Tuesday, 5 February 2019

    CISCO SHOW COMMANDS (frequently used)

  • show running-config (sh run) --> Provides you the entire configuration of the device
  • show int ip brief --> Displays Interfaces, IP details and their status
  • ITSMYGALAXY# sh int ip brief
    Interface                  IP-Address      OK? Method Status                Protocol
    GigabitEthernet0/0         1.1.1.1         YES CONFIG up                    up  
    GigabitEthernet0/1         2.2.2.2         YES CONFIG up                    up  
    GigabitEthernet0/2         3.3.3.3         YES unset  up                    up  
    GigabitEthernet0/3         unassigned      YES unset  administratively down down
    Management0/0              unassigned      YES unset  administratively down down 
    
    ====
  • show interface stats or detail (sh run) --> Provides you the detailed information of each interface
  • show log --> Displays the syslog information
  • show nameif --> Displays Interfaces, names(inside,outside,VLAN,etc) and their security levels(In-100,out-0, dmz-60,etc)
  • show ip address --> Displays Interfaces,Names,IP add and Subnet mask
  • show version (sh ver) --> Displays ASA s/w ver,DM ver, sys image, uptime, hardware details, Interface MAC add, License features, Serial number
  • show flash --> Flash is actually the storage of image files, conf files, binary files, logs, etc.
  • show boot --> Provides you the BOOT variable and the order of Current BOOT variable configured
  • show failover --> If failover is on, output info tells whether this unit serves as primary or standby, which interface acts a FO interface, timer details, Device ver, Mate ver, Monitored Interfaces and stateful details
  • show access-list(ACL name) --> Output provides the configured ACL with line numbers and the hit counts for that line
  • show run access-group --> Displays ACL name which has been binded to the interface
  • show run global --> Shows how many global(network interface)(nat_id)IPs has been configured in the device(PAT IPs)
  • show run nat --> Shows how many nat(network interface)(nat_id) has been configured
  • show run static --> Shows how many static NATs been configured in the device
  • show conn --> Displays the connection in use and used with detailed info of protocol,interface, IP, idle_time, bytes and connection flags
  • show arp --> Shows ARP address list - IP address and MAC address with interface through which it learned
  • show xlate --> Displays the local IP and its Natted IP, ports and flags (global, PAT global, etc)
  • show xlate detail --> Displays the NAT and PAT information, flow of traffic from and to in detail
  • show route --> Displays the routing information
  • show clock --> Displays the system time and date
  • show cpu --> Displays CPU utilization for 5sec, 1min and 5mins
  • show isakmp sa or show crypto isakmp sa (with detail) --> Displays IKE runtime SA database (with additional information)
  • show run crypto isakmp --> Displays the complete ISAKMP configuration
  • show run crypto ipsec --> Displays the complete IPSec configuration
  • show run object-group id(object-group name) --> Displays objects that are inside the group(Works only in ASA)
  • show run object-group --> Displays the total object-groups available in the firewall
  • show object-group id(object-group name) --> Displays objects that are inside the group(Works only in PIX)
  • show names --> Displays the names to which it has been mapped

  • PACKET CAPTURE

    STEP-1
    Creating a access-list named "cap-in" for interface inside (Additionally if your requirement needs more access-lists, you can)

    access-list cap-in line 1 permit icmp host 184.154.88.26 host 65.60.45.190

    STEP-2
    Creating a capture named "mycap-in" and binding the above created access list to it.

    capture mycap-in access-list cap-in interface inside

    STEP-3
    To see the captured packets

    show capture mycap-in access-list cap-in (or) sh cap mycap-in

    Note: If you want to use the same ACL created in STEP-1 for capturing the packets in outside interface also , then create one more capture in STEP-2 named "mycap-out" and bind it to outside.

    VPN CONNECTION / TUNNEL RESET

  • show isakmp sa or show crypto isakmp sa (with detail) --> Displays IKE runtime SA database (with additional information)
  • show run crypto isakmp --> Displays the complete ISAKMP configuration
  • show crypto isakmp sa | i (peer ip) --> Displays the IKE peer ip if phase-1 is up
  • show run crypto ipsec --> Displays the complete IPSec configuration
  • show crypto ipsec sa peer (peer ip) --> Displays te IPSEC information with peer ip if phase-2 is up
  • show run crypto map --> Displays all configuration for all crypto maps
  • clear crypto isakmp sa --> Clears the IKE runtime SA database for all the peers
  • clear crypto isakmp sa (peer ip) --> Clears the IKE runtime SA database for that particular peer ip
  • clear crypto ipsec sa --> Clears the IPSEC runtime SA database for all the peers
  • clear crypto ipsec sa peer (peer ip) --> Clears the IPSEC runtime SA database for that particular peer ip
  • show vpn-sessiondb l2l --> Provides detailed information about the tunnel like when tunnel established, duration, bytes Tx, bytes Rx, etc

No comments:

Post a Comment