The show command enables the administrator to view
command information. There are several show commands that
display system information. Either show or
? can be used to view the names of the
show commands and their descriptions. In general,
show run plus a command displays a static screen. This
typically shows the way that a parameter is configured. The
show command plus a command displays a dynamically changing
statistics screen. For example, show run interface displays
how the interfaces are configured, a static screen. show
interface displays a dynamic screen with numerous
counters. 
Commonly
Used show Commands
The
show memory command displays a summary of the maximum
physical memory, current used memory, and current free memory available to the
PIX Security Appliance operating system.
The show cpu
usage command displays CPU use.
Use the show
version command to display the PIX Security Appliance software
version, operating time since the last reboot, processor type, Flash memory
type, interface boards, serial number, BIOS identification, and activation key
value
.
The show ip address command is used to view the IP
addresses that are assigned to the network interfaces.
The show
interface command is used to view network interface information.
This is one of the first commands that should be used when trying to establish
connectivity.
Use the show nameif command to view the
named interfaces. In Figure
, the first two
interfaces have the default names inside and outside. The inside interface has
a default security level of 100, and the outside interface has a default
security level of 0. Ethernet2 is assigned a name of dmz with a security level
of 50.
The ping Command
The
ping command determines if the PIX Security Appliance has
connectivity, or if a host is visible to the PIX on the network. By default,
the ping command makes three attempts to reach an IP
address.
If it is necessary to allow internal hosts to be able to ping
external hosts, an ACL for echo reply is necessary. If pings through the PIX
Security Appliance between hosts or routers are not successful, use the
debug icmp trace command to monitor the success of the
ping.
After the PIX Security Appliance is configured and operational, a
ping sent to the inside interface of the PIX from the outside network or from
the outside interfaces of the PIX will not be successful. If the inside
networks can be pinged from the inside interface and the outside networks can
be pinged from the outside interface, the PIX is functioning normally and the
routes are correct.
The syntax for the ping command
is shown in Figure
.
The
show run nat command to display a single host or range of
hosts to be translated. In Figure
, all hosts on
the 10.0.0.0 network will be translated when traversing the PIX Security
Appliance. The nat-id is 1.
The show run
global command displays the global pools of addresses configured in
the PIX Security Appliance. In Figure
there is
currently one pool configured. The pool is configured on the outside interface.
The pool has an IP address range of 192.168.0.20 to 192.168.0.254. The
nat_id is 1.
The show xlate command
displays the contents of the translation slot. In Figure
, the number of
currently used translations is 1 with a maximum count of 1. The current
translation is a local IP address of 10.0.0.11 to a global IP address of
192.168.0.20.