show blocks
The show blocks command and the show cpu usage command are useful in determining whether the PIX is being overloaded. The blocks are internal storage locations, similar to queues on a router; a packet is stored in a block until the PIX can process it and place it on the outbound interface xmit queue. Example 3-11 shows the show blocks output.
Example 3-11. show blocks Command Output
PIX# show block |
In the show blocks command output, SIZE is the block size, MAX is the total number of block available, LOW is the lowest number of blocks available on PIX since the last reboot, and the CNT is the current number of blocks available for specific task. Both LOW and CNT for any block size hit to zero indicate a low memory condition, which requires further investigation. To determine which features are responsible for memory block utilization, refer to Table 3-5, which summarizes the different memory blocks and the purpose of different sizes of blocks.
| Used For | Created at boot up time | MAX | |
|---|---|---|---|
| 4 | Duplicating existing blocks in DNS, isakmp, url-filtering, uauth, h323, tftp, and TCP modules | 1600 | 1600 |
| 80 | Used in TCP Intercept to generate an ACK packet, failover hello messages. | 400 | 400 |
| 256 | Stateful Failover, Syslog, TCP module | 8192 | 500 |
| 1550 | Ethernet Packets, buffering url filtered packets. | 8192 | 400 |
| 1552 | QoS Metrics | 4096 | 0 |
| 2560 | IKE Messages | 8192 | 0 |
| 4096 | QoS Metrics | 200 | 0 |
| 8192 | QoS Metrics | 150 | 0 |
| 16384 | Only used for the Livengood (i82543) Gig Ethernet cards | 9216 | 0 |
| 65536 | QoS Metrics | 16 | 0 |
show output filters
Sometimes, it is very important to view the show command output to specific lines for specific information. You can do this with the Output filter option. The syntax is as follows:
show command | begin | include | exclude | grep [-v]
Following is a list of definitions for the arguments of this command:
-
begin Start displaying the output beginning at the First Match of the RegEx, and continue to display the remaining output.
-
include Display any line that matches the RegEx.
-
exclude Display any line that does not match the RegEx.
-
grep This is the same as include.
-
grep v This is the same as exclude.
For example, to display the interface stats starting with ethernet1, execute the following command:
PIX# show interface | begin ethernet1
To display only the route statements from the running-config, execute the following command:
PIX# show running-config | include route
To display the whole configuration except for the access-lists, you can execute the following command:
PIX# show running-config | exclude access-list
Displaying the access-list entries that contain address 10.1.1.50 can be achieved with the following command:
PIX# show access-list | grep 10.1.1.50
To display only access-list entries that have non-zero hit counts, execute the following command:
PIX# show access-list | grep v hitcnt=0
show tech-support
show tech-support collects output of a list of show commands. The command for show tech-support is as follows:
show tech-support [no-config | detail | tftp:]
Example 3-12 summarizes how to use the show tech-support command.
Example 3-12. How to Use the show tech-support Command
! Following command will collect all the information including the running-config for |