Table Of Contents

show scansafe through show switch vlan Commands

show scansafe server

show scansafe statistics

show service-policy

show shared license

show shun

show sip

show skinny

show sla monitor configuration

show sla monitor operational-state

show snmp-server engineid

show snmp-server group

show snmp-server statistics

show snmp-server user

show software authenticity file

show ssh sessions

show ssl

show startup-config

show sunrpc-server active

show switch mac-address-table

show switch vlan

show scansafe through show switch vlan Commands

---

show scansafe server

To show the status of the Cloud Web Security proxy servers, use the show scansafe server command in privileged EXEC mode.

show scansafe server

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	—	•

Command History

Release	Modification
9.0(1)	We introduced this command.

Usage Guidelines

This command shows the status of the server, whether it is the current active server, the backup server, or unreachable.

Examples

The following is sample output from the show scansafe server command:

hostname# show scansafe server

hostname# Primary: proxy197.scansafe.net (72.37.244.115) (REACHABLE)*

hostname# Backup: proxy137.scansafe.net (80.254.152.99) 

Related Commands

Command	Description
class-map type inspect scansafe	Creates an inspection class map for whitelisted users and groups.
default user group	Specifies the default username and/or group if the ASA cannot determine the identity of the user coming into the ASA.
http[s] (parameters)	Specifies the service type for the inspection policy map, either HTTP or HTTPS.
inspect scansafe	Enables Cloud Web Security inspection on the traffic in a class.
license	Configures the authentication key that the ASA sends to the Cloud Web Security proxy servers to indicate from which organization the request comes.
match user group	Matches a user or group for a whitelist.
policy-map type inspect scansafe	Creates an inspection policy map so you can configure essential parameters for the rule and also optionally identify the whitelist.
retry-count	Enters the retry counter value, which is the amount of time that the ASA waits before polling the Cloud Web Security proxy server to check its availability.
scansafe	In multiple context mode, allows Cloud Web Security per context.
scansafe general-options	Configures general Cloud Web Security server options.
server {primary | backup}	Configures the fully qualified domain name or IP address of the primary or backup Cloud Web Security proxy servers.
show conn scansafe	Shows all Cloud Web Security connections, as noted by the capitol Z flag.
show scansafe statistics	Shows total and current http connections.
user-identity monitor	Downloads the specified user or group information from the AD agent.
whitelist	Performs the whitelist action on the class of traffic.

show scansafe statistics

To show information about Cloud Web Security activity, use the show scansafe statistics command in privileged EXEC mode.

show scansafe statistics

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Global configuration	•	•	•	—	•

Command History

Release	Modification
9.0(1)	We introduced this command.

Usage Guidelines

The show scansafe statistics command shows information about Cloud Web Security activity, such as the number of connections redirected to the proxy server, the number of current connections being redirected, and the number of whitelisted connections.

Examples

The following is sample output from the show scansafe statistics command:

hostname# show scansafe statistics 

Current HTTP sessions : 0

Current HTTPS sessions : 0

Total HTTP Sessions : 0

Total HTTPS Sessions : 0

Total Fail HTTP sessions : 0

Total Fail HTTPS sessions : 0

Total Bytes In : 0 Bytes

Total Bytes Out : 0 Bytes

HTTP session Connect Latency in ms(min/max/avg) : 0/0/0

HTTPS session Connect Latency in ms(min/max/avg) : 0/0/0

Related Commands

Command	Description
class-map type inspect scansafe	Creates an inspection class map for whitelisted users and groups.
default user group	Specifies the default username and/or group if the ASA cannot determine the identity of the user coming into the ASA.
http[s] (parameters)	Specifies the service type for the inspection policy map, either HTTP or HTTPS.
inspect scansafe	Enables Cloud Web Security inspection on the traffic in a class.
license	Configures the authentication key that the ASA sends to the Cloud Web Security proxy servers to indicate from which organization the request comes.
match user group	Matches a user or group for a whitelist.
policy-map type inspect scansafe	Creates an inspection policy map so you can configure essential parameters for the rule and also optionally identify the whitelist.
retry-count	Enters the retry counter value, which is the amount of time that the ASA waits before polling the Cloud Web Security proxy server to check its availability.
scansafe	In multiple context mode, allows Cloud Web Security per context.
scansafe general-options	Configures general Cloud Web Security server options.
server {primary | backup}	Configures the fully qualified domain name or IP address of the primary or backup Cloud Web Security proxy servers.
show conn scansafe	Shows all Cloud Web Security connections, as noted by the capitol Z flag.
show scansafe server	Shows the status of the server, whether it's the current active server, the backup server, or unreachable.
user-identity monitor	Downloads the specified user or group information from the AD agent.
whitelist	Performs the whitelist action on the class of traffic.

show service-policy

To display the service policy statistics, use the show service-policy command in privileged EXEC mode.

show service-policy [global | interface intf] [csc | cxsc | inspect inspection [arguments] | ips | police | priority | set connection [details] | shape | user-statistics]

show service-policy [global | interface intf] [flow protocol {host src_host | src_ip src_mask} [eq src_port] {host dest_host | dest_ip dest_mask} [eq dest_port] [icmp_number | icmp_control_message]]

Syntax Description

csc	(Optional) Shows detailed information about policies that include the csc command.
cxsc	(Optional) Shows detailed information about policies that include the cxsc command.
dest_ip dest_mask	For the flow keyword, the destination IP address and netmask of the traffic flow.
details	(Optional) For the set connection keyword, displays per-client connection information, if a per-client connection limit is enabled.
eq dest_port	(Optional) For the flow keyword, equals the destination port for the flow.
eq src_port	(Optional) For the flow keyword, equals the source port for the flow.
flow protocol	(Optional) Shows policies that match a particular flow identified by the 5-tuple (protocol, source IP address, source port, destination IP address, destination port). You can use this command to check that your service policy configuration will provide the services you want for specific connections. Because the flow is described as a 5-tuple, not all policies are supported. See the following supported policy matches: •match access-list •match port •match rtp •match default-inspection-traffic
global	(Optional) Limits output to the global policy.
host dest_host	For the flow keyword, the host destination IP address of the traffic flow.
host src_host	For the flow keyword, the host source IP address of the traffic flow.
icmp_control_message	(Optional) For the flow keyword when you specify ICMP as the protocol, specifies an ICMP control message of the traffic flow.
icmp_number	(Optional) For the flow keyword when you specify ICMP as the protocol, specifies the ICMP protocol number of the traffic flow.
inspect inspection [arguments]	(Optional) Shows detailed information about policies that include an inspect command. Not all inspect commands are supported for detailed output. To see all inspections, use the show service-policy command without any arguments. The arguments available for each inspection vary; see the CLI help for more information.
interface intf	(Optional) Displays policies applied to the interface specified by the intf argument, where intf is the interface name given by the nameif command.
ips	(Optional) Shows detailed information about policies that include the ips command.
police	(Optional) Shows detailed information about policies that include the police command.
priority	(Optional) Shows detailed information about policies that include the priority command.
set connection	(Optional) Shows detailed information about policies that include the set connection command.
shape	(Optional) Shows detailed information about policies that include the shape command.
src_ip src_mask	For the flow keyword, the source IP address and netmask used in the traffic flow.
user-statistics	(Optional) Shows detailed information about policies that include the user-statistics command. This command displays user statistics for the Identify Firewall, including sent packet count, sent drop count, received packet count, and send drop count for selected users.

Defaults

If you do not specify any arguments, this command shows all global and interface policies.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
7.1(1)	The csc keyword was added.
7.2(4)/8.0(4)	The shape keyword was added.
8.4(2)	We added support for the user-statistics keyword for the Identity Firewall.
8.4(4.1)	We added support for the cxsc keyword for the ASA CX module.

Usage Guidelines

The number of embryonic connections displayed in the show service-policy command output indicates the current number of embryonic connections to an interface for traffic matching that defined by the class-map command. The "embryonic-conn-max" field shows the maximum embryonic limit configured for the traffic class using the Modular Policy Framework. If the current embryonic connections displayed equals or exceeds the maximum, TCP intercept is applied to new TCP connections that match the traffic type defined by the class-map command.

When you make service policy changes to the configuration, all new connections use the new service policy. Existing connections continue to use the policy that was configured at the time of the connection establishment. show command output will not include data about the old connections. For example, if you remove a QoS service policy from an interface, then re-add a modified version, then the show service-policy command only displays QoS counters associated with new connections that match the new service policy; existing connections on the old policy no longer show in the command output. To ensure that all connections use the new policy, you need to disconnect the current connections so they can reconnect using the new policy. See the clear conn or clear local-host commands.

---

Note For an inspect icmp and inspect icmp error policies, the packet counts only include the echo request and reply packets.

---

Examples

The following is sample output from the show service-policy global command:

hostname# show service-policy global

Global policy:

  Service-policy: inbound_policy

    Class-map: ftp-port

      Inspect: ftp strict inbound_ftp, packet 0, drop 0, reset-drop 0

The following is sample output from the show service-policy priority command:

hostname# show service-policy priority

Interface outside:

Global policy:

  Service-policy: sa_global_fw_policy

Interface outside:

  Service-policy: ramap

    Class-map: clientmap

      Priority:

        Interface outside: aggregate drop 0, aggregate transmit 5207048

    Class-map: udpmap

      Priority:

        Interface outside: aggregate drop 0,  aggregate transmit 5207048

    Class-map: cmap

The following is sample output from the show service-policy flow command:

hostname# show service-policy flow udp host 209.165.200.229 host 209.165.202.158 eq 5060

Global policy: 

  Service-policy: f1_global_fw_policy

    Class-map: inspection_default

      Match: default-inspection-traffic

      Action:

        Input flow:  inspect sip 

Interface outside:

  Service-policy: test

    Class-map: test

      Match: access-list test

        Access rule: permit ip 209.165.200.229 255.255.255.224 209.165.202.158 
255.255.255.224

      Action:

        Input flow:  ids inline

        Input flow:  set connection conn-max 10 embryonic-conn-max 20

The following is sample output from the show service-policy inspect http command. This example shows the statistics of each match command in a match-any class map.

hostname# show service-policy inspect http

Global policy: 

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: http http, packet 1916, drop 0, reset-drop 0

        protocol violations

          packet 0

        class http_any (match-any) 

          Match: request method get, 638 packets

          Match: request method put, 10 packets

          Match: request method post, 0 packets

          Match: request method connect, 0 packets

          log, packet 648

The following is sample output from the show service-policy inspect waas command. This example shows the waas statistics.

hostname# show service-policy inspect waas

Global policy: 

  Service-policy: global_policy

    Class-map: WAAS

      Inspect: waas, packet 12, drop 0, reset-drop 0

		SYN with WAAS option 4

		SYN-ACK with WAAS option 4

		Confirmed WAAS connections 4

		Invalid ACKs seen on WAAS connections 0

		Data exceeding window size on WAAS connections 0

The following is sample output from the show gtp requests command:

hostname# show gtp requests

0 in use, 0 most used, 200 maximum allowed

You can use the vertical bar | to filter the display, as in the following example:

hostname# show service-policy gtp statistics | grep gsn

This example shows the GTP statistics with the word gsn in the output.

The following command shows the statistics for GTP inspection:

hostname# show service-policy inspect gtp statistics

GPRS GTP Statistics:

  version_not_support | 0 | msg_too_short | 0

  unknown_msg | 0 | unexpected_sig_msg | 0

  unexpected_data_msg | 0 | ie_duplicated | 0

  mandatory_ie_missing | 0 | mandatory_ie_incorrect | 0

  optional_ie_incorrect | 0 | ie_unknown | 0

  ie_out_of_order | 0 | ie_unexpected | 0

  total_forwarded | 0 | total_dropped | 0

  signalling_msg_dropped | 0 | data_msg_dropped | 0

  signalling_msg_forwarded | 0 | data_msg_forwarded | 0

  total created_pdp | 0 | total deleted_pdp | 0

  total created_pdpmcb | 0 | total deleted_pdpmcb | 0

  pdp_non_existent | 0

Table 58-1 describes each column of the output from the show service-policy inspect gtp statistics command.

Table 58-1 GPRS GTP Statistics

Column Heading	Description
version_not_support	Displays packets with an unsupported GTP version field.
msg_too_short	Displays packets less than 8 bytes in length.
unknown_msg	Displays unknown type messages.
unexpected_data_msg	Displays unexpected data messages.
mandatory_ie_missing	Displays messages missing a mandatory Information Element (IE).
mandatory_ie_incorrect	Displays messages with an incorrectly formatted mandatory Information Element (IE).
optional_ie_incorrect	Displays messages with an incorrectly formatted optional Information Element (IE).
ie_unknown	Displays messages with an unknown Information Element (IE).
ie_out_of_order	Displays messages with out-of-sequence Information Elements (IEs).
ie_unexpected	Displays messages with an unexpected Information Element (IE).
total_forwarded	Displays the total messages forwarded.
total_dropped	Displays the total messages dropped.
signalling_msg_dropped	Displays the signaling messages dropped.
data_msg_dropped	Displays the data messages dropped.
signalling_msg_forwarded	Displays the signaling messages forwarded.
data_msg_forwarded	Displays the data messages forwarded.
total created_pdp	Displays the total Packet Data Protocol (PDP) contexts created.
total deleted_pdp	Displays the total Packet Data Protocol (PDP) contexts deleted.
total created_pdpmcb	Displays the total PDPMCB sessions created.
total deleted_pdpmcb	Displays the total PDPMCB sessions deleted.
pdp_non_existent	Displays the messages received for a non-existent PDP context.

The following command displays information about the PDP contexts:

hostname# show service-policy inspect gtp pdp-context

1 in use, 1 most used, timeout 0:00:00

Version TID | MS Addr | SGSN Addr | Idle | APN

v1 | 1234567890123425 | 1.1.1.1 | 11.0.0.2 0:00:13  gprs.cisco.com

 | user_name (IMSI): 214365870921435 | MS address: | 1.1.1.1

 | primary pdp: Y | nsapi: 2

 | sgsn_addr_signal: | 11.0.0.2 | sgsn_addr_data: | 11.0.0.2

 | ggsn_addr_signal: | 9.9.9.9 | ggsn_addr_data: | 9.9.9.9

 | sgsn control teid: | 0x000001d1 | sgsn data teid: | 0x000001d3

 | ggsn control teid: | 0x6306ffa0 | ggsn data teid: | 0x6305f9fc

 | seq_tpdu_up: | 0 | seq_tpdu_down: | 0

 | signal_sequence: | 0

 | upstream_signal_flow: | 0 | upstream_data_flow: | 0

 | downstream_signal_flow: | 0 | downstream_data_flow: | 0

 | RAupdate_flow: | 0

Table 58-2 describes each column of the output from the show service-policy inspect gtp pdp-context command.

Table 58-2 PDP Contexts

Column Heading	Description
Version	Displays the version of GTP.
TID	Displays the tunnel identifier.
MS Addr	Displays the mobile station address.
SGSN Addr	Displays the serving gateway service node.
Idle	Displays the time for which the PDP context has not been in use.
APN	Displays the access point name.

Related Commands

Command	Description
clear configure service-policy	Clears service policy configurations.
clear service-policy	Clears all service policy configurations.
service-policy	Configures the service policy.
show running-config service-policy	Displays the service policies configured in the running configuration.

show shared license

To show shared license statistics, use the show shared license command in privileged EXEC mode. Optional keywords are available only for the licensing server.

show shared license [detail | client [hostname] | backup]

Syntax Description

backup	(Optional) Shows information about the backup server.
client	(Optional) Limits the display to participants.
detail	(Optional) Shows all statistics, including per participant.
hostname	(Optional) Limits the display to a particular participant.

Command Default

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	—	•		—

Command History

Release	Modification
8.2(1)	This command was introduced.

Usage Guidelines

To clear the statistics, enter the clear shared license command.

Examples

The following is sample output from the show shared license command on the license participant:

hostname# show shared license

Primary License Server : 10.3.32.20

  Version              : 1

  Status               : Inactive

Shared license utilization:

  SSLVPN:

    Total for network :     5000

    Available         :     5000

    Utilized          :        0

  This device:

    Platform limit    :      250

    Current usage     :        0

    High usage        :        0

  Messages Tx/Rx/Error:

    Registration    : 0 / 0 / 0

    Get             : 0 / 0 / 0

    Release         : 0 / 0 / 0

    Transfer        : 0 / 0 / 0

Client ID           Usage   Hostname

  ASA0926K04D         0       5510-B

Table 58-3 describes the output from the show shared license command.

Table 58-3 show shared license Description

Field	Description
Primary License Server	The IP address of the primary server.
Version	The shared license version.
Status	If the command is issued on the backup server, "Active" means that this device has taken on the role as a Primary Shared Licensing server. "Inactive" means that the device is ready in standby mode, and the device is communicating with the primary server. If failover is configured on the primary licensing server, the backup server may become "Active" for a brief moment during a failover but should return to "Inactive" after communications have synced up again.
Shared license utilization
SSLVPN
Total for network	Displays the total number of shared sessions available.
Available	Displays the remaining shared sessions available.
Utilized	Displays the shared sessions obtained for the active license server.
This device
Platform limit	Displays the total number of SSL VPN sessions for this device according to the installed license.
Current usage	Displays the number of shared SSL VPN session currently owned by this device from the shared pool.
High usage	Displays the highest number of shared SSL VPN sessions ever owned by this device.
Messages Tx/Rx/Error
Registration Get Release Transfer	Shows the Transmit, Received, and Error packets of each type of connection.
Client ID	A unique client ID.
Usage	Displays the number of sessions in use.
Hostname	Displays the hostname for this device.

The following is sample output from the show shared license detail command on the license server:

hostname# show shared license detail

Backup License Server Info:

Device ID           : ABCD

Address             : 10.1.1.2

Registered          : NO

HA peer ID          : EFGH

Registered          : NO

  Messages Tx/Rx/Error:

    Hello           : 0 / 0 / 0

    Sync            : 0 / 0 / 0

    Update          : 0 / 0 / 0

Shared license utilization:

  SSLVPN:

    Total for network :      500

    Available         :      500

    Utilized          :        0

  This device:

    Platform limit    :      250

    Current usage     :        0

    High usage        :        0

  Messages Tx/Rx/Error:

    Registration    : 0 / 0 / 0

    Get             : 0 / 0 / 0

    Release         : 0 / 0 / 0

    Transfer        : 0 / 0 / 0

Client Info:

  Hostname          : 5540-A

  Device ID         : XXXXXXXXXXX

  SSLVPN:

    Current usage   : 0

    High            : 0

  Messages Tx/Rx/Error:

    Registration    : 1 / 1 / 0

    Get             : 0 / 0 / 0

    Release         : 0 / 0 / 0

    Transfer        : 0 / 0 / 0

...

Related Commands

Command	Description
activation-key	Enters a license activation key.
clear configure license-server	Clears the shared licensing server configuration.
clear shared license	Clears shared license statistics.
license-server address	Identifies the shared licensing server IP address and shared secret for a participant.
license-server backup address	Identifies the shared licensing backup server for a participant.
license-server backup backup-id	Identifies the backup server IP address and serial number for the main shared licensing server.
license-server backup enable	Enables a unit to be the shared licensing backup server.
license-server enable	Enables a unit to be the shared licensing server.
license-server port	Sets the port on which the server listens for SSL connections from participants.
license-server refresh-interval	Sets the refresh interval provided to participants to set how often they should communicate with the server.
license-server secret	Sets the shared secret on the shared licensing server.
show activation-key	Shows the current licenses installed.
show running-config license-server	Shows the shared licensing server configuration.
show vpn-sessiondb	Shows license information about VPN sessions.

show shun

To display shun information, use the show shun command in privileged EXEC mode.

show shun [src_ip | statistics]

Syntax Description

src_ip	(Optional) Displays the information for that address.
statistics	(Optional) Displays the interface counters only.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
8.2(2)	For threat events, the severity level was changed from a warning to a notification. Threat events can be triggered every five minutes.

Examples

The following is sample output from the show shun command:

hostname# show shun

shun (outside) 10.1.1.27 10.2.2.89 555 666 6

shun (inside1) 10.1.1.27 10.2.2.89 555 666 6

Related Commands

Command	Description
clear shun	Disables all the shuns that are currently enabled and clears the shun statistics.
shun	Enables a dynamic response to an attacking host by preventing new connections and disallowing packets from any existing connection.

show sip

To display SIP sessions, use the show sip command in privileged EXEC mode.

show sip

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	•

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show sip command assists in troubleshooting SIP inspection engine issues and is described with the inspect protocol sip udp 5060 command. The show timeout sip command displays the timeout value of the designated protocol.

The show sip command displays information for SIP sessions established across the ASA. Along with the debug sip and show local-host commands, this command is used for troubleshooting SIP inspection engine issues.

---

Note We recommend that you configure the pager command before using the show sip command. If there are a lot of SIP session records and the pager command is not configured, it will take a while for the show sip command output to reach its end.

---

Examples

The following is sample output from the show sip command:

hostname# show sip

Total: 2

call-id c3943000-960ca-2e43-228f@10.130.56.44

 | state Call init, idle 0:00:01

call-id c3943000-860ca-7e1f-11f7@10.130.56.45

 | state Active, idle 0:00:06

This sample shows two active SIP sessions on the ASA (as shown in the Total field). Each call-id represents a call.

The first session, with the call-id c3943000-960ca-2e43-228f@10.130.56.44, is in the state Call Init, which means the session is still in call setup. Call setup is complete only when the ACK is seen. This session has been idle for 1 second.

The second session is in the state Active, in which call setup is complete and the endpoints are exchanging media. This session has been idle for 6 seconds.

Related Commands

Commands	Description
class-map	Defines the traffic class to which to apply security actions.
debug sip	Enables debug information for SIP.
inspect sip	Enables SIP application inspection.
show conn	Displays the connection state for different connection types.
timeout	Sets the maximum idle time duration for different protocols and session types.

show skinny

To troubleshoot SCCP (Skinny) inspection engine issues, use the show skinny command in privileged EXEC mode.

show skinny

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

The show skinny command assists in troubleshooting SCCP (Skinny) inspection engine issues.

Examples

The following is sample output from the show skinny command under the following conditions. There are two active Skinny sessions set up across the ASA. The first one is established between an internal Cisco IP Phone at local address 10.0.0.11 and an external Cisco CallManager at 172.18.1.33. TCP port 2000 is the CallManager. The second one is established between another internal Cisco IP Phone at local address 10.0.0.22 and the same Cisco CallManager.

hostname# show skinny

        LOCAL                   FOREIGN                 STATE

---------------------------------------------------------------

1       10.0.0.11/52238         172.18.1.33/2000                1

  MEDIA 10.0.0.11/22948         172.18.1.22/20798

2       10.0.0.22/52232         172.18.1.33/2000                1

  MEDIA 10.0.0.22/20798         172.18.1.11/22948

The output indicates a call has been established between both internal Cisco IP Phones. The RTP listening ports of the first and second phones are UDP 22948 and 20798 respectively.

The following is the xlate information for these Skinny connections:

hostname# show xlate debug

2 in use, 2 most used

Flags: D | DNS, d | dump, I | identity, i | inside, n | no random,

 | o | outside, r | portmap, s | static

NAT from inside:10.0.0.11 to outside:172.18.1.11 flags si idle 0:00:16 timeout 0:05:00

NAT from inside:10.0.0.22 to outside:172.18.1.22 flags si idle 0:00:14 timeout 0:05:00

Related Commands

Commands	Description
class-map	Defines the traffic class to which to apply security actions.
debug skinny	Enables SCCP debug information.
inspect skinny	Enables SCCP application inspection.
show conn	Displays the connection state for different connection types.
timeout	Sets the maximum idle time duration for different protocols and session types.

show sla monitor configuration

To display the configuration values, including the defaults, for SLA operations, use the show sla monitor configuration command in user EXEC mode.

show sla monitor configuration [sla-id]

Syntax Description

sla-id

(Optional) The ID number of the SLA operation. Valid values are from 1 to 2147483647.

Defaults

If the sla-id is not specified, the configuration values for all SLA operations are shown.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
User EXEC	•	•	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

Use the show running config sla monitor command to see the SLA operation commands in the running configuration.

Examples

The following is sample output from the show sla monitor command. It displays the configuration values for SLA operation 123. Following the output of the show sla monitor command is the output of the show running-config sla monitor command for the same SLA operation.

hostname> show sla monitor 124

SA Agent, Infrastructure Engine-II

Entry number: 124

Owner: 

Tag: 

Type of operation to perform: echo

Target address: 10.1.1.1

Interface: outside

Number of packets: 1

Request size (ARR data portion): 28

Operation timeout (milliseconds): 1000

Type Of Service parameters: 0x0

Verify data: No

Operation frequency (seconds): 3

Next Scheduled Start Time: Start Time already passed

Group Scheduled : FALSE

Life (seconds): Forever

Entry Ageout (seconds): never

Recurring (Starting Everyday): FALSE

Status of entry (SNMP RowStatus): Active

Enhanced History:

hostname# show running-config sla monitor 124

sla monitor 124

 type echo protocol ipIcmpEcho 10.1.1.1 interface outside

 timeout 1000

 frequency 3

sla monitor schedule 124 life forever start-time now

Related Commands

Command	Description
show running-config sla monitor	Displays the SLA operation configuration commands in the running configuration.
sla monitor	Defines an SLA monitoring operation.

show sla monitor operational-state

To display the operational state of SLA operations, use the show sla monitor operational-state command in user EXEC mode.

show sla monitor operational-state [sla-id]

Syntax Description

sla-id

(Optional) The ID number of the SLA operation. Valid values are from 1 to 2147483647.

Defaults

If the sla-id is not specified, statistics for all SLA operations are displayed.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
User EXEC	•	•	•	•	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

Use the show running-config sla monitor command to display the SLA operation commands in the running configuration.

Examples

The following is sample output from the show sla monitor operational-state command:

hostname> show sla monitor operationl-state

Entry number: 124

Modification time: 14:42:23.607 EST Wed Mar 22 2006

Number of Octets Used by this Entry: 1480

Number of operations attempted: 4043

Number of operations skipped: 0

Current seconds left in Life: Forever

Operational state of entry: Active

Last time this entry was reset: Never

Connection loss occurred: FALSE

Timeout occurred: TRUE

Over thresholds occurred: FALSE

Latest RTT (milliseconds): NoConnection/Busy/Timeout

Latest operation start time: 18:04:26.609 EST Wed Mar 22 2006

Latest operation return code: Timeout

RTT Values:

RTTAvg: 0       RTTMin: 0       RTTMax: 0

NumOfRTT: 0     RTTSum: 0       RTTSum2: 0

Related Commands

Command	Description
show running-config sla monitor	Displays the SLA operation configuration commands in the running configuration.
sla monitor	Defines an SLA monitoring operation.

show snmp-server engineid

To display the identification of the SNMP engine that has been configured on the ASA, use the show snmp-server engineid command in privileged EXEC mode.

show snmp-server engineid

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.2(1)	This command was introduced.

Examples

The following is sample output from the show snmp-server engineid command:

hostname# show snmp-server engineid

Local SNMP engineID: 80000009fe85f8fd882920834a3af7e4ca79a0a1220fe10685

Usage Guidelines

An SNMP engine is a copy of SNMP that can reside on a local device. The engine ID is a unique value that is assigned for each SNMP agent for each ASA context. The engine ID is not configurable on the ASA. The engine ID is 25 bytes long, and is used to generate encrypted passwords. The encrypted passwords are then stored in flash memory. The engine ID can be cached. In a failover pair, the engine ID is synchronized with the peer.

Related Commands

Command	Description
clear configure snmp-server	Clears the SNMP server configuration.
show running-config snmp-server	Displays the SNMP server configuration.
snmp-server	Configures the SNMP server.

show snmp-server group

To display the names of configured SNMP groups, the security model being used, the status of different views, and the storage type of each group, use the show snmp-server group command in privileged EXEC mode.

show snmp-server group

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.2(1)	This command was introduced.

Examples

The following is sample output from the show snmp-server group command:

hostname# show snmp-server group

groupname: public                           security model:v1

readview : <no readview specified>          writeview: <no writeview specified>

notifyview: <no readview specified>

row status: active

groupname: public                           security model:v2c

readview : <no readview specified>          writeview: <no writeview specified>

notifyview: *<no readview specified>

row status: active

groupname: privgroup                   security model:v3 priv

readview : def_read_view               writeview: <no writeview specified>

notifyview: def_notify_view

row status: active

Usage Guidelines

SNMP users and groups are used according to the View-based Access Control Model (VACM) for SNMP. The SNMP group determines the security model to be used. The SNMP user should match the security model of the SNMP group. Each SNMP group name and security level pair must be unique.

Related Commands

Command	Description
clear configure snmp-server	Clears the SNMP server configuration.
show running-config snmp-server	Displays the SNMP server configuration.
snmp-server	Configures the SNMP server.

show snmp-server statistics

To display SNMP server statistics, use the show snmp-server statistics command in privileged EXEC mode.

show snmp-server statistics

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Examples

The following is sample output from the show snmp-server statistics command:

hostname# show snmp-server statistics

0 SNMP packets input

    0 Bad SNMP version errors

    0 Unknown community name

    0 Illegal operation for community name supplied

    0 Encoding errors

    0 Number of requested variables

    0 Number of altered variables

    0 Get-request PDUs

    0 Get-next PDUs

    0 Get-bulk PDUs

    0 Set-request PDUs (Not supported)

0 SNMP packets output

    0 Too big errors (Maximum packet size 512)

    0 No such name errors

    0 Bad values errors

    0 General errors

    0 Response PDUs

    0 Trap PDUs

Related Commands

Command	Description
clear configure snmp-server	Clears the SNMP server configuration.
clear snmp-server statistics	Clears the SNMP packet input and output counters.
show running-config snmp-server	Displays the SNMP server configuration.
snmp-server	Configures the SNMP server.

show snmp-server user

To display information about the configured characteristics of SNMP users, use the show snmp-server user command in privileged EXEC mode.

show snmp-server user [username]

Syntax Description

username

(Optional) Identifies a specific user or users about which to display SNMP information.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.2(1)	This command was introduced.

Examples

The following is sample output from the show snmp-server user command:

hostname# show snmp-server user authuser

User name: authuser 

Engine ID: 00000009020000000C025808 

storage-type: nonvolatile       active access-list: N/A

Rowstatus: active 

Authentication Protocol: MD5

Privacy protocol: DES 

Group name: VacmGroupName 

The output provides the following information:

•The username, which is a string that identifies the name of the SNMP user.

•The engine ID, which is a string that identifies the copy of SNMP on the ASA.

•The storage-type, which indicates whether or not the settings have been set in volatile or temporary memory on the ASA, or in nonvolatile or persistent memory, in which settings remain after the ASA has been turned off and on again.

•The active access list, which is the standard IP access list associated with the SNMP user.

•The Rowstatus, which indicates whether or not it is active or inactive.

•The authentication protocol, which identifies which authentication protocol is being used. Options are MD5, SHA, or none. If authentication is not supported in your software image, this field does not appear.

•The privacy protocol, which indicates whether or not DES packet encryption is enabled. If privacy is not supported in your software image, this field does not appear.

•The group name, which indicates to which SNMP group the user belongs. SNMP groups are defined according to the View-based Access Control Model (VACM).

Usage Guidelines

An SNMP user must be part of an SNMP group. If you do not enter the username argument, the show snmp-server user command displays information about all configured users. If you enter the username argument and the user exists, the information about that user appears.

Related Commands

Command	Description
clear configure snmp-server	Clears the SNMP server configuration.
show running-config snmp-server	Displays the SNMP server configuration.
snmp-server	Configures the SNMP server.

show software authenticity file

To display digital signature information related to software authentication for a specific image file, use the show software authenticity file command in privileged EXEC mode.

show software authenticity[filename]

Syntax Description

filename

(Optional) Identifies a specific image file.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
9.1(3)	This command was introduced.

Examples

The following is sample output from the show software authenticity file command:

hostname# show software authenticity file asa913.SSA

File Name                     : disk0:/asa913.SSA 

Image type                    : Development 

    Signer Information 

        Common Name           : Cisco 

        Organization Unit     : ASA5585-X 

        Organization Name     : Engineering 

    Certificate Serial Number : abcd1234efgh5678

    Hash Algorithm            : SHA512 

    Signature Algorithm       : 2048-bit RSA 

    Key Version               : A

The output provides the following information:

•The filename, which is the name of the filename in memory.

•The image type, which is the type of image being shown.

•The signer information specifies the signature information, which includes the following:

–The common name, which is the name of the software manufacturer.

–The organization unit, which indicates the hardware that the software image is deployed on.

–The organization name, which is the owner of the software image.

•The certificate serial number, which is the certificate serial number for the digital signature.

•The hash algorithm, which indicates the type of hash algorithm used in digital signature verification.

•The signature algorithm, which identifies the type of signature algorithm used in digital signature verification.

•The key version, which indicates the key version used for verification.

Related Commands

Command	Description
show version	Displays the software version, hardware configuration, license key, and related uptime data.

show ssh sessions

To display information about the active SSH sessions on the ASA, use the show ssh sessions command in privileged EXEC mode.

show ssh sessions [hostname or A.B.C.D] [hostname or X:X:X:X::X] [detail]

Syntax Description

hostname or A.B.C.D	(Optional) Displays SSH session information for only the specified SSH client IPv4 address.
hostname or X:X:X:X::X	(Optional) Displays SSH session information for only the specified SSH client IPv6 address.
detail	Displays detailed SSH session information.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.
9.1(2)	The detail option was added.

Usage Guidelines

The SID is a unique number that identifies the SSH session. The Client IP is the IP address of the system running an SSH client. The Version is the protocol version number that the SSH client supports. If the SSH only supports SSH version 1, then the Version column displays 1.5. If the SSH client supports both SSH version 1 and SSH version 2, then the Version column displays 1.99. If the SSH client only supports SSH version 2, then the Version column displays 2.0. The Encryption column shows the type of encryption that the SSH client is using. The State column shows the progress that the client is making as it interacts with the ASA. The Username column lists the login username that has been authenticated for the session. The Mode column describes the direction of the SSH data streams.

For SSH version 2, which can use the same or different encryption algorithms, the Mode field displays in and out. For SSH version 1, which uses the same encryption in both directions, the Mode field displays nil (`-') and allows only one entry per connection.

Examples

The following is sample output from the show ssh sessions command:

hostname# show ssh sessions

SID Client IP       Version Mode Encryption Hmac     State           Username

0   172.69.39.39    1.99    IN   aes128-cbc md5      SessionStarted  pat

                            OUT  aes128-cbc md5      SessionStarted  pat

1   172.23.56.236   1.5     -    3DES       -        SessionStarted  pat

2   172.69.39.29    1.99    IN   3des-cbc   sha1     SessionStarted  pat

                            OUT  3des-cbc   sha1     SessionStarted  pat

The following is sample output from the show ssh sessions detail command:

hostname# show ssh sessions detail

SSH Session ID             : 0

>   Client IP              : 161.44.66.200

>   Username               : root

>   SSH Version            : 2.0

>   State                  : SessionStarted

>   Inbound Statistics

>    Encryption            : aes256-cbc

>    HMAC                  : sha1

>    Bytes Received        : 2224

>   Outbound Statistics

>    Encryption            : aes256-cbc

>    HMAC                  : sha1

>    Bytes Transmitted     : 2856

>   Rekey Information

>    Time Remaining (sec)  : 3297

>    Data Remaining (bytes): 996145356

>    Last Rekey            : 16:17:19.732 EST Wed Jan 2 2013

>    Data-Based Rekeys     : 0

>    Time-Based Rekeys     : 0

Related Commands

Command	Description
ssh disconnect	Disconnects an active SSH session.
ssh timeout	Sets the timeout value for idle SSH sessions.

show ssl

To display information about the active SSL sessions on the ASA, use the show ssl command in privileged EXEC mode.

show ssl [cache | errors | mib | objects | detail]

Syntax Description

cache	(Optional) Displays SSL session cache statistics.
errors	(Optional) Displays SSL errors.
mib	(Optional) Displays SSL MIB statistics.
objects	(Optional) Displays SSL object statistics.
detail	Displays detailed SSH session information.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
8.4(1)	This command was introduced.
9.1(2)	The detail option was added.

Usage Guidelines

This command shows information about the current SSLv2 and SSLv3 sessions, including the enabled cipher order, which ciphers are disabled, SSL trustpoints being used, and whether or not certificate authentication is enabled.

Examples

The following is sample output from the show ssl command:

hostname# show ssl

Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1

Start connections using SSLv3 and negotiate to SSLv3 or TLSv1

Enabled cipher order: rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 
3des-sha1

Disabled ciphers: des-sha1 rc4-md5 null-sha1

SSL trust-points:

  inside interface: interfaceA

  outside interface: interfaceB

Certificate authentication is not enabled

The following is sample output from the show ssh sessions detail command:

hostname# show ssh sessions detail

SSH Session ID             : 0

>   Client IP              : 161.44.66.200

>   Username               : root

>   SSH Version            : 2.0

>   State                  : SessionStarted

>   Inbound Statistics

>    Encryption            : aes256-cbc

>    HMAC                  : sha1

>    Bytes Received        : 2224

>   Outbound Statistics

>    Encryption            : aes256-cbc

>    HMAC                  : sha1

>    Bytes Transmitted     : 2856

>   Rekey Information

>    Time Remaining (sec)  : 3297

>    Data Remaining (bytes): 996145356

>    Last Rekey            : 16:17:19.732 EST Wed Jan 2 2013

>    Data-Based Rekeys     : 0

>    Time-Based Rekeys     : 0

Related Commands

Command	Description
license-server port	Sets the port on which the server listens for SSL connections from participants.

show startup-config

To show the startup configuration or to show any errors when the startup configuration loaded, use the show startup-config command in privileged EXEC mode.

show startup-config [errors]

Syntax Description

errors

(Optional) Shows any errors that were generated when the ASA loaded the startup configuration.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System1
Privileged EXEC	•	•	•	•	•

1 The errors keyword is only available in single mode and the system execution space,

Command History

Release	Modification
7.0(1)	The errors keyword was added.
8.3(1)	The command output displays encrypted paswords.

Usage Guidelines

In multiple context mode, the show startup-config command shows the startup configuration for your current execution space: the system configuration or the security context.

The show startup-config command output displays encrypted, masked, or clear text passwords when password encryptionis either enabled or disabled.

To clear the startup errors from memory, use the clear startup-config errors command.

Examples

The following is sample output from the show startup-config command:

hostname# show startup-config

: Saved

: Written by enable_15 at 01:44:55.598 UTC Thu Apr 17 2003

Version 7.X(X)

!

interface GigabitEthernet0/0

 nameif inside

 security-level 100

 ip address 209.165.200.224

 webvpn enable

!

interface GigabitEthernet0/1

 shutdown

 nameif test

 security-level 0

 ip address 209.165.200.225

!

...

!

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname firewall1

domain-name example.com

boot system disk0:/cdisk.bin

ftp mode passive

names

name 10.10.4.200 outside

access-list xyz extended permit ip host 192.168.0.4 host 209.165.200.226

!

ftp-map ftp_map

!

ftp-map inbound_ftp

 deny-request-cmd appe stor stou

!

...

Cryptochecksum:4edf97923899e712ed0da8c338e07e63

The following is sample output from the show startup-config errors command:

hostname# show startup-config errors

ERROR: 'Mac-addresses': invalid resource name

*** Output from config line 18, "limit-resource Mac-add..."

INFO: Admin context is required to get the interfaces

*** Output from config line 30, "arp timeout 14400"

Creating context 'admin'... WARNING: Invoked the stub function ibm_4gs3_context_

set_max_mgmt_sess

WARNING: Invoked the stub function ibm_4gs3_context_set_max_mgmt_sess

Done. (1)

*** Output from config line 33, "admin-context admin"

WARNING: VLAN *24* is not configured.

*** Output from config line 12, context 'admin', "nameif inside"

.....

*** Output from config line 37, "config-url disk:/admin..."

Related Commands

Command	Description
clear startup-config errors	Clears the startup errors from memory.
show running-config	Shows the running configuration.

show sunrpc-server active

To display the pinholes open for Sun RPC services, use the show sunrpc-server active command in privileged EXEC mode.

show sunrpc-server active

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	•	—

Command History

Release	Modification
7.0(1)	This command was introduced.

Usage Guidelines

Use the show sunrpc-server active command to display the pinholes open for Sun RPC services, such as NFS and NIS.

Examples

To display the pinholes open for Sun RPC services, enter the show sunrpc-server active command. The following is sample output from the show sunrpc-server active command:

hostname# show sunrpc-server active

        LOCAL           FOREIGN                 SERVICE TIMEOUT

        -----------------------------------------------

        192.168.100.2/0 209.165.200.5/32780     100005 00:10:00

Related Commands

Command	Description
clear configure sunrpc-server	Clears the Sun remote processor call services from the ASA.
clear sunrpc-server active	Clears the pinholes opened for Sun RPC services, such as NFS or NIS.
inspect sunrpc	Enables or disables Sun RPC application inspection and configures the port used.
show running-config sunrpc-server	Displays information about the SunRPC services configuration.

show switch mac-address-table

For models with a built-in switch, such as the ASA 5505 adaptive security appliance, use the show switch mac-address-table command in privileged EXEC mode to view the switch MAC address table.

show switch mac-address-table

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

This command is for models with built-in switches only. The switch MAC address table maintains the MAC address-to-switch port mapping for traffic within each VLAN in the switch hardware. If you are in transparent firewall mode, use the show mac-address-table command to view the bridge MAC address table in the ASA software. The bridge MAC address table maintains the MAC address-to-VLAN interface mapping for traffic that passes between VLANs.

MAC address entries age out in 5 minutes.

Examples

The following is sample output from the show switch mac-address-table command.

hostname# show switch mac-address-table

Legend: Age - entry expiration time in seconds

   Mac Address  | VLAN |       Type       | Age | Port

-------------------------------------------------------

 000e.0c4e.2aa4 | 0001 |     dynamic      | 287 | Et0/0

 0012.d927.fb03 | 0001 |     dynamic      | 287 | Et0/0

 0013.c4ca.8a8c | 0001 |     dynamic      | 287 | Et0/0

 00b0.6486.0c14 | 0001 |     dynamic      | 287 | Et0/0

 00d0.2bff.449f | 0001 |     static       |  -  | In0/1

 0100.5e00.000d | 0001 | static multicast |  -  | In0/1,Et0/0-7

Total Entries: 6

Table 58-4 shows each field description:

Table 58-4 show switch mac-address-table Fields

Field	Description
Mac Address	Shows the MAC address.
VLAN	Shows the VLAN associated with the MAC address.
Type	Shows if the MAC address was learned dynamically, as a static multicast address, or statically. The only static entry is for the internal backplane interface.
Age	Shows the age of a dynamic entry in the MAC address table.
Port	Shows the switch port through which the host with the MAC address can be reached.

Related Commands

Command	Description
show mac-address-table	Shows the MAC address table for models that do not have a built-in switch.
show switch vlan	Shows the VLAN and physical MAC address association.

show switch vlan

For models with a built-in switch, such as the ASA 5505 adaptive security appliance, use the show switch vlan command in privileged EXEC mode to view the VLANs and the associated switch ports.

show switch vlan

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
				Context	System
Privileged EXEC	•	•	•	—	—

Command History

Release	Modification
7.2(1)	This command was introduced.

Usage Guidelines

This command is for models with built-in switches only. For other models, use the show vlan command.

Examples

The following is sample output from the show switch vlan command.

hostname# show switch vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------

100  inside                           up        Et0/0, Et0/1

200  outside                          up        Et0/7

300  -                                down      Et0/1, Et0/2

400  backup                           down      Et0/3

Table 58-4 shows each field description:

Table 58-5 show switch vlan Fields 

Field	Description
VLAN	Shows the VLAN number.
Name	Shows the name of the VLAN interface. If no name is set using the nameif command, or if there is no interface vlan command, the display shows a dash (-).
Status	Shows the status, up or down, to receive and send traffic to and from the VLAN in the switch. At least one switch port in the VLAN needs to be in an up state for the VLAN state to be up.
Ports	Shows the switch ports assigned to each VLAN. If a switch port is listed for multiple VLANs, it is a trunk port. The above sample output shows Ethernet 0/1 is a trunk port that carries VLAN 100 and 300.

Related Commands

Command	Description
clear interface	Clears counters for the show interface command.
interface vlan	Creates a VLAN interface and enters interface configuration mode.
show interface	Displays the runtime status and statistics of interfaces.
show vlan	Shows the VLANs for models that do not have built-in switches.
switchport mode	Sets the mode of the switch port to access or trunk mode.