Imagine you're a network detective. When something breaks—a user can't reach a server, a route vanishes, or a VLAN goes silent—you don't have X-ray vision into your switches and routers. Instead, you have a powerful toolkit: Cisco IOS show commands. These commands are the lifeline of every network engineer, revealing the inner state of devices in real time. For the CCNA 200-301 exam, mastering show commands isn't just a nice-to-have; it's essential for troubleshooting scenarios that make up a significant portion of the exam. This chapter will arm you with the most critical show commands, how to interpret their output, and how to use them methodically to solve problems fast.
Jump to a section
Think of a Cisco router or switch as a modern car. The car has many complex systems: engine, transmission, fuel injection, electrical, cooling, and so on. Normally, you just drive—packets flow, everything works. But when the 'Check Engine' light comes on (a user reports a problem), you need to diagnose the issue. You wouldn't start randomly replacing parts. Instead, you look at the dashboard gauges and warning lights. The speedometer shows current speed (interface bandwidth utilization). The fuel gauge shows remaining fuel (available memory). The temperature gauge shows engine heat (CPU temperature). Warning lights indicate specific faults: oil pressure low (interface down), battery charging failure (power supply issue). Each gauge gives you a snapshot of a subsystem. Similarly, show commands give you snapshots of different IOS subsystems. 'show interfaces' is like the speedometer and odometer for each port—it tells you speed, duplex, packets in/out, errors. 'show ip route' is like a GPS map of all known paths. 'show processes cpu' is the tachometer—how hard the engine is working. A good mechanic doesn't just look at one gauge; they correlate information. If the temperature gauge is high AND the coolant level is low, that points to a leak. In networking, if 'show interfaces' shows CRC errors AND 'show interface status' shows the interface is up/down, you likely have a cabling or duplex mismatch issue. The analogy holds because both systems require systematic reading of multiple indicators to isolate the root cause, not just treating symptoms.
What Are Show Commands and Why Do They Matter?
Show commands are the primary method for retrieving operational data from Cisco IOS devices. Unlike configuration commands (which start with 'configure terminal'), show commands are executed in privileged EXEC mode (enable mode) or user EXEC mode. They display the current state of protocols, interfaces, hardware, and processes. For the CCNA exam, you must be able to interpret the output of at least a dozen essential show commands. These commands are the foundation of the 'troubleshooting methodology' that Cisco emphasizes: gather symptoms, isolate the problem, correct it, and verify.
The Most Critical Show Commands
#### show interfaces This command displays detailed statistics for all interfaces (or a specific interface). Key fields: - 'FastEthernet0/0 is up, line protocol is up' – The first 'up' means the physical layer is good (cable connected, no electrical issues). The second 'up' means the data link layer is operational (keepalives received, no encapsulation mismatch). Common states: 'administratively down' (shutdown), 'up/down' (physical up, but no keepalives – often a cable or duplex issue), 'down/down' (no physical connection). - 'MTU 1500 bytes' – Maximum transmission unit. - 'BW 100000 Kbit' – Bandwidth (used by routing protocols like EIGRP for metric calculation). - 'Reliability 255/255' – A measure of error-free operation; 255 is perfect. - 'txload 1/255, rxload 1/255' – Load averages; 255/255 means fully saturated. - 'Input queue: 0/75/0/0 (size/max/drops/flushes)' – If drops are non-zero, the input queue is overflowing, indicating congestion or a slow processor. - '5 minute input rate 0 bits/sec, 0 packets/sec' – Average traffic rate over the last 5 minutes. - 'CRC errors' – Cyclic Redundancy Check errors indicate frame corruption, often due to cabling or duplex mismatch.
#### show ip interface brief A quick summary of all interfaces: status, IP address, and method (DHCP or manual). Example output:
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 10.0.0.1 YES NVRAM up upThe 'Status' column shows line status; 'Protocol' shows line protocol status. This is your first stop when checking connectivity.
#### show ip route Displays the IP routing table. Each route has a type (C – connected, L – local, S – static, O – OSPF, D – EIGRP, etc.), administrative distance, metric, next-hop IP, and outgoing interface. Example:
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.254
C 192.168.1.0/24 is directly connected, FastEthernet0/0
L 192.168.1.1/32 is directly connected, FastEthernet0/0
O 10.0.0.0/24 [110/2] via 192.168.2.1, 00:00:15, FastEthernet0/1Key points: The 'Gateway of last resort' is the default route. '[110/2]' shows AD (110 for OSPF) and metric (2). The age '00:00:15' indicates how long since the route was last updated.
#### show vlan brief For switches, this shows VLAN membership of ports. Example:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
10 Sales active Fa0/5, Fa0/6, Fa0/7
20 Engineering active Fa0/8, Fa0/9
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsupIf a port is missing from the expected VLAN, it might be in the wrong VLAN or the VLAN might not exist.
#### show mac address-table Displays the MAC address table (CAM table) on a switch. Example:
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0050.7966.6800 DYNAMIC Fa0/1
10 0050.7966.6801 DYNAMIC Fa0/2
10 0050.7966.6802 DYNAMIC Fa0/3
20 0050.7966.6803 DYNAMIC Fa0/4This helps in tracking which device is on which port. If a MAC appears on the wrong port, you might have a loop or security issue.
#### show spanning-tree Shows the Spanning Tree Protocol (STP) state for each VLAN. Example:
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0050.7966.6666
This bridge is the root
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0050.7966.6666
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 19 128.2 P2p'Role' can be Root, Designated, Alternate, or Backup. 'Sts' is state: FWD (forwarding), BLK (blocking), LIS (listening), LRN (learning). If a port is in BLK, it's a loop-prevention state—normal unless unexpected.
#### show running-config Displays the current configuration in RAM. This is what you compare against the startup config (show startup-config) to see unsaved changes. It shows all configured features: interfaces, VLANs, routing protocols, ACLs, etc.
#### show cdp neighbors Cisco Discovery Protocol (CDP) shows directly connected Cisco devices. Example:
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router2 Fas 0/0 172 R CISCO2811 Fas 0/1
Switch1 Fas 0/1 152 S WS-C2960 Gig 0/1This is invaluable for discovering the network topology without logging into every device.
#### show version Shows IOS version, hardware model, memory, uptime, and reason for last reload. Useful for verifying compatibility and uptime.
#### show processes cpu Shows CPU utilization per process. If CPU is high (e.g., >80%), you can identify which process is consuming it. Example:
CPU utilization for five seconds: 10%/5%; one minute: 8%; five minutes: 7%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 5640 12345 456 0.00% 0.00% 0.00% 0 Chunk Manager
2 0 1 0 0.00% 0.00% 0.00% 0 Load Meter
...
76 123456 78901 1565 2.50% 2.30% 2.10% 0 IP InputIf 'IP Input' is high, the router is processing many packets in software (possibly due to ACLs, NAT, or routing).
How to Use Show Commands in Troubleshooting
The key is to follow a systematic approach. Start broad, then narrow. For example: 1. Use 'show ip interface brief' to see which interfaces are up/down. 2. For a down interface, use 'show interfaces' for detailed errors. 3. If interface is up but no connectivity, check 'show ip route' for routing table. 4. If route missing, check routing protocol with 'show ip ospf neighbor' or 'show ip eigrp neighbors'. 5. If neighbors are missing, check 'show cdp neighbors' for layer-2 connectivity.
Interaction with Related Protocols
Show commands are protocol-aware. For example, 'show ip ospf interface' shows OSPF-specific details like area, timer intervals, neighbor state. 'show ip eigrp topology' shows the EIGRP topology table. Always use the protocol-specific show commands when troubleshooting routing protocols.
Common Pitfalls
Assuming output is real-time: Some show commands (like 'show interfaces') show averages over 5 minutes; use 'show interfaces accounting' for exact counts.
Ignoring the 'last clearing' timestamp: Many counters reset when 'clear counters' is issued. Check 'show interfaces' for 'Last clearing of "show interface" counters'.
Misreading status: 'up/down' means physical up but line protocol down (e.g., no keepalive, encapsulation mismatch). 'down/down' means physical down (cable disconnected, remote end shutdown).
Conclusion
Show commands are your eyes and ears into the network. Master them, and you can diagnose any issue. On the exam, you'll be given show command output and asked to interpret it. Practice reading outputs until you can spot anomalies instantly.
Check Interface Status
Start with 'show ip interface brief' to get a quick overview of all interfaces. Look for interfaces that are 'up/up' (good), 'administratively down' (shutdown), 'up/down' (physical up but protocol down), or 'down/down' (no physical connection). If an interface is 'administratively down', you need to issue 'no shutdown' in interface configuration mode. If it's 'up/down', suspect a layer 2 issue like encapsulation mismatch (e.g., one side configured for trunk, other for access) or missing keepalives. If 'down/down', check the physical cable, the remote device, and the interface hardware. Example: if FastEthernet0/0 shows 'up/down', use 'show interfaces FastEthernet0/0' to see detailed errors like CRC errors or late collisions, which indicate duplex mismatch.
Examine Interface Errors
Use 'show interfaces [interface]' to look for errors. Key counters: 'runts' (frames smaller than 64 bytes), 'giants' (frames larger than 1518 bytes), 'CRC errors' (frame check sequence failures), 'input errors' (total of runts, giants, CRC, etc.), 'output errors' (collisions, late collisions). High CRC errors often point to a faulty cable or duplex mismatch. Late collisions indicate a duplex mismatch (one side full-duplex, other half-duplex) or an excessive cable length. For example, if you see many CRC errors on a FastEthernet interface, check the cable and ensure both ends are set to the same duplex (preferably auto-negotiation). Use 'show interface status' to see duplex and speed settings for all ports.
Verify IP Addressing
Use 'show ip interface brief' to confirm each interface has the correct IP address. If an interface is 'up/up' but has no IP address (unassigned), that's a problem. Use 'show running-config interface [interface]' to see the configuration. Also check for IP address conflicts using 'show ip interface [interface]' which displays 'Internet address is 192.168.1.1/24' and 'Broadcast address is 192.168.1.255'. If you suspect a duplicate IP, use 'show ip arp' to see the MAC-to-IP mappings. A duplicate IP will show two different MAC addresses for the same IP, causing intermittent connectivity.
Check Routing Table
Use 'show ip route' to see all known routes. Ensure there is a route to the destination network. If the route is missing, check if it's a connected route (C), static route (S), or learned via a routing protocol (O, D, etc.). For static routes, verify the next-hop IP is reachable (ping it). For dynamic routes, check the routing protocol neighbor state. For example, if you expect an OSPF route but it's missing, use 'show ip ospf neighbor' to see if the router has OSPF neighbors. If no neighbors, check OSPF configuration (network statements, area IDs, passive interfaces). Also check the administrative distance: if multiple routes exist, the one with the lowest AD is installed.
Examine Neighbor Relationships
For dynamic routing protocols, neighbors must be established. Use 'show ip ospf neighbor' for OSPF, 'show ip eigrp neighbors' for EIGRP. Look for the 'State' column. For OSPF, a full adjacency shows 'FULL/DR' or 'FULL/BDR'. For EIGRP, neighbors should show 'Established'. If neighbors are missing, check: (1) Are the interfaces in the same subnet? (2) Are there ACLs blocking protocol traffic (OSPF uses IP protocol 89, EIGRP uses IP protocol 88)? (3) Is the routing process configured correctly? (4) Are passive interfaces preventing advertisements? Use 'show ip protocols' to see routing protocol configuration and passive interfaces.
Verify VLAN and Trunking
On switches, use 'show vlan brief' to see which VLANs exist and which ports are assigned. If a host in VLAN 10 can't reach its gateway, check that the port is in VLAN 10. Use 'show interfaces trunk' to see trunk ports and allowed VLANs. If a trunk is not passing VLAN 10, check the allowed VLAN list (e.g., 'switchport trunk allowed vlan 1-100') and the native VLAN mismatch. Use 'show interfaces [trunk-port] switchport' to see operational mode and VLAN information. Also use 'show mac address-table' to see if the switch has learned the MAC address of the host; if not, the host may be disconnected or the port may be in a blocking STP state.
Check STP State
Use 'show spanning-tree vlan [vlan-id]' to see the STP state of each port. Look for ports in 'Blocking' state. If a port is unexpectedly blocking (e.g., a port that should be forwarding), it could indicate a loop or a configuration issue like PortFast not enabled on access ports. For access ports, enable PortFast with 'spanning-tree portfast' to avoid waiting for STP convergence. Use 'show spanning-tree root' to see the root bridge. If the root bridge is not where you expect, the bridge priority might be misconfigured.
Verify ACLs and NAT
If connectivity exists but traffic is blocked, check ACLs. Use 'show access-lists [number/name]' to see the ACL entries and hit counts. If the hit count for a deny entry is increasing, that ACL is blocking traffic. For NAT, use 'show ip nat translations' to see active translations. If there are no translations when expected, check NAT configuration (inside/outside interfaces, ACL for NAT). Use 'show ip nat statistics' for translation counts and failures.
In a typical enterprise network, show commands are the first line of defense. Imagine you're a network engineer for a company with 500 employees across three floors. One morning, the sales team on the second floor reports they can't access the CRM server on the third floor. You start with 'show ip interface brief' on the core switch. You notice that the trunk port connecting the second-floor access switch is 'up/down'. That's suspicious. You drill down with 'show interfaces GigabitEthernet0/1' and see hundreds of CRC errors and late collisions. You suspect a duplex mismatch. You check the access switch's corresponding port with 'show interfaces' and see it's set to half-duplex while the core is set to full-duplex. The fix is to set both to auto-negotiate (or hard-code both to full-duplex). After correcting, the trunk comes up and the sales team can access the CRM.
Another scenario: A remote branch office can't reach the data center. You SSH into the branch router and run 'show ip route'. You see the default route pointing to the ISP, but no route to the data center subnet (10.0.0.0/8). You then check 'show ip ospf neighbor' and see no neighbors. The WAN interface is up, but OSPF isn't forming adjacency. You check 'show ip ospf interface' and see that the interface is passive. You remove the 'passive-interface' command from the WAN interface, and OSPF neighbors form. The route appears, and connectivity is restored.
A third scenario: A switch is experiencing high CPU usage. You use 'show processes cpu' and see that 'IP Input' is consuming 80% of CPU. This suggests the switch is processing many packets in software, perhaps due to ACLs or routing. You use 'show ip cache flow' (if NetFlow is enabled) to see traffic patterns. You discover that a single host is sending a flood of broadcast traffic. You trace the host using 'show mac address-table' to find its port and disconnect it. CPU drops to normal.
In production, always document your show command outputs before making changes. Use 'show running-config' to back up the configuration. When troubleshooting, start with the most likely cause based on symptoms. And remember: show commands are read-only; they won't fix the problem, but they'll tell you what to fix.
The CCNA 200-301 exam tests your ability to interpret show command output to diagnose and resolve issues. Specifically, you should be able to:
Identify interface status and errors from 'show interfaces' and 'show ip interface brief'.
Determine the cause of connectivity issues using 'show ip route', 'show vlan brief', and 'show mac address-table'.
Troubleshoot routing protocol adjacencies with 'show ip ospf neighbor' and 'show ip eigrp neighbors'.
Diagnose STP issues with 'show spanning-tree'.
Verify ACL and NAT operations with 'show access-lists' and 'show ip nat translations'.
Common Wrong Answers and Why Candidates Choose Them: 1. 'show running-config' is the best first command for troubleshooting. Wrong. While it shows configuration, it doesn't show operational state. Start with 'show ip interface brief' to see the current status. Candidates choose 'show running-config' because they think the problem is configuration, but the issue might be operational (e.g., cable unplugged). 2. 'show interfaces' output shows real-time traffic. Wrong. The '5 minute input rate' is an average. For real-time, use 'show interfaces accounting' or 'show interface [interface] statistics'. Candidates assume it's real-time because it updates quickly. 3. A port in 'blocking' STP state is always a problem. Wrong. Blocking is normal for redundant links to prevent loops. Candidates panic when they see blocking, but it's correct unless the port should be forwarding (e.g., an access port that should be in forwarding immediately). 4. 'show ip route' shows all routes including those that are not usable. Wrong. It shows only routes in the routing table (active routes). For all routes (including those not selected), use 'show ip route [protocol]' or 'show ip ospf database' for OSPF. Candidates think the routing table includes all possible routes.
Specific Values and Command Outputs: - Administrative distances: Connected=0, Static=1, EIGRP=90, OSPF=110, RIP=120, External EIGRP=170, Unknown=255. - OSPF neighbor states: DOWN, ATTEMPT, INIT, 2-WAY, EXSTART, EXCHANGE, LOADING, FULL. - STP port states: BLOCKING, LISTENING, LEARNING, FORWARDING, DISABLED. - Interface status: 'up/up', 'administratively down', 'up/down', 'down/down'.
Decision Rule for Scenario Questions: When given a troubleshooting scenario, follow this order: 1. Check interface status (show ip interface brief). 2. If interface is down, check physical layer (cable, errors). 3. If interface is up, check IP addressing (show ip interface brief again for IP). 4. Check routing table (show ip route) for destination. 5. If route missing, check routing protocol neighbors (show ip ospf neighbor, etc.). 6. If neighbors missing, check layer 2 (VLANs, trunks, STP). 7. If all else fails, check ACLs and NAT.
Always eliminate options that suggest reconfiguring without first verifying the current state. The exam wants you to use show commands to gather information before making changes.
Use 'show ip interface brief' as the first command to get a quick overview of interface status and IP addresses.
Interface status 'up/down' indicates a layer 2 problem (e.g., encapsulation mismatch, no keepalive).
CRC errors on 'show interfaces' often point to cabling or duplex mismatch issues.
The routing table (show ip route) shows only the best routes; use protocol-specific commands for all routes.
OSPF neighbor states progress: DOWN, INIT, 2-WAY, EXSTART, EXCHANGE, LOADING, FULL.
STP blocking state is normal on redundant links; only investigate if an access port is blocking.
Always check 'show cdp neighbors' to discover directly connected Cisco devices and verify topology.
High CPU in 'IP Input' process indicates software-switched packets; check for ACLs, NAT, or routing.
Use 'show vlan brief' to verify VLAN existence and port assignments on switches.
Use 'show mac address-table' to track which device is on which switch port.
The 'show running-config' command shows the current configuration; compare with 'show startup-config' to see unsaved changes.
ACL hit counts in 'show access-lists' tell you how many packets matched each line; increasing hits on a deny line indicates blocked traffic.
These come up on the exam all the time. Here's how to tell them apart.
show interfaces
Shows detailed statistics for all interfaces or a specific interface.
Includes errors (CRC, collisions), MTU, bandwidth, load, queue drops.
Shows 5-minute average traffic rates.
Output can be very long; use for in-depth troubleshooting.
Useful for identifying duplex mismatches and cable issues.
show ip interface brief
Shows a one-line summary per interface: IP address, status, protocol.
Does not show errors or traffic rates.
Quick overview; best first command for connectivity checks.
Output is concise; ideal for initial assessment.
Cannot diagnose layer 1 or 2 errors.
Mistake
The 'show interfaces' command shows the exact current traffic rate.
Correct
The '5 minute input rate' is an average over the last 5 minutes. For the exact current rate, use 'show interfaces accounting' or the 'load-interval' command to adjust the averaging period (default 300 seconds).
Candidates see the rate updating and assume it's instantaneous, but it's a rolling average.
Mistake
If 'show ip route' shows a route, the router can always reach that network.
Correct
The routing table shows the best route based on AD and metric, but the next-hop must be reachable. Use 'ping' to verify reachability of the next-hop IP. Also, the outgoing interface must be up/up.
Candidates think the routing table is a guarantee of connectivity, but it's only a map; the path must work.
Mistake
A port in STP blocking state is always a problem that needs fixing.
Correct
Blocking is a normal state for redundant ports to prevent loops. Only investigate if a port that should be forwarding (e.g., an access port) is blocking, or if the root bridge is not where expected.
Candidates see 'blocking' and assume it's an error, but STP is designed to block some ports.
Mistake
The 'show running-config' command shows the configuration that will be loaded after a reload.
Correct
The running-config is in RAM; it may differ from the startup-config (in NVRAM). Use 'show startup-config' to see the configuration that will be used after a reload. Changes are saved with 'copy running-config startup-config'.
Candidates confuse running and startup configs, thinking they are always the same.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
'show running-config' displays the current configuration running in RAM. Any changes you make are immediately reflected here but are not saved to NVRAM until you issue 'copy running-config startup-config'. 'show startup-config' shows the configuration stored in NVRAM that will be loaded on the next reboot. If the router reboots, changes not saved are lost. Exam tip: When troubleshooting, always compare both to see if unsaved changes exist. A common exam scenario: after making changes, the router reboots and loses them because the candidate forgot to save.
Look at the 'Input errors' and 'Output errors' lines. Input errors include runts, giants, CRC, frame, and overrun errors. CRC errors are the most common and indicate frame corruption, often due to cabling or duplex mismatch. Output errors include collisions and late collisions. Late collisions suggest a duplex mismatch (one side full, other half) or excessive cable length. If you see many errors, check the cable, duplex settings, and interface hardware. Use 'show interface status' to see current duplex and speed. Exam tip: If you see 'input errors' but no CRC errors, the errors might be runts or giants, which could indicate a speed mismatch.
'show ip route' shows only the best routes (those installed in the routing table). It does not show all possible routes learned by routing protocols. For example, if OSPF learns two routes to the same network, only the one with the lowest metric appears. To see all OSPF routes, use 'show ip ospf database'. Also, it does not show routes with a higher AD that are not selected. For a complete picture, use protocol-specific commands. Exam tip: If a route is missing from 'show ip route', check if the routing protocol has learned it using 'show ip ospf database' or 'show ip eigrp topology'.
Use 'show access-lists [number/name]' and look at the 'matches' column for each line. If a deny line has a high number of matches, that ACL is blocking traffic. Also, you can use 'show ip interface [interface]' to see which ACLs are applied inbound and outbound. Then check the ACL hit counts. For extended ACLs, you can also use 'log' keyword to generate syslog messages when a packet matches. Exam tip: If you suspect an ACL, check the hit counts before and after a test ping to see if they increment.
Cisco Discovery Protocol (CDP) is a proprietary layer 2 protocol that runs on Cisco devices. It advertises device identity, capabilities, and platform to directly connected neighbors. 'show cdp neighbors' displays a list of neighboring Cisco devices, including their device ID, local interface, holdtime, capability, platform, and port ID. This is invaluable for discovering the network topology without logging into each device. It works across VLANs and trunks. Exam tip: CDP is enabled by default on Cisco devices. If you don't see neighbors, check if CDP is globally disabled or on the interface.
Use 'show mac address-table interface [interface]' to see all MAC addresses learned on that port. For example, 'show mac address-table interface FastEthernet0/1' will show the MAC address(es) of devices connected to that port. If no MAC is shown, the port may be in blocking STP state, or the device is not sending traffic. You can also use 'show mac address-table address [mac]' to find which port a specific MAC is on. Exam tip: The MAC address table is also called the CAM table. On some switches, use 'show mac address-table dynamic' to see only dynamically learned entries.
It shows CPU utilization for the entire router/switch and per process. The first line shows average utilization over 5 seconds, 1 minute, and 5 minutes (e.g., 'CPU utilization for five seconds: 10%/5%'). The percentage after the slash is the interrupt level. Then it lists processes with their CPU usage. If a process like 'IP Input' is high, it means the device is processing many packets in software (e.g., due to ACLs, NAT, routing). High CPU can cause performance issues. Exam tip: If you see high CPU, identify the offending process and reduce its load (e.g., optimize ACLs, enable CEF switching).
You've just covered Essential Show Commands for Troubleshooting — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?