ICND2 Verification Checklist

VLANs and DTP

show interfaces int-id switchport
- Switchport status (enabled/disabled)
- Administrative and operational trunking mode
- Administrative and operational trunking encapsulation
- DTP negotiation status (on/off)
- Access mode VLAN
- Native VLAN
- Voice VLAN
- Trunking VLANs enabled
- Pruning VLANs enabled
show interfaces int-id trunk
- List of trunk ports
- Administrative trunking mode (off/on/auto/desirable)
- Operational trunking mode
- Operational trunking encapsulation (isl/802.1q/n-isl/n-802.1q)
- Native VLAN
- Allowed VLANs
- Allowed VLANs, minus unknown VLANs and shutdown VLANs
- Allowed VLANs, minus unknown VLANs and shutdown VLANs, minus VTP pruned VLANs
and VLANs for which the interface is in an STP blocking state
show vlan
- VLAN number
- VLAN name
- VLAN status
- Ports in VLAN (trunk ports not shown)
- Table of information on each VLAN (e.g. MTU, type, STP mode)
show vlan [id vlan-id | name vlan-name]
- show vlan information for a specific VLAN only
- Also lists RSPAN VLAN status (enabled/disabled)
- Lists trunk ports in the VLAN
show vlan brief
- show vlan information except table at the bottom is omitted

VTP
show vtp status
- VTP versions that the switch is capable of running
- VTP version that the switch is currently running
- VTP domain name
- VTP pruning status
- IP address of latest configuration modifier, with timestamp
- Operational VTP mode
- Maximum locally supported VLANs
- Number of existing VLANs
 - Configuration revision number
- MD5 digest
show vtp password
- Lists the current VTP password

STP
show spanning-tree [vlan-id | interface int-id]
- Operational STP mode ("spanning tree enabled protocol")
- Root BID (priority + MAC address)
- Root port and root cost (if local switch is not the root)
- Root Hello, MaxAge and Forward Delay timers
- Local BID (priority + sys-id-ext + MAC address)
- Local Hello, MaxAge and Forward Delay timers
- Local aging time
- Interface role, status, cost, port ID and RSTP type
show spanning-tree [vlan vlan-id] root
- For each, or one STP-enabled VLAN:
- Root BID
- Root cost
- Hello, MaxAge and Forward Delay timer
- Root port
show spanning-tree [vlan vlan-id] bridge
- For each, or one STP-enabled VLAN:
- Local BID (priority + sys-id-ext + MAC address)
- Local operational STP mode
- Local Hello, MaxAge and Forward Delay timers
show spanning-tree summary
- Operational STP mode
- VLANs that the switch is the root in
- PortFast and BDPU guard default status (enabled/disabled)
- Table of statistics of STP port states in VLANs
show spanning-tree interface int-id portfast
- Interface PortFast status for a VLAN
debug spanning-tree events
- Lists STP port state changes, sent messages, topology changes etc.

EtherChannel
show etherchannel
- For each channel group:
- Group state
- Ports in PortChannel and maximum ports supported
- Negotiation protocol
show etherchannel [channel-group-no.] summary
- Number of channel groups in use
- For each bundle:
- Group number
- PortChannel interface and status of interface
 - Negotiation protocol ("-" for static)
- Physical ports in the bundle and status of physical ports
show etherchannel [channel-group-no.] port-channel
- For each channel group:
- PortChannel interface
- Age of PortChannel
- Number of ports in the PortChannel
- Negotiation
- Physical port administrative state (e.g. on, desirable)
- Time since last port bundled and interface ID of last port bundled

OSPFv2 and OSPFv3 (change ip to ipv6 for OSPFv3)

show ip protocols
- PID
- RID
- Number of areas in the local router (normal, stub, nssa)
- Maximum path
- network commands with network omitted
- Passive interfaces
- Routing information sources (RID, distance, time since last update)
- Distance
show ip ospf
- PID
- RID
- Number of areas in the local router (normal, stub, nssa)
- For each area:
- Number of local interfaces in the area
- Authentication status
- Number of times SPF algorithm was executed
show ip ospf interface [int-id]
- For each, or one interface:
- IP address and mask
- Area ID
- PID
- RID
- Network type
- Interface cost
- State of router on segment connected to interface (DR, BDR, DROther)
- Priority
- RID and IP address of DR and BDR
- Hello and Dead timers
- Time after which the Hello is due in
- Neighbour count and adjacent neighbour count
- Neighbour RID
show ip ospf interface brief
- For each interface:
- PID
 - Area ID
- IP address and mask
- Interface cost
- Interface state (e.g. P2P, BDR, LOOP, DR)
- Number of full neighbours and expected neighbours ("Full/Complete")
show ip ospf neighbor [int-id]
- Neighbour RID
- Neighbour router's priority
- Neighbour state
- Amount of time remaining of the Dead timer
- Neighbour IP address
- Local interface connected to neighbour
show ip ospf neighbor detail
- For each neighbour:
- show ip ospf neighbor information
- Number of state changes
- IP address of the DR and BDR
- Time since neighbour was up
show ip ospf database [lsa-type]
- RID and PID
- For each area:
- For each LSA type:
- Subnet ID of advertised network
- Router that the subnet is advertised through
- Age of the LSA
show ip route ospf
- Routing protocol code (e.g. O, O IA, O*E2)
- Subnet ID
- AD and metric
- Next-hop router IP address
- Time since route was first learned
- Outgoing interface
debug ip ospf adj
- DR/BDR election process
- LSA sending/receiving/building process
- OSPF router state changes
- DBD exchange process
debug ip ospf events
- Received Hellos
- DR/BDR election
- State changes
- DBD sent and received
debug ip ospf packet
debug ip ospf hello

EIGRP for IPv4 and EIGRP for IPv6 (change ip to ipv6 for EIGRP for IPv6)
show ip protocols
 - ASN
- Metric weight of K-values
- Hold timer
- RID
- ADs
- Maximum path
- Variance
- Autosummarisation status (N/A for IPv6)
- Routing for networks
- Routing information sources
- Passive interfaces
show ip eigrp interfaces [int-id]
- ASN
- For each nonpassive interface:
- Number of connected peers
- Transmit queue (un/reliable)
- Mean SRTT
- Multicast flow timer
- Number of pending routes
show ip eigrp interface detail [int-id]
- show ip eigrp interface information
- Authentication status
- Hello and Hold timers
- Split horizon status
- Number of Hellos sent
show ip eigrp neighbors [int-id]
- ASN
- Number in the neighbour table (higher = newer)
- Neighbour IP address
- Outgoing interface
- Holdtime remaining
- Uptime
- SRTT, RTO, Queue count, sequence number
show ip eigrp topology [subnet/prefix]
- Topology information status
- Subnet ID and mask
- Number of successors for the network
- Feasible distance of successor route
- For each route:
- Next-hop router IP address
- 'FD of route'/'RD of route'
- Outgoing interface
show ip eigrp topology all-links
- Lists show ip eigrp topology but also includes non-successor, non-FS routes
show ip route eigrp
- Routing protocol code (D, D EX etc.)
- Subnet ID
 - AD and metric
- Next-hop router IP address
- Time since route was first learned
- Outgoing interface
show ip eigrp traffic
- ASN
- Sent/received Hellos
- Sent/received Updates
- Sent/received Queries
- Sent/received Replies
- Sent/received Acks
debug eigrp fsm shows:
- Router advertising route with FD and RD of infinity
- Router attempting to find FS routes for a failed successor route if there are no FS routes
- Router removing routes
- Router advertising routes and sending updates
- Router installing routes
debug eigrp packets
- Lists received/sent Update, Request, Query, Reply, Hello and Ack messages

BGP
show ip protocols
- ASN
- Autosummarisation status
- Neighbour IP address
- Maximum path
- Routing information sources
- ADs
show ip bgp
- For each BGP route:
- Status code (*, >, etc.)
- Subnet ID and mask
- Next-hop router IP address
- Metric, local preference, weight
- Path (AS_PATH and origin code [i, e, ?])
show ip bgp summary
- RID
- Local ASN
- For each BGP neighbour:
- Neighbour IP address
- BGP version
- ASN
- Messages sent/received
- Up/down time
- State (e.g. Idle (admin)) and number of prefixes received
show ip bgp neighbors
 - Neighbour IP address
- Remote ASN
- Remote RID
- BGP state
- Received/sent messages
show tcp brief
- Lists TCP connections that terminate at the local router
- Local IP address and port
- Foreign IP address
- Connection state
show ip route prefix mask longer-prefixes
- Displays routes for subnets within the network

PPP, MLPPP and PPPoE

show interfaces [int-id]
- Encapsulation protocol (HDLC/PPP, LCP Open)
- Keepalive timer
show ppp all
- For each interface:
- LCP, NCP, authentication protocols
- Status of protocols (open, nego, fail)
- Peer IP address
- Peer name
show ppp multilink
- For each multilink bundle:
- Remote username
- Local username
- Bundle uptime
- Physical interfaces in the MLPPP bundle and time since they joined the bundle
- Inactive multilink interfaces
show interface multilink no.
- Two-item status
- "Hardware is multilink group interface"
- "multilink Open"
show pppoe session
- For each session:
- Remote MAC address
- Local MAC address
- Local physical port
- Dialer interface and virtual-access interface
- Session state
show interfaces dialer no.
- Two-item status
- IP address and mask
- MTU
- "Encapsulation PPP, LCP Closed"
- Virtual-access interface that the dialer interface is bound to
 - Virtual-access-interface two-item status
- "Encapsulation PPP, LCP Open"
- Open NCPs
- "PPPoE vaccess, cloned from" dialer interface that the virtual-access interface is bound
to
- Dialer interface that the virtual-interface is bound to
show interfaces virtual-access no.
- Similar output as a normal interface, except for a virtual-access interface
show interfaces virtual-access no. configuration
- Lists the IOS generated configuration for the virtual-access interface that is derived from
show running-config interface dialer no. and show running-config interface virtual-
access no.
debug ppp authentication
- Input/output authentication messages such as Challenge, Response, Failure etc.
debug ppp negotiation
- Generates debug messages for LCP and NCP negotiation messages sent between devices

GRE
show interfaces tunnel no.
- Two-item status
- IP address and mask
- "Hardware is Tunnel" and "Encapsulation TUNNEL"
- Tunnel source IP address (and/or interface)and destination IP address
- Tunnel protocol and transport (e.g. GRE/IP)

IPv4 and IPv6 ACLs (change ip to ipv6 for IPv6 ACL)

show ip interface [int-id]
- Two-item status, IP address and mask
- Outgoing/inbound access list
show access-lists [acl-no. | acl-name]
- ACL name
- ACEs with sequence numbers
- Number of matches for ACEs
show ip access-lists [acl-no. | acl-name]
- Same information as show access-lists except only IPv4 ACLs are listed

HSRP
show standby
- For each interface:
- Group number and version
- Virtual IP address and MAC address
- Hello and Hold timers and time after which the next Hello will be sent
- Preemption status
- Active router IP address and priority
- Standby router IP address and priority
- Local priority
- Group name
show standby brief
- For each interface:
- Group number
- Priority
- Preemption status
- Local state
- Active router IP address
- Standby router IP address
- Virtual IP address

IPv6
show ipv6 interface [int-id]
- Global unicast IPv6 address and prefix
- Link-local IPv6 address
- Joined group address(es)
show ipv6 protocols
- Lists information for IPv6 routing protocols enabled on the router
show ipv6 route
- Lists IPv6 routes in similar fashion to show ip route
show ipv6 neighbors
- Host IPv6 address
- Age
- Host MAC address
- NDP entry state (REACH, STALE etc.)
- Outgoing interface
show ipv6 routers
- Link-local IPv6 address of neighbour router
- Outgoing interface

SNMPv2c and SNMPv3

show snmp
- Contact and location
- Number of input SNMP packets
- Number of requested variables
- Number of altered variables
- Number of received Get Requests
- Number of received Set Requests
- Number of output SNMP packets
- Number of sent Traps
show snmp community
- Community name
- Active ACL
show snmp host
- Notification host IP address
- Type of notification (trap, inform)
- User (notification community string or username)
- Security model (v2c, v3 noauth/auth/priv)
show snmp contact
- Contact name
show snmp location
- Location
show snmp group
- For each group:
- Groupname
- Security model (v3 noauth/auth/priv)
- Read view and write view
- ACL
show snmp user
- For each user:
- Username
- Authentication protocol
- Privacy protocol
- Groupname

IP SLA
show ip sla summary
- Operation ID and status (active, inactive, pending)
- Operation type (e.g. icmp-echo)
- Destination IP address
- RTT (ms)
- Return code
- Last run (x seconds ago)
show ip sla statistics [op-no.]
- For each operation:
- Latest RTT
- Latest operation start time
- Latest operation return code
- Number of successes and failures
- Operation time to live
show ip sla history [op-no.]
- For each operation:
- Bucket index
- RTT
- Return code
- Target IP address
show ip sla enhanced-history distribution-statistics [op-no.]
- Displays any enhanced IP SLA history information if configured, including aggregated
statistics based on multiple operations calculated and stored into each history bucket

SPAN
show monitor session [no. | all]
- For each, or one session:
- SPAN type (local SPAN, RSPAN, ERSPAN)
- Source ports/VLANs (lists directions which at least one port is using)
 - Destination ports
show monitor detail
- Same information as show monitor session except all directions for both source ports
and VLANs are listed

APIC-EM Path Trace Tool

- Enter in source and destination IP address, and optionally protocol and source and
destination port numbers
- Optionally choose to refresh every 30 seconds
- Optionally choose to enable ACL Trace