Explanation of commands for Summer 2025 switch auditing
This guide has been created to help explain the commands behind: Auiditing a C9300 switch from NinjaOne (Summer 2025) | Knowledge Base | Service Desk
I have provided .txt files which break down the process as a complete version with all items. I have also pasted the text of the complete file into the KB but the formating leaves a lot be desired (limitation of Fresh Knowledge base).
To get the following information per switch stack choose the correct attached text file:
- Show C9300 Hostname and VLAN 6 IP address.txt
- Hostname
- VLAN 6 IP address
- Show C9300 information.txt
- Model
- Serial number
- MAC address
- Hardware version
- Software / image version
- Boot software / image version
- Show StackWise and PowerStack.txt
- StackWise topology
- StackPower topology
- Show C9300 stack inventory.txt
- Show C9300 active uplinks.txt
Please see full text (combined text documents) below or in Switch auditing help complete.txt:
! Author: George Ravenscroft - Our Learning Cloud
! Date: 01/07/2025
! Description: Switch auditing help complete
!
! The exclamation mark is how you write a comment line in Cisco.
! Any text after an ! is inert and has no effect when posted into a C9300 CLI.
! CLI = Command Line Interface (the black screen with white text).
!
! Please note that these commands primarily relate to C9300 switches.
! They may work on other switches, they also may not.
!
! I have written both long form and short form versions of commands.
!
! ----------------------------------------------------------------------------
!
! The stack hostname is the name of the stack in Ninja. It can also be seen
!! in the CLI on the current line:
!
KSA_Core#
!
! Switch hostname is KSA_Core
!
WAC_Core#
!
! Switch hostname is WAC_Core
!
SKA_CabV#
!
! Switch hostname is SKA_CabV
!
! ----------------------------------------------------------------------------
!
! The stack IP address is the VLAN 6 address of that stack.
! Edge stacks have only one IP address, that being their VLAN 6 ipv4 address.
! Core stacks have an IP address in each VLAN (normally the .1 or .193) but
!! it is only the VLAN 6 IP that we are interested in here
!
show run interface vlan 6
!
! KSA_Core#sh run int vlan 6
Building configuration...
Current configuration : 85 bytes
!
interface Vlan6
description Management
ip address 10.13.216.1 255.255.254.0
end
!
! KSA_Core (core switch) VLAN 6 ipv4 address is: 10.13.216.1
!
KSA_Computing#sh run int vlan 6
Building configuration...
Current configuration : 85 bytes
!
interface Vlan6
description Management
ip address 10.13.216.2 255.255.254.0
end
!
! KSA_Coumputing (edge stack) VLAN 6 ipv4 address is: 10.13.216.2
!
! ----------------------------------------------------------------------------
!
! To get switch: number, model, serial number, MAC address, hardware version,
!! and software version:
!
show module
!
KSA_Core#sh mod
Switch Ports Model Serial No. MAC address Hw Ver. Sw Ver.
------ ----- --------- ----------- -------------- ------- --------
1 65 C9300-48P FCW2220G0TJ 848a.8dc3.dd80 V01 17.08.01
2 65 C9300-48T FOC2226Z0D8 dcf7.19d0.5700 V02 17.08.01
3 65 C9300-48T FCW2226L0G3 dcf7.19e1.5c00 V02 17.08.01
4 41 C9300-24T FCW2237C0UQ 0cd0.f847.5600 V02 17.08.01
5 41 C9300-24T FCW2309C06M c4b3.6ae0.8b00 V02 17.08.01
6 65 C9300-48T FCW2226E0FS dcf7.1901.e600 V02 17.08.01
!
! Note that all switches should have the same software version otherwise they
!! would not be stackable.
!
! The 'Ports' column includes both physical ports (24 or 48) as well as
!! theoretical ports (i.e. uplinks, loopback etc.).
!
! ----------------------------------------------------------------------------
!
! To get the system bootstrap software version:
!
show version
!
! However this provides a massive output, and all we need is the bootstrap IOS.
!
! The pipe (|) symbol can be used with show commands to change search behaviour.
!
show version | include BOOTLDR
!
KSA_Core#sh ver | inc BOOTLDR
BOOTLDR: System Bootstrap, Version 17.8.1r[FC2], RELEASE SOFTWARE (P)
!
! Bootstrap version is 17.8.1
! Ideally, this should match the software version of the stack but it may not.
!
! ----------------------------------------------------------------------------
!
! To get stacking information you need to run two commands. One for data
!! stacking (StackWise-480) and one for power stacking (StackPower).
!
! StackWise-480 (data stacking):
!
show switch neighbors
!
WAC_Core#sh sw neigh
Switch # Port 1 Port 2
-------- ------ ------
1 2 7
2 3 1
3 4 2
4 5 3
5 6 4
6 7 5
7 1 6
!
! This is a correct ring topology. If it does not look this then there is
!! a problem in terms of stack configuration or a hardware / StackWise
!!! cable failure.
!
! StackPower (power stacking):
!
show stack-power
!
WAC_Core#sh stack-power
Power Stack Stack Stack Total Rsvd Alloc Sw_Avail Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
------------------- ------ ------- ------- ------ ------ -------- ---- ---
Powerstack-5 SP-PS Stndaln 350 0 243 107 1 1
Powerstack-2 SP-PS Ring 3210 30 811 2369 3 5
Powerstack-6 SP-PS Ring 1800 30 1556 214 3 3
!
! In theory, there should be 1 ring per every 4 switches. However, this can
!! be temperamental so the only way to see if StackPower is physically correct
!!! is to check the physical cables.
!
! This stack of 7 is in a error state.
!
! It is possible to manually set StackPower configurations to avoid this but
!! the stack is capable of intelligently reconfiguring itself in case of power
!!! or switch failure if left to automatically handle power stacking.
!
! For the purposes of auditing the switches, knowing if the stack has ring
!! topologies in terms of StackWise and PowerStack is enough.
!
! ----------------------------------------------------------------------------
!
! How to see the parts inventory of a stack:
!
show inventory
!
SPA_Core#sh inv
NAME: "c93xx Stack", DESCR: "c93xx Stack"
PID: C9300-48P , VID: V02 , SN: FCW2242D0KP
NAME: "Switch 1", DESCR: "C9300-48P"
PID: C9300-48P , VID: V02 , SN: FCW2242D0KP
NAME: "StackPort1/1", DESCR: "StackPort1/1"
PID: STACK-T1-50CM , VID: V01 , SN: MOC2238A5B6
NAME: "StackPort1/2", DESCR: "StackPort1/2"
PID: STACK-T1-50CM , VID: V01 , SN: MOC2238A5B9
NAME: "Switch 1 - Power Supply A", DESCR: "Switch 1 - Power Supply A"
PID: PWR-C1-715WAC , VID: V03 , SN: LIT22414954
NAME: "Switch 1 - Power Supply B", DESCR: "Switch 1 - Power Supply B"
PID: PWR-C1-715WAC , VID: V02 , SN: LIT22293XLC
NAME: "Switch 1 FRU Uplink Module 1", DESCR: "8x10G Uplink Module"
PID: C9300-NM-8X , VID: V02 , SN: FOC224351K9
NAME: "Te1/1/1", DESCR: "SFP-10GBase-SR"
PID: SFP-10G-SR-S , VID: V01 , SN: FNS28050KYF
NAME: "Switch 2", DESCR: "C9300-48T"
PID: C9300-48T , VID: V02 , SN: FOC2239U13G
NAME: "StackPort2/1", DESCR: "StackPort2/1"
PID: STACK-T1-50CM , VID: V01 , SN: MOC2238A5B9
NAME: "StackPort2/2", DESCR: "StackPort2/2"
PID: STACK-T1-50CM , VID: V01 , SN: MOC2238A5B6
NAME: "Switch 2 - Power Supply A", DESCR: "Switch 2 - Power Supply A"
PID: PWR-C1-350WAC , VID: V02 , SN: ART2245F7WN
NAME: "Switch 2 - Power Supply B", DESCR: "Switch 2 - Power Supply B"
PID: PWR-C1-350WAC , VID: V02 , SN: ART2240FBN4
NAME: "Switch 2 FRU Uplink Module 1", DESCR: "8x10G Uplink Module"
PID: C9300-NM-8X , VID: V02 , SN: FOC2243506V
NAME: "Te2/1/1", DESCR: "SFP-10GBase-SR"
PID: SFP-10G-SR-S , VID: V01 , SN: FNS28050J0K
!
! This provides a lot of information. What we are interested in here is:
! - 'Switch 1 FRU Uplink Module 1: […] C9300-NM-8X'
! - '"Te1/1/1" […] SFP-10G-SR-S'
! - 'Switch 2 FRU Uplink Module 1 […] C9300-NM-8X'
! - '"Te2/1/1" […] SFP-10G-SR-S'
!
! So this stack has 2 C9300-NM-8X uplink modules and 2 10GB fibre SFPs. These
!! are required for the standard way that OLC uplinks C9300 stacks.
!
! You may see GLC-SX-MMD SFPs (1GB instead of 10GB) and C9300-NM-4G uplink.
!! modules. These are older but still in support.
!
! Please note: some stacks may be uplinked via a simple RJ-45 ethernet
!! connection. This will not be a apparent from the show inventory command.
!
! ----------------------------------------------------------------------------
!
! How to see active uplinks:
!
show cdp neighbors | include NAC
!
NAC_Core#sh cdp neigh | inc NAC
Device ID Local Intrfce Holdtme Capability Platform Port ID
NAC_Hub1.GAT Ten 1/1/1 171 S I C9300-48P Ten 1/1/1
NAC_Hub1.GAT Ten 2/1/1 132 S I C9300-48P Ten 2/1/1
NAC_Hub2.GAT Ten 1/1/2 172 S I C9300-24P Ten 1/1/1
NAC_Hub2.GAT Ten 2/1/2 178 S I C9300-24P Ten 2/1/1
NAC_Hub3.GAT Ten 1/1/3 152 S I C9300-48P Ten 1/1/1
NAC_Hub3.GAT Ten 2/1/3 139 S I C9300-48P Ten 2/1/1
NAC_Hub4.GAT Ten 2/1/4 138 S I C9300-24P Ten 2/1/1
NAC_Hub4.GAT Ten 1/1/4 173 S I C9300-24P Ten 1/1/1
NAC_Hub5.GAT Ten 1/1/5 137 S I C9300-24P Ten 1/1/1
NAC_Hub5.GAT Ten 2/1/5 144 S I C9300-24P Ten 2/1/1
NAC_Hub6.GAT Ten 1/1/6 161 S I C9300-24P Ten 1/1/1
NAC_Hub7.GAT Ten 1/1/7 156 S I C9300-24P Ten 1/1/1
NAC_PAC.GAT Ten 1/1/8 152 S I C9300-24U Ten 1/1/1
!
! Because all stacks begin their hostnames with their site code, we can filter
!! the results with '| include' to make it easier to parse.
!
! Please note that I added the column headers here to make the data easier to
!! read. You will not see them unless you run an unfiltered show cdp neighbors.
!
! Here we can see the Hubs 1, 2, 3, 4, and 5 have redundant links active. We can
!! also see the speed of the links (Ten[gigabit]) as well as which local uplink
!!! ports connect to which remote uplink ports
!
! In more detail:
! NAC_Hub1.GAT Ten 1/1/1 171 S I C9300-48P Ten 1/1/1
! NAC_Hub1.GAT Ten 2/1/1 132 S I C9300-48P Ten 2/1/1
!
! NAC_Core uplinks to NAC_Hub1 from switch 1's uplink module's first port
!! to NAC_Hub1's first switch's first uplink port.
! AND
! NAC_Core uplinks to NAC_Hub1 from switch 2's uplink module's first port
!! to NAC_Hub1's second switch's first uplink port.
!
! ----------------------------------------------------------------------------