Ping测试:Firewall# ping [if_name] host [data pattern] [repeat count] [size bytes] [timeout seconds] [validate]
ITPUB个人空间"P*C�P'n
Y�L0FARP缓存检查:
�Y�v�l�~;B�R0show arp
ITPUB个人空间�q0Z3X�y�[�Y/j
}�r2y路由表检查:
�I(u+X(z�A,z�l7Q�v�^0show route
�[�`8@5M�o4E�R&r�[0Traceroute测试:
ITPUB个人空间4g!r�g;T�n�q4f�htraceroute命令前提配置
ITPUB个人空间6Q�m�c�M�n�g&{Firewall(config)# access-list acl_name permit icmp any any eq echo
ITPUB个人空间�R7@�r
T�C�~9J!w�M�['gFirewall(config)# access-list acl_name permit icmp any any eq echo-reply
�m&g6k�c%|6\$n�S0Firewall(config)# access-list acl_name permit icmp any any eq unreachable
ITPUB个人空间�y%l
J-G�B"v�L'DFirewall(config)# access-list acl_name permit icmp any any eq time-exceeded
ITPUB个人空间�W:_$J9t�l2A�~:_�N�ZFirewall(config)# access-list acl_name permit udp any range 32768 65535 any range 33434 33523
�i�s:m:N+s7W�t(E(x�h0Firewall(config)# access-list acl_name permit udp any dns_address eq domain (可选)
ITPUB个人空间0B�?�q�n�n'|+NACL检查:
ITPUB个人空间�t�Z�](O;h�\9u.h8rshow access-group, show access-list
ITPUB个人空间�| H
b
D/F2D�m�F/I�r�SNAT验证:
"[�k
~�L�~"|�O'e8w0Firewall# show xlate [detail] [global | local ip1[-ip2] [netmask mask]] lport | gport port[-port]] [interface if1[,if2][,ifn]] [state static [,dump] [,portmap] [,norandomseq] [,identity]] [debug] [count]
ITPUB个人空间�z�S9n0N�a�q&J�L'S6SFirewall# show xlate [{global | local} ip1[-ip2] [netmask mask]] [{lport | gport} port[-port]] [interface if1[,if2][,ifn]] [state {static | portmap | identity | norandomseq}] [debug] [detail]
�[,G�D�U)U�_0Firewall# show conn [state state_type] [{foreign | local} ip1[-ip2] netmask mask] [long] [{lport | fport} port1[-port2]] [protocol {tcp | udp}]监控特定主机:
9V�M'N�A%I!]/L0Firewall# show local-host [ip_address] [all] [detail]
/e�F2F�L;~�M#R't0Firewall# clear xlate global global_ip [netmask mask] [gport global_port]
ITPUB个人空间�Z,P�k8C�jFirewall# clear xlate local local_ip [netmask mask] [lport local_port]
ITPUB个人空间�r
T2?'s$e4s"v'h�TFirewall# clear xlate
interface if_name_1[,if_name_2]
ITPUB个人空间�L7@�u0[�e�f�OFirewall# clear xlate
ITPUB个人空间0l%V�D&R)x�o4w1@超时参数:
4v�B�p�b)D�l�B0Firewall(config)# timeout xlate hh[:mm[:ss]]
�J�T4e�s'\�X#~0Firewall(config)# timeout conn hh[:mm[:ss]]
ITPUB个人空间5o�S�C.C8P&^.N3vFirewall(config)# half-closed hh[:mm[:ss]]
ITPUB个人空间�_�^)Q
E�M v�K�`Firewall(config)# udp hh[:mm[:ss]]
ITPUB个人空间
k�r(h�O1?!J$x�M,nShun检查:
�u�j�z�]#u�r6g�M0show shun, show shun statistics
ITPUB个人空间�f�g0C3g�|1h4_8I�I�y�q用户认证检查:
.?�q�H�b�~3g�t3r7P�p$K0show uauth show url-server stats
�s$T
r�M�T;K0配置更新检查 启用AAA记录用户命令记录。
