show cshow captureTo display the capture configuration when no options are specified, use the show capture command. Show
show capture [ capture_name] [ access-listaccess_list_name] [ countnumber] [ decode] [ detail] [ dump] [ packet-numbernumber] [ trace] Syntax Description
Command History
Usage GuidelinesIf you specify the capture name, then the capture buffer contents for that capture are displayed. The dump keyword does not display MAC information in the hexadecimal dump. The decoded output of the packets depend on the protocol of the packet. In the following table, the bracketed output is displayed when you specify the detail keyword. Table 1. Packet Capture Output Formats
If the threat defense device receives packets with an incorrectly formatted TCP header and drops them because of the ASP drop reason invalid-tcp-hdr-length, the show capture command output on the interface where those packets are received does not show those packets.
ExamplesThis example shows how to display the capture configuration:
This example shows how to display the packets that are captured by an ARP capture:
The following example shows how to display the packets that are captured on a single unit in a clustering environment:
The following example shows how to display the packets that are captured on all units in a clustering environment:
The following example shows the packets that are captured when SGT plus Ethernet tagging has been enabled on an interface:
When SGT plus Ethernet tagging has been enabled on an interface, the interface can still receive tagged or untagged packets. The example shown is for tagged packets, which have INLINE-TAG 36 in the output. When the same interface receives untagged packets, the output remains unchanged (that is, no “INLINE-TAG 36” entry is included in the output). Related Commands
show cert-updateTo display the status of automatic updation of CA certificates on the threat defense device, use the show cert-update command. show cert-update Command History
ExamplesThe following is sample output from the show cert-update command:
Related Commands
show checkheapsTo show the checkheaps statistics, use the show checkheaps command. Checkheaps is a periodic process that verifies the sanity of the heap memory buffers (dynamic memory is allocated from the system heap memory region) and the integrity of the code region. show checkheaps Command History
ExamplesThe following is sample output from the show checkheaps command:
show checksumTo display the configuration checksum, use the show checksum command. show checksum Command History
Usage GuidelinesThe show checksum command allows you to display four groups of hexadecimal numbers that act as a digital summary of the configuration contents. This checksum is calculated only when you store the configuration in flash memory. If a dot (“.”) appears before the checksum in the show running-config or show checksum command output, the output indicates a normal configuration load or write mode indicator (when loading from or writing to the threat defense flash partition). The “.” shows that the threat defense device is preoccupied with the operation but is not “hung up.” This message is similar to a “system processing, please wait” message. ExamplesThis example shows how to display the configuration or the checksum:
show chunkstatTo display the chunk statistics, use the show chunkstat command. show chunkstat Command History
ExamplesThis example shows how to display the chunk statistics:
Related Commands
show clnsTo show Connectionless-mode Network Service (CLNS) information for IS-IS, use the show clns command. show clns { filter-set [ name] | interface [ interface_name] | is-neighbors [ interface_name [ detail] | neighbors [ areas] [ interface_name] [ detail] | protocol [ domain] | traffic} Syntax Description
Command History
ExamplesThe following example shows the CLNS filter sets defined in the running configuration, and displays them using the show clns filter-set command.
The following is sample output from the show clns interface command. The information under "Routing Protocol: IS-IS" displays information pertaining to Intermediate System-to-Intermediate System (IS-IS), including the Level 1 and Level 2 metrics, priorities, circuit IDs, and number of active Level 1 and Level 2 adjacencies.
The following is sample output from the show clns neighbors command.
The following table explains the fields in the neighbors output. Table 2. Fields in the Neighbors Output
The following is sample output from the show clns neighbors detail command.
The following is sample output from the show clns is-neighbors command.
The following table explains the columns in the is-neighbors output. Table 3. Fields in the IS Neighbors Output
The following is sample output from the show clns is-neighbors detail command.
The following is sample output from the show clns protocol command.
The following is sample output from the show clns traffic command.
The following table explains the fields in the traffic output. Table 4. Fields in the Traffic Output
Related Commands
show clusterTo view aggregated data for the entire cluster or other information, use the show cluster command. show cluster { access-list [ acl_name ] | conn [ count ] | cpu [ usage ] | interface-mode | memory | resource usage | rule hits [ raw ] | service-policy | traffic | xlate count } Syntax Description
Command History
ExamplesThe following is sample output from the show cluster access-list command:
To display the aggregated count of in-use connections for all units, enter:
Related Commands
show cluster historyTo view event history for the cluster, use the show cluster history command in privileged EXEC mode. show cluster history [ brief ] [ latest [ number ] ] [ reverse ] [ time [ year month day ] hh : mm : ss ] Syntax Description
Command DefaultNo default behavior or values. Command History
Usage GuidelinesExamplesThe following is sample output from the show cluster history time command:
The following is sample output from the show cluster history brief command:
The following is sample output from the show cluster history latest command:
Related Commands
show cluster infoTo view cluster information, use the show cluster info command. show cluster info [ auto-join | clients | conn-distribution | flow-mobility counters | goid [ options ] | health | incompatible-config | instance-type | loadbalance | old-members | packet-distribution | trace [ options ] | transport { asp | cp }] Syntax Description
Command History
Usage GuidelinesIf you do not specify any options, the show cluster info command shows general cluster information including the cluster name and status, the cluster members, the member states, and so on. Clear statistics using the clear cluster info command. ExamplesThe following is sample output from the show cluster info command:
The following is sample output from the show cluster info command when using multi-instance clustering:
The following is sample output from the show cluster info instance-type command when using multi-instance clustering:
The following is sample output from the show cluster info incompatible-config command:
The following is sample output from the show cluster info trace command:
The following is sample output from the show cluster info flow-mobility counters command:
See the following outputs for the show cluster info auto-join command:
Related Commands
show cluster rule hitsTo display rule hit information for all evaluated rules of access control policies and prefilter policies, from all nodes of a cluster in an aggregated format, use the show cluster rule hits command. show cluster rule hits [ raw] Syntax Description
Command DefaultDisplays rule hit information for all the rules from all nodes of a cluster. Command History
Usage GuidelinesThe rule hit information covers only the access control rules and prefilter rules. ExamplesThe following example displays rule hit information from each node of a cluster in a segregated format:
Related Commands
show community-listTo display routes that are permitted by a specific community list, use the show community-list command. show community-list [ community_list_name] Syntax Description
Command History
ExamplesThe following is sample output from the show community-list command:
show connTo display the connection state for the designated connection type, use the show conn command. This command supports IPv4 and IPv6 addresses. show conn [ vrf { name | global }] [ count | [ all ] [ detail ] [ data-rate-filter { lt | eq | gt } value }] ] [ long ] [ state state_type ] [ flow-rule ] [ inline-set ] [ protocol { tcp | udp | sctp }] [ address src_ip [- src_ip ] [ netmask mask ]] [ port src_port [- src_port ]] [ address dest_ip [- dest_ip ] [ netmask mask ]] [ port dest_port [- dest_port ]] [ state state_type ] [ zone [ zone_name ]] [ data-rate ] Syntax Description
Command DefaultAll through connections are shown by default. You need to use the all keyword to also view management connections to the device. Command History
Usage GuidelinesThe show conn command displays the number of active TCP and UDP connections, and provides information about connections of various types. Use the show conn all command to see the entire table of connections. You can use this command to find the live connections that are being rate limited by a specific QoS rule ID.
The connection types that you can specify using the show conn state command are defined in the following table. When specifying multiple connection types, use commas without spaces to separate the keywords. The following example displays information about RPC, H.323, and SIP connections in the Up state:
Table 5. Connection State Types
When you use the detail option, the system displays information about the translation type and interface information using the connection flags defined in the following table. Table 6. Connection Flags
A single connection is created for multiple DNS sessions, as long as they are between the same two hosts, and the sessions have the same 5-tuple (source/destination IP address, source/destination port, and protocol). DNS identification is tracked by app_id, and the idle timer for each app_id runs independently. Because the app_id expires independently, a legitimate DNS response can only pass through the threat defense device within a limited period of time and there is no resource build-up. However, when you enter the show conn command, you will see the idle timer of a DNS connection being reset by a new DNS session. This is due to the nature of the shared DNS connection and is by design.
If a LAN-to-LAN/Network-Extension Mode tunnel drops and does not come back, there might be a number of orphaned tunnel flows. These flows are not torn down as a result of the tunnel going down, but all the data attempting to flow through them is dropped. The show conn command output shows these orphaned flows with the V flag. When you use the count option in Versions 6.2.0.2, and 6.2.3 or later, the system displays information about the number of connections using the statuses defined in the following table. Table 7. Connection Status
Use the data-rate keyword to view the current state of the connection data rate tracking feature—enabled or disabled. Use the data-rate filter keyword to filter the connections based on the data-rate value in bytes per second. Use the relational operators (lesser than, equal to, or greater than) to filter the connections data. The output displays the active connections along with two data rate values—instantaneous one-second and maximum data rate, for both forward and reverse flows. ExamplesThe following is sample output from the show conn command. This example shows a TCP session connection from inside host 10.1.1.15 to the outside Telnet server at 10.10.49.10. Because there is no B flag, the connection is initiated from the inside. The “U”, “I”, and “O” flags denote that the connection is active and has received inbound and outbound data.
The following is sample output from the show conn count command:
The following is sample output from the show conn detail command. This example shows a UDP connection from outside host 10.10.49.10 to inside host 10.1.1.15. The D flag denotes that this is a DNS connection. The number 1028 is the DNS ID over the connection.
The following is sample output from the show conn command when an orphan flow exists, as indicated by the V flag:
To limit the report to those connections that have orphan flows, add the vpn_orphan option to the show conn state command, as in the following example:
For clustering, to troubleshoot the connection flow, first see connections on all units by entering the cluster exec show conn command on the master unit. Look for flows that have the following flags: director (Y), backup (y), and forwarder (z). The following example shows an SSH connection from 172.18.124.187:22 to 192.168.103.131:44727 on all three devices; threat defense1 has the z flag showing it is a forwarder for the connection, threat defense3 has the Y flag showing it is the director for the connection, and threat defense2 has no special flags showing it is the owner. In the outbound direction, the packets for this connection enter the inside interface on threat defense2 and exit the outside interface. In the inbound direction, the packets for this connection enter the outside interface on threat defense1 and threat defense3, are forwarded over the cluster control link to threat defense2, and then exit the inside interface on threat defense2.
The output of show conn detail on threat defense2 shows that the most recent forwarder was threat defense1:
When you use the detail keyword, you can see information about Dead Connection Detection (DCD) probing, which shows how often the connection was probed by the initiator and responder. For example, the connection details for a DCD-enabled connection would look like the following:
The following example shows how to view the status of connection data-rate tracking feature:
The following example shows how to filter the connection based on a specified data-rate:
Following example is the output of show conn and show conn detail with the B flag. The B flag indicates that the TCP flow is used to obtain the TLS1.3 server certificate. When a request for TLS 1.3 certificate is obtained from the client to threat defense connection, another connection is established between the TLS 1.3 server and the threat defense. Thus, one connection is established between the threat defense and the client; another connection is established between the TLS 1.3 server and the threat defense.
The following is sample output from the show conn detail command. This example shows N4, indicating that the snort inspection was bypassed for the Elephant Flow.
This example shows N5 in the output to indicate dynamic rate limit policy (10% reduction) was applied on the Elephant Flow.
Related Commands
show console-outputTo display the currently captured console output, use the show console-output command. show console-output Command History
ExamplesThe following is sample output from the show console-output command.
show coredumpTo display the setting of packet-engine coredump generation, enter the show coredump command. show coredump Command History
Usage GuidelinesPacket-engine coredump generation is enabled by default. This command is only available on the Firepower 2100 series. When you run this command on an unsupported platform, the system returns the following message:
ExamplesThe following example shows that packet-engine coredump generation is enabled.
Related Commands
show countersTo display the protocol stack counters, use the show counters command. show counters [ all | summary | topN] [ description] [ detail] [ protocolprotocol_name [: counter_name]] [ thresholdN] Syntax Description
Command DefaultThe default is show counters summary detail threshold 1. Command History
ExamplesThe following example shows how to display the default information.
show cpuTo display the CPU utilization information, use the show cpu command. show cpu [ detailed | external | profile [ dump] | system [ processor_num]] show cpu core [ all | core_id] show cpu usage [ detailed | core [ all | core_id] ] Syntax Description
Command History
Usage GuidelinesThe CPU usage is computed using an approximation of the load every five seconds, and by further feeding this approximation into two, following moving averages. You can use the show cpu profile dump command in conjunction with the cpu profile activate command to collect information for TAC use in troubleshooting CPU issues. The show cpu profile dump command output is in hexadecimal format. For the detailed and core views, it is not unusual to see a core with zero usage when overall CPU usage is low. For the threat defense virtual, the show cpu command also shows whether the number of CPUs allotted to the VM is within the allowed limit based on the vCPU platform license limit. The status can be Compliant, Noncompliant: Over-provisioned, or Noncompliant: Under-provisioned. This information might not be accurate. ExamplesThe following example shows how to display the CPU utilization:
The following example shows how to display detailed CPU utilization information:
The following example shows how to display system-level CPU usage. Note the “(2 CPU)” indication in the first line. This is the number of processors on this device.
The following table explains the fields in the show cpu system output. Table 8. Show CPU System Fields
The following example activates the profiler and instructs it to store 1000 samples, the default. Next, the show cpu profile command shows that the profiling is in progress. After waiting some time, the next show cpu profile command shows that profiling has completed. Finally, we use the show cpu profile dump command to get the results. Copy the output and provide it to Cisco Technical Support. You might need to log your SSH session to get the full output.
Related Commands
show crashinfoTo display the contents of the crash file stored in Flash memory, enter the show crashinfo command. show crashinfo [ console | modulenumber | save | webvpn [ detailed]] Syntax Description
Command History
Usage GuidelinesIf the crash file is from a test crash (generated from the crashinfo test command), the first string of the crash file is “: Saved_Test_Crash” and the last string is “: End_Test_Crash”. If the crash file is from a real crash, the first string of the crash file is “: Saved_Crash” and the last string is “: End_Crash”. (This includes crashes from use of the crashinfo force page-fault or crashinfo force watchdog commands). Compliance with FIPS 140-2 prohibits the distribution of Critical Security Parameters (keys, passwords, etc.) outside of the crypto boundary (chassis). When the device crashes, due to an assert or checkheaps failure, it is possible that the stack or memory regions dumped to the console contain sensitive data. This output must be suppressed in FIPS-mode. ExamplesThe following example shows that there are no crashinfo information.
The following example shows how to display the current crash information configuration:
The following example shows the status of crashinfo console output.
The following example shows the output for a crash file test. This test does not actually crash the threat defense device. It provides a simulated example file.
Related Commands
show crypto accelerator load-balanceTo display the accelerator-specific load-balancing information from the hardware crypto accelerator MIB, use the show crypto accelerator load-balance command. show crypto accelerator load-balance [ ipsec | ssl | detail [ ipsec | ssl]] Syntax Description
Command History
ExamplesThe following example shows global crypto accelerator load balancing statistics:
Related Commands
show crypto accelerator statisticsTo display the global and accelerator-specific statistics from the hardware crypto accelerator MIB, use the show crypto accelerator statistics command. show crypto accelerator statistics Command History
Usage GuidelinesThe output statistics are defined as follows: Accelerator 0 shows statistics for the software-based crypto engine. Accelerator 1 shows statistics for the hardware-based crypto engine. RSA statistics show RSA operations for 2048-bit keys, which are executed in software by default. This means that when you have a 2048-bit key, IKE/SSL VPN performs RSA operations in software during the IPsec/SSL negotiation phase. Actual IPsec/SSL traffic is still processed using hardware. This may cause high CPU if there are many simultaneous sessions starting at the same time, which may result in multiple RSA key operations and high CPU. If you run into a high CPU condition because of this, then you should use a 1024-bit key to process RSA key operations in hardware. To do so, you must reenroll the identity certificate. In releases 8.3(2) or later, you can also use the crypto engine large-mod-accel command on the 5510-5550 platforms to perform these operations in hardware. If you are using a 2048-bit RSA key and the RSA processing is performed in software, you can use CPU profiling to determine which functions are causing high CPU usage. Generally, the bn_* and BN_* functions are math operations on the large data sets used for RSA, and are the most useful when examining CPU usage during an RSA operation in software. For example:
Diffie-Hellman statistics show that any crypto operation with a modulus size greater than 1024 is performed in software (for example, DH5 (Diffie-Hellman group 5 uses 1536)). If so, a 2048-bit key certificate will be processed in software, which can result in high CPU usage when a lot of sessions are running. DSA statistics show key generation in two phases. The first phase is a choice of algorithm parameters, which may be shared between different users of the system. The second phase computes private and public keys for a single user. SSL statistics show records for the processor-intensive public key encryption algorithms involved in SSL transactions to the hardware crypto accelerator. RNG statistics show records for a sender and receiver, which can generate the same set of random numbers automatically to use as keys. ExamplesThe following example shows global crypto accelerator statistics:
The following table explains the output.
On platforms that support IPsec flow offload, the output shows the statistics for offloaded flows while the global counters show the total of all offloaded and non-offloaded flows for all accelerator engines on the device.
Related Commands
show crypto accelerator usageThis command allows you to view TLS crypto acceleration core usage and average utilization across all cores. This command is not available on all hardware platforms. For guidelines and limitations of TLS crypto acceleration, see the Management Center Configuration Guide. show crypto accelerator usage [ detail ] Syntax Description
Command History
Usage GuidelinesDisplays the core usage on each core and the average utlization of each core. Depending on your hardware model, the command might not be available and might display different statistics. ExamplesFollowing is an example of viewing the core usage of TLS crypto acceleration:
Following is an example of viewing detailed usage information:
show crypto ca certificatesTo display the certificates associated with a specific trustpoint or to display all the certificates installed on the system, use the show crypto ca certificates command. show crypto ca certificates [ trustpointname] Syntax Description
Command History
ExamplesThe following is sample output from the show crypto ca certificates command:
show crypto ca crlsTo display all cached certificate revocation lists (CRLs) or to display all CRLs cached for a specified trustpoint, use the show crypto ca crl command. show crypto ca crls [ trustpool | trustpointtrustpointname] Syntax Description
Command History
ExamplesThe following is sample output from the show crypto ca crl command:
show crypto ca trustpointsTo display the CA trustpoints, use the show crypto ca trustpoints command. show crypto ca trustpoints [ trustpoint_name] Syntax Description
Command DefaultIf you do not specify a trustpoint, all trustpoints are shown. Command History
ExamplesThe following example shows how to display the CA trustpoints.
show crypto ca trustpoolTo display the certificates that constitute the trustpool, use the show crypto ca trustpool command. show crypto ca trustpool [ detail | policy] Syntax Description
Command DefaultThis command shows an abbreviated display of all the trustpool certificates. When the detail option is specified, more information is included. Command History
Usage GuidelinesThe output of the show crypto ca trustpool command includes the fingerprint value of each certificate. These values are required for removal operation. ExamplesThe following example shows how to display the certificates in the trustpool.
The following example shows how to display the trustpool policy.
Related Commands
show crypto debug-conditionTo display the currently configured filters, the unmatched states, and the error states for IPsec and ISAKMP debugging messages, use the show crypto debug-condition command. show crypto debug-condition Command History
ExamplesThe following example shows the filtering conditions:
Related Commands
show crypto ikev1To display the information about Internet Key Exchange version 1 (IKEv1), use the show crypto ikev1 command. show crypto ikev1 { ipsec-over-tcp | sa [ detail] | stats} Syntax Description
Command History
ExamplesThe following example displays detailed information about the SA database. If you do not include the detail keyword, only the IKE Peer, Type, Dir, Rky, and State columns are shown.
The following example displays the IPsec over TCP data:
The following example displays the Global IKEv1 statistics:
Related Commands
show crypto ikev2To display the information about Internet Key Exchange version 2 (IKEv2), use the show crypto ikev2 command. show crypto ikev2 { sa [ detail] | stats} Syntax Description
Command History
ExamplesThe following example displays detailed information about the SA database:
The following example displays the IKEv2 statistics:
Related Commands
show crypto ipsec df-bitTo display the IPsec do-not-fragment (DF-bit) policy for IPsec packets for a specified interface, use the show crypto ipsec df-bit command. You can also use the command synonym show ipsec df-bit. show crypto ipsec df-bitinterface Syntax Description
Command History
Usage GuidelinesThe df-bit setting determines how the system handles the do-not-fragment (DF) bit in the encapsulated header. The DF bit within the IP header determines whether or not a device is allowed to fragment a packet. Based on this setting, the system either clears, sets, or copies the DF-bit setting of the clear-text packet to the outer IPsec header when applying encryption. ExamplesThe following example displays the IPsec DF-bit policy for interface named inside:
Related Commands
show crypto ipsec fragmentationTo display the fragmentation policy for IPsec packets, use the show crypto ipsec fragmentation command. You can also use the command synonym show ipsec fragmentation. show crypto ipsec fragmentationinterface Syntax Description
Command History
Usage GuidelinesWhen encrypting packets for a VPN, the system compares the packet length with the MTU of the outbound interface. If encrypting the packet will exceed the MTU, the packet must be fragmented. This command shows whether the system will fragment the packet after encrypting it (after-encryption), or before encrypting it (before-encryption). Fragmenting the packet before encryption is also called prefragmentation, and is the default system behavior because it improves overall encryption performance. ExamplesThe following example displays the IPsec fragmentation policy for an interface named inside:
Related Commands
show crypto ipsec policyTo display IPsec secure socket API (SS API) security policy configure for OSPFv3, use the show crypto ipsec policy command. You can also use the alternate form of this command: show ipsec policy. show crypto ipsec policy Command History
ExamplesThe following example shows the OSPFv3 authentication and encryption policy.
Related Commands
show crypto ipsec saTo display a list of IPsec SAs, use the show crypto ipsec sa command. You can also use the alternate form of this command: show ipsec sa. show crypto ipsec sa [ assigned-address | entry | identity | inactive | mapmap-name | peerpeer-addr | spi | summary | user] [ detail] Syntax Description
Command History
ExamplesThe following example displays IPsec SAs that include a tunnel identified as OSPFv3.
The following example displays IPsec SAs for a crypto map named def.
The following example shows IPsec SAs for the keyword entry.
The following example shows IPsec SAs with the keywords entry detail.
The following example shows IPsec SAs with the keyword identity.
The following example shows IPsec SAs with the keywords identity and detail.
Related Commands
show crypto ipsec statsTo display a list of IPsec statistics, use the show crypto ipsec stats command. show crypto ipsec stats Command History
ExamplesThe following example displays IPsec statistics:
Related Commands
show crypto isakmpTo display the ISAKMP information for both IKEv1 and IKEv2, use the show crypto isakmp command. show crypto isakmp { sa [ detail] | stats} Syntax Description
Command History
Usage GuidelinesThe show crypto isakmp commands combine the output of the equivalent show crypto ikev1 and show crypto ikev2 commands. Following are some tips for reading the SA information.
ExamplesThe following example displays detailed information about the SA database.
The following example displays ISAKMP statistics. IKEv1 and IKEv2 are shown separately.
Related Commands
show crypto key mypubkeyTo display the key name, usage, and elliptic curve size for ECDSA or RSA keys, use the show crypto key mypubkey command. show crypto key mypubkey { ecdsa | rsa} Syntax Description
Command History
ExamplesThe following example displays the RSA public key:
show crypto protocol statisticsTo display the protocol-specific statistics in the crypto accelerator MIB, use the show crypto protocol statistics command. show crypto protocol statisticsprotocol Syntax Description
Command History
ExamplesThe following example displays crypto accelerator statistics for all protocols:
Related Commands
show crypto socketsTo display crypto secure socket information, use the show crypto sockets command. show crypto sockets Command History
ExamplesThe following example displays crypto secure socket information:
The following table describes the fields in the show crypto sockets command output.
Related Commands
show crypto sslTo display information about the active SSL sessions on the threat defense device, use the show crypto ssl command show crypto ssl [ cache | ciphers | errors [ trace] | mib [ 64] | objects] Syntax Description
Command History
Usage GuidelinesThis command shows information about the current SSLv3 or greater sessions, including the enabled cipher order, which ciphers are disabled, SSL trustpoints being used, and whether certificate authentication is enabled. ExamplesThe following is sample output from the show ssl command:
To display SSL session cache statistics, use the show crypto ssl cache command
To display SSL cipher lists, use the show crypto ssl cipher command
show ctiqbeTo display information about CTIQBE sessions established across the threat defense device, use the show ctiqbe command. show ctiqbe Command History
ExamplesThe following is sample output from the show ctiqbe command under the following conditions. There is only one active CTIQBE session setup across the device. It is established between an internal CTI device (for example, a Cisco IP SoftPhone) at local address 10.0.0.99 and an external Cisco Call Manager at 172.29.1.77, where TCP port 2748 is the Cisco CallManager. The heartbeat interval for the session is 120 seconds.
The CTI device has already registered with the CallManager. The device internal address and RTP listening port is PATed to 172.29.1.99 UDP port 1028. Its RTCP listening port is PATed to UDP 1029. The line beginning with “RTP/RTCP: PAT xlates:” appears only if an internal CTI device has registered with an external CallManager and the CTI device address and ports are PATed to that external interface. This line does not appear if the CallManager is located on an internal interface, or if the internal CTI device address and ports are NATed to the same external interface that is used by the CallManager. The output indicates a call has been established between this CTI device and another phone at 172.29.1.88. The RTP and RTCP listening ports of the other phone are UDP 26822 and 26823. The other phone locates on the same interface as the CallManager because the threat defense device does not maintain a CTIQBE session record associated with the second phone and CallManager. The active call leg on the CTI device side can be identified with Device ID 27 and Call ID 0. Related Commands
show ctl-providerTo display the configuration of CTL providers used in unified communications, use the show ctl-provider command. show ctl-provider [ name] Syntax Description
Command History
ExamplesThis example shows how to display the configuration of the CTL providers.
show curprivTo display the current user privileges for a Diagnostic CLI session, use the show curpriv command: show curpriv Command History
Usage GuidelinesThe show curpriv command displays the current privilege level. Lower privilege level numbers indicate lower privilege levels. This information does not apply to the users defined by the configure user command. Instead, these are the privileges of a user within the system support diagnotistic-cli session. You cannot change these privileges. ExamplesThe following example shows how to view the privileges for the logged-in user. These privileges apply to the Diagnostic CLI; they do not apply to the ability to use configure commands. You cannot configure permissions for the enable_1 user. These privileges are the same for both Basic and Config permissions.
Which cli command would allow an administrator to assess CPU usage by process on the management Plane?Look for the "---panio" string in the dp-monitor log (this information is logged every 10 minutes) or run the show running resource-monitor command from the CLI to view DP resource usage. This command can be used to review dataplane CPU usage.
Why is the message dataplane under severe load displayed in the system log?When monitoring system log using GUI: Monitor > Log > System, the message "Alert "Dataplane under severe load" is seen. When the setting "Enable Log on High DP Load" is checked under the logging and reporting setting, a system log is generated when the DP CPU is 100%. The settings can be enabled or disabled.
|