Downloads |
Table Of Contents
show certificate installed Display
show certificate detailed Display
show certificate installed Example
show certificate details Example
show certificate fingerprint Example
show config section_name Example
show config cook mark section_name Example
show ethernet addresses Example
show ethernet statistics Example
show l2tp tunnels verbose Display
show l2tp tunnels verbose Example
show radius statistics Display
show radius statistics Example
show securid statistics Display
show securid statistics Example
show vpn partners verbose Example
show wan ds3 statistics Display
show wan hssi statistics Display
show wan connect config Example
show wan connect statistics Example
show wan serial config Example
show wan serial statistics Example
show wan ds3 statistics Example
show wan hssi statistics Example
Show Commands
This section lists the show commands for the Cisco VPN 5000 concentrator series.
show all
The show all command displays most of the system configuration and status. The information displayed by this command is displayed by other show commands. Please refer to the referenced commands for specific information about the displayed information.
The information displayed varies with the hardware platform and the software configuration.
show all [verbose]
Syntax Description
Usage Guidelines
The following is a list of the information displayed:
Related Commands
show arp
This command shows the contents of a router's Address Resolution Protocol (ARP) cache. This cache holds the mapping between a high-level protocol address and the physical address. The physical address may be either an IEEE Ethernet address or a Frame Relay DLCI which can be converted into a Frame Relay Q.922 hardware address. ARP entries are added to the cache either dynamically through the use of ARP on an Ethernet LAN or IARP (Inverse ARP) on Frame Relay. They also may be added statically with the add arp command.
show arp
Usage Guidelines
The information shown is:
Example
The following is output from the show arp command:
vpn_5000: Main# show arp
B# Protocol Address Age Hardware Addr Type Interface0 IP 198.41.9.1 0 aa:00:04:00:0d:04 Dynam Ethernet A13 IP 198.41.8.1 0 c303.444.9531 Dynam Wan014 IP 198.41.9.12 0 00:00:a5:2f:20:00 Dynam Ethernet A15 IP 198.41.9.30 0 08:00:20:08:cc:0d Dynam Ethernet ARelated Commands
show certificate
The show certificate command shows the certificates installed, details about each certificate, or the certificate text. See the "Certificates" section for an overview of certificates.
show certificate {installed |
details {root | server} |
pem {root | server} [x509] |
fingerprint {root | server} |
generator}Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show certificate installed Display
The show certificate installed display includes the following information for each certificate:
show certificate detailed Display
The show certificate detailed display includes the following information for a certificate:
Examples
The following sections show an example for each command.
show certificate installed Example
vpn_5000: Main# show certificate installedRoot Certificate:Serial Number: 77:37:3a:33:37:3a:33:61:3a:33:33:3a:33:37:3a:33Issuer: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=ColoradoSubject: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=ColoradoValidityNot Before: Apr 21 00:00:00 2000 GMTNot After : Apr 20 23:59:59 2005 GMTMD5 Fingerprint: B0:DD:DD:DE:13:29:3C:54:95:F7:BD:5C:B7:0C:CA:E6Server Certificate:Serial Number: 37:37:3a:33:37:3a:33:61:3a:33:33:3a:33:37:3a:33Issuer: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=ColoradoSubject: CN=IntraPortCarrier_A5C5C600ValidityNot Before: Apr 24 00:00:00 2000 GMTNot After : Apr 24 23:59:59 2001 GMTMD5 Fingerprint: 2A:93:5F:02:7A:9D:68:80:63:8E:29:68:DA:5A:9A:BDshow certificate details Example
vpn_5000: Main# show certificate details serverServer Certificate:Version: 3 (0x2)Serial Number: 33:33:3a:33:33:3a:33:61:3a:33:33:3a:33:33:3a:33Signature Algorithm: md5WithRSAEncryptionIssuer: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=ColoradoSubject: CN=IntraPortCarrier_A5C5C600ValidityNot Before: Apr 24 00:00:00 2000 GMTNot After : Apr 24 23:59:59 2001 GMTMD5 Fingerprint: 2A:93:5F:02:7A:9D:68:80:63:8E:29:68:DA:5A:9A:BDSubject Public Key Info:Public Key Algorithm: rsaEncryptionRSA Public Key: (1024 bit)Signature Algorithm: md5WithRSAEncryption01:0c:40:40:fb:84:e3:eb:49:f4:0b:da:69:f7:6d:cd:d1:16:ae:e9:d1:a9:f3:a1:b2:03:33:a8:3a:19:a1:4c:cc:1b:5e:e1:e9:a5:06:6b:02:c1:5d:6a:93:a2:60:a3:47:6c:5b:2b:2a:91:9f:30:a7:76:77:ba:d4:84:d8:89:bd:b9:31:d2:1a:82:52:37:14:24:4f:a5:23:bb:65:fb:3e:96:7e:17:50:87:de:7d:dd:a0:21:30:80:4f:0b:26:87:7b:1a:84:a3:df:89:78:c9:dc:80:87:cd:a4:d8:f2:a2:e0:4b:0e:59:dd:36:59:3d:59:8f:d0:7e:b2:2f:97show certificate fingerprint Example
vpn_5000: Main# show certificate fingerprint serverMD5 Fingerprint: 2A:93:5F:02:7A:9D:68:80:63:8E:29:68:DA:5A:9A:BDshow certificate pem Example
vpn_5000: Main# show cert pem server-----BEGIN PKCS7-----MIAGCSqGSIb3DQEHAqCAMIIB1wIBATEAMIAGCSqGSIb3DQEHAQAAoIIBvTCCAbkwggFjoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwZjELMAkGA1UEBhMCQVUxETAPBgNVBAgTCENvbG9yYWRvMRAwDgYDVQQHEwdCb3VsZGVyMRswGQYDVQQKExJDb21wYXRpYmxlIFN5c3RlbXMxFTATBgNVBAMTDEludHJhcG9ydCBDQTAeFw05OTEyMDEwMDExMzFaFw05OTEyMzEwMDExMzFaMGYxCzAJBgNVBAYTAkFVMREwDwYDVQQIEwhDb2xvcmFkbzEQMA4GA1UEBxMHQm91bGRlcjEbMBkGA1UEChMSQ29tcGF0aWJsZSBTeXN0ZW1zMRUwEwYDVQQDEwxJbnRyYXBvcnQgQ0EwWjALBgkqhkiG9w0BAQEDSwAwSAJBAKcGdw1H2Mr7ZMIflx8rWzb2S56WimZtO4mxcAoQa7yezyZ8cXN+o+QkvxsTLSsM3YRHWE4voI6hIJbOG1gnUD0CAwEAATANBgkqhkiG9w0BAQQFAANBABnW5Np3La8tZ5P6Od3BDX7BKbefLMJXoDPN31cbAqy40L/WVwKKWGoD/M+QTrHKMt+T1RhlTr+ZGl3QT4+6wPwxAAAAAAA=-----END PKCS7-----Related Commands
show config
This command displays the concentrator's configuration, either the saved version, the running version, or the edited version.
Note
You must enter the section_name with any option for the show config command. For example, enter list cook mark all section_name. See the "configure" section to enter the configuration editor.
show config [help | list [full] | [running | saved | edited] [full] [number] [pretty] [ [cook mark [all] ] section_name] ]
Syntax Description
Examples
This section shows example displays.
show config section_name Example
The following example displays a configuration section.
vpn_5000: Main# show config ip wan 0:0[ IP Wan 0:0 ]RIPVersion = V1 # Turn RIP onNumbered = TRUEIPAddress = 31.0.0.5SubnetMask = 255.0.0.0IPBroadcast = 31.255.255.255Updates = periodicshow config cook mark section_name Example
The following example shows the same configuration displayed using the cook mark option.
vpn_5000: Main# show config cook mark ip wan 0:0[ IP Wan 0:0 ]Mode = RoutedIPAddress = 31.0.0.5 # Default => 0.0.0.0SubnetMask = 255.0.0.0 # Default => 0.0.0.0IPBroadcast = 31.255.255.255 # Default => 0.0.0.0RIPVersion = V1 # Default => NoneOutFilters =InFilters =Numbered = On # Default => OffUpdates = Periodic # Default =>TriggeredRelated Command
configure
Enters the configuration editor, which allows you to add or modify configuration variables using keyword and value pairs and ensures that they are syntactically correct
show contexts
This command lists all active CVCs in the Context List including names, file names, whether they are current or active, and whether they have been applied, modified, or written. This command also lists all CVCs in Flash memory, even those not included in the Context List section (inactive). Use the context delete command to remove CVCs from Flash memory.
show contexts ["context_name"]
Syntax Description
Usage Guidelines
The show contexts command displays the CVC name (the General section Context keyword value), and the path to the file as a URL.
Each CVC is in one of the following states:
Each CVC also shows one or more of the following messages:
Examples
vpn_5000: Main# show contexts
CURRENT "Main" "flash://Main.cfg"ACTIVE "Trans2" "flash://Trans2.cfg"ACTIVE "Trans3" "flash://Trans3.cfg"ACTIVE "Trans4" "flash://Trans4.cfg"ACTIVE "Trans5" "flash://Trans5.cfg"ACTIVE "DESTrans3" "flash://DESTrans3.cfg"ACTIVE "DESTrans4" "flash://DESTrans4.cfg"ACTIVE "DESTrans5" "flash://DESTrans5.cfg"ACTIVE "TransNAT3" "flash://TransNAT3.cfg"ACTIVE "TransNAT4" "flash://TransNAT4.cfg"ACTIVE "TransNAT5" "flash://TransNAT5.cfg"ACTIVE "DESTransNAT3" "flash://DESTransNAT3.cfg"ACTIVE "DESTransNAT4" "flash://DESTransNAT4.cfg"ACTIVE "DESTransNAT5" "flash://DESTransNAT5.cfg"INACTIVE "test2" "flash://test2.cfg"Related Commands
Context List
Includes a list of all CVC files
context
Configures and manages CVCs
show ethernet
The show ethernet commands display information specifically about the Ethernet ports in the device.
show ethernet {addresses | statistics}
Syntax Description
Examples
The following sections show an example for each command.
show ethernet addresses Example
The following is output from the show ethernet addresses command for a two-port router:
vpn_5000: Main# show ethernet addresses
Ethernet Address: 00:00:a5:77:2c:00Ethernet Address: 00:00:a5:77:2c:01show ethernet statistics Example
The following is output from the show ethernet statistics command. The number of columns varies depending on the number of Ethernet interfaces.
vpn_5000# show ethernet statistics
Statistic Type Ether 0 Ether 1Packets In 3728292 2931101Packets Out 6171 6443688Tx discards 0 0Tx Heldoff 0 0Rx discards 0 0Rx Resource err 0 0PCI Bus Error 0 0Transmit Error 0 0Total Collisions 1398 136185Late Collisions 0 016 Consec Colls 0 0Tx Jabber TO 0 0Carrier Mid-Tx 0 0Tx No Carrier 0 0Tx Too Long 0 0Tx Underflow 0 0Tx Heartbeat 0 0Deferred 1604 1576185Receive Error 0 0Rx Watchdog 0 0Rx Overflow 0 0Length Error 0 0Desc Len Err 0 0Illegal Length 0 0Runt Error 0 0Collision Err 0 0CRC Error 0 0Frame Error 0 0Missed Frames 5 5Dribble Errors 0 0MII PHY Errors 0 0Link Speed(Mbps) 10 10Duplex (1=FULL) 0 0As this display suggests, many of the statistics should be zero.
Related Command
show frelay
The show frelay commands are used to display Frame Relay configuration and statistics within the router.
show frelay {config | dlci | pvc [wan slot:0 [dlci]] | stats [wan slot:0 [dlci]]}
Syntax Description
Examples
The following sections show an example for each command.
show frelay config Example
The following is the output from a show frelay config command.
vpn_5000: Main# show frelay config
Port Maint Poll MTU DLCIWan0 annexD 10 1500 n/aWan1 Offshow frelay dlci Example
The following is the output from a show frelay dlci command.
vpn_5000: Main# show frelay dlci
Wan0 DLCI ConfigurationDLCI IP AppleTalk IPX DECnet101 10.1.2.2 Off IARP Off103 10.1.2.3 Off IARP Off102 10.1.2.4 Off IARP Off100 10.1.2.5 Off IARP Offshow frelay pvc Example
The following is the output from a show frelay pvc command.
vpn_5000: Main# show frelay pvcWan0 Frame Relay PVCDLCI State Type Interface Flags Q.922 Ref Use Active (D:H:M:S)102 Inactive User ni_wan0 21 1861 1 3018 0:00:00:00101 Active User ni_wan0 21 1851 3 112944 10:03:49:3816 Active User ni_wan0 21 0401 667 59709 2:08:22:580 Active Maint ni_wan0 41 0001 1 175562 10:03:50:02Related Command
show history
The show history command is used to display the last commands entered in the current command loop session. The command history is displayed from the oldest command to the newest command.
The command history has room for 650 bytes of command history, or about 40 commands. When the buffer fills up, older commands are removed to make room for more recent ones. All commands stored in the buffer are displayed by the show history command.
show history
Usage Guidelines
The command loop parser supports command line editing. By using this mechanism, whole commands from the history buffer can be retrieved, or a complex set of commands can be retrieved and modified to eliminate most retyping.
The edit config command has two separate history buffers: one for editor commands and another for text input using the append command. There is no way to display the history in these buffers, but the complete editing functionality described below is supported.
On a VT100 or ANSI terminal, the up and down keyboard arrow keys may be used to scroll through the history buffer. The left and right arrow keys may be used to move the cursor position on the current command. Keyboard input will be inserted at the position of the cursor, pushing the rest of the command to the right. There is no overstrike mode. Characters to the left of the cursor may be deleted by pressing either the delete or backspace key. An entire line may be deleted by entering Ctrl-U or Ctrl-C.
A more powerful "emacs" style of editing is also available for users without access to compatible arrow keys or users who are familiar with emacs o r other emacs-style command line implementations. The command search functions Ctrl-S and Ctrl-R are not implemented.
A complete summary of valid commands for both styles is listed below. Both editing styles are active and recognized at the command prompt.
Note
VT100/ANSI Keypad Editing
emacs-Style Editing
Related Commands
edit config
Enters the text editor to edit the configuration file
help
Displays context-sensitive online help info
show ip
The show ip commands display information about the configured and run-time IP parameters and IP routes. They can also show information about the status of the IP ARP cache and IP statistics.
show ip {filter | protocol | cache | statistics | rtcount |
config [ interface_type [interface_number]] | vpn [[slot:]number]] [status] |
routing [direct | dynamic [protocol] | static | default | configured] [IP_address subnet_mask]}Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show ip config Display
The show ip config Ethernet parameters are displayed with one line, while WAN interfaces are displayed with two, unless disabled. The column headings are described below:
show ip route Display
The show ip route output is displayed in four main sections.
The first is the Directly Connected Routes. These are the routes installed based upon the configuration information as well as internal routes that the device uses for routing packets sent directly to it. The second section lists runtime Static Routes. These are routes defined by the user. The third section, Dynamic Routes, lists routes picked up from other devices on Network. The last section, Configured IP Routes, shows permanently configured static routes.
The column headings are described below.
show ip cache Display
The show ip cache column headings are described below:
show ip statistics Display
The show ip statistics display is split up into sections based on whether the statistic is IP, ICMP, or UDP. The values are all defined as MIB variables and can also be obtained by using an SNMP Management station. For more information, see RFC 1213 "Management Information Base for Network Management of TCP/IP-based internets: MIB-II." Unless otherwise indicated, these tallies are only for packets directed to the device.
Examples
The following sections show an example for each command.
show ip config Example
The following is the output from a show ip config command:
vpn_5000: Main# show ip config
AddressesPort IP Addr Subnet Broadcast FlagsEthernet 0 192.168.11.6 255.255.255.224 192.168.11.31 <OSPF:Active><RIP:in,V2>Ethernet 1 ** Disabled **Bridge ** Disabled **Wan0 Unnumbered interface <Rip_out,Rip_in>Remote Address: 0.0.0.0 <>Wan1 disabledWan2 Unnumbered interface <Rip_out,Rip_in>Remote Address: 192.168.9.18 <>Wan3 163.179.16.33 255.255.255.0 163.179.16.255 <Rip_out,Rip_in>Remote Address: 163.179.16.2 <>show ip filter Example
The following is the output from a show ip filter command.
vpn_5000: Main# show ip filterFilter Spec: test (1)1: permit 0.0.0.0/00000000 -> 0.0.0.0/00000000Protocol: ==45Matches: 0:show ip routing Example
Output from the show ip routing command follows:
vpn_5000: Main# show ip routingDirectly Connected Routes:Destination Mask Refs Uses Type Interface127.0.0.1 FFFFFFFF 1 0 STIF Local192.168.9.31 FFFFFFFF 1 4812 STIF Local192.168.9.0 FFFFFFFF 1 0 STIF Local192.168.9.8 @FFFFFFFF 1 2820 Local Local192.168.9.18 @FFFFFFFF 1 27 Stat Wan2192.168.9.0 FFFFFFE0 1 45253 STIF Ethernet0163.179.16.255 FFFFFFFF 1 0 STIF Local163.179.16.0 FFFFFFFF 1 0 STIF Local163.179.16.33 @FFFFFFFF 1 0 Local Local163.179.16.0 FFFFFF00 1 2036 STIF Wan3255.255.255.255 @FFFFFFFF 1 1737 Local LocalStatic Routes:Destination Mask Gateway Metric Refs Uses Type InterfaceDynamic Routes:Destination Mask Gateway Metric Refs Uses Type TTL InterfaceDEFAULT 199.45.130.49 1 1 52724 RIP 176 Wan0192.168.8.0 FFFFFF00 192.168.9.1 3 1 2682 RIP 171 Ethernet0192.168.9.128 FFFFFFE0 192.168.9.1 1 1 0 RIP 171 Ethernet0192.168.9.224 FFFFFFE0 192.168.9.1 5 1 1603 RIP 171 Ethernet0192.168.9.64 FFFFFFE0 192.168.9.1 3 1 0 RIP 171 Ethernet0192.168.9.32 FFFFFFE0 192.168.9.1 3 1 1502 RIP 171 Ethernet0192.168.10.0 FFFFFF00 192.168.9.1 5 1 8756 RIP 171 Ethernet0199.45.130.24 FFFFFFE0 199.45.130.49 1 1 0 RIP 175 Wan0163.179.0.0 FFFFFF00 192.168.9.6 1 1 0 RIP 154 Ethernet0Total Routes in use: 24 Default Router = <not set>@Mask -> Host route *Type -> RedistributeConfigured IP Routes:Destination Mask Gateway Metric IFnum Wan0DEFAULT 192.168.200.1 1 0show ip protocol Example
A show ip protocol example:
vpn_5000: Main# show ip protocolIP PROTOCOL CONFIGURATIONWan0 : OSPF:passive RIP:disabled,V2Wan1 : OSPF:passive RIP:disabled,V2Ether0: OSPF:disabled RIP:in,out,V2Ether1: OSPF:active RIP:disabled,V2IP PROTOCOL PRECEDENCE: (1) ospf (2) rip (3) staticROUTING PROTOCOL REDISTRIBUTIONRIP to OSPF: disabledDefault to OSPF: disabledOSPF to RIP: disabledshow ip cache Example
An example of the show ip cache command is given below.
vpn_5000: Main# show ip cacheDestination Ethernet Address Iface Use cnt Last Used192.168.11.50 00:00:a5:71:2c:00 Eth3 1381589 361247192.168.9.226 00:00:a5:f1:54:00 Eth2 195745 360677192.168.11.10 02:60:8c:dd:af:58 Eth1 106912 360909192.168.9.30 aa:00:04:00:0a:04 Eth0 18048 360677show ip statistics Example
The following is the output from a show ip statistics command:
vpn_5000: Main# show ip statisticsReceived Transmitted Other------------------------ ------------------------ -----------------------IP:Packets 111638 Packets 2218 FragmentationDelivered 5999 Forwarded 1 Success 0(datagrams) 102700 Creates 0Errors Errors Failures 0Bad Header 30 No route 0 ReassemblyProto Unkn 721 Success 0Bad Address 0 Requests 0Timeouts 30Discards 0 Discards 0 Failures 0ICMP:Packets 0 Packets 1769Errors 0 Errors 0Dest Unreach 0 Dest Unreach 1738Time Exceeded 0 Time Exceeded 30Parameter Err 0 Parameter Err 0Source Quench 0 Source Quench 0Redirect 0 Redirect 1Echo 0 Echo 0Echo Reply 0 Echo Reply 0Timestamp 0 Timestamp 0Tstamp Reply 0 Tstamp Reply 0Addr Mask 0 Addr Mask 0Amask Reply 0 Amask Reply 0UDP:Packets 5856 Packets 4088 No Ports 1Errors 0show ip rtcount Example
An example of the show ip rtcount command is given below.
vpn_5000: Main# show ip rtcountNumber of routes in IP Routing Table: 1008Related Commands
show l2tp
This command shows the L2TP configuration, tunnel status, and statistics for each card.
show l2tp {config | users | statistics | tunnels [verbose]}
Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show l2tp users Display
The show l2tp users display includes the following information:
show l2tp config Display
The show l2tp config display includes the following information:
show l2tp tunnels Display
The show l2tp tunnels display includes the following information:
Total Tunnels on all slots
The number of L2TP tunnels on all cards
L2TP Tunnel Information for slot n: Total tunnels and sessions
The number of L2TP tunnels and PPP sessions on the card
show l2tp tunnels verbose Display
The show l2tp tunnels verbose display includes the following information:
show l2tp statistics Display
The show l2tp statistics display includes the following information:
Examples
The following sections show an example for each command.
show l2tp config Example
vpn_5000: Main# show l2tp configL2TP Configured Parameters:Hello Interval: 60 secondsAuthenticate Tunnels: TRUEL2TP Default Password: NONEDo Hidden AVP's: FALSECall Session Authentication Type: CHAPReceive Window Size: 4L2TP System Parameters:Retransmission Interval: 5 secondsMaximum Retransmission Count: 5L2TP Tunnel PeersGeneric: cisco => Configuredtunnel1-lac: cisco => Configuredtunnel2-lac: cisco => Configuredtunnel3-lac: cisco => Configuredtunnel4-lac: cisco => Configuredtunnel5-lac: cisco => Configuredtunnel6-lac: cisco => Configuredtunnel7-lac: cisco => Configuredthis-lac: cisco => Dynamicshow l2tp users Example
vpn_5000: Main# show l2tp usersL2TP Call Session Summary for all ContextsNumber of open tunnels: 1Total call sessions in all tunnels: 1VPN up: 1LCP up: 1 AUTH up: 1 IPCP up: 1IOP slot 1:L2TP Call Session Summary for all ContextsNumber of open tunnels: 1Total call sessions in all tunnels: 199VPN up: 199LCP up: 199 AUTH up: 199 IPCP up: 199show l2tp tunnels Example
vpn_5000: Main# show l2tp tunnelsTotal tunnels on all slots: 2L2TP Tunnel Information for slot 0: Total tunnels 1 sessions 1IOP slot 1:L2TP Tunnel Information for slot 1: Total tunnels 1 sessions 199show l2tp tunnels verbose Example
vpn_5000: Main# show l2tp tunnels verboseTotal tunnels on all slots: 2Active L2TP Tunnels for all ContextsRemote Remote Tunnel ID's # Call Tunnel Remote Xmit UDPPeer Name Address Local Remote Sessions State Window Queue Portthis-lac 10.102.1.10 2 46570 1 EST 3000 0 1701L2TP Tunnel Information for slot 0: Total tunnels 1 sessions 1IOP slot 1:Active L2TP Tunnels for all ContextsRemote Remote Tunnel ID's # Call Tunnel Remote Xmit UDPPeer Name Address Local Remote Sessions State Window Queue Porttunnel2-lac 10.102.1.10 8193 45621 199 EST 3000 0 1701L2TP Tunnel Information for slot 1: Total tunnels 1 sessions 199show l2tp statistics Example
vpn_5000: Main# show l2tp statisticsL2TP PACKET STATISTICS:L2TP Payload Packets:Payload Packets From Clients 0Payload Packets From Hosts 0PPP Negotiation Packets Received: 8PPP Negotiation Packets Sent: 11L2TP Control Packets Received:SCCRQ's: 1SCCCN's: 1StopCCN's: 0ICRQ's Received: 1ICCN's Received: 1CDN's Received: 0Hello's Received: 27ZLB's Received: 30Ctrl Pkt Seq# order: 0L2TP Control Packets Sent:SCCRP's: 1StopCCN's: 0ICRP's: 1CDN's: 0Hello's Sent: 30ZLB's Sent: 29Ctrl Pkts Retrans: 0Max Retransmit: 0IOP slot 1:L2TP PACKET STATISTICS:L2TP Payload Packets:Payload Packets From Clients 0Payload Packets From Hosts 0PPP Negotiation Packets Received: 1213PPP Negotiation Packets Sent: 1422L2TP Control Packets Received:SCCRQ's: 1SCCCN's: 1StopCCN's: 0ICRQ's Received: 200ICCN's Received: 200CDN's Received: 0Hello's Received: 0ZLB's Received: 2Ctrl Pkt Seq# order: 12L2TP Control Packets Sent:SCCRP's: 1StopCCN's: 0ICRP's: 200CDN's: 1Hello's Sent: 1ZLB's Sent: 213Ctrl Pkts Retrans: 0Max Retransmit: 0Related Command
show os
These commands show the concentrator's operating system parameters.
show os {processes | resevent | tcp |
memory [verbose] |
dump address [nbytes] |
netif [if_number] [verbose]}Syntax Description
Related Commands
show ospf
The show ospf commands display extensive information about the OSPF database, configuration, and dynamic memory usage.
show ospf {rtrid | config | stats | mem | nbr | rt | all | if [verbose] |
db [all | rtr | net | sum | ext]}Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show ospf config Display
The show ospf config command displays configured settings for each interface, including the IP address of the interface, the area the interface is assigned to, and whether the interface is an active or passive OSPF interface. The display also includes any configured settings for OSPF virtual links, the Area ID and any net ranges set for the area and the routing protocol redistribution settings.
show ospf stats Display
The show ospf stats command shows how many of each of the five types of OSPF packets have been received and sent: Hello, Database Description, Link State Request, Link State Update, and Link State Acknowledgment. Discarded packets are not errors; an example of a discarded packet would be a multicast for Designated Routers when this router is not the Designated Router or Backup Designated Router. If "Packet errors" is nonzero, a detailed breakdown of each type of packet error appear.
show ospf if Display
The show ospf if display includes:
show ospf nbr Display
The show ospf nbr display includes:
Examples
The following sections show an example for each command.
show ospf rtrid Example
Following is sample output from a show ospf rtrid command.
vpn_5000: Main# show ospf rtridOSPF Router ID for this router is 198.41.11.202show ospf config Example
Following is sample output from a show ospf config command.
vpn_5000: Main# show ospf configOSPF PER-INTERFACE CONFIGURATIONIP Ethernet Intface 198.41.11.201 assign to area 0.0.0.0Interface is ActiveInterface Cost = 10, Router Priority = 1Hello Interval = 10, Router Dead Interval = 40Transit Delay = 1, Retransmit Interval = 5IP Ethernet Interface 74.0.0.1 assigned to area 0.0.0.0Interface is ActiveInterface Cost = 10, Router Priority = 1Hello Interval = 10, Router Dead Interval = 40Transit Delay = 1, Retransmit Interval = 5IP Ethernet Interface 73.0.0.1 assigned to area 0.0.0.0Interface is ActiveInterface Cost = 10, Router Priority = 1Hello Interval = 10, Router Dead Interval = 40Transit Delay = 1, Retransmit Interval = 5IP Ethernet Interface 77.0.0.1 assigned to area 0.0.0.0Interface is ActiveInterface Cost = 10, Router Priority = 1Hello Interval = 10, Router Dead Interval = 40Transit Delay = 1, Retransmit Interval = 5OSPF VIRTUAL LINK CONFIGURATIONNoneOSPF AREA CONFIGURATIONArea ID: 0.0.0.0Net Ranges defined for this area:NoneROUTING PROTOCOL REDISTRIBUTIONRedistribute RIP routes into OSPF is disabledRedistribute BGP routes into OSPF is disabledRedistribute OSPF routes into RIP is disabledshow ospf mem Example
Following is sample output from a show ospf mem command.
vpn_5000: Main# show ospf mem------------------------------------------------------------OSPF DATABASE STATIC MEMORY USAGE: 36882 bytesOSPF DATABASE DYNAMIC MEMORY USAGEMemory Block Allocs Deallocs In Use Size Total------------------------------------------------------------ospf_intf 2 0 2 874 1748ospf_nbr 4 0 4 118 472ospf_nbr_node 4 0 4 20 80ospf_nh_block 4 0 4 20 80ospf_lsdb 419 323 96 74 7104ospf_rtr_lsa 178 173 5 var 216ospf_stub_lsa 2 0 2 24 48ospf_net_lsa 36 35 1 var 44ospf_sum_lsa 350 340 10 28 280ospf_ase_lsa 3027 2949 78 36 2808ospf_route 6 4 2 46 92ospf_netrange 0 0 0 28 0ospf_rtinfo 82 2 30 80 2400ospf_dbsum 6 6 0 12 0ospf_hdr 6 6 0 1422 0ospf_ack_hdrq 156 156 0 28 0ospf_ack_intf 3503 3503 0 28 0ospf_nbrlist 70 70 0 12 0ospf_lsreq 94 94 0 24 0ospf_lsdblist 3660 3660 0 16 0------------------------------------------------------------Total In Use 15130------------------------------------------------------------show ospf stats Example
Following is sample output from a show ospf stats command.
vpn_5000: Main# show ospf statsOSPF Packet StatisticsReceived SentHello Packets: 29371 5880Database Description Packets: 13 16Link State Request Packets: 0 9Link State Update Packets: 327 34LS Acknowledgment Packets: 275 279Total Packets: 30811 6218Packets discarded: 825Packet errors: 0In the example below, the router is reporting a Hello timer interval mismatch with one of the routers on the network, which will cause the two routers to be unable to establish an adjacency.
OSPF Packet StatisticsReceived SentHello Packets: 26 19Database Description Packets: 11 11Link State Request Packets: 1 4Link State Update Packets: 17 4LS Acknowledgment Packets: 6 10Total Packets: 63 48Packets discarded: 0Packet errors: 2Hello timer mismatch: 2show ospf if Example
Following is sample output from a show ospf if command.
vpn_5000: Main# show ospf ifOSPF IP InterfacesInterface Ether0 is ActiveCost: 5 State: NOT DR OR BDR Type: BROADCASTPriority: 1Designated Router: 198.41.11.205Backup Designated Router: 198.41.11.204Timers: Hello: 10 Dead: 40 Retrans: 5Neighbors:Down 0 Att 0 Init 0 2Way 3 ExStart 0 Exch 0 Loading 0 Full 2Interface Ether1 is ActiveCost: 5 State: NOT DR OR BDR Type: BROADCASTPriority: 1Designated Router: 198.41.11.17Backup Designated Router: 198.41.11.6Timers: Hello: 10 Dead: 40 Retrans: 5Neighbors:Down 0 Att 0 Init 0 2Way 0 ExStart 0 Exch 0 Loading 0 Full 2show ospf nbr Example
Following is sample output from a show ospf nbr command.
vpn_5000: Main# show ospf nbr-----------------------------------------------------------------OSPF Neighbors=================================================================Ether0 RtrID: 198.41.11.200 Addr: 198.41.11.200 State: 2WAYEther0 RtrID: 198.41.11.202 Addr: 198.41.11.202 State: 2WAYEther0 RtrID: 198.41.11.203 Addr: 198.41.11.203 State: 2WAYEther0 RtrID: 198.41.11.204 Addr: 198.41.11.204 State: FULLEther0 RtrID: 198.41.11.205 Addr: 198.41.11.205 State: FULLEther1 RtrID: 198.41.11.6 Addr: 198.41.11.6 State: FULLEther1 RtrID: 198.41.11.17 Addr: 198.41.11.17 State: FULL-----------------------------------------------------------------show ospf rt Example
Following is sample output from a show ospf rt command.
vpn_5000: Main# show ospf rtAREA 0:AS Border Routes:NoneArea Border Routes:78.0.0.1 Area 0 Cost 10 AdvRouter 78.0.0.1Nexthop: 75.0.0.5 Interface: 75.0.0.276.0.0.2 Area 0 Cost 10 AdvRouter 76.0.0.2Nexthop: 75.0.0.3 Interface: 75.0.0.275.0.0.2 Area 0 Cost 0 AdvRouter 75.0.0.2AREA 2:AS Border Routes:NoneArea Border Routes:75.0.0.2 Area 2 Cost 0 AdvRouter 75.0.0.2SUMMARY AS Border Routes:Noneshow ospf db Example
Following is sample output from a show ospf db command.
vpn_5000: Main# show ospf dbOSPF Router, Net and Summary Databases:Area 10:STUB AdvRtr: 198.41.11.202 Len: 24 Age: 3600 Seq: 00000000Router: 198.41.11.192 Mask: 255.255.255.240 Network: 198.41.11.192STUB AdvRtr: 198.41.11.202 Len: 24 Age: 2084 Seq: 00000000Router: 79.0.0.0 Mask: 255.0.0.0 Network: 79.0.0.0RTR AdvRtr: 198.41.11.193 Len: 36 Age: 1199 Seq: 80000d6bRouterID: 198.41.11.193 Area Border: On AS Border: OffConnect Type: TRANS NET Cost: 10DR: 198.41.11.193 Address: 198.41.11.193Nexthops(1):198.41.11.193 Interface: 198.41.11.202RTR AdvRtr: 198.41.11.194 Len: 36 Age: 393 Seq: 8000063fRouterID: 198.41.11.194 Area Border: Off AS Border: OffConnect Type: TRANS NET Cost: 10DR: 198.41.11.193 Address: 198.41.11.194Nexthops(1):198.41.11.194 Interface: 198.41.11.202NET AdvRtr: 198.41.11.193 Len: 44 Age: 1200 Seq: 80000034Router: 198.41.11.193 Mask: 255.255.255.240 Network: 198.41.11.192Attached Router: 198.41.11.193Attached Router: 198.41.11.194Attached Router: 198.41.11.200Attached Router: 198.41.11.202Attached Router: 198.41.11.203Nexthops(1):198.41.11.193 Interface: 198.41.11.202SUM NET AdvRtr: 198.41.11.193 Len: 28 Age: 1486 Seq: 80000026Network: 192.168.40.0 Mask: 255.255.255.0 Cost: 20Nexthops(1):198.41.11.193 Interface: 198.41.11.202SUM NET AdvRtr: 198.41.11.193 Len: 28 Age: 1486 Seq: 80000026Network: 192.168.41.0 Mask: 255.255.255.0 Cost: 20Nexthops(1):198.41.11.193 Interface: 198.41.11.202SUM NET AdvRtr: 198.41.11.193 Len: 28 Age: 1486 Seq: 80000026Network: 192.168.42.0 Mask: 255.255.255.0 Cost: 20Nexthops(1):198.41.11.193 Interface: 198.41.11.202Related Commands
show ppp
The show ppp commands display PPP-specific information about the WAN interfaces.
show ppp {lcp [status] | quality [status] | auth | compression | statistics}
Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show ppp lcp Display
The show ppp lcp display includes:
show ppp quality Display
The show ppp quality display includes:
show ppp auth Display
The first portion of the show ppp auth output displays information specific to each of the WAN interfaces. For more information on how to set these parameters see the PPP and Auth sections. The column headings are described below:
The second part of the output displays Authentication Database entries. This table is consulted if PAP or CHAP is set to Want or Both. These entries can be used for any or all of the interfaces.
show ppp compression Display
The show ppp compression display includes:
Port
The Port is Name of the WAN interface.
Compression
The current PPP compression algorithm is shown. Possible values are Off and Cisco Systems Sequenced Predictor.
show ppp statistics Display
The show ppp statistics display includes:
Examples
The following sections show an example for each command.
show ppp lcp Example
The output from show ppp lcp is shown below.
vpn_5000: Main# show ppp lcpWan 0:Want=5ac<ACCM,AUTH,MAGIC,PFC,ACFC,PAP>Allow=1a4<ACCM,MAGIC,PFC,ACFC>ACCM Mask=0<>show ppp quality Example
The show ppp quality output follows:
vpn_5000: Main# show ppp qualityPort Proto Interval ThresholdWan 0 OffWan 1 OffWan 2 ECHO OffWan 3 ECHO 11 21/ 30show ppp auth Example
The following is an example of the information displayed by show ppp auth.
vpn_5000: Main# show ppp authEnter Password:Port Proto Status Name PasswordWan 0 PAP OffCHAP OffWan 1 PAP Allow Mickey MouseCHAP Allow Donald DuckWan 2 PAP WantCHAP Want BettyWan 3 PAP Both Howdy DoodyCHAP Both Graendal One of the ForesakenAuthentication Database:Name Password Chat Script MaskBarney Rubble dial Fred 000fshow ppp compression Example
The following is an example of the information displayed by show ppp compression.
vpn_5000: Main# show ppp compressionPort CompressionWan 0 OffWan 1 OffWan 2 OffWan 3 Cisco Systems Sequenced Predictorshow ppp statistics Example
The following is an example of the information displayed by show ppp statistics.
vpn_5000: Main# show ppp statisticsStats Wan0in 25out 12691discard 0compressI 0compressO 0compressID 0compressOD 0Related Commands
Auth
Defines the PPP remote authentication database
PPP
Configures PPP parameters for an interface
show wan
Shows WAN port information
show radius
This command shows RADIUS settings and statistics.
show radius {config | statistics [domain | all]}
Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show radius config Display
The show radius config display includes the following information:
show radius statistics Display
The show radius statistics display includes the following information:
Examples
The following sections show an example for each command.
show radius config Example
The following example displays are for the show radius config command:
vpn_5000: Main# show radius configRADIUS State UDPAuthentication On 1645Accounting On 1646Secret 'Homer Simpson'Server IP address AttemptsPrimary 1.2.3.4 5Secondary 9.8.7.6 5show radius statistics Example
The following example displays are for the show radius statistics command:
vpn_5000: Main# show radius statisticsAuthentication xmit retry rcvPrimary 1 0 1Secondary 0 0 0Errors 0 0No Match 0Timeouts 0Holdq 0Accounting xmit retry rcvPrimary 3 0 3Secondary 0 0 0Errors 0 0No Match 0Timeouts 0Holdq 0Users Name Session ID SecsWan0 InactiveWan1 InactiveWan2 Wilber 01234567-00000001 138Wan3 InactiveRelated Commands
Radius
Configures the concentrator for communication with a RADIUS server for user authentication
VPN Users
Creates a user list for VPN authentication
show reload
Displays the schedule for the last reload command you entered.
Related Command
show routing
This command is an alternative way to obtain routing table information for IP.
show routing ip [dynamic | static | default]
Syntax Description
Related Command
show securid
Shows information about SecurID servers.
show securid {secrets | statistics}
Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show securid secrets Display
The show securid secrets display includes the following information:
show securid statistics Display
The show securid statistics display includes the following information:
Examples
The following sections show an example for each command.
show securid secrets Example
The following example displays are for the show securid secrets command:
vpn_5000: Main# show securid secretsSecurID node secrets are stored for the following:Server Address Source Address192.168.10.102 192.168.10.65show securid statistics Example
The following example displays are for the show securid statistics command:
vpn_5000: Main# show securid statisticsSecurID StatisticsTotal Packets In 0Bad Packets In 0Packets Out 0Access Granted 0Access Denied 0Next Code Required 0New PIN Required 0Server Timeouts 0Related Commands
SecurID
Configures the concentrator for communication with a SecurID server for user authentication
reset securid secret
Resets SecurID secret
show statistics
All of the show statistics commands in this section (except for show statistics tcp) are alternative ways to obtain statistics information for each of the options.
show statistics {l2tp | ike | ethernet | memory | ip | tcp | ppp | radius | vpn | frelay [wan slot:0[subinterface]] [DLCI]}
Syntax Description
Related Commands
show system
The show system commands display system-related parameters, status, and statistics. Much of the information displayed by these commands is also displayed by the show version command.
show system {hardware | info | uptime |
ethernet {addresses | statistics} |
log {config | buffer [delta] [lines]}}Syntax Description
Related Commands
Time Server
Configures the concentrator for communication with a time server
show version
Shows general device information
show version
The show version command combines the output of many show system commands and displays it along with additional information.
show version [verbose]
Syntax Description
verbose
Displays additional information about the concentrator, including system administration information and log configuration information.
Usage Guidelines
The following information is displayed for show version:
The following additional information is displayed for the verbose option:
Terminal settings
Settings from the see the Command Line section.
Time Servers
Protocol and IP addresses of time servers. See the Time Server section.
System Time
Current time obtained from a time server or set using the sys clock command. If no time is set, the time is the amount elapsed since startup.
Device Name
Device name set in the General section.
Logging: Runtime1 and Configured
Shows the runtime and configuration parameters to enable logging.
Level: Runtime1 and Configured
Shows the runtime and configuration parameters for the logging level.
AuxPort: Runtime1 and Configured
Shows the runtime and configuration parameters for sending logging messages to the console.
Syslog: Runtime1 and Configured
Shows the runtime and configuration parameters for sending logging messages to a syslog facility.
Ports: Runtime1 and Configured
Shows the runtime and configuration parameters for ports on which logging is disabled.
Compile flags
Shows the compile flags to build the software.
Note
USONLY
1 See the set system log command to set runtime logging parameters.
Example
The typical output of the show version verbose command:
vpn_5000: Main# show version verbosevpn_5000 - System StatusSoftware Version: VPN 5002/8 Concentrator V6.0.19.0009 (dalecki) USSW Build Date: 9/25/01 13:23Hardware Revision: 4BootBlock Version: V2.13Memory: 4096K Flash ROM, 128K CFG Flash, 262144K RAMLast Configuration Date: noneConfiguration File: noneConfiguration: Running saved config, buffer unmodifiedEthernet 0:00 Address: 00:04:c1:3f:08:b0Ethernet 1:00 Address: 00:04:c1:3f:08:50Up Time: 10 days 23 hours 43 minutes 2 secsTerminal settings: 80x24, Erase <BS>, Non-Enhanced Parser, More OffTime Servers: TIMED [192.168.0.3] [0.0.0.0] (0 adj)System Time: 10/15/01 15:43:47Device Name: vpn_5000Runtime ConfiguredLogging On OffLevel Debug (7) Emergency (0)AuxPort On OffSyslog Off OffPortsEther 0 1 0 1WAN None NoneCompile flags: VROUTE USONLYvpn_5000: Main#Related Commands
show vpn
The show vpn commands display information about the configured and runtime VPN parameters.
show vpn {statistics [verbose] |
config [vpn [slot:]number] |
runtime [vpn [slot:]number] |
users [verbose] [orphans] [group=name | user=name] |
partners [verbose] [orphans]}Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show vpn config Display
The show vpn config display includes the following information. For modular models, the display includes a section for each module slot.
Note
show vpn users Display
The show vpn users display includes the following information. For modular models, the display includes a section for each module slot.
The verbose mode also includes the following information:
show vpn partners Display
The show vpn partners display includes the following information. For modular models, the display includes a section for each module slot.
The verbose mode also includes the following information:
show vpn statistics Display
The show vpn statistics display includes the following information for Users, Partners, and the Total for both. For modular models, the display includes a section for each module slot.
For verbose mode, the display includes ISAKMP negotiation statistics, and the following active connection statistics:
Examples
The following sections show an example for each command.
show vpn users Example
The following example displays are for the show vpn users command:
vpn_5000: Main# show vpn usersI/F User Group Client Local ConnectAddress Address Time----------------------------------------------------------------------------61 marin bikes 10.16.0.3 10.16.224.1 00:21:23:2962 dynastar skis 10.38.16.18 10.16.240.2 00:21:22:4563 tua skis 10.38.16.18 10.16.240.4 00:21:13:1264 mercian bikes 10.38.16.18 10.16.224.3 00:17:25:29IOP slot 1:I/F User Group Client Local ConnectAddress Address Time----------------------------------------------------------------------------61 dynastar skis 10.38.16.18 10.16.240.1 00:21:22:4562 tua skis 10.38.16.18 10.16.240.3 00:21:13:1363 mercian bikes 10.38.16.18 10.16.224.2 00:17:25:3064 mercian bikes 10.38.16.18 10.16.224.4 00:17:25:29vpn_5000: Main# show vpn users verbose group = bikesI/F User Group Client Local ConnectAddress Address Time----------------------------------------------------------------------------61 marin bikes 10.16.0.3 10.16.224.1 00:21:20:51Auth/Encrypt:SHAe/DES Port:32769 Ipx:0 User Auth: Shared KeyStart:5/16/2000-13:38:44 Managed:5/17/2000-10:58:44 State:imnt_maintenance64 mercian bikes 10.38.16.18 10.16.224.3 00:17:22:51Auth/Encrypt:SHAe/DES Port:1110 Ipx:0 User Auth: Shared KeyStart:5/16/2000-17:36:44 Managed:5/17/2000-10:56:44 State:imnt_maintenanceIOP slot 1:I/F User Group Client Local ConnectAddress Address Time----------------------------------------------------------------------------63 mercian bikes 10.38.16.18 10.16.224.2 00:17:22:52Auth/Encrypt:SHAe/DES Port:1109 Ipx:0 User Auth: Shared KeyStart:5/16/2000-17:36:43 Managed:5/17/2000-10:56:43 State:imnt_maintenance64 mercian bikes 10.38.16.18 10.16.224.4 00:17:22:51Auth/Encrypt:SHAe/DES Port:1111 Ipx:0 User Auth: Shared KeyStart:5/16/2000-17:36:44 Managed:5/17/2000-10:56:44 State:imnt_maintenance++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++show vpn partners verbose Example
The following example displays are for the show vpn partners verbose command:
vpn_5000: Main# show vpn partners verbosePort Partner Partner Default Bindto ConnectNumber Address Port Partner Address Time--------------------------------------------------------------------------VPN 0:101 10.7.39.1 0 No 10.7.50.1 00:00:05:03ISAKMP P1 SA Auth/Enc/Group:Off/None/None Lifetime: (n/a)Start:6/20/2001-16:01:08 Managed:8/21/1945-6:15:58 State:Tunnels:Type:GRE Port:VPN0 State:IPSTS_UPACL:0.0.0.0/0.0.0.0/0->0.0.0.0/0.0.0.0/0 proto 0IPSec P2 SAs Auth/Encrypt:None/None User Auth:Shared KeyRecv SA SPI:0x0Send SA SPI:0x0VPN 0:200 10.7.50.1 500 No 10.7.39.1 00:00:05:46ISAKMP P1 SA Auth/Enc/Group:SHA/DES/G2 Lifetime: (n/a)Start:6/20/2001-16:01:12 Managed:6/20/2001-16:01:09 State:imnt_maintenanceTunnels:Type:IPSec Port:VPN0 State:IPSTS_UPACL:0.0.0.0/0.0.0.0/0->0.0.0.0/0.0.0.0/0 proto 0IPSec P2 SAs Auth/Encrypt:SHAe/3DES User Auth:Shared KeyRecv SA SPI:0x102 Lifetime: (1033/1380 sec) (1/4096 KB)Send SA SPI:0x102 Lifetime: (1033/1380 sec) (0/4096 KB)VPN 0:99 10.7.11.11 500 No 10.7.39.1 00:00:02:11ISAKMP P1 SA Auth/Enc/Group:SHA/3DES/G2 Lifetime: (n/a)Start:6/20/2001-16:04:47 Managed:6/20/2001-16:04:46 State:imnt_maintenanceTunnels:Type:GREinIPSec Port:VPN1 State:IPSTS_UPACL:10.7.39.1/255.255.255.255/0->10.7.11.11/255.255.255.255/0 proto 47IPSec P2 SAs Auth/Encrypt:SHAe/3DES User Auth:Shared KeyRecv SA SPI:0x104 Lifetime: (86277/86400 sec) (0/4608000 KB)Send SA SPI:0x12A30C34 Lifetime: (86277/86400 sec) (0/4608000 KB)Type:GREinIPSec Port:VPN1 State:IPSTS_UPACL:10.7.39.1/255.255.255.255/0->10.7.11.11/255.255.255.255/0 proto 47IPSec P2 SAs Auth/Encrypt:SHAe/3DES User Auth:Shared KeyRecv SA SPI:0x103 Lifetime: (86267/86400 sec) (0/4608000 KB)Send SA SPI:0xA3F0522 Lifetime: (86267/86400 sec) (0/4608000 KB)VPN 0:200 10.7.39.1 500 No 10.7.50.1 00:00:05:00ISAKMP P1 SA Auth/Enc/Group:SHA/DES/G2 Lifetime: (n/a)Start:6/20/2001-16:01:12 Managed:6/20/2001-16:01:10 State:imnt_maintenanceTunnels:Type:IPSec Port:VPN1 State:IPSTS_UPACL:0.0.0.0/0.0.0.0/0->0.0.0.0/0.0.0.0/0 proto 0IPSec P2 SAs Auth/Encrypt:SHAe/3DES User Auth:Shared KeyRecv SA SPI:0x102 Lifetime: (1079/1380 sec) (0/4096 KB)Send SA SPI:0x102 Lifetime: (1079/1380 sec) (0/4096 KB)VPN 0:666 10.7.43.3 500 No 10.7.42.3 00:00:00:06ISAKMP P1 SA Auth/Enc/Group:MD5/DES/G1 Lifetime: (183/200 secs)Start:48 seconds Managed:37 seconds State:imnt_maintenanceTunnels:Type:Standard IPSec Port:VPN0 State:IPSTS_UPACL:11.7.0.0/255.255.0.0/0->11.7.43.0/255.255.255.0/0 proto 0IPSec P2 SAs Auth/Encrypt:MD5e/DES User Auth:Shared KeyRecv SA SPI:0x102 Lifetime: (192/200 sec) (0/536870912 KB)Send SA SPI:0x1CC70E73 Lifetime: (192/200 sec) (1/536870912 KB)show vpn statistics Example
The following example displays are for the show vpn statistics command:
vpn_5000: Main# show vpn statisticsCurrent In High Running Script Script ScriptActive Negot Water Total Starts OK Error--------------------------------------------------------------Users 4 0 4 4 4 0 0Partners 2 0 2 6 6 4 0Total 6 0 6 10 10 4 0IOP slot 1:Current In High Running Script Script ScriptActive Negot Water Total Starts OK Error--------------------------------------------------------------Users 4 0 4 4 4 0 0Partners 2 0 2 6 6 4 0Total 6 0 6 10 10 4 0vpn_5000: Main# show vpn statistics verboseCurrent In High Running Script Script ScriptActive Negot Water Total Starts OK Error--------------------------------------------------------------Users 0 0 0 0 0 0 0Partners 2 0 2 2 2 0 0Total 2 0 2 2 2 0 0Stats VPN1:0 VPN1:1Wrapped 0 0Unwrapped 1392 1392BadEncap 0 0BadAuth 0 0BadEncrypt 0 0rx IP 1392 1392rx IPX 0 0rx Other 0 0tx IP 0 0tx IPX 0 0tx Other 0 0IKE rekey 0 0Input VPN pkts dropped due to no SA: 2Input VPN pkts dropped due to no free queue entries: 0ISAKMP Negotiation statsAdmin packets in 2794Fastswitch packets in 2018No cookie found 0Can't insert cookie 0Inserted cookie 4Forwarded to RP 0Forwarded to IOP 0Bad UDP checksum 0Not fastswitched 0Bad negotiation packet 0show vpn runtime Example
The following is the output from a show vpn runtime command:
vpn_5000: Main# show vpn runtimeIface Tunnel BindTo Auth Encrypt UserPartner PortVPN0 192.168.22.33 Ether0 On None HaroldVPN1 10.123.234.98 Ether0 On Fixed MaudeVPN2 Waiting for Client ConnectionVPN3 Waiting for Client ConnectionVPN4 Waiting for Client ConnectionVPN5 Waiting for Client ConnectionVPN6 Waiting for Client ConnectionVPN7 Waiting for Client Connectionshow vpn config Example
The following is the output from the show vpn config command:
vpn_5000: Main# show vpn configIface ClientVPN0 192.168.22.33VPN1 10.123.234.98VPN2 Waiting for Client ConnectionVPN3 Waiting for Client ConnectionVPN4 Waiting for Client ConnectionVPN5 Waiting for Client ConnectionVPN6 Waiting for Client ConnectionVPN7 Waiting for Client ConnectionRelated Commands
VPN Group
Configures the VPN group parameters
VPN Users
Creates a user list for VPN authentication
show wan
Shows information about WAN connections.
show wan {config | state |
mode [Status] |
ds3 {config | statistics} |
hssi {config | statistics}}Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show wan state Display
The show wan state display includes the following information. The first block of statistics displays the current state of each interface by protocol. Except for Connect, each protocol will have a value of Up, Down, Nego (for negotiating), or "-" for not applicable.
The second set of statistics displays the connection information about each interface. The values are explained in the show wan connect statistics.
show wan ds3 statistics Display
The show wan ds3 statistics display includes the following information:
show wan hssi statistics Display
The show wan hssi statistics display includes the following information:
Examples
The following sections show an example for each command.
show wan config Example
The following example display is for the show wan config command:
vpn_5000: Main# show wan configWAN modes:Port ModeWAN0 Frame RelayWAN1 Frame RelayWAN2 PPPWAN3 PPPConnect Info:Port Mode Dial ConnectOut Callback FlagsDelay Retry Inactivity ChatWAN 0 Dedctd - - - rt=8000<Out>0 0 n/a 0WAN 1 Dedctd - - - rt=8000<Out>0 0 n/a 0WAN 2 Dedctd - - - rt=28000<Out,DIOK>0 0 n/a 0WAN 3 Dedctd - - - rt=28000<Out,DIOK>0 0 n/a 0Serial Info:Port Type TX Clk Baud Rate Fcntl FlagsWAN 0 Sync Ext n/a n/a =0<>WAN 1 Sync Ext n/a n/a =0<>WAN 2 Async n/a 115200 HW =1<DIOK>WAN 3 Async n/a 115200 HW =1<DIOK>AUX 0 Async n/a 9600 None =0<>PPP Lcp Info:WAN 0 OffWAN 1 OffWAN 2:Want=1a4<ACCM,MAGIC,PFC,ACFC>Allow=1a4<ACCM,MAGIC,PFC,ACFC>ACCM Mask=0<>WAN 3:Want=1a4<ACCM,MAGIC,PFC,ACFC>Allow=1a4<ACCM,MAGIC,PFC,ACFC>ACCM Mask=0<>PPP Data Compression:Port CompressionWAN 0 OffWAN 1 OffWAN 2 OffWAN 3 Predictor1Frame Relay Maintenance Info:Port Maint Poll MTUWAN0 annexD 5 1500WAN1 LMI 10 1500WAN2 OffWAN3 OffFrame Relay DLCI Info:Port WAN 0 DLCI ConfigurationDLCI IP AppleTalk IPX20 IARP IARP IARPPort WAN 1 DLCI ConfigurationDLCI IP AppleTalk IPX16 200.30.9.1 IARP IARPPort WAN 2 DLCI ConfigurationOffPort WAN 3 DLCI ConfigurationOffshow wan connect config Example
The following example display is for the show wan connect config command:
vpn_5000: Main# show wan connect configPort Mode Dial ConnectOut Callback FlagsDelay Retry Inactivity ChatWAN 0 Always V25bs coop - rt=48002<DCD,Out,DOOK>2 5 n/a 30WAN 1 Dedctd - - - rt=8000<Out>15 5 n/a 30WAN 2 Dialup AT - - rt=20000<DIOK>15 5 10 30WAN 3 Always AT netcom - rt=48002<DCD,Out,DOOK>15 5 n/a 60show wan connect statistics Example
The following example display is for the show wan connect statistics command:
vpn_5000: Main# show wan connect statisticsStats Wan0 Wan1 Wan2 Wan3inact 0:00 0:00 0:00 0:00cur cnnt 0:00:00:02 0:00:00:08 0:00:00:03 0:00:00:05avg cnnt 0:00:00:17 0:00:00:32 0:00:00:39 0:00:00:39tot cnnt 0:01:08:28 0:01:08:27 0:01:12:05 0:01:12:05dial try 229 125 109 109dial out 229 125 109 109dial in 0 0 0 0show wan serial config Example
The following example display is for the show wan serial config command:
vpn_5000: Main# show wan serial configPort Type TX Clk Baud Rate Fcntl FlagsWAN 0 Sync Ext n/a n/a =2<DOOK>WAN 1 Sync Int 1544000 n/a =8<IntTxClk>WAN 2 Async n/a 115200 HW =1<DIOK>WAN 3 Async n/a 57600 HW =2<DOOK>AUX 0 Async n/a 9600 None =0<>show wan serial statistics Example
The following example display is for the show wan serial statistics command:
vpn_5000: Main# show wan serial statisticsStats Wan0 Wan1 Wan2 Wan3in pkts 3446870 0 2050 55920out pkts 3849662 21701 2881 2910tot disc 0 0 5095 0crc 0 0 5095 0overruns 0 0 0 0framing 0 0 0 0oversize 0 0 0 0abort 0 0 9 0break 0 0 0 0PPP flag 0 0 9701 46306sw fc in 0 0 0 0unalign 0 0 0 0fr2long 0 0 0 0rx_busy 0 0 0 0tx_gltch 0 0 0 0rx_gltch 0 0 0 0underrun 0 0 0 0cts_lost 0 0 0 0cd_lost 0 0 0 0sp_int 0 0 0 0nullptr 0 0 0 0noIbuf 0 0 0 0unknown 0 0 0 0show wan mode Example
The following example display is for the show wan mode command:
vpn_5000: Main# show wan modePort ModeWAN0 Frame RelayWAN1 Frame RelayWAN2 PPPWAN3 PPPshow wan state Example
The following example display is for the show wan state command:
vpn_5000: Main# show wan stateState Wan0 Wan1 Wan2 Wan3Connect Cnnt Cnnt Cnnt CnntFRmaint Up Up - -PPP - - Nego UpIP - - Down UpIPX - - Down UpAtalk - - Down UpDECnet - - Down DownStats Wan0 Wan1 Wan2 Wan3inact 0:11 0:11 0:11 0:11cur cnnt 0:00:00:16 0:00:00:10 0:00:00:33 0:00:00:35avg cnnt 0:00:00:18 0:00:00:32 0:00:00:39 0:00:00:39tot cnnt 0:01:06:18 0:01:06:17 0:01:09:55 0:01:09:55dial try 221 121 105 105dial out 221 121 105 105dial in 0 0 0 0show wan ds3 config Example
The following example display is for the show ds3 config command:
vpn_5000: Main# show wan d33 configDS3 0Line State UpDATA Invert OffDS3 Subrate 44.210 MbsCRC Length 32 bitClocking InternalLine Build Out Shortshow wan ds3 statistics Example
The following example display is for the show ds3 statistics command:
vpn_5000: Main# show wan ds3 statisticsStatistic Type DS3 0Packets In 308315Packets Out 309232Tx discards 0heldoff 0Code Violations 0Pulse Density Lo 0CRC errors 0RX Overflows 0Frame len errors 0RX Aborts 0TX underflow 0TX len errors 0TX Aborts sent 0RX Busy 0RX FIFO full 0TX FIFO full 0DS3 EF SA 0DS3 LOS 0DS3 OOF 0DS3 AIS Rcvd 0DS3 IDLE Rcvd 0DS3 EF NSA 0DS3 CEF 0DS3 LOOPA 0DS3 LOOPD 0DS3 Line Loop 0DS3 Norm Op 0Spurious Int 0show wan hssi config Example
The following example display is for the show hssi config command:
vpn_5000: Main# show wan hssi configHSSI 0Local loop OffCSU/DSU loop OffCRC Length 32 bitClocking ExternalCA (CSU ready) OnClock Present Yesshow wan hssi statistics Example
The following example display is for the show hssi statistics command:
vpn_5000: Main# show wan hssi statisticsStatistic Type HSSI 0Packets In 25622Packets Out 21531Tx discards 0Tx Heldoff 0Rx discards 0PCI Bus Error 0Transmit Error 0Tx Too Long 0Deferred 0Receive Error 0Rx Overflow 0Length Error 0Desc Len Err 0Illegal Length 0CRC Error 0Related Commands
