Table Of Contents

show running-config ldap through show running-config wccp Commands

show running-config ldap

show running-config logging

show running-config mac-address

show running-config mac-address-table

show running-config mac-learn

show running-config mac-list

show running-config management-access

show running-config monitor-interface

show running-config mroute

show running-config mtu

show running-config multicast-routing

show running-config name

show running-config nameif

show running-config names

show running-config nat

show running-config nat-control

show running-config ntp

show running-config object-group

show running-config passwd

show running-config pim

show running-config policy-map

show running-config pop3s

show running-config port-forward

show running-config prefix-list

show running-config priority-queue

show running-config privilege

show running-config regex

show running-config route

show running-config route-map

show running-config router

show running-config same-security-traffic

show running-config service

show running-config service-policy

show running-config sla monitor

show running-config snmp-map

show running-config snmp-server

show running-config ssh

show running-config ssl

show running-config static

show running-config sunrpc-server

show running-config sysopt

show running-config tcp-map

show running-config telnet

show running-config terminal

show running-config tftp-server

show running-config timeout

show running-config track

show running-config tunnel-group

show running-config url-block

show running-config url-cache

show running-configuration url-list

show running-config url-server

show running-config username

show running-config virtual

show running-config vpn load-balancing

show running-config webvpn

show running-config webvpn auto-signon

show running-config zonelabs-integrity

show running-config smtps

show running-config vpdn

show running-configuration vpn-sessiondb

show running-config wccp

show running-config ldap through show running-config wccp Commands

---

show running-config ldap

To display the LDAP attribute name and value mappings in running LDAP attribute maps, use the show running-config ldap command in privileged EXEC mode.

show running-config [all] ldap attribute-map name

Syntax Description

Syntax DescriptionSyntax Description

all	Displays all LDAP attribute maps.
name	Specifies an individual LDAP attribute map for display.

Defaults

By default, all attribute maps, mapped names, and mapped values display.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.1(1)	This command was introduced.

Usage Guidelines

Use this command to display the LDAP attribute name and value mappings contained in attribute maps running on your security appliance. You can display all the attribute maps using the all option, or you can display a single attribute map by specifying the map name. If you enter neither the all option nor an LDAP attribute map name, all attribute maps, mapped names, and mapped values display.

Examples

The following example, entered in privileged EXEC mode, displays the attribute name and value mappings for a specific running attribute map, "myldapmap":

hostname# show running-config ldap attribute-map myldapmap

map-name Hours cVPN3000-Access-Hours

map-value Hours workDay Daytime

The following command displays all attribute name and value mappings within all running attribute maps:

hostname# show running-config all ldap attribute-map

Related Commands

Command	Description
ldap attribute-map (global config mode)	Creates and names an LDAP attribute map for mapping user-defined attribute names to Cisco LDAP attribute names.
ldap-attribute-map (aaa-server host mode)	Binds an LDAP attribute map to an LDAP server.
map-name	Maps a user-defined LDAP attribute name with a Cisco LDAP attribute name.
map-value	Maps a user-defined attribute value to a Cisco attribute.
clear configure ldap attribute-map	Removes all LDAP attribute maps.

show running-config logging

To display all currently running logging configuration, use the show runnig-config logging command in privileged EXEC mode.

show running-config [all] logging [level | disabled]

Syntax Description

all	(Optional) Displays the logging configuration, including commands that you have not changed from the default.
disabled	(Optional) Displays only the disabled system log message configuration.
level	(Optional) Displays only the configuration for system log messages with a non-default severity level.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1) (1)	This command was changed from the show logging command.

Examples

The following is an example of the show running-config logging disabled command:

hostname# show running-config logging disabled

no logging message 720067

Related Commands

Command	Description
logging message	Configures logging.
show logging	Shows the log buffer and other logging settings.

show running-config mac-address

To show the mac-address auto configuration in the running configuration, use the show running-config mac-address command in privileged EXEC mode.

show running-config mac-address

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following is sample output from the show running-config mac-address command:

hostname# show running-config mac-address

no mac-address auto

Related Commands

Command	Description
failover mac address	Sets the active and standby MAC address of a physical interface for Active/Standby failover.
mac address	Sets the active and standby MAC address of a physical interface for Active/Active failover.
mac-address	Manually sets the MAC address (active and standby) for a physical interface or subinterface. In multiple context mode, you can set different MAC addresses in each context for the same interface.
mac-address auto	Auto-generates MAC addresses (active and standby) for shared interfaces in multiple context mode.
show interface	Shows the interface characteristics, including the MAC address.

show running-config mac-address-table

To view the mac-address-table static and mac-address-table aging-time configuration in the running configuration, use the show running-config mac-address-table command in privileged EXEC mode.

show running-config mac-address-table

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config mac-learn command:

hostname# show running-config mac-address-table

mac-address-table aging-time 50

mac-address-table static inside1 0010.7cbe.6101

Related Commands

Command	Description
firewall transparent	Sets the firewall mode to transparent.
mac-address-table aging-time	Sets the timeout for dynamic MAC address entries.
mac-address-table static	Adds static MAC address entries to the MAC address table.
mac-learn	Disables MAC address learning.
show mac-address-table	Shows the MAC address table, including dynamic and static entries.

show running-config mac-learn

To view the mac-learn configuration in the running configuration, use the show running-config mac-learn command in privileged EXEC mode.

show running-config mac-learn

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config mac-learn command:

hostname# show running-config mac-learn

mac-learn disable

Related Commands

Command	Description
firewall transparent	Sets the firewall mode to transparent.
mac-address-table static	Adds static MAC address entries to the MAC address table.
mac-learn	Disables MAC address learning.
show mac-address-table	Shows the MAC address table, including dynamic and static entries.

show running-config mac-list

To display a list of MAC addresses previously specified in a mac-list command with the indicated MAC list number, use the show running-config mac-list command in privileged EXEC mode.

show running-config mac-list id

Syntax Description

id	A hexadecimal MAC address list number.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was modified to conform to CLI guidelines.

Usage Guidelines

The show running-config aaa command displays the mac-list command statements as part of the AAA configuration.

Examples

The following example shows how to display a MAC address list with the id equal to adc:

hostname(config)# show running-config mac-list adc

mac-list adc permit 00a0.cp5d.0282 ffff.ffff.ffff

mac-list adc deny 00a1.cp5d.0282 ffff.ffff.ffff

mac-list ac permit 0050.54ff.0000 ffff.ffff.0000

mac-list ac deny 0061.54ff.b440 ffff.ffff.ffff

mac-list ac deny 0072.54ff.b440 ffff.ffff.ffff

Related Commands

Command	Description
mac-list	Add a list of MAC addresses using a first-match search.
clear configure mac-list	Remove the indicated mac-list command statements.
show running-config aaa	Display the running AAA configuration values.

show running-config management-access

To display the name of the internal interface configured for management access, use the show running-config management-access command in privileged EXEC mode.

show running-config management-access

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
Preexisting	This command was preexisting.

Usage Guidelines

The management-access command lets you define an internal management interface using the IP address of the firewall interface specified in mgmt_if. (The interface names are defined by the nameif command and displayed in quotes, " ", in the output of the show interface command.)

Examples

The following example shows how to configure a firewall interface named "inside" as the management access interface and display the result:

hostname# management-access inside

hostname# show running-config management-access

management-access inside

Related Commands

Command	Description
clear configure management-access	Removes the configuration of an internal interface for management access of the security appliance.
management-access	Configures an internal interface for management access.

show running-config monitor-interface

To display all monitor-interface commands in the running configuration, use the show running-config monitor-interface command in privileged EXEC mode.

show running-config [all] monitor-interface

Syntax Description

all	(Optional) Shows all monitor-interface commands, including the commands you have not changed from the default.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The monitor-interface command is enabled on all physical interfaces by default. You need to use the all keyword with this command to view this default configuration.

Examples

The following is sample output from the show running-config monitor-interface command. The first time the command is entered without the all keyword, so only the interface that has monitoring enabled appears in the output. The second time the command is entered with the all keyword, so the default monitor-interface configuration is also show.

hostname# show running-config monitor-interface

no monitor-interface outside

hostname#

hostname# show running-config all monitor-interface

monitor-interface inside

no monitor-interface outside

hostname#

Related Commands

Command	Description
monitor-interface	Enables health monitoring of a designated interface for failover purposes.
clear configure monitor-interface	Removes the no monitor-interface commands in the running configuration and restores the default interface health monitoring stance.

show running-config mroute

To display the static multicast route table in the configuration use the show running-config mroute command in privileged EXEC mode.

show running-config mroute [dst [src]]

Syntax Description

dst	The Class D address of the multicast group.
src	The IP address of the multicast source.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword running-config.

Examples

The following is sample output from the show running-config mroute command:

hostname# show running-config mroute

Related Commands

Command	Description
mroute	Configures a static multicast route.

show running-config mtu

To display the current maximum transmission unit block size, use the show running-config mtu command in privileged EXEC mode.

show running-config mtu [interface_name]

Syntax Description

interface_name

(Optional) Internal or external network interface name.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Examples

The following is sample output from the show running-config mtu command:

hostname# show running-config mtu

mtu outside 1500

mtu inside 1500

mtu dmz 1500

hostname# show running-config mtu outside

mtu outside 1500

Related Commands

Command	Description
clear configure mtu	Clears the configured maximum transmission unit values on all interfaces.
mtu	Specifies the maximum transmission unit for an interface.

show running-config multicast-routing

To display the multicast-routing command, if present, in the running configuration, use the show running-config multicast-routing command in privileged EXEC mode.

show running-config multicast-routing

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show running-config multicast-routing command displays the multicast-routing command in the running configuration. Enter the clear configure multicast-routing command to remove the multicast-routing command from the running configuration.

Examples

The following is sample output from the show running-config multicast-routing command:

hostname# show running-config multicast-routing

multicast-routing

Related Commands

Command	Description
clear configure multicast-routing	Removes the multicast-routing command from the running configuration.
multicast-routing	Enables multicast routing on the security appliance.

show running-config name

To display a list of names associated with IP addresses (configured with the name command), use the show running-config name command in privileged EXEC mode.

show running-config name

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

This example shows how to display a list of names associated with IP addresses:

hostname# show running-config name

name 192.168.42.3 sa_inside

name 209.165.201.3 sa_outside

Related Commands

Command	Description
clear configure name	Clears the list of names from the configuration.
name	Associates a name with an IP address.

show running-config nameif

To show the interface name configuration in the running configuration, use the show running-config nameif command in privileged EXEC mode.

show running-config nameif [physical_interface[.subinterface] | mapped_name]

Syntax Description

mapped_name	(Optional) In multiple context mode, identifies the mapped name if it was assigned using the allocate-interface command.
physical_interface	(Optional) Identifies the interface ID, such as gigabitethernet0/1. See the interface command for accepted values.
subinterface	(Optional) Identifies an integer between 1 and 4294967293 designating a logical subinterface.

Defaults

If you do not specify an interface, this command shows the interface name configuration for all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was changed from show nameif.

Usage Guidelines

In multiple context mode, if you mapped the interface ID in the allocate-interface command, you can only specify the mapped name in a context.

This display also shows the security-level command configuration.

Examples

The following is sample output from the show running-config nameif command:

hostname# show running-config nameif

!

interface GigabitEthernet0/0

 nameif inside

 security-level 100

!

interface GigabitEthernet0/1

 nameif test

 security-level 0

!

Related Commands

Command	Description
allocate-interface	Assigns interfaces and subinterfaces to a security context.
clear configure interface	Clears the interface configuration.
interface	Configures an interface and enters interface configuration mode.
nameif	Sets the interface name.
security-level	Sets the security level for the interface.

show running-config names

To display the IP address-to-name conversions, use the show running-config names command in privileged EXEC mode.

show running-config names

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Use with the names command.

Examples

The following example shows how to display the IP address-to-name conversion:

hostname# show running-config names

name 192.168.42.3 sa_inside

name 209.165.201.3 sa_outside

Related Commands

Command	Description
clear configure name	Clears the list of names from the configuration.
name	Associates a name with an IP address.
names	Enables IP address-to-name conversions that you can configured with the name command.
show running-config name	Displays a list of names associated with IP addresses.

show running-config nat

To display a pool of global IP addresses that are associated with a network, use the show running-config nat command in privileged EXEC mode.

show running-config nat [interface_name] [nat_id]

Syntax Description

interface_name	(Optional) Name of the network interface.
nat_id	(Optional) ID of the group of host or networks.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword running-config.

Usage Guidelines

This command displays the maximum connection value for the UDP protocol. Every time the UPD maximum connection value is not set, the value will be displayed as 0 by default and will not be applied.

---

Note In transparent mode, only NAT ID 0 is valid.

---

Examples

This example shows how to display a pool of global IP addresses that are associated with a network:

hostname# show running-config nat

nat (inside) 1001 10.7.2.0 255.255.255.224 0 0

nat (inside) 1001 10.7.2.32 255.255.255.224 0 0

nat (inside) 1001 10.7.2.64 255.255.255.224 0 0

nat (inside) 1002 10.7.2.96 255.255.255.224 0 0

nat (inside) 1002 10.7.2.128 255.255.255.224 0 0

nat (inside) 1002 10.7.2.160 255.255.255.224 0 0

nat (inside) 1003 10.7.2.192 255.255.255.224 0 0

nat (inside) 1003 10.7.2.224 255.255.255.224 0 0

Related Commands

Command	Description
clear configure nat	Removes the NAT configuration.
nat	Associates a network with a pool of global IP addresses.

show running-config nat-control

To show the NAT configuration requirement, use the show running-config nat-control command in privileged EXEC mode.

show running-config nat-control

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config nat-control command:

hostname# show running-config nat-control

no nat-control

Related Commands

Command	Description
nat	Defines an address on one interface that is translated to a global address on another interface.
nat-control	Allows inside hosts to communicate with outside networks without configuring a NAT rule.

show running-config ntp

To show the NTP configuration in the running configuration, use the show running-config ntp command in privileged EXEC mode.

show running-config ntp

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config ntp command:

hostname# show running-config ntp

ntp authentication-key 1 md5 test2

ntp authentication-key 2 md5 test

ntp trusted-key 1

ntp trusted-key 2

ntp server 10.1.1.1 key 1

ntp server 10.2.1.1 key 2 prefer

Related Commands

Command	Description
ntp authenticate	Enables NTP authentication.
ntp authentication-key	Sets an encrypted authentication key to synchronize with an NTP server.
ntp server	Identifies an NTP server.
ntp trusted-key	Provides a key ID for the security appliance to use in packets for authentication with an NTP server.
show ntp status	Shows the status of the NTP association.

show running-config object-group

To display the current object groups, use the show running-config object-group command in privileged EXEC mode.

show running-config [all] object-group [protocol | service | network | icmp-type | id obj_grp_id]

Syntax Description

icmp-type	(Optional) Displays ICMP type object groups.
id obj_grp_id	(Optional) Displays the specified object group.
network	(Optional) Displays network object groups.
protocol	(Optional) Displays protocol object groups.
service	(Optional) Displays service object groups.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was preexisting.

Examples

The following is sample output from the show running-config object-group command:

hostname# show running-config object-group

object-group protocol proto_grp_1

	protocol-object udp

	protocol-object tcp

object-group service eng_service tcp

	port-object eq smtp

	port-object eq telnet

object-group icmp-type icmp-allowed

	icmp-object echo

	icmp-object time-exceeded

Related Commands

Command	Description
clear configure object-group	Removes all the object group commands from the configuration.
group-object	Adds network object groups.
network-object	Adds a network object to a network object group.
object-group	Defines object groups to optimize your configuration.
port-object	Adds a port object to a service object group.

show running-config passwd

To show the encrypted login passwords, use the show running-config passwd command in privileged EXEC mode.

show running-config {passwd | password}

Syntax Description

passwd | password

You can enter either command; they are aliased to each other.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from the show passwd command.

Usage Guidelines

The password is saved to the configuration in encrypted form, so you cannot view the original password after you enter it. The password displays with the encrypted keyword to indicate that the password is encrypted.

Examples

The following is sample output from the show running-config passwd command:

hostname# show running-config passwd

passwd 2AfK9Kjr3BE2/J2r encrypted

Related Commands

Command	Description
clear configure passwd	Clears the login password.
enable	Enters privileged EXEC mode.
enable password	Sets the enable password.
passwd	Sets the login password.
show curpriv	Shows the currently logged in username and the user privilege level.

show running-config pim

To display the PIM commands in the running configuration, use the show running-config pim command in privileged EXEC mode.

show running-config pim

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show running-config pim command displays the pim commands entered in global configuration mode. It does not show the pim commands entered in interface configuration mode. To see the pim commands entered in interface configuration mode, enter the show running-config interface command.

Examples

The following is sample output from the show running-config pim command:

hostname# show running-config pim

pim old-register-checksum

pim spt-threshold infinity

Related Commands

Command	Description
clear configure pim	Removes the pim commands from the running configuration.
show running-config interface	Displays interface configuration commands entered in interface configuration mode.

show running-config policy-map

To display all the policy-map configurations or the default policy-map configuration, use the show running-config policy-map command in privileged EXEC mode.

show running-config [all] policy-map [policy_map_name | type inspect [protocol]]

Syntax Description

all	(Optional) Shows all commands, including the commands you have not changed from the default.
policy_map_name	(Optional) Shows the running configuration for a policy map name.
protocol	(Optional) Specifies the type of inspection policy map you want to show. Available types include: •dcerpc •dns •esmtp •ftp •gtp •h323 •http •im •mgcp •netbios •p2p •radius-accounting •sip •skinny •snmp
type inspect	(Optional) Shows inspection policy maps.

Defaults

Omitting the all keyword displays only the explicitly configured policy-map configuration.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Specifying the all keyword displays the default policy-map configuration as well as the explicitly configured policy-map configuration.

Examples

The following is sample output from the show running-config policy-map command:

hostname# show running-config policy-map

!

policy-map localmap1

description this is a test.

class firstclass

priority

ids promiscuous fail0close

set connection random-seq# enable

class class-default

!

Related Commands

Command	Description
policy-map	Configures a policy; that is, an association of a traffic class and one or more actions.
clear configure policy-map	Removes the entire policy configuration.

show running-config pop3s

To display the running configuration for POP3S, use the show running-config pop3s command in privileged EXEC mode. To have the display include the default configuration, use the all keyword.

show running-config [all] pop3s

Syntax Description

all	Displays the running configuration including default values.

Defaults

No default behavior or values.

Command History

Release	Modification
7.0(1)(1)	This command was introduced.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—
Global configuration	•	—	•	—	—
Webvpn	•	—	•	—	—

Examples

The following is sample output from the show running-config pop3s command:

hostname# show running-config pop3s

pop3s

 server 10.160.102.188

 authentication-server-group KerbSvr

 authentication aaa

hostname# show running-config all pop3s

pop3s

 port 995

 server 10.160.102.188

 outstanding 20

 name-separator :

 server-separator @

 authentication-server-group KerbSvr

 no authorization-server-group

 no accounting-server-group

 no default-group-policy

 authentication aaa

Related Commands

Command	Description
clear configure pop3s	Removes the POP3S configuration.
pop3s	Creates or edits a POP3S e-mail proxy configuration.

show running-config port-forward

To display the set(s) of applications that WebVPN users can access over forwarded TCP ports, use the show running-config port-forward command in privileged EXEC mode.

show running-config [all] port-forward

Syntax Description

all	(Optional) Displays the running configuration including default values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)(1)	This command was introduced.

Examples

The following is sample output from the show running-config port-forward command:

hostname# show running-config port-forward

port-forward Telnet 3500 10.148.1.5 23

port-forward Telnet 3501 10.148.1.81 23

port-forward Telnet 3502 10.148.1.82 23

port-forward SSH2 4976 10.148.1.81 22

port-forward SSH2 4977 10.148.1.85 22

port-forward Apps1 10143 flask.CompanyA.com 143

port-forward Apps1 10110 flask.CompanyA.com 110

port-forward Apps1 10025 flask.CompanyA.com 25

port-forward Apps1 11533 sametime-im.CompanyA.com 1533

port-forward Apps1 10022 ddts.CompanyA.com 22

port-forward Apps1 54000 10.148.1.5 23

port-forward Apps1 58000 vpn3060-1 23

port-forward Apps1 58001 vpn3005-1 23

hostname#

Related CommandsASA-4#

Command	Description
clear configure port-forward	Removes all port forwarding commands from the configuration. If you include the listname, the security appliance removes only the commands for that list.
port-forward	Configures the set of applications that WebVPN users can access.
port-forward (webvpn)	Enables WebVPN application access for a user or group policy.

show running-config prefix-list

To display the prefix-list command in the running configuration, use the show running-config prefix-list command in privileged EXEC mode.

show running-config prefix-list

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was changed from the show prefix-list command to the show running-config prefix-list command.

Usage Guidelines

The prefix-list description commands always appear before their associated prefix-list commands in the running configuration. It does not matter what order you entered them.

Examples

The following is sample output from the show running-config prefix-list command:

hostname# show running-config prefix-list

!

prefix-list abc description A sample prefix list

prefix-list abc seq 5 permit 192.168.0.0/8 le 24

prefix-list abc seq 10 deny 10.0.0.0/8 le 32 

!

Related Commands

Command	Description
clear configure prefix-list	Clears the prefix-list commands from the running configuration.

show running-config priority-queue

To display the priority queue configuration details for an interface, use the show running-config priority-queue command in privileged EXEC mode.

show running-config priority-queue interface-name

Syntax Description

interface-name

Specifies the name of the interface for which you want to show the priority queue details

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

This example shows the use of the show running-config priority-queue command for the interface named test, and the command output:

hostname# show running-config priority-queue test

priority-queue test

  queue-limit   50

  tx-ring-limit 10

hostname#

Related Commands

Command	Description
clear configure priority-queue	Removes the priority-queue configuration from the named interface.
priority-queue	Configures priority queueing on an interface.
show priority-queue statistics	Shows the statistics for the priority queue configured on the named interface.

show running-config privilege

To display the privileges for a command or a set of commands, use the show running-config privilege command in privileged EXEC mode.

show running-config [all] privilege [all | command command | level level]

Syntax Description

all	(Optional) First occurrence -- Displays the default privilege level.
all	(Optional) Second occurrence -- Displays the privilege level for all commands.
command command	(Optional) Displays the privilege level for a specific command.
level level	(Optional) Displays the commands that are configured with the specified level; valid values are from 0 to 15.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was modified for this release to conform to CLI guidelines.

Usage Guidelines

Use the show running-config privilege command to view the current privilege level.

Examples

hostname(config)# show running-config privilege level 0

privilege show level 0 command checksum

privilege show level 0 command curpriv

privilege configure level 0 mode enable command enable

privilege show level 0 command history

privilege configure level 0 command login

privilege configure level 0 command logout

privilege show level 0 command pager

privilege clear level 0 command pager

privilege configure level 0 command pager

privilege configure level 0 command quit

privilege show level 0 command version

Related Commands

Command	Description
clear configure privilege	Remove privilege command statements from the configuration.
privilege	Configure the command privilege levels.
show curpriv	Display current privilege level.
show running-config privilege	Display privilege levels for commands.

show running-config regex

To display all regular expressions configured with the regex command, use the show running-config regex command in privileged EXEC mode.

show running-config regex

Syntax Description

This command has no arguments or keywords.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output of the show running-config regex command, which shows all regular expressions:

hostname# show running-config regex

regex test "string"

Related Commands

Command	Description
class-map type regex	Creates a regular expression class map.
clear configure regex	Clears all regular expressions.
regex	Creates a regular expression.
test regex	Tests a regular expression.

show running-config route

To display the route configuration that is running on the security appliance, use the show running-config route command in privileged EXEC mode.

show running-config [all] route

Syntax Description

No default behavior or values.

Defaults

This command has no arguments or keywords.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword running-config.

Examples

The following is sample output from the show running-config route command:

hostname# show running-config route

route outside 10.30.10.0 255.255.255.0 1

Related Commands

Command	Description
clear configure route	Removes the route commands from the configuration that do not contain the connect keyword.
route	Specifies a static or default route for the an interface.
show route	Displays route information.

show running-config route-map

To display the information about the route map configuration, use the show running-config route-map command in privileged EXEC mode.

show running-config route-map [map_tag]

Syntax Description

map_tag

(Optional) Text for the route-map tag.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword running-config.

Usage Guidelines

To show all route-maps defined in the configuration, use the show running-config route-map command. To show individual route-maps by name, use the show running-config route-map map_tag command, where map_tag is the name of the route-map. Multiple route maps may share the same map tag name.

Examples

The following is sample output from the show running-config route-map command:

hostname# show running-config route-map

route-map maptag1 permit sequence 10

set metric 5

match metric 3

route-map maptag1 permit sequence 12

set metric 5

match interface backup

match metric 3

route-map maptag2 deny sequence 10

match interface dmz

Related Commands

Command	Description
clear configure route-map	Removes the conditions for redistributing the routes from one routing protocol into another routing protocol.
route-map	Defines the conditions for redistributing routes from one routing protocol into another.

show running-config router

To display the global configuration commands for the specified routing protocol, use the show running-config router command in privileged EXEC mode.

show running-config [all] router [ospf [process_id] | rip]

Syntax Description

all	Shows all router commands, including the commands you have not changed from the default.
ospf	(Optional) Displays the global OSPF configuration commands.
process_id	(Optional) Displays the commands for the selected OSPF process.
rip	(Optional) Displays the global RIP configuration commands.

Defaults

If a routing protocol is not specified, the configuration commands for all configured routing protocols are displayed.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was changed from the show router command to the show running-config router command.

Examples

The following is sample output from the show running-config router ospf command:

hostname# show running-config router ospf 1

router ospf 1

  log-adj-changes detail

  ignore lsa mospf

  no compatible rfc1583

  distance ospf external 200

  timers spf 10 20

  timers lsa-group-pacing 60

The following is sample output from the show running-config router rip command:

router rip

	network 10.0.0.0

	version 2

	no auto-summary

Related Commands

Command	Description
clear configure router	Clears all router commands from the running configuration.
router ospf	Enables an OSPF routing process and enters router configuration mode for that process.
router rip	Enables a RIP routing process and enters router configuration mode for that process.

show running-config same-security-traffic

To display the same-security interface communication, use the show running-config same-security-traffic command in privileged EXEC mode.

show running-config same-security-traffic

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config same-security-traffic command:

hostname# show running-config same-security-traffic

Related Commands

Command	Description
same-security-traffic	Permits communication between interfaces with equal security levels.

show running-config service

To display the system services, use the show running-config service command in privileged EXEC mode.

show running-config service

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	The keyword running-config was added.

Examples

This command shows how to display the system services:

hostname# show running-config service

service resetoutside

Related Commands

Command	Description
service	Enables system services.

show running-config service-policy

To display all currently running service policy configurations, use the show runnig-config service-policy command in privileged EXEC mode.

show running-config [all] service-policy

Syntax Description

all	(Optional) Shows all service policy commands, including the commands you have not changed from the default.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output of the show running-config service-policy command:

hostname# show running-config service-policy

Related Commands

Command	Description
show service-policy	Displays the service policy.
service-policy	Configures service policies.
clear service-policy	Clears service policy configurations.
clear configure service-policy	Clears service policy configurations.

show running-config sla monitor

To display the SLA operation commands in the running configuration, use the show running-config sla monitor command in privileged EXEC mode.

show running-config sla monitor [sla-id]

Syntax Description

sla_id

Specifies the SLA ID for the sla monitor commands being displayed. Valid values are from 1 to 2147483647.

Defaults

If the sla-id is not specified, the sla monitor commands for all SLA operations are displayed.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

This command displays the sla monitor commands, associated SLA monitor configuration mode commands, and the associated sla monitor schedule command, if present. It does not display the track rtr commands in the configuration.

Examples

The following is sample output from the show running-config sla monitor 5 command. It displays the SLA monitor configuration for the SLA operation with the SLA ID of 5:

hostname# show running-config sla monitor 5

sla monitor 124

 type echo protocol ipIcmpEcho 10.1.1.1 interface outside

 timeout 1000

 frequency 3

sla monitor schedule 124 life forever start-time now

Related Commands

Command	Description
clear configure sla monitor	Removes the sla monitor, and associated commands, from the running configuration.
show sla monitor configuration	Displays configuration values for the specified SLA operation.

show running-config snmp-map

To show the SNMP maps that have been configured, use the show running-config snmp-map command in privileged EXEC mode.

show running-config snmp-map map_name

Syntax Description

map_name

Displays configuration for the specified SNMP map.

.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show running-config snmp-map command displays the SNMP maps that have been configured.

Examples

The following is sample output from the show running-config snmp-map command:

hostname# show running-config snmp-map snmp-policy

!

snmp-map snmp-policy

deny version 1

!

Related Commands

Commands	Description
class-map	Defines the traffic class to which to apply security actions.
deny version	Disallows traffic using a specific version of SNMP.
inspect snmp	Enable SNMP application inspection.
snmp-map	Defines an SNMP map and enables SNMP map configuration mode.

show running-config snmp-server

To display all currently running SNMP server configurations, use the show runnig-config snmp-server command in global configuration mode.

show running-config [default] snmp-server

Syntax Description

default

Displays the default snmp server configuration.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is an example of the show running-config snmp-server command:

hostname# show running-config snmp-server

Related Commandshostname# show running-config servi

Command	Description
snmp-server	Configures the SNMP server.
clear snmp-server	Clears the SNMP server configuration.
show snmp-server statistics	Displays SNMP server configuration.

show running-config ssh

To show the SSH commands in the current configuration, use the show running-config ssh command in privileged EXEC mode.

show running-config [default] ssh [timeout | version]

show run [default] ssh [timeout]

Syntax Description

default	(Optional) Displays the default SSH configuration values along with the configured values.
timeout	(Optional) Displays the current SSH session timeout value.
version	(Optional) Displays the version of SSH currently being supported.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	The command was changed from the show ssh command to the show running-config ssh command.

Usage Guidelines

This command shows the current ssh configuration. To display only the SSH session timeout value, use the timeout option. To see a list of active SSH sessions, use the show ssh sessions command.

Examples

The following example displays the SSH session timeout:

hostname# show running-config timeout

ssh timeout 5 minutes

hostname# 

Related Commands

Command	Description
clear configure ssh	Clears all SSH commands from the running configuration.
ssh	Allows SSH connectivity to the security appliance from the specified client or network.
ssh scopy enable	Enables a secure copy server on the security appliance.
ssh timeout	Sets the timeout value for idle SSH sessions.
ssh version	Restricts the security appliance to using either SSH Version 1 or SSH Version 2.

show running-config ssl

To display the current set of configured ssl commands, use the show running-config ssl command in privileged EXEC mode.

show running-config ssl

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)(1)	This command was introduced.

Examples

The following is sample output from the show running-config ssl command:

hostname# show running-config ssl

ssl server-version  tlsv1

ssl client-version tlsv1-only

ssl encryption 3des-sha1

ssl trust-point Firstcert

Related Commands

Command	Description
clear config ssl	Removes all ssl commands from the configuration, reverting to the default values.
ssl client-version	Specifies the SSL/TLS protocol version the security appliance uses when acting as a client.
ssl server-version	Specifies the SSL/TLS protocol version the security appliance uses when acting as a server
ssl trust-point	Specifies the certificate trust point that represents the SSL certificate for an interface.

show running-config static

To display all static commands in the configuration, use the show running-config static command in privileged EXEC mode.

show running-config static

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	The keyword running-config was added.

Usage Guidelines

This command displays the maximum connections value for the UDP protocol. If the UDP maximum connections value is "0" or not set, the limit enforcement is disabled.

Examples

This example shows how to display all static commands in the configuration:

hostname# show running-config static

static (inside,outside) 192.150.49.91 10.1.1.91 netmask 255.255.255.255

static (inside,outside) 192.150.49.200 10.1.1.200 netmask 255.255.255.255 tcp 255 0

---

Note No UDP value connection limit is shown.

---

Related Commands

Command	Description
clear configure static	Removes all the static commands from the configuration.
static	Configures a persistent one-to-one address translation rule by mapping a local IP address to a global IP address.

show running-config sunrpc-server

To display the information about the SunRPC configuration, use the show running-config sunrpc-server command in privileged EXEC mode.

show running-config sunrpc-server interface_name ip_addr mask service service_type protocol [TCP | UDP] port port [- port] timeout hh:mm:ss

Syntax Description

interface_name	Server interface.
ip_addr	Server IP address.
mask	Network mask.
port port - port	SunRPC protocol port range and optionally, a second port.
protocol	SunRPC transport protocol.
service	Specifies a service.
service_type	Sets the SunRPC service program type.
timeout hh:mm:ss	Specifies the timeout idle time after which the access for the SunRPC service traffic is closed.
TCP	(Optional) Specifies TCP.
UDP	(Optional) Specifies UDP.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The service_type is specified in the sunrpcinfo command.

Examples

The following is sample output from the show running-config sunrpc-server command:

hostname# show running-config sunrpc-server

inside 30.26.0.23 255.255.0.0 service 2147483647 protocol TCP port 2222 timeout 0:03:00

Related Commands

Command	Description
clear configure sunrpc-server	Clears the SunRPC services from the security appliance.
debug sunrpc	Enables debug information for SunRPC.
show conn	Displays the connection state for different connection types, including SunRPC.
sunrpc-server	Creates the SunRPC services table.
timeout	Sets the maximum idle time duration for different protocols and session types, including SunRPC.

show running-config sysopt

To show the sysopt command configuration in the running configuration, use the show running-config sysopt command in privileged EXEC mode.

show running-config sysopt

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was changed from the show sysopt command.

Examples

The following is sample output from the show running-config sysopt command:

hostname# show running-config sysopt

no sysopt connection timewait

sysopt connection tcpmss 1200

sysopt connection tcpmss minimum 400

no sysopt nodnsalias inbound

no sysopt nodnsalias outbound

no sysopt radius ignore-secret

sysopt connection permit-ipsec

Related Commands

Command	Description
clear configure sysopt	Clears the sysopt command configuration.
sysopt connection permit-ipsec	Permits any packets that come from an IPSec tunnel without checking any ACLs for interfaces.
sysopt connection tcpmss	Overrides the maximum TCP segment size or ensures that the maximum is not less than a specified size.
sysopt connection timewait	Forces each TCP connection to linger in a shortened TIME_WAIT state after the final normal TCP close-down sequence.
sysopt nodnsalias	Disables alteration of the DNS A record address when you use the alias command.

show running-config tcp-map

To display the information about the TCP map configuration, use the show running-config tcp-map command in privileged EXEC mode.

show running-config tcp-map [tcp_map_name]

Syntax Description

tcp_map_name

(Optional) Text for the TCP map name; the text can be up to 58 characters in length.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config tcp-map command:

hostname# show running-config tcp-map

tcp-map localmap

Related Commands

Command	Description
tcp-map	Creates a TCP map and allows access to tcp-map configuration mode.
clear configure tcp-map	Clears the TCP map configuration.

show running-config telnet

To display the current list of IP addresses that are authorized to use Telnet connections to the security appliance, use the show running-config telnet command in privileged EXEC mode. You can also use this command to display the number of minutes that a Telnet session can remain idle before being closed by the security appliance.

show running-config telnet [timeout]

Syntax Description

timeout

(Optional) Displays the number of minutes that a Telnet session can be idle before being closed by the security appliance.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	The keyword running-config was added.

Examples

This example shows how to display the current list of IP addresses that are authorized for use by Telnet connections to the security appliance:

hostname# show running-config telnet

2003 Jul 15 14:49:36 %MGMT-5-LOGIN_FAIL:User  failed to

log in from 128.107.183.22 through Telnet

2003 Jul 15 14:50:27 %MGMT-5-LOGIN_FAIL:User  failed to log in from 128.107.183.

22 through Telnet

Related Commands

Command	Description
clear configure telnet	Removes the Telnet connection from the configuration.
telnet	Adds Telnet access to the console and sets the idle timeout.

show running-config terminal

To display the current terminal settings, use the show running-config terminal command in privileged EXEC mode.

show running-config terminal

Syntax Description

This command has no keywords or arguments.

Defaults

The default display width is 80 columns.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example clears the page length setting:

hostname# show running-config terminal

Width = 80, no monitor

Related Commands

Command	Description
clear configure terminal	Clears the terminal display width setting.
terminal	Sets the terminal line parameters.
terminal width	Sets the terminal display width.

show running-config tftp-server

To display the default TFTP server address and directory, use the show running-config tftp-server command in global configuration mode.

show running-config tftp-server

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	•	•

Command History

Release	Modification
7.0(1)	The running-config keyword was added.

Examples

This example shows how to display the IP/IPv6 address of the default TFTP server and the directory of the configuration file:

hostname(config)# show running-config tftp-server

tftp-server inside 10.1.1.42 /temp/config/test_config

Related Commands

Command	Description
configure net	Loads the configuration from the TFTP server and path you specify.
tftp-server	Configures the default TFTP server address and the directory of the configuration file.

show running-config timeout

To display the timeout value of all protocols, or just a specific one, use the show running-config timeout command in privileged EXEC mode.

show running-config timeout protocol

Syntax Description

protocol

(Optional) Displays the timeout value of the specified protocol. Supported protocols are: xlate, conn, udp, icmp, rpc, h323, h225, mgcp, mgcp-pat, sip, sip_media, and uauth.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	The running-config and mgcp-pat keywords were added.

Examples

This example shows how to display the timeout values for the system:

hostname(config)# show timeout

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 rpc 0:10:00 h3

23 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02

:00

timeout uauth 0:00:00 absolute

Related Commands

Command	Description
clear configure timeout	Restores the default idle time durations.
timeout	Sets the maximum idle time duration.

show running-config track

To display track rtr commands in the running configuration, use the show running-config track command in privileged EXEC mode.

show running-config track [track-id]

Syntax Description

track-id

(Optional) Limits the display to the track rtr command with the specified tracking object ID.

Defaults

If the track-id is not specified, all track rtr commands in the running configuration are shown.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following is sample output from the show running-config track command:

hostname# show running-config track 5

track 5 rtr 124 reachability

Related Commands

Command	Description
clear configure track	Removes the track rtr commands from the running configuration.
show track	Displays information about the objects being tracked.
track rtr	Creates a tracking entry to poll the SLA.

show running-config tunnel-group

To display tunnel group information about all or a specified tunnel group and tunnel-group attributes, use the show running-config tunnel-group command in global configuration or privileged EXEC mode.

show running-config [all] tunnel-group [name [general-attributes | ipsec-attributes | ppp-attributes]]

Syntax Description

all	[Optional] Displays all tunnel-group commands, including the commands you have not changed from the default.
general-attributes	Displays configuration information for general attributes.
ipsec-attributes	Displays configuration information for IPSec attributes.
name	Specifies the name of the tunnel group.
ppp-attributes	Displays configuration information for PPP attributes.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•		•
Privileged EXEC	•		•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following example entered in global configuration mode, displays the current configuration for all tunnel groups:

hostname<config># show running-config tunnel-group

tunnel-group 209.165.200.225 type IPSec_L2L

tunnel-group 209.165.200.225 ipsec-attributes

pre-shared-key xyzx

hostname<config># 

Related Commands

Command	Description
clear configure tunnel-group	Removes tunnel-group configuration
tunnel-group general-attributes	Enters subconfiguration mode for specifying general attributes for specified tunnel group.
tunnel-group ipsec-attributes	Enters subconfiguration mode for specifying IPSec attributes for specified tunnel group.
tunnel-group	Enters tunnel-group subconfiguration mode for the specified type.

show running-config url-block

To show the configuration for buffers and memory allocation used by URL filtering, use the show running-config url-block command in privileged EXEC mode.

show running-config url-block [ block | url-mempool | url-size ]

Syntax Description

block	Displays the configuration for the maximum number of blocks that will be buffered.
url-mempool	Displays the configuration for the maximum allow URL size (in KB).
url-size	Displays the configuration for the memory resource (in KB) allocated for the long URL buffer.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Prexisting	This command was previously existing.

Usage Guidelines

The show running-config url-block command displays the configuration for buffers and memory allocation used by URL filtering.

Examples

The following is sample output from the show running-config url-block command:

hostname# show running-config url-block

!

url-block block 56

!

Related Commands

Commands	Description
clear url-block block statistics	Clears the block buffer usage counters.
show url-block	Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.
url-block	Manage the URL buffers used for web server responses.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

show running-config url-cache

To show the cache configuration used by URL filtering, use the show running-config url-cache command in privileged EXEC mode.

show running-config url-cache

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was previously existing.

Usage Guidelines

The show running-config url-cache command displays the cache configuration used by URL filtering.

Examples

The following is sample output from the show running-config url-cache command:

hostname# show running-config url-cache

!

url-cache src_dst 128

!

Related Commands

Commands	Description
clear url-cache statistics	Removes url-cache command statements from the configuration.
filter url	Directs traffic to a URL filtering server.
show url-cache statistics	Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

show running-configuration url-list

To display the set(s) of URLs that WebVPN users can access, use the show running-configuration url-list command in privileged EXEC mode.

show running-configuration url-list

Syntax Description

This command has no arguments or keywords.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—
Global configuration	•	—	•	—	—
Webvpn	•	—	•	—	—

Command History

Release	Modification
7.0(1)(1)	This command was introduced.

Examples

The following is sample output from the show running-configuration url-list command:

hostname# show running-configuration url-list

url-list userURL "SW Engineering" http://10.1.1.2

url-list userURL "My Company" http://www.mycompany.com

url-list userURL "401K Program" https://401k.com

url-list userURL "Exchange5.5 Mail" http://10.1.1.11/exchange

url-list URLlist2 "OWA-2000" http://10.1.1.7/exchange

Related Commands

Command	Description
clear configuration url-list	Removes all url-list commands from the configuration. If you include the listname, the security appliance removes only the commands for that list.
url-list	Configures the set of URLs that WebVPN users can access.
url-list	Enables WebVPN URL access for a specific group policy or user.

show running-config url-server

To show the URL filtering server configuration, use the show running-config url-server command in privileged EXEC mode.

show running-config url-server

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
Preexisting	This command was previously existing.

Usage Guidelines

The show running-config url-server command displays the URL filtering server configuration.

Examples

The following is sample output from the show running-config url-server command:

hostname# show running-config url-server

!

url-server (perimeter) vendor websense host 10.0.1.1

!

Related Commands

Commands	Description
clear url-server	Clears the URL filtering server statistics.
show url-server	Displays information about the URL cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server.
url-block	Manages the URL buffers used for web server responses while waiting for a filtering decision from the filtering server.
url-cache	Enables URL caching while pending responses from an N2H2 or Websense server and sets the size of the cache.
url-server	Identifies an N2H2 or Websense server for use with the filter command.

show running-config username

To display the running configuration for a particular user, use the show running-config username command in privileged EXEC mode with the username appended. To display the running configuration for all users, use this command without a username.

show running-config [all] username [name] [attributes]]

Syntax Description

attributes	Displays the specific AVPs for the user(s)
all	(Optional) Displays all username commands, including the commands you have not changed from the default.
name	Provides the name of the user.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—
Global configuration	•	—	•	—	—
Username	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show the running-config username for a user named anyuser:

hostname# show running-config username anyuser

username anyuser password .8T1d6ik58/lzXS5 encrypted privilege 3

username anyuser attributes

vpn-group-policy DefaultGroupPolicy

vpn-idle-timeout 10

vpn-session-timeout 120

vpn-tunnel-protocol IPSec

Related Commands

Command	Description
clear config username	Clears the username database.
username	Adds a user to the security appliance database.
username attributes	Lets you configure attributes for specific users.

show running-config virtual

To display the IP address of the security appliance virtual server, use the show running-config virtual command in privileged EXEC mode.

show running-config [all] virtual

Syntax Description

all	Display the virtual server IP address of all virtual servers.

Defaults

Omitting the all keyword displays the explicitly configured IP address of the current virtual server or servers.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was modified to conform to CLI guidelines.

Usage Guidelines

You must be in privileged EXEC mode to use this command.

Examples

This example displays the show running-config virtual command output for a situation in which there is a previously configured HTTP virtual server:

hostname(config)# show running-config virtual

virtual http 192.168.201.1

Related Commands

Command	Description
clear configure virtual	Removes virtual command statements from the configuration.
virtual	Displays the address for authentication virtual servers.

show running-config vpn load-balancing

To display the current VPN load-balancing virtual cluster configuration, use the show running-config vpn-load-balancing command in global configuration, privileged EXEC, or VPN load-balancing mode.

show running-config [all] vpn load-balancing

Syntax Description

all	Display both the default and the explicitly configured VPN load-balancing configuration.

Defaults

Omitting the all keyword displays the explicitly configured VPN load-balancing configuration.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—
Privileged EXEC	•	—	•	—	—
vpn load-balancing	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show running-config vpn load-balancing command also displays configuration information for the following related commands: cluster encryption, cluster ip address, cluster key, cluster port, nat, participate, and priority.

Examples

This example displays show running-config vpn load-balancing command and its output, with the all option enabled:

hostname(config)# show running-config all vpn load-balancing

vpn load-balancing

 no nat

 priority 9

 interface lbpublic test

 interface lbprivate inside

 no cluster ip address

 no cluster encryption

 cluster port 9023

 no participate

Related Commands

Command	Description
clear configure vpn load-balancing	Removes vpn load-balancing command statements from the configuration.
show vpn load-balancing	Displays the VPN load-balancing runtime statistics.
vpn load-balancing	Enters vpn load-balancing mode.

show running-config webvpn

To display the running configuration for webvpn, use the show running-config webvpn command in privileged EXEC mode. To have the display include the default configuration, use the all keyword.

show running-config [all] webvpn [apcf | auto-signon | cache | proxy-bypass | rewrite | sso-server | url-list]

Syntax Description

all	(Optional) Displays the running configuration including default values.
apcf	(Optional) Displays the running configuration for WebVPN APCF.
auto-signon	(Optional) Displays the running configuration for WebVPN auto sign-on.
cache	(Optional) Displays the running configuration for WebVPN caching.
proxy-bypass	(Optional) Displays the running configuration for WebVPN proxy bypass.
rewrite	(Optional) Displays the running configuration for WebVPN content transformation.
sso-server	(Optional) Displays the running configuration for single sign-on.
url-list	(Optional) Displays the running configuration for WebVPN access to URLs.

Defaults

No default behavior or values.

Command History

Release	Modification
7.0(1)(1)	This command was introduced.
7.1(1)	This command was revised.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—
Global configuration	•	—	•	—	—
WebVPN	•	—	•	—	—

Examples

The following is sample output from the show running-config webvpn command:

hostname# show running-configuration webvpn

webvpn

 title WebVPN Services for ASA-4

 title-color green

 default-idle-timeout 0

 nbns-server 10.148.1.28 master timeout 2 retry 2

 accounting-server-group RadiusACS1

 authentication-server-group RadiusACS2

 authorization-dn-attributes CN 

The following is sample output from the show running-config all webvpn command:

hostname#(config-webvpn)# show running-config all webvpn

webvpn

 title WebVPN Services for ASA-4

 username-prompt Username

 password-prompt Password

 login-message Please enter your username and password

 logout-message Goodbye

 no logo

 title-color green

 secondary-color #CCCCFF

 text-color white

 secondary-text-color black

 default-idle-timeout 0

 no http-proxy

 no https-proxy

 nbns-server 10.148.1.28 master timeout 2 retry 2

 accounting-server-group RadiusACS1

 authentication-server-group RadiusACS2

 no authorization-server-group

 default-group-policy DfltGrpPolicy

 authentication aaa

 no authorization-required

 authorization-dn-attributes CN 

hostname#

The following is sample output from the show running-config webvpn sso-server command:

hostname#(config-webvpn)# show running-config webvpn sso-server

sso-server

sso-server bxbsvr type siteminder

web-agent-url http://bxb-netegrity.demo.com/vpnauth/

policy-server-secret cisco1234

sso-server policysvr type siteminder

web-agent-url http://webagent1.mysiteminder.com/ciscoauth/

policy-server-secret Cisco1234

max-retry-attempts 4

request-timeout 10

hostname#(config-webvpn)#

Related CommandsASA-4#

Command	Description
clear configure webvpn	Removes all nondefault WebVPN configuration attributes.
debug webvpn	Displays debug information about WebVPN sessions.
show webvpn	Displays statistics about WebVPN sessions.

show running-config webvpn auto-signon

To display all WebVPN auto-signon assignments in the running configuration, use the show running-config webvpn auto-signon command in global configuration mode.

show running-config webvpn auto-signon

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	—	•	—	—

Command History

Release	Modification
7.1(1)	This command was introduced.

Examples

The following is sample output from the show running-config webvpn auto-signon:

hostname(config)# webvpn

hostname(config-webvpn)# auto-signon allow ip 10.1.1.0 255.255.255.0 auth-type ntlm

hostname(config-webvpn)# auto-signon allow uri *.example.com/* auth-type basic

hostname(config-webvpn)# show running-config webvpn auto-signon

auto-signon allow ip 10.1.1.0 255.255.255.0 auth-type ntlm

auto-signon allow uri *.example.com/* auth-type basic

Related Commands

auto-signon

Configures the security appliance to automatically pass WebVPN login credentials to internal servers.

show running-config zonelabs-integrity

To display the Zone Labs Integrity Server configuration, use the show running-config zonelabs-integrity command in privileged EXEC mode.

show running-config [all] zonelabs-integrity

Syntax Description

all	(Optional) Shows the running configuration including default configuration values.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

Use this command to display the addresses of all Zone Labs Integrity Servers and the configured values for the active Zone Labs Integrity Server. Use the all parameter to display the default as well as the explicitly configured values.

Examples

The following is sample output from the show running-config zonelabs-integrity command:

hostname# show running-config zonelabs-integrity

zonelabs-integrity server-address 10.0.9.1 10.0.9.2

zonelabs-integrity port 300

hostname#

The following is sample output from the show running-config all zonelabs-integrity command:

hostname# show running-config all zonelabs-integrity

zonelabs-integrity server-address 10.0.9.1 10.0.9.2

zonelabs-integrity port 300

zonelabs-integrity interface none

zonelabs-integrity fail-open

zonelabs-integrity fail-timeout 10

zonelabs-integrity ssl-client-authentication disable

zonelabs-integrity ssl-certificate-port 80

hostname#

Related Commands

Command	Description
clear configure zonelabs-integrity	Clears the Zone Labs Integrity Server configuration.

show running-config smtps

To display the running configuration for smpts, use the show running-config smtps command in privileged EXEC mode. To have the display include the default configuration, use the all keyword.

show running-config [all] smtps

Syntax Description

all	Displays the running configuration including default values.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)(1)	This command was introduced.

Examples

The following is sample output from the show running-config smtps command:

hostname# show running-config smtps

smtps

server 10.1.1.21

 authentication-server-group KerbSvr

 authentication aaa

hostname# show running-config all smtps

smtps

 port 995

 server 10.1.1.21

 outstanding 20

 name-separator :

 server-separator @

 authentication-server-group KerbSvr

 no authorization-server-group

 no accounting-server-group

 no default-group-policy

 authentication aaa

hostname#

Related CommandsASA-4#

Command	Description
clear configure smtps	Removes the SMTPS configuration.
smtps	Creates or edits an SMTPS e-mail proxy configuration

show running-config vpdn

To display the VPDN configuration used for PPPoE connections, use the show running-config vpdn command in privileged EXEC mode:

show running-config vpdn

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

This example shows the use of the show running-config vpdn command and the command output:

hostname# show running-config vpdn

vpdn group telecommuters ppp authentication mschap

vpdn username tomm password ********* store-local

Related Commands

Command	Description
show running-config vpdn group	Shows the current configuration for vpdn group.
show running-config vpdn username	Shows the current configuration for vpdn usernames.

show running-configuration vpn-sessiondb

To display the current set of configured vpnsessiondb commands, use the show running-configuration vpn-sessiondb command in privileged EXEC mode.

show running-configuration [all] vpn-sessiondb

Syntax Description

all	(Optional) Displays all vpn-sessionddb commands, including the commands you have not changed from the default

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

As of Release 7.0, this command displays only the VPN maximum sessions limit, if configured.

Examples

The following is sample output for the show running-configuration vpn-sessiondb command:

hostname# show running-configuration vpn-sessiondb

Related Commands

Command	Description
show vpn-sessiondb	Displays sessions with or without extended details, optionally filtered and sorted by criteria you specify.
show vpn-sessiondb summary	Displays a session summary, including total current session, current sessions of each type, peak and total cumulative, maximum concurrent sessions

show running-config wccp

To show the WCCP configuration in the running configuration, use the show running-config wccp command in privileged EXEC mode.

show [all] running-config wccp

Syntax Description

all	Displays the default and explicitly configured configuration information for one or all WCCP commands.

Defaults

This command has no arguments or keywords.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following is sample output from the show running-config wccp command:

hostname# show running-config wccp

wccp web-cache redirect-list wooster group-list jeeves password whatho

hostname# 

Related Commands

Command	Description
wccp	Enables support of WCCP.
wccp redirect	Enters support of WCCP redirection.