Tag Archives: Catlayst Switch Commands

A Damn Handy Catalyst Switch Command

When it comes to working with Cisco’s Catalyst switches, there are a handful of commands that get used pretty frequently to tell what’s going on.  I’m talking about after configuration is done, and when you come back to a switch later on for whatever reason to troubleshoot or verify operational parameters. I won’t be telling you anything here that isn’t already in a slew of Cisco docs, but I am working up to a specific point.

These are very common in my world:

  • Show interface (status, counters, errors, etc)
  • Show power inline (PoE info)
  • Show CDP neigh/show LLDP neigh (connected network devices)
  • Show mac address-table (L2 addresses of connected devices)
  • Show log
  • Show VLAN (VLAN database for the switch)
  • Show run (how the switch is configured)

The list goes on, and as most of you reading this know there are also variations of the commands listed that get you more granular information- like detailed information per single interface, expanded CDP details, only the last so many log entries, etc.

Big deal, right? This is pretty basic stuff, I realize. But at the same time, I do feel compelled to give a call-out to one command that I’ve come to truly appreciate:

show interface switchport

This gem tells you a lot about an individual interface and is handy as heck when odd things might be afoot with VLANs. (It recently helped me get to the bottom of a VLAN issue involving the murky mystical VLAN 1 on a Catalyst 3650).

Here’s one instance from a production switch:

#sh interfaces gig 1/0/32 switchport
Name: Gi1/0/32
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 8,170
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Now contrast that with the simpler [sh run interface] command for the same port:

interface GigabitEthernet1/0/32
description pci test or ACS
switchport trunk allowed vlan 8,170
switchport mode trunk
storm-control broadcast level pps 2k 1.5k
storm-control action shutdown
storm-control action trap
service-policy output TACTEST

So, the [show run] command just scrapes the surface of the actual  bigger VLAN paradigm in play for interface, while [show interface switchport] brings all of the VLAN-specific information out into the open, possibly revealing parameters not obvious through the other commands.

It’s the little things, sometimes… I like this command a lot where multiple VLANs are in use.