-
Cisco ASA Series Command Reference
-
About this Guide
-
Using the Command Line Interface
- A through B Commands
-
C Commands
-
cache -- clear compression
-
clear configure -- clear configure http
-
clear configure flow-export-- clear configure zonelabs-integrity
-
clear conn -- clear isakmp sa
-
clear local-host -- clear xlate
-
client-access-rule -- crl-configure
-
crypto ca authenticate -- crypto ipsec ikev1 transform-set mode transport
-
crypto isakmp disconnect-notify -- cxsc auth-proxy port
-
-
D through F Commands
-
database path -- debug cxsc
-
debug dap -- debug http-map
-
debug icmp -- debug ospfv3
-
debug parser cache -- debug xml
-
default -- dhcp-server
-
dhcpd address -- distribute-list out
-
dns domain-lookup -- dynamic-filter whitelist
-
eigrp log-neighbor-changes -- export webvpn webcontent
-
failover -- fallback
-
file-bookmarks -- functions
-
- G through I Commands
- J through L Commands
- M through O Commands
- P through R Commands
-
S Commands
-
same-security-traffic -- shape
-
show aaa kerberos -- show asdm sessions
-
show asp cluster counter -- show asp table vpn-context
-
show blocks -- show cpu
-
show crashinfo -- show curpriv
-
show ddns update interface -- show environment
-
show failover -- show ipsec stats traffic
-
show ipv6 access-list -- show ipv6
-
show isakmp ipsec-over-tcp stats -- show ospf virtual-links
-
show nac-policy -- show ospf virtual-links
-
show pager -- show route
-
show running-config -- show running-config ctl-provider
-
show running-config ddns -- show running-config isakmp
-
show running-config ipv6 router -- show running-config router
-
show running-config same-security-traffic -- show running-config xlate
-
show scansafe -- show switch vlan
-
show tcpstat -- show traffic
-
show uauth -- show xlate
-
shun -- snmp-server user
-
software-version -- storage-objects
-
subject-name -- sysopt radius ignore-secret
-
- T through Z Commands
-
Cisco IOS Commands for the ASASM
-
Feedback
Table Of Contents
show pager through show route Commands
show port-channel load-balance
show priority-queue statistics
show pager through show route Commands
show pager
To display a default or static route for an interface, use the show pager command in privileged EXEC mode.
show pager
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Examples
The following is sample output from the show pager command:
hostname(config)# show pagerpager lines 0Related Commands
show password encryption
To show the password encryption configuration settings, use the show password encryption command in privileged EXEC mode.
show password encryption
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command.
Privileged EXEC
•
•
•
•
•
Command History
8.3(1)
This command was introduced.
8.4(1)
Allows you to show password encryption in user context.
Usage Guidelines
If the key has been saved using the write memory command, "saved" appears next to the key hash. If there is no key or it has been removed from the running configuration, "Not set" appears instead of the hash value.
Examples
The following is sample output from the show password encryption command:
hostname# show password encryptionPassword Encryption: EnabledMaster key hash: 0x35859e5e 0xc607399b 0x35a3438f 0x55474935 0xbec1ee7d(not saved)Related Commands
password encryption aes
Enables password encryption.
key config-key password-encrypt
Sets the pass phrase used for generating the encryption key.
show perfmon
To display information about the performance of the ASA, use the show perfmon command in privileged EXEC mode.
show perfmon [detail]
Syntax Description
detail
(Optional) Shows additional statsistics. These statistics match those gathered by the Global and Per-protocol connection objects of the Cisco Unified Firewall MIB.
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
7.0(1)
Support for this command was introduced on the ASA.
7.2(1)
The detail keyword was added.
Usage Guidelines
This command output does not display in a Telnet session.
The perfmon command shows performance statistics continuously at defined intervals. The show perfmon command allows you to display the information immediately.
Examples
The following is sample output for the show perfmon command:
hostname(config)# show perfmonContext: my_contextPERFMON STATS: Current AverageXlates 0/s 0/sConnections 0/s 0/sTCP Conns 0/s 0/sUDP Conns 0/s 0/sURL Access 0/s 0/sURL Server Req 0/s 0/sWebSns Req 0/s 0/sTCP Fixup 0/s 0/sTCP Intercept 0/s 0/sHTTP Fixup 0/s 0/sFTP Fixup 0/s 0/sAAA Authen 0/s 0/sAAA Author 0/s 0/sAAA Account 0/s 0/sThe following is sample output for the show perfmon detail command:
hostname(config)# show perfmon detailPERFMON STATS: Current AverageXlates 0/s 0/sConnections 0/s 0/sTCP Conns 0/s 0/sUDP Conns 0/s 0/sURL Access 0/s 0/sURL Server Req 0/s 0/sTCP Fixup 0/s 0/sHTTP Fixup 0/s 0/sFTP Fixup 0/s 0/sAAA Authen 0/s 0/sAAA Author 0/s 0/sAAA Account 0/s 0/sTCP Intercept 0/s 0/sSETUP RATES:Connections for 1 minute = 0/s; 5 minutes = 0/sTCP Conns for 1 minute = 0/s; 5 minutes = 0/sUDP Conns for 1 minute = 0/s; 5 minutes = 0/sRelated Commands
perfmon
Displays detailed performance monitoring information at defined intervals.
show phone-proxy
To show phone-proxy specific information, use the show phone-proxy command in global configuration mode.
show phone-proxy [ media-sessions [detail] | signaling-sessions [detai] | secure-phones ]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
—
•
—
—
Command History
Examples
The following example shows the use of the show phone proxy command to show Phone Proxy specific information:
hostname(config)#show phone-proxyPhone-Proxy 'mypp': Runtime Proxy ref_cnt 2Cluster Mode: nonsecureRun-time proxies:Proxy 0xd55f6fd8: Class-map: secsip, Inspect: sipProxy 0xd58a93a8: Class-map: secsccp, Inspect: skinnyphoneproxy(config)# show phone-proxy secure-phonesmypp: 5 in use, 5 most usedInterface IP Address Port MAC Timeout Idleoutside 69.181.112.219 10889 001e.7ac4.da9c 0:05:00 0:01:36outside 98.208.25.87 14159 001c.581c.0663 0:05:00 0:00:04outside 98.208.25.87 14158 0007.0e36.4804 0:05:00 0:00:13outside 98.208.25.87 14157 001e.7ac4.deb8 0:05:00 0:00:21outside 128.107.254.69 49875 001b.0cad.1f69 0:05:00 0:00:04hostname(config)#The following example shows the use of the show phone proxy command to display the phones capable of secure mode stored in the database:
hostname(config)#show phone-proxy secure-phonesasa_phone_proxy: 3 in use, 4 most usedInterface/IP Address MAC Timeout Idle------------------------ ---------- --------- ------outside:69.181.112.219 001e.7ac4.da9c 0:05:00 0:00:16outside:69.181.112.219 0002.b9eb.0aad 0:05:00 0:00:58outside:98.208.49.30 0007.0e36.4804 0:05:00 0:00:09hostname(config)#The following example shows the use of the show phone proxy command to show output from a successful call and the media-termination address configured for the interface between which the media sessions are established:
hostname(config)#show phone-proxy media-sessionsMedia-session: 128.106.254.3/1168 refcnt 6<---> RTP connection to 192.168.200.106/25038 tx_pkts 485 rx_pkts 491Media-session: 128.106.254.3/1170 refcnt 6<---> SRTP connection to 98.208.25.87/1030 tx_pkts 484 rx_pkts 485Related Commands
debug phone-proxy
Displays debug messages for the Phone Proxy instance.
phone proxy
Configures the Phone Proxy instance.
show pim df
To display the bidirectional DF "winner" for a rendezvous point (RP) or interface, use the show pim df command in user EXEC or privileged EXEC mode.
show pim df [winner] [rp_address | if_name]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command also displays the winner metric towards the RP.
Examples
The following is sample output from the show pim df command:
hostname# show pim dfRP Interface DF Winner Metrics172.16.1.3 Loopback3 172.17.3.2 [110/2]172.16.1.3 Loopback2 172.17.2.2 [110/2]172.16.1.3 Loopback1 172.17.1.2 [110/2]172.16.1.3 inside 10.10.2.3 [0/0]172.16.1.3 inside 10.10.1.2 [110/2]show pim group-map
To display group-to-protocol mapping table, use the show pim group-map command in user EXEC or privileged EXEC mode.
show pim group-map [info-source] [group]
Syntax Description
Defaults
Displays group-to-protocol mappings for all groups.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command displays all group protocol address mappings for the RP. Mappings are learned on the ASA from different clients.
The PIM implementation on the ASA has various special entries in the mapping table. Auto-rp group ranges are specifically denied from sparse-mode group range. SSM group range also does not fall under sparse-mode. Link Local multicast groups (224.0.0.0-224.0.0.225, as defined by 224.0.0.0/24) are also denied from the sparse-mode group range. The last entry shows all remaining groups in Sparse-Mode with a given RP.
If multiple RPs are configured with the pim rp-address command, then the appropriate group range is displayed with their corresponding RPs.
Examples
The following is sample output form the show pim group-map command:
hostname# show pim group-mapGroup Range Proto Client Groups RP address Info224.0.1.39/32* DM static 1 0.0.0.0224.0.1.40/32* DM static 1 0.0.0.0224.0.0.0/24* NO static 0 0.0.0.0232.0.0.0/8* SSM config 0 0.0.0.0224.0.0.0/4* SM autorp 1 10.10.2.2 RPF: POS01/0/3,10.10.3.2In lines 1 and 2, Auto-RP group ranges are specifically denied from the sparse mode group range.
In line 3, link-local multicast groups (224.0.0.0 to 224.0.0.255 as defined by 224.0.0.0/24) are also denied from the sparse mode group range.
In line 4, the PIM Source Specific Multicast (PIM-SSM) group range is mapped to 232.0.0.0/8.
The last entry shows that all the remaining groups are in sparse mode mapped to RP 10.10.3.2.
Related Commands
multicast-routing
Enables multicast routing on the ASA.
pim rp-address
Configures the address of a PIM rendezvous point (RP).
show pim interface
To display interface-specific information for PIM, use the show pim interface command in user EXEC or privileged EXEC mode.
show pim interface [if_name | state-off | state-on]
Syntax Description
Defaults
If you do not specify an interface, PIM information for all interfaces is shown.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
The PIM implementation on the ASA considers the ASA itself a PIM neighbor. Therefore, the neighbor count column in the output of this command shows one more than the actual number of neighbors.
Examples
The following example displays PIM information for the inside interface:
hostname# show pim interface insideAddress Interface Ver/ Nbr Query DR DRMode Count Intvl Prior172.16.1.4 inside v2/S 2 100 ms 1 172.16.1.4Related Commands
show pim join-prune statistic
To display PIM join/prune aggregation statistics, use the show pim join-prune statistics command in user EXEC or privileged EXEC mode.
show pim join-prune statistics [if_name]
Syntax Description
if_name
(Optional) The name of an interface. Including this argument limits the displayed information to the specified interface.
Defaults
If an interface is not specified, this command shows the join/prune statistics for all interfaces.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
Clear the PIM join/prune statistics with the clear pim counters command.
Examples
The following is sample output from the show pim join-prune statistic command:
hostname# show pim join-prune statisticPIM Average Join/Prune Aggregation for last (1K/10K/50K) packetsInterface Transmitted Receivedinside 0 / 0 / 0 0 / 0 / 0GigabitEthernet1 0 / 0 / 0 0 / 0 / 0Ethernet0 0 / 0 / 0 0 / 0 / 0Ethernet3 0 / 0 / 0 0 / 0 / 0GigabitEthernet0 0 / 0 / 0 0 / 0 / 0Ethernet2 0 / 0 / 0 0 / 0 / 0Related Commands
show pim neighbor
To display entries in the PIM neighbor table, use the show pim neighbor command in user EXEC or privileged EXEc mode.
show pim neighbor [count | detail] [interface]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command is used to determine the PIM neighbors known to this router through PIM hello messages. Also, this command indicates that an interface is a designated router (DR) and when the neighbor is capable of bidirectional operation.
The PIM implementation on the ASA considers the ASA itself to be a PIM neighbor. Therefore, the ASA interface is shown in the output of this command. The IP address of the ASA is indicated by an asterisk next to the address.
Examples
The following is sample output from the show pim neighbor command:
hostname# show pim neighbor insideNeighbor Address Interface Uptime Expires DR pri Bidir10.10.1.1 inside 03:40:36 00:01:41 1 B10.10.1.2* inside 03:41:28 00:01:32 1 (DR) BRelated Commands
show pim range-list
To display range-list information for PIM, use the show pim range-list command in user EXEC or privileged EXEC mode.
show pim range-list [rp_address]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command is used to determine the multicast forwarding mode to group mapping. The output also indicates the rendezvous point (RP) address for the range, if applicable.
Examples
The following is sample output from the show pim range-list command:
hostname# show pim range-listconfig SSM Exp: never Src: 0.0.0.0230.0.0.0/8 Up: 03:47:09config BD RP: 172.16.1.3 Exp: never Src: 0.0.0.0239.0.0.0/8 Up: 03:47:16config BD RP: 172.18.1.6 Exp: never Src: 0.0.0.0239.100.0.0/16 Up: 03:47:10config SM RP: 172.18.2.6 Exp: never Src: 0.0.0.0235.0.0.0/8 Up: 03:47:09Related Commands
show pim group-map
Displays group-to-PIM mode mapping and active RP information.
show pim topology
To display PIM topology table information, use the show pim topology command in user EXEC or privileged EXEC mode.
show pim topology [group] [source]
Syntax Description
Defaults
Topology information for all groups and sources is shown.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
Use the PIM topology table to display various entries for a given group, (*, G), (S, G), and (S, G)RPT, each with its own interface list.
PIM communicates the contents of these entries through the MRIB, which is an intermediary for communication between multicast routing protocols, such as PIM, local membership protocols, such as Internet Group Management Protocol (IGMP), and the multicast forwarding engine of the system.
The MRIB shows on which interface the data packet should be accepted and on which interfaces the data packet should be forwarded, for a given (S, G) entry. Additionally, the Multicast Forwarding Information Base (MFIB) table is used during forwarding to decide on per-packet forwarding actions.
Note
Examples
The following is sample output from the show pim topology command:
hostname# show pim topologyIP PIM Multicast Topology TableEntry state: (*/S,G)[RPT/SPT] Protocol Uptime InfoEntry flags: KAT - Keep Alive Timer, AA - Assume Alive, PA - Probe Alive,RA - Really Alive, LH - Last Hop, DSS - Don't Signal Sources,RR - Register Received, SR(*,224.0.1.40) DM Up: 15:57:24 RP: 0.0.0.0JP: Null(never) RPF: ,0.0.0.0 Flags: LH DSSoutside 15:57:24 off LI LH(*,224.0.1.24) SM Up: 15:57:20 RP: 0.0.0.0JP: Join(00:00:32) RPF: ,0.0.0.0 Flags: LHoutside 15:57:20 fwd LI LH(*,224.0.1.60) SM Up: 15:57:16 RP: 0.0.0.0JP: Join(00:00:32) RPF: ,0.0.0.0 Flags: LHoutside 15:57:16 fwd LI LHRelated Commands
show mrib route
Displays the MRIB table.
show pim topology reserved
Displays PIM topology table information for reserved groups.
show pim topology reserved
To display PIM topology table information for reserved groups, use the show pim topology reserved command in user EXEC or privileged EXEC mode.
show pim topology reserved
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or privileged EXEC
•
—
•
—
—
Command History
Examples
The following is sample output from the show pim topology reserved command:
hostname# show pim topology reservedIP PIM Multicast Topology TableEntry state: (*/S,G)[RPT/SPT] Protocol Uptime InfoEntry flags: KAT - Keep Alive Timer, AA - Assume Alive, PA - Probe Alive,RA - Really Alive, LH - Last Hop, DSS - Don't Signal Sources,RR - Register Received, SR - Sending Registers, E - MSDP External,DCC - Don't Check ConnectedInterface state: Name, Uptime, Fwd, InfoInterface flags: LI - Local Interest, LD - Local Disinterest,II - Internal Interest, ID - Internal Disinterest,LH - Last Hop, AS - Assert, AB - Admin Boundary(*,224.0.0.1) L-Local Up: 00:02:26 RP: 0.0.0.0JP: Null(never) RPF: ,0.0.0.0 Flags:outside 00:02:26 off II(*,224.0.0.3) L-Local Up: 00:00:48 RP: 0.0.0.0JP: Null(never) RPF: ,0.0.0.0 Flags:inside 00:00:48 off IIRelated Commands
show pim topology route-count
To display PIM topology table entry counts, use the show pim topology route-count command in user EXEC or privileged EXEC mode.
show pim topology route-count [detail]
Syntax Description
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
This command displays the count of entries in the PIM topology table. To display more information about the entries, use the show pim topology command.
Examples
The following is sample output from the show pim topology route-count command:
hostname# show pim topology route-countPIM Topology Table SummaryNo. of group ranges = 5No. of (*,G) routes = 0No. of (S,G) routes = 0No. of (S,G)RPT routes = 0Related Commands
show pim traffic
To display PIM traffic counters, use the show pim traffic command in user EXEC or privileged EXEC mode.
show pim traffic
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
Clear the PIM traffic counters with the clear pim counters command.
Examples
The following is sample output from the show pim traffic command:
hostname# show pim trafficPIM Traffic CountersElapsed time since counters cleared: 3d06hReceived SentValid PIM Packets 0 9485Hello 0 9485Join-Prune 0 0Register 0 0Register Stop 0 0Assert 0 0Bidir DF Election 0 0Errors:Malformed Packets 0Bad Checksums 0Send Errors 0Packet Sent on Loopback Errors 0Packets Received on PIM-disabled Interface 0Packets Received with Unknown PIM Version 0Related Commands
show pim tunnel
To display information about the PIM tunnel interfaces, use the show pim tunnel command in user EXEC or privileged EXEC mode.
show pim tunnel [if_name]
Syntax Description
if_name
(Optional) The name of an interface. Including this argument limits the displayed information to the specified interface.
Defaults
If an interface is not specified, this command shows the PIM tunnel information for all interfaces.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC or Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
PIM register packets are sent through the virtual encapsulation tunnel interface from the source first hop DR router to the RP. On the RP, a virtual decapsulation tunnel is used to represent the receiving interface of the PIM register packets. This command displays tunnel information for both types of interfaces.
Register tunnels are the encapsulated (in PIM register messages) multicast packets from a source that is sent to the RP for distribution through the shared tree. Registering applies only to SM, not SSM and bidirectional PIM.
Examples
The following is sample output from the show pim tunnel command:
hostname# show pim tunnelInterface RP Address Source AddressEncapstunnel0 10.1.1.1 10.1.1.1Decapstunnel0 10.1.1.1 -Related Commands
show port-channel
To display EtherChannel information in a detailed and one-line summary form or to display the port and port-channel information, use the show port-channel command in privileged EXEC mode.
show port-channel [channel_group_number] [brief | detail | port | protocol | summary]
Syntax Description
Command Default
The default is brief.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Examples
The following is sample output from the show port-channel command:
hostname# show port-channelChannel-group listing:-----------------------Group: 1----------Ports: 3 Maxports = 16Port-channels: 1 Max Port-channels = 48Protocol: LACP/ activeMinimum Links: 1Maximum Bundle: 8Load balance: src-dst-ipThe following is sample output from the show port-channel summary command:
hostname# show port-channel summaryNumber of channel-groups in use: 1Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------1 Po1 LACP Gi3/1 Gi3/2 Gi3/3The following is sample output from the show port-channel detail command:
hostname# show port-channel detailChannel-group listing:-----------------------Group: 1----------Ports: 3 Maxports = 16Port-channels: 1 Max Port-channels = 48Protocol: LACP/ activeMinimum Links: 1Maximum Bundle: 8Load balance: src-dst-ipPorts in the group:-------------------Port: Gi3/1------------Port state = bndlChannel group = 1 Mode = LACP/ activePort-channel = Po1Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.A - Device is in active mode. P - Device is in passive mode.Local information:LACP port Admin Oper Port PortPort Flags State Priority Key Key Number State-----------------------------------------------------------------------------Gi3/1 SA bndl 32768 0x1 0x1 0x302 0x3dPartner's information:Partner Partner LACP Partner Partner Partner Partner PartnerPort Flags State Port Priority Admin Key Oper Key Port Number Port State-----------------------------------------------------------------------------------Gi3/1 SA bndl 32768 0x0 0x1 0x306 0x3dPort: Gi3/2------------Port state = bndlChannel group = 1 Mode = LACP/ activePort-channel = Po1Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.A - Device is in active mode. P - Device is in passive mode.Local information:LACP port Admin Oper Port PortPort Flags State Priority Key Key Number State-----------------------------------------------------------------------------Gi3/2 SA bndl 32768 0x1 0x1 0x303 0x3dPartner's information:Partner Partner LACP Partner Partner Partner Partner PartnerPort Flags State Port Priority Admin Key Oper Key Port Number Port State-----------------------------------------------------------------------------------Gi3/2 SA bndl 32768 0x0 0x1 0x303 0x3dPort: Gi3/3------------Port state = bndlChannel group = 1 Mode = LACP/ activePort-channel = Po1Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.A - Device is in active mode. P - Device is in passive mode.Local information:LACP port Admin Oper Port PortPort Flags State Priority Key Key Number State-----------------------------------------------------------------------------Gi3/3 SA bndl 32768 0x1 0x1 0x304 0x3dPartner's information:Partner Partner LACP Partner Partner Partner Partner PartnerPort Flags State Port Priority Admin Key Oper Key Port Number Port State-----------------------------------------------------------------------------------Gi3/3 SA bndl 32768 0x0 0x1 0x302 0x3dThe following is sample output from the show port-channel port command:
hostname# show port-channel portChannel-group listing:-----------------------Group: 1----------Ports in the group:-------------------Port: Gi3/1------------Port state = bndlChannel group = 1 Mode = LACP/ activePort-channel = Po1Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.A - Device is in active mode. P - Device is in passive mode.Local information:LACP port Admin Oper Port PortPort Flags State Priority Key Key Number State-----------------------------------------------------------------------------Gi3/1 SA bndl 32768 0x1 0x1 0x302 0x3dPartner's information:Partner Partner LACP Partner Partner Partner Partner PartnerPort Flags State Port Priority Admin Key Oper Key Port Number Port State-----------------------------------------------------------------------------------Gi3/1 SA bndl 32768 0x0 0x1 0x306 0x3dPort: Gi3/2------------Port state = bndlChannel group = 1 Mode = LACP/ activePort-channel = Po1Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.A - Device is in active mode. P - Device is in passive mode.Local information:LACP port Admin Oper Port PortPort Flags State Priority Key Key Number State-----------------------------------------------------------------------------Gi3/2 SA bndl 32768 0x1 0x1 0x303 0x3dPartner's information:Partner Partner LACP Partner Partner Partner Partner PartnerPort Flags State Port Priority Admin Key Oper Key Port Number Port State-----------------------------------------------------------------------------------Gi3/2 SA bndl 32768 0x0 0x1 0x303 0x3dPort: Gi3/3------------Port state = bndlChannel group = 1 Mode = LACP/ activePort-channel = Po1Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.A - Device is in active mode. P - Device is in passive mode.Local information:LACP port Admin Oper Port PortPort Flags State Priority Key Key Number State-----------------------------------------------------------------------------Gi3/3 SA bndl 32768 0x1 0x1 0x304 0x3dPartner's information:Partner Partner LACP Partner Partner Partner Partner PartnerPort Flags State Port Priority Admin Key Oper Key Port Number Port State-----------------------------------------------------------------------------------Gi3/3 SA bndl 32768 0x0 0x1 0x302 0x3dThe following is sample output from the show port-channel protocol command:
hostname# show port-channel protocolChannel-group listing:-----------------------Group: 1----------Protocol: LACPRelated Commands
show port-channel load-balance
For EtherChannels, to display the current port-channel load-balance algorithm, and optionally to view the member interface selected for a given set of parameters, enter this command in privileged EXEC mode.
show port-channel channel_group_number load-balance [hash-result {ip | ipv6 | mac | l4port | mixed | vlan-only number} parameters]
Syntax Description
Command Default
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Usage Guidelines
By default, the ASA balances the packet load on interfaces according to the source and destination IP address (src-dst-ip) of the packet. To change the algorithm, see the port-channel load-balance command.
This command lets you view the current load-balancing algorithm, but, with the hash-result keyword, also lets you test which member interface will be chosen for a packet with given parameters. This command only tests against the current load-balancing algorithm. For example, if the algorithm is src-dst-ip, then enter the IPv4 or IPv6 source and destination IP addresses. If you enter other arguments not used by the current algorithm, they are ignored, and the unentered values actually used by the algorithm default to 0. For example, if the algorithm is vlan-src-ip, then enter:
show port-channel 1 load-balance hash-result ip source 10.1.1.1 vlan 5If you enter the following, then the vlan-src-ip algorithm assumes a source IP address of 0.0.0.0 and VLAN 0, and ignores the values you enter:
show port-channel 1 load-balance hash-result l4port source 90 destination 100Examples
The following is sample output from the show port-channel 1 load-balance command:
hostname# show port-channel 1 load-balanceEtherChannel Load-Balancing Configuration:src-dst-ipEtherChannel Load-Balancing Addresses UsedPer-Protocol:Non-IP: Source XOR Destination MAC addressIPv4: Source XOR Destination IP addressIPv6: Source XOR Destination IP addressThe following is sample output from the show port-channel 1 load-balance hash-result command, where the entered parameters match the current algorithm (src-dst-ip):
hostname# show port-channel 1 load-balance hash-result ip source 10.1.1.1 destination 10.5.5.5Would select GigabitEthernet2/1 based on algorithm src-dst-ipThe following is sample output from the show port-channel 1 load-balance hash-result command, where the entered parameters do not match the current algorithm (src-dst-ip), and the hash uses 0 values:
hostname# show port-channel 1 load-balance hash-result l4port source 5Would select GigabitEthernet3/2 of Port-channel1 based on algorithm src-dst-ipRelated Commands
show power inline
For models with PoE interfaces, such as the ASA 5505, use the show power inline command in user EXEC mode to show power status of the interfaces.
show power inline
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC
•
•
•
—
—
Command History
Usage Guidelines
You can use PoE interfaces to connect devices that require power, such as an IP phone or a wireless access point.
Examples
The following is sample output from the show power inline command:
hostname# show power inlineInterface Power Device----------- ----- ------Ethernet0/0 n/a n/aEthernet0/1 n/a n/aEthernet0/2 n/a n/aEthernet0/3 n/a n/aEthernet0/4 n/a n/aEthernet0/5 n/a n/aEthernet0/6 On CiscoEthernet0/7 Off n/aTable 53-1 shows each field description:
Related Commands
show priority-queue statistics
To display the priority-queue statistics for an interface, use the show priority-queue statistics command in privileged EXEC mode.
show priority-queue statistics [interface-name]
Syntax Description
interface-name
(Optional) Specifies the name of the interface for which you want to show the best-effort and low-latency queue details.
Defaults
If you omit the interface name, this command shows priority-queue statistics for all configured interfaces.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
This example shows the use of the show priority-queue statistics command for the interface named test, and the command output. In this output, BE indicates the best-effort queue, and LLQ represents the low-latency queue:
hostname# show priority-queue statistics testPriority-Queue Statistics interface testQueue Type = BEPackets Dropped = 0Packets Transmit = 0Packets Enqueued = 0Current Q Length = 0Max Q Length = 0Queue Type = LLQPackets Dropped = 0Packets Transmit = 0Packets Enqueued = 0Current Q Length = 0Max Q Length = 0hostname#Related Commands
show processes
To display a list of the processes that are running on the ASA, use the show processes command in privileged EXEC mode.
show processes [cpu-usage [[ non-zero ][ sorted]] [cpu-hog | memory | internals]
Syntax Description
Defaults
By default, this command displays the processes running on the ASA.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
·
·
·
·
·
Command History
Usage Guidelines
Processes are lightweight threads that require only a few instructions. The show processes commands display a list of the processes that are running on the ASA, as follows:
Use the show processes cpu-usage command to narrow down a particular process on the ASA that might be using the CPU of the ASA. You can use the sorted and non-zero commands to further customize the output of the show processes cpu-usage command.
With the scheduler and total summary lines, you can run two consecutive show proccesses commands and compare the output to determine:
•
•
Examples
The following example shows how to display a list of processes that are running on the ASA:
hostname(config)#show processesPC SP STATE Runtime SBASE Stack ProcessHsi 00102aa0 0a63f288 0089b068 117460 0a63e2d4 3600/4096 arp_timerLsi 00102aa0 0a6423b4 0089b068 10 0a64140c 3824/4096 FragDBGCHwe 004257c8 0a7cacd4 0082dfd8 0 0a7c9d1c 3972/4096 udp_timerLwe 0011751a 0a7cc438 008ea5d0 20 0a7cb474 3560/4096 dbgtrace<--- More --->- - - - 638515 - - scheduler- - - - 2625389 - - totalThe following example shows how to display the percentage of CPU used by each process:
hostname(config)# show proc cpu-usage non-zeroPC Thread 5Sec 1Min 5Min Process0818af8e d482f92c 0.1% 0.1% 0.1% Dispatch Unit08bae136 d48180f0 0.1% 0.0% 0.2% ssh--------------------------------------The following example shows how to display the number and detail of processes that are hogging the CPU:
hostname(config)# show processes cpu-hogProcess: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 13, LASTHOG: 13LASTHOG At: 08:30:15 PST Jan 20 2011PC: 0x08413a62Call stack: 0x084f6c5d 0x08412cc3 0x08407a85 0x0806e0ea 0x08a4b17d 0x0806e0ea 0x0849bffd0x084950cd 0x0849530c 0x08495636 0x0849bc59 0x080680cc
hostname(config)#The following example shows how to display the memory allocation for each process:
hostname(config)# show processes memory
hostname(config)#
hostname(config)#
hostname(config)#
hostname(config)#
hostname(config)#
PC SP STATE Runtime SBASE Stack Process
Hsi 00102aa0 0a63f288 0089b068 117460 0a63e2d4 3600/4096 arp_timerThe following example shows how to display the internal details of each process:
hostname# show processes internals
Lsi 00102aa0 0a6423b4 0089b068 10 0a64140c 3824/4096 FragDBGC
Hwe 004257c8 0a7cacd4 0082dfd8 0 0a7c9d1c 3972/4096 udp_timer
Lwe 0011751a 0a7cc438 008ea5d0 20 0a7cb474 3560/4096 dbgtrace
<--- More --->
(other lines deleted for brevity)
------------------------------------------------------------
Allocs Allocated Frees Freed Process
(bytes) (bytes)
------------------------------------------------------------
23512 13471545 6 180 *System Main*
0 0 0 0 lu_rx
2 8324 16 19488 vpnlb_thread
Invoked Giveups Process
1 0 block_diag
19108445 19108445 Dispatch Unit
1 0 CF OIR
1 0 Reload Control Thread
1 0 aaa
2 0 CMGR Server Process
1 0 CMGR Timer Process
2 0 dbgtrace
69 0 557mcfixshow quota management-session
To show statistics for the current management session:, use the show quota management-session command in privileged EXEC mode.
show quota management-session
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
This command shows the following statistics for the current management session:
•
•
•
•
•
•
Examples
The following example shows statistics for the current management session:
hostname# show quota management-sessionquota management-session limit 250quota management-session warning level 225quota management-session level 1quota management-session high water 1quota management-session errors 0quota management-session warnings 0Related Commands
show reload
To display the reload status on the ASA, use the show reload command in privileged EXEC mode.
show reload
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
This command has no usage guidelines.
Examples
The following example shows that a reload is scheduled for 12:00 a.m. (midnight) on Saturday, April 20:
hostname# show reloadReload scheduled for 00:00:00 PDT Sat April 20 (in 12 hours and 12 minutes)Related Commands
show resource allocation
To show the resource allocation for each resource across all classes and class members, use the show resource allocation command in privileged EXEC mode.
show resource allocation [detail]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
•
•
Command History
Usage Guidelines
This command shows the resource allocation, but does not show the actual resources being used. See the show resource usage command for more information about actual resource usage.
Examples
The following is sample output from the show resource allocation command. The display shows the total allocation of each resource as an absolute value and as a percentage of the available system resources.
hostname# show resource allocationResource Total % of AvailConns [rate] 35000 N/AInspects [rate] 35000 N/ASyslogs [rate] 10500 N/AConns 305000 30.50%Hosts 78842 N/ASSH 35 35.00%Telnet 35 35.00%Routes 25000 0.00%Xlates 91749 N/AOther VPN Sessions 20 2.66%Other VPN Burst 20 2.66%All unlimitedTable 53-2 shows each field description.
The following is sample output from the show resource allocation detail command:
hostname# show resource allocation detailResource Origin:A Value was derived from the resource 'all'C Value set in the definition of this classD Value set in default classResource Class Mmbrs Origin Limit Total Total %Conns [rate] default all CA unlimitedgold 1 C 34000 34000 N/Asilver 1 CA 17000 17000 N/Abronze 0 CA 8500All Contexts: 3 51000 N/AInspects [rate] default all CA unlimitedgold 1 DA unlimitedsilver 1 CA 10000 10000 N/Abronze 0 CA 5000All Contexts: 3 10000 N/ASyslogs [rate] default all CA unlimitedgold 1 C 6000 6000 N/Asilver 1 CA 3000 3000 N/Abronze 0 CA 1500All Contexts: 3 9000 N/AConns default all CA unlimitedgold 1 C 200000 200000 20.00%silver 1 CA 100000 100000 10.00%bronze 0 CA 50000All Contexts: 3 300000 30.00%Hosts default all CA unlimitedgold 1 DA unlimitedsilver 1 CA 26214 26214 N/Abronze 0 CA 13107All Contexts: 3 26214 N/ASSH default all C 5gold 1 D 5 5 5.00%silver 1 CA 10 10 10.00%bronze 0 CA 5All Contexts: 3 20 20.00%Telnet default all C 5gold 1 D 5 5 5.00%silver 1 CA 10 10 10.00%bronze 0 CA 5All Contexts: 3 20 20.00%Routes default all C unlimited N/Agold 1 D unlimited 5 N/Asilver 1 CA 10 10 N/Abronze 0 CA 5 N/AAll Contexts: 3 20 N/AXlates default all CA unlimitedgold 1 DA unlimitedsilver 1 CA 23040 23040 N/Abronze 0 CA 11520All Contexts: 3 23040 N/Amac-addresses default all C 65535gold 1 D 65535 65535 100.00%silver 1 CA 6553 6553 9.99%bronze 0 CA 3276All Contexts: 3 137623 209.99%Table 53-3 shows each field description.
Related Commands
show resource types
To view the resource types for which the ASA tracks usage, use the show resource types command in privileged EXEC mode.
show resource types
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Examples
The following sample display shows the resource types:
hostname# show resource typesRate limited resource types:Conns Connections/secInspects Inspects/secSyslogs Syslogs/secAbsolute limit types:Conns ConnectionsHosts HostsMac-addresses MAC Address table entriesASDM ASDM ConnectionsSSH SSH SessionsTelnet Telnet SessionsXlates XLATE ObjectsRoutes Routing Table EntriesOther-vpn Other VPN licensesOther-vpn-burst Allowable burst for Other VPN licensesAll All ResourcesRelated Commands
clear resource usage
Clears the resource usage statistics
context
Adds a security context.
show resource usage
Shows the resource usage of the ASA.
show resource usage
To view the resource usage of the ASA or for each context in multiple mode, use the show resource usage command in privileged EXEC mode.
show resource usage [context context_name | top n | all | summary | system | detail] [resource {[rate] resource_name | all}] [counter counter_name [count_threshold]]
Syntax Description
Defaults
For multiple context mode, the default context is all, which shows resource usage for every context. For single mode, the context name is ignored and the output shows the "context" as "System."
The default resource name is all, which shows all resource types.
The default counter name is all, which shows all statistics.
The default count threshold is 1.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Examples
The following is sample output from the show resource usage context command, which shows the resource usage for the admin context:
hostname# show resource usage context adminResource Current Peak Limit Denied ContextTelnet 1 1 5 0 adminConns 44 55 N/A 0 adminHosts 45 56 N/A 0 adminThe following is sample output from the show resource usage summary command, which shows the resource usage for all contexts and all resources. This sample shows the limits for six contexts.
hostname# show resource usage summaryResource Current Peak Limit Denied ContextSyslogs [rate] 1743 2132 12000(U) 0 SummaryConns 584 763 100000(S) 0 SummaryXlates 8526 8966 93400 0 SummaryHosts 254 254 262144 0 SummaryConns [rate] 270 535 42200 1704 SummaryInspects [rate] 270 535 100000(S) 0 SummaryOther VPN Sessions 0 10 10 740 SummaryOther VPN Burst 0 10 10 730 SummaryU = Some contexts are unlimited and are not included in the total.S = System: Combined context limits exceed the system limit; the system limit is shown.The following is sample output from the show resource usage system command, which shows the resource usage for all contexts, but it shows the system limit instead of the combined context limits:
hostname# show resource usage systemResource Current Peak Limit Denied ContextTelnet 3 5 100 0 SystemSSH 5 7 100 0 SystemConns 40 55 N/A 0 SystemHosts 44 56 N/A 0 SystemThe following is sample output from the show resource usage detail counter all 0 command, which shows all resources, and not only those you can manage:
hostname# show resource usage detail counter all 0Resource Current Peak Limit Denied Contextmemory 1012028 1538428 unlimited 0 adminchunk:aaa 0 0 unlimited 0 adminchunk:aaa_queue 0 0 unlimited 0 adminchunk:acct 0 0 unlimited 0 adminchunk:channels 25 39 unlimited 0 adminchunk:CIFS 0 0 unlimited 0 adminchunk:conn 0 0 unlimited 0 adminchunk:crypto-conn 0 0 unlimited 0 adminchunk:dbgtrace 1 2 unlimited 0 adminchunk:dhcpd-radix 0 0 unlimited 0 adminchunk:dhcp-relay-r 0 0 unlimited 0 adminchunk:dhcp-lease-s 0 0 unlimited 0 adminchunk:dnat 0 0 unlimited 0 adminchunk:ether 0 0 unlimited 0 adminchunk:est 0 0 unlimited 0 admin...Telnet 0 0 5 0 adminSSH 1 1 5 0 adminASDM 0 1 5 0 adminSyslogs [rate] 0 68 unlimited 0 adminaaa rate 0 0 unlimited 0 adminurl filter rate 0 0 unlimited 0 adminConns 1 6 unlimited 0 adminXlates 0 0 unlimited 0 admintcp conns 0 0 unlimited 0 adminHosts 2 3 unlimited 0 adminOther VPN Sessions 0 10 750 740 adminOther VPN Burst 0 10 750 730 adminudp conns 0 0 unlimited 0 adminsmtp-fixups 0 0 unlimited 0 adminConns [rate] 0 7 unlimited 0 adminestablisheds 0 0 unlimited 0 adminpps 0 0 unlimited 0 adminsyslog rate 0 0 unlimited 0 adminbps 0 0 unlimited 0 adminFixups [rate] 0 0 unlimited 0 adminnon tcp/udp conns 0 0 unlimited 0 admintcp-intercepts 0 0 unlimited 0 adminglobals 0 0 unlimited 0 adminnp-statics 0 0 unlimited 0 adminstatics 0 0 unlimited 0 adminnats 0 0 unlimited 0 adminace-rules 0 0 N/A 0 adminaaa-user-aces 0 0 N/A 0 adminfilter-rules 0 0 N/A 0 adminest-rules 0 0 N/A 0 adminaaa-rules 0 0 N/A 0 adminconsole-access-rul 0 0 N/A 0 adminpolicy-nat-rules 0 0 N/A 0 adminfixup-rules 0 0 N/A 0 adminaaa-uxlates 0 0 unlimited 0 adminCP-Traffic:IP 0 0 unlimited 0 adminCP-Traffic:ARP 0 0 unlimited 0 adminCP-Traffic:Fixup 0 0 unlimited 0 adminCP-Traffic:NPCP 0 0 unlimited 0 adminCP-Traffic:Unknown 0 0 unlimited 0 adminRelated Commands
show rip database
To display the information that is stored in the RIP topological database, use the show rip database command in privileged EXEC mode.
show rip database [ip_addr [mask]]
Syntax Description
ip_addr
(Optional) Limits the display routes for the specified network address.
mask
(Optional) Specifies the network mask for the optional network address.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
—
•
—
—
Command History
Usage Guidelines
The RIP routing-related show commands are available in privileged EXEC mode on the ASA. You do not need to be in an RIP configuration mode to use the RIP-related show commands.
The RIP database contains all of the routes learned through RIP. Routes that appear in this database may not necessarily appear in the routing table. See the Cisco Security Appliance Command Line Configuration Guide for information about how the routing table is populated from the routing protocol databases.
Examples
The following is sample output from the show rip database command:
hostname# show rip database10.0.0.0/8 auto-summary10.11.11.0/24 directly connected, GigabitEthernet0/210.1.0.0/8 auto-summary10.11.0.0/16 int-summary10.11.10.0/24 directly connected, GigabitEthernet0/3192.168.1.1/24[2] via 10.11.10.5, 00:00:14, GigabitEthernet0/3The following is sample output from the show rip database command with a network address and mask:
Router# show rip database 172.19.86.0 255.255.255.0172.19.86.0/24[1] via 172.19.67.38, 00:00:25, GigabitEthernet0/2[2] via 172.19.70.36, 00:00:14, GigabitEthernet0/3Related Commands
show route
To display the routing table, use the show route command in privileged EXEC mode.
show route [interface_name [ip_address [netmask [static]]]] [failover] [cluster]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show route command provides output similar to the show ipv6 route command, except that the information is IPv4-specific.
Note
The show route command lists the "best" routes for new connections. When you send a permitted TCP SYN to the backup interface, the ASA can only respond using the same interface. If there is no default route in the RIB on that interface, the ASA drops the packet because of no adjacency. Everything that is configured as shown in the show running-config route command is maintained in certain data structures in the system.
You can check the backend interface-specific routing table with the show asp table routing command. This design is similar to OSPF or EIGRP, in which the protocol-specific route database is not the same as the global routing table, which only displays the "best" routes. This behavior is by design.
Examples
The following is sample output from the show route command:
hostname# show routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 10.86.194.1 to network 0.0.0.0C 10.86.194.0 255.255.255.0 is directly connected, outsideC 10.40.10.0 255.255.255.0 is directly connected, insideC 192.168.2.0 255.255.255.0 is directly connected, faillinkC 192.168.3.0 255.255.255.0 is directly connected, statelinkThe following is sample output of the show route command on the ASA 5505. The output displays the internal loopback address, which is used by the VPN hardware client for individual user authentication.
hostname(config)# show routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 10.86.194.1 to network 0.0.0.0C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopbackC 10.86.194.0 255.255.254.0 is directly connected, outsideS* 0.0.0.0 0.0.0.0 [1/0] via 10.86.194.1, outsideThe following is sample output of the show route failover command, which shows the synchronization of OSPF and EIGRP routes to the standby unit after failover:
hostname(config)# show route failoverCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 10.86.194.1 to network 0.0.0.0Routing table sequence number 1Reconvergence timer 00.20 (Running)S 10.10.10.0 255.0.0.0 [1/0] via 10.10.10.1, mgmt, seq 1[1/0] via 10.10.10.2, mgmt, seq 1D 209.165.200.224 255.255.255.0 [90/28416] via 200.165.200.225, 0:00:15, outside, seq 1O 198.51.100.0 255.255.255.0 [110/28416] via 198.51.100.10, 0:24:45, inside, seq 0D 10.65.68.220 255.255.255.255 [1/0] via 10.76.11.1, mgmt, seq 1The following is sample output from the show route cluster command:
hostname(cfg-cluster)# show route clusterCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setRouting table seq num 2Reconvergence timer expires in 52 secsC 70.0.0.0 255.255.255.0 is directly connected, cluster, seq 1C 172.23.0.0 255.255.0.0 is directly connected, tftp, seq 1C 200.165.200.0 255.255.255.0 is directly connected, outside, seq 1C 198.51.100.0 255.255.255.0 is directly connected, inside, seq 1O 198.51.100.0 255.255.255.0 [110/28416] via 198.51.100.10, 0:24:45, inside, seq 2D 209.165.200.224 255.255.255.0 [90/28416] via 200.165.200.225, 0:00:15, outside, seq 2
Note
On the ASA, the longer-prefix keyword is the default behavior for the show route command; that is, no additional keyword is needed in the CLI. Because of this, you cannot see the route when you type ip. To obtain the supernet route, the mask value needs to be passed with the IP address.
