3. 查看命令
上一頁 第 7 章 Firewall 下一頁
Home | Mirror | Search

3. 查看命令

show ver(查看系統信息)
show run(查看防火牆運行配置)
show ip address(查看防火牆IP地址)
show nameif
show conduit
show config
show run
show static
show global
show dhcpd
show nat

Since it shows connection by host
show local-host
show conn
show xlate detail

# show cpu usage
CPU utilization for 5 seconds = 6%; 1 minute: 6%; 5 minutes: 7%

# sh traffic
outside:
        received (in 1806806.980 secs):
                3051312134 packets      3372506524 bytes
                1001 pkts/sec   1001 bytes/sec
        transmitted (in 1806806.980 secs):
                3680162240 packets      3426881395 bytes
                2001 pkts/sec   1000 bytes/sec
inside:
        received (in 1806806.980 secs):
                3633230948 packets      1921928934 bytes
                2001 pkts/sec   1001 bytes/sec
        transmitted (in 1806806.980 secs):
                2935232007 packets      2574723752 bytes
                1001 pkts/sec   1001 bytes/sec

3.1. show interface

firewall(config)# show interface
interface ethernet0 "outside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 001c.58b5.6e80
  IP address 120.13.14.30, subnet mask 255.255.255.192
  MTU 1500 bytes, BW 100000 Kbit full duplex
        2813730585 packets input, 322384351 bytes, 0 no buffer
        Received 38464886 broadcasts, 0 runts, 0 giants
        16601 input errors, 0 CRC, 0 frame, 16601 overrun, 0 ignored, 0 abort
        1938316742 packets output, 958234027 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (3/144)
        output queue (curr/max blocks): hardware (0/128) software (0/278)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 001c.58b5.6e81
  IP address 172.16.0.254, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 100000 Kbit full duplex
        2015029888 packets input, 2028029332 bytes, 0 no buffer
        Received 27779782 broadcasts, 0 runts, 0 giants
        32841 input errors, 0 CRC, 0 frame, 32841 overrun, 0 ignored, 0 abort
        2392423441 packets output, 4158892725 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/154)
        output queue (curr/max blocks): hardware (2/128) software (0/353)

3.2. show static

firewall(config)# show static
static (inside,outside) 120.12.14.6 172.16.0.6 netmask 255.255.255.255 0 0
static (inside,outside) 120.12.14.7 172.16.0.7 netmask 255.255.255.255 0 0
static (inside,outside) 120.12.14.8 172.16.0.8 netmask 255.255.255.255 0 0
static (inside,outside) 120.12.14.10 172.16.0.10 netmask 255.255.255.255 0 0

3.3. show ip

firewall(config)# show ip
System IP Addresses:
        ip address outside 120.12.14.3 255.255.255.192
        ip address inside 172.16.0.254 255.255.255.0
Current IP Addresses:
        ip address outside 120.12.14.3 255.255.255.192
        ip address inside 172.16.0.254 255.255.255.0

3.4. show cpu usage

firewall(config)# show cpu usage
CPU utilization for 5 seconds = 18%; 1 minute: 20%; 5 minutes: 20%

3.5. show conn count

firewall(config)# show conn count
5661 in use, 117879 most used

3.6. show blocks

firewall(config)# show blocks
  SIZE    MAX    LOW    CNT
     4   1600   1424   1600
    80    400    394    398
   256    500    442    500
  1550    933      0    618

3.7. show mem

firewall(config)# show mem
Free memory:        75529176 bytes
Used memory:        58688552 bytes
-------------     ----------------
Total memory:      134217728 bytes

3.8. show traffic

firewall(config)# show traffic
outside:
        received (in 1812494.446 secs):
                2813262888 packets      253141259 bytes
                1000 pkts/sec   2 bytes/sec
        transmitted (in 1812494.446 secs):
                1937679278 packets      288527512 bytes
                1000 pkts/sec   0 bytes/sec
inside:
        received (in 1812494.446 secs):
                2014390684 packets      1357597340 bytes
                1000 pkts/sec   0 bytes/sec
        transmitted (in 1812494.446 secs):
                2391958734 packets      4089671095 bytes
                1002 pkts/sec   2000 bytes/sec

3.9. show xlate

firewall(config)# show xlate
64 in use, 1051 most used
Global 120.13.14.10 Local 172.16.0.10
Global 120.13.14.18 Local 172.16.0.48
Global 120.13.14.28 Local 172.16.0.28
Global 120.13.14.35 Local 172.16.0.35
Global 120.13.14.24 Local 172.16.0.41
Global 120.13.14.13 Local 172.16.0.33
Global 120.13.14.7 Local 172.16.0.7
Global 120.13.14.6 Local 172.16.0.6
PAT Global 120.13.14.30(23951) Local 172.16.0.42(61748)
Global 120.13.14.21 Local 172.16.0.24
Global 120.13.14.23 Local 172.16.0.23
Global 120.13.14.25 Local 172.16.0.54
Global 120.13.14.14 Local 172.16.0.34
Global 120.13.14.27 Local 172.16.0.27
Global 120.13.14.22 Local 172.16.0.22
Global 120.13.14.5 Local 172.16.0.13
Global 120.13.14.15 Local 172.16.0.15
Global 120.13.14.4 Local 172.16.0.4
Global 120.13.14.26 Local 172.16.0.26
PAT Global 120.13.14.30(31707) Local 172.16.0.101(63573)
PAT Global 120.13.14.30(31705) Local 172.16.0.51(46332)
PAT Global 120.13.14.30(31709) Local 172.16.0.101(63587)
PAT Global 120.13.14.30(31708) Local 172.16.0.101(51612)
Global 120.13.14.16 Local 172.16.0.56
Global 120.13.14.20 Local 172.16.0.20
Global 120.13.14.12 Local 172.16.0.12
Global 120.13.14.8 Local 172.16.0.8
Global 120.13.14.38 Local 172.16.0.38
Global 120.13.14.29 Local 172.16.0.2
PAT Global 120.13.14.30(61715) Local 172.16.0.47(35662)
PAT Global 120.13.14.30(61714) Local 172.16.0.37(5809)
PAT Global 120.13.14.30(61713) Local 172.16.0.141(55314)
PAT Global 120.13.14.30(61712) Local 172.16.0.141(55313)
PAT Global 120.13.14.30(61699) Local 172.16.0.47(46235)
PAT Global 120.13.14.30(61698) Local 172.16.0.47(52197)
PAT Global 120.13.14.30(61696) Local 172.16.0.37(43727)
PAT Global 120.13.14.30(61703) Local 172.16.0.47(49113)
PAT Global 120.13.14.30(61702) Local 172.16.0.141(55309)
PAT Global 120.13.14.30(61700) Local 172.16.0.47(44744)
PAT Global 120.13.14.30(61707) Local 172.16.0.47(56175)
PAT Global 120.13.14.30(61706) Local 172.16.0.47(50588)
PAT Global 120.13.14.30(61705) Local 172.16.0.47(58676)
PAT Global 120.13.14.30(61704) Local 172.16.0.141(55310)
PAT Global 120.13.14.30(61711) Local 172.16.0.47(39698)
PAT Global 120.13.14.30(61710) Local 172.16.0.141(55312)
PAT Global 120.13.14.30(61709) Local 172.16.0.141(55311)
PAT Global 120.13.14.30(61708) Local 172.16.0.47(54897)
PAT Global 120.13.14.30(391) Local 172.16.0.49(123)
PAT Global 120.13.14.30(389) Local 172.16.0.161(137)
PAT Global 120.13.14.30(393) Local 172.16.0.37(123)
PAT Global 120.13.14.30(392) Local 172.16.0.5(123)
Global 120.13.14.19 Local 172.16.0.19
Global 120.13.14.9 Local 172.16.0.9
Global 120.13.14.11 Local 172.16.0.11
PAT Global 120.13.14.30(61682) Local 172.16.0.37(44507)
PAT Global 120.13.14.30(61681) Local 172.16.0.37(1561)
PAT Global 120.13.14.30(61684) Local 172.16.0.141(55307)
PAT Global 120.13.14.30(61694) Local 172.16.0.141(55308)
PAT Global 120.13.14.30(61693) Local 172.16.0.47(49428)
PAT Global 120.13.14.30(61692) Local 172.16.0.37(46051)
PAT Global 120.13.14.30(61667) Local 172.16.0.141(55306)
PAT Global 120.13.14.30(61666) Local 172.16.0.47(39924)
PAT Global 120.13.14.30(61670) Local 172.16.0.37(62964)
comments powered by Disqus
上一頁 上一級 下一頁
2. Cisco ASA Firewall 起始頁 4. FAQ