Table Of Contents

show running-config ldap through show running-config router Commands

show running-config ldap

show running-config license-server

show running-config logging

show running-config mac-address

show running-config mac-address-table

show running-config mac-learn

show running-config mac-list

show running-config management-access

show running-config monitor-interface

show running-config mroute

show running-config mtu

show running-config multicast-routing

show running-config nac-policy

show running-config name

show running-config nameif

show running-config names

show running-config nat

show running-config ntp

show running-config object

show running-config object-group

show running config object-group-search

show running-config pager

show running-config passwd

show running-config password-policy

show running-config phone-proxy

show running-config pim

show running-config policy-map

show running-config pop3s

show running-config prefix-list

show running-config priority-queue

show running-config privilege

show running-config quota management-session

show running-config regex

show running-config route

show running-config route-map

show running-config router

show running-config ldap through show running-config router Commands

---

show running-config ldap

To display the LDAP attribute name and value mappings in running LDAP attribute maps, use the show running-config ldap command in privileged EXEC mode.

show running-config [all] ldap attribute-map name

Syntax Description

Syntax DescriptionSyntax Description

all	Displays all LDAP attribute maps.
name	Specifies an individual LDAP attribute map for display.

Defaults

By default, all attribute maps, mapped names, and mapped values display.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.1(1)	This command was introduced.

Usage Guidelines

Use this command to display the LDAP attribute name and value mappings contained in attribute maps running on your ASA. You can display all the attribute maps using the all option, or you can display a single attribute map by specifying the map name. If you enter neither the all option nor an LDAP attribute map name, all attribute maps, mapped names, and mapped values display.

Examples

The following example, entered in privileged EXEC mode, displays the attribute name and value mappings for a specific running attribute map, "myldapmap":

hostname# show running-config ldap attribute-map myldapmap

map-name Hours cVPN3000-Access-Hours

map-value Hours workDay Daytime

The following command displays all attribute name and value mappings within all running attribute maps:

hostname# show running-config all ldap attribute-map

Related Commands

Command	Description
ldap attribute-map (global config mode)	Creates and names an LDAP attribute map for mapping user-defined attribute names to Cisco LDAP attribute names.
ldap-attribute-map (aaa-server host mode)	Binds an LDAP attribute map to an LDAP server.
map-name	Maps a user-defined LDAP attribute name with a Cisco LDAP attribute name.
map-value	Maps a user-defined attribute value to a Cisco attribute.
clear configure ldap attribute-map	Removes all LDAP attribute maps.

show running-config license-server

To show the license server configuration, use the show running-config license-server command in privileged EXEC mode.

show running-config [all] license-server

Syntax Description

all	(Optional) Shows the running configuration, including default configuration values.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
8.2(1)	This command was introduced.

Examples

The following is sample output from the show running-config all license-server command:

hostname# show running-config all license-server

license-server backup 10.1.1.2 backup-id JMX0916L0Z4 ha-backup-id JMX1378N0W3

license-server secret ********

license-server refresh-interval 30

license-server port 50554

license-server enable inside

Related Commands

Command	Description
activation-key	Enters a license activation key.
clear configure license-server	Clears the shared licensing server configuration.
clear shared license	Clears shared license statistics.
license-server address	Identifies the shared licensing server IP address and shared secret for a participant.
license-server backup address	Identifies the shared licensing backup server for a participant.
license-server backup backup-id	Identifies the backup server IP address and serial number for the main shared licensing server.
license-server backup enable	Enables a unit to be the shared licensing backup server.
license-server enable	Enables a unit to be the shared licensing server.
license-server port	Sets the port on which the server listens for SSL connections from participants.
license-server refresh-interval	Sets the refresh interval provided to participants to set how often they should communicate with the server.
license-server secret	Sets the shared secret on the shared licensing server.
show activation-key	Shows the current licenses installed.
show shared license	Shows shared license statistics.
show vpn-sessiondb	Shows license information about VPN sessions.

show running-config logging

To display all currently running logging configurations, use the show runnig-config logging command in privileged EXEC mode.

show running-config [all] logging [level | disabled]

Syntax Description

all	(Optional) Displays the logging configuration, including commands whose settings you have not changed from default values.
disabled	(Optional) Displays only the disabled syslog message configuration.
level	(Optional) Displays only the configuration for syslog messages with a non-default severity level.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from the show logging command.

Examples

The following shows sample output from the show running-config logging disabled command:

hostname# show running-config logging disabled

no logging message 720067

Related Commands

Command	Description
logging message	Configures logging.
show logging	Shows the log buffer and other logging settings.

show running-config mac-address

To show the mac-address auto configuration in the running configuration, use the show running-config mac-address command in privileged EXEC mode.

show running-config mac-address

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.2(1)	This command was introduced.

Examples

The following is sample output from the show running-config mac-address command:

hostname# show running-config mac-address

no mac-address auto

Related Commands

Command	Description
failover mac address	Sets the active and standby MAC address of a physical interface for Active/Standby failover.
mac address	Sets the active and standby MAC address of a physical interface for Active/Active failover.
mac-address	Manually sets the MAC address (active and standby) for a physical interface or subinterface. In multiple context mode, you can set different MAC addresses in each context for the same interface.
mac-address auto	Auto-generates MAC addresses (active and standby) for shared interfaces in multiple context mode.
show interface	Shows the interface characteristics, including the MAC address.

show running-config mac-address-table

To view the mac-address-table static and mac-address-table aging-time configuration in the running configuration, use the show running-config mac-address-table command in privileged EXEC mode.

show running-config mac-address-table

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config mac-learn command:

hostname# show running-config mac-address-table

mac-address-table aging-time 50

mac-address-table static inside1 0010.7cbe.6101

Related Commands

Command	Description
firewall transparent	Sets the firewall mode to transparent.
mac-address-table aging-time	Sets the timeout for dynamic MAC address entries.
mac-address-table static	Adds static MAC address entries to the MAC address table.
mac-learn	Disables MAC address learning.
show mac-address-table	Shows the MAC address table, including dynamic and static entries.

show running-config mac-learn

To view the mac-learn configuration in the running configuration, use the show running-config mac-learn command in privileged EXEC mode.

show running-config mac-learn

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config mac-learn command:

hostname# show running-config mac-learn

mac-learn disable

Related Commands

Command	Description
firewall transparent	Sets the firewall mode to transparent.
mac-address-table static	Adds static MAC address entries to the MAC address table.
mac-learn	Disables MAC address learning.
show mac-address-table	Shows the MAC address table, including dynamic and static entries.

show running-config mac-list

To display a list of MAC addresses previously specified in a mac-list command with the indicated MAC list number, use the show running-config mac-list command in privileged EXEC mode.

show running-config mac-list id

Syntax Description

id	A hexadecimal MAC address list number.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was modified to conform to CLI guidelines.

Usage Guidelines

The show running-config aaa command displays the mac-list command statements as part of the AAA configuration.

Examples

The following example shows how to display a MAC address list with the id equal to adc:

hostname(config)# show running-config mac-list adc

mac-list adc permit 00a0.cp5d.0282 ffff.ffff.ffff

mac-list adc deny 00a1.cp5d.0282 ffff.ffff.ffff

mac-list ac permit 0050.54ff.0000 ffff.ffff.0000

mac-list ac deny 0061.54ff.b440 ffff.ffff.ffff

mac-list ac deny 0072.54ff.b440 ffff.ffff.ffff

Related Commands

Command	Description
mac-list	Add a list of MAC addresses using a first-match search.
clear configure mac-list	Remove the indicated mac-list command statements.
show running-config aaa	Display the running AAA configuration values.

show running-config management-access

To display the name of the internal interface configured for management access, use the show running-config management-access command in privileged EXEC mode.

show running-config management-access

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The management-access command lets you define an internal management interface using the IP address of the firewall interface specified in mgmt_if. (The interface names are defined by the nameif command and displayed in quotes, " ", in the output of the show interface command.)

Examples

The following example shows how to configure a firewall interface named "inside" as the management access interface and display the result:

hostname# management-access inside

hostname# show running-config management-access

management-access inside

Related Commands

Command	Description
clear configure management-access	Removes the configuration of an internal interface for management access of the ASA.
management-access	Configures an internal interface for management access.

show running-config monitor-interface

To display all monitor-interface commands in the running configuration, use the show running-config monitor-interface command in privileged EXEC mode.

show running-config [all] monitor-interface

Syntax Description

all	(Optional) Shows all monitor-interface commands, including the commands you have not changed from the default.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The monitor-interface command is enabled on all physical interfaces by default. You need to use the all keyword with this command to view this default configuration.

Examples

The following is sample output from the show running-config monitor-interface command. The first time the command is entered without the all keyword, so only the interface that has monitoring enabled appears in the output. The second time the command is entered with the all keyword, so the default monitor-interface configuration is also show.

hostname# show running-config monitor-interface

no monitor-interface outside

hostname#

hostname# show running-config all monitor-interface

monitor-interface inside

no monitor-interface outside

hostname#

Related Commands

Command	Description
monitor-interface	Enables health monitoring of a designated interface for failover purposes.
clear configure monitor-interface	Removes the no monitor-interface commands in the running configuration and restores the default interface health monitoring stance.

show running-config mroute

To display the static multicast route table in the configuration use the show running-config mroute command in privileged EXEC mode.

show running-config mroute [ dst [ src ]]

Syntax Description

dst	The Class D address of the multicast group.
src	The IP address of the multicast source.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword running-config.

Examples

The following is sample output from the show running-config mroute command:

hostname# show running-config mroute

Related Commands

Command	Description
mroute	Configures a static multicast route.

show running-config mtu

To display the current maximum transmission unit block size, use the show running-config mtu command in privileged EXEC mode.

show running-config mtu [interface_name]

Syntax Description

interface_name

(Optional) Internal or external network interface name.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	—	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config mtu command:

hostname# show running-config mtu

mtu outside 1500

mtu inside 1500

mtu dmz 1500

hostname# show running-config mtu outside

mtu outside 1500

Related Commands

Command	Description
clear configure mtu	Clears the configured maximum transmission unit values on all interfaces.
mtu	Specifies the maximum transmission unit for an interface.

show running-config multicast-routing

To display the multicast-routing command, if present, in the running configuration, use the show running-config multicast-routing command in privileged EXEC mode.

show running-config multicast-routing

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show running-config multicast-routing command displays the multicast-routing command in the running configuration. Enter the clear configure multicast-routing command to remove the multicast-routing command from the running configuration.

Examples

The following is sample output from the show running-config multicast-routing command:

hostname# show running-config multicast-routing

multicast-routing

Related Commands

Command	Description
clear configure multicast-routing	Removes the multicast-routing command from the running configuration.
multicast-routing	Enables multicast routing on the ASA.

show running-config nac-policy

To show the configuration of each NAC policy on the ASA, use the show running-config nac-policy command in privileged EXEC mode.

show running-config [all] nac-policy [nac-policy-name]

Syntax Description

all	Displays the entire operating configuration of the NAC policy, including default settings.
nac-policy-name	Name of the NAC policy present in the configuration of the ASA.

Defaults

By default, the CLI displays the name and configuration of each NAC policy if you do not specify the nac-policy-name.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
8.0(2)	This command was introduced.

Examples

The following example shows the configuration of NAC policies named nacapp1 and nacapp2:

hostname# show running-config nac-policy

nac-policy framework nac-framework

 default-acl acl-1

 reval-period 36000

 sq-period 300

 exempt-list os "Windows XP" filter acl-2

nac-policy nacapp1 nacapp

 auth-vlan 1

 cas 209.165.202.129

 cam outside 209.165.201.22 community secretword

timeout 10

hostname# 

The first line of each NAC policy indicates its name and type. The types are as follows:

•nacapp uses a Cisco NAC Appliance to provide a network access policy for remote hosts. Table 56-1 explains the nacapp attributes displayed in response to the show running-config nac-policy command.

•nac-framework uses a Cisco Access Control Server to provide a network access policy for remote hosts. Table 56-2 explains the nac-framework attributes displayed in response to the show running-config nac-policy command.

Table 56-1 show running-config nac-policy Command Fields for nacapp policies

Field	Description
auth-vlan	Authentication VLAN that provides the user with limited access while posture validation is in progress. Upon completion of the tunnel, the ASA copies the value of the auth-vlan to the vlan attribute assigned to the session. Following a successful posture validation, the ASA overwrites the value of the vlan attribute with the value of the access VLAN obtained from the NAC Appliance.
cam	This line shows the following values: •Interface on the ASA through which to communicate with the Clean Access Manager. •IP address or hostname of the CAM. •SNMP community string on the CAM.
cas	IP address or hostname of the Clean Access Server.
timeout	Maximum number of minutes a user session can be assigned to an authentication VLAN.

Table 56-2 show running-config nac-policy Command Fields for nac-framework policies

Field	Description
default-acl	NAC default ACL applied before posture validation. Following posture validation, the security appliance replaces the default ACL with the one obtained from the Access Control Server for the remote host. It retains the default ACL if posture validation fails.
reval-period	Number of seconds between each successful posture validation in a NAC Framework session.
sq-period	Number of seconds between each successful posture validation in a NAC Framework session and the next query for changes in the host posture
exempt-list	Operating system names that are exempt from posture validation. Also shows an optional ACL to filter the traffic if the remote computer's operating system matches the name.
authentication-server-group	name of the of authentication server group to be used for NAC posture validation.

Related Commands

nac-policy	Creates and accesses a Cisco NAC policy, and specifies its type.
clear configure nac-policy	Removes all NAC policies from the running configuration except for those that are assigned to group policies.
show nac-policy	Displays NAC policy usage statistics on the ASA.
show vpn-session_summary.db	Displays the number IPSec, Cisco AnyConnect, and NAC sessions, including VLAN mapping session data.
show vpn-session.db	Displays information about VPN sessions, including VLAN mapping and NAC results.

show running-config name

To display a list of names associated with IP addresses (configured with the name command), use the show running-config name command in privileged EXEC mode.

show running-config name

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

This example shows how to display a list of names associated with IP addresses:

hostname# show running-config name

name 192.168.42.3 sa_inside

name 209.165.201.3 sa_outside

Related Commands

Command	Description
clear configure name	Clears the list of names from the configuration.
name	Associates a name with an IP address.

show running-config nameif

To show the interface name configuration in the running configuration, use the show running-config nameif command in privileged EXEC mode.

show running-config nameif [physical_interface[.subinterface] | mapped_name]

Syntax Description

mapped_name	(Optional) In multiple context mode, identifies the mapped name if it was assigned using the allocate-interface command.
physical_interface	(Optional) Identifies the interface ID, such as gigabitethernet0/1. See the interface command for accepted values.
subinterface	(Optional) Identifies an integer between 1 and 4294967293 designating a logical subinterface.

Defaults

If you do not specify an interface, this command shows the interface name configuration for all interfaces.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was changed from show nameif.

Usage Guidelines

In multiple context mode, if you mapped the interface ID in the allocate-interface command, you can only specify the mapped name in a context.

This display also shows the security-level command configuration.

Examples

The following is sample output from the show running-config nameif command:

hostname# show running-config nameif

!

interface GigabitEthernet0/0

 nameif inside

 security-level 100

!

interface GigabitEthernet0/1

 nameif test

 security-level 0

!

Related Commands

Command	Description
allocate-interface	Assigns interfaces and subinterfaces to a security context.
clear configure interface	Clears the interface configuration.
interface	Configures an interface and enters interface configuration mode.
nameif	Sets the interface name.
security-level	Sets the security level for the interface.

show running-config names

To display the IP address-to-name conversions, use the show running-config names command in privileged EXEC mode.

show running-config names

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Use with the names command.

Examples

The following example shows how to display the IP address-to-name conversion:

hostname# show running-config names

name 192.168.42.3 sa_inside

name 209.165.201.3 sa_outside

Related Commands

Command	Description
clear configure name	Clears the list of names from the configuration.
name	Associates a name with an IP address.
names	Enables IP address-to-name conversions that you can configured with the name command.
show running-config name	Displays a list of names associated with IP addresses.

show running-config nat

To display the NAT configuration, use the show running-config nat command in privileged EXEC mode.

show running-config nat

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.3(1)	This command was changed to support the new NAT implementation.
7.0(1)	Added keyword running-config.

Usage Guidelines

Use this command to view the twice NAT and network object NAT configuration.

---

Note You cannot view the NAT configuration using the show running-config object command. You cannot reference objects or object groups that have not yet been created in nat commands. To avoid forward or circular references in show command output, the show running-config command shows the object command two times: first, where the IP address(es) are defined; and later, where the nat command is defined. This command output guarantees that objects are defined first, then object groups, and finally NAT.

---

Examples

The following example shows the twice NAT and network object NAT configuration:

hostname# show running-config nat

object network obj1

range 192.168.49.1 192.150.49.100

object network obj2

object 192.168.49.100

object network network-1

subnet <network-1>

object network network-2

subnet <network-2>

object-group network pool

network-object object obj1

network-object object obj2

!

object network network-1

nat (inside,outside) dynamic pool

object network network-2

nat (inside,outside) dynamic pool

Related Commands

Command	Description
clear configure nat	Removes the NAT configuration.
nat	Configures NAT.

show running-config ntp

To show the NTP configuration in the running configuration, use the show running-config ntp command in privileged EXEC mode.

show running-config ntp

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config ntp command:

hostname# show running-config ntp

ntp authentication-key 1 md5 test2

ntp authentication-key 2 md5 test

ntp trusted-key 1

ntp trusted-key 2

ntp server 10.1.1.1 key 1

ntp server 10.2.1.1 key 2 prefer

Related Commands

Command	Description
ntp authenticate	Enables NTP authentication.
ntp authentication-key	Sets an encrypted authentication key to synchronize with an NTP server.
ntp server	Identifies an NTP server.
ntp trusted-key	Provides a key ID for the ASA to use in packets for authentication with an NTP server.
show ntp status	Shows the status of the NTP association.

show running-config object

To display the current objects in the configuration, use the show running-config object command in privileged EXEC mode.

show running-config object

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.3(1)	This command was introduced.

Usage Guidelines

You cannot view the NAT configuration within an object using the show running-config object command; you must use the show running-config nat command. Also, you cannot reference objects or object groups that have not yet been created in nat commands. The reason is that nat commands can contain objects within them for mapped addresses, so you must define an object before you use it within a nat command. Without this separation, you could potentially have a configuration with a circular or forward reference problem. See the nat commands for more information.

Examples

The following is sample output from the show running-config object command:

hostname# show running-config object

object network obj1

	range 192.168.41.1 192.150.49.100

object network obj2

	object 192.168.49.100

object network network-1

	subnet <network-1>

object network network-2

	subnet <network-2>

object-group network pool

	network-object object obj1

	network-object object obj2

Related Commands

Command	Description
clear configure object	Removes all unused objects from the configuration.
group-object	Adds network object groups.
network-object	Adds a network object to a network object group.
object-group	Defines object groups to optimize your configuration.
port-object	Adds a port object to a service object group.
service-object	Adds a service object to a service object group.

show running-config object-group

To display the current object groups, use the show running-config object-group command in privileged EXEC mode.

show running-config [all] object-group [protocol | service | network | icmp-type | security-group | id obj_grp_id]

Syntax Description

icmp-type	(Optional) Displays ICMP type object groups.
id obj_grp_id	(Optional) Displays the specified object group.
network	(Optional) Displays network object groups.
protocol	(Optional) Displays protocol object groups.
security-group	(Optional) Displays security object groups.
service	(Optional) Displays service object groups.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show running-config object-group command:

hostname# show running-config object-group

object-group protocol proto_grp_1

	protocol-object udp

	protocol-object tcp

object-group service eng_service tcp

	port-object eq smtp

	port-object eq telnet

object-group icmp-type icmp-allowed

	icmp-object echo

	icmp-object time-exceeded

Related Commands

Command	Description
clear configure object-group	Removes all the object group commands from the configuration.
group-object	Adds network object groups.
network-object	Adds a network object to a network object group.
object-group	Defines object groups to optimize your configuration.
port-object	Adds a port object to a service object group.

show running config object-group-search

To display the object-group-search configuration, use the show running-config object-group-search command in privileged EXEC mode.

show running-config object-group-search [all]

Syntax Description

all	(Optional) Shows all commands, including the commands you have not changed from the default.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.3(1)	This command was introduced.

Examples

The following is sample output from the show running-config object-group-search command:

hostname# show running-config object-group-search

Related Commands

Command	Description
clear config object-group-search	Clears the object-group-search configuration.
show running-config object-group	Displays the current object groups.
show running-config object-group-search	Shows the object-group-search configuration in the running configuration.

show running-config pager

To show the number of lines on a page set to displayin a Telnet session before the "---More---" prompt appears in the running configuration, use the show running-config pager command in privileged EXEC mode.

show running-config pager

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show running-config pager commandshows the number of lines on a page set to displayin a Telnet session before the "---More---" prompt appears in the running configuration in global configuration mode.

Examples

The following is sample output from the show running-config pager command:

hostname# show running-config pager

pager lines 24

Related Commands

Command	Description
clear configure pager	Removes the number of lines set to display in a Telnet session before the "---More---" prompt appears from the running configuration.
show pager	Displays the default number of lines set to display in a Telnet session before the "---More---" prompt appears.
terminal pager	Sets the number of lines to display in a Telnet session before the "---More---" prompt appears. This command is not saved to the running configuration.

show running-config passwd

To show the encrypted login passwords, use the show running-config passwd command in privileged EXEC mode.

show running-config {passwd | password}

Syntax Description

passwd | password

You can enter either command; they are aliased to each other.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was changed from the show passwd command.

Usage Guidelines

The password is saved to the configuration in encrypted form, so you cannot view the original password after you enter it. The password displays with the encrypted keyword to indicate that the password is encrypted.

Examples

The following is sample output from the show running-config passwd command:

hostname# show running-config passwd

passwd 2AfK9Kjr3BE2/J2r encrypted

Related Commands

Command	Description
clear configure passwd	Clears the login password.
enable	Enters privileged EXEC mode.
enable password	Sets the enable password.
passwd	Sets the login password.
show curpriv	Shows the currently logged in username and the user privilege level.

show running-config password-policy

To show the password policy for the current context, use the show running-config password-policy command in privileged EXEC mode.

show running-config [all] password-policy

Syntax Description

all	Displays all policy attributes; otherwise, only attributes with non-default values appear.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
9.1(2)	This command was introduced.

Usage Guidelines

This command shows only the password policy from the current context unless you use the all keyword.

Examples

The following is sample output from the show running-config password-policy command:

hostname# show running-config password-policy

password-policy minimum-length 10

password-policy minimum-changes 3

password-policy minimum-lowercase 2

password-policy minimum-uppercase 1

password-policy minimum-numeric 0

password-policy minimum-special 1

password-policy lifetime 1000

password-policy authenticate-enable

Related Commands

Command	Description
clear configure password-policy	Clears the password policy for the current context to the default value.
change-password	Allows users to change their own account password.

show running-config phone-proxy

To show Phone Proxy specific information, use the show running-config phone-proxy command in privileged EXEC mode.

show running-config [all] phone-proxy [ phone_proxy_name ]

Syntax Description 

phone_proxy_name

(Optional) Specifies the name of the Phone Proxy instance.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History 

Release	Modification
8.0(4)	The command was introduced.

Examples

The following example shows the use of the show running-config phone-proxy command to show Phone Proxy specific information:

hostname# show running-config all phone proxy asa_phone_proxy

Related Commands 

Command	Description
phone-proxy	Configures the Phone Proxy instance.

show running-config pim

To display the PIM commands in the running configuration, use the show running-config pim command in privileged EXEC mode.

show running-config pim

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show running-config pim command displays the pim commands entered in global configuration mode. It does not show the pim commands entered in interface configuration mode. To see the pim commands entered in interface configuration mode, enter the show running-config interface command.

Examples

The following is sample output from the show running-config pim command:

hostname# show running-config pim

pim old-register-checksum

pim spt-threshold infinity

Related Commands

Command	Description
clear configure pim	Removes the pim commands from the running configuration.
show running-config interface	Displays interface configuration commands entered in interface configuration mode.

show running-config policy-map

To display all the policy-map configurations or the default policy-map configuration, use the show running-config policy-map command in privileged EXEC mode.

show running-config [all] policy-map [policy_map_name | type inspect [protocol]]

Syntax Description

all	(Optional) Shows all commands, including the commands you have not changed from the default.
policy_map_name	(Optional) Shows the running configuration for a policy map name.
protocol	(Optional) Specifies the type of inspection policy map you want to show. Available types include: •dcerpc •dns •esmtp •ftp •gtp •h323 •http •im •mgcp •netbios •p2p •radius-accounting •sip •skinny •snmp
type inspect	(Optional) Shows inspection policy maps.

Defaults

Omitting the all keyword displays only the explicitly configured policy-map configuration.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Specifying the all keyword displays the default policy-map configuration as well as the explicitly configured policy-map configuration.

Examples

The following is sample output from the show running-config policy-map command:

hostname# show running-config policy-map

!

policy-map localmap1

description this is a test.

class firstclass

priority

ids promiscuous fail0close

set connection random-seq# enable

class class-default

!

Related Commands

Command	Description
policy-map	Configures a policy; that is, an association of a traffic class and one or more actions.
clear configure policy-map	Removes the entire policy configuration.

show running-config pop3s

To display the running configuration for POP3S, use the show running-config pop3s command in privileged EXEC mode. To have the display include the default configuration, use the all keyword.

show running-config [all] pop3s

Syntax Description

all	Displays the running configuration including default values.

Defaults

No default behavior or values.

Command History

Release	Modification
7.0(1)	This command was introduced.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—
Global configuration	•	—	•	—	—
Webvpn	•	—	•	—	—

Examples

The following is sample output from the show running-config pop3s command:

hostname# show running-config pop3s

pop3s

 server 10.160.102.188

 authentication-server-group KerbSvr

 authentication aaa

hostname# show running-config all pop3s

pop3s

 port 995

 server 10.160.102.188

 outstanding 20

 name-separator :

 server-separator @

 authentication-server-group KerbSvr

 no authorization-server-group

 no accounting-server-group

 no default-group-policy

 authentication aaa

Related Commands

Command	Description
clear configure pop3s	Removes the POP3S configuration.
pop3s	Creates or edits a POP3S e-mail proxy configuration.

show running-config prefix-list

To display the prefix-list command in the running configuration, use the show running-config prefix-list command in privileged EXEC mode.

show running-config prefix-list

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
7.0(1)	This command was changed from the show prefix-list command to the show running-config prefix-list command.
9.0(1)	Multiple context modde is supported.

Usage Guidelines

The prefix-list description commands always appear before their associated prefix-list commands in the running configuration. It does not matter what order you entered them.

Examples

The following is sample output from the show running-config prefix-list command:

hostname# show running-config prefix-list

!

prefix-list abc description A sample prefix list

prefix-list abc seq 5 permit 192.168.0.0/8 le 24

prefix-list abc seq 10 deny 10.0.0.0/8 le 32 

!

Related Commands

Command	Description
clear configure prefix-list	Clears the prefix-list commands from the running configuration.

show running-config priority-queue

To display the priority queue configuration details for an interface, use the show running-config priority-queue command in privileged EXEC mode.

show running-config priority-queue interface-name

Syntax Description

interface-name

Specifies the name of the interface for which you want to show the priority queue details

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

This example shows the use of the show running-config priority-queue command for the interface named test, and the command output:

hostname# show running-config priority-queue test

priority-queue test

  queue-limit   50

  tx-ring-limit 10

hostname#

Related Commands

Command	Description
clear configure priority-queue	Removes the priority-queue configuration from the named interface.
priority-queue	Configures priority queueing on an interface.
show priority-queue statistics	Shows the statistics for the priority queue configured on the named interface.

show running-config privilege

To display the privileges for a command or a set of commands, use the show running-config privilege command in privileged EXEC mode.

show running-config [all] privilege [all | command command | level level]

Syntax Description

all	(Optional) First occurrence -- Displays the default privilege level.
all	(Optional) Second occurrence -- Displays the privilege level for all commands.
command command	(Optional) Displays the privilege level for a specific command.
level level	(Optional) Displays the commands that are configured with the specified level; valid values are from 0 to 15.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	—	—	•

Command History

Release	Modification
7.0(1)	This command was modified for this release to conform to CLI guidelines.

Usage Guidelines

Use the show running-config privilege command to view the current privilege level.

Examples

hostname(config)# show running-config privilege level 0

privilege show level 0 command checksum

privilege show level 0 command curpriv

privilege configure level 0 mode enable command enable

privilege show level 0 command history

privilege configure level 0 command login

privilege configure level 0 command logout

privilege show level 0 command pager

privilege clear level 0 command pager

privilege configure level 0 command pager

privilege configure level 0 command quit

privilege show level 0 command version

Related Commands

Command	Description
clear configure privilege	Remove privilege command statements from the configuration.
privilege	Configure the command privilege levels.
show curpriv	Display current privilege level.
show running-config privilege	Display privilege levels for commands.

show running-config quota management-session

To show the current value of the management session quota, use the show running-config quota management-session command in privileged EXEC mode.

show running-config [all] quota management-session

Syntax Description

all	Displays the current value of the management session quota.

Defaults

The default is 0.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
8.4(4.1)	This command was introduced.

Usage Guidelines

The current value of the quota management session does not appear if it is set to the default value of 0.

Examples

The following is sample output from the show running-config quota management-session command:

hostname# show running-config quota management-session

quota management-session 250

Related Commands

Command	Description
show quota management-session	Shows statistics for the management session.
quota management-session	Sets the number of simultaneous ASDM, SSH, and Telnet sessions allowed on the device.

show running-config regex

To display all regular expressions configured with the regex command, use the show running-config regex command in privileged EXEC mode.

show running-config regex

Syntax Description

This command has no arguments or keywords.

Defaults

No default behaviors or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output of the show running-config regex command, which shows all regular expressions:

hostname# show running-config regex

regex test "string"

Related Commands

Command	Description
class-map type regex	Creates a regular expression class map.
clear configure regex	Clears all regular expressions.
regex	Creates a regular expression.
test regex	Tests a regular expression.

show running-config route

To display the route configuration that is running on the ASA, use the show running-config route command in privileged EXEC mode.

show running-config [all] route

Syntax Description

No default behavior or values.

Defaults

This command has no arguments or keywords.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword running-config.

Examples

The following is sample output from the show running-config route command:

hostname# show running-config route

route outside 10.30.10.0 255.255.255.0 1

Related Commands

Command	Description
clear configure route	Removes the route commands from the configuration that do not contain the connect keyword.
route	Specifies a static or default route for the an interface.
show route	Displays route information.

show running-config route-map

To display the information about the route map configuration, use the show running-config route-map command in privileged EXEC mode.

show running-config route-map [map_tag]

Syntax Description

map_tag

(Optional) Text for the route-map tag.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	•	—

Command History

Release	Modification
7.0(1)	Added keyword running-config.

Usage Guidelines

To show all route-maps defined in the configuration, use the show running-config route-map command. To show individual route-maps by name, use the show running-config route-map map_tag command, where map_tag is the name of the route-map. Multiple route maps may share the same map tag name.

Examples

The following is sample output from the show running-config route-map command:

hostname# show running-config route-map

route-map maptag1 permit sequence 10

set metric 5

match metric 3

route-map maptag1 permit sequence 12

set metric 5

match interface backup

match metric 3

route-map maptag2 deny sequence 10

match interface dmz

Related Commands

Command	Description
clear configure route-map	Removes the conditions for redistributing the routes from one routing protocol into another routing protocol.
route-map	Defines the conditions for redistributing routes from one routing protocol into another.

show running-config router

To display the global configuration commands for the specified routing protocol, use the show running-config router command in privileged EXEC mode.

show running-config [all] router [ospf [process_id] | rip | eigrp [as-number]]

Syntax Description

all	Shows all router commands, including the commands you have not changed from the default.
as-number	(Optional) Displays the router configuration commands for the specified EIGRP autonomous system number. If not specified, the router configuration commands for all EIGRP routing processes are displayed. Because only one EIGRP routing process is supported on the ASA, including the optional as-number argument has the same effect as omitting it.
eigrp	(Optional) Displays the EIGRP router configuration commands.
ospf	(Optional) Displays the OSPF router configuration commands.
process_id	(Optional) Displays the commands for the selected OSPF process.
rip	(Optional) Displays the RIP router configuration commands.

Defaults

If a routing protocol is not specified, the router configuration commands for all configured routing protocols are displayed.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•	—	—

Command History

Release	Modification
7.0(1)	This command was changed from the show router command to the show running-config router command.
8.0(2)	This command was modified to include the eigrp keyword.

Examples

The following is sample output from the show running-config router ospf command:

hostname# show running-config router ospf 1

router ospf 1

  log-adj-changes detail

  ignore lsa mospf

  no compatible rfc1583

  distance ospf external 200

  timers spf 10 20

  timers lsa-group-pacing 60

The following is sample output from the show running-config router rip command:

hostname# show running-config router rip

router rip

	network 10.0.0.0

	version 2

	no auto-summary

Related Commands

Command	Description
clear configure router	Clears all router commands from the running configuration.
router eigrp	Enables an EIGRP routing process and enters router configuration mode for that process.
router ospf	Enables an OSPF routing process and enters router configuration mode for that process.
router rip	Enables a RIP routing process and enters router configuration mode for that process.