Cisco IOS Show Interface Explained

The “show interface” command on a Cisco IOS router or switch gives you a lot of information. Here’s an example:

R1#show interfaces FastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is Gt96k FE, address is c201.1d00.0000 (bia c201.1d00.0000)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     2 packets output, 403 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

There are a number of things we can check with the show interfaces command. Let me describe them:

  • FastEthernet/0 is up, line protocol is up: this means that the interface is physically up and that the protocol is operational. When you use Ethernet, the protocol is normally up unless you configured port-security or BPDU guard. When a violation occurs, you might see err-disabled here.
  • Hardware is Gt96k FE, address is c201.1d00.0000 (bia c201.1d00.0000): The interface hardware is Gt96k and the current MAC address is c201.1d00.0000. The BIA (Burned-In-Address) is the same. If you would spoof (change) the MAC address then the first MAC address would be the spoofed one, the BIA address never changes. You can change the MAC address with the “mac-address” command on the interface.
  • MTU 1500 bytes: The MTU (Maximum Transmission Unit) is 1500 bytes.
  • BW 100000 Kbit/sec: The bandwidth is 100000 Kbit/sec (100 Mbit), this information is used by routing protocols like OSPF or EIGRP to calculate the metric.
  • DLY 1000 usec:  The delay of 1000 usec is the “propagation delay”. This is the amount of time required for the signal to travel from the sender to the receiver. Like the bandwidth, EIGRP uses this to calculate the metric.
  • reliability 255/255: When the input and output errors increase, they affect the reliability counter. This indicates how likely it is that a packet can be delivered or received succesfully. Reliability is calculated like this: reliability = number of packets / number of total frames. The value of 255 is the highest value meaning that the interface is very reliable at the moment.  The calculation above is done every 5 minutes.
  • txload 1/255: This indicates how “busy” the interface is when it comes to transmitting frames. This is calculated every 5 minutes.
  • rxload 1/255:  The same as above but for receiving frames.
  • Encapsulation ARPA: This is the layer 2 protocol that we use, when we use Ethernet it shows up as ARPA (Advanced Research Projects Agency) which is Ethernet version 2 encapsulation. If you use PPP, HDLC or frame-relay on serial links then it will show up here.
  • loopback not set: serial interfaces can be “set” in loopback mode, this is used to test the interface. Don’t confuse this one with the loopback interface.
  • Keepalive set (10 sec): The router sends keepalive packets as a method to check if there is end-to-end connectivity.
  • Full-duplex, 100Mb/s, 100BaseTX/FX: This tells us if we are using half or full-duplex, the bandwidth and the type of interface.
  • ARP type: ARPA, ARP Timeout 04:00:00: The ARP type that we use, for Ethernet this is ARPA by default. The timeout is how long entries remain in the ARP cache, by default this is 4 hours.
  • Last input never, output 00:00:02, output hang never:  This is a router that I just booted, this line will show the last time it received or sent anything.
  • Last clearing of “show interface” counters never: All the counters in the output of show interface can be cleared, this shows us when these counters have been cleared.
  • Input queue: 0/75/0/0 (size/max/drops/flushes):  This tells us how many packets are in the input queue and it’s maximum size (75). Drops is the number of packets that have been dropped. Flushes is used to count SPD (Selective Packet Discard). SPD is a protocol that drops low priority packets when the CPU is too busy so that it can save capacity for higher priority packets (routing protocols and such).
  • Total output drops: 0: The number of drops because the output queue is full. When you receive traffic on a 100Mbit interface and forward it on a 10Mbit interface you’ll see congestion which causes packet loss and high delay. Applications that use TCP can use retransmissions but Voice over IP is an application that is very sensitive to packet loss, high delay and a variation in delay which causes jitter. If you see a lot of output queue drops you’ll have to start thinking about implementing QoS (Quality of Service).
  • Queueing strategy: fifo: The current queueing strategy is FIFO (First In, First Out). This is the default for interfaces with a bandwidth above 2 Mbps.
  • Output queue: 0/40 (size/max): The size of the output queue which shows current packets and the maximum it can handle.
  • minute input rate 0 bits/sec, 0 packets/sec: The average rate at which we receive packets.
  • minute output rate 0 bits/sec, 0 packets/sec: The average rate at which we transmit packets.
  • packets input, 0 bytes: The number of packets that we received and the amount in bytes.
  • Received 0 broadcasts: The number of broadcast frames that we have received.
  • runts: Runts are ethernet Frames that are less than 64 bytes.
  • giants: Giants are Ethernet frames that exceed the IEEE 802.3 frame size (1518 bytes, no Jumbo frames) and have a incorrect FCS (Frame Check Sequence).
  • throttles: When the interface fails to buffer the incoming packet then this is considered a throttle.
  • input errors: This counter will increase when the interface receives a frame with any kind of error, this includes runts, giants, no buffer available, CRC errors, etc.
  • CRC: The number of packets received with CRC (Cyclic Redundancy Checksum) errors. This means that the checksum that was generated by the sender does not match the checksum that the receiver calculated. On a LAN this typically occurs when you have issues with cabling or defective network cards.
  • frame: The number of packets that were received with a CRC error and a noninteger number of octets.
  • overrun: This is how often the interface was unable to receive traffic in its hardware buffer because the input rate is higher than the interface can handle.
  • ignored: The number of packets that the interface ignored since the interface hardware ran low on internal buffers. Broadcast storms and noise can trigger this.
  • watchdog: How often the watchdog receive timer has expired. This happens when the interface receives a packet that is larger than 2048 bytes.
  • input packets with dribble condition detected: A dribble frame is a frame that is slightly longer than the default. This counter is increased but the interface will accept the frame anyway.
  • packets output, 403 bytes: The number of packets that have been sent and the amount in bytes.
  • underruns: Number of times that the sender has been running faster than the router can handle.
  • output errors: Same as the input errors counter but for sent packets. This counter increases when anything goes wrong with the transmission of the packet.
  • collisions: Number of packets that have been retransmitted because of a Ethernet collision, on a full duplex network you shouldn’t see this unless you have issues with network cards, too long cables or repeaters in between your switches.
We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 657 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

521 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Forum Replies

  1. Hello James!

    If you have an MTU of 1500 set on a port, then any frame that attempts to ingress on this port that is larger than 1500 bytes will be dropped. If the port is set up to accept larger frames, then it will accept them. As for the FCS, if a frame is smaller than the MTU size that has been configured (either jumbo or not) it will be dropped if the FCS fails regardless of size.

    Note that the DF bit is on the Network Layer, that is, in the IP header. This bit tells the SENDER weather or not the IP packet can be fragmented during encapsulation. Let’s s

    ... Continue reading in our forum

  2. Hello Azm

    This depends on the platform. On the 3750 for example, the MTU cannot be changed on an individual interface, but is implemented globally. On the higher end catalyst switches (4500, 6800 etc) and always depending on the supervisor and IOS used, you can configure it on a per interface basis. In either case, you can verify the MTU on aper interface basis by using

    ... Continue reading in our forum

  3. How do you tell the last time a Cisco Interface flapped?

    Working at ISP I would say a majority is Juniper on a Juniper it actually has “Last Flapped” gives date and time. This is very useful because customer often ask for RFO (reason for outage) You can check interfaces to see last time it flapped. Then you can drill down into logs for the actual reason.

    I was surprised not to find something like this for Cisco?

  4. Hello Brian

    Take a look at this search results page of lessons on the site:

    https://networklessons.com/?s=syslog

    It gives a list of several topics concerning syslog for both IOS devices as well as ASA firewalls. You might find some additional helpful information there.

    Thanks for sharing the last flap command on the ASR 9000 series devices, it’s good to know.

    As you get more familiar with Cisco, please share with us your thoughts concerning how Cisco compares with Juniper, Alcatel and other vendor devices as far as ease of configuration and use goes, it would

    ... Continue reading in our forum

  5. Thanks Rene. The 8-bit value explanation makes sense.

17 more replies! Ask a question or join the discussion by visiting our Community Forum