On a large Cisco Catalyst switch stack, almost all switchports are patched. I need to identify the ports, which are not in use, for connecting further devices.
Following switchports, cabling, patch fields and sockets to possible end devices is laborious and even then there could be temporarily used sockets. Looking at the activity of port LEDs is not reliable, since a user device can be shut off.
What's the easiest way to detect all unused switchports via IOS commands?
I frequently use
sh int | i (FastEthernet|0 packets input)
or the same with GigabitEthernet, whatever kind of interfaces I want to check.
sh int (which is show interfaces) gives a huge list of ste status of all interfaces| can be used for filtering, but also in search expressions | i (for include) filters the output which matches the following search expressions(...|...) to match two conditions: the interface name and a status I like to see, we can use regular expressions here, like this "or" expressionThe output can look like:
...
FastEthernet1/0/31 is up, line protocol is up (connected)
95445640 packets input, 18990165053 bytes, 0 no buffer
FastEthernet1/0/32 is up, line protocol is up (connected)
FastEthernet1/0/33 is up, line protocol is up (connected)
FastEthernet1/0/34 is down, line protocol is down (notconnect)
0 packets input, 0 bytes, 0 no buffer
FastEthernet1/0/35 is down, line protocol is down (notconnect)
FastEthernet1/0/36 is up, line protocol is up (connected)
FastEthernet1/0/37 is down, line protocol is down (notconnect)
0 packets input, 0 bytes, 0 no buffer
...
Now I can see my candidates, with actually 0 packets input over time, even if my expression matches numbers just ending with 0. I could make it more perfect, but being easy to remember is also a benefit. The interface names right before each 0 packets input lines are my candidates.
sh int <name>clear counters [type number]It can be good practice, to leave unused switchports shutdown. So it's easy to identify them using sh ip int bri or the like. And you don't run into problems if you use a switchport which was definitly shut off before.
Ultimately... DOCUMENTATION. You need to know where every patch cable goes to be 100% certain you aren't disconnecting something someone may expect to work at some point. Just because a port is currently "down" doesn't mean someone has not been using it. Also just because the counters are currently zero doesn't mean it's never been used or not going to be used again in the (near) future -- counters can be cleared, and counters reset to zero at boot.
I've worked at ISPs and large enterprises, and documentation is the key to knowing what's what. Without it, random guessing will lead to numerous bad days... customers get rather pissed when you run their DSL line to someone else, duplicate an address assignment, shutdown the wrong interface, etc. Enterprise wiring closets can be a real mess; without documentation, tracing dozens of cables among thousands can be a pain (and something as simple as port descriptions count.)
I also like
sh int | inc line protocol is|Last input
which outputs
FastEthernet0/29 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
FastEthernet0/30 is up, line protocol is up (connected)
Last input never, output 00:00:07, output hang never
FastEthernet0/46 is down, line protocol is down (notconnect)
Last input never, output 6d23h, output hang never
The output parameter tells you when the port last saw traffic which is useful for identifying those ports that are only occasionally used.
EDIT: Also worth noting (for reasons beyond the scope of this question) is that "Last input" is almost always "never"
I like @Stefan's answer but with this command line "sh int | i (Ethernet| 0 packets input)" which now grabs all Ethernet interface types and filters out non-zero numbers that happen to end in zero. He mentioned that some fine tuning might be possible so this is just one example.
Another option is...
sh int counters | i (Port|_0 0 0 0)
Yes, the whitespace is needed. The easiest way to get the spaces right is do "sh int counters" and copy a line with all zeros. One gotcha here is that half-way down the list changes from Input, which we want, to Output, which we don't care about for finding unused ports. It has the advantage of showing ONLY the ports with no input so you don't have to weed out the in-use ports like you do with Stefan's method.
I would scrape the output (or grab it with SNMP, even better) and use standard UNIX tools to parse it. Here's an easy example:
Here, I saved a partial output from 'show int counters' (just for demo purposes) to a file called "counters".
[mkantows@ochofu049]$ cat counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Gi1/0/1 0 0 0 0
Gi1/0/2 94949242720 556137619 571828 57745
Gi1/0/3 1522191492 8663327 1105299 55269
Gi1/0/4 3743856345 18565173 1275617 53658
Gi1/0/5 0 0 0 0
Gi1/0/6 0 0 0 0
Now, just use awk to produce a report of all ports that have all four counter fields at zero:
[mkantows@ochofu049]$ cat counters | awk '{if ($2 == 0 && $3 == 0 && $4 == 0 && $5 == 0) print $1}'
Gi1/0/1
Gi1/0/5
Gi1/0/6
The main idea here is to get whatever data you are using off of the device so you can do more intelligent/complex/simpler/whatever parsing and reporting.
NOTE For multiple devices, using a Linux utility like "screen" to log output from a tty connection can make it really efficient for quickly finding unused ports on multiple cisco devices. (in one log file) run a command like the following... where "HOSTNAME" is a universal part of your Cisco device hostname scheme cat counters | awk '{if ($1 == HOSTNAME) || ($2 == 0 && $3 == 0 && $4 == 0 && $5 == 0) print $1}'
I'm new so I can't vote up @netdad's and @mike pennington's answers - but I like them. To take @Mike Pennington's answer a little further, assuming you've cleared the counters recently, you could run this command also:
switch#sh int count | i 0 +0 + 0 +0
Gi1/3 0 0 0 0
Gi1/11 0 0 0 0
Gi1/19 0 0 0 0
Gi1/21 0 0 0 0
The regex here is saying a "0" followed by 1 or more spaces followed by a "0" followed by 1 or more spaces followed by a "0" followed by 1 or more spaces followed by a final "0".
Hope this helps.
I always use
show interfaces status
It sums it al up nice and dandy.
I typically use sh int des | ex up, which will list all the ports that are in a down state
If you need to do this regularly, nothing beats Perl and Net::Telnet::Cisco. You can log into X number of routers, grab all of the information on the interfaces you want, parse the output, and print it to a file or e-mail it with Net::SMTP or print it to standard output. I can provide examples if you want, but it's pretty straightforward.
Alternatively, if you are dead set on doing this within IOS, the following TCL script will give you the output you want in a nice, clean format:
set show_counters [exec show interfaces counters | i 0 +0 +0 +0]
set line [split $show_counters "\n"]
foreach record $line {
set fields [join $record " "]
foreach field $fields {
if { $field != 0 } {
puts $field
}
}
}I offer this because TCL and how to do this is a little less accessible [IMHO] than Perl
Here's one I've been using recently to remove cables from ports that haven't seen any activity for at least six weeks:
show int | i proto.*notconnect|proto.*administratively down|Last in.* [6-9]w|Last in.*
[0-9][0-9]w|[0-9]y|disabled|Last input never, output never, output hang never
sh int | in is down|input never, output never
FastEthernet0 is administratively down, line protocol is down
Last input never, output never, output hang never
GigabitEthernet1/0/2 is down, line protocol is down (notconnect)
GigabitEthernet1/0/4 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
GigabitEthernet1/0/13 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
GigabitEthernet1/0/24 is down, line protocol is down (notconnect)
Last input never, output never, output hang never
What about using the MAC table? It lists the MAC addresses with the interfaces and it ages them out. You would have to take the list out of IOS to do a filtered list of unique addresses.
sh int | i ( 0 packets input)|proto|Desc
The leading space with the 0 will exclude larger numbers that end in zero.
It's better to have ports shutdown (disabled) until they get used. It's risky to change switchport access vlan, for example, on a port that's already up unless you can be certain it's not in use.
Output might look like below, telling us that the switchport on g8/18 is disabled with 0 packets since last counter clear while g8/19 is in use (from the absence of the "0 packets input").
GigabitEthernet8/18 is administratively down, line protocol is down (disabled)
Description: 3a30
0 packets input, 0 bytes, 0 no buffer
GigabitEthernet8/19 is up, line protocol is up (connected)
Description: 4a25.vmhost112 (vmnic5)
As for knowing which patch panel jack is involved, use the Description field to help you document. Patch panels should be connected to switchports in a consistent manner, so it's easy to document as the patch panel jack to switchport is predictable. I use the format Rack-Row-Jack in the description + the hostname to track, but in a condensed way. 4b27 would be row rack 4, row b, jack 27 followed by hostxyz or whatever the hostname. So my descripton reads 4b27.hostxyz.
OK. Something that works on all switches starting from 2900 (don't have older to test) and shows only down ports.
sh int | i is down
I'd love to use sh int status but after that the result is connected and notconnected, so exclude or include don't do any good because the word connected is part of both, so you get the story.
In my case on a 3524 I get that below with both commands in order to make clear it works:
SD-LIB-C3524#sh int status
Port Name Status Vlan Duplex Speed Type
------- ------------------ ------------ -------- ------ ------- ----
Fa0/1 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/2 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/3 connected 10 A-Full A-100 100BaseTX/FX
Fa0/4 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/5 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/6 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/7 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/8 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/9 connected 10 A-Full A-100 100BaseTX/FX
Fa0/10 notconnect 10 Auto Auto 100BaseTX/FX
Fa0/11 connected 10 A-Full A-100 100BaseTX/FX
Fa0/12 connected 10 A-Full A-100 100BaseTX/FX
Fa0/13 WiFi SD-LIB-15 connected 40 A-Full A-100 100BaseTX/FX
Fa0/14 WiFi SD-LIB-22 connected 40 A-Full A-100 100BaseTX/FX
Fa0/15 WiFi SD-LIB-16 connected 40 A-Full A-100 100BaseTX/FX
Fa0/16 WiFi SD-LIB-23 connected 40 A-Full A-100 100BaseTX/FX
Fa0/17 WiFi SD-LIB-17 connected 40 A-Full A-100 100BaseTX/FX
Fa0/18 WiFi SD-LIB-24 connected 40 A-Full A-100 100BaseTX/FX
Fa0/19 WiFi SD-LIB-18 connected 40 A-Full A-100 100BaseTX/FX
Fa0/20 WiFi SD-LIB-14 connected 40 A-Full A-100 100BaseTX/FX
Fa0/21 WiFi SD-LIB-19 connected 40 A-Full A-100 100BaseTX/FX
Fa0/22 WiFi SD-LIB-21 connected 40 A-Full A-100 100BaseTX/FX
Fa0/23 WiFi SD-LIB-20 connected 40 A-Full A-100 100BaseTX/FX
Fa0/24 SD-LIB-3C4500-50P connected trunk A-Full A-100 100BaseTX/FX
Gi0/1 notconnect trunk Auto 1000 Missing
Gi0/2 notconnect 10 Auto 1000 Missing
SD-LIB-C3524#sh int | i is down
VLAN1 is up, line protocol is down
FastEthernet0/1 is down, line protocol is down
FastEthernet0/2 is down, line protocol is down
FastEthernet0/4 is down, line protocol is down
FastEthernet0/5 is down, line protocol is down
FastEthernet0/6 is down, line protocol is down
FastEthernet0/7 is down, line protocol is down
FastEthernet0/8 is down, line protocol is down
FastEthernet0/10 is down, line protocol is down
GigabitEthernet0/1 is down, line protocol is down
GigabitEthernet0/2 is down, line protocol is down
SD-LIB-C3524#
I think that in Cisco environment the best way is to a show version to know the uptime of the switch and after
show interfaces accounting
Interface Vlan1 is disabled
Vlan810
Protocol Pkts In Chars In Pkts Out Chars Out
IP 709229 73055034 232297 33127143
ARP 738 44280 70 4200
FastEthernet0/1
Protocol Pkts In Chars In Pkts Out Chars Out
No traffic sent or received on this interface.
FastEthernet0/2
Protocol Pkts In Chars In Pkts Out Chars Out
Other 0 0 19 6669
Spanning Tree 0 0 18588 1115280
CDP 0 0 658 309918
only using IOS commands is a bit tricky - you will miss out the odd one. I'd suggest like others to use snmp (solarwinds has a number of free tools you might want to look at) and to monitor the device for a number of days (weeks if necessary)
For the laborious part you mentioned with tracing cables etc. What I did to minimize the work with mapping switch ports to patch ports etc. was clearing the counters and then a few days later using snmp traps and then unplugging on the patchpanel for 1-2 seconds and once I got an entry on the snmp trap monitor/receiver (port x on module y went down), I just did the same thing again to verify (not that someone just incidentially turned off a device on one of the ports). It takes maybe 5 minutes for a 24 port panel - so this is rather quick. For the dead ones - just go back another time. If they are still dead, and no change on the counters then it is safe to assume the port is actually not in use.
We had this problem at our firm. We used correlation from the output of "show arp" and "show mac address-table" commands to correlate the MAC Addresses of all the computers/devices in our premisses.
First you will need to make a list of the IPs and MACs of the devices in your network, and correlate them with the corresponding interfaces using the above commands...
I usually use "show interface status" and variations on it but I also use a neat piece of open-source software called "Switchmap" to provide a simple graphical view of the interfaces. One great benefit of this is that if a port is up/down it will tell you how long ago it last had traffic on it and you can make a call from there as whether you should reuse it or not.
http://sourceforge.net/projects/switchmap/
This saves some typing :-)
Show IP interface brief is my personal favourite.
Makes it slightly easier for you to view. If not there are plenty of tools out there to help track port usage across many switches.
It's a little bit cheating, but if everything is only attached to one end device, you can turn on port security with sticky mac addresses. Check back in a while (however long you expect is a reasonable amount of time to assume that someone would have used the computer or it doesn't exist) and the running config will show you if anything has used that port. I'm pretty sure you can use sticky mac addresses with a max of more than 1 per interface just in case you're using VoIP phones and computers on the same port, but I'm not certain.
test cable diagnostics tdr interface *intname here*
This should show you whether or not the cable attached to the switchport is actually connected to anything. Regardless of its status.
Replace test with show to get the status.
Oh the days when it was easy just to type:
switch 1#show ver | in uptime
switch 1 uptime is 28 weeks, 6 days, 20 hours, 19 minutes
switch 1#show inter link | in 28 weeks
Fa3/1 28 weeks, 6 days, 20 hours, 19 minutes 16 secs
Fa3/2 28 weeks, 6 days, 20 hours, 19 minutes 16 secs
(that's on a 4500 running version 12.2(20))
