I frequently use
sh int | i (FastEthernet|0 packets input)
or the same with GigabitEthernet, whatever kind of interfaces I want to check.
sh int
(which is show interfaces
) gives a huge list of ste status of all interfaces
- The pipe symbol
|
can be used for filtering, but also in search expressions
| i
(for include
) filters the output which matches the following search expressions
- I use
(...|...)
to match two conditions: the interface name and a status I like to see, we can use regular expressions here, like this "or" expression
The output can look like:
...
FastEthernet1/0/31 is up, line protocol is up (connected)
95445640 packets input, 18990165053 bytes, 0 no buffer
FastEthernet1/0/32 is up, line protocol is up (connected)
FastEthernet1/0/33 is up, line protocol is up (connected)
FastEthernet1/0/34 is down, line protocol is down (notconnect)
0 packets input, 0 bytes, 0 no buffer
FastEthernet1/0/35 is down, line protocol is down (notconnect)
FastEthernet1/0/36 is up, line protocol is up (connected)
FastEthernet1/0/37 is down, line protocol is down (notconnect)
0 packets input, 0 bytes, 0 no buffer
...
Now I can see my candidates, with actually 0 packets input over time, even if my expression matches numbers just ending with 0. I could make it more perfect, but being easy to remember is also a benefit. The interface names right before each 0 packets input lines are my candidates.
- Check each chosen interface if it's really unused by
sh int <name>
- From time to time, it's good to clear the counters:
clear counters [type number]
It can be good practice, to leave unused switchports shutdown. So it's easy to identify them using sh ip int bri
or the like. And you don't run into problems if you use a switchport which was definitly shut off before.
They have a pretty simple writeup over at Networklessons, but in-depth information on how it works are on Cisco's site. It can be as complicated and secure as you want it. Your 2 questions are one and the same.
A barebones config would be like this:
Create a group
R1(config)#snmp-server group MYGROUP v3 priv
Attach a user to a group
R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes128 MYKEY123
If you aren't looking to restrict access to specific MIBs, then this is all you really need.
Best Answer
Almost every Cisco IOS router 12.x and 15.x supports this command. You can use it in this way to send configuration command logging to syslog server:
where xx.xx.xx.xx - your syslog-server.
Also you can view previous configuration commands that were applied to this router by running
show archive log config all
. You must know, that this command display history data only from last reboot. That's why it's recommended to save configuration command history in syslog.Also FYI: