Tutoriale

CLI Troubleshooting commands

Cele mai folosite comenzi in troubleshooting pe care le folosesc :

Ping / Traceroute / DNS

 ping host 8.8.8.8
 traceroute host 8.8.8.8
 ping host www.google.com

Routing / NAT / Policy Troubleshooting

show routing route // arata tabela de routare
show routing fib virtual-router| match x.x.x.x // sortam dupa o destinatie specifica
show running nat-policy // Politicile de NAT
test nat-policy-match // testeaza politica de nat pentru un traffic flow.
show running ippool // arata utilizarea pool-ului de NAT 
show running global-ippool //arata utilizarea pool-ului de NAT 
test routing fib-lookup virtual-router default ip 
test security-policy-match from inside to pa-trust-server source 10.0.0.3 destination 8.8.8.8 protocol 6 application ssl destination-port 443

IPSEC/VPN

 
show vpn flow // arata counter-ele de IPSEC
show vpn gateway // lista gateway-urilor si configuratia lor
show vpn ike-sa //  arata faza 1 SA
show vpn ipsec-sa // arata faza 2 SA
show vpn tunnel // listeaza tunelele autokey (large scale VPN`s)

Display the logs


less mp-log wildfire-upload.log
tail follow yes mp-log dhcpd.log
tail follow yes mp-log routed.log

HA  (show and request commands)

show high-availability all
show high-availability state
show high-availability link-monitoring
show high-availability path-monitoring
show high-availability control-link statistics
show high-availability state-synchronization

request high-availability state suspend  
request high-availability state functional
request high-availability state peer suspend
request high-availability state peer functional

Copiere fisiere


scp export log system to <username@host:path_to_destination_filename>
scp import software from <username@host:path>
tftp export configuration from running-config.xml to <tftp-host>
tftp import url-block-page from <tftp-host>

Analiza detailata (TAC stuff)


show counter global filter packet-filter yes delta yes

User-ID Troubleshooting


show user group-mapping state all
show user user-IDs match-user <value>
show user group name "AD\name-of-the-group"
show user ip-user-mapping all
show user ip-user-mapping all | match <username>

Session troubleshooting


show session all filter application dns destination 8.8.8.8
show session all filter from trust to untrust application ssl state active
show session info
show session id <id>

 

 

 

 

 

 

 

 

Lasă un răspuns

Adresa ta de email nu va fi publicată. Câmpurile obligatorii sunt marcate cu *