Cisco Nexus 5600 Series NX-OS Security Command Reference

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Cisco Nexus 5600 Series NX-OS Security Command Reference

Chapter Title

Show Commands

PDF - Complete Book (3.01 MB) PDF - This Chapter (640.0 KB)
View with Adobe Reader on a variety of devices

Results

Updated:: January 24, 2018

Chapter: Show Commands

show aaa accounting
show aaa authentication
show aaa authorization
show aaa groups
show aaa local user blocked
show aaa user
show access-class
show access-lists
show accounting log
show checkpoint
show checkpoint summary
show checkpoint system
show checkpoint user
show diff rollback-patch checkpoint
show diff rollback-patch file
show diff rollback-patch running-config
show diff rollback-patch startup-config
show http-server
show hardware profile tcam resource template
show ip access-class
show ip access-lists
show ip arp
show ip arp inspection
show ip arp inspection interfaces
show ip arp inspection log
show ip arp inspection statistics
show ip arp inspection vlan
show ip arp sync-entries
show ip dhcp snooping
show ip dhcp snooping binding
show ip dhcp snooping statistics
show ipv6 access-lists
show ip verify source
show ipv6 dhcp-ldra
show mac access-lists
show platform afm info sup-tcam monitoring info
show platform afm info tcam access stats
show privilege
show radius-server
show role
show role feature
show role feature-group
show rollback log
show running-config aaa
show running-config aclmgr
show running-config arp
show running-config dhcp
show running-config radius
show running-config security
show ssh key
show ssh server
show startup-config aaa
show startup-config aclmgr
show startup-config arp
show startup-config dhcp
show startup-config radius
show startup-config security
show tacacs-server
show telnet server
show user-account
show users
show vlan access-list
show vlan access-map
show vlan filter

Show Commands

This chapter describes the Cisco NX-OS security show commands.

show aaa accounting

To display authentication, authorization, and accounting (AAA) accounting configuration, use the show aaa accounting command.

show aaa accounting

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the configuration of the accounting log:

switch# show aaa accounting

default: local

switch#

Related Commands

Command	Description
aaa accounting default	Configures AAA methods for accounting.

show aaa authentication

To display authentication, authorization, and accounting (AAA) authentication configuration information, use the show aaa authentication command.

show aaa authentication login [ error-enable | mschap ]

Syntax Description

error-enable	(Optional) Displays the authentication login error message enable configuration.
mschap	(Optional) Displays the authentication login Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) enable configuration.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the configured authentication parameters:

switch# show aaa authentication

default: group t1

console: group t1

switch#

This example shows how to display the authentication login error enable configuration:

switch# show aaa authentication login error-enable

disabled

switch#

This example shows how to display the authentication login MS-CHAP configuration:

switch# show aaa authentication login mschap

MSCHAP is disabled

switch#

Related Commands

Command	Description
aaa authentication	Configures AAA authentication methods.

show aaa authorization

To display AAA authorization configuration information, use the show aaa authorization command.

show aaa authorization [ all ]

Syntax Description

all

(Optional) Displays configured and default values.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the configured authorization methods:

switch# show aaa authorization

AAA command authorization:

default authorization for config-commands: none

switch#

Related Commands

Command	Description
aaa authorization commands default	Configures default AAA authorization methods for EXEC commands.
aaa authorization config-commands default	Configures default AAA authorization methods for configuration commands.

show aaa groups

To display authentication, authorization, and accounting (AAA) server group configuration, use the show aaa groups command.

show aaa groups

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display AAA group information:

switch# show aaa groups

radius

tacacs

rad1

switch#

Related Commands

Command	Description
aaa group server radius	Creates a RADIUS server group.

show aaa local user blocked

To display the blocked users, use the show aaa local user blocked command.

show aaa local user blocked

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Any command mode

Command History

Release	Modification
7.3(0)N1(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the blocked users:

switch# show aaa local user blocked

Local-user State

testuser Watched (till 11:34:42 IST Feb 5 2015)

Related Commands

Command	Description
aaa authentication rejected	Configures the login block per user.
feature cts	Enables the Cisco TrustSec feature.
clear aaa local user blocked	Clears the blocked users.

show aaa user

To display the status of the default role assigned by the authentication, authorization, and accounting (AAA) server administrator for remote authentication, use the show aaa user command.

show aaa user default-role

Syntax Description

default-role

Displays the status of the default AAA role.

Command Default

None

Command Modes

EXEC mode.

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the status of the default role assigned by the AAA server administrator for remote authentication:

switch# show aaa user default-role

enabled

switch#

Related Commands

Command	Description
aaa user default-role	Configures the default user for remote authentication.
show aaa authentication	Displays AAA authentication information.

show access-class

To display all IPv4 access classes configured for VTY, use the show access-class command.

show access-class [ access-class-name ]

Syntax Description

access-class-name

(Optional) Name of the access class, which can be up to 64 alphanumeric, case-sensitive characters.

Command Default

The switch shows all ACLs unless you use the access-class-name argument to specify an ACL.

Command Modes

EXEC mode

Command History

Release	Modification
5.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display all access classes configured for VTY on the switch:

switch# show access-class

switch#

Related Commands

Command	Description
access-class	Configures an access class for VTY.
show ip access-class	Displays all IPv4 and IPv6 access classes for VTY.
show running-config aclmgr	Displays all ACLs in the running configuration.

show access-lists

To display all IPv4 and MAC access control lists (ACLs) or a specific ACL, use the show access-lists command.

show access-lists [ access-list-name ]

Syntax Description

access-list-name

(Optional) Name of an ACL, which can be up to 64 alphanumeric, case-sensitive characters.

Command Default

The switch shows all ACLs unless you use the access-list-name argument to specify an ACL.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display all IPv4 and MAC ACLs on the switch:

switch# show access-lists

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

switch# show access-lists

IP access list BulkData

10 deny ip any any

IP access list CriticalData

10 deny ip any any

IP access list Scavenger

10 deny ip any any

MAC access list acl-mac

10 permit any any

IP access list denyv4

20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments

30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400

40 permit icmp any any router-advertisement

60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn

70 permit igmp any any host-report

80 deny tcp any any rst

90 deny tcp any any ack

100 permit tcp any any fin

110 permit tcp any gt 300 any lt 400

130 deny tcp any range 200 300 any lt 600

140 deny tcp any range 200 300 any lt 600

IP access list dot

statistics per-entry

10 permit ip 20.1.1.1 255.255.255.0 20.10.1.1 255.255.255.0 precedence f

lash-override

20 deny ip 20.1.1.1/24 20.10.1.1/24 fragments

30 permit tcp any any fragments

40 deny tcp any eq 400 any eq 500

IP access list ipPacl

statistics per-entry

10 deny tcp any eq 400 any eq 500

IP access list ipv4

10 permit ip 10.10.10.1 225.255.255.0 any fragments

20 permit ip any any dscp ef

IP access list ipv4Acl

10 permit ip 10.10.10.1/32 10.10.10.2/32

MAC access list test

statistics per-entry

10 deny 0000.1111.2222 0000.0000.0000 0000.1111.3333 ffff.0000.0000

IP access list voice

10 remark - avaya rtp range

20 permit udp any range 49072 50175 any range 49072 50175 dscp ef

30 permit udp any range 49072 50175 any range 50176 50353 dscp ef

40 permit udp any range 50176 50353 any range 49072 50175 dscp ef

50 permit udp any range 50176 50353 any range 50176 50353 dscp ef

60 permit udp any range 2048 2815 any range 2048 2815 dscp ef

70 permit udp any range 2048 2815 any range 2816 3028 dscp ef

80 permit udp any range 2816 3028 any range 2816 3028 dscp ef

90 permit udp any range 2816 3028 any range 2048 2815 dscp ef

100 remark -- cisco rtp range

switch#

Related Commands

Command	Description
ip access-list	Configures an IPv4 ACL.
mac access-list	Configures a MAC ACL.
show ip access-lists	Displays all IPv4 ACLs or a specific IPv4 ACL.
show mac access-lists	Displays all MAC ACLs or a specific MAC ACL.

show accounting log

To display the accounting log contents, use the show accounting log command.

show accounting log [ size ] [ start-time year month day HH : MM : SS ] [ end-time year month day HH : MM : SS ]

Syntax Description

size	(Optional) Amount of the log to display in bytes. The range is from 0 to 250000.
start-time year month day HH : MM : SS	(Optional) Specifies a start time. The year argument is in yyyy format. The month is the three-letter English abbreviation. The day argument range is from 1 to 31. The HH : MM : SS argument is in standard 24-hour format.
end-time year month day HH : MM : SS	(Optional) Specifies an end time. The year argument is in yyyy format. The month is the three-letter English abbreviation. The day argument range is from 1 to 31. The HH : MM : SS argument is in standard 24-hour format.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the entire accounting log:

switch# show accounting log

In Cisco NX-OS Release, this command displays the following output:

switch# show accounting log

Mon Aug 16 09:37:43 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; interface vfc3 ; bind interface Ethernet1/12 (SUCCESS)

Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; interface vfc3 ; no shutdown (REDIRECT)

Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=Inte

rface vfc3 state updated to up

Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; interface vfc3 ; no shutdown (SUCCESS)

Mon Aug 16 09:38:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; interface vfc3 ; no shutdown (SUCCESS)

Mon Aug 16 09:48:05 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; interface Ethernet2/1 (SUCCESS)

Mon Aug 16 09:55:27 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; vtp mode client (FAILURE)

Mon Aug 16 09:55:35 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; vtp mode server (FAILURE)

Mon Aug 16 10:03:46 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; no vtp mode (FAILURE)

Mon Aug 16 10:04:11 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; vtp mode transparent (SUCCESS)

Mon Aug 16 10:04:20 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; vtp domain MyDomain (SUCCESS)

Mon Aug 16 10:04:39 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; vtp password MyPass (SUCCESS)

Mon Aug 16 10:05:17 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; no vtp password (SUCCESS)

Mon Aug 16 10:06:46 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; vtp pruning (SUCCESS)

Mon Aug 16 10:09:11 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=conf

igure terminal ; interface Ethernet1/12 (SUCCESS)

Mon Aug 16 10:32:33 2010:type=update:id=72.163.177.184@pts/0:user=admin:cmd=clea

r vtp counters (SUCCESS)

Mon Aug 16 10:35:20 2010:type=stop:id=72.163.177.184@pts/0:user=admin:cmd=shell

terminated because of telnet closed

--More--

switch#

This example shows how to display 400 bytes of the accounting log:

switch# show accounting log 400

This example shows how to display the accounting log starting at 16:00:00 on February 16, 2008:

switch# show accounting log start-time 2008 Feb 16 16:00:00

This example shows how to display the accounting log starting at 15:59:59 on February 1, 2008 and ending at 16:00:00 on February 29, 2008:

switch# show accounting log start-time 2008 Feb 1 15:59:59 end-time 2008 Feb 29 16:00:00

Related Commands

Command	Description
clear accounting log	Clears the accounting log.

show checkpoint

To display the configuration at the time a checkpoint was implemented, use the show checkpoint command.

show checkpoint [ checkpoint-name ] [ all [ system | user ]]

Syntax Description

checkpoint-name	(Optional) Checkpoint name. The name can be a maximum of 32 characters.
all	(Optional) Displays user-configured and system-configured checkpoints.
system	(Optional) Displays all system-configured checkpoints.
user	(Optional) Displays all user-configured checkpoints.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

The command output displays a history of the most recent (up to ten) checkpoint IDs. The checkpoint IDs represent the rollback points that allow the user to restore the system to a checkpoint configuration.

Examples

This example shows how to display the rollback checkpoints configured in the local switch:

switch# show checkpoint

--------------------------------------------------------------------------------

Name: chkpnt-1

!Command: Checkpoint cmd vdc 1

!Time: Mon Sep 6 09:40:47 2010

version 5.0(2)N1(1)

feature telnet

feature tacacs+

cfs eth distribute

feature private-vlan

feature udld

feature interface-vlan

feature lacp

feature vpc

feature lldp

feature fex

username adminbackup password 5 ! role network-operator

username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin

no password strength-check

ip domain-lookup

hostname switch

ip access-list ip1

class-map type qos class-fcoe

match cos 4

class-map type qos match-all cq1

match cos 4

match precedence 7

class-map type qos match-all cq2

match cos 5

match dscp 10

class-map type qos match-any cq3

match precedence 7

<--output truncated-->

switch#

This example shows how to display information about a specific checkpoint:

switch# show checkpoint chkpnt-1

--------------------------------------------------------------------------------

Name: chkpnt-1

!Command: Checkpoint cmd vdc 1

!Time: Mon Sep 6 09:40:47 2010

version 5.0(2)N1(1)

feature telnet

feature tacacs+

cfs eth distribute

feature private-vlan

feature udld

feature interface-vlan

feature lacp

feature vpc

feature lldp

feature fex

username adminbackup password 5 ! role network-operator

username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin

no password strength-check

ip domain-lookup

hostname switch

ip access-list ip1

class-map type qos class-fcoe

match cos 4

class-map type qos match-all cq1

match cos 4

match precedence 7

--More--

switch#

This example shows how to display all configured rollback checkpoints:

switch# show checkpoint all

Related Commands

Command	Description
checkpoint	Creates a checkpoint.
rollback	Rolls back the configuration to any of the saved checkpoints.
show checkpoint summary	Displays configuration rollback checkpoints summary.
show checkpoint system	Displays system-defined rollback checkpoints.
show checkpoint user	Displays user-configured rollback checkpoints.

show checkpoint summary

To display a summary of the configured checkpoints, use the show checkpoint summary command.

show checkpoint summary [ system | user ]

Syntax Description

system	(Optional) Displays a summary of the system-configured checkpoints.
user	(Optional) Displays a summary of the user-configured checkpoints.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the configuration rollback checkpoints summary:

switch# show checkpoint summary

User Checkpoint Summary

--------------------------------------------------------------------------------

1) chkpnt-1:

Created by admin

Created at Tue, 08:10:23 14 Sep 2010

Size is 21,508 bytes

Description: Checkpoint to save current configuration, Sep 9 10:02 A.M.

2) chkpnt-2:

Created by admin

Created at Tue, 08:11:46 14 Sep 2010

Size is 21,536 bytes

Description: None

3) user-checkpoint-4:

Created by admin

Created at Tue, 08:16:48 14 Sep 2010

Size is 21,526 bytes

Description: None

switch#

This example shows how to display the summary of the system-configured rollback checkpoints:

switch# show checkpoint summary system

This example shows how to display the summary of the user-configured rollback checkpoints:

switch# show checkpoint summary user

--------------------------------------------------------------------------------

1) chkpnt-1:

Created by admin

Created at Tue, 08:10:23 14 Sep 2010

Size is 21,508 bytes

Description: Checkpoint to save current configuration, Sep 9 10:02 A.M.

2) chkpnt-2:

Created by admin

Created at Tue, 08:11:46 14 Sep 2010

Size is 21,536 bytes

Description: None

3) user-checkpoint-4:

Created by admin

Created at Tue, 08:16:48 14 Sep 2010

Size is 21,526 bytes

Description: None

switch#

Related Commands

Command	Description
checkpoint	Creates a checkpoint.
rollback	Rolls back the configuration to any of the saved checkpoints.
show checkpoint	Displays rollback checkpoints.
show checkpoint system	Displays system-defined rollback checkpoints.
show checkpoint user	Displays user-configured rollback checkpoints.

show checkpoint system

To display only the system-configured checkpoints, use the show checkpoint system command.

show checkpoint system

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the rollback checkpoints defined by the system:

switch# show checkpoint system

Related Commands

Command	Description
checkpoint	Creates a checkpoint.
rollback	Rolls back the configuration to any of the saved checkpoints.
show checkpoint	Displays rollback checkpoints.
show checkpoint user	Displays user-configured rollback checkpoints.

show checkpoint user

To display only the user-configured checkpoints, use the show checkpoint user command.

show checkpoint user

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the rollback checkpoints configured by the current user:

switch# show checkpoint user

--------------------------------------------------------------------------------

Name: myChkpoint

!Command: Checkpoint cmd vdc 1

!Time: Mon Sep 6 09:40:47 2010

version 5.0(2)N1(1)

feature telnet

feature tacacs+

cfs eth distribute

feature private-vlan

feature udld

feature interface-vlan

feature lacp

feature vpc

feature lldp

feature fex

username adminbackup password 5 ! role network-operator

username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin

no password strength-check

ip domain-lookup

hostname switch

ip access-list ip1

class-map type qos class-fcoe

match cos 4

class-map type qos match-all cq1

match cos 4

match precedence 7

<--output truncated-->

switch#

Related Commands

Command	Description
checkpoint	Creates a checkpoint.
rollback	Rolls back the configuration to any of the saved checkpoints.
show checkpoint	Displays rollback checkpoints.
show checkpoint summary	Displays a summary of all configured rollback checkpoints.
show checkpoint system	Displays system-defined rollback checkpoints.

show diff rollback-patch checkpoint

To display the configuration differences between two checkpoints, use the show diff rollback-patch checkpoint command.

show diff rollback-patch checkpoint src-checkpoint-name checkpoint dest-checkpoint-name

Syntax Description

src-checkpoint-name	Source checkpoint name. The name can be a maximum of 32 characters.
dest-checkpoint-name	Destination checkpoint name. The name can be a maximum of 32 characters.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

Use this command to view the differences between the source and destination checkpoints that reference current or saved configurations. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the changes between two checkpoints, chkpnt-1 and chkpnt-2:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint chkpnt-2

<-- modify configuration in running configuration--->

switch# checkpoint

...

user-checkpoint-4 created Successfully

Done

switch#

<-- modify configuration in running configuration--->

switch# show diff rollback-patch checkpoint user-checkpoint-4 checkpoint chkpnt-1

#Generating Rollback Patch

interface Ethernet1/2

no untagged cos

no description Sample config

exit

interface Ethernet1/2

channel-group 1

line vty

switch# rollback chkpnt-1

switch#

Related Commands

Command	Description
checkpoint	Creates a checkpoint.
rollback	Rolls back the configuration to any of the saved checkpoints.
show checkpoint	Displays checkpoint information.
show diff rollback-patch file	Displays the differences between the current checkpoint file and the saved configuration.
show diff rollback-patch running-config	Displays the differences between the current running configuration and the saved checkpoint configuration.

show diff rollback-patch file

To display the differences between the two checkpoint configuration files, use the show diff rollback-patch file command.

show diff rollback-patch file { bootflash: | volatile: }[ // server ][ directory / ][ src-filename ] { checkpoint dest-checkpoint-name | file { bootflash: | volatile: }[ // server ][ directory / ][ dest-filename ] | running-config | startup-config }

Syntax Description

bootflash:	Specifies the bootflash local writable storage file system.
volatile:	Specifies the volatile local writable storage file system.
// server	(Optional) Name of the server. Valid values are ///, //module-1/, //sup-1/, //sup-active/, or //sup-local/. The double slash (//) is required.
directory /	(Optional) Name of a directory. The directory name is case sensitive.
src-filename	(Optional) Name of the source checkpoint configuration file. The filename is case sensitive.
dest-filename	(Optional) Name of the destination checkpoint configuration file. The filename is case sensitive.
checkpoint	Specifies a destination checkpoint.
dest-checkpoint-name	Destination checkpoint name. The name can be a maximum of 32 characters.
file	Specifies the destination checkpoint file.
running-config	Specifies that the running configuration be used as the destination.
startup-config	Specifies that the startup configuration be used as the destination.

Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

Use this command to view the differences between the source and destination checkpoint configuration files that reference current or saved configurations. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the changes between two checkpoint configurations stored in files in the bootflash storage system:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt

<-- modify configuration in running configuration--->

switch# checkpoint chkpnt-2

switch# show diff rollback-patch file bootflash:///chkpnt_configSep9-2.txt file bootflash:///chkpnt_configSep9-1.txt

switch# rollback file bootflash:///chkpnt_configSep9-1.txt

switch#

Related Commands

Command	Description
rollback	Rolls back the switch to any of the saved checkpoints.
show checkpoint	Displays checkpoint information.
show diff rollback-patch checkpoint	Displays the differences between the current checkpoint and the saved configuration.
show diff rollback-patch running-config	Displays the differences between the current running configuration and the saved checkpoint configuration.

show diff rollback-patch running-config

To display the differences between the current running configuration and the saved (checkpointed) configuration, use the show diff rollback-patch running-config command.

show diff rollback-patch running-config { checkpoint checkpoint-name | file { bootflash: | volatile: }[ // server ][ directory / ][ filename ] | running-config | startup-config }

Syntax Description

checkpoint	Specifies that the checkpoint be used as the destination in the comparison.
checkpoint-name	Checkpoint name. The name can be a maximum of 32 characters.
file	Specifies that the checkpoint configuration file be used as the destination in the comparison.
bootflash:	Specifies the bootflash local writable storage file system.
volatile:	Specifies the volatile local writable storage file system.
// server	(Optional) Name of the server. Valid values are ///, //module-1/, //sup-1/, //sup-active/, or //sup-local/. The double slash (//) is required.
directory /	(Optional) Name of a directory. The directory name is case sensitive.
filename	(Optional) Name of the checkpoint configuration file. The filename is case sensitive.
running-config	Specifies that the running configuration be used as the destination in the comparison.
startup-config	Specifies that the startup configuration be used as the destination in the comparison.

Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

Use this command to view the differences between the current running configuration and destination checkpoints that reference a saved configuration. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the configuration changes between the current running configuration and a checkpoint named chkpnt-1:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint chkpnt-2

<-- modify configuration in running configuration--->

switch# show diff rollback-patch running-config checkpoint chkpnt-1

Collecting Running-Config

#Generating Rollback Patch

interface Ethernet1/2

no description Sample config

exit

switch#

This example shows how to view the configuration changes between the current running configuration and a saved configuration in the bootflash storage system:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt

<-- modify configuration in running configuration--->

switch# show diff rollback-patch running-config file chkpnt_configSep9-1.txt

This example shows how to view the configuration changes between the current running configuration and a checkpointed running configuration:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt

<-- modify configuration in running configuration--->

switch# show diff rollback-patch running-config running-config

This example shows how to view the configuration changes between the current running configuration and a saved startup configuration:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt

<-- modify configuration in running configuration--->

switch# copy running-config startup-config

switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt

<-- modify configuration in running configuration--->

switch# checkpoint chkpnt-2

switch# show diff rollback-patch running-config startup-config

Collecting Running-Config

Collecting Startup-Config

#Generating Rollback Patch

interface Ethernet1/2

no untagged cos

no description Sample config

exit

password strength-check

no username admin

no username adminbackup

interface Ethernet1/2

channel-group 1

no feature ssh

no feature telnet

switch#

Related Commands

Command	Description
rollback	Rolls back the switch to any of the saved checkpoints.
show checkpoint	Displays checkpoint information.
show diff rollback-patch checkpoint	Displays the differences between the current checkpoint and the saved configuration.
show diff rollback-patch file	Displays the differences between the current checkpoint file and the saved configuration.
show diff rollback-patch startup-config	Displays the differences between the current startup configuration and the saved checkpoint configuration.

show diff rollback-patch startup-config

To display the differences between the current startup configuration and the saved (checkpointed) configuration, use the show diff rollback-patch startup-config command.

show diff rollback-patch startup-config { checkpoint checkpoint-name | file { bootflash: | volatile: }[ // server ][ directory / ][ filename ] | running-config | startup-config }

Syntax Description

checkpoint	Specifies that the checkpoint be used as the destination in the comparison.
checkpoint-name	Checkpoint name. The name can be a maximum of 32 characters.
file	Specifies that the checkpoint configuration file be used as the destination in the comparison.
bootflash:	Specifies the bootflash local writable storage file system.
volatile:	Specifies the volatile local writable storage file system.
// server	(Optional) Name of the server. Valid values are ///, //module-1/, //sup-1/, //sup-active/, or //sup-local/. The double slash (//) is required.
directory /	(Optional) Name of a directory. The directory name is case sensitive.
filename	(Optional) Name of the checkpoint configuration file. The filename is case sensitive.
running-config	Specifies that the running configuration be used as the destination in the comparison.
startup-config	Specifies that the startup configuration be used as the destination in the comparison.

Note There can be no spaces in the filesystem://server/directory/filename string. Individual elements of this string are separated by colons (:) and slashes (/).

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

Use this command to view the differences between the current startup configuration and destination checkpoints that reference a saved configuration. The configuration differences based on the current running configuration and checkpointed configuration are applied to the system to restore the running state of the system.

Examples

This example shows how to view the configuration changes between the current startup configuration and a checkpoint named chkpnt-1:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint chkpnt-2

<-- modify configuration in running configuration--->

switch# copy running-config startup-config

switch# show diff rollback-patch startup-config checkpoint chkpnt-1

Collecting Startup-Config

#Generating Rollback Patch

feature telnet

feature ssh

username adminbackup password 5 ! role network-operator

username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin

no password strength-check

switch#

This example shows how to view the configuration changes between the current startup configuration and a saved configuration in the bootflash storage system:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt

<-- modify configuration in running configuration--->

switch# copy running-config startup-config

switch# show diff rollback-patch startup-config file chkpnt_configSep9-1.txt

switch#

This example shows how to view the configuration changes between the current startup configuration and a checkpointed running configuration:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt

<-- modify configuration in running configuration--->

switch# copy running-config startup-config

<-- modify configuration in running configuration--->

switch# show diff rollback-patch startup-config running-config

Collecting Running-Config

Collecting Startup-Config

#Generating Rollback Patch

feature telnet

feature ssh

username adminbackup password 5 ! role network-operator

username admin password 5 $1$KIPRDtFF$7eUMjCAd7Nkhktzebsg5/0 role network-admin

no password strength-check

switch#

This example shows how to view the configuration changes between the current startup configuration and a saved startup configuration:

switch# checkpoint chkpnt-1

<-- modify configuration in running configuration--->

switch# checkpoint file bootflash:///chkpnt_configSep9-1.txt

<-- modify configuration in running configuration--->

switch# copy running-config startup-config

switch# checkpoint file bootflash:///chkpnt_configSep9-2.txt

<-- modify configuration in running configuration--->

switch# show diff rollback-patch startup-config startup-config

Collecting Startup-Config

#Generating Rollback Patch

Rollback Patch is Empty

switch#

Related Commands

Command	Description
rollback	Rolls back the switch to any of the saved checkpoints.
show checkpoint	Displays checkpoint information.
show diff rollback-patch checkpoint	Displays the differences between the current checkpoint and the saved configuration.
show diff rollback-patch file	Displays the differences between the current checkpoint file and the saved configuration.
show diff rollback-patch running-config	Displays the differences between the current running configuration and the saved checkpoint configuration.

show http-server

To display information about the HTTP or HTTPS configuration, use the show http-server command.

show http-server

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the status of the HTTP server:

switch# show http-server

http-server enabled

switch#

Related Commands

Command	Description
feature http-server	Enables or disables the HTTP or HTTPS server on the switch.

show hardware profile tcam resource template

To display all the TCAM templates, use the show hardware profile tcam resource template command.

show hardware profile tcam resource template [default | tcam-feature-map | name template-name]

Syntax Description

default	Displays information about the default template.
tcam-feature-map	Displays information about TCAM region to feature mapping
name template-name	Displays information about the specified template.

Command Default

None

Command Modes

Global configuration mode

Command History

Release	Modification
7.0(0)N1(1)	This command was introduced.

Usage Guidelines

None

Examples

This example shows how to display all the templates:

switch# show hardware profile tcam resource template

Template Type State Vacl Ifacl Rbacl Qos Span Sup TOTAL

------------------------------------------------------------------------------

default system Committed 2048 1152 128 448 64 128 4096

temp1 user Created 1984 1216 128 448 64 256 4096

temp2 user Created 2048 1152 128 448 64 256 4096

L3-Card asic values

Template Type State ERacl Ifacl IRacl Qos Span Sup TOTAL

------------------------------------------------------------------------------

default system Committed 2048 64 1664 64 64 64 4096

temp1 user Created 1920 64 1792 64 64 64 4096

temp2 user Created 2048 64 1664 64 64 64 4096

------------------------------------------------------------------------------

Related Commands

Command	Description
hardware profile tcam resource service-template	Commits a template in the running image

show ip access-class

To display all IPv4 and IPv6 access classes configured for VTY, use the show ip access-class command.

show ip access-class [ access-class-name ]

Syntax Description

access-class-name

(Optional) Name of the access class, which can be up to 64 alphanumeric, case-sensitive characters.

Command Default

The switch shows all ACLs unless you use the access-class-name argument to specify an ACL.

Command Modes

EXEC mode

Command History

Release	Modification
5.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display all IP access classes configured for VTY on the switch:

switch# show ip access-class

switch#

OUTPUT

Related Commands

Command	Description
ip access-class	Configures an IPv4 access class for VTY.
ipv6 access-class	Configures an IPv6 access class for VTY.
show access-class	Displays all access classes for VTY.
show running-config aclmgr	Displays all ACLs in the running configuration.

show ip access-lists

To display all IPv4 access control lists (ACLs) or a specific IPv4 ACL, use the show ip access-lists command.

show ip access-lists [ access-list-name ]

Syntax Description

access-list-name

(Optional) Name of an IPv4 ACL, which can be up to 64 alphanumeric, case-sensitive characters.

Command Default

The switch shows all IPv4 ACLs unless you use the access-list-name argument to specify an ACL.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

By default, this command displays the IPv4 ACLs configured on the switch. The command displays the statistics information for an IPv4 ACL only if the IPv4 ACL is applied to the management (mgmt0) interface. If the ACL is applied to an SVI interface or in a QoS class map, then the command does not display any statistics information.

Examples

This example shows how to display all IPv4 ACLs on the switch:

switch# show ip access-lists

In Cisco NX-OS release 5.0(2)N1(1), this example shows how to display all IPv4 ACLs on the switch:

switch# show ip access-lists

IP access list BulkData

10 deny ip any any

IP access list CriticalData

10 deny ip any any

IP access list Scavenger

10 deny ip any any

IP access list denyv4

20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments

30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400

40 permit icmp any any router-advertisement

60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn

70 permit igmp any any host-report

80 deny tcp any any rst

90 deny tcp any any ack

100 permit tcp any any fin

110 permit tcp any gt 300 any lt 400

130 deny tcp any range 200 300 any lt 600

140 deny tcp any range 200 300 any lt 600

IP access list dot

statistics per-entry

10 permit ip 20.1.1.1 255.255.255.0 20.10.1.1 255.255.255.0 precedence f

lash-override

20 deny ip 20.1.1.1/24 20.10.1.1/24 fragments

30 permit tcp any any fragments

40 deny tcp any eq 400 any eq 500

IP access list ipPacl

statistics per-entry

10 deny tcp any eq 400 any eq 500

IP access list ipv4

10 permit ip 10.10.10.1 225.255.255.0 any fragments

20 permit ip any any dscp ef

IP access list ipv4Acl

10 permit ip 10.10.10.1/32 10.10.10.2/32

IP access list voice

--More--

switch#

Related Commands

Command	Description
ip access-list	Configures an IPv4 ACL.
show access-lists	Displays all ACLs or a specific ACL.
show mac access-lists	Displays all MAC ACLs or a specific MAC ACL.

show ip arp

To display the Address Resolution Protocol (ARP) table statistics, use the show ip arp command.

show ip arp [ client | [ statistics | summary ] [ ethernet slot / port | loopback intf-num | mgmt mgmt-intf-num | port-channel channel-num | vlan vlan-id ] [ fhrp-non-active-learn ] [ static ] [ detail ] [ vrf { vrf-name | all | default | management }]]

Syntax Description

client	(Optional) Displays ARP information for ARP clients.
statistics	(Optional) Display the global ARP statistics on teh switch or the ARP statistics for interfaces.
summary	(Optional) Display the ARP adjacency summary information.
ethernet slot / port	(Optional) Displays the ARP information for an Ethernet interface. The slot number is from 1 to 255 and the port number is from 1 to 128.
loopback intf-num	(Optional) Displays the ARP information for a loopback interface. The loopback interface number is from 0 to 1023.
mgmt mgmt-intf-num	(Optional) Displays the ARP information for a management interface. The interface number is 0.
port-channel channel-num	(Optional) Displays the ARP information for an EtherChannel interface. The channel number range is from 1 to 4096.
vlan vlan-id	(Optional) Displays the ARP information for a specified VLAN. The range is from 1 to 4094, except for the VLANs reserved for internal use.
fhrp-non-active-learn	(Optional) Displays the ARP table information learned only due to a request for a nonactive Cisco First Hop Redundancy Protocol (FHRP) address.
static	(Optional) Displays the static ARP entries.
detail	(Optional) Displays the detailed ARP information.
vrf	(Optional) Specifies the virtual routing and forwarding (VRF) to use.
vrf-name	VRF name. The name can be a maximum of 32 alphanumeric characters and is case sensitive.
all	Displays all VRF entries for the specified VLAN in the ARP table.
default	Displays the default VRF entry for the specified VLAN.
management	Displays the management VRF entry for the specified VLAN.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

You must use the feature interface-vlan command before you can display the ARP information for VLAN interfaces.

Examples

This example shows how to display the ARP table:

switch# show ip arp

IP ARP Table for context default

Total number of entries: 1

Address Age MAC Address Interface

90.10.10.2 00:03:11 000d.ece7.df7c Vlan900

switch#

This example shows how to display the detailed ARP table:

switch# show ip arp detail

IP ARP Table for context default

Total number of entries: 1

Address Age MAC Address Interface Physical Interface

90.10.10.2 00:02:55 000d.ece7.df7c Vlan900 Ethernet1/12

switch#

This example shows how to display the ARP table for VLAN 10 and all VRFs:

switch# show ip arp vlan 10 vrf all

Table 1 describes the fields shown in the above displays.

Table 1 show ip arp Field Descriptions
Field	Description
IP ARP Table	Context in which the ARP table is applied.
Total number of entries	Total number of ARP entries or messages in the ARP table.
Address	IP address of the switch that the ARP table automatically maps to the MAC address of the switch.
Age	Duration since the switch with a MAC address was mapped to the IP address.
MAC Address	MAC address of the switch.
Interface	Switch interface where packets are forwarded.
Physical Interface	Physical interface, which can one of the following: Ethernet, loopback, EtherChannel, management, or VLAN.

Related Commands

Command	Description
clear ip arp	Clears the ARP cache and table.
feature interface-vlan	Enables the creation of VLAN interfaces.
show running-config arp	Displays the running ARP configuration.

show ip arp inspection

To display the Dynamic ARP Inspection (DAI) configuration status, use the show ip arp inspection command.

show ip arp inspection

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the status of the DAI configuration:

switch# show ip arp inspection

Related Commands

Command	Description
ip arp inspection vlan	Enables DAI for a specified list of VLANs.
show ip arp inspection interface	Displays the trust state and the ARP packet rate for a specified interface.
show ip arp inspection log	Displays the DAI log configuration.
show ip arp inspection statistics	Displays the DAI statistics.
show ip arp inspection vlan	Displays DAI status for a specified list of VLANs.
show running-config dhcp	Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection interfaces

To display the trust state for the specified interface, use the show ip arp inspection interfaces command.

show ip arp inspection interfaces { ethernet slot / port | port-channel channel-number }

Syntax Description

ethernet slot / port	(Optional) Specifies that the output is for an Ethernet interface.
port-channel channel-number	(Optional) Specifies that the output is for a port-channel interface. Valid port-channel numbers are from 1 to 4096.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the trust state for a trusted interface:

switch# show ip arp inspection interfaces ethernet 2/1

Related Commands

Command	Description
ip arp inspection vlan	Enables Dynamic ARP Inspection (DAI) for a specified list of VLANs.
show ip arp inspection	Displays the DAI configuration status.
show ip arp inspection vlan	Displays DAI status for a specified list of VLANs.
show running-config dhcp	Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection log

To display the Dynamic ARP Inspection (DAI) log configuration, use the show ip arp inspection log command.

show ip arp inspection log

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the DAI log configuration:

switch# show ip arp inspection log

Syslog Buffer Size : 12

Syslog Rate : 5 entries per 1 seconds

switch#

Related Commands

Command	Description
clear ip arp inspection log	Clears the DAI logging buffer.
ip arp inspection log-buffer	Configures the DAI logging buffer size.
show ip arp inspection	Displays the DAI configuration status.
show running-config dhcp	Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection statistics

To display the Dynamic ARP Inspection (DAI) statistics, use the show ip arp inspection statistics command.

show ip arp inspection statistics [ vlan vlan-list ]

Syntax Description

vlan vlan-list

(Optional) Specifies the list of VLANs for which to display DAI statistics. Valid VLAN IDs are from 1 to 4094. You can specify a VLAN or range of VLANs.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the DAI statistics for VLAN 1:

switch# show ip arp inspection statistics vlan 1

Related Commands

Command	Description
clear ip arp inspection statistics vlan	Clears the DAI statistics for a specified VLAN.
show ip arp inspection log	Displays the DAI log configuration.
show running-config dhcp	Displays DHCP snooping configuration, including the DAI configuration.

show ip arp inspection vlan

To display the Dynamic ARP Inspection (DAI) status for the specified list of VLANs, use the show ip arp inspection vlan command.

show ip arp inspection vlan vlan-list

Syntax Description

vlan-list

List of VLANs that have the DAI status. The vlan-list argument allows you to specify a single VLAN ID, a range of VLAN IDs, or comma-separated IDs and ranges. Valid VLAN IDs are from 1 to 4094.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the DAI status for VLAN 1:

switch# show ip arp inspection vlan 1

Source Mac Validation : Enabled

Destination Mac Validation : Enabled

IP Address Validation : Enabled

Vlan : 1

-----------

Configuration : Disabled

Operation State : Inactive

switch#

Related Commands

Command	Description
clear ip arp inspection statistics vlan	Clears the DAI statistics for a specified VLAN.
ip arp inspection vlan	Enables DAI for a specified list of VLANs.
show ip arp inspection	Displays the DAI configuration status.
show ip arp inspection interface	Displays the trust state and the ARP packet rate for a specified interface.
show running-config dhcp	Displays DHCP snooping configuration, including the DAI configuration.

show ip arp sync-entries

To display the Address Resolution Protocol (ARP) table information after an ARP table synchronization, use the show ip arp sync-entries command.

show ip arp sync-entries [ detail | vrf { vrf-name | all | default | management }]

Syntax Description

detail	(Optional) Displays detailed information about the ARP table.
vrf	(Optional) Displays ARP table information for a virtual routing and forwarding (VRF) instance.
vrf-name	VRF name. The name can be a maximum of 32 alphanumeric characters and is case sensitive.
all	Displays ARP table information for all VRF entries.
default	Displays ARP table information for the default VRF entry.
management	Displays ARP table information for the management VRF entry.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the global ARP statistics on virtual port channels (vPCs):

switch# show ip arp sync-entries

Related Commands

Command	Description
ip arp synchronize	Enables ARP synchronization on a vPC domain.
show running-config arp	Displays the running configuration information for ARP tables.

show ip dhcp snooping

To display general status information for Dynamic Host Configuration Protocol (DHCP) snooping, use the show ip dhcp snooping command.

show ip dhcp snooping

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display general status information about DHCP snooping:

switch# show ip dhcp snooping

DHCP snooping service is enabled

Switch DHCP snooping is enabled

DHCP snooping is configured on the following VLANs:

1,13

DHCP snooping is operational on the following VLANs:

Insertion of Option 82 is disabled

Verification of MAC address is enabled

DHCP snooping trust is configured on the following interfaces:

Interface Trusted

------------ -------

Ethernet2/3 Yes

switch#

Related Commands

Command	Description
copy running-config startup-config	Copies the running configuration to the startup configuration.
ip dhcp snooping	Globally enables DHCP snooping on the device.
show ip dhcp snooping statistics	Displays DHCP snooping statistics.
show running-config dhcp	Displays the DHCP snooping configuration.

show ip dhcp snooping binding

To display IP-to-MAC address bindings for all interfaces or a specific interface, use the show ip dhcp snooping binding command.

show ip dhcp snooping binding [ IP-address ] [ MAC-address ] [ interface ethernet slot / port ] [ vlan vlan-id ]

show ip dhcp snooping binding [ dynamic ]

show ip dhcp snooping binding [ static ]

Syntax Description

IP-address	(Optional) IPv4 address that the bindings shown must include. Valid entries are in dotted-decimal format.
MAC-address	(Optional) MAC address that the bindings shown must include. Valid entries are in dotted-hexadecimal format.
interface ethernet slot / port	(Optional) Specifies the Ethernet interface that the bindings shown must be associated with. The slot number is from 1 to 255, and the port number is from 1 to 128.
vlan vlan-id	(Optional) Specifies a VLAN ID that the bindings shown must be associated with. Valid VLAN IDs are from 1 to 4094, except for the VLANs reserved for internal use. Use a hyphen (-) to separate the beginning and ending IDs of a range of VLAN IDs; for example, 70-100. Use a comma (,) to separate individual VLAN IDs and ranges of VLAN IDs; for example, 20,70-100,142.
dynamic	(Optional) Limits the output to all dynamic IP-MAC address bindings.
static	(Optional) Limits the output to all static IP-MAC address bindings.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

The binding interface includes static IP source entries. Static entries appear with the term “static” in the Type column.

Examples

This example shows how to show all bindings:

switch# show ip dhcp snooping binding

MacAddress IpAddress LeaseSec Type VLAN Interface

----------------- --------------- -------- ---------- ---- -------------

0f:00:60:b3:23:33 10.3.2.2 infinite static 13 Ethernet2/46

0f:00:60:b3:23:35 10.2.2.2 infinite static 100 Ethernet2/10

switch#

Related Commands

Command	Description
clear ip dhcp snooping binding	Clears the DHCP snooping binding database.
copy running-config startup-config	Copies the running configuration to the startup configuration.
ip dhcp snooping	Globally enables DHCP snooping on the device.
ip source binding	Creates a static IP source entry for a Layer 2 Ethernet interface.
show ip dhcp snooping statistics	Displays DHCP snooping statistics.
show running-config dhcp	Displays the DHCP snooping configuration, including the IP Source Guard configuration.

show ip dhcp snooping statistics

To display Dynamic Host Configuration Protocol (DHCP) snooping statistics, use the show ip dhcp snooping statistics command.

show ip dhcp snooping statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display DHCP snooping statistics:

switch# show ip dhcp snooping statistics

Packets processed 61343

Packets received through cfsoe 0

Packets forwarded 0

Packets forwarded on cfsoe 0

Total packets dropped 61343

Packets dropped from untrusted ports 0

Packets dropped due to MAC address check failure 0

Packets dropped due to Option 82 insertion failure 0

Packets dropped due to o/p intf unknown 0

Packets dropped which were unknown 0

Packets dropped due to dhcp relay not enabled 0

Packets dropped due to no binding entry 0

Packets dropped due to interface error/no interface 61343

Packets dropped due to max hops exceeded 0

switch#

Related Commands

Command	Description
copy running-config startup-config	Copies the running configuration to the startup configuration.
ip dhcp snooping	Globally enables DHCP snooping on the device.
show running-config dhcp	Displays the DHCP snooping configuration.

show ipv6 access-lists

To display all IPv6 access control lists (ACLs) or a specific IPv6 ACL, use the show ipv6 access-lists command.

show ipv6 access-lists [ access-list-name ] [ expanded | summary ]

Syntax Description

access-list-name	(Optional) Name of an IPv6 ACL, which can be up to 64 alphanumeric, case-sensitive characters.
expanded	(Optional) Specifies that the contents of IPv6 address groups or port groups show rather than the names of object groups only.
summary	(Optional) Specifies that the command displays information about the ACL rather than the ACL configuration. For more information, see the "Usage Guidelines" section.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

The device shows all IPv6 ACLs, unless you use the access-list-name argument to specify an ACL.

The summary keyword allows you to display information about the ACL rather than the ACL configuration. The information displayed includes the following:

Whether per-entry statistics is configured for the ACL.
The number of rules in the ACL configuration. This number does not reflect how many entries the ACL contains when the device applies it to an interface. If a rule in the ACL uses an object group, the number of entries in the ACL when it is applied may be much greater than the number of rules.
The interfaces that the ACL is applied to.
The interfaces that the ACL is active on.

The show ipv6 access-lists command displays statistics for each entry in an ACL if the following conditions are both true:

The ACL configuration contains the statistics per-entry command.
The ACL is applied to an interface that is administratively up.

Examples

This example shows how to display all IPv6 ACLs on a switch:

switch# show ipv6 access-lists

Related Commands

Command	Description
ipv6 access-list	Configures an IPv6 ACL.

show ip verify source

To display the IP Source Guard-enabled interfaces and the IP-to-MAC address bindings, use the show ip verify source command.

show ip verify source [ interface { ethernet slot / port | port-channel channel-number }]

Syntax Description

interface	(Optional) Specifies that the output is limited to IP-to-MAC address bindings for a particular interface.
ethernet slot / port	(Optional) Specifies that the output is limited to bindings for the Ethernet interface given. The slot number is from 1 to 255, and the port number is from 1 to 128.
port-channel channel-number	(Optional) Specifies that the output is limited to bindings for the port-channel interface given. Valid port-channel numbers are from 1 to 4096.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the IP Source Guard-enabled interfaces and the IP-to-MAC address bindings on the switch:

switch# show ip verify source

IP source guard is enabled on the following interfaces:

------------------------------------------------------

Ethernet1/2

Ethernet1/5

IP source guard operational entries:

-----------------------------------

Interface Filter-mode IP-address Mac-address Vlan

------------ ----------- ---------- -------------- ----

Ethernet1/2 inactive-no-snoop-vlan

Ethernet1/5 inactive-no-snoop-vlan

switch#

Related Commands

Command	Description
ip source binding	Creates a static IP source entry for the specified Ethernet interface.
ip verify source dhcp-snooping-vlan	Enables IP Source Guard on an interface.
show running-config dhcp	Displays DHCP snooping configuration, including the IP Source Guard configuration.

show ipv6 dhcp-ldra

To display configuration details and statistics for the Lightweight DHCPv6 Relay Agent (LDRA), use the show ipv6 dhcp-ldra command.

show ipv6 dhcp-ldra [statistics [vlan vlan-id | interface interface-id]]

Syntax Description

statistics	(Optional) Displays LDRA-related statistics.
vlan vlan-id	(Optional) Specifies the VLAN ID
interface interface-id	(Optional) Specifies the interface.

Defaults

None

Command Modes

Any command mode

Command History

Release	Modification
7.3(0)N1(1)	This command was introduced.

Usage Guidelines

To use this command, you must enable the LDRA feature by using the ipv6 dhcp ldra command.

Examples

This example shows how to enable the LDRA feature on the specified interface:

switch(config)# ipv6 dhcp ldra

switch(config)# show ipv6 dhcp-ldra

DHCPv6 LDRA is Enabled.

DHCPv6 LDRA policy: client-facing-trusted

Target: Ethernet1/1

DHCPv6 LDRA policy: client-facing-untrusted

Target: vlan 102 vlan 103

DHCPv6 LDRA policy: server-facing

Target: port-channel101

switch(config)# show ipv6 dhcp-ldra statistics

PACKET STATS:

---------------------------------------------------------

Message Type Rx Tx Drops |

---------------------------------------------------------

SOLICIT 0 0 0 |

ADVERTISE 0 0 0 |

REQUEST 0 0 0 |

CONFIRM 0 0 0 |

RENEW 0 0 0 |

REBIND 0 0 0 |

REPLY 0 0 0 |

RELEASE 0 0 0 |

DECLINE 0 0 0 |

RECONFIGURE 0 0 0 |

INFORMATION_REQUEST 0 0 0 |

RELAY_FORWARD 0 0 0 |

RELAY_REPLY 0 0 0 |

---------------------------------------------------------

Total 0 0 0 |

---------------------------------------------------------

CFS STATS:

---------------------------------------------------------

Message Type Rx Tx Drops |

---------------------------------------------------------

SOLICIT 0 0 0 |

ADVERTISE 0 0 0 |

REQUEST 0 0 0 |

CONFIRM 0 0 0 |

RENEW 0 0 0 |

REBIND 0 0 0 |

REPLY 0 0 0 |

RELEASE 0 0 0 |

DECLINE 0 0 0 |

RECONFIGURE 0 0 0 |

INFORMATION_REQUEST 0 0 0 |

RELAY_FORWARD 0 0 0 |

RELAY_REPLY 0 0 0 |

---------------------------------------------------------

Total 0 0 0 |

---------------------------------------------------------

Non-DHCPv6 LDRA Packets:

---------------------------------------------------------

Total Packets Received: 0

Total Packets Forwarded: 0

Total Packets Dropped: 0

---------------------------------------------------------

DHCPv6 LDRA DROPS

---------------------------------------------------------

Invalid Message Type: 0

Max hops exceeded: 0

Relay Forward Received on Untrusted port: 0

Packet received over MCT: 0

Invalid Message Type on Client facing port: 0

No Server Port Present: 0

Related Commands

Command	Description
ipv6 dhcp ldra	Enables the LDRA feature.

show mac access-lists

To display all Media Access Control (MAC) access control lists (ACLs) or a specific MAC ACL, use the show mac access-lists command.

show mac access-lists [ access-list-name ]

Syntax Description

access-list-name

(Optional) Name of a MAC ACL, which can be up to 64 alphanumeric, case-sensitive characters.

Command Default

The switch shows all MAC ACLs unless you use the access-list-name argument to specify an ACL.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display all MAC ACLs on the switch:

switch# show mac access-lists

MAC access list acl-mac

10 permit any any

MAC access list test

statistics per-entry

10 deny 0000.1111.2222 0000.0000.0000 0000.1111.3333 ffff.0000.0000

switch#

Related Commands

Command	Description
mac access-list	Configures a MAC ACL.
show access-lists	Displays all ACLs or a specific ACL.
show ip access-lists	Displays all IPv4 ACLs or a specific IPv4 ACL.

show platform afm info sup-tcam monitoring info

To display details about supervisor-region Ternary Content-Addressable Memory (TCAM) monitoring, use the show platform afm info sup-tcam monitoring info command.

show platform afm info sup-tcam monitoring info

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
7.1(4)N1(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to display details about sup-region TCAM monitoring:

switch# show platform afm info sup-tcam monitoring info

SUP TCAM Monitoring Info

========================

Periodic Monitoring Status : Enabled

Timer expiry : 1440 minutes

Number of iterations run : 1

Last iteration run at : Mon Aug 22 15:23:28 2016

SUP TCAM corruption detected : NO

Feasibility : Feasible

DB Restore status : Not restored

Related Commands

Command	Description
show platform afm info tcam access stats	Displays write access statistics per TCAM entry per ASIC per slot, along with the number of writes, clears and timestamps of the writes and clears since the previous switch reload.

show platform afm info tcam access stats

To display write access statistics per Ternary Content-Addressable Memory (TCAM) entry per ASIC per slot, along with the number of writes, clears and timestamps of the writes and clears since the previous switch reload, use the show platform afm info tcam access stats command.

show platform afm info tcam access stats [ASIC-ID]

Syntax Description

ASIC-ID

(Optional) Global ASIC-ID. The range is from 0 to 64.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
7.1(4)N1(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to display write access statistics per TCAM entry per ASIC per slot, along with the number of writes, clears and timestamps of the writes and clears since the previous switch reload:

switch# show platform afm info tcam access stats 2

Slot/Asic TCAM Index Writes Clears Corrupt Last Operation Timestamp

==================================================================================

0/2 2 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 1026 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 1030 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2168 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2171 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2172 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2173 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2174 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2178 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2180 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2181 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2182 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2183 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2184 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2186 1 0 NO Write Sun Feb 25 12:31:51 2001

0/2 2188 1 0 NO Write Sun Feb 25 12:31:51 2001

Related Commands

Command	Description
show platform afm info sup-tcam monitoring info	Displays details about supervisor-region TCAM monitoring.

show privilege

To show the current privilege level, username, and status of cumulative privilege support, use the show privileg e command.

show privilege

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

When the feature privilege command is enabled, privilege roles inherit the permissions of lower level privilege roles.

Examples

This example shows how to view the current privilege level, username, and status of cumulative privilege support:

switch# show privilege

User name: admin

Current privilege level: -1

Feature privilege: Enabled

switch#

Related Commands

Command	Description
enable	Enables a user to move to a higher privilege level.
enable secret priv-lvl	Enables a secret password for a specific privilege level.
feature privilege	Enables the cumulative privilege of roles for command authorization on RADIUS and TACACS+ servers.
username	Enables a user to use privilege levels for authorization.

show radius-server

To display RADIUS server information, use the show radius-server command.

Syntax Description

hostname	(Optional) RADIUS server Domain Name Server (DNS) name. The name is alphanumeric, case sensitive, and has a maximum of 256 characters.
ipv4-address	(Optional) RADIUS server IPv4 address in the A. B. C. D format.
ipv6-address	(Optional) RADIUS server IPv6 address in the X : X :: X : X format.
directed-request	(Optional) Displays the directed request configuration.
groups [ group-name ]	(Optional) Displays information about the configured RADIUS server groups. Supply a group-name to display information about a specific RADIUS server group.
sorted	(Optional) Displays sorted-by-name information about the RADIUS servers.
statistics	(Optional) Displays RADIUS statistics for the RADIUS servers. A hostname or IP address is required.

Command Default

Displays the global RADIUS server configuration.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

RADIUS preshared keys are not visible in the show radius-server command output. Use the show running-config radius command to display the RADIUS preshared keys.

Examples

This example shows how to display information for all RADIUS servers:

switch# show radius-server

retransmission count:1

timeout value:5

deadtime value:0

source interface:any available

total number of servers:1

following RADIUS servers are configured:

192.168.1.1:

available for authentication on port:1812

available for accounting on port:1813

RADIUS shared secret:********

switch#

This example shows how to display information for a specified RADIUS server:

switch# show radius-server 192.168.1.1

192.168.1.1:

available for authentication on port:1812

available for accounting on port:1813

RADIUS shared secret:********

idle time:0

test user:test

test password:********

switch#

This example shows how to display the RADIUS directed request configuration:

switch# show radius-server directed-request

disabled

switch#

This example shows how to display information for RADIUS server groups:

switch# show radius-server groups

total number of groups:2

following RADIUS server groups are configured:

group radius:

server: all configured radius servers

deadtime is 0

group RadServer:

server: 192.168.1.1 on auth-port 1812, acct-port 1813

deadtime is 0

switch#

This example shows how to display information for a specified RADIUS server group:

switch# show radius-server groups RadServer

group RadServer:

server: 10.193.128.5 on auth-port 1812, acct-port 1813

deadtime is 0

switch#

This example shows how to display sorted information for all RADIUS servers:

switch# show radius-server sorted

timeout value:5

retransmission count:1

deadtime value:0

source interface:any available

total number of servers:1

following RADIUS servers are configured:

192.168.1.1:

available for authentication on port:1812

available for accounting on port:1813

RADIUS shared secret:********

switch#

This example shows how to display statistics for a specified RADIUS servers:

switch# show radius-server statistics 192.168.1.1

Server is not monitored

Authentication Statistics

failed transactions: 0

sucessfull transactions: 0

requests sent: 0

requests timed out: 0

responses with no matching requests: 0

responses not processed: 0

responses containing errors: 0

Accounting Statistics

failed transactions: 0

sucessfull transactions: 0

requests sent: 0

requests timed out: 0

responses with no matching requests: 0

responses not processed: 0

responses containing errors: 0

switch#

Related Commands

Command	Description
show running-config radius	Displays the RADIUS information in the running configuration file.

show role

To display the user role configuration, use the show role command.

show role [ name role-name ]

Syntax Description

name role-name

(Optional) Displays information for a specific user role name.

Command Default

Displays information for all user roles.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display information for a specific user role:

switch# show role name MyRole

Role: MyRole

Description: new role

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 deny command pwd

switch#

This example shows how to display information for all user roles:

switch# show role

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

switch# show role

Role: network-admin

Description: Predefined network admin role has access to all commands

on the switch

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 permit read-write

Role: network-operator

Description: Predefined network operator role has access to all read

commands on the switch

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 permit read

Role: vdc-admin

Description: Predefined vdc admin role has access to all commands within

a VDC instance

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 permit read-write

Role: vdc-operator

Description: Predefined vdc operator role has access to all read commands

within a VDC instance

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 permit read

Role: priv-14

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 permit read-write

Role: priv-13

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-12

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-11

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-10

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-9

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-8

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-7

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-6

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-5

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-4

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-3

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-2

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-1

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

Role: priv-0

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

10 permit command traceroute6 *

9 permit command traceroute *

8 permit command telnet6 *

7 permit command telnet *

6 permit command ping6 *

5 permit command ping *

4 permit command ssh6 *

3 permit command ssh *

2 permit command enable *

Role: default-role

Description: This is a system defined role and applies to all users.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

5 permit command feature environment

4 permit command feature hardware

3 permit command feature module

2 permit command feature snmp

1 permit command feature system

Role: priv-15

Description: This is a system defined privilege role.

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 permit read-write

Role: MyRole

Description: new role

vsan policy: permit (default)

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 deny command pwd

switch#

Related Commands

Command	Description
role name	Configures user roles.

show role feature

To display the user role features, use the show role feature command.

show role feature [ detail | name feature-name ]

Syntax Description

detail	(Optional) Displays detailed information for all features.
name feature-name	(Optional) Displays detailed information for a specific feature. The name can be a maximum of 16 alphanumeric characters and is case sensitive.

Command Default

Displays a list of user role feature names.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the user role features:

switch# show role feature

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

aaa (AAA service related commands)

arp (ARP protocol related commands)

cdp (Cisco Discovery Protocol related commands)

l3vm (Layer 3 virtualization related commands)

ping (Network reachability test commands)

snmp (SNMP related commands)

radius (Radius configuration and show commands)

syslog (Syslog related commands)

tacacs (TACACS configuration and show commands)

install (Software install related commands)

license (License related commands)

callhome (Callhome configuration and show commands)

platform (Platform configuration and show commands)

access-list (IP access list related commands)

svi (Interface VLAN related commands)

vlan (Virtual LAN related commands)

eth-span (Ethernet SPAN related commands)

ethanalyzer (Ethernet Analyzer)

spanning-tree (Spanning Tree protocol related commands)

acl (FC ACL related commands)

sfm (ISCSI flow related commands)

fcns (Fibre Channel Name Server related commands)

fcsp (Fibre Channel Security Protocol related commands)

fdmi (FDMI related commands)

fspf (Fabric Shortest Path First protocol related commands)

rlir (Registered Link Incident Report related commands)

rscn (Registered State Change Notification related commands)

span (SPAN session relate commands)

vsan (VSAN configuration and show commands)

wwnm (WorldWide Name related commands)

zone (Zone related commands)

fcanalyzer (FC analyzer related commands)

switch#

This example shows how to display detailed information all the user role features:

switch# show role feature detail

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

aaa (AAA service related commands)

show aaa *

config t ; aaa *

aaa *

clear aaa *

debug aaa *

show accounting *

config t ; accounting *

accounting *

clear accounting *

debug accounting *

arp (ARP protocol related commands)

show ip arp *

config t; ip arp *

clear ip arp *

debug ip arp *

debug-filter ip arp *

cdp (Cisco Discovery Protocol related commands)

show cdp *

config t ; cdp *

cdp *

clear cdp *

debug cdp *

l3vm (Layer 3 virtualization related commands)

show vrf *

config t ; vrf *

routing-context vrf *

ping (Network reachability test commands)

show ping *

config t ; ping *

ping *

clear ping *

debug ping *

show ping6 *

config t ; ping6 *

ping6 *

clear ping6 *

debug ping6 *

show traceroute *

config t ; traceroute *

--More--

switch#

This example shows how to display detailed information for a specific user role feature named arp:

switch# show role feature name arp

In Cisco NX-OS Release 5.0(2)N1(1), this command displays the following output:

arp (ARP protocol related commands)

show ip arp *

config t; ip arp *

clear ip arp *

debug ip arp *

debug-filter ip arp *

switch#

Related Commands

Command	Description
role feature-group	Configures feature groups for user roles.
rule	Configures rules for user roles.

show role feature-group

To display the user role feature groups, use the show role feature-group command.

show role feature-group [ detail | name group-name ]

Syntax Description

detail	(Optional) Displays detailed information for all feature groups.
name group-name	(Optional) Displays detailed information for a specific feature group.

Command Default

Displays a list of user role feature groups.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the user role feature groups:

switch# show role feature-group

This example shows how to display detailed information about all the user role feature groups:

switch# show role feature-group detail

This example shows how to display information for a specific user role feature group:

switch# show role feature-group name SecGroup

Related Commands

Command	Description
role feature-group	Configures feature groups for user roles.
rule	Configures rules for user roles.

show rollback log

To display the log of configuration rollbacks on the switch, use the show rollback log command.

show rollback log { exec | verify }

Syntax Description

exec	Displays the rollback execution log.
verify	Displays the rollback verify log.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

If the rollback log is empty, the following message appears:

ERROR: Log Not Available

Examples

This example shows how to display the rollback execution log:

switch# show rolback log exec

--------------------------------------------------------------------------------

time: Mon, 06:16:02 06 Sep 2010

Status: success

--------------------------------------------------------------------------------

time: Mon, 07:58:36 06 Sep 2010

Status: success

--------------------------------------------------------------------------------

time: Mon, 09:48:58 06 Sep 2010

Status: success

switch#

This example shows how to display the rollback verification log:

switch# show rollback log verify

--------------------------------------------------------------------------------

time: Mon, 09:48:56 06 Sep 2010

Status: success

--------------------------------------------------------------------------------

time: Mon, 09:48:58 06 Sep 2010

Status: success

switch#

Related Commands

Command	Description
rollback	Restores the active configuration to the checkpoint state.

show running-config aaa

To display authentication, authorization, and accounting (AAA) configuration information in the running configuration, use the show running-config aaa command.

show running-config aaa [ all ]

Syntax Description

all

(Optional) Displays configured and default information.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the configured AAA information in the running configuration:

switch# show running-config aaa

Related Commands

Command	Description
aaa accounting default	Configures AAA methods for accounting.
aaa authentication login console	Configures AAA authentication methods for console login.
aaa authentication login default	Configures the default AAA authentication methods.
aaa authentication login error-enable	Configures the AAA authentication failure message to display on the console.
aaa authorization commands default	Configures default AAA authorization methods.
aaa authorization config-commands default	Configures the default AAA authorization methods for all configuration commands.
aaa group server radius	Creates a RADIUS server group.
aaa user default-role	Enables the default role assigned by the AAA server administrator for remote authentication.

show running-config aclmgr

To display the access control list (ACL) configuration in the running configuration, use the show running-config aclmgr command.

show running-config aclmgr [ all ]

Syntax Description

all

(Optional) Displays configured and default information.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the ACL running configuration:

switch# show running-config aclmgr

!Command: show running-config aclmgr

!Time: Tue Aug 31 05:01:56 2010

version 5.0(2)N1(1)

ip access-list BulkData

10 deny ip any any

ip access-list CriticalData

10 deny ip any any

ip access-list Scavenger

10 deny ip any any

mac access-list acl-mac

10 permit any any

ip access-list denyv4

20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments

30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400

40 permit icmp any any router-advertisement

60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn

70 permit igmp any any host-report

80 deny tcp any any rst

90 deny tcp any any ack

100 permit tcp any any fin

110 permit tcp any gt 300 any lt 400

130 deny tcp any range 200 300 any lt 600

140 deny tcp any range 200 300 any lt 600

ip access-list dot

statistics per-entry

10 permit ip 20.1.1.1 255.255.255.0 20.10.1.1 255.255.255.0 precedence flash-o

verride

<snip>

vlan access-map vacl-mac

match mac address acl-mac

action forward

statistics per-entry

vlan filter vacl-mac vlan-list 300

interface Ethernet1/1

ipv6 port traffic-filter denv6 in

interface Ethernet1/2

ip port access-group voice in

interface Ethernet1/9

ipv6 port traffic-filter denv6 in

interface Ethernet1/10

ipv6 port traffic-filter denv6 in

line vty

access-class myACList in

access-class myACList out

ipv6 access-class myI6List out

switch#

This example shows how to display only the VTY running configuration:

switch# show running-config aclmgr | begin vty

line vty

access-class myACList in

access-class myACList out

ipv6 access-class myI6List out

switch#

Related Commands

Command	Description
access-class	Configures access classes for VTY.
copy running-config startup-config	Copies the running configuration to the startup configuration file.
ip access-class	Configures IPv4 access classes for VTY.
ipv6 access-class	Configures IPv6 access classes for VTY.
show startup-config aclmgr	Displays the ACL startup configuration.

show running-config arp

To display the Address Resolution Protocol (ARP) configuration in the running configuration, use the show running-config arp command.

show running-config arp [ all ]

Syntax Description

all

(Optional) Displays configured and default information.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the ARP configuration:

switch# show running-config arp

!Command: show running-config arp

!Time: Mon Aug 23 07:33:15 2010

version 5.0(2)N1(1)

ip arp timeout 2100

ip arp event-history errors size medium

interface Vlan10

ip arp 10.193.131.37 00C0.4F00.0000

switch#

This example shows how to display the ARP configuration with the default information:

switch# show running-config arp all

!Command: show running-config arp all

!Time: Mon Aug 23 07:33:52 2010

version 5.0(2)N1(1)

ip arp timeout 1500

ip arp event-history cli size small

ip arp event-history snmp size small

ip arp event-history client-errors size small

ip arp event-history client-event size small

ip arp event-history lcache-errors size small

ip arp event-history lcache size small

ip arp event-history errors size small

ip arp event-history ha size small

ip arp event-history event size small

ip arp event-history packet size small

interface Vlan10

ip arp 10.193.131.37 00C0.4F00.0000

ip arp gratuitous update

ip arp gratuitous request

switch#

Related Commands

Command	Description
copy running-config startup-config	Copies the running configuration to the startup configuration file.
ip arp event-history errors	Logs ARP debug events into the event history buffer.
ip arp timeout	Configures an ARP timeout.
ip arp inspection	Displays general information about DHCP snooping.
show startup-config arp	Displays the ARP startup configuration.

show running-config dhcp

To display the Dynamic Host Configuration Protocol (DHCP) snooping configuration in the running configuration, use the show running-config dhcp command.

show running-config dhcp [ all ]

Syntax Description

all

(Optional) Displays configured and default information.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

To use this command, you must enable the DHCP snooping feature using the feature dhcp command.

Examples

This example shows how to display the DHCP snooping configuration:

switch# show running-config dhcp

!Command: show running-config dhcp

!Time: Mon Aug 23 09:09:11 2010

version 5.0(2)N1(1)

feature dhcp

ip dhcp snooping

ip dhcp snooping information option

service dhcp

ip dhcp relay

ip dhcp relay information option

ip arp inspection filter arp-acl-01 vlan 15,37-48

switch#

This example shows how to display the DHCP snooping configuration with the default information:

switch# show running-config dhcp all

!Command: show running-config dhcp all

!Time: Mon Aug 23 09:10:11 2010

version 5.0(2)N1(1)

feature dhcp

ip dhcp snooping

ip dhcp snooping information option

ip dhcp snooping verify mac-address

service dhcp

ip dhcp relay

ip dhcp relay information option

no ip dhcp relay sub-option type cisco

no ip dhcp relay information option vpn

no ip arp inspection validate src-mac dst-mac ip

ip arp inspection log-buffer entries 32

no ip dhcp packet strict-validation

interface port-channel23

no ip dhcp snooping trust

no ip arp inspection trust

no ip verify source dhcp-snooping-vlan

interface port-channel67

no ip dhcp snooping trust

no ip arp inspection trust

no ip verify source dhcp-snooping-vlan

interface port-channel150

no ip dhcp snooping trust

no ip arp inspection trust

no ip verify source dhcp-snooping-vlan

interface port-channel400

no ip dhcp snooping trust

no ip arp inspection trust

no ip verify source dhcp-snooping-vlan

<--output truncated-->

switch#

This example shows how to display the DHCP snooping configuration and the IP Source Guard information on a switch that runs Cisco NX-OS Release 5.0(3)N1(1):

switch# show running-config dhcp

!Command: show running-config dhcp

!Time: Sat Apr 19 06:18:33 2008

version 5.0(3)N1(1)

feature dhcp

ip dhcp snooping

ip dhcp snooping information option

interface Ethernet1/2

ip dhcp snooping trust

ip verify source dhcp-snooping-vlan

interface Ethernet1/5

ip verify source dhcp-snooping-vlan

ip source binding 10.0.0.7 002f.23bd.0014 vlan 5 interface Ethernet1/2

ip source binding 10.5.22.7 001f.28bd.0013 vlan 100 interface Ethernet1/5

switch#

Related Commands

Command	Description
copy running-config startup-config	Copies the running configuration to the startup configuration.
feature dhcp	Enables the DHCP snooping feature on the device.
ip dhcp snooping	Globally enables DHCP snooping on the device.
ip verify source	Enables IP Source Guard on a Layer 2 interface.
show ip dhcp snooping	Displays general information about DHCP snooping.
show ip verify source	Displays the IP-MAC address bindings.
show startup-config dhcp	Displays the DHCP startup configuration.

show running-config radius

To display RADIUS server information in the running configuration, use the show running-config radius command.

show running-config radius [ all ]

Syntax Description

all

(Optional) Displays default RADIUS configuration information.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display information for RADIUS in the running configuration:

switch# show running-config radius

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

!Command: show running-config radius

!Time: Wed Aug 25 10:25:41 2010

version 5.0(2)N1(1)

radius-server host 192.168.1.1 key 7 "KkwyCet" authentication accounting

aaa group server radius r1

server 192.168.1.1

switch#

Related Commands

Command	Description
show radius-server	Displays RADIUS information.

show running-config security

To display user account, Secure Shell (SSH) server, and Telnet server information in the running configuration, use the show running-config security command.

show running-config security [ all ]

Syntax Description

all

(Optional) Displays default user account, SSH server, and Telnet server configuration information.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display user account, SSH server, and Telnet server information in the running configuration:

switch# show running-config security

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

!Command: show running-config security

!Time: Wed Aug 25 10:27:20 2010

version 5.0(2)N1(1)

feature telnet

username admin password 5 $1$eKzwPRms$5QB0PxpkXdp6ZKkME/vSS1 role network-admin

username praveena password 5 $1$9w6ZnM/R$Pg5OfsV/vkOaAGW.f.RyP. role network-op

erator

username install password 5 ! role network-admin

username user1 password 5 ! role priv-5

no password strength-check

switch#

Related Commands

Command	Description
ssh	Creates a Secure Shell (SSH) connection using IPv4.
ssh6	Creates a Secure Shell (SSH) connection using IPv6.
telnet	Creates a Telnet session using IPv4.
telnet6	Creates a Telnet session using IPv6.
username	Configures a user account.

show ssh key

To display the Secure Shell (SSH) server key, use the show ssh key command.

show ssh key

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

This command is available only when SSH is enabled using the ssh server enable command.

Examples

This example shows how to display the SSH server key:

switch# show ssh key

In Cisco NX-OS Release 5.0(2)N1(1), the following output is displayed:

**************************************

rsa Keys generated:Mon Aug 2 22:49:27 2010

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0iACA1fHAeIaY6PD5fSBLqGX3MIn+k72qhdvLNib7dL7

8CRQVS1AlQiDDTrvyIfRZ5yHMDQndvcmRfkJzluSCW2FP8vokZ66aXFk8TBTFc5Bn3NUiUyPZyhPtFD2

LaHBCkxl0MxEP+nmPJ6Qf6mBzZVAIdLw8Nd64ZwqVHHjeFc=

bitcount:1024

fingerprint:

bb:bf:a4:c0:22:3b:70:15:e4:2b:2b:bb:08:41:82:d4

**************************************

could not retrieve dsa key information

**************************************

switch#

Related Commands

Command	Description
ssh server key	Configures the SSH server key.

show ssh server

To display the Secure Shell (SSH) server status, use the show ssh server command.

show ssh server

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the SSH server status:

switch# show ssh server

ssh version 2 is enabled

switch#

Related Commands

Command	Description
ssh server enable	Enables the SSH server.

show startup-config aaa

To display authentication, authorization, and accounting (AAA) configuration information in the startup configuration, use the show startup-config aaa command.

show startup-config aaa

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the AAA information in the startup configuration:

switch# show startup-config aaa

Related Commands

Command	Description
show running-config aaa	Displays AAA configuration information in the running configuration.

show startup-config aclmgr

To display the access control list (ACL) configuration in the startup configuration, use the show startup-config aclmgr command.

show startup-config aclmgr [ all ]

Syntax Description

all

(Optional) Displays configured and default information.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the ACL startup configuration:

switch# show startup-config aclmgr

!Command: show startup-config aclmgr

!Time: Tue Aug 31 05:01:58 2010

version 5.0(2)N1(1)

ip access-list BulkData

10 deny ip any any

ip access-list CriticalData

10 deny ip any any

ip access-list Scavenger

10 deny ip any any

mac access-list acl-mac

10 permit any any

ip access-list denyv4

20 deny ip 10.10.10.0/24 10.20.10.0/24 fragments

30 permit udp 10.10.10.0/24 10.20.10.0/24 lt 400

40 permit icmp any any router-advertisement

60 deny tcp 10.10.10.0/24 10.20.10.0/24 syn

70 permit igmp any any host-report

80 deny tcp any any rst

90 deny tcp any any ack

100 permit tcp any any fin

110 permit tcp any gt 300 any lt 400

130 deny tcp any range 200 300 any lt 600

140 deny tcp any range 200 300 any lt 600

<snip>

vlan access-map vacl-mac

match mac address acl-mac

action forward

statistics per-entry

vlan filter vacl-mac vlan-list 300

interface Ethernet1/1

ipv6 port traffic-filter denv6 in

interface Ethernet1/2

ip port access-group voice in

interface Ethernet1/9

ipv6 port traffic-filter denv6 in

interface Ethernet1/10

ipv6 port traffic-filter denv6 in

line vty

access-class myACList in

access-class myACList out

ipv6 access-class myI6List out

switch#

This example shows how to display only the VTY startup configuration:

switch# show startup-config aclmgr | begin vty

line vty

access-class myACList in

access-class myACList out

ipv6 access-class myI6List out

switch#

Related Commands

Command	Description
access-class	Configures access classes for VTY.
copy running-config startup-config	Copies the running configuration to the startup configuration file.
ip access-class	Configures IPv4 access classes for VTY.
ipv6 access-class	Configures IPv6 access classes for VTY.
show running-config aclmgr	Displays the ACL running configuration.

show startup-config arp

To display the Address Resolution Protocol (ARP) configuration in the startup configuration, use the show startup-config arp command.

show startup-config arp [ all ]

Syntax Description

all

(Optional) Displays configured and default information.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the ARP startup configuration:

switch# show startup-config arp

!Command: show running-config arp

!Time: Mon Aug 23 07:33:15 2010

version 5.0(2)N1(1)

ip arp timeout 2100

ip arp event-history errors size medium

interface Vlan10

ip arp 10.193.131.37 00C0.4F00.0000

switch#

Related Commands

Command	Description
copy running-config startup-config	Copies the running configuration to the startup configuration file.
ip arp event-history errors	Logs ARP debug events into the event history buffer.
ip arp timeout	Configures an ARP timeout.
ip arp inspection	Displays general information about DHCP snooping.
show running-config arp	Displays the ARP running configuration.

show startup-config dhcp

To display the Dynamic Host Configuration Protocol (DHCP) snooping configuration in the startup configuration, use the show running-config dhcp command.

show running-config dhcp [ all ]

Syntax Description

all

(Optional) Displays configured and default information.

Command Default

None

Command Modes

Any command mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

To use this command, you must enable the DHCP snooping feature using the feature dhcp command.

Examples

This example shows how to display the DHCP snooping configuration in the startup configuration file:

switch# show startup-config dhcp

!Command: show startup-config dhcp

!Time: Mon Aug 23 09:09:14 2010

version 5.0(2)N1(1)

feature dhcp

ip dhcp snooping

ip dhcp snooping information option

service dhcp

ip dhcp relay

ip dhcp relay information option

ip arp inspection filter arp-acl-01 vlan 15,37-48

switch#

Related Commands

Command	Description
copy running-config startup-config	Copies the running configuration to the startup configuration.
feature dhcp	Enables the DHCP snooping feature on the device.
show running-config dhcp	Displays the DHCP running configuration.

show startup-config radius

To display RADIUS configuration information in the startup configuration, use the show startup-config radius command.

show startup-config radius

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the RADIUS information in the startup configuration:

switch# show startup-config radius

Related Commands

Command	Description
show running-config radius	Displays RADIUS server information in the running configuration.

show startup-config security

To display user account, Secure Shell (SSH) server, and Telnet server configuration information in the startup configuration, use the show startup-config security command.

show startup-config security

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the user account, SSH server, and Telnet server information in the startup configuration:

switch# show startup-config security

Related Commands

Command	Description
show running-config security	Displays user account, Secure Shell (SSH) server, and Telnet server information in the running configuration.

show tacacs-server

To display TACACS+ server information, use the show tacacs-server command.

Syntax Description

hostname	(Optional) TACACS+ server Domain Name Server (DNS) name. The maximum character size is 256.
ipv4-address	(Optional) TACACS+ server IPv4 address in the A. B. C. D format.
ipv6-address	(Optional) TACACS+ server IPv6 address in the X : X : X :: X format.
directed-request	(Optional) Displays the directed request configuration.
groups	(Optional) Displays information about the configured TACACS+ server groups.
sorted	(Optional) Displays sorted-by-name information about the TACACS+ servers.
statistics	(Optional) Displays TACACS+ statistics for the TACACS+ servers.

Command Default

Displays the global TACACS+ server configuration.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

TACACS+ preshared keys are not visible in the show tacacs-server command output. Use the show running-config tacacs+ command to display the TACACS+ preshared keys.

You must use the feature tacacs+ command before you can display TACACS+ information.

Examples

This example shows how to display information for all TACACS+ servers:

switch# show tacacs-server

This example shows how to display information for a specified TACACS+ server:

switch# show tacacs-server 192.168.2.2

This example shows how to display the TACACS+ directed request configuration:

switch# show tacacs-server directed-request

This example shows how to display information for TACACS+ server groups:

switch# show tacacs-server groups

This example shows how to display information for a specified TACACS+ server group:

switch# show tacacs-server groups TacServer

This example shows how to display sorted information for all TACACS+ servers:

switch# show tacacs-server sorted

This example shows how to display statistics for a specified TACACS+ server:

switch# show tacacs-server statistics 192.168.2.2

Related Commands

Command	Description
show running-config tacacs+	Displays the TACACS+ information in the running configuration file.

show telnet server

To display the Telnet server status, use the show telnet server command.

show telnet server

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display the Telnet server status:

switch# show telnet server

Related Commands

Command	Description
telnet server enable	Enables the Telnet server.

show user-account

To display information about the user accounts on the switch, use the show user-account command.

show user-account [ name ]

Syntax Description

name

(Optional) Information about the specified user account only.

Command Default

Displays information about all the user accounts defined on the switch.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display information about all the user accounts defined on the switch:

switch# show user-account

user:admin

this user account has no expiry date

roles:network-admin

user:mable

this user account has no expiry date

roles:network-operator

user:install

this user account has no expiry date

roles:network-admin

no password set. Local login not allowed

Remote login through RADIUS/TACACS+ is possible

user:user1

this user account has no expiry date

roles:priv-5

no password set. Local login not allowed

Remote login through RADIUS/TACACS+ is possible

switch#

This example shows how to display information about a specific user account:

switch# show user-account admin

user:admin

this user account has no expiry date

roles:network-admin

switch#

Related Commands

Command	Description
username	Configures a user account.

show users

To display the users currently logged on the switch, use the show users command.

show users

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display all the users currently logged on the switch:

switch# show users

NAME LINE TIME IDLE PID COMMENT

admin ttyS0 Aug 24 22:19 10:41 4681

admin pts/0 Aug 25 03:39. 8890 (72.163.177.191) *

switch#

Related Commands

Command	Description
clear user	Logs out a specific user.
username	Creates and configures a user account.

show vlan access-list

To display the contents of the IPv4 access control list (ACL) or MAC ACL associated with a specific VLAN access map, use the show vlan access-list command.

show vlan access-list map-name

Syntax Description

map-name

VLAN access list to show.

Command Default

None

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

For the specified VLAN access map, the switch displays the access map name and the contents of the ACL associated with the map.

Examples

This example shows how to display the contents of the ACL associated with the specified VLAN access map:

switch# show vlan access-list vlan1map

Related Commands

Command	Description
ip access-list	Creates or configures an IPv4 ACL.
mac access-list	Creates or configures a MAC ACL.
show access-lists	Displays information about how a VLAN access map is applied.
show ip access-lists	Displays all IPv4 ACLs or a specific IPv4 ACL.
show mac access-lists	Displays all MAC ACLs or a specific MAC ACL.
vlan access-map	Configures a VLAN access map.

show vlan access-map

To display all VLAN access maps or a VLAN access map, use the show vlan access-map command.

show vlan access-map [ map-name ]

Syntax Description

map-name

(Optional) VLAN access map to show.

Command Default

The switch shows all VLAN access maps, unless you use the map-name argument to select a specific access map.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Usage Guidelines

For each VLAN access map displayed, the switch shows the access map name, the ACL specified by the match command, and the action specified by the action command.

Use the show vlan filter command to see which VLANs have a VLAN access map applied to them.

Examples

This example shows how to display a specific VLAN access map:

switch# show vlan access-map vlan1map

This example shows how to display all VLAN access maps:

switch# show vlan access-map

Vlan access-map vacl-mac

match mac: acl-mac

action: forward

statistics per-entry

switch#

Related Commands

Command	Description
action	Specifies an action for traffic filtering in a VLAN access map.
match	Specifies an ACL for traffic filtering in a VLAN access map.
show vlan filter	Displays information about how a VLAN access map is applied.
vlan access-map	Configures a VLAN access map.
vlan filter	Applies a VLAN access map to one or more VLANs.

show vlan filter

To display information about instances of the vlan filter command, including the VLAN access map and the VLAN IDs affected by the command, use the show vlan filter command.

show vlan filter [ access-map map-name | vlan vlan-id ]

Syntax Description

access-map map-name	(Optional) Limits the output to VLANs that the specified access map is applied to.
vlan vlan-id	(Optional) Limits the output to access maps that are applied to the specified VLAN only.

Command Default

All instances of VLAN access maps applied to a VLAN are displayed, unless you use the access-map keyword and specify an access map or you use the vlan keyword and specify a VLAN ID.

Command Modes

EXEC mode

Command History

Release	Modification
6.0(2)N1(1)	This command was introduced.

Examples

This example shows how to display all VLAN access map information on the switch:

switch# show vlan filter

vlan map vacl-mac:

Configured on VLANs: 300

switch#

Related Commands

Command	Description
action	Specifies an action for traffic filtering in a VLAN access map.
match	Specifies an ACL for traffic filtering in a VLAN access map.
show vlan access-map	Displays all VLAN access maps or a VLAN access map.
vlan access-map	Configures a VLAN access map.
vlan filter	Applies a VLAN access map to one or more VLANs.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)