-
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command Reference, 4.0
-
About This Guide
-
Using the Command Line Interface
- A through B Commands
- C Commands
- D through F Commands
- G through I Commands
- J through L Commands
- M through O Commands
- P though R Commands
-
S Commands
-
same-security-traffic -- show asdm sessions
-
show asp drop -- show curpriv
-
show debug -- show ipv6 traffic
-
show isakmp sa -- show route
-
show running-config -- show running-config isakmp
-
show running-config logging -- show running-config vpn-sessiondb
-
show service-policy -- show xlate
-
shun -- sysopt uauth allow-http-cache
-
- T through Z Commands
-
Feedback
Table Of Contents
show service-policy through show xlate Commands
show service-policy inspect gtp
show url-block block statistics
show service-policy through show xlate Commands
show service-policy
To display the configured service policies, use the show service-policy command in global configuration mode.
show service-policy [global | interface intf] [inspect application_type [option] | set connection | flow protocol {host src_host | src_ip src_mask} [eq src_port] {host dest_host | dest_ip dest_mask} [eq dest_port] [icmp_number | icmp_control_message]]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration
•
•
•
•
—
Command History
Usage Guidelines
The flow keyword lets you determine, for any flow that you can describe, the policies that the FWSM would apply to that flow. You can use this to check that your service policy configuration will provide the services you want for specific connections. The arguments and keywords following the flow keyword specifies the flow in ip-5-tuple format with no object grouping.
Because the flow is described in ip-5-tuple format, not all match criteria are supported. Following are the list of match criteria that are supported for flow match:
•
•
•
The number of embryonic connections displayed in the show service-policy command output indicates the current number of embryonic connections to an interface for traffic matching that defined by the class-map command.
Note
hostname# show service-policyGlobal policy:Service-policy: 2Class-map: 2Set connection policy: conn-rate-limit 10current conn rate 0, drop 0This is because of a limitation in the network processor.
Examples
The following is sample output from the show service-policy global command:
hostname# show service-policy globalGlobal policy:Service-policy: global_policyClass-map: inspection_defaultInspect: dns maximum-length 512, packet 0, drop 0, reset-drop 0Inspect: ftp, packet 0, drop 0, reset-drop 0Inspect: h323 h225, packet 0, drop 0, reset-drop 0Inspect: h323 ras, packet 0, drop 0, reset-drop 0Inspect: netbios, packet 0, drop 0, reset-drop 0Inspect: rsh, packet 0, drop 0, reset-drop 0Inspect: skinny, packet 0, drop 0, reset-drop 0Inspect: sqlnet, packet 0, drop 0, reset-drop 0Inspect: sunrpc, packet 0, drop 0, reset-drop 0Inspect: tftp, packet 0, drop 0, reset-drop 0Inspect: sip, packet 0, drop 0, reset-drop 0Inspect: xdmcp, packet 0, drop 0, reset-drop 0The following is sample output from the show service-policy flow command:
hostname# show service-policy flow udp host 209.165.200.229 host 209.165.202.158 eq 5060Global policy:Service-policy: global_policyClass-map: inspection_defaultMatch: default-inspection-trafficAction:Input flow: inspect sipInterface outside:Service-policy: testClass-map: testMatch: access-list testAccess rule: permit ip 209.165.200.229 255.255.255.224 209.165.202.158 255.255.255.224Action:Input flow: set connection conn-max 10The following is sample output from the show service-policy inspect http command. This example shows the statistics of each match command in a match-any class map.
hostname# show service-policy inspect httpGlobal policy:Service-policy: global_policyClass-map: inspection_defaultInspect: http http, packet 1916, drop 0, reset-drop 0protocol violationspacket 0class http_any (match-any)Match: request method get, 638 packetsMatch: request method put, 10 packetsMatch: request method post, 0 packetsMatch: request method connect, 0 packetslog, packet 648Related Commands
show service-policy inspect gtp
To display the GTP configuration, use the show service-policy inspect gtp command in privileged EXEC mode.
show service-policy [interface int] inspect gtp {pdp-context [apn ap_name | detail | imsi IMSI_value | ms-addr IP_address | tid tunnel_ID | version version_num ] | pdpmcb | requests | statistics [gsn IP_address] }
Syntax Description
.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
You can use the vertical bar | to filter the display. Type | for more display filtering options.
The show pdp-context command displays PDP context-related information.
The Packet Data Protocol context is identified by the tunnel ID, which is a combination of IMSI and NSAPI. A GTP tunnel is defined by two associated PDP Contexts in different GSN nodes and is identified with a Tunnel ID. A GTP tunnel is necessary to forward packets between an external packet data network and a mobile station user.
The show gtp requests command displays current requests in the request queue.Examples
The following is sample output from the show gtp requests command:
hostname# show gtp requests0 in use, 0 most used, 200 maximum allowedYou can use the vertical bar | to filter the display, as in the following example:
hostname# show service-policy gtp statistics | grep gsnThis example shows the GTP statistics with the word gsn in the output.
The following command shows the statistics for GTP inspection:
hostname# show service-policy inspect gtp statisticsGPRS GTP Statistics:version_not_support | 0 | msg_too_short | 0unknown_msg | 0 | unexpected_sig_msg | 0unexpected_data_msg | 0 | ie_duplicated | 0mandatory_ie_missing | 0 | mandatory_ie_incorrect | 0optional_ie_incorrect | 0 | ie_unknown | 0ie_out_of_order | 0 | ie_unexpected | 0total_forwarded | 0 | total_dropped | 0signalling_msg_dropped | 0 | data_msg_dropped | 0signalling_msg_forwarded | 0 | data_msg_forwarded | 0total created_pdp | 0 | total deleted_pdp | 0total created_pdpmcb | 0 | total deleted_pdpmcb | 0pdp_non_existent | 0The following command displays information about the PDP contexts:
hostname# show service-policy inspect gtp pdp-context1 in use, 1 most used, timeout 0:00:00Version TID | MS Addr | SGSN Addr | Idle | APNv1 | 1234567890123425 | 1.1.1.1 | 11.0.0.2 0:00:13 gprs.cisco.com| user_name (IMSI): 214365870921435 | MS address: | 1.1.1.1| primary pdp: Y | nsapi: 2| sgsn_addr_signal: | 11.0.0.2 | sgsn_addr_data: | 11.0.0.2| ggsn_addr_signal: | 9.9.9.9 | ggsn_addr_data: | 9.9.9.9| sgsn control teid: | 0x000001d1 | sgsn data teid: | 0x000001d3| ggsn control teid: | 0x6306ffa0 | ggsn data teid: | 0x6305f9fc| seq_tpdu_up: | 0 | seq_tpdu_down: | 0| signal_sequence: | 0| upstream_signal_flow: | 0 | upstream_data_flow: | 0| downstream_signal_flow: | 0 | downstream_data_flow: | 0| RAupdate_flow: | 0Table 30-1 describes each column the output from the show service-policy inspect gtp pdp-context command.
Related Commands
show shun
To display shun information, use the show shun command in privileged EXEC mode.
show shun [src_ip | statistics]
Syntax Description
src_ip
(Optional) Displays the information for that address.
statistics
(Optional) Displays the interface counters only.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Examples
The following is sample output from the show shun command:
hostname# show shunshun (outside) 10.1.1.27 10.2.2.89 555 666 6shun (inside1) 10.1.1.27 10.2.2.89 555 666 6Related Commands
show sip
To display SIP sessions, use the show sip command in privileged EXEC mode.
show sip
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show sip command assists in troubleshooting SIP inspection engine issues and is described with the inspect protocol sip udp 5060 command. The show timeout sip command displays the timeout value of the designated protocol.
The show sip command displays information for SIP sessions established across the FWSM. Along with the debug sip and show local-host commands, this command is used for troubleshooting SIP inspection engine issues.
Note
Examples
The following is sample output from the show sip command:
hostname# show sipTotal: 2call-id c3943000-960ca-2e43-228f@10.130.56.44| state Call init, idle 0:00:01call-id c3943000-860ca-7e1f-11f7@10.130.56.45| state Active, idle 0:00:06This sample shows two active SIP sessions on the FWSM (as shown in the
Totalfield). Eachcall-idrepresents a call.The first session, with the
call-idc3943000-960ca-2e43-228f@10.130.56.44, is in the stateCall Init,which means the session is still in call setup. Call setup is complete only when the ACK is seen. This session has been idle for 1 second.The second session is in the state
Active, in which call setup is complete and the endpoints are exchanging media. This session has been idle for 6 seconds.Related Commands
show skinny
To troubleshoot SCCP (Skinny) inspection engine issues, use the show skinny command in privileged EXEC mode.
show skinny [audio | video]
Syntax Description
Defaults
If you do not use the audio or video keywords, output contains information for both audio and video, as applicable.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The show skinny command assists in troubleshooting SCCP (Skinny) inspection engine issues.
Examples
The following is sample output from the show skinny command under the following conditions. There are two active Skinny sessions set up across the FWSM. The first session is an audio session established between an internal Cisco IP Phone at local address 10.0.0.11 and an external Cisco CallManager at 172.18.1.33. TCP port 2000 is the CallManager. The second one is a video session established between another internal Cisco IP Phone at local address 10.0.0.22 and the same Cisco CallManager.
hostname# show skinnyLOCAL FOREIGN STATE---------------------------------------------------------------1 10.0.0.11/52238 172.18.1.33/2000 1AUDIO 10.0.0.11/22948 172.18.1.22/207982 10.0.0.22/52232 172.18.1.33/2000 1VIDEO 10.0.0.22/20798 172.18.1.11/22948The output indicates a call has been established between both internal Cisco IP Phones. The RTP listening ports of the first and second phones are UDP 22948 and 20798 respectively.
The following is the xlate information for these Skinny connections:
hostname# show xlate debug2 in use, 2 most usedFlags: D | DNS, d | dump, I | identity, i | inside, n | no random,| o | outside, r | portmap, s | staticNAT from inside:10.0.0.11 to outside:172.18.1.11 flags si idle 0:00:16 timeout 0:05:00NAT from inside:10.0.0.22 to outside:172.18.1.22 flags si idle 0:00:14 timeout 0:05:00If you use the video keyword, output is limited to information about video sessions, as shown in the following example:
hostname# show skinny videoLOCAL FOREIGN STATE---------------------------------------------------------------1 10.0.0.22/52232 172.18.1.33/2000 1VIDEO 10.0.0.22/20798 172.18.1.11/22948If you use the audio keyword, output is limited to information about audio sessions, as show in the following example:
hostname# show skinny audioLOCAL FOREIGN STATE---------------------------------------------------------------1 10.0.0.11/52238 172.18.1.33/2000 1AUDIO 10.0.0.11/22948 172.18.1.22/20798Related Commands
show snmp-server statistics
To display information about the SNMP server statistics, use the show snmp-server statistics command in privileged EXEC mode.
show snmp-server statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
·
·
·
·
Command History
Examples
This example shows how to display the SNMP server statistics:
hostname# show snmp-server statistics0 SNMP packets input0 Bad SNMP version errors0 Unknown community name0 Illegal operation for community name supplied0 Encoding errors0 Number of requested variables0 Number of altered variables0 Get-request PDUs0 Get-next PDUs0 Get-bulk PDUs0 Set-request PDUs (Not supported)0 SNMP packets output0 Too big errors (Maximum packet size 512)0 No such name errors0 Bad values errors0 General errors0 Response PDUs0 Trap PDUsRelated Commands
show ssh sessions
To display information about the active SSH session on the FWSM, use the show ssh sessions command in privileged EXEC mode.
show ssh sessions [ip_address]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
The SID is a unique number that identifies the SSH session. The Client IP is the IP address of the system running an SSH client. The Version is the protocol version number that the SSH client supports. If the SSH only supports SSH version 1, then the Version column displays 1.5. If the SSH client supports both SSH version 1 and SSH version 2, then the Version column displays 1.99. If the SSH client only supports SSH version 2, then the Version column displays 2.0. The Encryption column shows the type of encryption that the SSH client is using. The State column shows the progress that the client is making as it interacts with the FWSM. The Username column lists the login username that has been authenticated for the session.
Examples
The following example shows sample output from the show ssh sessions command:
hostname# show ssh sessionsSID Client IP Version Mode Encryption Hmac State Username0 172.69.39.39 1.99 IN aes128-cbc md5 SessionStarted patOUT aes128-cbc md5 SessionStarted pat1 172.23.56.236 1.5 - 3DES - SessionStarted pat2 172.69.39.29 1.99 IN 3des-cbc sha1 SessionStarted patOUT 3des-cbc sha1 SessionStarted patRelated Commands
ssh disconnect
Disconnects an active SSH session.
ssh timeout
Sets the timeout value for idle SSH sessions.
show startup-config
To show the startup configuration or to show any errors when the startup configuration loaded, use the show startup-config command in privileged EXEC mode.
show startup-config [errors]
Syntax Description
errors
(Optional) Shows any errors that were generated when the FWSM loaded the startup configuration.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
1 The errors keyword is only available in single mode and the system execution space,
Command History
Usage Guidelines
In multiple context mode, this command shows the startup configuration for your current execution space: the system configuration or the security context.
To clear the startup errors from memory, use the clear startup-config errors command.
Examples
The following is sample output from the show startup-config command:
hostname# show startup-config: Saved: Written by enable_15 at 01:44:55.598 UTC Thu Apr 17 2003Version 7.0(0)28!interface GigabitEthernet0/0nameif insidesecurity-level 100ip address 10.86.194.60 255.255.254.0webvpn enable!interface GigabitEthernet0/1shutdownnameif testsecurity-level 0ip address 10.10.4.200 255.255.0.0!...!enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptedhostname firewall1domain-name example.comboot system disk0:/cdisk.binftp mode passivenamesname 10.10.4.200 outsideaccess-list xyz extended permit ip host 192.168.0.4 host 150.150.0.3!ftp-map ftp_map!ftp-map inbound_ftpdeny-request-cmd appe stor stou!...Cryptochecksum:4edf97923899e712ed0da8c338e07e63The following is sample output from the show startup-config errors command:
hostname# show startup-config errorsERROR: 'Mac-addresses': invalid resource name*** Output from config line 18, " limit-resource Mac-add..."INFO: Admin context is required to get the interfaces*** Output from config line 30, "arp timeout 14400"Creating context 'admin'... WARNING: Invoked the stub function ibm_4gs3_context_set_max_mgmt_sessWARNING: Invoked the stub function ibm_4gs3_context_set_max_mgmt_sessDone. (1)*** Output from config line 33, "admin-context admin"WARNING: VLAN *24* is not configured.*** Output from config line 12, context 'admin', " nameif inside".....*** Output from config line 37, " config-url disk:/admin..."Related Commands
clear startup-config errors
Clears the startup errors from memory.
show running-config
Shows the running configuration.
show sunrpc-server active
To display the pinholes open for Sun RPC services, use the show sunrpc-server active command in privileged EXEC mode.
show sunrpc-server active
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
—
Command History
Usage Guidelines
Use the show sunrpc-server active command to display the pinholes open for Sun RPC services, such as NFS and NIS.
Examples
To display the pinholes open for Sun RPC services, enter the show sunrpc-server active command. The following is sample output from the show sunrpc-server active command:
hostname# show sunrpc-server activeLOCAL FOREIGN SERVICE TIMEOUT-----------------------------------------------192.168.100.2/0 209.165.200.5/32780 100005 00:10:00Related Commands
show tcpstat
To display the status of the FWSM TCP stack and the TCP connections that are terminated on the FWSM (for debugging), use the show tcpstat command in privileged EXEC mode. This command supports IPv4 and IPv6 addresses.
show tcpstat
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show tcpstat command lets you to display the status of the TCP stack and TCP connections that are terminated on the FWSM. The TCP statistics displayed are described in Table 28.
Examples
The following is sample output from the show tcpstat command:
hostname# show tcpstatCURRENT MAX TOTALtcb_cnt 2 12 320proxy_cnt 0 0 160tcp_xmt pkts = 540591tcp_rcv good pkts = 6583tcp_rcv drop pkts = 2tcp bad chksum = 0tcp user hash add = 2028tcp user hash add dup = 0tcp user srch hash hit = 316753tcp user srch hash miss = 6663tcp user hash delete = 2027tcp user hash delete miss = 0lip = 172.23.59.230 fip = 10.21.96.254 lp = 443 fp = 2567 st = 4 rexqlen = 0in0tw_timer = 0 to_timer = 179000 cl_timer = 0 per_timer = 0rt_timer = 0tries 0Related Commands
show tech-support
To display the information that is used for diagnosis by technical support analysts, use the show tech-support command in privileged EXEC mode.
show tech-support [detail | file | no-config]
Syntax Description
detail
(Optional) Lists detailed information.
file
(Optional) Writes the output of the command to a file.
no-config
(Optional) Excludes the output of the running configuration.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
—
•
Command History
Usage Guidelines
The show tech-support command lets you list information that technical support analysts need to help you diagnose problems. This command combines the output from the show commands that provide the most information to a technical support analyst.
Examples
The following example shows how to display information that is used for technical support analysis, excluding the output of the running configuration:
hostname# show tech-support no-configCisco XXX Firewall Version X.X(X)Cisco Device Manager Version X.X(X)Compiled on Fri 15-Apr-05 14:35 by rootXXX up 2 days 8 hoursHardware: XXX, 64 MB RAM, CPU Pentium 200 MHzFlash i28F640J5 @ 0x300, 16MBBIOS Flash AT29C257 @ 0xfffd8000, 32KB0: ethernet0: address is 0003.e300.73fd, irq 101: ethernet1: address is 0003.e300.73fe, irq 72: ethernet2: address is 00d0.b7c8.139e, irq 9Licensed Features:Failover: DisabledVPN-DES: EnabledVPN-3DES-AES: DisabledMaximum Interfaces: 3Cut-through Proxy: EnabledGuards: EnabledURL-filtering: EnabledInside Hosts: UnlimitedThroughput: UnlimitedIKE peers: UnlimitedThis XXX has a Restricted (R) license.Serial Number: 480430455 (0x1ca2c977)Running Activation Key: 0xc2e94182 0xc21d8206 0x15353200 0x633f6734Configuration last modified by enable_15 at 23:05:24.264 UTC Sat Nov 16 2002------------------ show clock ------------------00:08:14.911 UTC Sun Apr 17 2005------------------ show memory ------------------Free memory: 50708168 bytesUsed memory: 16400696 bytes------------- ----------------Total memory: 67108864 bytes------------------ show conn count ------------------0 in use, 0 most used------------------ show xlate count ------------------0 in use, 0 most used------------------ show blocks ------------------SIZE MAX LOW CNT4 1600 1600 160080 400 400 400256 500 499 5001550 1188 795 919------------------ show interface ------------------interface ethernet0 "outside" is up, line protocol is upHardware is i82559 ethernet, address is 0003.e300.73fdIP address 172.23.59.232, subnet mask 255.255.0.0MTU 1500 bytes, BW 10000 Kbit half duplex1267 packets input, 185042 bytes, 0 no bufferReceived 1248 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort20 packets output, 1352 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 9 deferred0 lost carrier, 0 no carrierinput queue (curr/max blocks): hardware (13/128) software (0/2)output queue (curr/max blocks): hardware (0/1) software (0/1)interface ethernet1 "inside" is up, line protocol is downHardware is i82559 ethernet, address is 0003.e300.73feIP address 10.1.1.1, subnet mask 255.255.255.0MTU 1500 bytes, BW 10000 Kbit half duplex0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort1 packets output, 60 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred1 lost carrier, 0 no carrierinput queue (curr/max blocks): hardware (128/128) software (0/0)output queue (curr/max blocks): hardware (0/1) software (0/1)interface ethernet2 "intf2" is administratively down, line protocol is downHardware is i82559 ethernet, address is 00d0.b7c8.139eIP address 127.0.0.1, subnet mask 255.255.255.255MTU 1500 bytes, BW 10000 Kbit half duplex0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrierinput queue (curr/max blocks): hardware (128/128) software (0/0)output queue (curr/max blocks): hardware (0/0) software (0/0)------------------ show cpu usage ------------------CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%------------------ show process ------------------PC SP STATE Runtime SBASE Stack ProcessHsi 001e3329 00763e7c 0053e5c8 0 00762ef4 3784/4096 arp_timerLsi 001e80e9 00807074 0053e5c8 0 008060fc 3832/4096 FragDBGCLwe 00117e3a 009dc2e4 00541d18 0 009db46c 3704/4096 dbgtraceLwe 003cee95 009de464 00537718 0 009dc51c 8008/8192 LoggerHwe 003d2d18 009e155c 005379c8 0 009df5e4 8008/8192 tcp_fastHwe 003d2c91 009e360c 005379c8 0 009e1694 8008/8192 tcp_slowLsi 002ec97d 00b1a464 0053e5c8 0 00b194dc 3928/4096 xlate cleanLsi 002ec88b 00b1b504 0053e5c8 0 00b1a58c 3888/4096 uxlate cleanMwe 002e3a17 00c8f8d4 0053e5c8 0 00c8d93c 7908/8192 tcp_intercept_timesLsi 00423dd5 00d3a22c 0053e5c8 0 00d392a4 3900/4096 route_processHsi 002d59fc 00d3b2bc 0053e5c8 0 00d3a354 3780/4096 XXX Garbage CollecrHwe 0020e301 00d5957c 0053e5c8 0 00d55614 16048/16384 isakmp_time_keeprLsi 002d377c 00d7292c 0053e5c8 0 00d719a4 3928/4096 perfmonHwe 0020bd07 00d9c12c 0050bb90 0 00d9b1c4 3944/4096 IPSecMwe 00205e25 00d9e1ec 0053e5c8 0 00d9c274 7860/8192 IPsec timer handlerHwe 003864e3 00db26bc 00557920 0 00db0764 6952/8192 qos_metric_daemonMwe 00255a65 00dc9244 0053e5c8 0 00dc8adc 1436/2048 IP BackgroundLwe 002e450e 00e7bb94 00552c30 0 00e7ad1c 3704/4096 XXX/traceLwe 002e471e 00e7cc44 00553368 0 00e7bdcc 3704/4096 XXX/tconsoleHwe 001e5368 00e7ed44 00730674 0 00e7ce9c 7228/8192 XXX/intf0Hwe 001e5368 00e80e14 007305d4 0 00e7ef6c 7228/8192 XXX/intf1Hwe 001e5368 00e82ee4 00730534 2470 00e8103c 4892/8192 XXX/intf2H* 0011d7f7 0009ff2c 0053e5b0 780 00e8511c 13004/16384 ci/consoleCsi 002dd8ab 00e8a124 0053e5c8 0 00e891cc 3396/4096 update_cpu_usageHwe 002cb4d1 00f2bfbc 0051e360 0 00f2a134 7692/8192 uauth_inHwe 003d17d1 00f2e0bc 00828cf0 0 00f2c1e4 7896/8192 uauth_threadHwe 003e71d4 00f2f20c 00537d20 0 00f2e294 3960/4096 udp_timerHsi 001db3ca 00f30fc4 0053e5c8 0 00f3004c 3784/4096 557mcfixCrd 001db37f 00f32084 0053ea40 121094970 00f310fc 3744/4096 557pollLsi 001db435 00f33124 0053e5c8 0 00f321ac 3700/4096 557timerHwe 001e5398 00f441dc 008121e0 0 00f43294 3912/4096 fover_ip0Cwe 001dcdad 00f4523c 00872b48 20 00f44344 3528/4096 ip/0:0Hwe 001e5398 00f4633c 008121bc 0 00f453f4 3532/4096 icmp0Hwe 001e5398 00f47404 00812198 0 00f464cc 3896/4096 udp_thread/0Hwe 001e5398 00f4849c 00812174 0 00f475a4 3832/4096 tcp_thread/0Hwe 001e5398 00f495bc 00812150 0 00f48674 3912/4096 fover_ip1Cwe 001dcdad 00f4a61c 008ea850 0 00f49724 3832/4096 ip/1:1Hwe 001e5398 00f4b71c 0081212c 0 00f4a7d4 3912/4096 icmp1Hwe 001e5398 00f4c7e4 00812108 0 00f4b8ac 3896/4096 udp_thread/1Hwe 001e5398 00f4d87c 008120e4 0 00f4c984 3832/4096 tcp_thread/1Hwe 001e5398 00f4e99c 008120c0 0 00f4da54 3912/4096 fover_ip2Cwe 001e542d 00f4fa6c 00730534 0 00f4eb04 3944/4096 ip/2:2Hwe 001e5398 00f50afc 0081209c 0 00f4fbb4 3912/4096 icmp2Hwe 001e5398 00f51bc4 00812078 0 00f50c8c 3896/4096 udp_thread/2Hwe 001e5398 00f52c5c 00812054 0 00f51d64 3832/4096 tcp_thread/2Hwe 003d1a65 00f78284 008140f8 0 00f77fdc 300/1024 listen/http1Mwe 0035cafa 00f7a63c 0053e5c8 0 00f786c4 7640/8192 Crypto CA------------------ show failover ------------------No license for Failover------------------ show traffic ------------------outside:received (in 205213.390 secs):1267 packets 185042 bytes0 pkts/sec 0 bytes/sectransmitted (in 205213.390 secs):20 packets 1352 bytes0 pkts/sec 0 bytes/secinside:received (in 205215.800 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sectransmitted (in 205215.800 secs):1 packets 60 bytes0 pkts/sec 0 bytes/secintf2:received (in 205215.810 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sectransmitted (in 205215.810 secs):0 packets 0 bytes0 pkts/sec 0 bytes/sec------------------ show perfmon ------------------PERFMON STATS: Current AverageXlates 0/s 0/sConnections 0/s 0/sTCP Conns 0/s 0/sUDP Conns 0/s 0/sURL Access 0/s 0/sURL Server Req 0/s 0/sTCP Fixup 0/s 0/sTCPIntercept 0/s 0/sHTTP Fixup 0/s 0/sFTP Fixup 0/s 0/sAAA Authen 0/s 0/sAAA Author 0/s 0/sAAA Account 0/s 0/sRelated Commands
show traffic
To display interface transmit and receive activity, as well as traffic that passes through the control plane, use the show traffic command in privileged EXEC mode. Packets that go through the control plane path include the control packets for protocols that require Layer 7 inspection as well as management traffic.
show traffic [detailed [type] | summary [type]]
Syntax Description
detailed
(Optional) Shows detailed traffic counters for the control plane.
summary
(Optional) Shows traffic summary counters for the control plane.
type
(Optional) Shows the counters for a traffic type. See "Usage Guidelines" for a list of traffic types.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
1.1(1)
This command was introduced.
3.1(1)
The summary and detailed keywords were added.
Usage Guidelines
The show traffic command (without any keywords) lists the number of packets and bytes moving through each interface since the last show traffic command was entered or since the FWSM came online. The number of seconds shown is the duration the FWSM has been online since the last reboot, unless the clear traffic command was entered since the last reboot. If this is the case, then the number of seconds shown is the duration since that command was entered.
For the summary and detailed keywords, this command shows the traffic that passes through the control plane, by packet type.
In multiple mode, the system shows cumulative values of all contexts, and the individual contexts show counters for that context only.
Table 30-3 lists the traffic types.
Examples
The following example shows output from the show traffic command:
hostname# show trafficinside:received (in 1557469.650 secs):157532 packets 13588525 bytes0 pkts/sec 0 bytes/sectransmitted (in 1557469.650 secs):157496 packets 13929928 bytes0 pkts/sec 0 bytes/secThe following example shows output from the show traffic summary command:
hostname# show traffic summary---------------------------------------------------------------------------Traffic Type Pkts-In Bytes-In Conn-Created Conn-Destroyed---------------------------------------------------------------------------url-filter 0 0 0 0dns 0 0 0 0activex 0 0 0 0java 0 0 0 0domain 0 0 0 0sftp 0 0 0 0ftp 0 0 0 0http 0 0 0 0h323-h225 0 0 0 0h323-ras 0 0 0 0ils 0 0 0 0sunrpc 0 0 0 0rpc 0 0 0 0rsh 0 0 0 0rtsp 0 0 0 0smtp 0 0 0 0sqlnet 0 0 0 0sip 0 0 0 0skinny 0 0 0 0sunrpc-udp 0 0 0 0rpc-udp 0 0 0 0xdmcp 0 0 0 0udp-sip 0 0 0 0netbios 0 0 0 0ctiqbe 0 0 0 0ftp-filter 0 0 0 0https-filter 0 0 0 0mgcp 0 0 0 0tftp 0 0 0 0snmp 0 0 0 0pptp 0 0 0 0gtp 0 0 0 0---------------------------------------------------------------------------The following example shows output from the show traffic detailed command:
hostname# show traffic detailedTraffic Class: url-filterpackets received 0bytes received 0connections created 0connections destroyed 0delete indications received 0garbage collection initiated connection closure 0connections destroyed due to flow handle reuse 0control channel create requests 0data channel create requests 0Traffic Class: dnspackets received 0bytes received 0connections created 0connections destroyed 0delete indications received 0garbage collection initiated connection closure 0connections destroyed due to flow handle reuse 0connections closure initiated from control plane 0control channel create requests 0data channel create requests 0....Related Commands
show uauth
To display one or all currently authenticated users (except for management sessions), the host IP to which they are bound, and any cached IP and port authorization information, use the show uauth command in privileged EXEC mode. This command does not show information about management sessions.
show uauth [username]
Syntax Description
username
(Optional) Specifies, by username, the user authentication and authorization information to display.
Defaults
Omitting username displays the authorization information for all users.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Usage Guidelines
The show uauth command displays the AAA authorization and authentication caches for one user or for all users.
\Each user host IP address has an authorization cache attached to it. The cache allows up to 16 address and service pairs for each user host. If the user attempts to access a service that has been cached from the correct host, the FWSM considers it preauthorized and immediately proxies the connection. Once you are authorized to access a website, for example, the authorization server is not contacted for each image as it is loaded (assuming the images come from the same IP address). This process significantly increases performance and reduces the load on the authorization server.
The output from the show uauth command displays the username that is provided to the authorization server for authentication and authorization purposes, the IP address to which the username is bound, and whether the user is authenticated only or has cached services.
Note
Use the timeout uauth command to specify how long the cache should be kept after the user connections become idle. Use the clear uauth command to delete all the authorization caches for all the users, which will cause them to have to reauthenticate the next time that they create a connection.
Examples
This example shows sample output from the show uauth command when no users are authenticated and one user authentication is in progress:
hostname(config)# show uauthCurrent Most SeenAuthenticated Users 0 0Authen In Progress 0 1This example shows sample output from the show uauth command when three users are authenticated and authorized to use services through the FWSM:
hostname(config)# show uauthuser `pat' from 209.165.201.2 authenticateduser `robin' from 209.165.201.4 authorized to:port 192.168.67.34/telnet 192.168.67.11/http 192.168.67.33/tcp/8001192.168.67.56/tcp/25 192.168.67.42/ftpuser `terry' from 209.165.201.7 authorized to:port 192.168.1.50/http 209.165.201.8/httpRelated Commands
clear uauth
Remove current user authentication and authorization information.
timeout
Set the maximum idle time duration.
show url-block block statistics
To display the number of packets held in the URL block buffer and the number (if any) dropped because the buffer limit or retransmission has been exceeded, use the show url-block block statistics command in privileged EXEC mode.
show url-block block statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show url-block block statistics command displays the number of packets held in the URL block buffer and the number (if any) dropped because the buffer limit or retransmission has been exceeded.
Examples
The following is sample output from the show url-block block statistics command:
hostname# show url-block block statisticsURL Pending Packet Buffer Stats with max block 128 |Cumulative number of packets held: | 896Maximum number of packets held (per URL): | 3Current number of packets held (global): | 38Packets dropped due to| exceeding url-block buffer limit: | 7546| HTTP server retransmission: | 10Number of packets released back to client: | 0Related Commands
show url-cache statistics
To display information about the url-cache, which is used for buffering URLs while waiting for responses from an N2H2 or Websense filtering server, use the show url-cache statistics command in privileged EXEC mode.
show url-cache statistics
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show url-cache statistics command displays the following entries:
•
•
•
•
•
You can view additional information about N2H2 Sentian or Websense filtering activity with the show perfmon command.
Examples
The following is sample output from the show url-cache statistics command:
hostname# show url-cache statisticsURL Filter Cache Stats----------------------| Size : 1KBEntries : 36In Use : 30Lookups : 300| Hits : 290Related Commands
show url-server
To display global and individual server information with the URL filtering server, use the show url-server statistics command in privileged EXEC mode.
show url-server [statistics]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
1 This command is not supported in the system context when the multiple-context mode is configured.
Command History
1.1(1)
This command was introduced.
3.1(1)
Added the statistics keyword.
3.2(1)
Changed the format of the CLI output.
Usage Guidelines
The show url-server statistics command displays the URL server vendor; the number of URLs total, allowed, and denied; the number of HTTPs connections total, allowed, and denied; the number of TCP connections total, allowed, and denied; and the URL server status.
Examples
The following is sample output from the show url-server statistics command:
hostname# show url-server statisticsGlobal Statistics:URLs total/allowed/denied 994387/155648/838739URLs allowed by cache/server 70483/85165URLS denied by cache/server 801920/36819HTTPs total/allowed/denied 994387/155648/838739HTTPs allowed by cache/server 70483/85165HTTPs denied by cache/server 801920/36819FTPs total/allowed/denied 994387/155648/838739FTPs allowed by cache/server 70483/85165FTPs denied by cache/server 801920/36819Requests dropped 28715Server timeouts/retries 567/1350Processed rate average 60s/300s 1524/1344 requests/secondDenied rate average 60s/300s 35648/33022 requests/secondDropped rate average 60s/300s 156/189 requests/secondURL Server Statistics:192.168.0.1 UPVendor websensePort 17035Requests total/allowed/denied 366519/255495/110457Server timeouts/retries 567/1350Responses received 365952Response time average 60s/300s 2/1 seconds/request192.168.0.2 DOWNVendor websensePort 17035Requests total/allowed/denied 0/0/0Server timeouts/retries 0/0Responses received 0Response time average 60s/300s 0/0 seconds/requestURL Packets Sent and Received Stats:Message Sent ReceivedSTATUS_REQUEST 411 0LOOKUP_REQUEST 366519 365952LOG_REQUEST 0 NAErrors:RFC noncompliant GET method 0URL buffer update failure 0Related Commands
show version
To display the software version, hardware configuration, license key, and related uptime data, use the show version command in user EXEC mode.
show version
Syntax Description
This command has no arguments or keywords.
Defaults
No default behaviors or values.
Command Modes
The following table shows the modes in which you can enter the command:
User EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show version command allows you to display the software version, operating time since the last reboot, processor type, Flash partition type, interface boards, serial number (BIOS ID), activation key value, license type (R or UR), and time stamp for when the configuration was last modified.
The serial number listed with the show version command is for the Flash partition BIOS. This number is different from the serial number on the chassis. When you get a software upgrade, you will need the serial number that appears in the show version command, not the chassis number.
Note
Examples
The following example shows how to display the software version, hardware configuration, license key, and related uptime information on a Cisco PIX 500 series FWSM:
hostname> show versionCisco PIX Firewall Version 7.0(1)PIX (7.0.1.0) #15: Tue XXX 17 14:03:28 EDT 2005pixfirewall up 5 days 21 hoursHardware: PIX-515, 96 MB RAM, CPU Pentium 200 MHzFlash i28F640J5 @ 0x300, 16MBBIOS Flash unknown @ 0x0, 0KB0: Ext: Ethernet0 : media index 0: irq 101: Ext: Ethernet1 : media index 1: irq 7License Features for this Platform:Maximum Physical Interfaces : 3Maximum VLANs : 10Inside Hosts : UnlimitedFailover : DisabledVPN-DES : EnabledVPN-3DES-AES : EnabledFailover standby only : DisabledCut-through Proxy : EnabledGuards : EnabledURL-filtering : EnabledSecurity Contexts : 0GTP/GPRS : DisabledVPN Peers : UnlimitedThis machine has a Restricted (R) license.Serial Number: 12345678Running Activation Key: 0xbd27f269 0xbc7ebd46 0x1c73e474 0xbb782818 0x071dd0a6Related CommandsConfiguration has not been modified since last system restart.
show hardware
Displays detail hardware information.
show serial
Displays the hardware serial information.
show uptime
Displays how long the FWSM has been up.
show vlan
To display the system VLANs, use the show vlan command in global configuration and privileged EXEC mode.
show vlan
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Global configuration and privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
When you use the show vlan command, only VLANs added by the switch are shown.
Examples
The following example displays the system VLANs:
hostname(config)# show vlan10-11, 30, 40, 300Related Commands
show vpn-sessiondb
To display information about VPN sessions, use the show vpn-sessiondb command in privileged EXEC mode. The command includes options for displaying information in full or in detail, lets you specify type of sessions to display, and provides options to filter and sort the information. The syntax table and usage notes organize the choices accordingly.
show vpn-sessiondb [detail] [full] {remote | l2l | index indexnumber | webvpn | email-proxy} [filter {name username | ipaddress IPaddr | a-ipaddress IPaddr | p-ipaddress IPaddr | tunnel-group groupname | protocol protocol-name | encryption encryption-algo}]
[sort {name | ipaddress | a-ipaddress | p-ip address | tunnel-group | protocol | encryption}]Syntax Description
s
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Usage Guidelines
You can use the following options to filter and to sort the session display:
The following example, entered in privileged EXEC mode, shows detailed information about LAN-to-LAN sessions:
hostname#show vpn-sessiondb detail l2lSession Type: LAN-to-LAN DetailedConnection : 172.16.0.1Index : 1 IP Addr : 172.16.0.1Protocol : IPSecLAN2LAN Encryption : AES256Bytes Tx : 48484156 Bytes Rx : 875049248Login Time : 09:32:03 est Mon Aug 2 2004Duration : 6:16:26Filter Name :IKE Sessions: 1 IPSec Sessions: 2IKE:Session ID : 1UDP Src Port : 500 UDP Dst Port : 500IKE Neg Mode : Main Auth Mode : preSharedKeysEncryption : AES256 Hashing : SHA1Rekey Int (T): 86400 Seconds Rekey Left(T): 63814 SecondsD/H Group : 5IPSec:Session ID : 2Local Addr : 10.0.0.0/255.255.255.0Remote Addr : 209.165.201.30/255.255.255.0Encryption : AES256 Hashing : SHA1Encapsulation: Tunnel PFS Group : 5Rekey Int (T): 28800 Seconds Rekey Left(T): 10903 SecondsBytes Tx : 46865224 Bytes Rx : 2639672Pkts Tx : 1635314 Pkts Rx : 37526IPSec:Session ID : 3Local Addr : 10.0.0.1/255.255.255.0Remote Addr : 209.165.201.30/255.255.255.0Encryption : AES256 Hashing : SHA1Encapsulation: Tunnel PFS Group : 5Rekey Int (T): 28800 Seconds Rekey Left(T): 6282 SecondsBytes Tx : 1619268 Bytes Rx : 872409912Pkts Tx : 19277 Pkts Rx : 1596809hostname#Related Commands
show vpn-sessiondb ratio
To display the ratio of current sessions as a percentage by protocol or encryption algorithm, use the show vpn-sessiondb ratio command in privileged EXEC mode.
show vpn-sessiondb ratio {protocol | encryption} [filter groupname]
Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Examples
The following is sample output for the show vpn-sessiondb ratio command, with encryption as the argument:
hostname# show vpn-sessiondb ratio encFilter Group : AllTotal Active Sessions: 5Cumulative Sessions : 9Encryption Sessions Percentnone 0 0%DES 1 20%3DES 0 0%AES128 4 80%AES192 0 0%AES256 0 0%The following is sample output for the show vpn-sessiondb ratio command with protocol as the argument:
hostname# show vpn-sessiondb ratio protocolFilter Group : AllTotal Active Sessions: 6Cumulative Sessions : 10Protocol Sessions PercentIKE 0 0%IPSec 1 20%IPSecLAN2LAN 0 0%IPSecLAN2LANOverNatT 0 0%IPSecOverNatT 0 0%IPSecOverTCP 1 20%IPSecOverUDP 0 0%userHTTPS 0 0%IMAP4S 3 30%POP3S 0 0%SMTPS 3 30%Related Commands
show vpn-sessiondb summary
To display the a summary of current VPN sessions, use the show vpn-sessiondb summary command in privileged EXEC mode. The session summary includes total current sessions, current sessions of each type, peak and total cumulative sessions, and maximum concurrent sessions.
show vpn-sessiondb summary
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
—
—
•
Command History
Examples
The following is sample output for the show vpn-sessiondb summary command:
hostname# show vpn-sessiondb summary
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errorsRelated Commands
show xlate
To display information about the translation slots, use the show xlate command in privileged EXEC mode.
show xlate [global ip1[-ip2] [netmask mask]] [local ip1[-ip2] [netmask mask]]
[gport port1[-port2]] [lport port1[-port2]] [interface if_name] [state state] [debug] [detail] [count]Syntax Description
Defaults
No default behavior or values.
Command Modes
The following table shows the modes in which you can enter the command:
Privileged EXEC
•
•
•
•
•
Command History
Usage Guidelines
The show xlate command displays the contents of the translation slots. The show xlate detail command displays the following information:
•
•
The translation flags are defined in Table 29.
Note
Examples
The following is sample output from the show xlate command. It shows how translation slot information with three active PATs.
hostname# show xlate3 in use, 3 most usedPAT Global 192.150.49.1(0) Local 10.1.1.15 ICMP id 340PAT Global 192.150.49.1(1024) Local 10.1.1.15(1028)PAT Global 192.150.49.1(1024) Local 10.1.1.15(516)The following is sample output from the show xlate detail command.It shows the translation type and interface information with three active PATs.
The first entry is a TCP PAT for host port (10.1.1.15, 1025) on the inside network to host-port (192.150.49.1, 1024) on the outside network. The r flag indicates that the translation is a PAT. The i flag indicates that the translation applies to the inside address port.
The second entry is a UDP PAT for host port (10.1.1.15, 1028) on the inside network to host port (192.150.49.1, 1024) on the outside network. The r flag indicates that the translation is a PAT. The i flag indicates that the translation applies to the inside address port.
The third entry is an ICMP PAT for host-ICMP-id (10.1.1.15, 21505) on the inside network to host-ICMP-id (192.150.49.1, 0) on the outside network. The r flag indicates that the translation is a PAT. The i flag indicates that the translation applies to the inside address ICMP ID.
The inside address fields appear as source addresses on packets traversing from the more secure interface to the less secure interface. They appear as destination addresses on packets traversing from the less secure interface to the more secure interface.
hostname# show xlate detail3 in use, 3 most usedFlags: D - DNS, d - dump, I - identity, i - inside, n - no random,r - portmap, s - staticTCP PAT from inside:10.1.1.15/1026 to outside:192.150.49.1/1024 flags riUDP PAT from inside:10.1.1.15/1028 to outside:192.150.49.1/1024 flags riICMP PAT from inside:10.1.1.15/21505 to outside:192.150.49.1/0 flags riThe following is sample output from the show xlate command. It shows two static translations. The first translation has one associated connection (called "nconns"), and the second translation has four associated connections.
hostname# show xlateGlobal 209.165.201.10 Local 209.165.201.10 static nconns 1 econns 0Global 209.165.201.30 Local 209.165.201.30 static nconns 4 econns 0The following sample output from the show xlate detail command shows xlate bypass disabled (using the no xlate bypass command). The bolded display output shows that all 16 connections require identity NAT xlates even though NAT is not explicitly configured for any of the connections.
hostname# show xlate detailFlags: D - DNS, d - dump, I - identity, i - inside, n - no random,o - outside, r - portmap, s - static16 in use, 16 most usedNAT from inside:10.1.1.11 to outside:10.1.1.11 flags IiNAT from inside:10.1.1.12 to outside:10.1.1.12 flags IiNAT from inside:10.1.1.13 to outside:10.1.1.13 flags IiNAT from inside:10.1.1.14 to outside:10.1.1.14 flags IiNAT from inside:10.1.1.15 to outside:10.1.1.15 flags Ii...NAT from inside:10.1.1.25 to outside:10.1.1.25 flags IiNAT from inside:10.1.1.26 to outside:10.1.1.26 flags Ii.The following sample output from the show xlate detail command shows xlate bypass enabled (using the xlate bypass command). The bolded display output shows that of the 16 connections active, none require xlates.
hostname# show xlate detailFlags: D - DNS, d - dump, I - identity, i - inside, n - no random,o - outside, r - portmap, s - static0 in use, 16 most usedThe following sample output from the show xlate detail command shows xlate bypass enabled (using the xlate bypass command), but includes a static identity NAT configuration, which does require an xlate.
hostname(config)# static (inside,outside) 10.1.1.20 10.1.1.20 netmask 255.255.255.255hostname(config)# show xlate detailFlags: D - DNS, d - dump, I - identity, i - inside, n - no random,o - outside, r - portmap, s - static1 in use, 16 most usedNAT from inside:10.1.1.20 to outside:10.1.1.20 flags IsiRelated Commands
