Command:

show ip inspect

Mode:

Router>


Syntax:

show ip inspect { name inspection-name | config | interfaces | session[ detail] | all}


Syntax Description:

 

name

Shows the configured inspection rule with the name inspection-name

config

Shows the complete CBAC inspection configuration

interfaces

Shows interface configuration with respect to applied inspection rules and access lists

session

Shows existing sessions that are currently being tracked and inspected by CBAC. The optional detail keyword causes additional details about these sessions to be shown.

all

Shows all CBAC configuration and all existing sessions that are currently being tracked and inspected by CBAC.

 

Command Description:

This command shows configuration information and statistics about context based access control processes.


Example:

 


Router#
show ip inspect all


 

Session audit trail is disabled

one-minute (sampling period) thresholds are [400:500] connections

max-incomplete sessions thresholds are [400:500]

max-incomplete tcp connections per host is 50. Block-time 0 minute.

tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec

tcp idle-time is 3600 sec -- udp idle-time is 30 sec

dns-timeout is 5 sec

Inspection Rule Configuration

Inspection name all

tcp timeout 3600

udp timeout 30

ftp timeout 3600

Interface Configuration

Interface Ethernet0

Inbound inspection rule is all

tcp timeout 3600

udp timeout 30

ftp timeout 3600

Outgoing inspection rule is not set

Inbound access list is not set

Outgoing access list is not set

Established Sessions

Session 25A6E1C (30.0.0.1:46065)=>(40.0.0.1:21) ftp SIS_OPEN

Session 25A34A0 (40.0.0.1:20)=>(30.0.0.1:46072) ftp-data SIS_OPEN


 


Misconceptions:

 

None


Related commands:

 

None

 

 


© Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education






Converted from CHM to HTML with chm2web Pro 2.85 (unicode)