One of the great new features introduced in IOS release 12.4(20)T is the Embedded Menu Manager (EMM), which allows you to build dynamic hierarchical menus with a combination of static definitions in XML and Tcl scripts. The Cisco documentation on this feature is quite cryptic, so I wrote an introduction to EMM, describing the major XML elements and the ways to use it.
I tend to forget whether I'm in configuration mode or not and often type the do command in exec mode or the show command in configuration modes. With the alias functionality you can make the show command a native command in the configuration modes; just configure alias configure show do show.
The “only” drawback of this approach is that IOS has zillion different configuration modes and you have to define the alias in each one of them (you could do it just in the most common ones … or try to remember to type the do keyword first :).
In a layer-3 switching environment, the ARP table displayed with the show arp command lists the logical (L3) interfaces, for example the VLAN or BVI interface. This Tcl script displays the logical as well as physical interface associated with each IP/MAC address.
Martin Hecko gave me the idea for this script and helped to test it on a Catalyst switch. Thank you!
If you have to troubleshoot routers with long configurations, you're probably as fed up with the slow response of the show running-config command as I am. Unfortunately, there's not much you can do; the running configuration is reverse-engineered from various memory variables every time you ask for it and that process simply takes time if you've configured many parameters.
IOS release 12.2(33)SRB has introduced a fantastic feature: router configuration partitioning. The early seeds of this idea are already present in mainstream IOS releases. For example, you can display the configuration of a single interface, all class-maps or all policy-maps. The configuration partitioning gives you the ability to display access-lists, route-maps, static routes, router configurations ...The following printout shows you the various parts of router configuration you can display:
PE-A#show running-config partition ?For example, if you want to display just the configuration of the OSPF process, you'd ask for show running partition router ospf 1:
access-list All access-list configurations
class-map All class-map configurations
common All remaining unregistered configurations
global-cdp All global cdp configurations
interface Each Interface specific Configurations
ip-as-path All IP as-path configurations
ip-community All IP community list configurations
ip-domain-list All ip domain list configurations
ip-prefix-list All ip prefix-list configurations
ip-static-routes All IP static configurations
line All line mode configurations
policy-map All policy-map configurations
route-map All route-map configurations
router All routing configurations
snmp All SNMP configurations
tacacs All TACACS configurations
PE-A#show running partition router ospf 1
Building configuration...
Current configuration : 164 bytes
!
Configuration of Partition - router ospf 1
!
!
router ospf 1
log-adjacency-changes
passive-interface Serial1/1
network 0.0.0.0 255.255.255.255 area 0
!
!
end
Recently I had to explore the behavior of Cisco IOS OSPF implementation and had to inspect OSPF database on routers in various areas. If you're only interested in the contents of the database (not in low-level troubleshooting), variety of LSA fields (including LS Age, Options, Checksum, Length ...) are just cluttering the printout, so I fine-tuned the show filter to exclude all the non-relevant fields, ending with show ip ospf database parameters | exclude LS|Options|Check|Len|(MTID:[ 0-9]+$) (the MTID field appears in IOS release 12.2SRC).To make the command more useful, I've changed it into a short Tcl script (using steps from the post explaining how to execute complex CLI commands from Tcl) stored in flash:ospfdb.tcl …
set cmd {show ip ospf database }
append cmd $argv
append cmd { | excl LS|Options|Check|Len|(MTID:[ 0-9]+$)}
puts [exec $cmd]
… and defined alias exec ospfdb flash:ospfdb.tcl. I could then easily inspect the contents of various parts of OSPF database I was interested in, for example:a3#ospfdb external 0.0.0.0
OSPF Router with ID (10.0.1.3) (Process ID 1)
Type-5 AS External Link States
Link State ID: 0.0.0.0 (External Network Number )
Advertising Router: 10.0.1.5
Network Mask: /0
Metric Type: 2 (Larger than any link state path)
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 1
The various show filters available in Cisco IOS are a great tool to minimize the amount of printout you have to analyze, their only problem (from my perspective) is that you cannot make an alias out of them, as you usually have to supply one or more parameters to the show command and these parameters have to be inserted before the filter (and the alias command does not support replaceable parameters). You could solve the problem with Tcl shell, but I'm not sure many networking engineers are fluent Tcl programmers. Fortunately, the code you need is so simple anyone can create a working solution.
Follow these simple steps:
puts [exec "show ip interface $argv ¦ include address¦protocol"]
X1#ipconfig fa0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 172.16.0.1/24
Broadcast address is 255.255.255.255
Helper address is not set
Network address translation is disabled
Replace the broken vertical bar in sample printouts with a vertical bar before using them.
Displaying the BGP routes originated in the local AS is simple: you just filter the BGP table with a regular expression matching an empty AS path. Displaying routes originated by the local router is tougher. You could use the fact that the local routes have the weight set to 32768:
PE-A#show ip bgp quote-regexp "^$" | inc Network|32768
Network Next Hop Metric LocPrf Weight Path
*> 10.0.1.1/32 0.0.0.0 0 32768 i
This would work if you don’t play with BGP weights in network statements. If you’ve changed the weights, you should filter the routes based on the BGP next-hop: locally originated routes have the next-hop 0.0.0.0 and all other routes should have a non-zero BGP next-hop. To filter BGP routes based on the next-hop you have to:
A sample configuration and show command printout is included below:
ip access-list standard AllZeros
permit 0.0.0.0
!
route-map NextHopSelf permit 10
match ip next-hop AllZeros
PE-A#show ip bgp route-map NextHopSelf | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 10.0.1.1/32 0.0.0.0 0 32768 i
To make this command simpler to use, define an alias: alias exec mybgp show ip bgp route-map NextHopSelf | begin Network.
The easiest way to display BGP routes originating in the local autonomous system is to use the regular expression ^$ (empty AS-path) in the show ip bgp regexp command, for example:
PE-A#show ip bgp regexp ^$
BGP table version is 10, local router ID is 10.0.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.1.1/32 0.0.0.0 0 32768 i
r>i10.0.1.2/32 10.0.1.2 0 100 0 i
If you want to apply a show filter to the printout of this command, you have to use the quote-regexp variant; otherwise the rest of the line is interpreted as regular expression. To skip the header explaining the BGP status code (we know them by heart by now, don’t we?), use …
PE-A#show ip bgp quote-regexp "^$" | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 10.0.1.1/32 0.0.0.0 0 32768 i
r>i10.0.1.2/32 10.0.1.2 0 100 0 i
… and end with the eye candy – define this command as an alias: alias exec localbgp show ip bgp quote-regexp "^$" | begin Network.
The do command available in configuration modes of Cisco IOS is probably one of the best features ever implemented in IOS, but you tend to continue typing the do keyword even in the exec mode, resulting in syntax errors. The alias command doesn't help as you cannot specify an empty command line. However, there is a Tcl-based workaround.Store the following Tcl code in flash:do.tcl:
puts [exec $argv]Configure alias exec do tclsh flash:do.tcl and you can execute the do command from exec mode.
The simple solution does not page the output, a lot more work would be needed to implement the proper paging functionality
Numerous comments to the "terminal exec prompt" post told me that it might be good to review the line/terminal configuration rules:
For example, IOS performs DNS lookups on all names entered by a user (assuming the ip domain-lookup is not disabled). You can change that behavior with the domain-lookup characteristic (enabled by default). To permanently disable DNS lookups on all VTYs use:
line vty 0 4To disable the lookup for the current session, use terminal no domain-lookup.
no domain-lookup
Xavier has mentioned an interesting undocumented command in his comment to the “Continuous display of top CPU processes” post: after you execute terminal exec prompt timestamp, every show command displays current time and CPU utilization before the requested printout.Here is a short example:
R1#terminal exec prompt timestamp
R1#show ip interface brief
Load for five secs: 4%/0%; one minute: 1%; five minutes: 0%
Time source is NTP, 17:31:14.456 UTC Wed May 28 2008
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.0.0.1 YES NVRAM up up
FastEthernet0/1 192.168.200.205 YES DHCP up up
Serial1/0 unassigned YES NVRAM administratively down down
Serial1/1 unassigned YES NVRAM administratively down down
Serial1/2 unassigned YES NVRAM administratively down down
Serial1/3 unassigned YES NVRAM administratively down down
The Tcl scripting (invoked with tclsh command) is now available on almost all IOS-based platforms (apart from the low-end Catalyst switches). For high-end distributed platforms, use the 12.2(33)SRC release, for Catalyst 6500 the 12.2(33)SXH release. On most other platforms, you can use mainstream 12.4 release.
The brief display of the state of IPv6 interfaces in the router (show ipv6 interface brief) is significantly different from the well-known show ip interface brief display as the IPv6 address might not fit in the same line as all the other data. To filter the printout and display only the operational interfaces, you have to replace the include filter with the section filter, which displays all the lines matching the regular expression as well as associated follow-up lines.
PE-A#show ipv6 interface brief | section up
Serial1/0 [up/up]
unassigned
Serial1/1 [up/up]
FE80::C800:CFF:FEA7:0
Loopback0 [up/up]
unassigned
The definition of the associated follow-up lines depends on the printout. Usually the indented lines are assumed to belong to a section, but you might be surprised.
I'm probably getting old … I keep forgetting the exact names (and capitalization) of route-maps I've configured on the router. The show route-maps command is way too verbose when I'm simply looking for the exact name of the route-map I want to use, so I wrote a Tcl script that displays the names of the route-maps configured on the router. If you add a -d switch, it also displays their descriptions (to be more precise, the first description configured in the route-map).
When using the -d switch, the script executes the show running command and might take a while to complete.
To use the script, download the routeMaps.tcl file (available from my web site) into the router's flash and follow the installation instructions in the source.
Here is a sample printout from one of my routers:R1#show alias | include rm
rm tclsh flash:routeMaps.tcl
R1#rm
LocPref
SetCommunity
TestRange
prepend
R1#rm -d
Route map name Description
========================================================================
LocPref
SetCommunity Sets time-based communities on local routes
TestRange
prepend
In a previous post, I've described how you can use Tcl shell to upload text content into router's flash if the router has no connectivity to a suitable file server (or you don't have FTP or TFTP server handy).
The trick works flawlessly, but typing the same obscure Tcl commands gets tedious after a while, so the first time I had to use this solution to develop a Tcl script, I've quickly written another script that takes file name as the parameter and hides all the other murky details.
To use it, transfer the contents of storeFile.tcl (available from my web site) to the router's flash (using the previously described trick), follow the installation instructions in the source and you're ready to go.
Note: You can adapt the Tcl script to your needs; for example, you could add instructions to re-register EEM Tcl policy every time you upload the new code.
Debugging time-based configurations could be a nightmare, as you have to switch router's time back and forth trying to debug your configuration and wait for the desired event to occur. When I was debugging my EEM-based solution to time-based BGP policy routing, I simply defined two aliases that would set the clock to 30 seconds before the event I wanted to test:
alias exec 859 clock set 08:59:30
alias exec 900 clock set 09:00:30
Obviously, these tests are best done in a lab setup … and you have to turn off NTP or any other form of time synchronization.
Someone has sent me an interesting question a while ago: he's changed the configuration of a single VTY line and got three blocks of VTY configuration commands, similar to this:
line vty 0 2He wanted to merge the three configuration blocks back into a single one but somehow didn't know how to do it.
login
line vty 3
password secret
login
line vty 4
login
line vty 0 4
login
password secret
Note: This article is part of You've asked for it series.
If you like to use Google as your primary search engine, this trick could help you get better search results when you're looking up IOS configuration commands:
For example, if you want to look up the show control-plane command, use the query "show control-plane" site:cisco.com inurl:ios124 to get four highly relevant hits.
Terry Slattery took time (after 15 years) and wrote a short history of Cisco CLI. I've been involved with Cisco's software (it was remarketed as IOS in mid-nineties) for a few years and for me the CLI as we know it today was one of the best features introduced in IOS release 9.21 (I was ecstatic when I've got my hands on the first code during the beta tests). So now that I know who's responsible, I can only say “Thanks, Terry!”
If you do a lot of telnetting in your lab, you could set up an internal DNS server to be able to use router names instead of IP addresses.
Select a router that will act as the DNS server and configure it on all other routers in your lab. For example, if your DNS server has IP address 10.0.0.1, use the following configuration commands:
ip domain-lookup
ip name-server 10.0.0.1
On the DNS server, disable DNS lookup and DNS forwarding (it has nowhere else to go) and define all the routers as IP host names:
no ip domain lookup
!
ip dns view default
no dns forwarding
!
ip dns server
!
ip host Core-1 10.0.0.1
ip host Core-2 10.0.0.2
ip host POP 192.168.2.1
ip host Ext 192.168.1.5
ip name-server 10.0.0.1
If you also define IP addresses for the WAN links, for example:
ip host serial-1-0.X1 10.0.1.6… you'll get correct hop-by-hop information from the traceroute command:
ip host serial-1-0.Core-1 10.0.1.1
POP#trace Ext
Translating "Ext"...domain server (10.0.0.1) [OK]
Type escape sequence to abort.
Tracing the route to Ext (192.168.1.5)
1 serial-1-0.Core-1 (10.0.1.1) 36 msec 24 msec 16 msec
2 serial-1-0.X1 (10.0.1.6) 24 msec 28 msec 4 msec
3 Ext (192.168.1.5) 20 msec * 24 msec