout: 5, Threshold: 133

    Queue: 0, Assembled: 0, Fail: 0, Overflow: 0

Related Commands

Command
Description

clear configure fragment

Clears the IP fragment reassembly configuration and resets the defaults.

clear fragment

Clears the operational data of the IP fragment reassembly module.

fragment

Provides additional management of packet fragmentation and improves compatibility with NFS.

show running-config fragment

Displays the IP fragment reassembly configuration.


show gc

To display the garbage collection process statistics, use the show gc command in privileged EXEC mode.

show gc

Syntax Description

This command has no arguments or keywords.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

1.1(1)

This command was introduced.


Examples

The following is sample output from the show gc command: 

hostname# show gc


Garbage collection process stats:

Total tcp conn delete response             :            0

Total udp conn delete response             :            0

Total number of zombie cleaned             :            0

Total number of embryonic conn cleaned     :            0

Total error response                       :            0

Total queries generated                    :            0

Total queries with conn present response   :            0

Total number of sweeps                     :          946

Total number of invalid vcid               :            0

Total number of zombie vcid                :            0

Related Commands

Command
Description

clear gc

Removes the garbage collection process statistics.


show h225

To display information for H.225 sessions established across the FWSM, use the show h225 command in privileged EXEC mode.

show h225

Syntax Description

This command has no arguments or keywords.