Saving Time with CLI Filters

If you have dealt with routers or switches for any time at all, you realize how long and cumbersome the configuration can get. This is especially true when dealing with router configurations that include voice, zone-based firewall or anything else that pushes a router beyond its intended purpose. Fortunately, Cisco provides some tools to help us see what we need to see and filter the excess. You can get a glimpse into some of these filters by typing the “show run” command and using our context sensitive help (aka the ?).

MyRTR#show run ?
*Apr  5 11:21:21.219: %SYS-5-CONFIG_I: Configured from console by console?
brief       configuration without certificate data
class-map   Show class-map information
full        full configuration
interface   Show interface configuration
linenum     Display line numbers in output
map-class   Show map class information
policy-map  Show policy-map information
view        View options
|           Output modifiers
<cr>

The option we are interested in is the “|” (Output modifier). We can quickly see that if we include that “|” as a parameter and use our trusty old “?”, we have more options.

MyRTR#show run | ?
append    Append redirected output to URL (URLs supporting append operation
only)
begin     Begin with the line that matches
exclude   Exclude lines that match
include   Include lines that match
redirect  Redirect output to URL
section   Filter a section of output
tee       Copy output to URL

The ones I find really useful are include, begin and section.  You can also play around with the exclude option as well.  I’ve not seen any real world use cases for the rest (but I’m sure they exist).  The simplest of these to understand is the “include” command.  This command parses the output of whatever command precedes the “|” and only presents whatever matches a filter that we need to provide.  For example, I could issue the command “show run | include address”.  The entire output of the running-config would be piped out to the include command and filtered against “address”.  So I would expect to see output similar to the following.

MyRTR#show run | inc address

 ip address 1.1.1.1 255.255.255.0
ip address 2.2.2.2 255.255.255.0
ip address 10.1.1.1 255.255.255.0

I could also get fancy with the filter that I am using.  I could use wildcards that are similar to regex.

//all instances of “address”
MyRTR#show run | inc address
ip address 1.1.1.1 255.255.255.0
ip address 2.2.2.2 255.255.255.0
ip address 10.1.1.1 255.255.255.0

//all instances of address with a space, a single character, then a period
// the “.” In the filter is a wildcard and a “\.” matches a “.”–confusing
MyRTR#show run | inc address .\.
ip address 1.1.1.1 255.255.255.0
ip address 2.2.2.2 255.255.255.0
//notice we don’t see 10.1.1.1

The following characters have special meaning in regex and in the filter syntax.

. (Period) Any Single Character
* A multiplier that matches 0 or more sequences of the preceding character
+ A multiplier that matches 1 or more sequences of the preceding character
? A multiplier that matches 0 or 1 sequences of the preceding character
^ Matches the start of a line
$ Matches the end of a line
_ Matches Word Boundaries

If you need to match any of these characters, you must escape them in your filter by using a “\.”  To quickly see the effect of this issue the following two commands on a router.

MyRTR#show run | inc .
Building configuration…
Current configuration : 740 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MyRTR
!
boot-start-marker
boot-end-marker
!

< — Snip (it shows everything — >

MyRTR#show run | inc \.
Building configuration…
version 12.3
ip address 1.1.1.1 255.255.255.0
ip address 2.2.2.2 255.255.255.0
ip address 10.1.1.1 255.255.255.0
MyRTR#

If you find yourself repeatedly paging through a router configuration to look for a single line, this can be a huge and powerful time saver.  However, you will soon find that you need to see some items around certain lines in the configuration.  One solution to this is to think about where in the configuration you want to start looking.  Then you can filter down to that point using the “begin” filter.  For example, I might want to see everything in the configuration starting at “line vty”.  For that, I could issue the following command.

MyRTR#show run | begin line
line con 0
line aux 0
line vty 0 4
password notsecure
login
!

Well that works well assuming two things.  The first thing is that I must have some idea what area I want to look at.  The other thing is that I must remember to issue it with the command.  Unfortunately, I often find that I forget to filter until I have to hit the spacebar a couple of times.  In that case, there is another solution.  After you start paging (hitting the space bar) after issuing a command, you can issue the “/” command instead.  When you do that, the router expects you to enter a filter immediately following the forward slash.  After you complete the filter, press enter.  The router will skip forward until a match is found.  It is roughly the equivalent of using the previously mentioned  “ | begin “ filter.

MyRTR#show run
<output snip>
no aaa new-model
ip subnet-zero
!
!
!
/vty
filtering…
line vty 0 4
password notsecure
login
!
End

All of these filtering methods are handy and useful.  However, the most powerful filter is the “section” command.  This command functions like the “include” filter to show lines that match the filter criteria.  However, section takes it one step further.  This command also shows subordinate configuration options to every line it matches.  If you notice when you look at your running configuration, some lines are indented.  For example, the lines that are below “router eigrp <x>” or “interface fa x/x” will be indented by single spaces.  These indented commands are sub-commands of a command above in the running configuration.  The beauty of the “section” filter is that it shows the sub commands.  For example, I can see all of the eigrp commands this way.

MyRTR#show run | sec eigrp
router eigrp 1
network 1.0.0.0
network 2.0.0.0
auto-summary

With any of these filter methods; I can combine two or more filter strings together.

MyRTR#show run | section interface|eigrp
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
speed auto
interface Serial0/0
ip address 2.2.2.2 255.255.255.0
shutdown
no fair-queue
interface Serial1/0
ip address 10.1.1.1 255.255.255.0
encapsulation ppp
shutdown
router eigrp 1
network 1.0.0.0
network 2.0.0.0
auto-summary

I can even sort of create my own limited wildcards.  For example, I can show any line that has a 1 or 2 followed by a period.

MyRTR#show run | include [12]\.
version 12.3
ip address 1.1.1.1 255.255.255.0
ip address 2.2.2.2 255.255.255.0
ip address 10.1.1.1 255.255.255.0
network 1.0.0.0
network 2.0.0.0

If I find that I am using a complex filter regularly, I can create an alias.  Below I have created an alias to execute “show run | include address|network”.  After issuing the configuration below, I can type the command “san” and the router will do a “show run” and render each line that includes address OR network.

MyRTR(config)#alias exec san show run | include address|network

MyRTR(config)#exit
MyRTR#
*Apr  5 12:08:46.727: %SYS-5-CONFIG_I: Configured from console by console
MyRTR#
MyRTR#san
ip address 1.1.1.1 255.255.255.0
ip address 2.2.2.2 255.255.255.0
ip address 10.1.1.1 255.255.255.0
network 1.0.0.0
network 2.0.0.0
alias exec san show run | include address|network

One more thing I should mention.  The filter syntax doesn’t just work with “show running-config”, it works with output from all of the show commands.

MyRTR#show interfaces | inc protocol|address
FastEthernet0/0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0011.216c.9f03 (bia 0011.216c.9f03)
Internet address is 1.1.1.1/24
Serial0/0 is administratively down, line protocol is down
Internet address is 2.2.2.2/24
Serial1/0 is administratively down, line protocol is down
Internet address is 10.1.1.1/24

The Cisco IOS configuration can be quite large depending on the services being offered.  Paging through a long configuration can be very time consuming.  IOS provides some very useful filter options that can be accessed using the pipe character.  Regardless of your level of expertise, learning filtering techniques that fit your environment can be a huge time saver and invaluable when in a time crunch (when something is down).

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Certification, General, Network, Technology and tagged , . Bookmark the permalink.

Leave a Reply