Showcmnd

C H A P T E R
12-1
Cisco VPN 5000 Concentrator Series Command Reference Guide, Software Version 6.0.x
OL-1288-01
12
Show Commands
This section lists the show commands for the Cisco VPN 5000 concentrator series.
show all
The show all command displays most of the system configuration and status. The information displayed
by this command is displayed by other show commands. Please refer to the referenced commands for
specific information about the displayed information.
The information displayed varies with the hardware platform and the software configuration.
show all [verbose]
Syntax Description
Usage Guidelines
The following is a list of the information displayed:

verbose This option causes the command to display even more information.
General Information Displays general system configuration information. The same information is
displayed with the show version verbose command.
IP Configuration Displays the IP routing configuration. The same information is displayed
with the show ip config command.
WAN/PPP
Configuration
Displays the WAN port and PPP protocol configuration. The same
information is displayed with the show wan serial config, show wan
connect config, and show ppp lcp commands.
VPN Group Displays the VPN Group configuration. The same information is displayed
with the show vpn config command.
Runtime Status Displays the runtime status of the various system interfaces. The same
information is displayed with the show os netif command.

12-2
OL-1288-01
Chapter 12 Show Commands
show all
Related Commands
Command Description
show ip Shows IP configuration and statistics
show os Shows operating system information
show ppp Shows PPP information
show version Shows general device information
show vpn Shows VPN configuration and statistics
show wan Shows WAN port information

12-3
OL-1288-01
show arp
show arp
This command shows the contents of a routers Address Resolution Protocol (ARP) cache. This cache
holds the mapping between a high-level protocol address and the physical address. The physical address
may be either an IEEE Ethernet address or a Frame Relay DLCI which can be converted into a
Frame Relay Q.922 hardware address. ARP entries are added to the cache either dynamically through
the use of ARP on an Ethernet LAN or IARP (Inverse ARP) on Frame Relay. They also may be added
statically with the add arp command.
show arp
Usage Guidelines
The information shown is:

Example
The following is output from the show arp command:
vpn_5000: Main# show arp
B# Protocol Address Age Hardware Addr Type Interface
0 IP 198.41.9.1 0 aa:00:04:00:0d:04 Dynam Ethernet A
13 IP 198.41.8.1 0 c303.444.9531 Dynam Wan0
14 IP 198.41.9.12 0 00:00:a5:2f:20:00 Dynam Ethernet A
15 IP 198.41.9.30 0 08:00:20:08:cc:0d Dynam Ethernet A
B# This is the hash bucket number of the cache entry. Hashing is used to index
the cache to allow fast searching for an entry.
Protocol This identifies the high-level protocol address in the entry, which is IP.
Address The IP address, shown in dotted-decimal notation.
Age The age of the ARP entry in minutes. After 20 minutes the entry is timed out
and deleted. Entries added statically or through IARP on Frame Relay aren't
aged and will always have an age of zero.
Hardware Addr The physical address that the high-level address resolves to. If the entry is an
IEEE Ethernet hardware address, it is shown with six octets separated by
colons. If the physical address is from a Frame Relay interface, it will be
displayed as a DLCI address.The hardware address sometimes reports
incomplete if there is a misconfiguration of the physical address or of the
hardware itself. These age out after 2 minutes.
Interface This is the routers interface through which the hardware address can be
reached.

12-4
OL-1288-01
show arp
Related Commands
Command Description
add ip arp Adds a static IP ARP cache entry
reset arp Deletes ARP table entries

12-5
OL-1288-01
show certificate
show certificate
The show certificate command shows the certificates installed, details about each certificate, or the
certificate text. See the Certificates section on page 6-3 for an overview of certificates.
show certificate {installed |
details {root | server} |
pem {root | server} [x509] |
fingerprint {root | server} |
generator}
Syntax Description
Usage Guidelines
The following sections describe the display contents for each command.
show certificate installed Display
The show certificate installed display includes the following information for each certificate:
installed Lists the certificates installed, including the type and basic information.
details {root | server} Shows details for a root or server certificate.
pem {root | server}
[x509]
Shows the root or server certificate text in PEM format. By default, the
certificate is in PKCS #7 format. x509 shows the certificate in X.509 format.
fingerprint
{root | server}
Shows the root or server certificate fingerprint, which is the message-digest
5 hash (MD5) authentication algorithm.
generator When entered on a CG, shows whether the CG is idle or busy generating
a certificate.
Serial Number
Issuer Information about the CA or CG that issued the certificate. All fields may not
be present:
C is the country code.
O is the organization name.
OU is the organizational unit.
L is the city name.
ST is the state name.
Subject For a root certificate, information about the certificate similar to the issuer
information.
For a server certificate, CN is the common name to identify the server.
Validity The certificate start and expiration dates.
MD5 Fingerprint A unique identifier for the certificate.

12-6
OL-1288-01
show certificate
show certificate detailed Display
The show certificate detailed display includes the following information for a certificate:
Examples
The following sections show an example for each command.
show certificate installed Example
vpn_5000: Main# show certificate installed
Root Certificate:
Serial Number: 77:37:3a:33:37:3a:33:61:3a:33:33:3a:33:37:3a:33
Issuer: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=Colorado
Subject: C=US,O=Cisco Systems,OU=SLP BU,L=Boulder,ST=Colorado
Validity
Not Before: Apr 21 00:00:00 2000 GMT
Not After : Apr 20 23:59:59 2005 GMT
MD5 Fingerprint: B0:DD:DD:DE:13:29:3C:54:95:F7:BD:5C:B7:0C:CA:E6
Server Certificate:
Subject: CN=IntraPortCarrier_A5C5C600
Validity
Not After : Apr 24 23:59:59 2001 GMT
MD5 Fingerprint: 2A:93:5F:02:7A:9D:68:80:63:8E:29:68:DA:5A:9A:BD
Version
Serial Number
Signature Algorithm Shows the algorithm type.
Issuer Information about the CA or CG that issued the certificate. All fields may not
be present:
C is the country code.
O is the organization name.
OU is the organizational unit.
L is the city name.
ST is the state name.
Subject For a root certificate, information about the certificate similar to the issuer
information.
For a server certificate, CN is the common name to identify the server.
Validity The certificate start and expiration dates.
MD5 Fingerprint A unique identifier for the certificate.
Subject Public Key
Info
Shows the Public Key Algorithm type.
RSA Public Key Shows the key length in bits.
Signature Algorithm Shows the actual algorithm.

12-7
OL-1288-01
show certificate
show certificate details Example
vpn_5000: Main# show certificate details server
Server Certificate:
Version: 3 (0x2)
Signature Algorithm: md5WithRSAEncryption
Subject: CN=IntraPortCarrier_A5C5C600
Validity
Not After : Apr 24 23:59:59 2001 GMT
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Signature Algorithm: md5WithRSAEncryption
01:0c:40:40:fb:84:e3:eb:49:f4:0b:da:69:f7:6d:cd:d1:16:
ae:e9:d1:a9:f3:a1:b2:03:33:a8:3a:19:a1:4c:cc:1b:5e:e1:
e9:a5:06:6b:02:c1:5d:6a:93:a2:60:a3:47:6c:5b:2b:2a:91:
9f:30:a7:76:77:ba:d4:84:d8:89:bd:b9:31:d2:1a:82:52:37:
14:24:4f:a5:23:bb:65:fb:3e:96:7e:17:50:87:de:7d:dd:a0:
21:30:80:4f:0b:26:87:7b:1a:84:a3:df:89:78:c9:dc:80:87:
cd:a4:d8:f2:a2:e0:4b:0e:59:dd:36:59:3d:59:8f:d0:7e:b2:
2f:97
show certificate fingerprint Example
vpn_5000: Main# show certificate fingerprint server
show certificate pem Example
vpn_5000: Main# show cert pem server
-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHAqCAMIIB1wIBATEAMIAGCSqGSIb3DQEHAQAAoIIBvTCCAbkw
ggFjoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwZjELMAkGA1UEBhMCQVUxETAPBgNV
BAgTCENvbG9yYWRvMRAwDgYDVQQHEwdCb3VsZGVyMRswGQYDVQQKExJDb21wYXRp
YmxlIFN5c3RlbXMxFTATBgNVBAMTDEludHJhcG9ydCBDQTAeFw05OTEyMDEwMDEx
MzFaFw05OTEyMzEwMDExMzFaMGYxCzAJBgNVBAYTAkFVMREwDwYDVQQIEwhDb2xv
cmFkbzEQMA4GA1UEBxMHQm91bGRlcjEbMBkGA1UEChMSQ29tcGF0aWJsZSBTeXN0
ZW1zMRUwEwYDVQQDEwxJbnRyYXBvcnQgQ0EwWjALBgkqhkiG9w0BAQEDSwAwSAJB
AKcGdw1H2Mr7ZMIflx8rWzb2S56WimZtO4mxcAoQa7yezyZ8cXN+o+QkvxsTLSsM
3YRHWE4voI6hIJbOG1gnUD0CAwEAATANBgkqhkiG9w0BAQQFAANBABnW5Np3La8t
Z5P6Od3BDX7BKbefLMJXoDPN31cbAqy40L/WVwKKWGoD/M+QTrHKMt+T1RhlTr+Z
Gl3QT4+6wPwxAAAAAAA=
-----END PKCS7-----

12-8
OL-1288-01
show certificate
Related Commands
Command or Section Description
Sections
Certificates Configures a certificate generator
Tunnel Partner Allows the LAN-to-LAN tunnel to use certificates
Commands
certificate crl Approve or deny a certificate request
certificate generate Creates a root or server certificate, or a certificate request
certificate import Imports a certificate
certificate remove Removes all certificates
certificate request Approves or denies a certificate request

12-9
OL-1288-01
show config
show config
This command displays the concentrators configuration, either the saved version, the running version,
or the edited version.
Note You must enter the section_name with any option for the show config command. For example, enter
list cook mark all section_name. See the configure section on page 7-1 to enter the configuration
editor.
show config [help | list [full] | [running | saved | edited] [full] [number] [pretty]
[ [cook mark [all] ] section_name] ]
Syntax Description
help Shows all options available for the show config command and a short
description of how to use each option.
list Displays the section names allowed for the particular concentrator model.
For customer virtual contexts (CVCs), it shows the allowed sections for the
current CVC. For example, the Main CVC allows the Context List section,
but other CVCs. If you specify full, the concentrator displays all sections
available for Main and other CVCs.
The list command in the configuration editor (configure command) uses the
same options as show config section_name.
full Displays all CVCs, including the Main CVC. If you do not specify full, the
show config command displays the configuration only for the CVC you are
in.
section_name Displays the specified sections configuration. If you specify full, this
command shows all sections in all CVCs that match the section name.
running Displays the currently running configuration.
saved Displays the saved version of the configuration.
edited Displays the edited version of the configuration. The edited version shows
changes you made but have not yet applied to the running configuration.
number Prints line numbers as the configuration displays.

12-10
OL-1288-01
show config
Examples
This section shows example displays.
show config section_name Example
The following example displays a configuration section.
vpn_5000: Main# show config ip wan 0:0
[ IP Wan 0:0 ]
RIPVersion = V1 # Turn RIP on
Numbered = TRUE
IPAddress = 31.0.0.5
SubnetMask = 255.0.0.0
IPBroadcast = 31.255.255.255
Updates = periodic
pretty Displays the configuration with all keywords indented identically, making
the configuration easier to read.
cook mark [all] The cook mark option highlights the differences between the current
configuration and the concentrators defaults. If a keywords value differs
from the default, the default value prints out as a comment on the line. If no
default exists, the comment states that the default is none. The cook mark
option also:
Checks the configuration for errors and prints a message indicating the
line with an error. Use edit config number to view the contents of the
line.
Strips out your comments and adds comments, for example, a comment
indicating the port name for a section.
Reorders the keywords to match the order in the help for the section.
Adds important additional keywords that you did not configure, but that
you should consider configuring.
The all option displays the configuration you created plus the concentrators
default keywords and values that you did not enter.
Note If you do not enter a section name, the concentrator displays all
possible sections with default keywords and values. For example, the
concentrator displays 5,000 Tunnel Partner VPN sections for each
module.

12-11
OL-1288-01
show config
show config cook mark section_name Example
The following example shows the same configuration displayed using the cook mark option.
vpn_5000: Main# show config cook mark ip wan 0:0
[ IP Wan 0:0 ]
Mode = Routed
IPAddress = 31.0.0.5 # Default => 0.0.0.0
SubnetMask = 255.0.0.0 # Default => 0.0.0.0
IPBroadcast = 31.255.255.255 # Default => 0.0.0.0
RIPVersion = V1 # Default => None
OutFilters =
InFilters =
Numbered = On # Default => Off
Updates = Periodic # Default =>Triggered
Related Command
Command Description
configure Enters the configuration editor, which allows you to add or modify
configuration variables using keyword and value pairs and ensures that
they are syntactically correct

12-12
OL-1288-01
show contexts
show contexts
This command lists all active CVCs in the Context List including names, file names, whether they are
current or active, and whether they have been applied, modified, or written. This command also lists all
CVCs in Flash memory, even those not included in the Context List section (inactive). Use the
context delete command to remove CVCs from Flash memory.
show contexts [context_name]
Syntax Description
Usage Guidelines
The show contexts command displays the CVC name (the General section Context keyword value),
and the path to the file as a URL.
Each CVC is in one of the following states:
Each CVC also shows one or more of the following messages:
context_name If you specify an optional context_name, which can include the wildcard
symbol (*), the concentrator lists all CVCs that match. For example,
company* matches the CVC names companyAtlanta, companyChicago, and
companyDenver.
Current Shows the CVC you are in when you entered this command. The path to the file as
a URL matches the one in the Context List section except if the CVC is newly
created by the context new command. In that case, the path is not derived from the
Context List section, but is either the default path in Flash memory
(context_name.cfg) or the path you wrote it to using the write command.
Active An active CVC is one that is running on the concentrator. The path to the file as a
URL matches the one in the Context List section except if the CVC is newly created
by the context new command. In that case, the path is not derived from the Context
List section, but is either the default path in Flash memory (context_name.cfg) or
the path you wrote it to using the write command.
Inactive An inactive CVC is one that is in Flash memory, but is not running. For example, its
URL is not in the Context List section so it was not loaded at an apply or at startup.
Use the context delete command to remove it from Flash memory.
(no value) If the CVC is not followed by a message, it was loaded from the file at startup, and
you have not made any changes to it.
Deleted This CVC was deleted from Flash memory using the context delete command, but
is running on the concentrator until you restart.
Edit-Applied After making changes to the CVC, you applied them using the apply command. The
edit buffer still contains your changes, and you can continue editing the CVC.
Modified You made changes to the CVC, but have not yet written them using the
write command, which clears the edit buffer.

12-13
OL-1288-01
show contexts
Examples
vpn_5000: Main# show contexts
CURRENT "Main" "flash://Main.cfg"
ACTIVE "Trans2" "flash://Trans2.cfg"
ACTIVE "DESTrans3" "flash://DESTrans3.cfg"
ACTIVE "TransNAT3" "flash://TransNAT3.cfg"
ACTIVE "DESTransNAT3" "flash://DESTransNAT3.cfg"
INACTIVE "test2" "flash://test2.cfg"
Related Commands
NewConfig You created this CVC using the context new command but have not yet written it
using the write command.
Save-Applied You applied the saved version of this CVC.
Written You wrote the CVC.
Sections
Context List Includes a list of all CVC files
Commands
context Configures and manages CVCs

12-14
OL-1288-01
show ethernet
show ethernet
The show ethernet commands display information specifically about the Ethernet ports in the device.
show ethernet {addresses | statistics}
Syntax Description
Examples
show ethernet addresses Example
The following is output from the show ethernet addresses command for a two-port router:
vpn_5000: Main# show ethernet addresses
Ethernet Address: 00:00:a5:77:2c:00
Ethernet Address: 00:00:a5:77:2c:01
show ethernet statistics Example
The following is output from the show ethernet statistics command. The number of columns varies
depending on the number of Ethernet interfaces.
vpn_5000# show ethernet statistics
Statistic Type Ether 0 Ether 1
Packets In 3728292 2931101
Packets Out 6171 6443688
Tx discards 0 0
Tx Heldoff 0 0
Rx discards 0 0
Rx Resource err 0 0
PCI Bus Error 0 0
Transmit Error 0 0
Total Collisions 1398 136185
Late Collisions 0 0
16 Consec Colls 0 0
Tx Jabber TO 0 0
Carrier Mid-Tx 0 0
Tx No Carrier 0 0
Tx Too Long 0 0
Tx Underflow 0 0
Tx Heartbeat 0 0
Deferred 1604 1576185
Receive Error 0 0
addresses This command displays the hardware address of the Ethernet chip for each
interface. This can be helpful in debugging network problems.
statistics This command displays tallies for all ports returned from the Ethernet chips
for various types of conditions and exceptions.

12-15
OL-1288-01
show ethernet
Rx Watchdog 0 0
Rx Overflow 0 0
Length Error 0 0
Desc Len Err 0 0
Illegal Length 0 0
Runt Error 0 0
Collision Err 0 0
CRC Error 0 0
Frame Error 0 0
Missed Frames 5 5
Dribble Errors 0 0
MII PHY Errors 0 0
Link Speed(Mbps) 10 10
Duplex (1=FULL) 0 0
As this display suggests, many of the statistics should be zero.
Related Command
Section Description
Ethernet Interface Configures Ethernet parameters for an interface

12-16
OL-1288-01
show frelay
show frelay
The show frelay commands are used to display Frame Relay configuration and statistics within
the router.
show frelay {config | dlci | pvc [wan slot:0 [dlci]] | stats [wan slot:0 [dlci]]}
Syntax Description
Examples
show frelay config Example
The following is the output from a show frelay config command.
vpn_5000: Main# show frelay config
Port Maint Poll MTU DLCI
Wan0 annexD 10 1500 n/a
Wan1 Off
config Shows the status of the Frame Relay configuration for each physical port of
the router. This includes whether it is on or off, which local maintenance
protocol is configured, and the interval for exchanging the local maintenance
packets.
dlci Shows the configured DLCI (Data Link Connection Identifier) mappings.
These are DLCIs that are configured with their specific protocol address
mappings.
pvc [wan slot:0 [dlci]] Shows the status of the PVCs (Permanent Virtual Circuits) that have been
picked up from the Frame Relay switch through local maintenance packets.
It shows the status of the PVC, the Q.922 physical address and DLCI value
for the PVC, the total number of input and output packets, a reference and
use count, and the up time of the PVC. If no port number is specified, then
the known PVC for all ports are shown. If a port is specified, then the PVCs
for that specific port are shown. If a dlci is specified in conjunction with a
port, the status of the PVC will be shown that includes the above data along
with an expanded list of packet statistics. This expanded list includes tallies
for input and output fragmented packets, FECN and BECN packets and
packets that have been discarded. Certain dlci numbers are used for
maintenance protocols (0 is used for ANSI Annex-D, and 1023 is used for
LMI).
stats [wan slot:0 [dlci]] Shows an expanded list of Frame Relay packet tallies, described above, for
each port of the router. If a port is specified, then only the extended Frame
Relay packet tallies for that port are shown. If a dlci is specified in
conjunction with a port, then the extended Frame Relay packet tallies for that
PVC or DLCI are shown.

12-17
OL-1288-01
show frelay
show frelay dlci Example
The following is the output from a show frelay dlci command.
vpn_5000: Main# show frelay dlci
Wan0 DLCI Configuration
DLCI IP AppleTalk IPX DECnet
101 10.1.2.2 Off IARP Off
show frelay pvc Example
The following is the output from a show frelay pvc command.
vpn_5000: Main# show frelay pvc
Wan0 Frame Relay PVC
DLCI State Type Interface Flags Q.922 Ref Use Active (D:H:M:S)
102 Inactive User ni_wan0 21 1861 1 3018 0:00:00:00
101 Active User ni_wan0 21 1851 3 112944 10:03:49:38
16 Active User ni_wan0 21 0401 667 59709 2:08:22:58
0 Active Maint ni_wan0 41 0001 1 175562 10:03:50:02
Related Command
Section Description
Frame Relay Configures Frame Relay parameters for an interface

12-18
OL-1288-01
show history
show history
The show history command is used to display the last commands entered in the current command loop
session. The command history is displayed from the oldest command to the newest command.
The command history has room for 650 bytes of command history, or about 40 commands. When the
buffer fills up, older commands are removed to make room for more recent ones. All commands stored
in the buffer are displayed by the show history command.
show history
Usage Guidelines
The command loop parser supports command line editing. By using this mechanism, whole commands
from the history buffer can be retrieved, or a complex set of commands can be retrieved and modified to
eliminate most retyping.
The edit config command has two separate history buffers: one for editor commands and another for text
input using the append command. There is no way to display the history in these buffers, but the
complete editing functionality described below is supported.
On a VT100 or ANSI terminal, the up and down keyboard arrow keys may be used to scroll through the
history buffer. The left and right arrow keys may be used to move the cursor position on the current
command. Keyboard input will be inserted at the position of the cursor, pushing the rest of the command
to the right. There is no overstrike mode. Characters to the left of the cursor may be deleted by pressing
either the delete or backspace key. An entire line may be deleted by entering Ctrl-U or Ctrl-C.
A more powerful emacs style of editing is also available for users without access to compatible arrow
keys or users who are familiar with emacs o r other emacs-style command line implementations. The
command search functions Ctrl-S and Ctrl-R are not implemented.
A complete summary of valid commands for both styles is listed below. Both editing styles are active
and recognized at the command prompt.
Note Passwords, input to other command prompts, and input to subcommands do not appear in the
command history. Incorrect and partial input appear.
VT100/ANSI Keypad Editing
Key Sequence Command Action
Left Arrow Cursor back one character
Right Arrow Cursor forward one character
Down Arrow Go forward in history
Up Arrow Go backward in history to previous command
Backspace Delete previous character
Delete Delete previous character
Ctrl U Erase line and start over
Ctrl C Interrupt input

12-19
OL-1288-01
show history
emacs-Style Editing
Related Commands
Key Sequence Command Action
Ctrl A Beginning of line
Ctrl B Cursor back one character
Ctrl C Interrupt input
Ctrl D Delete forward character
Ctrl E End of line
Ctrl F Cursor forward one character
Ctrl H Delete previous character
Ctrl K Kill (delete) rest of line
Ctrl L Redraw line
Ctrl N Go forward to the next line
Ctrl P Go backward to the previous line
Ctrl Q Enter next character literally
Ctrl U Erase line and start over
DEL Same as Ctrl H
Command Description
edit config Enters the text editor to edit the configuration file
help Displays context-sensitive online help info

12-20
OL-1288-01
show ip
show ip
The show ip commands display information about the configured and run-time IP parameters and
IP routes. They can also show information about the status of the IP ARP cache and IP statistics.
show ip {filter | protocol | cache | statistics | rtcount |
config [ interface_type [interface_number]] | vpn [[slot:]number]] [status] |
routing [direct | dynamic [protocol] | static | default | configured]
[IP_address subnet_mask]}
Syntax Description
filter Displays the runtime IP protocol filters for all of the interfaces.
protocol Displays a summary of the configuration of each IP routing protocol.
cache Displays information about IP addresses presently in the fast-routing
cache.
statistics Displays information about various IP tallies.
rtcount Displays the total number of routes currently in the IP routing table. This
command is particularly useful if there are a very large number of
routes.

12-21
OL-1288-01
show ip
Usage Guidelines
config [{interface_type
[interface_number]] | vpn
[[slot:]number]] [status]
Displays the IP configuration parameters for all of the interfaces. For
more information about how to set the parameters see the IP section.
interface_type [interface_number]Only interfaces of the
specified type appear. The display can be further restricted with the
use of the interface_number.
interface_type can be:
ethernet
wan
interface_number can be:
For the VPN 5002 and 5008:
slot:0
For the VPN 5001:
{1 | 0}
statusshows the present runtime information. If the configuration
has been changed, the values displayed when this parameter is used
will be different from those displayed without it.
routing [direct |
dynamic [protocol] | static |
default | configured]
[IP_address subnet_mask]
Displays the IP routing table presently being used by the device. This
information is useful for determining if the device is connected to
Networks desired and to find out if there are routes to networks directly
attached.
direct, dynamic, static, default, or configuredThe display is
abbreviated to the specified type.
dynamic [protocol]The display can be further restricted by using
the protocol modifier. The protocol can be:
rip
ospf
icmp
IP_address subnet_maskShows a single IP route.

12-22
OL-1288-01
show ip
show ip config Display
The show ip config Ethernet parameters are displayed with one line, while WAN interfaces are displayed
with two, unless disabled. The column headings are described below:
show ip route Display
The show ip route output is displayed in four main sections.
The first is the Directly Connected Routes. These are the routes installed based upon the configuration
information as well as internal routes that the device uses for routing packets sent directly to it. The
second section lists runtime Static Routes. These are routes defined by the user. The third section,
Dynamic Routes, lists routes picked up from other devices on Network. The last section, Configured
IP Routes, shows permanently configured static routes.
The column headings are described below.
Port This column usually displays all of the physical interfaces. The exception is
for devices that also do bridging. In that case, the bridge "port" is also listed.
While bridging is usually associated with Ethernet interfaces, it is logically
different to the device. If a WAN interface is unnumbered, WAN interfaces
are noted as such.
IP Addr The IP address assigned to this interface. If there is no IP address assigned,
it is designated as an unnumbered interface.
Subnet The subnet mask that is being used by this interface.
Broadcast The broadcast address which this interface will use.
Options The IP options set for this interface. These include information on the status
of routing protocols, Proxy ARP, and so on.
Remote Address The remote address, if configured, for this interface. The address itself is
actually displayed in the second line of the WAN output under the Broadcast
column.
Destination Network or host which a route has been defined for.
Mask Subnet mask associated with the destination.
Gateway Gateway (or router) where packets for the destination are to be sent.
Metric Number of routers between this device and the destination. Values are between
1 and 16. If a metric count is 16, the route is timed out and is purged from the
table.
Refs Internal count of references to the route displayed.
Uses Number of IP packets forwarded using this routing table entry. The
concentrator typically only uses the routing table entry for the first few packets
to a destination host. The concentrator uses the Fast Switch cache for
subsequent packets. The Fast Switch cache records the results of the routing
table lookup for each new packet. When a subsequent packet with the same
routing information enters the concentrator, the concentrator can quickly refer
to the cache to determine the destination of a packet instead of using the slower
method of a routing table lookup. Use the show ip cache command to see
information about entries in the Fast Switch cache.
Type The method by which the route was discovered. Possible types include RIP,
RIP V2, and OSPF.

12-23
OL-1288-01
show ip
show ip cache Display
The show ip cache column headings are described below:
show ip statistics Display
The show ip statistics display is split up into sections based on whether the statistic is IP, ICMP, or UDP.
The values are all defined as MIB variables and can also be obtained by using an SNMP Management
station. For more information, see RFC 1213 "Management Information Base for Network Management
of TCP/IP-based internets: MIB-II." Unless otherwise indicated, these tallies are only for packets
directed to the device.
Src/TTL Time to live for the route in seconds. A TTL value of 999 means that the
timeout is infinite and will never be timed out.
Interface Interface on which packets for this destination will be forwarded on.
Destination IP address of the destination.
Ethernet Address MAC-level Ethernet address.
Iface Interface through which the device communicated with this destination.
Use cnt Number of packets sent to this destination.
Last Used Time (relative to the start of the device and measured in clock ticks) of the
last use of this entry.
IP:
Packets Total number of datagrams received, including errors, or number of
datagrams received from the IP stack to be transmitted. The Received packets
tally is for all packets which have passed through the device.
Delivered Number of datagrams delivered to the IP stack.
Forwarded
(datagrams)
Number of packets forwarded by this device. The datagrams tally is for all
packets which have passed through the device.
Errors These tallies are for all packets passing through the device.
Bad Header. Number of datagrams discarded due to errors in the header.
Proto Unkn. Number of datagrams discarded because they contained an
unknown protocol.
Bad Address. Number of datagrams discarded due to an invalid
IP address.
Discards Number of datagrams discarded for other reasons.
Fragmentation Number of datagrams sent that had to be fragmented.
Success. Number of datagrams fragmented successfully.
Creates. Number of fragmented datagrams created.
Failures. Number of datagrams that could not be fragmented and were
discarded.

12-24
OL-1288-01
show ip
Examples
show ip config Example
The following is the output from a show ip config command:
vpn_5000: Main# show ip config
Addresses
Port IP Addr Subnet Broadcast Flags
Ethernet 0 192.168.11.6 255.255.255.224 192.168.11.31 <OSPF:Active>
<RIP:in,V2>
Ethernet 1 ** Disabled **
Bridge ** Disabled **
Wan0 Unnumbered interface <Rip_out,Rip_in>
Remote Address: 0.0.0.0 <>
Wan1 disabled
Wan2 Unnumbered interface <Rip_out,Rip_in>
Wan3 163.179.16.33 255.255.255.0 163.179.16.255 <Rip_out,Rip_in>
Reassembly Number of IP fragments received that needed to be reassembled. Success.
Number of IP fragments successfully reassembled.
Requests. Number of reassembly requests.
Timeouts. Maximum number of seconds which received fragments are
held while they are awaiting reassembly by the device.
Failures. Number of IP fragments not successfully reassembled.
ICMP:
Packets Number of ICMP packets sent or received.
Errors Number of ICMP packets not sent because of errors or received with errors.
Dest Unreach Number of ICMP destination unreachable messages sent or received.
Time Exceeded Number of ICMP packets sent or received that timed out.
Parameter Err Number of ICMP parameter problem packets sent or received.
Source Quench Number of ICMP source quench packets sent or received.
Redirect Number of ICMP redirects sent or received.
Echo Number of echo requests sent or received.
Echo Reply Number of echo replies sent or received.
Timestamp Number of ICMP timestamp request packets sent or received.
Tstamp Reply Number of ICMP timestamp replies sent or received.
Addr Mask Number of ICMP address mask requests received.
Amask Reply Number of ICMP address mask replies sent.
UDP:
Packets Total number of datagrams delivered to UDP users.
Errors Number of UDP datagrams not delivered because of an error.
No Ports Number of UDP datagrams received for which there was no application at the
destination port.

12-25
OL-1288-01
show ip
show ip filter Example
The following is the output from a show ip filter command.
vpn_5000: Main# show ip filter
Filter Spec: test (1)
1: permit 0.0.0.0/00000000 -> 0.0.0.0/00000000
Protocol: ==45
Matches: 0:
show ip routing Example
Output from the show ip routing command follows:
vpn_5000: Main# show ip routing
Directly Connected Routes:
Destination Mask Refs Uses Type Interface
127.0.0.1 FFFFFFFF 1 0 STIF Local
192.168.9.8 @FFFFFFFF 1 2820 Local Local
192.168.9.18 @FFFFFFFF 1 27 Stat Wan2
192.168.9.0 FFFFFFE0 1 45253 STIF Ethernet0
163.179.16.0 FFFFFF00 1 2036 STIF Wan3
Static Routes:
Destination Mask Gateway Metric Refs Uses Type Interface
Dynamic Routes:
Destination Mask Gateway Metric Refs Uses Type TTL Interface
DEFAULT 199.45.130.49 1 1 52724 RIP 176 Wan0
192.168.8.0 FFFFFF00 192.168.9.1 3 1 2682 RIP 171 Ethernet0
192.168.9.128 FFFFFFE0 192.168.9.1 1 1 0 RIP 171 Ethernet0
199.45.130.24 FFFFFFE0 199.45.130.49 1 1 0 RIP 175 Wan0
Total Routes in use: 24 Default Router = <not set>
@Mask -> Host route *Type -> Redistribute
Configured IP Routes:
Destination Mask Gateway Metric IFnum Wan0
DEFAULT 192.168.200.1 1 0
show ip protocol Example
A show ip protocol example:
vpn_5000: Main# show ip protocol
IP PROTOCOL CONFIGURATION

12-26
OL-1288-01
show ip
Wan0 : OSPF:passive RIP:disabled,V2
Wan1 : OSPF:passive RIP:disabled,V2
Ether0: OSPF:disabled RIP:in,out,V2
Ether1: OSPF:active RIP:disabled,V2
IP PROTOCOL PRECEDENCE: (1) ospf (2) rip (3) static
ROUTING PROTOCOL REDISTRIBUTION
RIP to OSPF: disabled
Default to OSPF: disabled
OSPF to RIP: disabled

show ip cache Example
An example of the show ip cache command is given below.
vpn_5000: Main# show ip cache
Destination Ethernet Address Iface Use cnt Last Used
192.168.11.50 00:00:a5:71:2c:00 Eth3 1381589 361247
192.168.9.226 00:00:a5:f1:54:00 Eth2 195745 360677
192.168.11.10 02:60:8c:dd:af:58 Eth1 106912 360909
192.168.9.30 aa:00:04:00:0a:04 Eth0 18048 360677
show ip statistics Example
The following is the output from a show ip statistics command:
vpn_5000: Main# show ip statistics
Received Transmitted Other
------------------------ ------------------------ -----------------------
IP:
Packets 111638 Packets 2218 Fragmentation
Delivered 5999 Forwarded 1 Success 0
(datagrams) 102700 Creates 0
Errors Errors Failures 0
Bad Header 30 No route 0 Reassembly
Proto Unkn 721 Success 0
Bad Address 0 Requests 0
Timeouts 30
Discards 0 Discards 0 Failures 0
ICMP:
Packets 0 Packets 1769
Errors 0 Errors 0
Dest Unreach 0 Dest Unreach 1738
Time Exceeded 0 Time Exceeded 30
Parameter Err 0 Parameter Err 0
Source Quench 0 Source Quench 0
Redirect 0 Redirect 1
Echo 0 Echo 0
Echo Reply 0 Echo Reply 0
Timestamp 0 Timestamp 0
Tstamp Reply 0 Tstamp Reply 0
Addr Mask 0 Addr Mask 0
Amask Reply 0 Amask Reply 0
UDP:
Packets 5856 Packets 4088 No Ports 1
Errors 0

12-27
OL-1288-01
show ip
show ip rtcount Example
An example of the show ip rtcount command is given below.
vpn_5000: Main# show ip rtcount
Number of routes in IP Routing Table: 1008

Related Commands
Sections
IP Configures IP parameters for an interface
IP Filter Creates IP packet filters
IP Route Filter Creates IP route filters
IP Static Creates static IP routes
Commands
add ip arp Adds a static IP ARP cache entry
add ip route Adds a static IP route

12-28
OL-1288-01
show l2tp
show l2tp
This command shows the L2TP configuration, tunnel status, and statistics for each card.
show l2tp {config | users | statistics | tunnels [verbose]}
Syntax Description
Usage Guidelines
show l2tp users Display
The show l2tp users display includes the following information:
show l2tp config Display
The show l2tp config display includes the following information:
config Displays the configured L2TP parameters, L2TP system parameters, and
provides a list of LAC peers.
users Displays the number of tunnels and sessions and the state of VPN and PPP
negotiation.
statistics Displays payload and control packet counts.
tunnels [verbose] Displays the number of tunnels and the number of sessions in each tunnel.
Verbose displays information about each L2TP Access Concentrator (LAC)
that opened a tunnel.
Number of open tunnels The number of L2TP tunnels
Total call sessions in all tunnels The number of PPP sessions within the L2TP tunnels
VPN up The number of tunnels that have completed the VPN negotiation
LCP up, Auth Up, IPCP Up The number of tunnels that have completed these PPP negotiation
states
L2TP Configured Parameters: Configurable parameters
Hello Interval The number of seconds
Authenticate Tunnels True
False
L2TP Default Password None
The password
Do Hidden AVPs True
False

12-29
OL-1288-01
show l2tp
show l2tp tunnels Display
The show l2tp tunnels display includes the following information:
show l2tp tunnels verbose Display
The show l2tp tunnels verbose display includes the following information:
Call Session
Authentication Type
CHAP
PAP
Both
Receive Window Size The number of packets
L2TP System Parameters: Fixed parameters
Retransmission Interval The number of seconds
Maximum Retransmission
Count
The number of packets
L2TP Tunnel Peers Lists each LAC name and password, followed by whether it was
Configured (set by the LACPeer keyword) or Dynamic (any peer
using the L2TPPassword)
Total Tunnels on all slots The number of L2TP tunnels on all cards
L2TP Tunnel Information for
slot n: Total tunnels and
sessions
The number of L2TP tunnels and PPP sessions on the card
Total Tunnels on all slots The number of L2TP tunnels on all cards
Remote Peer Name The LAC name
Remote Address The LAC IP address
Tunnel IDs: Local and Remote The L2TP tunnel ID on this system and on the LAC
# Call Sessions The number of PPP sessions within the tunnel
Tunnel State ESTestablished with PPP sessions
IDLEthe L2TP tunnel is up, but there are no PPP sessions;
typically the state just after esablishment or after all PPP
sessions close before the tunnel comes down
WAIT CONNbrief state before establishment
Remote Window The number of packets sent before the concentrator must wait for an
acknowledgement before sending additional packets
Xmit Queue The number of packets waiting to be transmitted after the
concentrator receives an acknowledgement
L2TP Tunnel Information for
slot n: Total tunnels and
sessions
The number of L2TP tunnels and PPP sessions on the card

12-30
OL-1288-01
show l2tp
show l2tp statistics Display
The show l2tp statistics display includes the following information:
Examples
show l2tp config Example
vpn_5000: Main# show l2tp config
L2TP Configured Parameters:
Hello Interval: 60 seconds
Authenticate Tunnels: TRUE
L2TP Default Password: NONE
Do Hidden AVP's: FALSE
Call Session Authentication Type: CHAP
Receive Window Size: 4
L2TP System Parameters:
Retransmission Interval: 5 seconds
Maximum Retransmission Count: 5
L2TP Tunnel Peers
Generic: cisco => Configured
tunnel1-lac: cisco => Configured
this-lac: cisco => Dynamic
L2TP Payload Packets:
Payload Packets from
Clients
Data sent from remote users to the concentrator
Payload Packets from
Hosts
Data sent from the concentrator to the remote users
PPP Negotiation Packets
Received
PPP negotiation packets received from remote users
PPP Negotiation Packets
Sent
PPP negotiation packets sent to remote users
L2TP Control Packets
Received
The number of control packets of various kinds received from
remote users
L2TP Control Packets Sent The number of control packets of various kinds sent to remote users

12-31
OL-1288-01
show l2tp
show l2tp users Example
vpn_5000: Main# show l2tp users
L2TP Call Session Summary for all Contexts
Number of open tunnels: 1
Total call sessions in all tunnels: 1
VPN up: 1
LCP up: 1 AUTH up: 1 IPCP up: 1
IOP slot 1:
L2TP Call Session Summary for all Contexts
Number of open tunnels: 1
Total call sessions in all tunnels: 199
VPN up: 199
LCP up: 199 AUTH up: 199 IPCP up: 199
show l2tp tunnels Example
vpn_5000: Main# show l2tp tunnels
Total tunnels on all slots: 2
L2TP Tunnel Information for slot 0: Total tunnels 1 sessions 1
IOP slot 1:
show l2tp tunnels verbose Example
vpn_5000: Main# show l2tp tunnels verbose
Total tunnels on all slots: 2
Active L2TP Tunnels for all Contexts
Remote Remote Tunnel ID's # Call Tunnel Remote Xmit UDP
Peer Name Address Local Remote Sessions State Window Queue Port
this-lac 10.102.1.10 2 46570 1 EST 3000 0 1701
IOP slot 1:
Active L2TP Tunnels for all Contexts
Remote Remote Tunnel ID's # Call Tunnel Remote Xmit UDP
Peer Name Address Local Remote Sessions State Window Queue Port
tunnel2-lac 10.102.1.10 8193 45621 199 EST 3000 0 1701


12-32
OL-1288-01
show l2tp
show l2tp statistics Example
vpn_5000: Main# show l2tp statistics
L2TP PACKET STATISTICS:
Payload Packets From Clients 0
Payload Packets From Hosts 0
PPP Negotiation Packets Received: 8
PPP Negotiation Packets Sent: 11
L2TP Control Packets Received:
SCCRQ's: 1
SCCCN's: 1
StopCCN's: 0
ICRQ's Received: 1
ICCN's Received: 1
CDN's Received: 0
Hello's Received: 27
ZLB's Received: 30
Ctrl Pkt Seq# order: 0
L2TP Control Packets Sent:
SCCRP's: 1
StopCCN's: 0
ICRP's: 1
CDN's: 0
Hello's Sent: 30
ZLB's Sent: 29
Ctrl Pkts Retrans: 0
Max Retransmit: 0
IOP slot 1:
L2TP PACKET STATISTICS:
Payload Packets From Clients 0
Payload Packets From Hosts 0
PPP Negotiation Packets Received: 1213
PPP Negotiation Packets Sent: 1422
L2TP Control Packets Received:
SCCRQ's: 1
SCCCN's: 1
StopCCN's: 0
ICRQ's Received: 200
ICCN's Received: 200
CDN's Received: 0
Hello's Received: 0
ZLB's Received: 2
Ctrl Pkt Seq# order: 12
L2TP Control Packets Sent:
SCCRP's: 1
StopCCN's: 0
ICRP's: 200
CDN's: 1
Hello's Sent: 1
ZLB's Sent: 213
Ctrl Pkts Retrans: 0
Max Retransmit: 0

12-33
OL-1288-01
show l2tp
Related Command
Section Description
L2TP General Configures L2TP parameters for the device

12-34
OL-1288-01
show os
show os
These commands show the concentrators operating system parameters.
show os {processes | resevent | tcp |
memory [verbose] |
dump address [nbytes] |
netif [if_number] [verbose]}
Syntax Description
Related Commands
processes Shows the process table for the device.
resevent Shows detailed information about the status of the device when the last restart
event occurred. A restart event occurs if the device reaches a condition in
which it cannot proceed. The restart event information can be cleared using the
reset resevent command.
tcp Shows TCP connection state information.
memory [verbose] Shows the current status of the memory allocation in the device. Free memory
as well as the allocation of packet buffers is shown.
verboseShows more detail about the memory allocation or the internal
network interface structures.
dump address
[nbytes]
Allows arbitrary memory of the device to be dumped in hexadecimal format to
the terminal.
addressThe memory location to be dumped, specified as a hexadecimal
address. Addresses of invalid memory locations may cause a bus error
which will cause a restart event and restart the device.
nbytesThe number of bytes of memory to dump. Default: 320 bytes.
netif [if_number]
[verbose]
Shows the current status of the internal network interface structures. There is
one network interface structure for every type of network encapsulation done by
the device (i.e., Ethernet SNAP, Ethernet Type II, PPP, Frame Relay, and so on.)
if_numberThe internal network interface number.
verboseShows more detail about the memory allocation or the internal
network interface structures.
Command Description
reset resevent Clears restart event information

12-35
OL-1288-01
show ospf
show ospf
The show ospf commands display extensive information about the OSPF database, configuration, and
dynamic memory usage.
show ospf {rtrid | config | stats | mem | nbr | rt | all | if [verbose] |
db [all | rtr | net | sum | ext]}
Syntax Description
Usage Guidelines
show ospf config Display
The show ospf config command displays configured settings for each interface, including the IP address
of the interface, the area the interface is assigned to, and whether the interface is an active or passive
OSPF interface. The display also includes any configured settings for OSPF virtual links, the Area ID
and any net ranges set for the area and the routing protocol redistribution settings.
rtrid Displays the router ID, which is the largest IP interface address associated
with the router. The router ID is calculated only at boot time, or when
OSPF is re-enabled using the ospfenable command (see ospfenable).
config Displays user-configured values that are currently being used by the
protocol.
stats Shows OSPF packet statistics.
mem Displays OSPF dynamic memory usage.
nbr Displays an abbreviated list of current neighbors and their state.
rt Displays the ABR (Area Border Router) and ASBR (Autonomous System
Border Router) routes. An Area Border Router is a router which has
interfaces in more than one area. An Autonomous System Border Router is
a router which acts as a gateway between OSPF and other routing protocols
(RIP, BGP).
all Displays the entire OSPF Link State Database.
if [verbose] Displays the OSPF interface database. The verbose option can be used to
display more information.
db [all | rtr | net | sum |
ext]
Displays various portions of the OSPF Link State Database.
allThe router, net, and summary databases appear.
rtrThe router Link State Database appears.
netThe network Link State Database appears.
sum The summary Link State Database appears.
extThe external Link State Database appears.

12-36
OL-1288-01
show ospf
show ospf stats Display
The show ospf stats command shows how many of each of the five types of OSPF packets have been
received and sent: Hello, Database Description, Link State Request, Link State Update, and Link
State Acknowledgment. Discarded packets are not errors; an example of a discarded packet would be
a multicast for Designated Routers when this router is not the Designated Router or Backup Designated
Router. If "Packet errors" is nonzero, a detailed breakdown of each type of packet error appear.
show ospf if Display
The show ospf if display includes:
Interface Cost Configured cost assigned to this interface.
Router Priority Configured priority assigned to this interface.
Hello Interval Interval, in seconds, the interface sends out keepalive packets to let other
routers know this interface is up.
Router Dead Interval Interval, in seconds, the routers neighbors will wait without receiving a
keepalive packet from this router before they assume this router is down.
Transit Delay Amount of time added to the age of Link State Update packets before
transmission.
Retransmit Interval Interval, in seconds, the interface will delay before retransmitting Link State
Update packets.
Cost Cost of using this interface. An OSPF router will choose the path with the
lowest cost to enter into its routing table.
State Indicates if this router is the Designated Router or the Backup Designated
Router.
Type Indicates the interfaces type. Broadcast interfaces are LAN/Ethernet
interfaces. Point-to-Point interfaces are WAN interfaces running PPP.
Point-to-Multipoint interfaces are WAN interfaces running Frame Relay.
Priority Indicates the routers priority. The priority is used to determine whether the
router is eligible to become the Designated Router or the Backup Designated
Router for the LAN. A priority of 0 means that the router is not eligible. The
router with the highest priority becomes the Designated Router.
Designated Router IP address of the Designated Router.
Backup Designated
Router
IP address of the Backup Designated Router.

12-37
OL-1288-01
show ospf
show ospf nbr Display
The show ospf nbr display includes:
Examples
show ospf rtrid Example
Following is sample output from a show ospf rtrid command.
vpn_5000: Main# show ospf rtrid
OSPF Router ID for this router is 198.41.11.202
show ospf config Example
Following is sample output from a show ospf config command.
vpn_5000: Main# show ospf config
OSPF PER-INTERFACE CONFIGURATION
IP Ethernet Intface 198.41.11.201 assign to area 0.0.0.0
Interface is Active
Interface Cost = 10, Router Priority = 1
Hello Interval = 10, Router Dead Interval = 40
Transit Delay = 1, Retransmit Interval = 5
IP Ethernet Interface 74.0.0.1 assigned to area 0.0.0.0
Timers Displays the timer settings for this interface. The Hello and Dead timers for
each connected router must match or the routers will not be able to
communicate.
Neighbors Shows the number of current neighbors in each state of the neighbor
negotiation process. Down, Att (attempting connection), Init (initializing
connection), ExStart (starting to exchange database information), Exch (in
the process of exchanging database information), and Loading (requesting
Link State Advertisements from each other) are transient states and should
only appear at startup. 2WAY indicates that this router and the neighbor have
completed their neighbor negotiation. FULL indicates that the neighbor is the
Designated Router or the Backup Designated Router.
Rrt ID Neighbors router ID, which is the largest IP interface address associated
with the router.
Addr IP address of the neighbor.
State Current state of the neighbor negotiation process between this router and the
neighbor. Unless the router is just starting up, the state should either be
2WAY or FULL. FULL indicates that the neighbor is the Designated Router
or the Backup Designated Router. 2WAY indicates that this router and the
neighbor have completed their neighbor negotiation.

12-38
OL-1288-01
show ospf
Interface is Active
Interface is Active
Interface is Active

OSPF VIRTUAL LINK CONFIGURATION
None
OSPF AREA CONFIGURATION
Area ID: 0.0.0.0
Net Ranges defined for this area:
None
ROUTING PROTOCOL REDISTRIBUTION
Redistribute RIP routes into OSPF is disabled
Redistribute BGP routes into OSPF is disabled
Redistribute OSPF routes into RIP is disabled
show ospf mem Example
Following is sample output from a show ospf mem command.
vpn_5000: Main# show ospf mem
------------------------------------------------------------
OSPF DATABASE STATIC MEMORY USAGE: 36882 bytes
OSPF DATABASE DYNAMIC MEMORY USAGE
Memory Block Allocs Deallocs In Use Size Total
------------------------------------------------------------
ospf_intf 2 0 2 874 1748
ospf_nbr 4 0 4 118 472
ospf_nbr_node 4 0 4 20 80
ospf_nh_block 4 0 4 20 80
ospf_lsdb 419 323 96 74 7104
ospf_rtr_lsa 178 173 5 var 216
ospf_stub_lsa 2 0 2 24 48
ospf_net_lsa 36 35 1 var 44
ospf_sum_lsa 350 340 10 28 280
ospf_ase_lsa 3027 2949 78 36 2808
ospf_route 6 4 2 46 92
ospf_netrange 0 0 0 28 0
ospf_rtinfo 82 2 30 80 2400
ospf_dbsum 6 6 0 12 0
ospf_hdr 6 6 0 1422 0
ospf_ack_hdrq 156 156 0 28 0
ospf_ack_intf 3503 3503 0 28 0
ospf_nbrlist 70 70 0 12 0
ospf_lsreq 94 94 0 24 0
ospf_lsdblist 3660 3660 0 16 0
------------------------------------------------------------
Total In Use 15130
------------------------------------------------------------

12-39
OL-1288-01
show ospf
show ospf stats Example
Following is sample output from a show ospf stats command.
vpn_5000: Main# show ospf stats
OSPF Packet Statistics
Received Sent
Hello Packets: 29371 5880
Database Description Packets: 13 16
Link State Request Packets: 0 9
Link State Update Packets: 327 34
LS Acknowledgment Packets: 275 279
Total Packets: 30811 6218
Packets discarded: 825
Packet errors: 0
In the example below, the router is reporting a Hello timer interval mismatch with one of the routers on
the network, which will cause the two routers to be unable to establish an adjacency.
OSPF Packet Statistics
Received Sent
Hello Packets: 26 19
Database Description Packets: 11 11
Link State Request Packets: 1 4
Link State Update Packets: 17 4
LS Acknowledgment Packets: 6 10
Total Packets: 63 48
Packets discarded: 0
Packet errors: 2
Hello timer mismatch: 2
show ospf if Example
Following is sample output from a show ospf if command.
vpn_5000: Main# show ospf if
OSPF IP Interfaces
Interface Ether0 is Active
Cost: 5 State: NOT DR OR BDR Type: BROADCAST
Priority: 1
Designated Router: 198.41.11.205
Backup Designated Router: 198.41.11.204
Timers: Hello: 10 Dead: 40 Retrans: 5
Neighbors:
Down 0 Att 0 Init 0 2Way 3 ExStart 0 Exch 0 Loading 0 Full 2
Interface Ether1 is Active
Cost: 5 State: NOT DR OR BDR Type: BROADCAST
Priority: 1
Designated Router: 198.41.11.17
Backup Designated Router: 198.41.11.6
Timers: Hello: 10 Dead: 40 Retrans: 5
Neighbors:
Down 0 Att 0 Init 0 2Way 0 ExStart 0 Exch 0 Loading 0 Full 2

12-40
OL-1288-01
show ospf
show ospf nbr Example
Following is sample output from a show ospf nbr command.
vpn_5000: Main# show ospf nbr
-----------------------------------------------------------------
OSPF Neighbors
=================================================================
Ether0 RtrID: 198.41.11.200 Addr: 198.41.11.200 State: 2WAY
Ether0 RtrID: 198.41.11.204 Addr: 198.41.11.204 State: FULL
-----------------------------------------------------------------
show ospf rt Example
Following is sample output from a show ospf rt command.
vpn_5000: Main# show ospf rt
AREA 0:
AS Border Routes:
None
Area Border Routes:
78.0.0.1 Area 0 Cost 10 AdvRouter 78.0.0.1
Nexthop: 75.0.0.5 Interface: 75.0.0.2
Nexthop: 75.0.0.3 Interface: 75.0.0.2
AREA 2:
AS Border Routes:
None
Area Border Routes:

SUMMARY AS Border Routes:
None
show ospf db Example
Following is sample output from a show ospf db command.
vpn_5000: Main# show ospf db
OSPF Router, Net and Summary Databases:
Area 10:
STUB AdvRtr: 198.41.11.202 Len: 24 Age: 3600 Seq: 00000000
Router: 198.41.11.192 Mask: 255.255.255.240 Network: 198.41.11.192
STUB AdvRtr: 198.41.11.202 Len: 24 Age: 2084 Seq: 00000000

12-41
OL-1288-01
show ospf
RTR AdvRtr: 198.41.11.193 Len: 36 Age: 1199 Seq: 80000d6b
RouterID: 198.41.11.193 Area Border: On AS Border: Off
Connect Type: TRANS NET Cost: 10
DR: 198.41.11.193 Address: 198.41.11.193
Nexthops(1):
198.41.11.193 Interface: 198.41.11.202
RTR AdvRtr: 198.41.11.194 Len: 36 Age: 393 Seq: 8000063f
RouterID: 198.41.11.194 Area Border: Off AS Border: Off
Connect Type: TRANS NET Cost: 10
DR: 198.41.11.193 Address: 198.41.11.194
Nexthops(1):
198.41.11.194 Interface: 198.41.11.202
NET AdvRtr: 198.41.11.193 Len: 44 Age: 1200 Seq: 80000034
Attached Router: 198.41.11.193
Nexthops(1):
198.41.11.193 Interface: 198.41.11.202
SUM NET AdvRtr: 198.41.11.193 Len: 28 Age: 1486 Seq: 80000026
Network: 192.168.40.0 Mask: 255.255.255.0 Cost: 20
Nexthops(1):
198.41.11.193 Interface: 198.41.11.202
Nexthops(1):
198.41.11.193 Interface: 198.41.11.202
Nexthops(1):
198.41.11.193 Interface: 198.41.11.202
Related Commands
Section Description
IP Configures IP parameters for an interface
IP Protocol Precedence Configures the precedence order for routes in the routing table
OSPF Area Configures OSPF area parameters
OSPF Virtual Link Configures OSPF to allow an area that is not contiguous to the
backbone area (area 0) to operate

12-42
OL-1288-01
show ppp
show ppp
The show ppp commands display PPP-specific information about the WAN interfaces.
show ppp {lcp [status] | quality [status] | auth | compression | statistics}
Syntax Description
Usage Guidelines
show ppp lcp Display
The show ppp lcp display includes:
lcp [status] Displays LCP (Link Control Protocol) parameters configured for the
WAN interfaces. For each WAN interface, flags for Want and Allow are
displayed along with the Async-Character-Control-Map (ACCM). If the
optional status parameter is used, the display will show the runtime settings
for the interfaces.
quality [status] Displays the settings for the sending of echo packets. If the optional
status parameter is used, the display will show the runtime settings for the
interfaces.
auth Displays the authentication database used by PAP and CHAP. Because
password and security information is shown, you are prompted for the
password.
compression Displays the settings for PPP data compression.
statistics Displays packet statistics for the WAN interfaces.
Want The Want flags are parameters that the device requests of the remote end.
Allow The Allow flags are parameters that the device will agree to accept from the
remote end if requested.
ACCM Mask The ACCM Mask is a 32-bit hexadecimal value which has a bit set for each
control character requested to be mapped by the remote end. The value can
be decoded starting from the least significant bit. See the PPP section for
more information about the ACCM mask.

12-43
OL-1288-01
show ppp
show ppp quality Display
The show ppp quality display includes:
show ppp auth Display
The first portion of the show ppp auth output displays information specific to each of the
WAN interfaces. For more information on how to set these parameters see the PPP and Auth sections.
The column headings are described below:
The second part of the output displays Authentication Database entries. This table is consulted if PAP
or CHAP is set to Want or Both. These entries can be used for any or all of the interfaces.
Port The Port is Name of the WAN interface.
Proto The Proto column has one of two values. A value of Off indicates that this
interface is set for Frame Relay and the parameter cannot be set. A value of
ECHO indicates that the ECHO protocol is selected (which is used in PPP).
Interval The Interval is the frequency, in seconds, at which each echo will be sent. It
is also the amount of time in which an echo response must be received in
order not to be counted as missed. A value of Off indicates that the
ECHO protocol is disabled.
Threshold The Threshold is a set of numbers indicating Number of echo packets that
must be missed out of the last number received before an error is reported.
Port Name of the WAN interface.
Proto The Proto column has PAP and CHAP for interfaces configured for PPP. If
the interface is configured for Frame Relay or is turned off, it will say
disabled.
Status The Status values are Want, Allow, Both, or Off. Off means that
PPP authentication has not been configured for this interface. Allow means
that the device will allow the remote device to negotiate the protocol and will
respond. Want means that the device will ask the other end to negotiate the
protocol and require a response. Both means that the device will ask the
other end to negotiate the protocol and respond if the other end sends a
protocol request.
Name For the PAP protocol, Name column will only have a value if the Status is
Allow or Both. For the CHAP protocol, a Status of Want, Allow, or Both
will have a Name entry.
Password The Password is the PAP password or CHAP secret to be used during
authentication. There will only be an entry here if PAP is set to Allow or
Both, or if CHAP is set to Allow or Both.
Name Name column will have an entry if PAP is set for Want or Both or if CHAP
is set for Allow for the interfaces designated by the Mask (see below).

12-44
OL-1288-01
show ppp
show ppp compression Display
The show ppp compression display includes:
show ppp statistics Display
The show ppp statistics display includes:
Examples
show ppp lcp Example
The output from show ppp lcp is shown below.
vpn_5000: Main# show ppp lcp
Wan 0:
Want=5ac<ACCM,AUTH,MAGIC,PFC,ACFC,PAP>
Allow=1a4<ACCM,MAGIC,PFC,ACFC>
ACCM Mask=0<>
Chat Script The Chat Script specifies Name of the chat script to be used for dial-back.
Mask The Mask is a hexadecimal value specifying the ports on which this entry
should be used. Each bit in the 32-bit value corresponds to a WAN interface
(the least significant bit corresponding to WAN 0). In the output above the
Mask of 000f tells the device to use this entry for WAN interfaces 0, 1, 2,
and 3 (bits 0, 1, 2, 3).
Port The Port is Name of the WAN interface.
Compression The current PPP compression algorithm is shown. Possible values are Off
and Cisco Systems Sequenced Predictor.
in Number of packets received by this interface's PPP stack.
out Number of packets sent by this interface's PPP stack.
discard Total number of packets discarded due to an error by this interface's
PPP stack.
compressI Number of input packets to this interface's CCP decompressor. This value is
zero if PPP data compression is not negotiated for this link.
compressO Number of output packets from this interface's CCP compressor. This value
is zero if PPP data compression is not negotiated for this link.
compressID Number of packets discarded by this interfaces CCP decompressor. This
value is zero if PPP data compression is not negotiated for this link.
compressOD Number of packets discarded by this interfaces CCP compressor. This value
is zero if PPP data compression is not negotiated for this link.

12-45
OL-1288-01
show ppp
show ppp quality Example
The show ppp quality output follows:
vpn_5000: Main# show ppp quality
Port Proto Interval Threshold
Wan 0 Off
Wan 1 Off
Wan 2 ECHO Off
Wan 3 ECHO 11 21/ 30
show ppp auth Example
The following is an example of the information displayed by show ppp auth.
vpn_5000: Main# show ppp auth
Enter Password:
Port Proto Status Name Password
Wan 0 PAP Off
CHAP Off
Wan 1 PAP Allow Mickey Mouse
CHAP Allow Donald Duck
Wan 2 PAP Want
CHAP Want Betty
Wan 3 PAP Both Howdy Doody
CHAP Both Graendal One of the Foresaken
Authentication Database:
Name Password Chat Script Mask
Barney Rubble dial Fred 000f
show ppp compression Example
The following is an example of the information displayed by show ppp compression.
vpn_5000: Main# show ppp compression
Port Compression
Wan 0 Off
Wan 1 Off
Wan 2 Off
Wan 3 Cisco Systems Sequenced Predictor
show ppp statistics Example
The following is an example of the information displayed by show ppp statistics.
vpn_5000: Main# show ppp statistics
Stats Wan0
in 25
out 12691
discard 0
compressI 0
compressO 0
compressID 0
compressOD 0

12-46
OL-1288-01
show ppp
Related Commands
Sections
Auth Defines the PPP remote authentication database
PPP Configures PPP parameters for an interface
Commands

12-47
OL-1288-01
show radius
show radius
This command shows RADIUS settings and statistics.
show radius {config | statistics [domain | all]}
Syntax Description
Usage Guidelines
show radius config Display
The show radius config display includes the following information:
show radius statistics Display
The show radius statistics display includes the following information:
config Shows the current settings for RADIUS parameters.
statistics [domain | all] Displays packet statistics for communication between the concentrator and
the default RADIUS server identified by the Radius section (with no
domain specified).
domainSpecifies the non-default RADIUS server you want to view
statistics for. The domain matches the Radius section name.
allShows statistics for all RADIUS servers configured on the
concentrator.
State Valid states are On and Off.
UDP UDP port to be used for authentication or accounting. Any valid UDP port
value can be used. The defaults are 1645 for authentication and 1646 for
accounting.
Secret Shows the secret shared between the RADIUS client and server. It is a string
of 1 to 31 bytes. The server must be configured with the same client secret.
IP address IP address of the RADIUS server. An address of 0.0.0.0 for the secondary
server indicates that it has been disabled.
Attempts Shows Number of attempts to be made at transmitting a packet to the
RADIUS server. If a response is not received from the primary server in the
specified number of attempts, the secondary server (if enabled) will be used.
Primary Number of packets transmitted to or received from the primary server.
Secondary Number of packets transmitted to or received from the secondary server.
Errors Number of packets that had errors while being transmitted or received.

12-48
OL-1288-01
show radius
Examples
show radius config Example
The following example displays are for the show radius config command:
vpn_5000: Main# show radius config
RADIUS State UDP
Authentication On 1645
Accounting On 1646
Secret 'Homer Simpson'
Server IP address Attempts
Primary 1.2.3.4 5
Secondary 9.8.7.6 5
show radius statistics Example
The following example displays are for the show radius statistics command:
vpn_5000: Main# show radius statistics
Authentication xmit retry rcv
Primary 1 0 1
Secondary 0 0 0
Errors 0 0
No Match 0
Timeouts 0
Holdq 0
Accounting xmit retry rcv
Primary 3 0 3
Secondary 0 0 0
Errors 0 0
No Match 0
No Match Number of packets that were received but didn't have a matching packet on
the transmit hold queue.
Timeouts Number of packets that did not get a response from the primary or secondary
servers.
Holdq Number of packets that are being transmitted to a server but have not
received a response.
xmit Number of packets sent to a server. It does not include retries.
retry Number of retry packets sent to a server.
rcv Number of packets received from a server.
Name Name of the user currently using this port. Inactive means the port is not
being used.
Session ID A unique ID per user session. It is recorded in the server detail file and is
used for matching accounting start and stop records.
Secs Number of seconds the current user has been connected.

12-49
OL-1288-01
show radius
Timeouts 0
Holdq 0
Users Name Session ID Secs
Wan0 Inactive
Wan1 Inactive
Wan2 Wilber 01234567-00000001 138
Wan3 Inactive
Related Commands
Section Description
Radius Configures the concentrator for communication with a RADIUS server
for user authentication
VPN Users Creates a user list for VPN authentication

12-50
OL-1288-01
show reload
show reload
Displays the schedule for the last reload command you entered.
Related Command
Command Description
reload Schedules a system reboot, or reboots immediately.

12-51
OL-1288-01
show routing
show routing
This command is an alternative way to obtain routing table information for IP.
show routing ip [dynamic | static | default]
Syntax Description
Related Command
ip [dynamic | static |
default]
See show ip routing for a detailed description.
Command Description
show ip routing Shows IP configuration and statistics

12-52
OL-1288-01
show securid
show securid
Shows information about SecurID servers.
show securid {secrets | statistics}
Syntax Description
Usage Guidelines
show securid secrets Display
The show securid secrets display includes the following information:
show securid statistics Display
The show securid statistics display includes the following information:
secrets Shows all the ACE/Servers with which a VPN 5000 concentrator has
exchanged secrets. The first time a concentrator contacts an ACE/Server,
they exchange a secret based in part on the concentrators IP address.
statistics Displays basic statistics for messages received by a VPN 5000 concentrator
which were sent by an ACE/Server. More detailed usage statistics are
available through the ACE/Server.
Server Address Shows the server address for all the servers that the VPN 5000 concentrator
has exchanged secrets with and has stored in memory.
Source Address IP address of the interface on the VPN 5000 concentrator that the packets
destined for the ACE/Server are going out.
Total Packets In Total number of packets from the ACE/Server which were received by the
VPN 5000 concentrator.
Bad Packets In Number of error packets received from the ACE/Server by the
VPN 5000 concentrator. If this is a large number, then it may indicate a
security problem on the network (packet "spoofing").
Packets Out Total number of packets sent from a VPN 5000 concentrator to the
ACE/Server.
Access Granted Number of user logins which were successfully completed.
Access Denied Number of user logins which were denied.
Next Code Required Number of times the ACE/Server asked a user for the next token code
number.
New PIN Required Number of times the ACE/Server asked a user for a new PIN.
Server Timeouts Number of packets that did not get a response from the ACE/Server.

12-53
OL-1288-01
show securid
Examples
show securid secrets Example
The following example displays are for the show securid secrets command:
vpn_5000: Main# show securid secrets
SecurID node secrets are stored for the following:
Server Address Source Address
192.168.10.102 192.168.10.65
show securid statistics Example
The following example displays are for the show securid statistics command:
vpn_5000: Main# show securid statistics
SecurID Statistics
Total Packets In 0
Bad Packets In 0
Packets Out 0
Access Granted 0
Access Denied 0
Next Code Required 0
New PIN Required 0
Server Timeouts 0
Related Commands
Sections
SecurID Configures the concentrator for communication with a SecurID server
for user authentication
Commands
reset securid secret Resets SecurID secret

12-54
OL-1288-01
show statistics
show statistics
All of the show statistics commands in this section (except for show statistics tcp) are alternative ways
to obtain statistics information for each of the options.
show statistics {l2tp | ike | ethernet | memory | ip | tcp | ppp | radius | vpn | frelay
[wan slot:0[subinterface]] [DLCI]}
Syntax Description
Related Commands
l2tp Displays L2TP statistics including payload packet and control packet
counts. See show l2tp for a detailed description.
ike Displays ISAKMP negotiation statistics.
ethernet Displays Ethernet statistics including packet counts and a tally of errors
encountered. See show ethernet for a detailed description.
memory Displays unallocated system memory and packet buffer usage statistics. See
show os for a detailed description.
ip Displays IP, UDP, and ICMP statistics. See show ip for a detailed
description.
tcp Displays TCP statistics. These statistics are not shown by any other
command.
ppp Displays WAN PPP statistics. See show ppp for a detailed description.
radius Displays statistics for RADIUS authentication and accounting. See show
radius for a detailed description.
vpn Displays information about active VPN tunnel connections. See show vpn
for a detailed description.
frelay [wan
slot:0[subinterface]]
[DLCI]
Displays Frame Relay statistics. See show frelay for a detailed description.
Command Description
reset statistics Resets statistics
show ethernet Shows Ethernet information
show frelay Shows Frame Relay configuration and statistics
show ip Shows IP configuration and statistics
show os Shows operating system information
show radius Shows RADIUS configuration and statistics
show system Shows general system information
show vpn Shows VPN configuration and statistics

12-55
OL-1288-01
show system
show system
The show system commands display system-related parameters, status, and statistics. Much of the
information displayed by these commands is also displayed by the show version command.
show system {hardware | info | uptime |
ethernet {addresses | statistics} |
log {config | buffer [delta] [lines]}}
Syntax Description
Related Commands
hardware Displays the hardware configuration of the system.
info Displays administrative information about the system. This is informational
data that will be returned to automated network queries from SNMP (see the
SNMP section for more information).
uptime Displays the length of time the router has been running.
ethernet {addresses |
statistics}
addressesDisplays the Ethernet (MAC) addresses of all Ethernet
interfaces in the system.
statisticsDisplays current statistics for each Ethernet interface. The
displayed counters include transmit and receive packets, receive
interrupts and error conditions.
log {config | buffer
[delta] [lines]}
configDisplays the runtime and edited log configuration.
Configuration information includes the system-wide log level and output
options for the log messages. Log messages can be sent to the AUX port
(system console) or to a remote syslog daemon. All messages with a
higher priority than the log level will be stored in an internal log buffer.
bufferDisplays the contents of the internal log buffer.
lineLimits the display to the most recent log messages up to the
specified number of lines.
deltaThe display normally timestamps the messages with the
time in seconds since boot or with the actual time if the system time
server has been set (see the Time Server section). delta displays the
messages in a delta format where the interval between log messages
is shown.
Sections
Time Server Configures the concentrator for communication with a time server
Commands
show version Shows general device information

12-56
OL-1288-01
show version
show version
The show version command combines the output of many show system commands and displays it along
with additional information.
show version [verbose]
Syntax Description
Usage Guidelines
The following information is displayed for show version:
The following additional information is displayed for the verbose option:
verbose Displays additional information about the concentrator, including system
administration information and log configuration information.
Software Version Software version number.
SW Build Date Date of the software build.
Hardware Revision Hardware revision number of the card in slot 0. To view the revision of
other cards, use the interface command first.
BootBlock Version Revision of the firmware of the card in slot 0. To view the version of other
cards, use the interface command first.
Memory Amount of:
Flash memory for software and configurations
Flash memory set aside for configuration files
SDRAM
Last Configuration Date Date you last saved the configuration.
Configuration File n/a
Configuration Status of the configuration running (saved or modified), and whether the
configuration was modified, but not yet saved.
Ethernet MAC address of each Ethernet card.
Up Time Time since the last reboot.
Terminal settings Settings from the see the Command Line section.
Time Servers Protocol and IP addresses of time servers. See the Time Server
section.
System Time Current time obtained from a time server or set using the sys
clock command. If no time is set, the time is the amount elapsed
since startup.

12-57
OL-1288-01
show version
Example
The typical output of the show version verbose command:
vpn_5000: Main# show version verbose
vpn_5000 - System Status
Software Version: VPN 5002/8 Concentrator V6.0.19.0009 (dalecki) US
SW Build Date: 9/25/01 13:23
Hardware Revision: 4
BootBlock Version: V2.13
Memory: 4096K Flash ROM, 128K CFG Flash, 262144K RAM
Last Configuration Date: none
Configuration File: none
Configuration: Running saved config, buffer unmodified
Ethernet 0:00 Address: 00:04:c1:3f:08:b0
Ethernet 1:00 Address: 00:04:c1:3f:08:50
Up Time: 10 days 23 hours 43 minutes 2 secs
Terminal settings: 80x24, Erase <BS>, Non-Enhanced Parser, More Off
Time Servers: TIMED [192.168.0.3] [0.0.0.0] (0 adj)
System Time: 10/15/01 15:43:47
Device Name: vpn_5000
Runtime Configured
Logging On Off
Level Debug (7) Emergency (0)
AuxPort On Off
Syslog Off Off
Ports
Ether 0 1 0 1
WAN None None
Compile flags: VROUTE USONLY
vpn_5000: Main#
Device Name Device name set in the General section.
Logging: Runtime
1
and
Configured
Shows the runtime and configuration parameters to enable
logging.
Level: Runtime
1
and Configured Shows the runtime and configuration parameters for the logging
level.
AuxPort: Runtime
1
and
Configured
Shows the runtime and configuration parameters for sending
logging messages to the console.
Syslog: Runtime
1
and Configured Shows the runtime and configuration parameters for sending
logging messages to a syslog facility.
Ports: Runtime
1
and Configured Shows the runtime and configuration parameters for ports on
which logging is disabled.
Compile flags Shows the compile flags to build the software.
Note If you are running a 3DES version, the Compile Flags
field shows:
USONLY
1. See the set system log command to set runtime logging parameters.

12-58
OL-1288-01
show version
Related Commands
Sections
Command Line Configures terminal settings that define the way that the command parser
interacts with the user
Commands
show system Shows general system information

12-59
OL-1288-01
show vpn
show vpn
The show vpn commands display information about the configured and runtime VPN parameters.
show vpn {statistics [verbose] |
config [vpn [slot:]number] |
runtime [vpn [slot:]number] |
users [verbose] [orphans] [group=name | user=name] |
partners [verbose] [orphans]}
Syntax Description
Usage Guidelines
show vpn config Display
The show vpn config display includes the following information. For modular models, the display
includes a section for each module slot.
statistics [verbose] Displays VPN statistics.
verboseDisplays additional statistics.
config
[vpn [slot:]number]
Displays the VPN configuration parameters for all interfaces.
vpn [slot:]numberDisplays information about the VPN identifier
specified.
runtime
[vpn [slot:]number]
Displays the VPN parameters that are currently running in the device.
vpn [slot:]number only displays information about the VPN port specified.
users [verbose]
[orphans] [group=name
| user=name]
Displays information about currently active client connections.
verboseDisplays all available information for the connections.
orphansDisplays information about any orphaned connections. An
orphaned connection is one that is taking up system resources, but that
is dead. A connection might be orphaned because of a communications
error or system error.
group=nameDisplays only connections for users assigned to this
VPN group.
user=nameDisplays only connections by the specified user.
partners [verbose]
[orphans]
Displays information about currently active LAN-to-LAN tunnels.
verboseDisplays all available information about the connections.
orphansDisplays information about any orphan connections. An
orphaned connection is one that is taking up system resources, but that
is dead. A connection might be orphaned because of a communications
error or system error.

12-60
OL-1288-01
show vpn
Note Columns other than Iface and Tunnel Partner are only used for interfaces that currently have an
active connection.
show vpn users Display
The show vpn users display includes the following information. For modular models, the display
The verbose mode also includes the following information:
Iface Name of the interface described, such as VPN 1. For LAN-to-LAN tunnels,
this value matches the Tunnel Partner section VPN identifier. For clients,
the concentrator assigns this identifier.
Tunnel Partner or
Client
IP address of the peer.
BindTo Port The port to which the peer is connected.
Auth OnEach packet is digitally signed to prevent false or modified packets
from entering the devices at either end of the tunnel.
OffThe packets are not signed.
Encrypt Shows whether or not the tunnel session is encrypted.
User For a client, shows the user name.
Port Number VPN port number to which the client is connected. You can use this port
number with the reset vpn number command.
User Name of the VPN user.
Group VPN group name.
Client Address IP address of the client computer.
Local Address Tunnel IP address assigned to the user for routing on the destination network.
Connect Time Length of time that the user has been connected.
Auth/Encrypt Shows the authentication protocol, for example, MD5, or SHA and the
encryption protocol, for example, 3DES or DES.
Port UDP port for the connection.
IPX Reserved for future use.
User Auth Method of authentication, for example, shared key or cert.
Start Start time and date of the user session.
Managed Time the connection was last managed by the concentrator.
State State of the connection. For example, rmnt_init means the connection is
being initialize, while rmnt_maintenance means the connection is being
maintained.

12-61
OL-1288-01
show vpn
show vpn partners Display
The show vpn partners display includes the following information. For modular models, the display
The verbose mode also includes the following information:
Port Number VPN port number to which the peer is connected. You can use this port
number with the reset vpn number command. This value matches the Tunnel
Partner section VPN identifier.
Partner Address Tunnel peers IP address.
Partner Port UDP port for the connection.
Default Partner Indicates Yes if the tunnel peer is connected to this concentrators Tunnel
Partner Default section instead of a specific Tunnel Partner section.
Bindto Address IP address used as the local endpoint of the tunnel.
Connect Time Length of time that the partners have been connected.
ISAKMP P1 SA Shows information about the IKE Phase 1 security association (SA).
Auth/Enc/Group Authentication protocol:
MD5
SHA
Off (GRE only)
Encryption protocol:
3DES
DES
None (GRE only)
Diffie-Hellman group:
G1
G2
None (GRE only)
For example, MD5/DES/G1.
Lifetime For standard IPSec tunnels only, the number of seconds until the
IKE SA rekeys followed by the total number of seconds between rekeys.
For example, 340/40000 secs.
Start Start time and date of the session. If you did not set the time on the
device, the time shown is the number of seconds since the device
booted.
Managed Time the connection was last managed by the concentrator.
State State of the connection. For example, rmnt_init means the connection is
being initialized, while rmnt_maintenance means the connection is
being maintained.

12-62
OL-1288-01
show vpn
Tunnels Shows information about each IKE Phase 2 (IPSec) SA in the IKE SA.
Standard IPSec tunnels can include multiple SAs, and GREinIPSec
tunnels always includes two SAs: one for the IPSec tunnel, and one for
the GRE tunnel. For GRE tunnels, which do not use IPSec, this section
shows the network interface and the state of the tunnel.
Type The tunnel type:
IPSec
Standard IPSec
GREinIPSec
GRE
Port The internal network interface assigned to this tunnel. You can use this
value with the show os netif command.
State The state of the IPSec SA:
IPSTS_DOWNTunnel down
IPSTS_INITTunnel initializing
IPSTS_P1_SENTIPSec Phase 2 Packet 1 sent
IPSTS_P1_RECVIPSec Phase 2 Packet 1 received
IPSTS_UPTunnel up and ready
IPSTS_RENEGOTRenegotiating Tunnel SAs
IPSTS_OLDTunnel not in use, awaiting destruction
IPSTS_DESTRUCTTunnel Destruction pending
Unknown
ACL The access control list for this IPSec SA. For proprietary IPSec,
GREinIPSec, and GRE tunnels, the ACL is the following value, which
allows all networks to go across the tunnel.
0.0.0.0/0.0.0.0/0->0.0.0.0/0.0.0.0/0 proto 0
For standard IPSec tunnels, the ACL matches one of the rules in the IP
filter set you created for the tunnel. Each SA has one rule.
IPSEC P2 SA Shows information about the IPSec SA.

12-63
OL-1288-01
show vpn
show vpn statistics Display
The show vpn statistics display includes the following information for Users, Partners, and the Total
for both. For modular models, the display includes a section for each module slot.
Auth/Encrypt Authentication protocol:
MD5
SHA
None (GRE only)
Encryption protocol:
3DES
DES
None (GRE only)
User Auth Authentication method:
Shared Key
Cert
Recv SA SPI The security parameter index (SPI) number assigned to the
receiving SA. (The tunnel includes two SAs: one to send traffic, and one
to receive traffic.)
Lifetime Shows the lifetime of the receiving SA. These values are typically
determined by the initiator, but in some circumstances, the concentrator
accepts the lifetimes proposed by the peer.
The first set of values show the number of seconds until a Phase 2 rekey
followed by the total number of seconds between rekeys.
The second set of values show the amount of traffic in KB that can pass
over the tunnel until a rekey, followed by the total amount of traffic
allowed between rekeys.
Send SA SPI The security parameter index (SPI) number assigned to the sending SA.
(The tunnel includes two SAs: one to send traffic, and one to receive
traffic.)
Lifetime Shows the lifetime of the sending SA. See the Recv SA SPI Lifetime
description.
Current Active Current active connections.
In Negot Currently negotiating connections.
High Water Highest number of concurrent active connections since the last reboot.
Running Total Total number of successful connections since the last reboot.
Tunnel Starts Number of tunnel starts.
Tunnel OK Number of tunnels for which there were no errors.
Tunnel Error Number of tunnels with errors.

12-64
OL-1288-01
show vpn
For verbose mode, the display includes ISAKMP negotiation statistics, and the following active
connection statistics:
Examples
show vpn users Example
The following example displays are for the show vpn users command:
vpn_5000: Main# show vpn users
I/F User Group Client Local Connect
Address Address Time
----------------------------------------------------------------------------
61 marin bikes 10.16.0.3 10.16.224.1 00:21:23:29
62 dynastar skis 10.38.16.18 10.16.240.2 00:21:22:45
63 tua skis 10.38.16.18 10.16.240.4 00:21:13:12
Wrapped Total number of packets encapsulated. For the VPN 5000 concentrator, this
is Number of packets sent to the client computer. For LAN-to-LAN VPN,
this is Number of packets sent to the tunnel partner.
Unwrapped Total number of packets de-encapsulated. For the VPN 5000 concentrator,
this is Number of packets received by the VPN 5000 concentrator from the
client computer. For LAN-to-LAN VPN, this is Number of packets received
by the local device from the tunnel partner.
BadEncap Number of packets found with bad encapsulation. This error is very unusual
and probably indicates a version mismatch or perhaps deliberate misuse.
BadAuth Number of packets where authentication failed. This usually indicates that
the shared authentication secret is incorrect on one end of the tunnel.
BadEncrypt Number of packets where encryption failed. This usually indicates that the
shared encryption secret is incorrect on one end of the tunnel.
rx IP Number of IP packets received.
rx IPX Reserved for future use.
rx Apple Reserved for future use.
rx Other Number of other packets received.
rx Err Number of packets with errors received. This error is very unusual and
probably indicates a version mismatch or perhaps deliberate misuse.
tx IP Number of IP packets transmitted.
tx IPX Reserved for future use.
tx Apple Reserved for future use.
tx Other Number of other packets transmitted.
tx Err Number of packets which could not be transmitted as IPSec packets. This
error is very unusual and probably indicates a bad VPN configuration or
possibly a problem with the device software.
IKE rekey Reserved for future use.

12-65
OL-1288-01
show vpn
64 mercian bikes 10.38.16.18 10.16.224.3 00:17:25:29
IOP slot 1:
----------------------------------------------------------------------------
61 dynastar skis 10.38.16.18 10.16.240.1 00:21:22:45
62 tua skis 10.38.16.18 10.16.240.3 00:21:13:13
63 mercian bikes 10.38.16.18 10.16.224.2 00:17:25:30
64 mercian bikes 10.38.16.18 10.16.224.4 00:17:25:29
vpn_5000: Main# show vpn users verbose group = bikes
----------------------------------------------------------------------------
61 marin bikes 10.16.0.3 10.16.224.1 00:21:20:51
Auth/Encrypt:SHAe/DES Port:32769 Ipx:0 User Auth: Shared Key
Start:5/16/2000-13:38:44 Managed:5/17/2000-10:58:44 State:imnt_maintenance
64 mercian bikes 10.38.16.18 10.16.224.3 00:17:22:51
IOP slot 1:
----------------------------------------------------------------------------
63 mercian bikes 10.38.16.18 10.16.224.2 00:17:22:52
64 mercian bikes 10.38.16.18 10.16.224.4 00:17:22:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
show vpn partners verbose Example
The following example displays are for the show vpn partners verbose command:
vpn_5000: Main# show vpn partners verbose
Port Partner Partner Default Bindto Connect
Number Address Port Partner Address Time
--------------------------------------------------------------------------
VPN 0:101 10.7.39.1 0 No 10.7.50.1 00:00:05:03
ISAKMP P1 SA Auth/Enc/Group:Off/None/None Lifetime: (n/a)
Start:6/20/2001-16:01:08 Managed:8/21/1945-6:15:58 State:
Tunnels:
Type:GRE Port:VPN0 State:IPSTS_UP
ACL:0.0.0.0/0.0.0.0/0->0.0.0.0/0.0.0.0/0 proto 0
IPSec P2 SAs Auth/Encrypt:None/None User Auth:Shared Key
Recv SA SPI:0x0
Send SA SPI:0x0
VPN 0:200 10.7.50.1 500 No 10.7.39.1 00:00:05:46

12-66
OL-1288-01
show vpn
ISAKMP P1 SA Auth/Enc/Group:SHA/DES/G2 Lifetime: (n/a)
Tunnels:
Type:IPSec Port:VPN0 State:IPSTS_UP
ACL:0.0.0.0/0.0.0.0/0->0.0.0.0/0.0.0.0/0 proto 0
IPSec P2 SAs Auth/Encrypt:SHAe/3DES User Auth:Shared Key
Recv SA SPI:0x102 Lifetime: (1033/1380 sec) (1/4096 KB)
Send SA SPI:0x102 Lifetime: (1033/1380 sec) (0/4096 KB)
VPN 0:99 10.7.11.11 500 No 10.7.39.1 00:00:02:11
ISAKMP P1 SA Auth/Enc/Group:SHA/3DES/G2 Lifetime: (n/a)
Tunnels:
Type:GREinIPSec Port:VPN1 State:IPSTS_UP
ACL:10.7.39.1/255.255.255.255/0->10.7.11.11/255.255.255.255/0 proto 47
Send SA SPI:0x12A30C34 Lifetime: (86277/86400 sec) (0/4608000 KB)
Type:GREinIPSec Port:VPN1 State:IPSTS_UP
ACL:10.7.39.1/255.255.255.255/0->10.7.11.11/255.255.255.255/0 proto 47
Send SA SPI:0xA3F0522 Lifetime: (86267/86400 sec) (0/4608000 KB)
VPN 0:200 10.7.39.1 500 No 10.7.50.1 00:00:05:00
ISAKMP P1 SA Auth/Enc/Group:SHA/DES/G2 Lifetime: (n/a)
Tunnels:
Type:IPSec Port:VPN1 State:IPSTS_UP
ACL:0.0.0.0/0.0.0.0/0->0.0.0.0/0.0.0.0/0 proto 0
Send SA SPI:0x102 Lifetime: (1079/1380 sec) (0/4096 KB)
VPN 0:666 10.7.43.3 500 No 10.7.42.3 00:00:00:06
ISAKMP P1 SA Auth/Enc/Group:MD5/DES/G1 Lifetime: (183/200 secs)
Start:48 seconds Managed:37 seconds State:imnt_maintenance
Tunnels:
Type:Standard IPSec Port:VPN0 State:IPSTS_UP
ACL:11.7.0.0/255.255.0.0/0->11.7.43.0/255.255.255.0/0 proto 0
IPSec P2 SAs Auth/Encrypt:MD5e/DES User Auth:Shared Key
Send SA SPI:0x1CC70E73 Lifetime: (192/200 sec) (1/536870912 KB)
show vpn statistics Example
The following example displays are for the show vpn statistics command:
vpn_5000: Main# show vpn statistics
Current In High Running Script Script Script
Active Negot Water Total Starts OK Error
--------------------------------------------------------------
Users 4 0 4 4 4 0 0
Partners 2 0 2 6 6 4 0
Total 6 0 6 10 10 4 0
IOP slot 1:

12-67
OL-1288-01
show vpn
--------------------------------------------------------------
Users 4 0 4 4 4 0 0
Partners 2 0 2 6 6 4 0
Total 6 0 6 10 10 4 0
vpn_5000: Main# show vpn statistics verbose
--------------------------------------------------------------
Users 0 0 0 0 0 0 0
Partners 2 0 2 2 2 0 0
Total 2 0 2 2 2 0 0
Stats VPN1:0 VPN1:1
Wrapped 0 0
Unwrapped 1392 1392
BadEncap 0 0
BadAuth 0 0
BadEncrypt 0 0
rx IP 1392 1392
rx IPX 0 0
rx Other 0 0
tx IP 0 0
tx IPX 0 0
tx Other 0 0
IKE rekey 0 0
Input VPN pkts dropped due to no SA: 2
Input VPN pkts dropped due to no free queue entries: 0
ISAKMP Negotiation stats
Admin packets in 2794
Fastswitch packets in 2018
No cookie found 0
Can't insert cookie 0
Inserted cookie 4
Forwarded to RP 0
Forwarded to IOP 0
Bad UDP checksum 0
Not fastswitched 0
Bad negotiation packet 0
show vpn runtime Example
The following is the output from a show vpn runtime command:
vpn_5000: Main# show vpn runtime
Iface Tunnel BindTo Auth Encrypt User
Partner Port
VPN0 192.168.22.33 Ether0 On None Harold
VPN1 10.123.234.98 Ether0 On Fixed Maude
VPN2 Waiting for Client Connection

12-68
OL-1288-01
show vpn
show vpn config Example
The following is the output from the show vpn config command:
vpn_5000: Main# show vpn config
Iface Client

VPN0 192.168.22.33
VPN1 10.123.234.98
Related Commands
Section Description
VPN Group Configures the VPN group parameters
VPN Users Creates a user list for VPN authentication

12-69
OL-1288-01
show wan
show wan
Shows information about WAN connections.
show wan {config | state |
mode [Status] |
ds3 {config | statistics} |
hssi {config | statistics}}
Syntax Description
Usage Guidelines
show wan state Display
The show wan state display includes the following information. The first block of statistics displays the
current state of each interface by protocol. Except for Connect, each protocol will have a value of Up,
Down, Nego (for negotiating), or "-" for not applicable.
config Displays all of the relevant information about how the WAN interfaces have
been configured. The output is split into a number of sections, each of which
can be displayed with other show wan commands.
state Displays the status of each WAN interface and its connection statistics.
mode [status] Displays the present operating mode for each of the WAN interfaces.
Presently, the modes supported are Frame Relay, PPP, and Off. If the optional
status parameter is used, then the runtime status of the interfaces will be
displayed.
ds3 {config | statistics} configDisplays all of the relevant information about how the
WAN interfaces have been configured.
statisticsDisplays runtime statistics related to the device's internal
CSU and the DS3 line.
hssi {config | statistics} configDisplays all of the relevant information about how the
WAN interfaces have been configured.
statisticsDisplays tallies from the HSSI interface for various types of
conditions and exceptions.

12-70
OL-1288-01
show wan
The second set of statistics displays the connection information about each interface. The values are
explained in the show wan connect statistics.
show wan ds3 statistics Display
The show wan ds3 statistics display includes the following information:
Connect The Connect state is the status of the physical level connection. Values include:
Cnnt indicating that the interface is connected and is able to communicate with
the equipment attached to it, Check when the device is checking the interface to
see if it can communicate with the attached device, UCnnt when the interface is
in User Connect mode, Idle when the link is available but is not being used, CIn
when there is an incoming connection in progress, COut when there is an
outgoing connection in progress, Drop when the connection is in the process of
being dropped, and Off if the interface is disabled.
FRmaint Status of the Frame Relay maintenance protocol for each interface.
PPP Status of PPP for each interface.
IP Status of the IP protocol for each interface.
Statistic Type Interface for which statistics are being displayed.
Packets In Number of packets received by this interface since powerup or since the statistics
were reset using the reset wan ds3 stats command (see reset statistics).
Packets Out Number of packets sent by this interface since powerup or since the statistics
were reset using the reset wan ds3 stats command (see reset statistics).
Tx discards Number of outgoing packets discarded due to an error.
heldoff Number of packets held off due to a busy interface.
Code Violations The count of D3RC cycles for which CV is high.
Pulse Density Lo Number of Loss of Signal interrupts received from the framer.
CRC errors Number of packets received with CRC Frame Check Errors.
RX Overflows Number of times the receive buffer overflowed. This is an indication of very
heavy receive traffic.
Frame len errors Number of times a frame over the maximum frame length was received.
RX Aborts Number of abort events logged by the serial chip. An abort is defined as more
than seven 1s in a row in the datastream.
TX underflow Number of times the transmitter was in the middle of a transmission and the
Tx FIFO did not have data to send out.
TX len errors Number of times transmission of a packet greater than the maximum allowed size
was attempted.
TX Aborts sent Number of abort events sent by the interface. An abort is defined as more than
seven 1s in a row in the datastream.
RX Busy Number of times no Buf was available for a received packet.
RX FIFO full Number of packets received which were bigger than the Framers Rx FIFO.
TX FIFO full Number of packets received which were bigger than the Framers Tx FIFO.
DS3 EF SA Number of Equipment Failure, Service Affecting messages received from the
remote device.

12-71
OL-1288-01
show wan
show wan hssi statistics Display
The show wan hssi statistics display includes the following information:

DS3 LOS Number of Loss of Signal messages received from the remote device.
DS3 OOF Number of Out Of Frame Detected messages received from the remote device.
DS3 AIS Rcvd Number of yellow alarm messages received from the remote device. A yellow
alarm indicates that there is a remote loss of signal and informs the local user that
the locally generated transmission is not being received at the destination.
DS3EF NSA Number of Equipment Failure, Non Service Affecting messages received from
the remote device.
DS3 CEF Number of Common Equipment Failure messages received from the remote
device.
DS3 LOOPA This is Number of times Loopback Activate requests have been received from the
remote device.
DS3 LOOPD Number of Loopback De-activate requests have been received from the remote
device.
DS3 Line Loop Number of times the remote end has gone into loopback.
DS3 Norm Op Number of times the remote end has returned to normal operation after being in
loopback.
Spurious Int Number of times the serial processor detected a spurious interrupt. Nothing is in
the interrupt register.
Statistic Type The interface for which statistics are being displayed.
Packets In Number of packets received by this interface since powerup or since the statistics
were reset using the reset wan hssi stats command (see reset statistics).
Packets Out Number of packets sent by this interface since powerup or since the statistics
were reset using the reset wan hssi stats command (see reset statistics).
Tx discards Number of outgoing packets discarded due to an error.
Tx Heldoff Number of packets held off due to a busy interface.
Rx discards Number of incoming packets discarded due to an error.
PCI Bus Error Number of times a PCI Bus error has occurred on this interface.
Transmit Error Number of packets that were not sent due to a transmit error.
Tx Too Long Number of transmit packets discarded due to a length error.
Deferred Indicates Number of times the 21140 processor had to defer a transmit because
the carrier was asserted.
Receive Error Number of packets where an error was detected in the packet header.
RX Overflow Number of times the receive buffer overflowed. This is an indication of very
heavy receive traffic.
Length Error Number of packets received that had an invalid length.
Desc Len Error Number of length errors detected in the 21140 processors buffer descriptors.
Illegal Length Number of packets received that had an invalid length (either too long or too
short).
CRC Error Number of packets that contained CRC (Cyclical Redundancy Check) errors on
packets received.

12-72
OL-1288-01
show wan
Examples
show wan config Example
The following example display is for the show wan config command:
vpn_5000: Main# show wan config
WAN modes:
Port Mode
WAN0 Frame Relay
WAN1 Frame Relay
WAN2 PPP
WAN3 PPP
Connect Info:
Port Mode Dial ConnectOut Callback Flags
Delay Retry Inactivity Chat
WAN 0 Dedctd - - - rt=8000<Out>
0 0 n/a 0
0 0 n/a 0
WAN 2 Dedctd - - - rt=28000<Out,DIOK>
0 0 n/a 0
WAN 3 Dedctd - - - rt=28000<Out,DIOK>
0 0 n/a 0
Serial Info:
Port Type TX Clk Baud Rate Fcntl Flags
WAN 0 Sync Ext n/a n/a =0<>
WAN 1 Sync Ext n/a n/a =0<>
WAN 2 Async n/a 115200 HW =1<DIOK>
AUX 0 Async n/a 9600 None =0<>
PPP Lcp Info:
WAN 0 Off
WAN 1 Off
WAN 2:
Want=1a4<ACCM,MAGIC,PFC,ACFC>
ACCM Mask=0<>
WAN 3:
Want=1a4<ACCM,MAGIC,PFC,ACFC>
ACCM Mask=0<>
PPP Data Compression:
Port Compression
WAN 0 Off
WAN 1 Off
WAN 2 Off
WAN 3 Predictor1
Frame Relay Maintenance Info:

12-73
OL-1288-01
show wan
Port Maint Poll MTU
WAN0 annexD 5 1500
WAN1 LMI 10 1500
WAN2 Off
WAN3 Off
Frame Relay DLCI Info:
Port WAN 0 DLCI Configuration
DLCI IP AppleTalk IPX
20 IARP IARP IARP
DLCI IP AppleTalk IPX
16 200.30.9.1 IARP IARP
Off
Off
show wan connect config Example
The following example display is for the show wan connect config command:
vpn_5000: Main# show wan connect config
Port Mode Dial ConnectOut Callback Flags
Delay Retry Inactivity Chat
WAN 0 Always V25bs coop - rt=48002<DCD,Out,DOOK>
2 5 n/a 30
15 5 n/a 30
WAN 2 Dialup AT - - rt=20000<DIOK>
15 5 10 30
WAN 3 Always AT netcom - rt=48002<DCD,Out,DOOK>
15 5 n/a 60
show wan connect statistics Example
The following example display is for the show wan connect statistics command:
vpn_5000: Main# show wan connect statistics
Stats Wan0 Wan1 Wan2 Wan3
inact 0:00 0:00 0:00 0:00
cur cnnt 0:00:00:02 0:00:00:08 0:00:00:03 0:00:00:05
avg cnnt 0:00:00:17 0:00:00:32 0:00:00:39 0:00:00:39
tot cnnt 0:01:08:28 0:01:08:27 0:01:12:05 0:01:12:05
dial try 229 125 109 109
dial out 229 125 109 109
dial in 0 0 0 0

12-74
OL-1288-01
show wan
show wan serial config Example
The following example display is for the show wan serial config command:
vpn_5000: Main# show wan serial config
Port Type TX Clk Baud Rate Fcntl Flags
WAN 0 Sync Ext n/a n/a =2<DOOK>
WAN 1 Sync Int 1544000 n/a =8<IntTxClk>
WAN 3 Async n/a 57600 HW =2<DOOK>
AUX 0 Async n/a 9600 None =0<>
show wan serial statistics Example
The following example display is for the show wan serial statistics command:
vpn_5000: Main# show wan serial statistics
in pkts 3446870 0 2050 55920
out pkts 3849662 21701 2881 2910
tot disc 0 0 5095 0
crc 0 0 5095 0
overruns 0 0 0 0
framing 0 0 0 0
oversize 0 0 0 0
abort 0 0 9 0
break 0 0 0 0
PPP flag 0 0 9701 46306
sw fc in 0 0 0 0
unalign 0 0 0 0
fr2long 0 0 0 0
rx_busy 0 0 0 0
tx_gltch 0 0 0 0
rx_gltch 0 0 0 0
underrun 0 0 0 0
cts_lost 0 0 0 0
cd_lost 0 0 0 0
sp_int 0 0 0 0
nullptr 0 0 0 0
noIbuf 0 0 0 0
unknown 0 0 0 0
show wan mode Example
The following example display is for the show wan mode command:
vpn_5000: Main# show wan mode
Port Mode
WAN0 Frame Relay
WAN1 Frame Relay
WAN2 PPP
WAN3 PPP

12-75
OL-1288-01
show wan
show wan state Example
The following example display is for the show wan state command:
vpn_5000: Main# show wan state
State Wan0 Wan1 Wan2 Wan3
Connect Cnnt Cnnt Cnnt Cnnt
FRmaint Up Up - -
PPP - - Nego Up
IP - - Down Up
IPX - - Down Up
Atalk - - Down Up
DECnet - - Down Down
inact 0:11 0:11 0:11 0:11
cur cnnt 0:00:00:16 0:00:00:10 0:00:00:33 0:00:00:35
avg cnnt 0:00:00:18 0:00:00:32 0:00:00:39 0:00:00:39
tot cnnt 0:01:06:18 0:01:06:17 0:01:09:55 0:01:09:55
dial try 221 121 105 105
dial out 221 121 105 105
dial in 0 0 0 0
show wan ds3 config Example
The following example display is for the show ds3 config command:
vpn_5000: Main# show wan d33 config
DS3 0
Line State Up
DATA Invert Off
DS3 Subrate 44.210 Mbs
CRC Length 32 bit
Clocking Internal
Line Build Out Short
show wan ds3 statistics Example
The following example display is for the show ds3 statistics command:
vpn_5000: Main# show wan ds3 statistics
Statistic Type DS3 0
Packets In 308315
Packets Out 309232
Tx discards 0
heldoff 0
Code Violations 0
Pulse Density Lo 0
CRC errors 0
RX Overflows 0
Frame len errors 0
RX Aborts 0
TX underflow 0
TX len errors 0
TX Aborts sent 0
RX Busy 0

12-76
OL-1288-01
show wan
RX FIFO full 0
TX FIFO full 0
DS3 EF SA 0
DS3 LOS 0
DS3 OOF 0
DS3 AIS Rcvd 0
DS3 IDLE Rcvd 0
DS3 EF NSA 0
DS3 CEF 0
DS3 LOOPA 0
DS3 LOOPD 0
DS3 Line Loop 0
DS3 Norm Op 0
Spurious Int 0
show wan hssi config Example
The following example display is for the show hssi config command:
vpn_5000: Main# show wan hssi config
HSSI 0
Local loop Off
CSU/DSU loop Off
CRC Length 32 bit
Clocking External
CA (CSU ready) On
Clock Present Yes
show wan hssi statistics Example
The following example display is for the show hssi statistics command:
vpn_5000: Main# show wan hssi statistics
Statistic Type HSSI 0
Packets In 25622
Packets Out 21531
Tx discards 0
Tx Heldoff 0
Rx discards 0
PCI Bus Error 0
Transmit Error 0
Tx Too Long 0
Deferred 0
Receive Error 0
Rx Overflow 0
Length Error 0
Desc Len Err 0
Illegal Length 0
CRC Error 0

12-77
OL-1288-01
show wan
Related Commands
Sections
DS3 Interface Configures DS3 parameters for an interface
Frame Relay Configures Frame Relay parameters for an interface
HSSI Interface Configures HSSI parameters for an interface
PPP Configures PPP parameters for an interface
Commands
reset statistics Resets statistics

12-78
OL-1288-01
show wan

Showcmnd

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Showcmnd

Uploaded by

Copyright:

Available Formats

C H A P T E R

You might also like