Active interfaces

AkiiiAkiii Member Posts: 80 ■■□□□□□□□□
Hi,

Are there any commands to check if the interface is active(used by some enduser) from the last reboot besides using the sh ip int xy and checking the last input and output?

The sh int status command list all the interfaces, but there's no special status for the non-used ones.

Fa3/1 SAMPLE_10.10.10.0 notconnect 130 half auto 10/100BaseTX
Fa3/2
SAMPLE_10.10.10.0 notconnect 130 half auto 10/100BaseTX
Fa3/3
SAMPLE_10.10.10.0. notconnect 130 half auto 10/100BaseTX
Fa3/4
SAMPLE_10.10.10.0 notconnect 130 auto auto 10/100BaseTX
Fa3/5
SAMPLE_10.10.10.0 notconnect 130 half auto 10/100BaseTX
Fa3/6
SAMPLE_10.10.10.0 notconnect 130 auto auto 10/100BaseTX
Fa3/7
SAMPLE_10.10.10.0 connected 130 a-full a-100 10/100BaseTX
Fa3/8
SAMPLE_10.10.10.0 notconnect 130 auto auto 10/100BaseTX
Fa3/9
SAMPLE_10.10.10.0 connected 130 a-full a-100 10/100BaseTX
Fa3/10
SAMPLE_10.10.10.0 notconnect 130 half auto 10/100BaseTX

I've figured out if the auto and auto is there then the interface is not used from the last reboot unless the speed and duplex negotiation is hardcoded on auto on both sides but thats kind of rare in our situation. So using this method is trustable? Any feedbacks appreciated

Thanks

Comments

  • chmorinchmorin Member Posts: 1,446 ■■■■■□□□□□
    What do you mean by 'in use'? The odds that a node plugged into the network is not sending something over the network periodically is very slim. What exactly are you trying to find out? There are ways to count the types of data being sent over a link, and view the results. But doing this in a switching environment is probably a bad idea for the CPU's sake.
    Currently Pursuing
    WGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)
    mikej412 wrote:
    Cisco Networking isn't just a job, it's a Lifestyle.
  • AkiiiAkiii Member Posts: 80 ■■□□□□□□□□
    chmorin wrote: »
    What do you mean by 'in use'? The odds that a node plugged into the network is not sending something over the network periodically is very slim. What exactly are you trying to find out? There are ways to count the types of data being sent over a link, and view the results. But doing this in a switching environment is probably a bad idea for the CPU's sake.


    I mean if the interface was passing some IP traffic from the last reboot or not

    Sometimes I don't have enough ports on my blades and there's a potentially new user who wants to use wired connection. All of the blades are full with cables but some of interfaces were patched like 2-3 years ago and noone is using them. I'm always checking the input and output and hang counters under the sh ip interface commands if they are set to "never" never", then I'm sure that those ones are not in use.

    I'm only trying to find out if there some easier way where I can see all my interfaces wich were not used since the last startup :)
  • NullCodeNullCode Member Posts: 72 ■■□□□□□□□□
    I hope these can help you:

    #sh int <interface> counters
    #sh int <int> | i packets
  • tierstentiersten Member Posts: 4,505
    I assume your problem is that you're looking for ports on your switch which have a combination of nothing on a port, something active on a port and something on a port but its completely off at the moment?

    If so then you're just going to have to look at the counters. If they're all 0s and you haven't reset them recently then there isn't anything on that port and its not been used since the last time its been reset.

    If however, you're trying to find ports which are connected to something but it isn't being used then you're going to have to look at the counter values and use your best judgement as I doubt they'll be 0.
  • AkiiiAkiii Member Posts: 80 ■■□□□□□□□□
    NullCode wrote: »
    I hope these can help you:

    #sh int <interface> counters
    #sh int <int> | i packets
    tiersten wrote: »
    I assume your problem is that you're looking for ports on your switch which have a combination of nothing on a port, something active on a port and something on a port but its completely off at the moment?

    If so then you're just going to have to look at the counters. If they're all 0s and you haven't reset them recently then there isn't anything on that port and its not been used since the last time its been reset.

    If however, you're trying to find ports which are connected to something but it isn't being used then you're going to have to look at the counter values and use your best judgement as I doubt they'll be 0.

    Yes something like that. I was just trying to find a better solution to go over the counters on the interfaces 1 by 1.
  • tierstentiersten Member Posts: 4,505
    Akiii wrote: »
    Yes something like that. I was just trying to find a better solution to go over the counters on the interfaces 1 by 1.
    Script it using Tcl if your switch supports it or do it via SNMP externally using whatever your favourite scripting language is.
  • AkiiiAkiii Member Posts: 80 ■■□□□□□□□□
    tiersten wrote: »
    Script it using Tcl if your switch supports it or do it via SNMP externally using whatever your favourite scripting language is.

    thanks I'll look after it!
  • tierstentiersten Member Posts: 4,505
    Akiii wrote: »
    thanks I'll look after it!
    You can do it just with snmpwalk by itself if you don't mind either relying on looking at a single counter or if you can correlate the multiple counters yourself in your head.
    snmpwalk -v2c -c <your RO SNMP community here> <your switch IP here> 1.3.6.1.2.1.31.1.1.1.6
    
    IF-MIB::ifHCInOctets.1 = Counter64: 110975266
    IF-MIB::ifHCInOctets.2 = Counter64: 0
    IF-MIB::ifHCInOctets.3 = Counter64: 0
    IF-MIB::ifHCInOctets.4 = Counter64: 0
    IF-MIB::ifHCInOctets.5 = Counter64: 0
    IF-MIB::ifHCInOctets.6 = Counter64: 0
    IF-MIB::ifHCInOctets.7 = Counter64: 0
    IF-MIB::ifHCInOctets.8 = Counter64: 0
    IF-MIB::ifHCInOctets.9 = Counter64: 0
    IF-MIB::ifHCInOctets.10 = Counter64: 0
    IF-MIB::ifHCInOctets.11 = Counter64: 0
    IF-MIB::ifHCInOctets.12 = Counter64: 0
    IF-MIB::ifHCInOctets.13 = Counter64: 15099319
    IF-MIB::ifHCInOctets.14 = Counter64: 0
    IF-MIB::ifHCInOctets.15 = Counter64: 0
    IF-MIB::ifHCInOctets.16 = Counter64: 0
    IF-MIB::ifHCInOctets.17 = Counter64: 0
    IF-MIB::ifHCInOctets.18 = Counter64: 0
    IF-MIB::ifHCInOctets.19 = Counter64: 0
    IF-MIB::ifHCInOctets.20 = Counter64: 0
    IF-MIB::ifHCInOctets.21 = Counter64: 0
    IF-MIB::ifHCInOctets.22 = Counter64: 0
    IF-MIB::ifHCInOctets.23 = Counter64: 0
    IF-MIB::ifHCInOctets.24 = Counter64: 0
    IF-MIB::ifHCInOctets.25 = Counter64: 0
    IF-MIB::ifHCInOctets.26 = Counter64: 0
    IF-MIB::ifHCInOctets.28 = Counter64: 107823705
    

    The 64 bit input octets counter for the interfaces on a 2950 in my lab shows that only ports 1 and 13 have ever had data going to them. ifIndex 28 is the VLAN interface for management and not a physical port.

    You can see what ifIndex each port is by querying another MIB. This is a 2950 so you'll see 24 FastEthernet ports, 2 GigabitEthernet ports, a Null0 and a Vlan0.
    snmpwalk -v2c -c <your RO SNMP community here> <your switch IP here> 1.3.6.1.2.1.31.1.1.1.1
    
    IF-MIB::ifName.1 = STRING: Fa0/1
    IF-MIB::ifName.2 = STRING: Fa0/2
    IF-MIB::ifName.3 = STRING: Fa0/3
    IF-MIB::ifName.4 = STRING: Fa0/4
    IF-MIB::ifName.5 = STRING: Fa0/5
    IF-MIB::ifName.6 = STRING: Fa0/6
    IF-MIB::ifName.7 = STRING: Fa0/7
    IF-MIB::ifName.8 = STRING: Fa0/8
    IF-MIB::ifName.9 = STRING: Fa0/9
    IF-MIB::ifName.10 = STRING: Fa0/10
    IF-MIB::ifName.11 = STRING: Fa0/11
    IF-MIB::ifName.12 = STRING: Fa0/12
    IF-MIB::ifName.13 = STRING: Fa0/13
    IF-MIB::ifName.14 = STRING: Fa0/14
    IF-MIB::ifName.15 = STRING: Fa0/15
    IF-MIB::ifName.16 = STRING: Fa0/16
    IF-MIB::ifName.17 = STRING: Fa0/17
    IF-MIB::ifName.18 = STRING: Fa0/18
    IF-MIB::ifName.19 = STRING: Fa0/19
    IF-MIB::ifName.20 = STRING: Fa0/20
    IF-MIB::ifName.21 = STRING: Fa0/21
    IF-MIB::ifName.22 = STRING: Fa0/22
    IF-MIB::ifName.23 = STRING: Fa0/23
    IF-MIB::ifName.24 = STRING: Fa0/24
    IF-MIB::ifName.25 = STRING: Gi0/1
    IF-MIB::ifName.26 = STRING: Gi0/2
    IF-MIB::ifName.27 = STRING: Nu0
    IF-MIB::ifName.28 = STRING: Vl1
    
  • jason_lundejason_lunde Member Posts: 567
    when i do a switch port audit, I really like to clear counters and just run something like
    show int | i input|output

    after a week or so that pretty much tells me if the ports in use. Plus the line that says "last output x weeks y days' doesnt hurt either.
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    I'm sure you've probably already figured this out, but I'll say it anyway -

    You should really do a port audit and figure out what's in use for real and what's not, and turn down any ports not actually in use. This is better from a security standpoint, and it'd also make finding a free port alot easier.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I'm sure you've probably already figured this out, but I'll say it anyway -

    You should really do a port audit and figure out what's in use for real and what's not, and turn down any ports not actually in use. This is better from a security standpoint, and it'd also make finding a free port alot easier.


    Agreed. I now it sucks, but its about time to bite the bullet and redo the whole thing. It will make your life easier in the long run anyway.
    An expert is a man who has made all the mistakes which can be made.
Sign In or Register to comment.