show nac-policy through show ospf virtual-links Commands
show nac-policy
To show the NAC policy usage statistics and the assignment of NAC policies to group policies, use the show nac-policy command in privileged EXEC mode.
show nac-policy [ nac-policy-name ]
Syntax Description
nac-policy-name |
(Optional) Name of the NAC policy for which to display usage statistics. |
Defaults
If you do not specify a name, the CLI lists all NAC policy names along with their respective statistics.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
8.0(2) |
This command was added. |
Examples
The following example shows the data for the NAC policies named framework1 and framework2:
ciscoasa(config)# show nac-policy
nac-policy framework1 nac-framework
applied session count = 0
applied group-policy count = 2
group-policy list: GroupPolicy2 GroupPolicy1
nac-policy framework2 nac-framework is not in use.
The first line of each NAC policy indicates its name and type (nac-framework). The CLI shows the text “is not in use” next to the policy type if the policy is not assigned to any group policies. Otherwise, the CLI displays the usage data for the group policy. Table 10-1 explains the fields in the show nac-policy command.
Table 10-1 show nac-policy Command Fields
|
|
applied session count |
Cumulative number of VPN sessions to which this ASA applied the NAC policy. |
applied group-policy count |
Cumulative number of group polices to which this ASA applied the NAC policy. |
group-policy list |
List of group policies to which this NAC policy is assigned. In this case, the usage of a group policy does not determine whether it appears in this list; if the NAC policy is assigned to a group policy in the running configuration, then the group policy appears in this list. |
Related Commands
clear nac-policy |
Resets the NAC policy usage statistics. |
show vpn-session.db |
Displays information about VPN sessions, including NAC results. |
show vpn-session_summary.db |
Displays the number IPSec, Cisco WebVPN, and NAC sessions. |
show nameif
To view the interface name set using the nameif command, use the show nameif command in privileged EXEC mode.
show nameif [ physical_interface [. subinterface ] | mapped_name | zone ]
Syntax Description
mapped_name |
(Optional) In multiple context mode, identifies the mapped name if it was assigned using the allocate-interface command. |
physical_interface |
(Optional) Identifies the interface ID, such as gigabit ethernet0/1. See the interface command for accepted values. |
subinterface |
(Optional) Identifies an integer between 1 and 4294967293 designating a logical subinterface. |
zone |
(Optional) Shows the zone names. |
Defaults
If you do not specify an interface, the ASA shows all interface names.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.3(2) |
The zone keyword was added. |
Usage Guidelines
In multiple context mode, if you mapped the interface ID in the allocate-interface command, you can only specify the mapped name in a context. The output for this command shows only the mapped name in the Interface column.
Examples
The following is sample output from the show nameif command:
GigabitEthernet0/0 outside 0
GigabitEthernet0/1 inside 100
GigabitEthernet0/2 test2 50
See the following output for the show nameif zone command:
ciscoasa# show nameif zone
Interface Name zone-name Security
GigabitEthernet0/0 inside-1 inside-zone 100
GigabitEthernet0/1.21 inside inside-zone 100
GigabitEthernet0/1.31 4 0
GigabitEthernet0/2 outside outside-zone 0
Related Commands
|
|
allocate-interface |
Assigns interfaces and subinterfaces to a security context. |
interface |
Configures an interface and enters interface configuration mode. |
nameif |
Sets the interface name. |
show interface ip brief |
Shows the interface IP address and status. |
show nat
To display statistics of NAT policies, use the show nat command in privileged EXEC mode.
show nat [ interface name ] [ ip_ addr [ mask ] | { object | object-group } name ] [ translated [ interface name ] { ip_ addr [ mask ] | { object | object-group } name }] [ detail ]
Syntax Description
detail |
(Optional) Includes more verbose expansion of the object fields. |
interface name |
(Optional) Specifies the source interface. |
ip_addr [ mask ] |
(Optional) Specifies an IP address and subnet mask. |
object name |
(Optional) Specifies a network object or service object. |
object-group name |
(Optional) Specifies a network object group |
translated |
(Optional) Specifies the translated parameters. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
8.3(1) |
This command was added. |
9.0(1) |
Support for IPv6 traffic, as well as translations between IPv4 and IPv6 were added. |
Usage Guidelines
Use the show nat command to show runtime representation of the NAT policy. Use the detail optional keyword to expand the object and view the object values. Use the additional selector fields to limit the show nat command output.
Examples
The following is sample output from the show nat command:
Manual NAT Policies (Section 1)
1 (any) to (any) source dynamic S S' destination static D' D
translate_hits = 0, untranslate_hits = 0
Auto NAT Policies (Section 2)
1 (inside) to (outside) source dynamic A 2.2.2.2
translate_hits = 0, untranslate_hits = 0
Manual NAT Policies (Section 3)
1 (any) to (any) source dynamic C C' destination static B' B service R R'
translate_hits = 0, untranslate_hits = 0
ciscoasa# show nat detail
Manual NAT Policies (Section 1)
1 (any) to (any) source dynamic S S' destination static D' D
translate_hits = 0, untranslate_hits = 0
Source - Real: 1.1.1.2/32, Mapped: 2.2.2.3/32
Destination - Real: 10.10.10.0/24, Mapped: 20.20.20.0/24
Auto NAT Policies (Section 2)
1 (inside) to (outside) source dynamic A 2.2.2.2
translate_hits = 0, untranslate_hits = 0
Source - Real: 1.1.1.1/32, Mapped: 2.2.2.2/32
Manual NAT Policies (Section 3)
1 (any) to (any) source dynamic C C' destination static B' B service R R'
translate_hits = 0, untranslate_hits = 0
Source - Real: 11.11.11.10-11.11.11.11, Mapped: 192.168.10.10/32
Destination - Real: 192.168.1.0/24, Mapped: 10.75.1.0/24
Service - Real: tcp source eq 10 destination eq ftp-data, Mapped: tcp source eq
The following is sample output from the show nat detail command between IPv6 and IPv4:
ciscoasa# show nat detail
1 (in) to (outside) source dynamic inside_nw outside_map destination static inside_map any
translate_hits = 0, untranslate_hits = 0
Source - Origin: 2001::/96, Translated: 192.168.102.200-192.168.102.210
Destination - Origin: 2001::/96, Translated: 0.0.0.0/0
The following is sample output from the show nat divert ipv6 command:
ciscoasa# show nat divert ipv6
id=0xcb9ea518, domain=divert-route
type=static, hits=0, flags=0x21, protocol=0
src ip/id=2001::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0
dst ip/id=2001::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0
input_ifc=in, output_ifc=outside
id=0xcf24d4b8, domain=divert-route
type=static, hits=0, flags=0x20, protocol=0
src ip/id=::/::, port=0-0
dst ip/id=2222::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0
input_ifc=in, output_ifc=mgmt
Related Commands
|
|
clear nat counters |
Clears NAT policy counters. |
nat |
Identifies addresses on one interface that are translated to mapped addresses on another interface. |
show nat divert-table
To display statistics of NAT divert table, use the show nat divert-table command in privileged EXEC mode.
show nat divert-table [ ipv6 ] [ interface name ]
Syntax Description
ipv6 |
(Optional) Shows IPv6 entries in the divert table. |
interface name |
(Optional) Limits output to the specified source interface. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
8.4(2) |
This command was added. |
Usage Guidelines
Use the show nat divert-table command to show runtime representation of the NAT divert table. Use the ipv6 optional keyword to view the IPv6 entries in the divert table. Use the interface optional keyword to view the NAT divert table for the specific source interface.
Examples
The following is sample output from the show nat divert-table command:
ciscoasa# show nat divert-table
id=0xad1521b8, domain=twice-nat section=1 ignore=no
type=none, hits=0, flags=0x9, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0
dst ip/id=10.86.119.255, mask=255.255.255.255, port=0-0
input_ifc=outside, output_ifc=NP Identity Ifc
id=0xad1523a8, domain=twice-nat section=1 ignore=no
type=none, hits=0, flags=0x9, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0
dst ip/id=10.86.116.0, mask=255.255.255.255, port=0-0
input_ifc=outside, output_ifc=NP Identity Ifc
id=0xad1865c0, domain=twice-nat section=1 ignore=no
type=none, hits=0, flags=0x9, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0
dst ip/id=192.168.255.255, mask=255.255.255.255, port=0-0
input_ifc=amallio-wizard, output_ifc=NP Identity Ifc
id=0xad1867b0, domain=twice-nat section=1 ignore=no
type=none, hits=0, flags=0x9, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0
dst ip/id=192.168.0.0, mask=255.255.255.255, port=0-0
input_ifc=amallio-wizard, output_ifc=NP Identity Ifc
id=0xad257bf8, domain=twice-nat section=1 ignore=no
type=none, hits=0, flags=0x9, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0
dst ip/id=172.27.48.255, mask=255.255.255.255, port=0-0
input_ifc=folink, output_ifc=NP Identity Ifc
id=0xad257db8, domain=twice-nat section=1 ignore=no
type=none, hits=0, flags=0x9, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0
dst ip/id=172.27.48.0, mask=255.255.255.255, port=0-0
input_ifc=folink, output_ifc=NP Identity Ifc
The following is sample output from the show nat divert ipv6 command:
ciscoasa# show nat divert ipv6
id=0xcb9ea518, domain=divert-route
type=static, hits=0, flags=0x21, protocol=0
src ip/id=2001::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0
dst ip/id=2001::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0
input_ifc=in, output_ifc=outside
id=0xcf24d4b8, domain=divert-route
type=static, hits=0, flags=0x20, protocol=0
src ip/id=::/::, port=0-0
dst ip/id=2222::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0
input_ifc=in, output_ifc=mgmt
Related Commands
|
|
clear nat counters |
Clears NAT policy counters. |
nat |
Identifies addresses on one interface that are translated to mapped addresses on another interface. |
show nat |
Displays runtime representation of the NAT policies. |
show nat pool
To display statistics of NAT pool usage, use the show nat pool command in privileged EXEC mode.
show nat pool [ interface if_name [ ip address ] | ip address ] [ detail ]
show nat pool cluster [ summary | interface if_name [ ip address ] | ip address ]
Syntax Description
cluster [ summary ] |
(Optional) When ASA clustering is enabled, shows the current assignment of a PAT address to the owner unit and backup unit. (9.15+) Include the summary keyword to see the distribution of port blocks among the units in the cluster. |
interface if_name |
Limit the display to pools for the named interface. You can optionally include the ip keyword to futher limit the view. |
ip address |
Limit the display to the specified IP address from the PAT pool. |
detail |
Show information related to the usage and distribution of port blocks within a cluster. This keyword appears only if the unit is a cluster member. You cannot use it with the cluster keyword. |
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
8.3(1) |
This command was added. |
8.4(3) |
The output was modified to show the destination address for extended PAT. The PAT range was also modified depending on the use of the flat and include-reserve keywords. |
9.0(1) |
Support for IPv6 traffic and the cluster keyword to show the current assignment of a PAT address to the owner unit and backup unit were added. |
9.15(1) |
The following keywords were added: interface, ip, detail, summary. |
Usage Guidelines
A NAT pool is created for each mapped protocol/IP address/port range. (Pre-9.15) The port ranges are 1-511, 512-1023, and 1024-65535 by default. If you use the flat keyword for a PAT pool in the nat command, you will see fewer, larger ranges.
(9.15+) Starting with 9.15, the port range is flat by default, and you can optionally include the reserved ports, 1-1023, in the pool. For clustered systems, the PAT pool is distributed among the cluster members in blocks of 512 ports.
Each NAT pool exists for at least 10 minutes after the last usage. The 10 minute hold-down timer is canceled if you clear the translations with clear xlate.
Examples
The following is sample output for the NAT pools created by a dynamic PAT rule shown by the show running-config object network command.
ciscoasa(config)# show running-config object network
nat (pppoe2,inside) dynamic 10.76.11.25
TCP inside, address 10.76.11.25, range 1-511, allocated 0
TCP inside, address 10.76.11.25, range 512-1023, allocated 0
TCP inside, address 10.76.11.25, range 1024-65535, allocated 1
(Pre-9.15) The following is sample output from the show nat pool command showing use of the PAT pool flat option. Without the include-reserve keyword, two ranges are shown; the lower range is used when a source port below 1024 is mapped to the same port.
ICMP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1-1024, allocated 0
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1024-65535, allocated 2
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1-1024, allocated 0
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1024-65535, allocated 2
(Pre-9.15) The following is sample output from the show nat pool command showing use of the PAT pool flat include-reserve options.
ICMP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
(Pre-9.15) The following is sample output from the show nat pool command showing use of the PAT pool extended flat include-reserve options. The important items are the parenthetical addresses. These are the destination addresses used to extend PAT.
ICMP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0
ICMP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.99), range 1-65535, allocated 2
TCP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535, allocated 1
UDP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535, allocated 1
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0
ICMP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535, allocated 1
TCP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.99), range 1-65535, allocated 2
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0
(9.15+) The following example shows the distribution of port blocks (showing the port range), and their usage, in a cluster, including the unit that owns the block and the backup unit for the block.
ciscoasa# show nat pool cluster
IP outside_a:src_map_a 174.0.1.20
[1536 – 2047], owner A, backup B
[8192 – 8703], owner A, backup B
[4089 – 4600], owner B, backup A
[11243 – 11754], owner B, backup A
IP outside_a:src_map_a 174.0.1.21
[1536 – 2047], owner A, backup B
[8192 – 8703], owner A, backup B
[4089 – 4600], owner B, backup A
[11243 – 11754], owner B, backup A
IP outside_b:src_map_b 174.0.1.22
[6656 - 7167], owner A, backup B
[13312 - 13823], owner A, backup B
[20480 - 20991], owner B, backup A
[58368 - 58879], owner B, backup A
IP outside_b:src_map_b 174.0.1.23
[46592 - 47103], owner A, backup B
[52224 - 52735], owner A, backup B
[62976 - 63487], owner B, backup A
(9.15+) The following example shows a summary of pool assignments in a cluster.
ciscoasa# show nat pool cluster summary
port-blocks count display order: total, unit-A, unit-B, unit-C, unit-D
IP outside_a:src_map_a, 174.0.1.20 (128 - 32/32/32/32)
IP outside_a:src_map_a, 174.0.1.21 (128 - 36/32/32/28)
IP outside_b:src_map_b, 174.0.1.22 (128 - 31/32/32/33)
(9.15+) The following example shows detailed PAT pool usage for the pools in a cluster.
ciscoasa# show nat pool detail
TCP PAT pool outside_a, address 174.0.1.1
range 1536-2047, allocated 56
range 8192-8703, allocated 16
UDP PAT pool outside_a, address 174.0.1.1
range 1536-2047, allocated 12
range 8192-8703, allocated 25
TCP PAT pool outside_b, address 174.0.2.1
range 47104-47615, allocated 39
range 62464-62975, allocated 9
UDP PAT pool outside_b, address 174.0.2.1
range 47104-47615, allocated 35
range 62464-62975, allocated 27
(9.15+) The following example shows how to limit the view to a specific interface on a specific device.
ciscoasa# show nat pool interface outside_b ip 174.0.2.1
TCP PAT pool outside_b, address 174.0.2.1, range 1-511, allocated 0
TCP PAT pool outside_b, address 174.0.2.1, range 512-1023, allocated 12
TCP PAT pool outside_b, address 174.0.2.1, range 1024-65535, allocated 48
UDP PAT pool outside_b, address 174.0.2.1, range 1-511, allocated 6
UDP PAT pool outside_b, address 174.0.2.1, range 512-1023, allocated 8
UDP PAT pool outside_b, address 174.0.2.1, range 1024-65535, allocated 62
Related Commands
|
|
nat |
Identifies addresses on one interface that are translated to mapped addresses on another interface. |
show nat |
Displays NAT policy statistics. |
show nat proxy-arp
To display the NAT proxy ARP table, use the show nat proxy-arp command in privileged EXEC mode.
show nat proxy-arp [ ipv6 ] [ interface name ]
Syntax Description
ipv6 |
(Optional) Shows IPv6 entries in the proxy ARP table. |
interface name |
(Optional) Limits output to the specified source interface. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
8.4(2) |
This command was added. |
Usage Guidelines
Use the show nat proxy-arp command to show runtime representation of the NAT proxy ARP table. Use the ipv6 optional keyword to view the IPv6 entries in the proxy ARP table. Use the interface optional keyword to view the NAT proxy ARP table for the specific source interface.
Examples
The following is sample output from the show nat proxy-arp command:
ciscoasa# show nat proxy-arp
id=0x00007f5558bbbfc0, ip/id=10.10.1.134, mask=255.255.255.255 ifc=test2
config:(inside) to (test2) source dynamic inside_v6 outside_v4_pat destination
id=0x00007f5558bbbfc0, ip/id=10.10.1.135, mask=255.255.255.255 ifc=test2
config:(inside) to (test2) source dynamic inside_v6 outside_v4_pat destination
id=0x00007f55595ad2c0, ip/id=10.86.118.2, mask=255.255.255.255 ifc=inside
config:(inside) to (test2) source dynamic inside_v6 interface dns
id=0x00007f5559424e80, ip/id=10.100.10.1, mask=255.255.255.255 ifc=NP Identity Ifc
config:(any) to (any) source dynamic src_network pat-pool mapped-pat-pool
id=0x00007f5559424e80, ip/id=10.100.10.2, mask=255.255.255.255 ifc=NP Identity Ifc
config:(any) to (any) source dynamic src_network pat-pool mapped-pat-pool
id=0x00007f5544785700, ip/id=10.7.17.2, mask=255.255.255.254 ifc=NP Identity Ifc
config:(any) to (any) source static test2 10.3.3.0
id=0x00007f554c4ae740, ip/id=10.1.1.1, mask=255.255.255.255 ifc=NP Identity Ifc
Related Commands
|
|
clear nat counters |
Clears NAT policy counters. |
nat |
Identifies addresses on one interface that are translated to mapped addresses on another interface. |
show nat |
Displays runtime representation of the NAT policies. |
show ntp associations
To view NTP association information, use the show ntp associations command in user EXEC mode.
show ntp associations [ detail ]
Syntax Description
detail |
(Optional) Shows additional details about each association. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
Usage Guidelines
See the “Examples” section for a description of the display output.
Examples
The following is sample output from the show ntp associations command:
ciscoasa> show ntp associations
address ref clock st when poll reach delay offset disp
~172.31.32.2 172.31.32.1 5 29 1024 377 4.2 -8.59 1.6
+~192.168.13.33 192.168.1.111 3 69 128 377 4.1 3.48 2.3
*~192.168.13.57 192.168.1.111 3 32 128 377 7.9 11.18 3.6
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
Table 10-2 shows each field description.
Table 10-2 show ntp associations Fields
|
|
(leading characters in display lines) |
The first characters in a display line can be one or more of the following characters:
- * —Synchronized to this peer.
- # —Almost synchronized to this peer.
- + —Peer selected for possible synchronization.
- - —Peer is a candidate for selection.
- ~ —Peer is statically configured, but not synchronized.
|
address |
The address of the NTP peer. |
ref clock |
The address of the reference clock of the peer. |
st |
The stratum of the peer. |
when |
The time since the last NTP packet was received from the peer. |
poll |
The polling interval (in seconds). |
reach |
The peer reachability (as a bit string, in octal). |
delay |
The round-trip delay to the peer (in milliseconds). |
offset |
The relative time of the peer clock to the local clock (in milliseconds). |
disp |
The dispersion value. |
The following is sample output from the show ntp associations detail command:
ciscoasa> show ntp associations detail
172.23.56.249 configured, our_master, sane, valid, stratum 4
ref ID 172.23.56.225, time c0212639.2ecfc9e0 (20:19:05.182 UTC Fri Feb 22 2002)
our mode client, peer mode server, our poll intvl 128, peer poll intvl 128
root delay 38.04 msec, root disp 9.55, reach 177, sync dist 156.021
delay 4.47 msec, offset -0.2403 msec, dispersion 125.21
precision 2**19, version 3
org time c02128a9.731f127b (20:29:29.449 UTC Fri Feb 22 2002)
rcv time c02128a9.73c1954b (20:29:29.452 UTC Fri Feb 22 2002)
xmt time c02128a9.6b3f729e (20:29:29.418 UTC Fri Feb 22 2002)
filtdelay = 4.47 4.58 4.97 5.63 4.79 5.52 5.87 0.00
filtoffset = -0.24 -0.36 -0.37 0.30 -0.17 0.57 -0.74 0.00
filterror = 0.02 0.99 1.71 2.69 3.66 4.64 5.62 16000.0
Table 10-3 shows each field description.
Table 10-3 show ntp associations detail Fields
|
|
IP-address configured |
The server (peer) IP address. |
(status) |
- our_master—The ASA is synchronized to this peer.
- selected—Peer is selected for possible synchronization.
- candidate—Peer is a candidate for selection.
|
(sanity) |
- sane—The peer passes basic sanity checks.
- insane—The peer fails basic sanity checks.
|
(validity) |
- valid—The peer time is believed to be valid.
- invalid—The peer time is believed to be invalid.
- leap_add—The peer is signaling that a leap second will be added.
- leap-sub—The peer is signaling that a leap second will be subtracted.
|
stratum |
The stratum of the peer. |
(reference peer) |
unsynced—The peer is not synchronized to any other machine. ref ID—The address of the machine that the peer is synchronized to. |
time |
The last time stamp the peer received from its master. |
our mode client |
Our mode relative to the peer, which is always client. |
peer mode server |
The mode of the peer relative to the server. |
our poll intvl |
Our poll interval to the peer. |
peer poll intvl |
The peer poll interval to us. |
root delay |
The delay along the path to the root (ultimate stratum 1 time source). |
root disp |
The dispersion of the path to the root. |
reach |
The peer reachability (as a bit string in octal). |
sync dist |
The peer synchronization distance. |
delay |
The round-trip delay to the peer. |
offset |
The offset of the peer clock relative to our clock. |
dispersion |
The dispersion of the peer clock. |
precision |
The precision of the peer clock (in hertz). |
version |
The NTP version number that the peer is using. |
org time |
The originate time stamp. |
rcv time |
The receive time stamp. |
xmt time |
The transmit time stamp. |
filtdelay |
The round-trip delay (in milliseconds) of each sample. |
filtoffset |
The clock offset (in milliseconds) of each sample. |
filterror |
The approximate error of each sample. |
Related Commands
|
|
ntp authenticate |
Enables NTP authentication. |
ntp authentication-key |
Sets an encrypted authentication key to synchronize with an NTP server. |
ntp server |
Identifies an NTP server. |
ntp trusted-key |
Provides a key ID for the ASA to use in packets for authentication with an NTP server. |
show ntp status |
Shows the status of the NTP association. |
show ntp status
To show the status of each NTP association, use the show ntp status command in user EXEC mode.
show ntp status
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
Usage Guidelines
See the “Examples” section for a description of the display output.
Examples
The following is sample output from the show ntp status command:
ciscoasa> show ntp status
Clock is synchronized, stratum 5, reference is 172.23.56.249
nominal freq is 99.9984 Hz, actual freq is 100.0266 Hz, precision is 2**6
reference time is c02128a9.73c1954b (20:29:29.452 UTC Fri Feb 22 2002)
clock offset is -0.2403 msec, root delay is 42.51 msec
root dispersion is 135.01 msec, peer dispersion is 125.21 msec
Table 10-4 shows each field description.
Table 10-4 show ntp status Fields
|
|
Clock |
- synchronized—The ASA is synchronized to an NTP server.
- unsynchronized—The ASA is not synchronized to an NTP server.
|
stratum |
NTP stratum of this system. |
reference |
The address of the NTP server to which the ASA is synchronized. |
nominal freq |
The nominal frequency of the system hardware clock. |
actual freq |
The measured frequency of the system hardware clock. |
precision |
The precision of the clock of this system (in hertz). |
reference time |
The reference time stamp. |
clock offset |
The offset of the system clock to the synchronized peer. |
root delay |
The total delay along the path to the root clock. |
root dispersion |
The dispersion of the root path. |
peer dispersion |
The dispersion of the synchronized peer. |
Related Commands
|
|
ntp authenticate |
Enables NTP authentication. |
ntp authentication-key |
Sets an encrypted authentication key to synchronize with an NTP server. |
ntp server |
Identifies an NTP server. |
ntp trusted-key |
Provides a key ID for the ASA to use in packets for authentication with an NTP server. |
show ntp associations |
Shows the NTP servers with which the ASA is associated. |
show nve
To show the parameters, status and statistics of an NVE interface, use the show nve command in privileged EXEC mode.
show nve [ 1 ] [ summary ]
Syntax Description
1 |
(Optional) Specifies the NVE instance, which is always 1. |
summary |
(Optional) Only shows the status of the NVE interface, number of VNIs behind the NVE interface, and number of VTEPs discovered. |
Command Default
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
9.4(1) |
We added this command. |
Usage Guidelines
This command shows the parameters, status and statistics of a NVE interface, status of its carrier interface (source-interface), IP address of the carrier interface, VNIs that use this NVE as the VXLAN VTEP, and peer VTEP IP addresses associated with this NVE interface.
Examples
See the following output for the show nve 1 command:
ciscoasa(config-if)# show nve
nve 1, source-interface "inside" is up
IP address 15.1.2.1, subnet mask 255.255.255.0
Encapsulated traffic statistics:
6701004 packets input, 3196266002 bytes
6700897 packets output, 3437418084 bytes
Number of configured static peer VTEPs: 0
Number of discovered peer VTEPs: 1
Number of VNIs attached to nve 1: 2
vni 2: segment-id 5002, mcast-group 239.1.2.3
vni 1: segment-id 5001, mcast-group 239.1.2.3
See the following output for the show nve 1 summary command:
ciscoasa# show nve 1 summary
nve 1, source-interface "inside" is up
Number of configured static peer VTEPs: 0
Number of discovered peer VTEPs: 1
Default multicast group: 239.1.2.3
Number of VNIs attached to nve 1: 2
Related Commands
|
|
debug vxlan |
Debugs VXLAN traffic. |
default-mcast-group |
Specifies a default multicast group for all VNI interfaces associated with the VTEP source interface. |
encapsulation vxlan |
Sets the NVE instance to VXLAN encapsulation. |
inspect vxlan |
Enforces compliance with the standard VXLAN header format. |
interface vni |
Creates the VNI interface for VXLAN tagging. |
mcast-group |
Sets the multicast group address for the VNI interface. |
nve |
Specifies the Network Virtualization Endpoint instance. |
nve-only |
Specifies that the VXLAN source interface is NVE-only. |
peer ip |
Manually specifies the peer VTEP IP address. |
segment-id |
Specifies the VXLAN segment ID for a VNI interface. |
show arp vtep-mapping |
Displays MAC addresses cached on the VNI interface for IP addresses located in the remote segment domain and the remote VTEP IP addresses. |
show interface vni |
Shows the parameters, status and statistics of a VNI interface, status of its bridged interface (if configured), and NVE interface it is associated with. |
show mac-address-table vtep-mapping |
Displays the Layer 2 forwarding table (MAC address table) on the VNI interface with the remote VTEP IP addresses. |
show vni vlan-mapping |
Shows the mapping between VNI segment IDs and VLAN interfaces or physical interfaces in transparent mode. |
source-interface |
Specifies the VTEP source interface. |
vtep-nve |
Associates a VNI interface with the VTEP source interface. |
vxlan port |
Sets the VXLAN UDP port. By default, the VTEP source interface accepts VXLAN traffic to UDP port 4789. |
show object-group
To display object group information and the relevant hit count if the object group is of the network object-group type, use the show object-group command in privileged EXEC mode.
show object-group [ protocol | service | icmp-type | id object_group_name]
Syntax Description
icmp-type |
(Optional) An ICMP-type object group. |
id object_group_name |
(Optional) Identifies an object group by name. |
protocol |
(Optional) Protocol-type object group. |
service |
(Optional) Service-type object. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
8.3(1) |
This command was added. |
Usage Guidelines
A routine attempt to show object groups also shows the object hit count if the object group is of the network object-group type. Hit counts do not display for other types of object groups.
Examples
The following is sample output from the show object-group command and shows information about the network object group named “Anet”:
ciscoasa# show object-group id Anet
Object-group network Anet (hitcnt=10)
Description OBJ SEARCH ALG APPLIED
network-object 1.1.1.0 255.255.255.0 (hitcnt=4)
network-object 2.2.2.0 255.255.255.0 (hitcnt=6)
The following is sample output from the show object-group command and shows information about a service group:
ciscoasa (config)# show object-group service
object-group service B-Serobj
description its a service group
service-object tcp eq bgp
object-group protocol C-grp-proto
The following is sample output from the show object-group command and shows information about a protocol:
ciscoasa (config)# show object-group protocol
object-group protocol C-grp-proto
Related Commands
|
|
clear object-group |
Clears the network objects hit count for a given object group. |
show access list |
Shows all access lists, relevant expanded access list entries, and hit counts. |
show ospf
To display the general information about the OSPF routing processes, use the show ospf command in privileged EXEC mode.
show ospf [ pid [ area_id ] ]
Syntax Description
area_id |
(Optional) ID of the area that is associated with the OSPF address range. |
pid |
(Optional) The ID of the OSPF process. |
Defaults
Lists all OSPF processes if no pid is specified.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Usage Guidelines
If the pid is included, only information for the specified routing process is included.
Examples
The following is sample output from the show ospf command, showing how to display general information about a specific OSPF routing process:
Routing Process "ospf 5" with ID 127.0.0.1 and Domain ID 0.0.0.5
Supports only single TOS(TOS0) routes
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 0. Checksum Sum 0x 0
Number of opaque AS LSA 0. Checksum Sum 0x 0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 0. 0 normal 0 stub 0 nssa
External flood list length 0
The following is sample output from the show ospf command, showing how to display general information about all OSPF routing processes:
Routing Process "ospf 5" with ID 127.0.0.1 and Domain ID 0.0.0.5
Supports only single TOS(TOS0) routes
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 0. Checksum Sum 0x 0
Number of opaque AS LSA 0. Checksum Sum 0x 0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 0. 0 normal 0 stub 0 nssa
External flood list length 0
Routing Process "ospf 12" with ID 172.23.59.232 and Domain ID 0.0.0.12
Supports only single TOS(TOS0) routes
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 0. Checksum Sum 0x 0
Number of opaque AS LSA 0. Checksum Sum 0x 0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 0. 0 normal 0 stub 0 nssa
External flood list length 0
Related Commands
|
|
router ospf |
Enables OSPF routing and configures global OSPF routing parameters. |
show ospf border-routers
To display the internal OSPF routing table entries to ABRs and ASBRs, use the show ospf border-routers command in privileged EXEC mode.
show ospf border-routers
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Examples
The following is sample output from the show ospf border-routers command:
ciscoasa# show ospf border-routers
OSPF Process 109 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 192.168.97.53 [10] via 192.168.1.53, fifth, ABR, Area 0, SPF 20
i 192.168.103.51 [10] via 192.168.96.51, outside, ASBR, Area 192.168.12.0, SPF 14
i 192.168.103.52 [10] via 192.168.96.51, outside, ABR/ASBR, Area 192.168.12.0, SPF 14
Related Commands
|
|
router ospf |
Enables OSPF routing and configures global OSPF routing parameters. |
show ospf database
To display the information contained in the OSPF topological database on the ASA, use the show ospf database command in privileged EXEC mode.
show ospf [ pid [ area_id ]] database [ router | network | summary | asbr-summary | external | nssa-external ] [ lsid ] [ internal ] [ self-originat e | adv-router addr ]
show ospf [ pid [ area_id ]] database database-summary
Syntax Description
addr |
(Optional) Router address. |
adv-router |
(Optional) Advertised router. |
area_id |
(Optional) ID of the area that is associated with the OSPF address range. |
asbr-summary |
(Optional) Displays an ASBR list summary. |
database |
Displays the database information. |
database-summary |
(Optional) Displays the complete database summary list. |
external |
(Optional) Displays routes external to a specified autonomous system. |
internal |
(Optional) Routes that are internal to a specified autonomous system. |
lsid |
(Optional) LSA ID. |
network |
(Optional) Displays the OSPF database information about the network. |
nssa-external |
(Optional) Displays the external not-so-stubby-area list. |
pid |
(Optional) ID of the OSPF process. |
router |
(Optional) Displays the router. |
self-originate |
(Optional) Displays the information for the specified autonomous system. |
summary |
(Optional) Displays a summary of the list. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Usage Guidelines
The OSPF routing-related show commands are available in privileged mode on the ASA. You do not need to be in an OSPF configuration mode to use the OSPF-related show commands.
Examples
The following is sample output from the show ospf database command:
ciscoasa# show ospf database
OSPF Router with ID(192.168.1.11) (Process ID 1)
Router Link States(Area 0)
Link ID ADV Router Age Seq# Checksum Link count
192.168.1.8 192.168.1.8 1381 0x8000010D 0xEF60 2
192.168.1.11 192.168.1.11 1460 0x800002FE 0xEB3D 4
192.168.1.12 192.168.1.12 2027 0x80000090 0x875D 3
192.168.1.27 192.168.1.27 1323 0x800001D6 0x12CC 3
Link ID ADV Router Age Seq# Checksum
172.16.1.27 192.168.1.27 1323 0x8000005B 0xA8EE
172.17.1.11 192.168.1.11 1461 0x8000005B 0x7AC
Type-10 Opaque Link Area Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Opaque ID
10.0.0.0 192.168.1.11 1461 0x800002C8 0x8483 0
10.0.0.0 192.168.1.12 2027 0x80000080 0xF858 0
10.0.0.0 192.168.1.27 1323 0x800001BC 0x919B 0
10.0.0.1 192.168.1.11 1461 0x8000005E 0x5B43 1
The following is sample output from the show ospf database asbr-summary command:
ciscoasa# show ospf database asbr-summary
OSPF Router with ID(192.168.239.66) (Process ID 300)
Summary ASB Link States(Area 0.0.0.0)
Routing Bit Set on this LSA
Options: (No TOS-capability)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 172.16.245.1 (AS Boundary Router address)
Advertising Router: 172.16.241.5
The following is sample output from the show ospf database router command:
ciscoasa# show ospf database router
OSPF Router with id(192.168.239.66) (Process ID 300)
Router Link States(Area 0.0.0.0)
Routing Bit Set on this LSA
Options: (No TOS-capability)
Link State ID: 10.187.21.6
Advertising Router: 10.187.21.6
Link connected to: another Router (point-to-point)
(link ID) Neighboring Router ID: 10.187.21.5
(Link Data) Router Interface address: 10.187.21.6
The following is sample output from the show ospf database network command:
ciscoasa# show ospf database network
OSPF Router with id(192.168.239.66) (Process ID 300)
Displaying Net Link States(Area 0.0.0.0)
Options: (No TOS-capability)
Link State ID: 10.187.1.3 (address of Designated Router)
Advertising Router: 192.168.239.66
Network Mask: 255.255.255.0
Attached Router: 192.168.239.66
Attached Router: 10.187.241.5
Attached Router: 10.187.1.1
Attached Router: 10.187.54.5
Attached Router: 10.187.1.5
The following is sample output from the show ospf database summary command:
ciscoasa# show ospf database summary
OSPF Router with id(192.168.239.66) (Process ID 300)
Displaying Summary Net Link States(Area 0.0.0.0)
Options: (No TOS-capability)
LS Type: Summary Links(Network)
Link State ID: 10.187.240.0 (summary Network Number)
Advertising Router: 10.187.241.5
Network Mask: 255.255.255.0 TOS: 0 Metric: 1
The following is sample output from the show ospf database external command:
ciscoasa# show ospf database external
OSPF Router with id(192.168.239.66) (Autonomous system 300)
Displaying AS External Link States
Options: (No TOS-capability)
LS Type: AS External Link
Link State ID: 172.16.0.0 (External Network Number)
Advertising Router: 10.187.70.6
Network Mask: 255.255.0.0
Metric Type: 2 (Larger than any link state path)
Related Commands
|
|
router ospf |
Enables OSPF routing and configures global OSPF routing parameters. |
show ospf events
To display OSPF internal event information, use the show ospf events command in user EXEC or privileged EXEC mode.
show ospf [ process_id ] events [ type ]
Syntax Description
process_id |
(Optional) Specifies an internal ID that is locally assigned and can be any positive integer. This ID is the number assigned administratively when the OSPF routing process is enabled. |
type |
(Optional) A list of the event types you want to see. If you do not specify one or more types, you see all events. You can filter on the following types:
- generic —Generic events.
- interface —Interface state change events.
- lsa —LSA arrival and LSA generation events.
- neighbor —Neighbor state change events.
- reverse —Show events in reverse order.
- rib —Router Information Base update, delete and redistribution events.
- spf —SPF scheduling and SPF run events.
|
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
|
|
|
|
|
|
|
|
|
Privileged EXEC |
|
— |
|
|
— |
User EXEC |
|
— |
|
|
— |
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Examples
The following is sample output from the show ospf events command:
ciscoasa# show ospf events
OSPF Router with ID (192.168.77.1) (Process ID 5)
1 Apr 27 16:33:23.556: RIB Redist, dest 0.0.0.0, mask 0.0.0.0, Up
2 Apr 27 16:33:23.556: Rescanning RIB: 0x00x0
3 Apr 27 16:33:23.556: Service Redist scan: 0x00x0
Related Commands
|
|
show ospf |
Shows all settings in the OSPF routing process. |
show ospf border-routers |
Shows the internal OSPF routing table entries to an area border router (ABR) and an autonomous system boundary router (ASBR). |
show ospf flood-list
To display a list of OSPF LSAs waiting to be flooded over an interface, use the show ospf flood-list command in privileged EXEC mode.
show ospf flood-list interface_name
Syntax Description
interface_name |
The name of the interface for which to display neighbor information. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Usage Guidelines
The OSPF routing-related show commands are available in privileged mode on the ASA. You do not need to be in an OSPF configuration mode to use the OSPF-related show commands.
Examples
The following is sample output from the show ospf flood-list command:
ciscoasa# show ospf flood-list outside
Interface outside, Queue length 20
Link state flooding due in 12 msec
Type LS ID ADV RTR Seq NO Age Checksum
5 10.2.195.0 192.168.0.163 0x80000009 0 0xFB61
5 10.1.192.0 192.168.0.163 0x80000009 0 0x2938
5 10.2.194.0 192.168.0.163 0x80000009 0 0x757
5 10.1.193.0 192.168.0.163 0x80000009 0 0x1E42
5 10.2.193.0 192.168.0.163 0x80000009 0 0x124D
5 10.1.194.0 192.168.0.163 0x80000009 0 0x134C
Related Commands
|
|
router ospf |
Enables OSPF routing and configures global OSPF routing parameters. |
show ospf interface
To display the OSPF-related interface information, use the show ospf interface command in privileged EXEC mode.
show ospf interface [ interface_name ]
Syntax Description
interface_name |
(Optional) Name of the interface for which to display the OSPF-related information. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Usage Guidelines
When used without the interface_name argument, the OSPF information for all interfaces is shown.
Examples
The following is sample output from the show ospf interface command:
ciscoasa# show ospf interface outside
out is up, line protocol is up
Internet Address 10.0.3.4 mask 255.255.255.0, Area 0
Process ID 2, Router ID 10.0.3.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State WAITING, Priority 1
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10 msec, Dead 1, Wait 1, Retransmit 5
Wait time before Designated router selection 0:00:11
Index 1/1, flood queue length 0
Next 0x00000000(0)/0x00000000(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Related Commands
|
|
interface |
Enters interface configuration mode. |
show ospf neighbor
To display the OSPF-neighbor information on a per-interface basis, use the show ospf neighbor command in privileged EXEC mode.
show ospf neighbor [ detail | interface_name [ nbr_router_id ]]
Syntax Description
detail |
(Optional) Lists detail information for the specified router. |
interface_name |
(Optional) Name of the interface for which to display neighbor information. |
nbr_router_id |
(Optional) Router ID of the neighbor router. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Examples
The following is sample output from the show ospf neighbor command. It shows how to display the OSPF-neighbor information on a per-interface basis.
ciscoasa# show ospf neighbor outside
Neighbor 192.168.5.2, interface address 10.225.200.28
In the area 0 via interface outside
Neighbor priority is 1, State is FULL, 6 state changes
DR is 10.225.200.28 BDR is 10.225.200.30
Dead timer due in 00:00:36
Neighbor is up for 00:09:46
Index 1/1, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
The following is sample output from the show ospf neighbor detail command. It shows how to display the detailed information for the specified OSPF-neighbor.
ciscoasa# show ospf neighbor detail
Neighbor 25.1.1.60, interface address 15.1.1.60
In the area 0 via interface inside
Neighbor priority is 1, State is FULL, 46 state changes
DR is 15.1.1.62 BDR is 15.1.1.60
Options is 0x12 in Hello (E-bit, L-bit)
Options is 0x52 in DBD (E-bit, L-bit, O-bit)
LLS Options is 0x1 (LR), last OOB-Resync 00:03:07 ago
Dead timer due in 0:00:24
Neighbor is up for 01:42:15
Index 5/5, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Related Commands
|
|
neighbor |
Configures OSPF routers interconnecting to non-broadcast networks. |
router ospf |
Enables OSPF routing and configures global OSPF routing parameters. |
show ospf nsf
To display the OSPFv2 related NSF information, use the show ospf nsf command in privileged EXEC mode.
show ospf nsf
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
9.3(1) |
This command was added. |
Examples
The following is sample output from the show ospf nsf command:
Routing Process "ospf 10"
Non-Stop Forwarding enabled
Clustering is not configured in spanned etherchannel mode
IETF NSF helper support enabled
Cisco NSF helper support enabled
Handle 1, Router ID 25.1.1.60, checkpoint Router ID 0.0.0.0
Config wait timer interval 10, timer not running
Dbase wait timer interval 120, timer not running
Related Commands
|
|
nsf cisco |
Enables Cisco NSF on NSF-capable router. |
router ospf |
Enables OSPF routing and configures global OSPF routing parameters. |
show ospf request-list
To display a list of all LSAs that are requested by a router, use the show ospf request-list command in privileged EXEC mode.
show ospf request-list nbr_router_id interface_name
Syntax Description
interface_name |
Name of the interface for which to display neighbor information. Displays the list of all LSAs that are requested by the router from this interface. |
nbr_router_id |
Router ID of the neighbor router. Displays the list of all LSAs that are requested by the router from this neighbor. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Examples
The following is sample output from the show ospf request-list command:
ciscoasa# show ospf request-list 192.168.1.12 inside
OSPF Router with ID (192.168.1.11) (Process ID 1)
Neighbor 192.168.1.12, interface inside address 172.16.1.12
Type LS ID ADV RTR Seq NO Age Checksum
1 192.168.1.12 192.168.1.12 0x8000020D 8 0x6572
Related Commands
|
|
show ospf retransmission-list |
Displays a list of all LSAs waiting to be resent. |
show ospf retransmission-list
To display a list of all LSAs waiting to be resent, use the show ospf retransmission-list command in privileged EXEC mode.
show ospf retransmission-list nbr_router_id interface_name
Syntax Description
interface_name |
Name of the interface for which to display neighbor information. |
nbr_router_id |
Router ID of the neighbor router. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Usage Guidelines
The OSPF routing-related show commands are available in privileged mode on the ASA. You do not need to be in an OSPF configuration mode to use the OSPF-related show commands.
The nbr_router_id argument displays the list of all LSAs that are waiting to be resent for this neighbor.
The interface_name argument displays the list of all LSAs that are waiting to be resent for this interface.
Examples
The following is sample output from the show ospf retransmission-list command, where the nbr_router_id argument is 192.168.1.11 and the if_name argument is outside:
ciscoasa# show ospf retransmission-list 192.168.1.11 outside
OSPF Router with ID (192.168.1.12) (Process ID 1)
Neighbor 192.168.1.11, interface outside address 172.16.1.11
Link state retransmission due in 3764 msec, Queue length 2
Type LS ID ADV RTR Seq NO Age Checksum
1 192.168.1.12 192.168.1.12 0x80000210 0 0xB196
Related Commands
|
|
show ospf request-list |
Displays a list of all LSAs that are requested by a router. |
show ospf rib
To display the OSPF Router Information Base (RIB), use the show ospf rib command in privileged EXEC mode.
show ospf [ pid [ area_id ] ] rib [ network_prefix [ network_mask ] | detail | redistribution [ network_prefix [ network_mask ] | detail ]]
Syntax Description
area_id |
(Optional) ID of the area that is associated with the OSPF address range. |
pid |
(Optional) The ID of the OSPF process. |
network_prefix [ network_mask ] |
(Optional) The network prefix and optionally the mask of the route you want to view, for example: 10.100.10.1 10.100.10.0 255.255.255.0 |
detail |
(Optional) Display detailed information about the RIB. |
redistribution |
(Optional) Display redistribution information. You can also specify the network prefix and mask or detail keyword after the redistribution keyword. |
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
show ospf statistics
To display various OSPF statistics, use the show ospf statistics command in user EXEC or privileged EXEC mode.
show ospf [ process_id ] statistics [ detail ]
Syntax Description
detail |
(Optional) Specifies detailed SPF information, including the trigger points. |
process_id |
(Optional) Specifies an internal ID that is locally assigned and can be any positive integer. This ID is the number assigned administratively when the OSPF routing process is enabled. |
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
|
|
|
|
|
|
|
|
|
Privileged EXEC |
|
— |
|
|
— |
User EXEC |
|
— |
|
|
— |
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Usage Guidelines
Use this command to list the number of times SPF was executed, the reasons, and the duration.
Examples
The following is sample output from the show ospf statistics command:
ciscoasa# show ospf 10 statistics detail
Area 10: SPF algorithm executed 6 times
SPF 1 executed 04:36:56 ago, SPF type Full
SPF calculation time (in msec):
SPT Prefix D-Int Sum D-Sum Ext D-Ext Total
RIB manipulation time (in msec):
LSIDs processed R:1 N:0 Prefix:0 SN:0 SA:0 X7:0
Changed LSAs. Recorded is Advertising Router, LSID and LS type:
49.100.168.192/0(R) 49.100.168.192/2(L)
SPF 2 executed 04:35:50 ago, SPF type Full
SPF calculation time (in msec):
SPT Prefix D-Int Sum D-Sum Ext D-Ext Total
RIB manipulation time (in msec):
LSIDs processed R:2 N:1 Prefix:0 SN:0 SA:0 X7:0
Changed LSAs. Recorded is Advertising Router, LSID and LS type:
50.100.168.192/0(R) 50.100.168.192/2(L) 49.100.168.192/0(R) 50.100.168.192/0(R)
Related Commands
|
|
show ospf |
Shows all settings in the OSPF routing process. |
show ospf border-routers |
Shows the internal OSPF routing table entries to an area border router (ABR) and an autonomous system boundary router (ASBR). |
show ospf summary-address
To display a list of all summary address redistribution information that is configured under an OSPF process, use the show ospf summary-address command in privileged EXEC mode.
show ospf summary-address
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
MSupport for multiple context mode was added. |
Examples
The following shows sample output from the show ospf summary-address command. It shows how to display a list of all summary address redistribution information before a summary address has been configured for an OSPF process with the ID of 5.
ciscoasa# show ospf 5 summary-address
OSPF Process 2, Summary-address
10.2.0.0/255.255.0.0 Metric -1, Type 0, Tag 0
10.2.0.0/255.255.0.0 Metric -1, Type 0, Tag 10
Related Commands
|
|
summary-address |
Creates aggregate addresses for OSPF. |
show ospf traffic
To display a list of different types of packets that have been processed (sent or received) by a particular OSPF instance, use the show ospf traffic command in privileged EXEC mode. With this command, you can get a snapshot of the different types of OSPF packets that are being processed without enabling debugging. If there are two OSPF instances configured, the show ospf traffic command displays the statistics for both instances with the process ID of each instance. You can also display the statistics for a single instance by using the sho w ospf process_id traffic command.
show ospf traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
9.0(1) |
This command was added. |
Usage Guidelines
With this command, you can get a snapshot of the different types of OSPF packets that are being processed without enabling debugging. If there are two OSPF instances configured, the show ospf traffic command displays the statistics for both instances with the process ID of each instance. You can also display the statistics for a single instance by using the show ospf process_id traffic command.
Examples
The following shows sample output from the show ospf traffic command.
ciscoasa# show ospf traffic
OSPF statistics (Process ID 70):
Rcvd: 244 total, 0 checksum errors
234 hello, 4 database desc, 1 link state req
3 link state updates, 2 link state acks
472 hello, 7 database desc, 1 link state req
3 link state updates, 2 link state acks
Related Commands
|
|
show ospf virtual-links |
Displays the parameters and the current state of OSPF virtual links. |
show ospf virtual-links
To display the parameters and the current state of OSPF virtual links, use the show ospf virtual-links command in privileged EXEC mode.
show ospf virtual-links
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Command History
|
|
7.0(1) |
This command was added. |
9.0(1) |
Support for multiple context mode was added. |
Examples
The following is sample output from the show ospf virtual-links command:
ciscoasa# show ospf virtual-links
Virtual Link to router 192.168.101.2 is up
Transit area 0.0.0.1, via interface Ethernet0, Cost of using 10
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Related Commands
|
|
area virtual-link |
Defines an OSPF virtual link. |