-
Cisco ASA Series Command Reference
-
About this Guide
-
Using the Command Line Interface
- A through B Commands
-
C Commands
-
cache -- clear compression
-
clear configure -- clear configure http
-
clear configure flow-export-- clear configure zonelabs-integrity
-
clear conn -- clear isakmp sa
-
clear local-host -- clear xlate
-
client-access-rule -- crl-configure
-
crypto ca authenticate -- crypto ipsec ikev1 transform-set mode transport
-
crypto isakmp disconnect-notify -- cxsc auth-proxy port
-
-
D through F Commands
-
database path -- debug cxsc
-
debug dap -- debug http-map
-
debug icmp -- debug ospfv3
-
debug parser cache -- debug xml
-
default -- dhcp-server
-
dhcpd address -- distribute-list out
-
dns domain-lookup -- dynamic-filter whitelist
-
eigrp log-neighbor-changes -- export webvpn webcontent
-
failover -- fallback
-
file-bookmarks -- functions
-
- G through I Commands
- J through L Commands
- M through O Commands
- P through R Commands
-
S Commands
-
same-security-traffic -- shape
-
show aaa kerberos -- show asdm sessions
-
show asp cluster counter -- show asp table vpn-context
-
show blocks -- show cpu
-
show crashinfo -- show curpriv
-
show ddns update interface -- show environment
-
show failover -- show ipsec stats traffic
-
show ipv6 access-list -- show ipv6
-
show isakmp ipsec-over-tcp stats -- show ospf virtual-links
-
show nac-policy -- show ospf virtual-links
-
show pager -- show route
-
show running-config -- show running-config ctl-provider
-
show running-config ddns -- show running-config isakmp
-
show running-config ipv6 router -- show running-config router
-
show running-config same-security-traffic -- show running-config xlate
-
show scansafe -- show switch vlan
-
show tcpstat -- show traffic
-
show uauth -- show xlate
-
shun -- snmp-server user
-
software-version -- storage-objects
-
subject-name -- sysopt radius ignore-secret
-
- T through Z Commands
-
Cisco IOS Commands for the ASASM
-
Feedback
Table Of Contents
show nac-policy through show ospf virtual-links Commands
show nac-policy through show ospf virtual-links Commands
show nac-policy
To show the NAC policy usage statistics and the assignment of NAC policies to group policies, use the show nac-policy command in privileged EXEC mode.
show nac-policy [nac-policy-name]
Syntax Description
Defaults
If you do not specify a name, the CLI lists all NAC policy names along with their respective statistics.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Examples
The following example shows the data for the NAC policies named framework1 and framework2:
asa2(config)# show nac-policynac-policy framework1 nac-frameworkapplied session count = 0applied group-policy count = 2group-policy list: GroupPolicy2 GroupPolicy1nac-policy framework2 nac-framework is not in use.The first line of each NAC policy indicates its name and type (nac-framework). The CLI shows the text "is not in use" next to the policy type if the policy is not assigned to any group policies. Otherwise, the CLI displays the usage data for the group policy. Table 52-1 explains the fields in the show nac-policy command.
Related Commands
show nameif
To view the interface name set using the nameif command, use the show nameif command in privileged EXEC mode.
show nameif [physical_interface[.subinterface] | mapped_name]
Syntax Description
Defaults
If you do not specify an interface, the ASA shows all interface names.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
In multiple context mode, if you mapped the interface ID in the allocate-interface command, you can only specify the mapped name in a context. The output for this command shows only the mapped name in the Interface column.
Examples
The following is sample output from the show nameif command:
hostname# show nameifInterface Name SecurityGigabitEthernet0/0 outside 0GigabitEthernet0/1 inside 100GigabitEthernet0/2 test2 50Related Commands
show nat
To display statistics of NAT policies, use the show nat command in privileged EXEC mode.
show nat [interface name] [ip_addr mask | {object | object-group} name] [translated [interface name] [ip_addr mask | {object | object-group} name]] [detail] [divert-table [ipv6] [interface name]]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
8.3(1)
This command was introduced.
9.0(1)
This command now supports IPv6 traffic, as well as translations between IPv4 and IPv6.
Usage Guidelines
Use the show nat command to show runtime representation of the NAT policy. Use the detail optional keyword to expand the object and view the object values. Use the additional selector fields to limit the show nat command output.
Examples
The following is sample output from the show nat command:
hostname# show natManual NAT Policies (Section 1)1 (any) to (any) source dynamic S S' destination static D' Dtranslate_hits = 0, untranslate_hits = 0Auto NAT Policies (Section 2)1 (inside) to (outside) source dynamic A 2.2.2.2translate_hits = 0, untranslate_hits = 0Manual NAT Policies (Section 3)1 (any) to (any) source dynamic C C' destination static B' B service R R'translate_hits = 0, untranslate_hits = 0hostname# show nat detailManual NAT Policies (Section 1)1 (any) to (any) source dynamic S S' destination static D' Dtranslate_hits = 0, untranslate_hits = 0Source - Real: 1.1.1.2/32, Mapped: 2.2.2.3/32Destination - Real: 10.10.10.0/24, Mapped: 20.20.20.0/24Auto NAT Policies (Section 2)1 (inside) to (outside) source dynamic A 2.2.2.2translate_hits = 0, untranslate_hits = 0Source - Real: 1.1.1.1/32, Mapped: 2.2.2.2/32Manual NAT Policies (Section 3)1 (any) to (any) source dynamic C C' destination static B' B service R R'translate_hits = 0, untranslate_hits = 0Source - Real: 11.11.11.10-11.11.11.11, Mapped: 192.168.10.10/32Destination - Real: 192.168.1.0/24, Mapped: 10.75.1.0/24Service - Real: tcp source eq 10 destination eq ftp-data , Mapped: tcp source eq100 destination eq 200The following is sample output from the show nat detail command between IPv6 and IPv4:
hostname# show nat detail1 (in) to (outside) source dynamic inside_nw outside_map destination static inside_map anytranslate_hits = 0, untranslate_hits = 0Source - Origin: 2001::/96, Translated: 192.168.102.200-192.168.102.210Destination - Origin: 2001::/96, Translated: 0.0.0.0/0The following is sample output from the show nat divert ipv6 command:
hostname# show nat divert ipv6Divert Tableid=0xcb9ea518, domain=divert-routetype=static, hits=0, flags=0x21, protocol=0src ip/id=2001::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0dst ip/id=2001::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0input_ifc=in, output_ifc=outsideid=0xcf24d4b8, domain=divert-routetype=static, hits=0, flags=0x20, protocol=0src ip/id=::/::, port=0-0dst ip/id=2222::/ffff:ffff:ffff:ffff:ffff:ffff::, port=0-0input_ifc=in, output_ifc=mgmtRelated Commands
clear nat counters
Clears NAT policy counters.
nat
Identifies addresses on one interface that are translated to mapped addresses on another interface.
show nat divert-table
To display statistics of NAT divert table, use the show nat divert-table command in privileged EXEC mode.
show nat divert-table [ipv6] [interface name]
Syntax Description
divert-table
Shows the NAT divert table.
ipv6
(Optional) Shows IPv6 entries in the divert table.
interface name
(Optional) Specifies the source interface.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
Use the show nat divert-table command to show runtime representation of the NAT divert table. Use the ipv6 optional keyword to view the IPv6 entries in the divert table. Use the interface optional keyword to view the NAT divert table for the specific source interface.
Examples
The following is sample output from the show nat divert-table command:
hostname# show nat divert-tableDivert Tableid=0xad1521b8, domain=twice-nat section=1 ignore=notype=none, hits=0, flags=0x9, protocol=0src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0dst ip/id=10.86.119.255, mask=255.255.255.255, port=0-0input_ifc=outside, output_ifc=NP Identity Ifcid=0xad1523a8, domain=twice-nat section=1 ignore=notype=none, hits=0, flags=0x9, protocol=0src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0dst ip/id=10.86.116.0, mask=255.255.255.255, port=0-0input_ifc=outside, output_ifc=NP Identity Ifcid=0xad1865c0, domain=twice-nat section=1 ignore=notype=none, hits=0, flags=0x9, protocol=0src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0dst ip/id=192.168.255.255, mask=255.255.255.255, port=0-0input_ifc=amallio-wizard, output_ifc=NP Identity Ifcid=0xad1867b0, domain=twice-nat section=1 ignore=notype=none, hits=0, flags=0x9, protocol=0src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0dst ip/id=192.168.0.0, mask=255.255.255.255, port=0-0input_ifc=amallio-wizard, output_ifc=NP Identity Ifcid=0xad257bf8, domain=twice-nat section=1 ignore=notype=none, hits=0, flags=0x9, protocol=0src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0dst ip/id=172.27.48.255, mask=255.255.255.255, port=0-0input_ifc=folink, output_ifc=NP Identity Ifcid=0xad257db8, domain=twice-nat section=1 ignore=notype=none, hits=0, flags=0x9, protocol=0src ip/id=0.0.0.0, mask=0.0.0.0, port=0-0dst ip/id=172.27.48.0, mask=255.255.255.255, port=0-0input_ifc=folink, output_ifc=NP Identity IfcRelated Commands
show nat pool
To display statistics of NAT pool usage, use the show nat pool command in privileged EXEC mode.
show nat pool [cluster]
Syntax Description
cluster
(Optional) When ASA clustering is enabled, shows the current assignment of a PAT address to the owner unit and backup unit.
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
A NAT pool is created for each mapped protocol/IP address/port range, where the port ranges are 1-511, 512-1023, and 1024-65535 by default. If you use the flat keyword for a PAT pool in the nat command, you will see fewer, larger ranges.
Each NAT pool exists for at least 10 minutes after the last usage. The 10 minute hold-down timer is canceled if you clear the translations with clear xlate.
Examples
The following is sample output for the NAT pools created by a dynamic PAT rule shown by the show running-config object network command.
hostname(config)# show running-config object networkobject network myhosthost 10.10.10.10nat (pppoe2,inside) dynamic 10.76.11.25hostname# show nat poolTCP inside, address 10.76.11.25, range 1-511, allocated 0TCP inside, address 10.76.11.25, range 512-1023, allocated 0TCP inside, address 10.76.11.25, range 1024-65535, allocated 1The following is sample output from the show nat pool command showing use of the PAT pool flat option. Without the include-reserve keyword, two ranges are shown; the lower range is used when a source port below 1024 is mapped to the same port.
hostname# show nat poolICMP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2TCP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-1024, allocated 0TCP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1024-65535, allocated 2UDP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-1024, allocated 0UDP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1024-65535, allocated 2The following is sample output from the show nat pool command showing use of the PAT pool flat include-reserve options.
hostname# show nat poolICMP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2TCP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2UDP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2The following is sample output from the show nat pool command showing use of the PAT pool extended flat include-reserve options. The important items are the parenthetical addresses. These are the destination addresses used to extend PAT.
ICMP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0ICMP PAT pool outside:dynamic-pat, address 172.16.2.200(172.16.2.99), range 1-65535, allocated 2TCP PAT pool outside:dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535, allocated 1UDP PAT pool outside:dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535, allocated 1TCP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0ICMP PAT pool outside:dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535, allocated 1TCP PAT pool outside:dynamic-pat, address 172.16.2.200(172.16.2.99), range 1-65535, allocated 2UDP PAT pool outside:dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0Related Commands
nat
Identifies addresses on one interface that are translated to mapped addresses on another interface.
show nat
Displays NAT policy statistics.
show ntp associations
To view NTP association information, use the show ntp associations command in user EXEC mode.
show ntp associations [detail]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC
•
•
•
—
•
Command History
Usage Guidelines
See the "Examples" section for a description of the display output.
Examples
The following is sample output from the show ntp associations command:
hostname> show ntp associationsaddress ref clock st when poll reach delay offset disp~172.31.32.2 172.31.32.1 5 29 1024 377 4.2 -8.59 1.6+~192.168.13.33 192.168.1.111 3 69 128 377 4.1 3.48 2.3*~192.168.13.57 192.168.1.111 3 32 128 377 7.9 11.18 3.6* master (synced), # master (unsynced), + selected, - candidate, ~ configuredTable 52-2 shows each field description.
The following is sample output from the show ntp associations detail command:
hostname> show ntp associations detail172.23.56.249 configured, our_master, sane, valid, stratum 4ref ID 172.23.56.225, time c0212639.2ecfc9e0 (20:19:05.182 UTC Fri Feb 22 2002)our mode client, peer mode server, our poll intvl 128, peer poll intvl 128root delay 38.04 msec, root disp 9.55, reach 177, sync dist 156.021delay 4.47 msec, offset -0.2403 msec, dispersion 125.21precision 2**19, version 3org time c02128a9.731f127b (20:29:29.449 UTC Fri Feb 22 2002)rcv time c02128a9.73c1954b (20:29:29.452 UTC Fri Feb 22 2002)xmt time c02128a9.6b3f729e (20:29:29.418 UTC Fri Feb 22 2002)filtdelay = 4.47 4.58 4.97 5.63 4.79 5.52 5.87 0.00filtoffset = -0.24 -0.36 -0.37 0.30 -0.17 0.57 -0.74 0.00filterror = 0.02 0.99 1.71 2.69 3.66 4.64 5.62 16000.0Table 52-3 shows each field description.
Related Commands
show ntp status
To show the status of each NTP association, use the show ntp status command in user EXEC mode.
show ntp status
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC
•
•
•
—
•
Command History
Usage Guidelines
See the "Examples" section for a description of the display output.
Examples
The following is sample output from the show ntp status command:
hostname> show ntp statusClock is synchronized, stratum 5, reference is 172.23.56.249nominal freq is 99.9984 Hz, actual freq is 100.0266 Hz, precision is 2**6reference time is c02128a9.73c1954b (20:29:29.452 UTC Fri Feb 22 2002)clock offset is -0.2403 msec, root delay is 42.51 msecroot dispersion is 135.01 msec, peer dispersion is 125.21 msecTable 52-4 shows each field description.
Related Commands
show object-group
To display object group information and the relevant hit count if the object group is of the network object-group type, use the show object-group command in privileged EXEC mode.
show object-group [protocol | service | icmp-type | id object-group name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
A routine attempt to show object groups also shows the object hit count if the object group is of the network object-group type. Hit counts do not display for service, protocol, and icmp-type object groups.
Examples
The following is sample output from the show object-group command and shows information about the network object group named "Anet":
hostname# show object-group id AnetObject-group network Anet (hitcnt=10)Description OBJ SEARCH ALG APPLIEDnetwork-object 1.1.1.0 255.255.255.0 (hitcnt=4)network-object 2.2.2.0 255.255.255.0 (hitcnt=6)The following is sample output from the show object-group command and shows information about a service group:
hostname (config)# show object-group serviceobject-group service B-Serobjdescription its a service groupservice-object tcp eq bgpobject-group protocol C-grp-protoprotocol-object ospfThe following is sample output from the show object-group command and shows information about a protocol:
hostname (config)# show object-group protocolobject-group protocol C-grp-protoprotocol-object ospfRelated Commands
clear object-group
Clears the network objects hit count for a given object group.
show access list
Shows all access lists, relevant expanded access list entries, and hit counts.
show ospf
To display the general information about the OSPF routing processes, use the show ospf command in privileged EXEC mode.
show ospf [pid [area_id]]
Syntax Description
area_id
(Optional) ID of the area that is associated with the OSPF address range.
pid
(Optional) The ID of the OSPF process.
Defaults
Lists all OSPF processes if no pid is specified.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
If the pid is included, only information for the specified routing process is included.
Examples
The following is sample output from the show ospf command, showing how to display general information about a specific OSPF routing process:
hostname# show ospf 5Routing Process "ospf 5" with ID 127.0.0.1 and Domain ID 0.0.0.5Supports only single TOS(TOS0) routesSupports opaque LSASPF schedule delay 5 secs, Hold time between two SPFs 10 secsMinimum LSA interval 5 secs. Minimum LSA arrival 1 secsNumber of external LSA 0. Checksum Sum 0x 0Number of opaque AS LSA 0. Checksum Sum 0x 0Number of DCbitless external and opaque AS LSA 0Number of DoNotAge external and opaque AS LSA 0Number of areas in this router is 0. 0 normal 0 stub 0 nssaExternal flood list length 0The following is sample output from the show ospf command, showing how to display general information about all OSPF routing processes:
hostname# show ospfRouting Process "ospf 5" with ID 127.0.0.1 and Domain ID 0.0.0.5Supports only single TOS(TOS0) routesSupports opaque LSASPF schedule delay 5 secs, Hold time between two SPFs 10 secsMinimum LSA interval 5 secs. Minimum LSA arrival 1 secsNumber of external LSA 0. Checksum Sum 0x 0Number of opaque AS LSA 0. Checksum Sum 0x 0Number of DCbitless external and opaque AS LSA 0Number of DoNotAge external and opaque AS LSA 0Number of areas in this router is 0. 0 normal 0 stub 0 nssaExternal flood list length 0Routing Process "ospf 12" with ID 172.23.59.232 and Domain ID 0.0.0.12Supports only single TOS(TOS0) routesSupports opaque LSASPF schedule delay 5 secs, Hold time between two SPFs 10 secsMinimum LSA interval 5 secs. Minimum LSA arrival 1 secsNumber of external LSA 0. Checksum Sum 0x 0Number of opaque AS LSA 0. Checksum Sum 0x 0Number of DCbitless external and opaque AS LSA 0Number of DoNotAge external and opaque AS LSA 0Number of areas in this router is 0. 0 normal 0 stub 0 nssaExternal flood list length 0Related Commands
show ospf border-routers
To display the internal OSPF routing table entries to ABRs and ASBRs, use the show ospf border-routers command in privileged EXEC mode.
show ospf border-routers
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following is sample output from the show ospf border-routers command:
hostname# show ospf border-routersOSPF Process 109 internal Routing TableCodes: i - Intra-area route, I - Inter-area routei 192.168.97.53 [10] via 192.168.1.53, fifth, ABR, Area 0, SPF 20i 192.168.103.51 [10] via 192.168.96.51, outside, ASBR, Area 192.168.12.0, SPF 14i 192.168.103.52 [10] via 192.168.96.51, outside, ABR/ASBR, Area 192.168.12.0, SPF 14Related Commands
show ospf database
To display the information contained in the OSPF topological database on the ASA, use the show ospf database command in privileged EXEC mode.
show ospf [pid [area_id]] database [router | network | summary | asbr-summary | external | nssa-external] [lsid] [internal] [self-originate | adv-router addr]
show ospf [pid [area_id]] database database-summary
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
The OSPF routing-related show commands are available in privileged mode on the ASA. You do not need to be in an OSPF configuration mode to use the OSPF-related show commands.
Examples
The following is sample output from the show ospf database command:
hostname# show ospf databaseOSPF Router with ID(192.168.1.11) (Process ID 1)Router Link States(Area 0)Link ID ADV Router Age Seq# Checksum Link count192.168.1.8 192.168.1.8 1381 0x8000010D 0xEF60 2192.168.1.11 192.168.1.11 1460 0x800002FE 0xEB3D 4192.168.1.12 192.168.1.12 2027 0x80000090 0x875D 3192.168.1.27 192.168.1.27 1323 0x800001D6 0x12CC 3Net Link States(Area 0)Link ID ADV Router Age Seq# Checksum172.16.1.27 192.168.1.27 1323 0x8000005B 0xA8EE172.17.1.11 192.168.1.11 1461 0x8000005B 0x7ACType-10 Opaque Link Area Link States (Area 0)Link ID ADV Router Age Seq# Checksum Opaque ID10.0.0.0 192.168.1.11 1461 0x800002C8 0x8483 010.0.0.0 192.168.1.12 2027 0x80000080 0xF858 010.0.0.0 192.168.1.27 1323 0x800001BC 0x919B 010.0.0.1 192.168.1.11 1461 0x8000005E 0x5B43 1The following is sample output from the show ospf database asbr-summary command:
hostname# show ospf database asbr-summaryOSPF Router with ID(192.168.239.66) (Process ID 300)Summary ASB Link States(Area 0.0.0.0)Routing Bit Set on this LSALS age: 1463Options: (No TOS-capability)LS Type: Summary Links(AS Boundary Router)Link State ID: 172.16.245.1 (AS Boundary Router address)Advertising Router: 172.16.241.5LS Seq Number: 80000072Checksum: 0x3548Length: 28Network Mask: 0.0.0.0TOS: 0 Metric: 1The following is sample output from the show ospf database router command:
hostname# show ospf database routerOSPF Router with id(192.168.239.66) (Process ID 300)Router Link States(Area 0.0.0.0)Routing Bit Set on this LSALS age: 1176Options: (No TOS-capability)LS Type: Router LinksLink State ID: 10.187.21.6Advertising Router: 10.187.21.6LS Seq Number: 80002CF6Checksum: 0x73B7Length: 120AS Boundary RouterNumber of Links: 8Link connected to: another Router (point-to-point)(link ID) Neighboring Router ID: 10.187.21.5(Link Data) Router Interface address: 10.187.21.6Number of TOS metrics: 0TOS 0 Metrics: 2The following is sample output from the show ospf database network command:
hostname# show ospf database networkOSPF Router with id(192.168.239.66) (Process ID 300)Displaying Net Link States(Area 0.0.0.0)LS age: 1367Options: (No TOS-capability)LS Type: Network LinksLink State ID: 10.187.1.3 (address of Designated Router)Advertising Router: 192.168.239.66LS Seq Number: 800000E7Checksum: 0x1229Length: 52Network Mask: 255.255.255.0Attached Router: 192.168.239.66Attached Router: 10.187.241.5Attached Router: 10.187.1.1Attached Router: 10.187.54.5Attached Router: 10.187.1.5The following is sample output from the show ospf database summary command:
hostname# show ospf database summaryOSPF Router with id(192.168.239.66) (Process ID 300)Displaying Summary Net Link States(Area 0.0.0.0)LS age: 1401Options: (No TOS-capability)LS Type: Summary Links(Network)Link State ID: 10.187.240.0 (summary Network Number)Advertising Router: 10.187.241.5LS Seq Number: 80000072Checksum: 0x84FFLength: 28Network Mask: 255.255.255.0 TOS: 0 Metric: 1The following is sample output from the show ospf database external command:
hostname# show ospf database externalOSPF Router with id(192.168.239.66) (Autonomous system 300)Displaying AS External Link StatesLS age: 280Options: (No TOS-capability)LS Type: AS External LinkLink State ID: 172.16.0.0 (External Network Number)Advertising Router: 10.187.70.6LS Seq Number: 80000AFDChecksum: 0xC3ALength: 36Network Mask: 255.255.0.0Metric Type: 2 (Larger than any link state path)TOS: 0Metric: 1Forward Address: 0.0.0.0External Route Tag: 0Related Commands
show ospf flood-list
To display a list of OSPF LSAs waiting to be flooded over an interface, use the show ospf flood-list command in privileged EXEC mode.
show ospf flood-list interface_name
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
The OSPF routing-related show commands are available in privileged mode on the ASA. You do not need to be in an OSPF configuration mode to use the OSPF-related show commands.
Examples
The following is sample output from the show ospf flood-list command:
hostname# show ospf flood-list outsideInterface outside, Queue length 20Link state flooding due in 12 msecType LS ID ADV RTR Seq NO Age Checksum5 10.2.195.0 192.168.0.163 0x80000009 0 0xFB615 10.1.192.0 192.168.0.163 0x80000009 0 0x29385 10.2.194.0 192.168.0.163 0x80000009 0 0x7575 10.1.193.0 192.168.0.163 0x80000009 0 0x1E425 10.2.193.0 192.168.0.163 0x80000009 0 0x124D5 10.1.194.0 192.168.0.163 0x80000009 0 0x134CRelated Commands
show ospf interface
To display the OSPF-related interface information, use the show ospf interface command in privileged EXEC mode.
show ospf interface [interface_name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
When used without the interface_name argument, the OSPF information for all interfaces is shown.
Examples
The following is sample output from the show ospf interface command:
hostname# show ospf interface outsideout is up, line protocol is upInternet Address 10.0.3.4 mask 255.255.255.0, Area 0Process ID 2, Router ID 10.0.3.4, Network Type BROADCAST, Cost: 10Transmit Delay is 1 sec, State WAITING, Priority 1No designated router on this networkNo backup designated router on this networkTimer intervals configured, Hello 10 msec, Dead 1, Wait 1, Retransmit 5Hello due in 5 msecWait time before Designated router selection 0:00:11Index 1/1, flood queue length 0Next 0x00000000(0)/0x00000000(0)Last flood scan length is 0, maximum is 0Last flood scan time is 0 msec, maximum is 0 msecNeighbor Count is 0, Adjacent neighbor count is 0Suppress hello for 0 neighbor(s)Related Commands
show ospf neighbor
To display the OSPF-neighbor information on a per-interface basis, use the show ospf neighbor command in privileged EXEC mode.
show ospf neighbor [detail | interface_name [nbr_router_id]]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following is sample output from the show ospf neighbor command. It shows how to display the OSPF-neighbor information on a per-interface basis.
hostname# show ospf neighbor outsideNeighbor 192.168.5.2, interface address 10.225.200.28In the area 0 via interface outsideNeighbor priority is 1, State is FULL, 6 state changesDR is 10.225.200.28 BDR is 10.225.200.30Options is 0x42Dead timer due in 00:00:36Neighbor is up for 00:09:46Index 1/1, retransmission queue length 0, number of retransmission 1First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)Last retransmission scan length is 1, maximum is 1Last retransmission scan time is 0 msec, maximum is 0 msecRelated Commands
neighbor
Configures OSPF routers interconnecting to non-broadcast networks.
router ospf
Enables OSPF routing and configures global OSPF routing parameters.
show ospf request-list
To display a list of all LSAs that are requested by a router, use the show ospf request-list command in privileged EXEC mode.
show ospf request-list nbr_router_id interface_name
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following is sample output from the show ospf request-list command:
hostname# show ospf request-list 192.168.1.12 insideOSPF Router with ID (192.168.1.11) (Process ID 1)Neighbor 192.168.1.12, interface inside address 172.16.1.12Type LS ID ADV RTR Seq NO Age Checksum1 192.168.1.12 192.168.1.12 0x8000020D 8 0x6572Related Commands
show ospf retransmission-list
To display a list of all LSAs waiting to be resent, use the show ospf retransmission-list command in privileged EXEC mode.
show ospf retransmission-list nbr_router_id interface_name
Syntax Description
interface_name
Name of the interface for which to display neighbor information.
nbr_router_id
Router ID of the neighbor router.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
The OSPF routing-related show commands are available in privileged mode on the ASA. You do not need to be in an OSPF configuration mode to use the OSPF-related show commands.
The nbr_router_id argument displays the list of all LSAs that are waiting to be resent for this neighbor.
The interface_name argument displays the list of all LSAs that are waiting to be resent for this interface.
Examples
The following is sample output from the show ospf retransmission-list command, where the nbr_router_id argument is 192.168.1.11 and the if_name argument is outside:
hostname# show ospf retransmission-list 192.168.1.11 outsideOSPF Router with ID (192.168.1.12) (Process ID 1)Neighbor 192.168.1.11, interface outside address 172.16.1.11Link state retransmission due in 3764 msec, Queue length 2Type LS ID ADV RTR Seq NO Age Checksum1 192.168.1.12 192.168.1.12 0x80000210 0 0xB196Related Commands
show ospf request-list
Displays a list of all LSAs that are requested by a router.
show ospf summary-address
To display a list of all summary address redistribution information that is configured under an OSPF process, use the show ospf summary-address command in privileged EXEC mode.
show ospf summary-address
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following shows sample output from the show ospf summary-address command. It shows how to display a list of all summary address redistribution information before a summary address has been configured for an OSPF process with the ID of 5.
hostname# show ospf 5 summary-addressOSPF Process 2, Summary-address10.2.0.0/255.255.0.0 Metric -1, Type 0, Tag 010.2.0.0/255.255.0.0 Metric -1, Type 0, Tag 10Related Commands
show ospf traffic
To display a list of different types of packets that have been processed (sent or received) by a particular OSPF instance, use the show ospf traffic command in privileged EXEC mode. With this command, you can get a snapshot of the different types of OSPF packets that are being being processed without enabling debugging. If there are two OSPF instances configured, the show ospf traffic command displays the statistics for both instances with the process ID of each instance. You can also display the statistics for a single instance by using the show ospf process_id traffic command.
show ospf traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Usage Guidelines
With this command, you can get a snapshot of the different types of OSPF packets that are being being processed without enabling debugging. If there are two OSPF instances configured, the show ospf traffic command displays the statistics for both instances with the process ID of each instance. You can also display the statistics for a single instance by using the show ospf process_id traffic command.
Examples
The following shows sample output from the show ospf traffic command.
hostname# show ospf trafficOSPF statistics (Process ID 70):Rcvd: 244 total, 0 checksum errors234 hello, 4 database desc, 1 link state req3 link state updates, 2 link state acksSent: 485 total472 hello, 7 database desc, 1 link state req3 link state updates, 2 link state acksRelated Commands
show ospf virtual-links
Displays the parameters and the current state of OSPF virtual links.
show ospf virtual-links
To display the parameters and the current state of OSPF virtual links, use the show ospf virtual-links command in privileged EXEC mode.
show ospf virtual-links
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
•
—
Command History
Examples
The following is sample output from the show ospf virtual-links command:
hostname# show ospf virtual-linksVirtual Link to router 192.168.101.2 is upTransit area 0.0.0.1, via interface Ethernet0, Cost of using 10Transmit Delay is 1 sec, State POINT_TO_POINTTimer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Hello due in 0:00:08Adjacency State FULLRelated Commands