Need sh command help please...

Unanswered Question
Mar 31st, 2010

I have a question that may have an easy answer, I just don’t know it. I am responsible for a network with approximately 107 switches and 11 routers with one other guy. We currently have a ton of extra cabling with no end user. It is causing the switch racks and the server room to be severely cluttered and I am trying to work with the cabling team to clean it up.

I am looking for commands that will allow me to tell if someone if actually connected to the switch. I was using the sh inte | include Ethernet | Last input and the report is not very accurate. Some of the input says 2y20w for example, output of 0 and never any input. I have also generated some reports on Cisco Works and they are not exactly what I am looking for.

I just want a quick and easy way to find out if someone is connected without clearing mac addresses on every port and seeing if they immediately repopulate. Thank you for any information.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kevin Brennan Wed, 03/31/2010 - 02:40

Hi Ian,

Would "show ip interface brief | include down" help you?

That will give you a list of all non connected ports, but then so will the link lights on the device.



ian.traylor Wed, 03/31/2010 - 06:08

Hey Kevin,

Yeah that is helpful for showing the unconnected ports. Prior I had just been doing sh int statu and counting the unconnected ports. The problem is that some ports have connections patched in and no end host. I guess my only option is to clear mac addresses one port at a time and see what gets repopulated.


Kevin Brennan Wed, 03/31/2010 - 06:16

Hi Ian,

I think I'm missing something here!

If the port is patched, but not connected to anything at the other end, clearing the mac address table isn't going to make a difference. When a port goes down, any mac addresses learnt through that port are deleted from the table.



Pronoy Dasgupta Wed, 03/31/2010 - 06:22

I would agree with Kevin here, if the port does not have an end user connected to it, it would show as down and down. Does not matter that the port is patched or not. If there is no device terminated on the other end of the cable, down and down should be the status.



Kevin Brennan Wed, 03/31/2010 - 06:33


Just another thought that might help you.

"test cable-diagnostics tdr "

I'm pretty sure it's hardware dependant and only works for gig ports.

Example from C6k on a port that is patched, but not connected.


6509_CORE_A#sh cable-diagnostics tdr int gi 1/1

TDR test last run on: March 31 13:31:41

Interface  Speed    Local pair  Pair length         Remote pair  Pair status

---------- -------- ----------- ------------------- ------------ ------------

Gi1/1      auto     Pair A      10   +/- 6  meters  Pair A       Terminated

                    Pair B      8    +/- 6  meters  Pair B       Terminated

                    Pair C      8    +/- 6  meters  Pair C       Terminated

                    Pair D      9    +/- 6  meters  Pair D       Terminated


Same switch and port, but with no cable patched...


6509_CORE_A#sh cable-diagnostics tdr int gi 2/44

TDR test last run on: March 31 13:39:11
Interface  Speed    Local pair  Pair length         Remote pair  Pair status
---------- -------- ----------- ------------------- ------------ ------------
Gi2/44     auto     Pair A      0    +/- 6  meters  Invalid      Open
                    Pair B      0    +/- 6  meters  Invalid      Open
                    Pair C      0    +/- 6  meters  Invalid      Open
                    Pair D      0    +/- 6  meters  Invalid      Open



Message was edited by: brennan.k

ian.traylor Wed, 03/31/2010 - 06:39

We have mac address sticky so it holds old mac address information. That is why I was saying I would need to clear the ports and see if another mac populated it. The cable-diagnostics looks cool but it won’t work on my two core switches so I may have to mess with the syntax a bit.

I may be wrong about the mac address thing; I am still learning a lot which is why I came here. I really appreciate the help. Thanks!


Kevin Brennan Wed, 03/31/2010 - 06:44

Hi Ian,

I may be wrong (and I don't have time to lab it at the moment) but I'm pretty sure that port security keeps it's sticky mac addresses separate from the mac address table. I say, I may be wrong about that - I'm sure others will correct if needed!


jedavis Wed, 03/31/2010 - 06:49

Well, to show what is up NOW, "sho int status" is your command.

But you have Ciscoworks, and if you want to see if anything has been attached recently, use the user tracking reports in Campus Manager.  UT periodically polls the switches looking for MAC addresses associated with ports.  If it finds one, it records it in a database.  Then when you run the report you can see if something was connected there yesterday, even if it is a user who is out of the office today.  UT timestamps the database records, so you can see the "Last seen" field in the reports which tells you when the last time UT saw a MAC address on that port.

Of course, the accuracy of these reports is highly dependent on how you have UT discovery configured, i.e. how often you poll the switches.  It is also dependent on the mac address aging time configured on your switches, as everything in UT keys off the MAC address.  If you have a device that rarely puts any data on the wire (UPS's that only throw alerts out, for example) it may not appear in the report, even though the port shows up/up.  In your case I would run a UT report, export it to a spreadsheet, and augment it by going through the switches and doing a "show int status | i connected".


jonathanaxford Wed, 03/31/2010 - 07:00

Hello there,

Not sure how accurate this is, but have certainly used it in the past when desperate to free up some swicthports...

Show interface counters

As far as i know, this displays all of the traffic stats since the last reload of the router, or the last clearing of the interface stats.

Port           OutOctets  OutUcastPkts  OutMcastPkts  OutBcastPkts
Gi4/38         899423283         95315      10847163        508252
Gi4/39       82125726287     150178267      99162952        832591
Gi4/40       18724938392     165589153       5204516        719699
Gi4/41                 0             0             0             0
Gi4/42       61237686081      49105158      21852626      73637908
Gi4/43       55996042775     193789897      20379420       1053813
Gi4/44       95987985050     241338594      22383434      84338983
Gi4/45       76940802315     125709436      22383677      84318079
Gi4/46        1695972838        100704      20379419       1107475
Gi4/47                 0             0             0             0
Gi4/48    13936130792243   34259192480     367744727     288533749
Gi5/1                 64             1             0             0
Gi5/2                  0             0             0             0
Gi6/1                  0             0             0             0
Gi6/2                  0             0             0             0

Anything reading a zero is likley to be unused... This obviously depends on how often you reboot your switches etc.



ian.traylor Wed, 03/31/2010 - 07:10


That is awesome man, I think with a combination of all the advice I got here on the board I should be good to go.


ian.traylor Wed, 03/31/2010 - 07:07


Yeah that looks awesome; I just ran it and see what you are talking about. I have over 1400 entries and the oldest last seen was Monday so I will have to sort through like you talked about and see where discrepancies are. Thanks!


glen.grant Wed, 03/31/2010 - 09:23

If you have any 4500's use "show interface link "  and it will tell you exactly when it was last used . Don't know why they don't use this on all switches..


This Discussion

Related Content