Show Commands

This chapter describes the Cisco NX-OS security show commands.

show aaa accounting

To display authentication, authorization, and accounting (AAA) accounting configuration, use the show aaa accounting command.

show aaa accounting

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the configuration of the accounting log:

switch# show aaa accounting
default: local
switch#
 

 
Related Commands

Command
Description

aaa accounting default

Configures AAA methods for accounting.

show aaa authentication

To display authentication, authorization, and accounting (AAA) authentication configuration information, use the show aaa authentication command.

show aaa authentication login [ error-enable | mschap ]

 
Syntax Description

error-enable

(Optional) Displays the authentication login error message enable configuration.

mschap

(Optional) Displays the authentication login Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) enable configuration.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the configured authentication parameters:

switch# show aaa authentication
default: group t1
console: group t1
switch#
 

This example shows how to display the authentication login error enable configuration:

switch# show aaa authentication login error-enable
disabled
switch#
 

This example shows how to display the authentication login MS-CHAP configuration:

switch# show aaa authentication login mschap
MSCHAP is disabled
switch#
 

 
Related Commands

Command
Description

aaa authentication

Configures AAA authentication methods.

show aaa authorization

To display AAA authorization configuration information, use the show aaa authorization command.

show aaa authorization [ all ]

 
Syntax Description

all

(Optional) Displays configured and default values.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the configured authorization methods:

switch# show aaa authorization
AAA command authorization:
default authorization for config-commands: none
 
switch#
 

 
Related Commands

Command
Description

aaa authorization commands default

Configures default AAA authorization methods for EXEC commands.

aaa authorization config-commands default

Configures default AAA authorization methods for configuration commands.

show aaa groups

To display authentication, authorization, and accounting (AAA) server group configuration, use the show aaa groups command.

show aaa groups

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display AAA group information:

switch# show aaa groups
radius
t1
tacacs
rad1
switch#
 

 
Related Commands

Command
Description

aaa group server radius

Creates a RADIUS server group.

show aaa local user blocked

To display the blocked users, use the show aaa local user blocked command.

show aaa local user blocked

 
Syntax Description

This command has no arguments or keywords.

 
Defaults

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

7.3(0)N1(1)

This command was introduced.

 
Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the blocked users:

switch# show aaa local user blocked
Local-user State
testuser Watched (till 11:34:42 IST Feb 5 2015)
 

 
Related Commands

Command
Description

aaa authentication rejected

Configures the login block per user.

feature cts

Enables the Cisco TrustSec feature.

clear aaa local user blocked

Clears the blocked users.

 

 

show aaa user

To display the status of the default role assigned by the authentication, authorization, and accounting (AAA) server administrator for remote authentication, use the show aaa user command.

show aaa user default-role

 
Syntax Description

default-role

Displays the status of the default AAA role.

 
Command Default

None

 
Command Modes

EXEC mode.

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the status of the default role assigned by the AAA server administrator for remote authentication:

switch# show aaa user default-role
enabled
switch#
 

 
Related Commands

Command
Description

aaa user default-role

Configures the default user for remote authentication.

show aaa authentication

Displays AAA authentication information.

show access-class

To display all IPv4 access classes configured for VTY, use the show access-class command.

show access-class [ access-class-name ]

 
Syntax Description

access-class-name

(Optional) Name of the access class, which can be up to 64 alphanumeric, case-sensitive characters.

 
Command Default

The switch shows all ACLs unless you use the access-class-name argument to specify an ACL.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

5.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display all access classes configured for VTY on the switch:

switch# show access-class
 
switch#
 

 
Related Commands

Command
Description

access-class

Configures an access class for VTY.

show ip access-class

Displays all IPv4 and IPv6 access classes for VTY.

show running-config aclmgr

Displays all ACLs in the running configuration.

show access-lists

To display all IPv4 and MAC access control lists (ACLs) or a specific ACL, use the show access-lists command.

show access-lists [ access-list-name ]

 
Syntax Description

access-list-name

(Optional) Name of an ACL, which can be up to 64 alphanumeric, case-sensitive characters.

 
Command Default

The switch shows all ACLs unless you use the access-list-name argument to specify an ACL.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display all IPv4 and MAC ACLs on the switch:

switch# show access-lists
 

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

switch# show access-lists
 
IP access list BulkData
10 deny ip any any
IP access list CriticalData
10 deny ip any any
IP access list Scavenger
10 deny ip any any
MAC access list acl-mac
10 permit any any
IP access list denyv4
20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments
30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400
40 permit icmp any any router-advertisement
60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn
70 permit igmp any any host-report
80 deny tcp any any rst
90 deny tcp any any ack
100 permit tcp any any fin
110 permit tcp any gt 300 any lt 400
130 deny tcp any range 200 300 any lt 600
140 deny tcp any range 200 300 any lt 600
IP access list dot
statistics per-entry
10 permit ip 20.1.1.1 255.255.255.0 20.10.1.1 255.255.255.0 precedence f
lash-override
20 deny ip 20.1.1.1/24 20.10.1.1/24 fragments
30 permit tcp any any fragments
40 deny tcp any eq 400 any eq 500
IP access list ipPacl
statistics per-entry
10 deny tcp any eq 400 any eq 500
IP access list ipv4
10 permit ip 10.10.10.1 225.255.255.0 any fragments
20 permit ip any any dscp ef
IP access list ipv4Acl
10 permit ip 10.10.10.1/32 10.10.10.2/32
MAC access list test
statistics per-entry
10 deny 0000.1111.2222 0000.0000.0000 0000.1111.3333 ffff.0000.0000
IP access list voice
10 remark - avaya rtp range
20 permit udp any range 49072 50175 any range 49072 50175 dscp ef
30 permit udp any range 49072 50175 any range 50176 50353 dscp ef
40 permit udp any range 50176 50353 any range 49072 50175 dscp ef
50 permit udp any range 50176 50353 any range 50176 50353 dscp ef
60 permit udp any range 2048 2815 any range 2048 2815 dscp ef
70 permit udp any range 2048 2815 any range 2816 3028 dscp ef
80 permit udp any range 2816 3028 any range 2816 3028 dscp ef
90 permit udp any range 2816 3028 any range 2048 2815 dscp ef
100 remark -- cisco rtp range
switch#
 

 
Related Commands

Command
Description

ip access-list

Configures an IPv4 ACL.

mac access-list

Configures a MAC ACL.

show ip access-lists

Displays all IPv4 ACLs or a specific IPv4 ACL.

show mac access-lists

Displays all MAC ACLs or a specific MAC ACL.

show accounting log

To display the accounting log contents, use the show accounting log command.

show accounting log [ size ] [ start-time year month day HH : MM : SS ] [ end-time year month day HH : MM : SS ]

 
Syntax Description

size

(Optional) Amount of the log to display in bytes. The range is from 0 to 250000.

start-time year month day HH : MM : SS

(Optional) Specifies a start time. The year argument is in yyyy format. The month is the three-letter English abbreviation. The day argument range is from 1 to 31. The HH : MM : SS argument is in standard 24-hour format.

end-time year month day HH : MM : SS

(Optional) Specifies an end time. The year argument is in yyyy format. The month is the three-letter English abbreviation. The day argument range is from 1 to 31. The HH : MM : SS argument is in standard 24-hour format.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the entire accounting log:

switch# show accounting log
 

In Cisco NX-OS Release, this command displays the following output:

switch# show accounting log
 
Mon Aug 16 09:37:43 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; interface vfc3 ; bind interface Ethernet1/12 (SUCCESS)
Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; interface vfc3 ; no shutdown (REDIRECT)
Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=Inte
rface vfc3 state updated to up
Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; interface vfc3 ; no shutdown (SUCCESS)
Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; interface vfc3 ; no shutdown (SUCCESS)
Mon Aug 16 09:48:05 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; interface Ethernet2/1 (SUCCESS)
Mon Aug 16 09:55:27 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; vtp mode client (FAILURE)
Mon Aug 16 09:55:35 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; vtp mode server (FAILURE)
Mon Aug 16 10:03:46 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; no vtp mode (FAILURE)
Mon Aug 16 10:04:11 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; vtp mode transparent (SUCCESS)
Mon Aug 16 10:04:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; vtp domain MyDomain (SUCCESS)
Mon Aug 16 10:04:39 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; vtp password MyPass (SUCCESS)
Mon Aug 16 10:05:17 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; no vtp password (SUCCESS)
Mon Aug 16 10:06:46 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; vtp pruning (SUCCESS)
Mon Aug 16 10:09:11 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf
igure terminal ; interface Ethernet1/12 (SUCCESS)
Mon Aug 16 10:32:33 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=clea
r vtp counters (SUCCESS)
Mon Aug 16 10:35:20 2010:type=stop:id=72.163.177.184@pts/0:user=admin:cmd=shell
terminated because of telnet closed
--More--
switch#
 

This example shows how to display 400 bytes of the accounting log:

switch# show accounting log 400
 

This example shows how to display the accounting log starting at 16:00:00 on February 16, 2008:

switch# show accounting log start-time 2008 Feb 16 16:00:00
 

This example shows how to display the accounting log starting at 15:59:59 on February 1, 2008 and ending at 16:00:00 on February 29, 2008:

switch# show accounting log start-time 2008 Feb 1 15:59:59 end-time 2008 Feb 29 16:00:00
 

 
Related Commands

Command
Description

clear accounting log

Clears the accounting log.

show checkpoint

To display the configuration at the time a checkpoint was implemented, use the show checkpoint command.

show checkpoint [ checkpoint-name ] [ all [ system | user ]]

 
Syntax Description

checkpoint-name

(Optional) Checkpoint name. The name can be a maximum of 32 characters.

all

(Optional) Displays user-configured and system-configured checkpoints.

system

(Optional) Displays all system-configured checkpoints.

user

(Optional) Displays all user-configured checkpoints.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

The command output displays a history of the most recent (up to ten) checkpoint IDs. The checkpoint IDs represent the rollback points that allow the user to restore the system to a checkpoint configuration.

Examples

This example shows how to display the rollback checkpoints configured in the local switch:

switch# show checkpoint
--------------------------------------------------------------------------------
Name: chkpnt-1
 
 
!Command: Checkpoint cmd vdc 1
!Time: Mon Sep 6 09:40:47 2010
 
version 5.0(2)N1(1)
feature telnet
feature tacacs+
cfs eth distribute
feature private-vlan
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature fex
 
username adminbackup password 5 ! role network-operator
username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin
no password strength-check
ip domain-lookup
ip domain-lookup
hostname switch
ip access-list ip1
class-map type qos class-fcoe
match cos 4
class-map type qos match-all cq1
match cos 4
match precedence 7
class-map type qos match-all cq2
match cos 5
match dscp 10
class-map type qos match-any cq3
match precedence 7
 
<--output truncated-->
switch#
 

This example shows how to display information about a specific checkpoint:

switch# show checkpoint chkpnt-1
--------------------------------------------------------------------------------
Name: chkpnt-1
 
 
!Command: Checkpoint cmd vdc 1
!Time: Mon Sep 6 09:40:47 2010
 
version 5.0(2)N1(1)
feature telnet
feature tacacs+
cfs eth distribute
feature private-vlan
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature fex
 
username adminbackup password 5 ! role network-operator
username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin
no password strength-check
ip domain-lookup
ip domain-lookup
hostname switch
ip access-list ip1
class-map type qos class-fcoe
match cos 4
class-map type qos match-all cq1
match cos 4
match precedence 7
--More--
switch#
 

This example shows how to display all configured rollback checkpoints:

switch# show checkpoint all
 

 
Related Commands

Command
Description

checkpoint

Creates a checkpoint.

rollback

Rolls back the configuration to any of the saved checkpoints.

show checkpoint summary

Displays configuration rollback checkpoints summary.

show checkpoint system

Displays system-defined rollback checkpoints.

show checkpoint user

Displays user-configured rollback checkpoints.

show checkpoint summary

To display a summary of the configured checkpoints, use the show checkpoint summary command.

show checkpoint summary [ system | user ]

 
Syntax Description

system

(Optional) Displays a summary of the system-configured checkpoints.

user

(Optional) Displays a summary of the user-configured checkpoints.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the configuration rollback checkpoints summary:

switch# show checkpoint summary
User Checkpoint Summary
User Checkpoint Summary
--------------------------------------------------------------------------------
1) chkpnt-1:
Created by admin
Created at Tue, 08:10:23 14 Sep 2010
Size is 21,508 bytes
Description: Checkpoint to save current configuration, Sep 9 10:02 A.M.
 
2) chkpnt-2:
Created by admin
Created at Tue, 08:11:46 14 Sep 2010
Size is 21,536 bytes
Description: None
 
3) user-checkpoint-4:
Created by admin
Created at Tue, 08:16:48 14 Sep 2010
Size is 21,526 bytes
Description: None
 
switch#
 

This example shows how to display the summary of the system-configured rollback checkpoints:

switch# show checkpoint summary system
 

This example shows how to display the summary of the user-configured rollback checkpoints:

switch# show checkpoint summary user
--------------------------------------------------------------------------------
1) chkpnt-1:
Created by admin
Created at Tue, 08:10:23 14 Sep 2010
Size is 21,508 bytes
Description: Checkpoint to save current configuration, Sep 9 10:02 A.M.
 
2) chkpnt-2:
Created by admin
Created at Tue, 08:11:46 14 Sep 2010
Size is 21,536 bytes
Description: None
 
3) user-checkpoint-4:
Created by admin
Created at Tue, 08:16:48 14 Sep 2010
Size is 21,526 bytes
Description: None
 
switch#
 

 
Related Commands

Command
Description

checkpoint

Creates a checkpoint.

rollback

Rolls back the configuration to any of the saved checkpoints.

show checkpoint

Displays rollback checkpoints.

show checkpoint system

Displays system-defined rollback checkpoints.

show checkpoint user

Displays user-configured rollback checkpoints.

show checkpoint system

To display only the system-configured checkpoints, use the show checkpoint system command.

show checkpoint system

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the rollback checkpoints defined by the system:

switch# show checkpoint system
 

 
Related Commands

Command
Description

checkpoint

Creates a checkpoint.

rollback

Rolls back the configuration to any of the saved checkpoints.

show checkpoint

Displays rollback checkpoints.

show checkpoint user

Displays user-configured rollback checkpoints.

show checkpoint user

To display only the user-configured checkpoints, use the show checkpoint user command.

show checkpoint user

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the rollback checkpoints configured by the current user:

switch# show checkpoint user
--------------------------------------------------------------------------------
Name: myChkpoint
 
 
!Command: Checkpoint cmd vdc 1
!Time: Mon Sep 6 09:40:47 2010
 
version 5.0(2)N1(1)
feature telnet
feature tacacs+
cfs eth distribute
feature private-vlan
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature fex
 
username adminbackup password 5 ! role network-operator
username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin
no password strength-check
ip domain-lookup
ip domain-lookup
hostname switch
ip access-list ip1
class-map type qos class-fcoe
match cos 4
class-map type qos match-all cq1
match cos 4
match precedence 7
 
<--output truncated-->
switch#
 

 
Related Commands

Command
Description

checkpoint

Creates a checkpoint.

rollback

Rolls back the configuration to any of the saved checkpoints.

show checkpoint

Displays rollback checkpoints.

show checkpoint summary

Displays a summary of all configured rollback checkpoints.

show checkpoint system

Displays system-defined rollback checkpoints.

show diff rollback-patch checkpoint

To display the configuration differences between two checkpoints, use the show diff rollback-patch checkpoint command.

show diff rollback-patch checkpoint src-checkpoint-name checkpoint dest-checkpoint-name

 
Syntax Description

src-checkpoint-name

Source checkpoint name. The name can be a maximum of 32 characters.

dest-checkpoint-name

Destination checkpoint name. The name can be a maximum of 32 characters.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

Use this command to view the differences between the source and destination checkpoints that reference current or saved configurations. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the changes between two checkpoints, chkpnt-1 and chkpnt-2:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint chkpnt-2
<-- modify configuration in running configuration--->
switch# checkpoint
...
user-checkpoint-4 created Successfully
 
Done
switch#
<-- modify configuration in running configuration--->
switch# show diff rollback-patch checkpoint user-checkpoint-4 checkpoint chkpnt-1
#Generating Rollback Patch
 
!!
interface Ethernet1/2
no untagged cos
no description Sample config
exit
!
interface Ethernet1/2
channel-group 1
!
line vty
switch# rollback chkpnt-1
switch#
 

 
Related Commands

Command
Description

checkpoint

Creates a checkpoint.

rollback

Rolls back the configuration to any of the saved checkpoints.

show checkpoint

Displays checkpoint information.

show diff rollback-patch file

Displays the differences between the current checkpoint file and the saved configuration.

show diff rollback-patch running-config

Displays the differences between the current running configuration and the saved checkpoint configuration.

show diff rollback-patch file

To display the differences between the two checkpoint configuration files, use the show diff rollback-patch file command.

show diff rollback-patch file { bootflash: | volatile: }[ // server ][ directory / ][ src-filename ] { checkpoint dest-checkpoint-name | file { bootflash: | volatile: }[ // server ][ directory / ][ dest-filename ] | running-config | startup-config }

 
Syntax Description

bootflash:

Specifies the bootflash local writable storage file system.

volatile:

Specifies the volatile local writable storage file system.

// server

(Optional) Name of the server. Valid values are ///, //module-1/, //sup-1/, //sup-active/, or //sup-local/. The double slash (//) is required.

directory /

(Optional) Name of a directory. The directory name is case sensitive.

src-filename

(Optional) Name of the source checkpoint configuration file. The filename is case sensitive.

dest-filename

(Optional) Name of the destination checkpoint configuration file. The filename is case sensitive.

checkpoint

Specifies a destination checkpoint.

dest-checkpoint-name

Destination checkpoint name. The name can be a maximum of 32 characters.

file

Specifies the destination checkpoint file.

running-config

Specifies that the running configuration be used as the destination.

startup-config

Specifies that the startup configuration be used as the destination.


Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).


 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

Use this command to view the differences between the source and destination checkpoint configuration files that reference current or saved configurations. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the changes between two checkpoint configurations stored in files in the bootflash storage system:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt
<-- modify configuration in running configuration--->
switch# checkpoint chkpnt-2
switch# show diff rollback-patch file bootflash:///chkpnt_configSep9-2.txt file bootflash:///chkpnt_configSep9-1.txt
 
switch# rollback file bootflash:///chkpnt_configSep9-1.txt
switch#
 

 
Related Commands

Command
Description

rollback

Rolls back the switch to any of the saved checkpoints.

show checkpoint

Displays checkpoint information.

show diff rollback-patch checkpoint

Displays the differences between the current checkpoint and the saved configuration.

show diff rollback-patch running-config

Displays the differences between the current running configuration and the saved checkpoint configuration.

show diff rollback-patch running-config

To display the differences between the current running configuration and the saved (checkpointed) configuration, use the show diff rollback-patch running-config command.

show diff rollback-patch running-config { checkpoint checkpoint-name | file { bootflash: | volatile: }[ // server ][ directory / ][ filename ] | running-config | startup-config }

 
Syntax Description

checkpoint

Specifies that the checkpoint be used as the destination in the comparison.

checkpoint-name

Checkpoint name. The name can be a maximum of 32 characters.

file

Specifies that the checkpoint configuration file be used as the destination in the comparison.

bootflash:

Specifies the bootflash local writable storage file system.

volatile:

Specifies the volatile local writable storage file system.

// server

(Optional) Name of the server. Valid values are ///, //module-1/, //sup-1/, //sup-active/, or //sup-local/. The double slash (//) is required.

directory /

(Optional) Name of a directory. The directory name is case sensitive.

filename

(Optional) Name of the checkpoint configuration file. The filename is case sensitive.

running-config

Specifies that the running configuration be used as the destination in the comparison.

startup-config

Specifies that the startup configuration be used as the destination in the comparison.


Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).


 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

Use this command to view the differences between the current running configuration and destination checkpoints that reference a saved configuration. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the configuration changes between the current running configuration and a checkpoint named chkpnt-1:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint chkpnt-2
<-- modify configuration in running configuration--->
switch# show diff rollback-patch running-config checkpoint chkpnt-1
Collecting Running-Config
#Generating Rollback Patch
 
!!
interface Ethernet1/2
no description Sample config
exit
switch#
 

This example shows how to view the configuration changes between the current running configuration and a saved configuration in the bootflash storage system:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt
<-- modify configuration in running configuration--->
switch# show diff rollback-patch running-config file chkpnt_configSep9-1.txt
 

This example shows how to view the configuration changes between the current running configuration and a checkpointed running configuration:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt
<-- modify configuration in running configuration--->
switch# show diff rollback-patch running-config running-config
 

This example shows how to view the configuration changes between the current running configuration and a saved startup configuration:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
<-- modify configuration in running configuration--->
switch# copy running-config startup-config
switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt
<-- modify configuration in running configuration--->
switch# checkpoint chkpnt-2
switch# show diff rollback-patch running-config startup-config
Collecting Running-Config
Collecting Startup-Config
#Generating Rollback Patch
 
!!
interface Ethernet1/2
no untagged cos
no description Sample config
exit
password strength-check
no username admin
no username adminbackup
!
interface Ethernet1/2
channel-group 1
no feature ssh
no feature telnet
switch#
 

 
Related Commands

Command
Description

rollback

Rolls back the switch to any of the saved checkpoints.

show checkpoint

Displays checkpoint information.

show diff rollback-patch checkpoint

Displays the differences between the current checkpoint and the saved configuration.

show diff rollback-patch file

Displays the differences between the current checkpoint file and the saved configuration.

show diff rollback-patch startup-config

Displays the differences between the current startup configuration and the saved checkpoint configuration.

show diff rollback-patch startup-config

To display the differences between the current startup configuration and the saved (checkpointed) configuration, use the show diff rollback-patch startup-config command.

show diff rollback-patch startup-config { checkpoint checkpoint-name | file { bootflash: | volatile: }[ // server ][ directory / ][ filename ] | running-config | startup-config }

 
Syntax Description

checkpoint

Specifies that the checkpoint be used as the destination in the comparison.

checkpoint-name

Checkpoint name. The name can be a maximum of 32 characters.

file

Specifies that the checkpoint configuration file be used as the destination in the comparison.

bootflash:

Specifies the bootflash local writable storage file system.

volatile:

Specifies the volatile local writable storage file system.

// server

(Optional) Name of the server. Valid values are ///, //module-1/, //sup-1/, //sup-active/, or //sup-local/. The double slash (//) is required.

directory /

(Optional) Name of a directory. The directory name is case sensitive.

filename

(Optional) Name of the checkpoint configuration file. The filename is case sensitive.

running-config

Specifies that the running configuration be used as the destination in the comparison.

startup-config

Specifies that the startup configuration be used as the destination in the comparison.


Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).


 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

Use this command to view the differences between the current startup configuration and destination checkpoints that reference a saved configuration. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the configuration changes between the current startup configuration and a checkpoint named chkpnt-1:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint chkpnt-2
<-- modify configuration in running configuration--->
switch# copy running-config startup-config
switch# show diff rollback-patch startup-config checkpoint chkpnt-1
Collecting Startup-Config
#Generating Rollback Patch
 
!!
!
feature telnet
feature ssh
username adminbackup password 5 ! role network-operator
username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin
no password strength-check
switch#
 

This example shows how to view the configuration changes between the current startup configuration and a saved configuration in the bootflash storage system:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt
<-- modify configuration in running configuration--->
switch# copy running-config startup-config
switch# show diff rollback-patch startup-config file chkpnt_configSep9-1.txt
 
switch#
 

This example shows how to view the configuration changes between the current startup configuration and a checkpointed running configuration:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt
<-- modify configuration in running configuration--->
switch# copy running-config startup-config
<-- modify configuration in running configuration--->
switch# show diff rollback-patch startup-config running-config
Collecting Running-Config
Collecting Startup-Config
#Generating Rollback Patch
 
!!
!
feature telnet
feature ssh
username adminbackup password 5 ! role network-operator
username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin
no password strength-check
switch#
 

This example shows how to view the configuration changes between the current startup configuration and a saved startup configuration:

switch# checkpoint chkpnt-1
<-- modify configuration in running configuration--->
switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt
<-- modify configuration in running configuration--->
switch# copy running-config startup-config
switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt
<-- modify configuration in running configuration--->
switch# show diff rollback-patch startup-config startup-config
Collecting Startup-Config
#Generating Rollback Patch
Rollback Patch is Empty
switch#
 

 
Related Commands

Command
Description

rollback

Rolls back the switch to any of the saved checkpoints.

show checkpoint

Displays checkpoint information.

show diff rollback-patch checkpoint

Displays the differences between the current checkpoint and the saved configuration.

show diff rollback-patch file

Displays the differences between the current checkpoint file and the saved configuration.

show diff rollback-patch running-config

Displays the differences between the current running configuration and the saved checkpoint configuration.

show http-server

To display information about the HTTP or HTTPS configuration, use the show http-server command.

show http-server

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the status of the HTTP server:

switch# show http-server
http-server enabled
switch#
 

 
Related Commands

Command
Description

feature http-server

Enables or disables the HTTP or HTTPS server on the switch.

show hardware profile tcam resource template

To display all the TCAM templates, use the show hardware profile tcam resource template command.

show hardware profile tcam resource template [default | tcam-feature-map | name template-name]

 
Syntax Description

default

Displays information about the default template.

tcam-feature-map

Displays information about TCAM region to feature mapping

name template-name

Displays information about the specified template.

 
Command Default

None

 
Command Modes

Global configuration mode

 
Command History

Release
Modification

7.0(0)N1(1)

This command was introduced.

 
Usage Guidelines

None

Examples

This example shows how to display all the templates:

switch# show hardware profile tcam resource template
Template Type State Vacl Ifacl Rbacl Qos Span Sup TOTAL
------------------------------------------------------------------------------
default system Committed 2048 1152 128 448 64 128 4096
temp1 user Created 1984 1216 128 448 64 256 4096
temp2 user Created 2048 1152 128 448 64 256 4096
 
L3-Card asic values
 
Template Type State ERacl Ifacl IRacl Qos Span Sup TOTAL
------------------------------------------------------------------------------
default system Committed 2048 64 1664 64 64 64 4096
temp1 user Created 1920 64 1792 64 64 64 4096
temp2 user Created 2048 64 1664 64 64 64 4096
------------------------------------------------------------------------------
 

 
Related Commands

Command
Description

hardware profile tcam resource service-template

Commits a template in the running image

 

show ip access-class

To display all IPv4 and IPv6 access classes configured for VTY, use the show ip access-class command.

show ip access-class [ access-class-name ]

 
Syntax Description

access-class-name

(Optional) Name of the access class, which can be up to 64 alphanumeric, case-sensitive characters.

 
Command Default

The switch shows all ACLs unless you use the access-class-name argument to specify an ACL.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

5.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display all IP access classes configured for VTY on the switch:

switch# show ip access-class
 
switch#
 

OUTPUT

 
Related Commands

Command
Description

ip access-class

Configures an IPv4 access class for VTY.

ipv6 access-class

Configures an IPv6 access class for VTY.

show access-class

Displays all access classes for VTY.

show running-config aclmgr

Displays all ACLs in the running configuration.

show ip access-lists

To display all IPv4 access control lists (ACLs) or a specific IPv4 ACL, use the show ip access-lists command.

show ip access-lists [ access-list-name ]

 
Syntax Description

access-list-name

(Optional) Name of an IPv4 ACL, which can be up to 64 alphanumeric, case-sensitive characters.

 
Command Default

The switch shows all IPv4 ACLs unless you use the access-list-name argument to specify an ACL.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

By default, this command displays the IPv4 ACLs configured on the switch. The command displays the statistics information for an IPv4 ACL only if the IPv4 ACL is applied to the management (mgmt0) interface. If the ACL is applied to an SVI interface or in a QoS class map, then the command does not display any statistics information.

Examples

This example shows how to display all IPv4 ACLs on the switch:

switch# show ip access-lists
 

In Cisco NX-OS release 5.0(2)N1(1), this example shows how to display all IPv4 ACLs on the switch:

switch# show ip access-lists
IP access list BulkData
10 deny ip any any
IP access list CriticalData
10 deny ip any any
IP access list Scavenger
10 deny ip any any
IP access list denyv4
20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments
30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400
40 permit icmp any any router-advertisement
60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn
70 permit igmp any any host-report
80 deny tcp any any rst
90 deny tcp any any ack
100 permit tcp any any fin
110 permit tcp any gt 300 any lt 400
130 deny tcp any range 200 300 any lt 600
140 deny tcp any range 200 300 any lt 600
IP access list dot
statistics per-entry
10 permit ip 20.1.1.1 255.255.255.0 20.10.1.1 255.255.255.0 precedence f
lash-override
20 deny ip 20.1.1.1/24 20.10.1.1/24 fragments
30 permit tcp any any fragments
40 deny tcp any eq 400 any eq 500
IP access list ipPacl
statistics per-entry
10 deny tcp any eq 400 any eq 500
IP access list ipv4
10 permit ip 10.10.10.1 225.255.255.0 any fragments
20 permit ip any any dscp ef
IP access list ipv4Acl
10 permit ip 10.10.10.1/32 10.10.10.2/32
IP access list voice
--More--
switch#
 

 
Related Commands

Command
Description

ip access-list

Configures an IPv4 ACL.

show access-lists

Displays all ACLs or a specific ACL.

show mac access-lists

Displays all MAC ACLs or a specific MAC ACL.

show ip arp

To display the Address Resolution Protocol (ARP) table statistics, use the show ip arp command.

show ip arp [ client | [ statistics | summary ] [ ethernet slot / port | loopback intf-num | mgmt mgmt-intf-num | port-channel channel-num | vlan vlan-id ] [ fhrp-non-active-learn ] [ static ] [ detail ] [ vrf { vrf-name | all | default | management }]]

 
Syntax Description

client

(Optional) Displays ARP information for ARP clients.

statistics

(Optional) Display the global ARP statistics on teh switch or the ARP statistics for interfaces.

summary

(Optional) Display the ARP adjacency summary information.

ethernet slot / port

(Optional) Displays the ARP information for an Ethernet interface. The slot number is from 1 to 255 and the port number is from 1 to 128.

loopback intf-num

(Optional) Displays the ARP information for a loopback interface. The loopback interface number is from 0 to 1023.

mgmt mgmt-intf-num

(Optional) Displays the ARP information for a management interface. The interface number is 0.

port-channel channel-num

(Optional) Displays the ARP information for an EtherChannel interface. The channel number range is from 1 to 4096.

vlan vlan-id

(Optional) Displays the ARP information for a specified VLAN. The range is from 1 to 4094, except for the VLANs reserved for internal use.

fhrp-non-active-learn

(Optional) Displays the ARP table information learned only due to a request for a nonactive Cisco First Hop Redundancy Protocol (FHRP) address.

static

(Optional) Displays the static ARP entries.

detail

(Optional) Displays the detailed ARP information.

vrf

(Optional) Specifies the virtual routing and forwarding (VRF) to use.

vrf-name

VRF name. The name can be a maximum of 32 alphanumeric characters and is case sensitive.

all

Displays all VRF entries for the specified VLAN in the ARP table.

default

Displays the default VRF entry for the specified VLAN.

management

Displays the management VRF entry for the specified VLAN.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

You must use the feature interface-vlan command before you can display the ARP information for VLAN interfaces.

Examples

This example shows how to display the ARP table:

switch# show ip arp
 
IP ARP Table for context default
Total number of entries: 1
Address Age MAC Address Interface
90.10.10.2 00:03:11 000d.ece7.df7c Vlan900
switch#
 

This example shows how to display the detailed ARP table:

switch# show ip arp detail
 
IP ARP Table for context default
Total number of entries: 1
Address Age MAC Address Interface Physical Interface
90.10.10.2 00:02:55 000d.ece7.df7c Vlan900 Ethernet1/12
switch#
 

This example shows how to display the ARP table for VLAN 10 and all VRFs:

switch# show ip arp vlan 10 vrf all
 

Table 1 describes the fields shown in the above displays.

 

Table 1 show ip arp Field Descriptions

Field
Description

IP ARP Table

Context in which the ARP table is applied.

Total number of entries

Total number of ARP entries or messages in the ARP table.

Address

IP address of the switch that the ARP table automatically maps to the MAC address of the switch.

Age

Duration since the switch with a MAC address was mapped to the IP address.

MAC Address

MAC address of the switch.

Interface

Switch interface where packets are forwarded.

Physical Interface

Physical interface, which can one of the following: Ethernet, loopback, EtherChannel, management, or VLAN.

 
Related Commands

Command
Description

clear ip arp

Clears the ARP cache and table.

feature interface-vlan

Enables the creation of VLAN interfaces.

show running-config arp

Displays the running ARP configuration.

 

show ip arp inspection

To display the Dynamic ARP Inspection (DAI) configuration status, use the show ip arp inspection command.

show ip arp inspection

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the status of the DAI configuration:

switch# show ip arp inspection
 

 
Related Commands

Command
Description

ip arp inspection vlan

Enables DAI for a specified list of VLANs.

show ip arp inspection interface

Displays the trust state and the ARP packet rate for a specified interface.

show ip arp inspection log

Displays the DAI log configuration.

show ip arp inspection statistics

Displays the DAI statistics.

show ip arp inspection vlan

Displays DAI status for a specified list of VLANs.

show running-config dhcp

Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection interfaces

To display the trust state for the specified interface, use the show ip arp inspection interfaces command.

show ip arp inspection interfaces { ethernet slot / port | port-channel channel-number }

 
Syntax Description

ethernet slot / port

(Optional) Specifies that the output is for an Ethernet interface.

port-channel channel-number

(Optional) Specifies that the output is for a port-channel interface. Valid port-channel numbers are from 1 to 4096.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the trust state for a trusted interface:

switch# show ip arp inspection interfaces ethernet 2/1
 

 
Related Commands

Command
Description

ip arp inspection vlan

Enables Dynamic ARP Inspection (DAI) for a specified list of VLANs.

show ip arp inspection

Displays the DAI configuration status.

show ip arp inspection vlan

Displays DAI status for a specified list of VLANs.

show running-config dhcp

Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection log

To display the Dynamic ARP Inspection (DAI) log configuration, use the show ip arp inspection log command.

show ip arp inspection log

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the DAI log configuration:

switch# show ip arp inspection log
 
Syslog Buffer Size : 12
Syslog Rate : 5 entries per 1 seconds
switch#
 

 
Related Commands

Command
Description

clear ip arp inspection log

Clears the DAI logging buffer.

ip arp inspection log-buffer

Configures the DAI logging buffer size.

show ip arp inspection

Displays the DAI configuration status.

show running-config dhcp

Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection statistics

To display the Dynamic ARP Inspection (DAI) statistics, use the show ip arp inspection statistics command.

show ip arp inspection statistics [ vlan vlan-list ]

 
Syntax Description

vlan vlan-list

(Optional) Specifies the list of VLANs for which to display DAI statistics. Valid VLAN IDs are from 1 to 4094. You can specify a VLAN or range of VLANs.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the DAI statistics for VLAN 1:

switch# show ip arp inspection statistics vlan 1
 

 
Related Commands

Command
Description

clear ip arp inspection statistics vlan

Clears the DAI statistics for a specified VLAN.

show ip arp inspection log

Displays the DAI log configuration.

show running-config dhcp

Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection vlan

To display the Dynamic ARP Inspection (DAI) status for the specified list of VLANs, use the show ip arp inspection vlan command.

show ip arp inspection vlan vlan-list

 
Syntax Description

vlan-list

List of VLANs that have the DAI status. The vlan-list argument allows you to specify a single VLAN ID, a range of VLAN IDs, or comma-separated IDs and ranges. Valid VLAN IDs are from 1 to 4094.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the DAI status for VLAN 1:

switch# show ip arp inspection vlan 1
 
Source Mac Validation : Enabled
Destination Mac Validation : Enabled
IP Address Validation : Enabled
 
Vlan : 1
-----------
Configuration : Disabled
Operation State : Inactive
switch#
 

 
Related Commands

Command
Description

clear ip arp inspection statistics vlan

Clears the DAI statistics for a specified VLAN.

ip arp inspection vlan

Enables DAI for a specified list of VLANs.

show ip arp inspection

Displays the DAI configuration status.

show ip arp inspection interface

Displays the trust state and the ARP packet rate for a specified interface.

show running-config dhcp

Displays DHCP snooping configuration, including the DAI configuration.

 

show ip arp sync-entries

To display the Address Resolution Protocol (ARP) table information after an ARP table synchronization, use the show ip arp sync-entries command.

show ip arp sync-entries [ detail | vrf { vrf-name | all | default | management }]

 
Syntax Description

detail

(Optional) Displays detailed information about the ARP table.

vrf

(Optional) Displays ARP table information for a virtual routing and forwarding (VRF) instance.

vrf-name

VRF name. The name can be a maximum of 32 alphanumeric characters and is case sensitive.

all

Displays ARP table information for all VRF entries.

default

Displays ARP table information for the default VRF entry.

management

Displays ARP table information for the management VRF entry.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the global ARP statistics on virtual port channels (vPCs):

switch# show ip arp sync-entries
 

 
Related Commands

Command
Description

ip arp synchronize

Enables ARP synchronization on a vPC domain.

show running-config arp

Displays the running configuration information for ARP tables.

 

show ip dhcp snooping

To display general status information for Dynamic Host Configuration Protocol (DHCP) snooping, use the show ip dhcp snooping command.

show ip dhcp snooping

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display general status information about DHCP snooping:

switch# show ip dhcp snooping
DHCP snooping service is enabled
Switch DHCP snooping is enabled
DHCP snooping is configured on the following VLANs:
1,13
DHCP snooping is operational on the following VLANs:
1
Insertion of Option 82 is disabled
Verification of MAC address is enabled
DHCP snooping trust is configured on the following interfaces:
Interface Trusted
------------ -------
Ethernet2/3 Yes
 
switch#

 
Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration to the startup configuration.

ip dhcp snooping

Globally enables DHCP snooping on the device.

show ip dhcp snooping statistics

Displays DHCP snooping statistics.

show running-config dhcp

Displays the DHCP snooping configuration.

show ip dhcp snooping binding

To display IP-to-MAC address bindings for all interfaces or a specific interface, use the show ip dhcp snooping binding command.

show ip dhcp snooping binding [ IP-address ] [ MAC-address ] [ interface ethernet slot / port ] [ vlan vlan-id ]

show ip dhcp snooping binding [ dynamic ]

show ip dhcp snooping binding [ static ]

 
Syntax Description

IP-address

(Optional) IPv4 address that the bindings shown must include. Valid entries are in dotted-decimal format.

MAC-address

(Optional) MAC address that the bindings shown must include. Valid entries are in dotted-hexadecimal format.

interface ethernet slot / port

(Optional) Specifies the Ethernet interface that the bindings shown must be associated with. The slot number is from 1 to 255, and the port number is from 1 to 128.

vlan vlan-id

(Optional) Specifies a VLAN ID that the bindings shown must be associated with. Valid VLAN IDs are from 1 to 4094, except for the VLANs reserved for internal use.

Use a hyphen (-) to separate the beginning and ending IDs of a range of VLAN IDs; for example, 70-100.

Use a comma (,) to separate individual VLAN IDs and ranges of VLAN IDs; for example, 20,70-100,142.

dynamic

(Optional) Limits the output to all dynamic IP-MAC address bindings.

static

(Optional) Limits the output to all static IP-MAC address bindings.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

The binding interface includes static IP source entries. Static entries appear with the term “static” in the Type column.

Examples

This example shows how to show all bindings:

switch# show ip dhcp snooping binding
MacAddress IpAddress LeaseSec Type VLAN Interface
----------------- --------------- -------- ---------- ---- -------------
0f:00:60:b3:23:33 10.3.2.2 infinite static 13 Ethernet2/46
0f:00:60:b3:23:35 10.2.2.2 infinite static 100 Ethernet2/10
switch#
 

 
Related Commands

Command
Description

clear ip dhcp snooping binding

Clears the DHCP snooping binding database.

copy running-config startup-config

Copies the running configuration to the startup configuration.

ip dhcp snooping

Globally enables DHCP snooping on the device.

ip source binding

Creates a static IP source entry for a Layer 2 Ethernet interface.

show ip dhcp snooping statistics

Displays DHCP snooping statistics.

show running-config dhcp

Displays the DHCP snooping configuration, including the IP Source Guard configuration.

show ip dhcp snooping statistics

To display Dynamic Host Configuration Protocol (DHCP) snooping statistics, use the show ip dhcp snooping statistics command.

show ip dhcp snooping statistics

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display DHCP snooping statistics:

switch# show ip dhcp snooping statistics
Packets processed 61343
Packets received through cfsoe 0
Packets forwarded 0
Packets forwarded on cfsoe 0
Total packets dropped 61343
Packets dropped from untrusted ports 0
Packets dropped due to MAC address check failure 0
Packets dropped due to Option 82 insertion failure 0
Packets dropped due to o/p intf unknown 0
Packets dropped which were unknown 0
Packets dropped due to dhcp relay not enabled 0
Packets dropped due to no binding entry 0
Packets dropped due to interface error/no interface 61343
Packets dropped due to max hops exceeded 0
switch#
 

 
Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration to the startup configuration.

ip dhcp snooping

Globally enables DHCP snooping on the device.

show running-config dhcp

Displays the DHCP snooping configuration.

show ipv6 access-lists

To display all IPv6 access control lists (ACLs) or a specific IPv6 ACL, use the show ipv6 access-lists command.

show ipv6 access-lists [ access-list-name ] [ expanded | summary ]

 
Syntax Description

access-list-name

(Optional) Name of an IPv6 ACL, which can be up to 64 alphanumeric, case-sensitive characters.

expanded

(Optional) Specifies that the contents of IPv6 address groups or port groups show rather than the names of object groups only.

summary

(Optional) Specifies that the command displays information about the ACL rather than the ACL configuration. For more information, see the "Usage Guidelines" section.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

The device shows all IPv6 ACLs, unless you use the access-list-name argument to specify an ACL.

The summary keyword allows you to display information about the ACL rather than the ACL configuration. The information displayed includes the following:

  • Whether per-entry statistics is configured for the ACL.
  • The number of rules in the ACL configuration. This number does not reflect how many entries the ACL contains when the device applies it to an interface. If a rule in the ACL uses an object group, the number of entries in the ACL when it is applied may be much greater than the number of rules.
  • The interfaces that the ACL is applied to.
  • The interfaces that the ACL is active on.

The show ipv6 access-lists command displays statistics for each entry in an ACL if the following conditions are both true:

  • The ACL configuration contains the statistics per-entry command.
  • The ACL is applied to an interface that is administratively up.

Examples

This example shows how to display all IPv6 ACLs on a switch:

switch# show ipv6 access-lists

 
Related Commands

Command
Description

ipv6 access-list

Configures an IPv6 ACL.

show ip verify source

To display the IP Source Guard-enabled interfaces and the IP-to-MAC address bindings, use the show ip verify source command.

show ip verify source [ interface { ethernet slot / port | port-channel channel-number }]

 
Syntax Description

interface

(Optional) Specifies that the output is limited to IP-to-MAC address bindings for a particular interface.

ethernet slot / port

(Optional) Specifies that the output is limited to bindings for the Ethernet interface given. The slot number is from 1 to 255, and the port number is from 1 to 128.

port-channel channel-number

(Optional) Specifies that the output is limited to bindings for the port-channel interface given. Valid port-channel numbers are from 1 to 4096.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the IP Source Guard-enabled interfaces and the IP-to-MAC address bindings on the switch:

switch# show ip verify source
IP source guard is enabled on the following interfaces:
------------------------------------------------------
Ethernet1/2
Ethernet1/5
 
 
IP source guard operational entries:
-----------------------------------
Interface Filter-mode IP-address Mac-address Vlan
------------ ----------- ---------- -------------- ----
Ethernet1/2 inactive-no-snoop-vlan
Ethernet1/5 inactive-no-snoop-vlan
switch#
 

 
Related Commands

Command
Description

ip source binding

Creates a static IP source entry for the specified Ethernet interface.

ip verify source dhcp-snooping-vlan

Enables IP Source Guard on an interface.

show running-config dhcp

Displays DHCP snooping configuration, including the IP Source Guard configuration.

show ipv6 dhcp-ldra

To display configuration details and statistics for the Lightweight DHCPv6 Relay Agent (LDRA), use the show ipv6 dhcp-ldra command.

show ipv6 dhcp-ldra [statistics [vlan vlan-id | interface interface-id]]

 
Syntax Description

statistics

(Optional) Displays LDRA-related statistics.

vlan vlan-id

(Optional) Specifies the VLAN ID

interface interface-id

(Optional) Specifies the interface.

 
Defaults

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

7.3(0)N1(1)

This command was introduced.

 
Usage Guidelines

To use this command, you must enable the LDRA feature by using the ipv6 dhcp ldra command.

Examples

This example shows how to enable the LDRA feature on the specified interface:

 
switch(config)# ipv6 dhcp ldra
switch(config)# show ipv6 dhcp-ldra
 
DHCPv6 LDRA is Enabled.
 
 
DHCPv6 LDRA policy: client-facing-trusted
Target: Ethernet1/1
 
DHCPv6 LDRA policy: client-facing-untrusted
Target: vlan 102 vlan 103
 
DHCPv6 LDRA policy: server-facing
Target: port-channel101
switch(config)# show ipv6 dhcp-ldra statistics
 
PACKET STATS:
---------------------------------------------------------
Message Type Rx Tx Drops |
---------------------------------------------------------
SOLICIT 0 0 0 |
ADVERTISE 0 0 0 |
REQUEST 0 0 0 |
CONFIRM 0 0 0 |
RENEW 0 0 0 |
REBIND 0 0 0 |
REPLY 0 0 0 |
RELEASE 0 0 0 |
DECLINE 0 0 0 |
RECONFIGURE 0 0 0 |
INFORMATION_REQUEST 0 0 0 |
RELAY_FORWARD 0 0 0 |
RELAY_REPLY 0 0 0 |
---------------------------------------------------------
Total 0 0 0 |
---------------------------------------------------------
 
CFS STATS:
---------------------------------------------------------
Message Type Rx Tx Drops |
---------------------------------------------------------
SOLICIT 0 0 0 |
ADVERTISE 0 0 0 |
REQUEST 0 0 0 |
CONFIRM 0 0 0 |
RENEW 0 0 0 |
REBIND 0 0 0 |
REPLY 0 0 0 |
RELEASE 0 0 0 |
DECLINE 0 0 0 |
RECONFIGURE 0 0 0 |
INFORMATION_REQUEST 0 0 0 |
RELAY_FORWARD 0 0 0 |
RELAY_REPLY 0 0 0 |
---------------------------------------------------------
Total 0 0 0 |
---------------------------------------------------------
Non-DHCPv6 LDRA Packets:
---------------------------------------------------------
Total Packets Received: 0
Total Packets Forwarded: 0
Total Packets Dropped: 0
 
---------------------------------------------------------
DHCPv6 LDRA DROPS
---------------------------------------------------------
Invalid Message Type: 0
Max hops exceeded: 0
Relay Forward Received on Untrusted port: 0
Packet received over MCT: 0
Invalid Message Type on Client facing port: 0
No Server Port Present: 0
 
 

 

 
Related Commands

Command
Description

ipv6 dhcp ldra

Enables the LDRA feature.

 

show mac access-lists

To display all Media Access Control (MAC) access control lists (ACLs) or a specific MAC ACL, use the show mac access-lists command.

show mac access-lists [ access-list-name ]

 
Syntax Description

access-list-name

(Optional) Name of a MAC ACL, which can be up to 64 alphanumeric, case-sensitive characters.

 
Command Default

The switch shows all MAC ACLs unless you use the access-list-name argument to specify an ACL.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display all MAC ACLs on the switch:

switch# show mac access-lists
 
MAC access list acl-mac
10 permit any any
MAC access list test
statistics per-entry
10 deny 0000.1111.2222 0000.0000.0000 0000.1111.3333 ffff.0000.0000
switch#
 

 
Related Commands

Command
Description

mac access-list

Configures a MAC ACL.

show access-lists

Displays all ACLs or a specific ACL.

show ip access-lists

Displays all IPv4 ACLs or a specific IPv4 ACL.

show platform afm info sup-tcam monitoring info

To display details about supervisor-region Ternary Content-Addressable Memory (TCAM) monitoring, use the show platform afm info sup-tcam monitoring info command.

show platform afm info sup-tcam monitoring info

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

7.1(4)N1(1)

This command was introduced.

 
Usage Guidelines

This command does not require a license.

Examples

This example shows how to display details about sup-region TCAM monitoring:

switch# show platform afm info sup-tcam monitoring info
SUP TCAM Monitoring Info
========================
Periodic Monitoring Status : Enabled
Timer expiry : 1440 minutes
Number of iterations run : 1
Last iteration run at : Mon Aug 22 15:23:28 2016
 
SUP TCAM corruption detected : NO
Feasibility : Feasible
DB Restore status : Not restored

 
Related Commands

Command
Description

show platform afm info tcam access stats

Displays write access statistics per TCAM entry per ASIC per slot, along with the number of writes, clears and timestamps of the writes and clears since the previous switch reload.

show platform afm info tcam access stats

To display write access statistics per Ternary Content-Addressable Memory (TCAM) entry per ASIC per slot, along with the number of writes, clears and timestamps of the writes and clears since the previous switch reload, use the show platform afm info tcam access stats command.

show platform afm info tcam access stats [ASIC-ID]

 
Syntax Description

ASIC-ID

(Optional) Global ASIC-ID. The range is from 0 to 64.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

7.1(4)N1(1)

This command was introduced.

 
Usage Guidelines

This command does not require a license.

Examples

This example shows how to display write access statistics per TCAM entry per ASIC per slot, along with the number of writes, clears and timestamps of the writes and clears since the previous switch reload:

switch# show platform afm info tcam access stats 2
Slot/Asic TCAM Index Writes Clears Corrupt Last Operation Timestamp
==================================================================================
0/2 2 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 1026 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 1030 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2168 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2171 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2172 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2173 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2174 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2178 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2180 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2181 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2182 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2183 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2184 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2186 1 0 NO Write Sun Feb 25 12:31:51 2001
0/2 2188 1 0 NO Write Sun Feb 25 12:31:51 2001
 

 
Related Commands

Command
Description

show platform afm info sup-tcam monitoring info

Displays details about supervisor-region TCAM monitoring.

show privilege

To show the current privilege level, username, and status of cumulative privilege support, use the show privileg e command.

show privilege

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

When the feature privilege command is enabled, privilege roles inherit the permissions of lower level privilege roles.

Examples

This example shows how to view the current privilege level, username, and status of cumulative privilege support:

switch# show privilege
User name: admin
Current privilege level: -1
Feature privilege: Enabled
switch#
 

 
Related Commands

Command
Description

enable

Enables a user to move to a higher privilege level.

enable secret priv-lvl

Enables a secret password for a specific privilege level.

feature privilege

Enables the cumulative privilege of roles for command authorization on RADIUS and TACACS+ servers.

username

Enables a user to use privilege levels for authorization.

show radius-server

To display RADIUS server information, use the show radius-server command.

show radius-server [ hostname | ipv4-address | ipv6-address ] [ directed-request | groups [ group-name ] | sorted | statistics hostname | ipv4-address | ipv6-address ]

 
Syntax Description

hostname

(Optional) RADIUS server Domain Name Server (DNS) name. The name is alphanumeric, case sensitive, and has a maximum of 256 characters.

ipv4-address

(Optional) RADIUS server IPv4 address in the A. B. C. D format.

ipv6-address

(Optional) RADIUS server IPv6 address in the X : X :: X : X format.

directed-request

(Optional) Displays the directed request configuration.

groups [ group-name ]

(Optional) Displays information about the configured RADIUS server groups. Supply a group-name to display information about a specific RADIUS server group.

sorted

(Optional) Displays sorted-by-name information about the RADIUS servers.

statistics

(Optional) Displays RADIUS statistics for the RADIUS servers. A hostname or IP address is required.

 
Command Default

Displays the global RADIUS server configuration.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

RADIUS preshared keys are not visible in the show radius-server command output. Use the show running-config radius command to display the RADIUS preshared keys.

Examples

This example shows how to display information for all RADIUS servers:

switch# show radius-server
retransmission count:1
timeout value:5
deadtime value:0
source interface:any available
total number of servers:1
 
following RADIUS servers are configured:
192.168.1.1:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
switch#
 

This example shows how to display information for a specified RADIUS server:

switch# show radius-server 192.168.1.1
192.168.1.1:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
idle time:0
test user:test
test password:********
switch#
 

This example shows how to display the RADIUS directed request configuration:

switch# show radius-server directed-request
disabled
switch#
 

This example shows how to display information for RADIUS server groups:

switch# show radius-server groups
total number of groups:2
 
following RADIUS server groups are configured:
group radius:
server: all configured radius servers
deadtime is 0
group RadServer:
server: 192.168.1.1 on auth-port 1812, acct-port 1813
deadtime is 0
switch#
 

This example shows how to display information for a specified RADIUS server group:

switch# show radius-server groups RadServer
group RadServer:
server: 10.193.128.5 on auth-port 1812, acct-port 1813
deadtime is 0
switch#
 

This example shows how to display sorted information for all RADIUS servers:

switch# show radius-server sorted
timeout value:5
retransmission count:1
deadtime value:0
source interface:any available
total number of servers:1
 
following RADIUS servers are configured:
192.168.1.1:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
switch#
 

This example shows how to display statistics for a specified RADIUS servers:

switch# show radius-server statistics 192.168.1.1
Server is not monitored
 
Authentication Statistics
failed transactions: 0
sucessfull transactions: 0
requests sent: 0
requests timed out: 0
responses with no matching requests: 0
responses not processed: 0
responses containing errors: 0
 
Accounting Statistics
failed transactions: 0
sucessfull transactions: 0
requests sent: 0
requests timed out: 0
responses with no matching requests: 0
responses not processed: 0
responses containing errors: 0
switch#
 

 
Related Commands

Command
Description

show running-config radius

Displays the RADIUS information in the running configuration file.

show role

To display the user role configuration, use the show role command.

show role [ name role-name ]

 
Syntax Description

name role-name

(Optional) Displays information for a specific user role name.

 
Command Default

Displays information for all user roles.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display information for a specific user role:

switch# show role name MyRole
 
Role: MyRole
Description: new role
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 deny command pwd
switch#
 

This example shows how to display information for all user roles:

switch# show role
 

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

switch# show role
 
Role: network-admin
Description: Predefined network admin role has access to all commands
on the switch
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
 
Role: network-operator
Description: Predefined network operator role has access to all read
commands on the switch
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read
 
Role: vdc-admin
Description: Predefined vdc admin role has access to all commands within
a VDC instance
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
 
Role: vdc-operator
Description: Predefined vdc operator role has access to all read commands
within a VDC instance
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read
 
Role: priv-14
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
 
Role: priv-13
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-12
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-11
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-10
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-9
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-8
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-7
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-6
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-5
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-4
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-3
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-2
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-1
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
 
Role: priv-0
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
10 permit command traceroute6 *
9 permit command traceroute *
8 permit command telnet6 *
7 permit command telnet *
6 permit command ping6 *
5 permit command ping *
4 permit command ssh6 *
3 permit command ssh *
2 permit command enable *
 
Role: default-role
Description: This is a system defined role and applies to all users.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
5 permit command feature environment
4 permit command feature hardware
3 permit command feature module
2 permit command feature snmp
1 permit command feature system
 
Role: priv-15
Description: This is a system defined privilege role.
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
 
Role: MyRole
Description: new role
vsan policy: permit (default)
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 deny command pwd
switch#
 

 
Related Commands

Command
Description

role name

Configures user roles.

show role feature

To display the user role features, use the show role feature command.

show role feature [ detail | name feature-name ]

 
Syntax Description

detail

(Optional) Displays detailed information for all features.

name feature-name

(Optional) Displays detailed information for a specific feature. The name can be a maximum of 16 alphanumeric characters and is case sensitive.

 
Command Default

Displays a list of user role feature names.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the user role features:

switch# show role feature
 

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

aaa (AAA service related commands)
arp (ARP protocol related commands)
cdp (Cisco Discovery Protocol related commands)
l3vm (Layer 3 virtualization related commands)
ping (Network reachability test commands)
snmp (SNMP related commands)
radius (Radius configuration and show commands)
syslog (Syslog related commands)
tacacs (TACACS configuration and show commands)
install (Software install related commands)
license (License related commands)
callhome (Callhome configuration and show commands)
platform (Platform configuration and show commands)
access-list (IP access list related commands)
svi (Interface VLAN related commands)
vlan (Virtual LAN related commands)
eth-span (Ethernet SPAN related commands)
ethanalyzer (Ethernet Analyzer)
spanning-tree (Spanning Tree protocol related commands)
acl (FC ACL related commands)
sfm (ISCSI flow related commands)
fcns (Fibre Channel Name Server related commands)
fcsp (Fibre Channel Security Protocol related commands)
fdmi (FDMI related commands)
fspf (Fabric Shortest Path First protocol related commands)
rlir (Registered Link Incident Report related commands)
rscn (Registered State Change Notification related commands)
span (SPAN session relate commands)
vsan (VSAN configuration and show commands)
wwnm (WorldWide Name related commands)
zone (Zone related commands)
fcanalyzer (FC analyzer related commands)
switch#
 

This example shows how to display detailed information all the user role features:

switch# show role feature detail
 

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

aaa (AAA service related commands)
show aaa *
config t ; aaa *
aaa *
clear aaa *
debug aaa *
show accounting *
config t ; accounting *
accounting *
clear accounting *
debug accounting *
arp (ARP protocol related commands)
show ip arp *
config t; ip arp *
clear ip arp *
debug ip arp *
debug-filter ip arp *
cdp (Cisco Discovery Protocol related commands)
show cdp *
config t ; cdp *
cdp *
clear cdp *
debug cdp *
l3vm (Layer 3 virtualization related commands)
show vrf *
config t ; vrf *
routing-context vrf *
ping (Network reachability test commands)
show ping *
config t ; ping *
ping *
clear ping *
debug ping *
show ping6 *
config t ; ping6 *
ping6 *
clear ping6 *
debug ping6 *
show traceroute *
config t ; traceroute *
--More--
switch#
 

This example shows how to display detailed information for a specific user role feature named arp:

switch# show role feature name arp
 

In Cisco NX-OS Release 5.0(2)N1(1), this command displays the following output:

arp (ARP protocol related commands)
show ip arp *
config t; ip arp *
clear ip arp *
debug ip arp *
debug-filter ip arp *
switch#
 

 
Related Commands

Command
Description

role feature-group

Configures feature groups for user roles.

rule

Configures rules for user roles.

show role feature-group

To display the user role feature groups, use the show role feature-group command.

show role feature-group [ detail | name group-name ]

 
Syntax Description

detail

(Optional) Displays detailed information for all feature groups.

name group-name

(Optional) Displays detailed information for a specific feature group.

 
Command Default

Displays a list of user role feature groups.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the user role feature groups:

switch# show role feature-group
 

This example shows how to display detailed information about all the user role feature groups:

switch# show role feature-group detail
 

This example shows how to display information for a specific user role feature group:

switch# show role feature-group name SecGroup
 

 
Related Commands

Command
Description

role feature-group

Configures feature groups for user roles.

rule

Configures rules for user roles.

show rollback log

To display the log of configuration rollbacks on the switch, use the show rollback log command.

show rollback log { exec | verify }

 
Syntax Description

exec

Displays the rollback execution log.

verify

Displays the rollback verify log.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

If the rollback log is empty, the following message appears:

ERROR: Log Not Available
 

Examples

This example shows how to display the rollback execution log:

switch# show rolback log exec
--------------------------------------------------------------------------------
time: Mon, 06:16:02 06 Sep 2010
Status: success
--------------------------------------------------------------------------------
time: Mon, 07:58:36 06 Sep 2010
Status: success
--------------------------------------------------------------------------------
time: Mon, 09:48:58 06 Sep 2010
Status: success
switch#
 

This example shows how to display the rollback verification log:

switch# show rollback log verify
--------------------------------------------------------------------------------
time: Mon, 09:48:56 06 Sep 2010
Status: success
--------------------------------------------------------------------------------
time: Mon, 09:48:58 06 Sep 2010
Status: success
switch#
 

 
Related Commands

Command
Description

rollback

Restores the active configuration to the checkpoint state.

show running-config aaa

To display authentication, authorization, and accounting (AAA) configuration information in the running configuration, use the show running-config aaa command.

show running-config aaa [ all ]

 
Syntax Description

all

(Optional) Displays configured and default information.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the configured AAA information in the running configuration:

switch# show running-config aaa
 

 
Related Commands

Command
Description

aaa accounting default

Configures AAA methods for accounting.

aaa authentication login console

Configures AAA authentication methods for console login.

aaa authentication login default

Configures the default AAA authentication methods.

aaa authentication login error-enable

Configures the AAA authentication failure message to display on the console.

aaa authorization commands default

Configures default AAA authorization methods.

aaa authorization config-commands default

Configures the default AAA authorization methods for all configuration commands.

aaa group server radius

Creates a RADIUS server group.

aaa user default-role

Enables the default role assigned by the AAA server administrator for remote authentication.

show running-config aclmgr

To display the access control list (ACL) configuration in the running configuration, use the show running-config aclmgr command.

show running-config aclmgr [ all ]

 
Syntax Description

all

(Optional) Displays configured and default information.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the ACL running configuration:

switch# show running-config aclmgr
 
!Command: show running-config aclmgr
!Time: Tue Aug 31 05:01:56 2010
 
version 5.0(2)N1(1)
ip access-list BulkData
10 deny ip any any
ip access-list CriticalData
10 deny ip any any
ip access-list Scavenger
10 deny ip any any
mac access-list acl-mac
10 permit any any
ip access-list denyv4
20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments
30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400
40 permit icmp any any router-advertisement
60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn
70 permit igmp any any host-report
80 deny tcp any any rst
90 deny tcp any any ack
100 permit tcp any any fin
110 permit tcp any gt 300 any lt 400
130 deny tcp any range 200 300 any lt 600
140 deny tcp any range 200 300 any lt 600
ip access-list dot
statistics per-entry
10 permit ip 20.1.1.1 255.255.255.0 20.10.1.1 255.255.255.0 precedence flash-o
verride
:
<snip>
:
vlan access-map vacl-mac
match mac address acl-mac
action forward
statistics per-entry
vlan filter vacl-mac vlan-list 300
 
interface Ethernet1/1
ipv6 port traffic-filter denv6 in
 
interface Ethernet1/2
ip port access-group voice in
 
interface Ethernet1/9
ipv6 port traffic-filter denv6 in
 
interface Ethernet1/10
ipv6 port traffic-filter denv6 in
 
line vty
access-class myACList in
access-class myACList out
ipv6 access-class myI6List out
 
switch#
 

This example shows how to display only the VTY running configuration:

switch# show running-config aclmgr | begin vty
line vty
access-class myACList in
access-class myACList out
ipv6 access-class myI6List out
 
switch#
 

 
Related Commands

Command
Description

access-class

Configures access classes for VTY.

copy running-config startup-config

Copies the running configuration to the startup configuration file.

ip access-class

Configures IPv4 access classes for VTY.

ipv6 access-class

Configures IPv6 access classes for VTY.

show startup-config aclmgr

Displays the ACL startup configuration.

show running-config arp

To display the Address Resolution Protocol (ARP) configuration in the running configuration, use the show running-config arp command.

show running-config arp [ all ]

 
Syntax Description

all

(Optional) Displays configured and default information.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the ARP configuration:

switch# show running-config arp
 
!Command: show running-config arp
!Time: Mon Aug 23 07:33:15 2010
 
version 5.0(2)N1(1)
ip arp timeout 2100
ip arp event-history errors size medium
 
interface Vlan10
ip arp 10.193.131.37 00C0.4F00.0000
 
switch#
 

This example shows how to display the ARP configuration with the default information:

switch# show running-config arp all
 
!Command: show running-config arp all
!Time: Mon Aug 23 07:33:52 2010
 
version 5.0(2)N1(1)
ip arp timeout 1500
ip arp event-history cli size small
ip arp event-history snmp size small
ip arp event-history client-errors size small
ip arp event-history client-event size small
ip arp event-history lcache-errors size small
ip arp event-history lcache size small
ip arp event-history errors size small
ip arp event-history ha size small
ip arp event-history event size small
ip arp event-history packet size small
 
interface Vlan10
ip arp 10.193.131.37 00C0.4F00.0000
ip arp gratuitous update
ip arp gratuitous request
 
switch#
 

 
Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration to the startup configuration file.

ip arp event-history errors

Logs ARP debug events into the event history buffer.

ip arp timeout

Configures an ARP timeout.

ip arp inspection

Displays general information about DHCP snooping.

show startup-config arp

Displays the ARP startup configuration.

show running-config dhcp

To display the Dynamic Host Configuration Protocol (DHCP) snooping configuration in the running configuration, use the show running-config dhcp command.

show running-config dhcp [ all ]

 
Syntax Description

all

(Optional) Displays configured and default information.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

To use this command, you must enable the DHCP snooping feature using the feature dhcp command.

Examples

This example shows how to display the DHCP snooping configuration:

switch# show running-config dhcp
 
!Command: show running-config dhcp
!Time: Mon Aug 23 09:09:11 2010
 
version 5.0(2)N1(1)
feature dhcp
 
ip dhcp snooping
ip dhcp snooping information option
service dhcp
ip dhcp relay
ip dhcp relay information option
 
ip arp inspection filter arp-acl-01 vlan 15,37-48
 
switch#
 

This example shows how to display the DHCP snooping configuration with the default information:

switch# show running-config dhcp all
 
!Command: show running-config dhcp all
!Time: Mon Aug 23 09:10:11 2010
 
version 5.0(2)N1(1)
feature dhcp
 
ip dhcp snooping
ip dhcp snooping information option
ip dhcp snooping verify mac-address
service dhcp
ip dhcp relay
ip dhcp relay information option
no ip dhcp relay sub-option type cisco
no ip dhcp relay information option vpn
no ip arp inspection validate src-mac dst-mac ip
ip arp inspection log-buffer entries 32
no ip dhcp packet strict-validation
 
 
interface port-channel23
no ip dhcp snooping trust
no ip arp inspection trust
no ip verify source dhcp-snooping-vlan
 
interface port-channel67
no ip dhcp snooping trust
no ip arp inspection trust
no ip verify source dhcp-snooping-vlan
 
interface port-channel150
no ip dhcp snooping trust
no ip arp inspection trust
no ip verify source dhcp-snooping-vlan
 
interface port-channel400
no ip dhcp snooping trust
no ip arp inspection trust
no ip verify source dhcp-snooping-vlan
 
<--output truncated-->
switch#
 

This example shows how to display the DHCP snooping configuration and the IP Source Guard information on a switch that runs Cisco NX-OS Release 5.0(3)N1(1):

switch# show running-config dhcp
 
!Command: show running-config dhcp
!Time: Sat Apr 19 06:18:33 2008
 
version 5.0(3)N1(1)
feature dhcp
 
ip dhcp snooping
ip dhcp snooping information option
 
 
interface Ethernet1/2
ip dhcp snooping trust
ip verify source dhcp-snooping-vlan
 
interface Ethernet1/5
ip verify source dhcp-snooping-vlan
ip source binding 10.0.0.7 002f.23bd.0014 vlan 5 interface Ethernet1/2
ip source binding 10.5.22.7 001f.28bd.0013 vlan 100 interface Ethernet1/5
 
 
switch#
 

 
Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration to the startup configuration.

feature dhcp

Enables the DHCP snooping feature on the device.

ip dhcp snooping

Globally enables DHCP snooping on the device.

ip verify source

Enables IP Source Guard on a Layer 2 interface.

show ip dhcp snooping

Displays general information about DHCP snooping.

show ip verify source

Displays the IP-MAC address bindings.

show startup-config dhcp

Displays the DHCP startup configuration.

show running-config radius

To display RADIUS server information in the running configuration, use the show running-config radius command.

show running-config radius [ all ]

 
Syntax Description

all

(Optional) Displays default RADIUS configuration information.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display information for RADIUS in the running configuration:

switch# show running-config radius
 

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

 
!Command: show running-config radius
!Time: Wed Aug 25 10:25:41 2010
 
version 5.0(2)N1(1)
radius-server host 192.168.1.1 key 7 "KkwyCet" authentication accounting
aaa group server radius r1
server 192.168.1.1
 
 
switch#
 

 
Related Commands

Command
Description

show radius-server

Displays RADIUS information.

show running-config security

To display user account, Secure Shell (SSH) server, and Telnet server information in the running configuration, use the show running-config security command.

show running-config security [ all ]

 
Syntax Description

all

(Optional) Displays default user account, SSH server, and Telnet server configuration information.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display user account, SSH server, and Telnet server information in the running configuration:

switch# show running-config security
 

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

 
!Command: show running-config security
!Time: Wed Aug 25 10:27:20 2010
 
version 5.0(2)N1(1)
feature telnet
 
username admin password 5 $1$eKzwPRms$5QB0PxpkXdp6ZKkME/vSS1 role network-admin
username praveena password 5 $1$9w6ZnM/R$Pg5OfsV/vkOaAGW.f.RyP. role network-op
erator
username install password 5 ! role network-admin
username user1 password 5 ! role priv-5
no password strength-check
 
 
switch#
 

 
Related Commands

Command
Description

ssh

Creates a Secure Shell (SSH) connection using IPv4.

ssh6

Creates a Secure Shell (SSH) connection using IPv6.

telnet

Creates a Telnet session using IPv4.

telnet6

Creates a Telnet session using IPv6.

username

Configures a user account.

show ssh key

To display the Secure Shell (SSH) server key, use the show ssh key command.

show ssh key

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

This command is available only when SSH is enabled using the ssh server enable command.

Examples

This example shows how to display the SSH server key:

switch# show ssh key
 

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

**************************************
rsa Keys generated:Mon Aug 2 22:49:27 2010
 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0iACA1fHAeIaY6PD5fSBLqGX3MIn+k72qhdvLNib7dL7
8CRQVS1AlQiDDTrvyIfRZ5yHMDQndvcmRfkJzluSCW2FP8vokZ66aXFk8TBTFc5Bn3NUiUyPZyhPtFD2
LaHBCkxl0MxEP+nmPJ6Qf6mBzZVAIdLw8Nd64ZwqVHHjeFc=
 
bitcount:1024
fingerprint:
bb:bf:a4:c0:22:3b:70:15:e4:2b:2b:bb:08:41:82:d4
**************************************
could not retrieve dsa key information
**************************************
switch#
 

 
Related Commands

Command
Description

ssh server key

Configures the SSH server key.

show ssh server

To display the Secure Shell (SSH) server status, use the show ssh server command.

show ssh server

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the SSH server status:

switch# show ssh server
ssh version 2 is enabled
switch#
 

 
Related Commands

Command
Description

ssh server enable

Enables the SSH server.

show startup-config aaa

To display authentication, authorization, and accounting (AAA) configuration information in the startup configuration, use the show startup-config aaa command.

show startup-config aaa

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the AAA information in the startup configuration:

switch# show startup-config aaa
 

 
Related Commands

Command
Description

show running-config aaa

Displays AAA configuration information in the running configuration.

show startup-config aclmgr

To display the access control list (ACL) configuration in the startup configuration, use the show startup-config aclmgr command.

show startup-config aclmgr [ all ]

 
Syntax Description

all

(Optional) Displays configured and default information.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the ACL startup configuration:

switch# show startup-config aclmgr
 
!Command: show startup-config aclmgr
!Time: Tue Aug 31 05:01:58 2010
 
version 5.0(2)N1(1)
ip access-list BulkData
10 deny ip any any
ip access-list CriticalData
10 deny ip any any
ip access-list Scavenger
10 deny ip any any
mac access-list acl-mac
10 permit any any
ip access-list denyv4
20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments
30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400
40 permit icmp any any router-advertisement
60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn
70 permit igmp any any host-report
80 deny tcp any any rst
90 deny tcp any any ack
100 permit tcp any any fin
110 permit tcp any gt 300 any lt 400
130 deny tcp any range 200 300 any lt 600
140 deny tcp any range 200 300 any lt 600
:
<snip>
:
vlan access-map vacl-mac
match mac address acl-mac
action forward
statistics per-entry
vlan filter vacl-mac vlan-list 300
 
interface Ethernet1/1
ipv6 port traffic-filter denv6 in
 
interface Ethernet1/2
ip port access-group voice in
 
interface Ethernet1/9
ipv6 port traffic-filter denv6 in
 
interface Ethernet1/10
ipv6 port traffic-filter denv6 in
 
line vty
access-class myACList in
access-class myACList out
ipv6 access-class myI6List out
 
switch#
 

This example shows how to display only the VTY startup configuration:

switch# show startup-config aclmgr | begin vty
line vty
access-class myACList in
access-class myACList out
ipv6 access-class myI6List out
 
switch#
 

 
Related Commands

Command
Description

access-class

Configures access classes for VTY.

copy running-config startup-config

Copies the running configuration to the startup configuration file.

ip access-class

Configures IPv4 access classes for VTY.

ipv6 access-class

Configures IPv6 access classes for VTY.

show running-config aclmgr

Displays the ACL running configuration.

show startup-config arp

To display the Address Resolution Protocol (ARP) configuration in the startup configuration, use the show startup-config arp command.

show startup-config arp [ all ]

 
Syntax Description

all

(Optional) Displays configured and default information.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the ARP startup configuration:

switch# show startup-config arp
 
!Command: show running-config arp
!Time: Mon Aug 23 07:33:15 2010
 
version 5.0(2)N1(1)
ip arp timeout 2100
ip arp event-history errors size medium
 
interface Vlan10
ip arp 10.193.131.37 00C0.4F00.0000
 
switch#
 

 
Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration to the startup configuration file.

ip arp event-history errors

Logs ARP debug events into the event history buffer.

ip arp timeout

Configures an ARP timeout.

ip arp inspection

Displays general information about DHCP snooping.

show running-config arp

Displays the ARP running configuration.

show startup-config dhcp

To display the Dynamic Host Configuration Protocol (DHCP) snooping configuration in the startup configuration, use the show running-config dhcp command.

show running-config dhcp [ all ]

 
Syntax Description

all

(Optional) Displays configured and default information.

 
Command Default

None

 
Command Modes

Any command mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

To use this command, you must enable the DHCP snooping feature using the feature dhcp command.

Examples

This example shows how to display the DHCP snooping configuration in the startup configuration file:

switch# show startup-config dhcp
 
!Command: show startup-config dhcp
!Time: Mon Aug 23 09:09:14 2010
 
version 5.0(2)N1(1)
feature dhcp
 
ip dhcp snooping
ip dhcp snooping information option
service dhcp
ip dhcp relay
ip dhcp relay information option
 
ip arp inspection filter arp-acl-01 vlan 15,37-48
 
switch#
 

 
Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration to the startup configuration.

feature dhcp

Enables the DHCP snooping feature on the device.

show running-config dhcp

Displays the DHCP running configuration.

show startup-config radius

To display RADIUS configuration information in the startup configuration, use the show startup-config radius command.

show startup-config radius

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the RADIUS information in the startup configuration:

switch# show startup-config radius
 

 
Related Commands

Command
Description

show running-config radius

Displays RADIUS server information in the running configuration.

show startup-config security

To display user account, Secure Shell (SSH) server, and Telnet server configuration information in the startup configuration, use the show startup-config security command.

show startup-config security

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the user account, SSH server, and Telnet server information in the startup configuration:

switch# show startup-config security
 

 
Related Commands

Command
Description

show running-config security

Displays user account, Secure Shell (SSH) server, and Telnet server information in the running configuration.

show tacacs-server

To display TACACS+ server information, use the show tacacs-server command.

show tacacs-server [ hostname | ip4-address | ip6-address ] [ directed-request | groups | sorted | statistics ]

 
Syntax Description

hostname

(Optional) TACACS+ server Domain Name Server (DNS) name. The maximum character size is 256.

ipv4-address

(Optional) TACACS+ server IPv4 address in the A. B. C. D format.

ipv6-address

(Optional) TACACS+ server IPv6 address in the X : X : X :: X format.

directed-request

(Optional) Displays the directed request configuration.

groups

(Optional) Displays information about the configured TACACS+ server groups.

sorted

(Optional) Displays sorted-by-name information about the TACACS+ servers.

statistics

(Optional) Displays TACACS+ statistics for the TACACS+ servers.

 
Command Default

Displays the global TACACS+ server configuration.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

TACACS+ preshared keys are not visible in the show tacacs-server command output. Use the show running-config tacacs+ command to display the TACACS+ preshared keys.

You must use the feature tacacs+ command before you can display TACACS+ information.

Examples

This example shows how to display information for all TACACS+ servers:

switch# show tacacs-server
 

This example shows how to display information for a specified TACACS+ server:

switch# show tacacs-server 192.168.2.2
 

This example shows how to display the TACACS+ directed request configuration:

switch# show tacacs-server directed-request
 

This example shows how to display information for TACACS+ server groups:

switch# show tacacs-server groups
 

This example shows how to display information for a specified TACACS+ server group:

switch# show tacacs-server groups TacServer
 

This example shows how to display sorted information for all TACACS+ servers:

switch# show tacacs-server sorted
 

This example shows how to display statistics for a specified TACACS+ server:

switch# show tacacs-server statistics 192.168.2.2
 

 
Related Commands

Command
Description

show running-config tacacs+

Displays the TACACS+ information in the running configuration file.

show telnet server

To display the Telnet server status, use the show telnet server command.

show telnet server

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display the Telnet server status:

switch# show telnet server
 

 
Related Commands

Command
Description

telnet server enable

Enables the Telnet server.

show user-account

To display information about the user accounts on the switch, use the show user-account command.

show user-account [ name ]

 
Syntax Description

name

(Optional) Information about the specified user account only.

 
Command Default

Displays information about all the user accounts defined on the switch.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display information about all the user accounts defined on the switch:

switch# show user-account
 
user:admin
this user account has no expiry date
roles:network-admin
user:mable
this user account has no expiry date
roles:network-operator
user:install
this user account has no expiry date
roles:network-admin
no password set. Local login not allowed
Remote login through RADIUS/TACACS+ is possible
user:user1
this user account has no expiry date
roles:priv-5
no password set. Local login not allowed
Remote login through RADIUS/TACACS+ is possible
switch#
 

This example shows how to display information about a specific user account:

switch# show user-account admin
user:admin
this user account has no expiry date
roles:network-admin
switch#
 

 
Related Commands

Command
Description

username

Configures a user account.

show users

To display the users currently logged on the switch, use the show users command.

show users

 
Syntax Description

This command has no arguments or keywords.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display all the users currently logged on the switch:

switch# show users
NAME LINE TIME IDLE PID COMMENT
admin ttyS0 Aug 24 22:19 10:41 4681
admin pts/0 Aug 25 03:39. 8890 (72.163.177.191) *
switch#
 

 
Related Commands

Command
Description

clear user

Logs out a specific user.

username

Creates and configures a user account.

show vlan access-list

To display the contents of the IPv4 access control list (ACL) or MAC ACL associated with a specific VLAN access map, use the show vlan access-list command.

show vlan access-list map-name

 
Syntax Description

map-name

VLAN access list to show.

 
Command Default

None

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

For the specified VLAN access map, the switch displays the access map name and the contents of the ACL associated with the map.

Examples

This example shows how to display the contents of the ACL associated with the specified VLAN access map:

switch# show vlan access-list vlan1map
 

 
Related Commands

Command
Description

ip access-list

Creates or configures an IPv4 ACL.

mac access-list

Creates or configures a MAC ACL.

show access-lists

Displays information about how a VLAN access map is applied.

show ip access-lists

Displays all IPv4 ACLs or a specific IPv4 ACL.

show mac access-lists

Displays all MAC ACLs or a specific MAC ACL.

vlan access-map

Configures a VLAN access map.

 

show vlan access-map

To display all VLAN access maps or a VLAN access map, use the show vlan access-map command.

show vlan access-map [ map-name ]

 
Syntax Description

map-name

(Optional) VLAN access map to show.

 
Command Default

The switch shows all VLAN access maps, unless you use the map-name argument to select a specific access map.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

 
Usage Guidelines

For each VLAN access map displayed, the switch shows the access map name, the ACL specified by the match command, and the action specified by the action command.

Use the show vlan filter command to see which VLANs have a VLAN access map applied to them.

Examples

This example shows how to display a specific VLAN access map:

switch# show vlan access-map vlan1map
 

This example shows how to display all VLAN access maps:

switch# show vlan access-map
Vlan access-map vacl-mac
match mac: acl-mac
action: forward
statistics per-entry
 
switch#
 

 
Related Commands

Command
Description

action

Specifies an action for traffic filtering in a VLAN access map.

match

Specifies an ACL for traffic filtering in a VLAN access map.

show vlan filter

Displays information about how a VLAN access map is applied.

vlan access-map

Configures a VLAN access map.

vlan filter

Applies a VLAN access map to one or more VLANs.

show vlan filter

To display information about instances of the vlan filter command, including the VLAN access map and the VLAN IDs affected by the command, use the show vlan filter command.

show vlan filter [ access-map map-name | vlan vlan-id ]

 
Syntax Description

access-map map-name

(Optional) Limits the output to VLANs that the specified access map is applied to.

vlan vlan-id

(Optional) Limits the output to access maps that are applied to the specified VLAN only.

 
Command Default

All instances of VLAN access maps applied to a VLAN are displayed, unless you use the access-map keyword and specify an access map or you use the vlan keyword and specify a VLAN ID.

 
Command Modes

EXEC mode

 
Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.

Examples

This example shows how to display all VLAN access map information on the switch:

switch# show vlan filter
 
vlan map vacl-mac:
Configured on VLANs: 300
switch#
 

 
Related Commands

Command
Description

action

Specifies an action for traffic filtering in a VLAN access map.

match

Specifies an ACL for traffic filtering in a VLAN access map.

show vlan access-map

Displays all VLAN access maps or a VLAN access map.

vlan access-map

Configures a VLAN access map.

vlan filter

Applies a VLAN access map to one or more VLANs.