Warning: Undefined array key "rcommentid" in /home/clabr/public_html/movingpackets/wp-content/plugins/wp-recaptcha/recaptcha.php on line 348

Warning: Undefined array key "rchash" in /home/clabr/public_html/movingpackets/wp-content/plugins/wp-recaptcha/recaptcha.php on line 349
Never Too Old To Learn - Show Config - MovingPackets.net

Never Too Old To Learn – Show Config

Old Man

Continuing to prove that we are never to old to learn, I bring another tip to the table today, this time to do with the show config. Of course, by that alone I show my age because I’m sure “show config” was supposed to have been phased out by now along with “wr t” and the like, in favor of “show running-config” and “show startup-config”. For your amusement perhaps, I tend to use two variations of the commands:

  • show config (to show the startup configuration)
  • show running (to show the running confiuration)

Enough about my habits though; what’s the “new” thing I learned?

Examining Configurations

I tend to fall back on doing things the same way over time (old habits die hard), so when I’m examining specific parts of a configuration I find myself doing the same thing, and I’ve never seen a need to change. My way works on pretty much every version of IOS going back a long way. It’s the same reason I learned to edit text files in vi rather than using emac or pico; not every *nix system had emacs on it, but pretty much every single system had vi, so my skills were eminently portable!

What this means is that I don’t go looking for new ways to do things if what I have works already. So for example, if I want to view the BGP configuration on a router, my habit is thus:

show run | b r bgp

Works very nicely in 99% of cases, and this way of doing things can be applied to things other than BGP. Want to see the raw route-map configuration (rather than via “show route-map”)? Easy:

show run | b ^route-m

Want to see the static routes? Sure:

show run | i ip route

I’m a regex geek, so putting aside my annoyance that regular IOS doesn’t allow you to pipe output from one command into another, I can usually pull out the information I need.

Learning New Things

A year or so back I was working on a project with an engineer from a service provider and he pasted me some output we needed from one of his routers. The command was:

show run | sec bgp

Huh? What’s the “sec” thing? I hadn’t come across it before. The ‘section’ filter was apparently added in 12.3(2)T, so it has been around for a long time, but it had somehow totally passed me by. When I queried this, the other engineer laughed and asked me how I survived without that command? Well, just fine it seems, but… another tool for the toolbox, right?

Reading the command reference for IOS doesn’t really make it very clear how cool this command is for viewing configurations. When you use the ‘sec’ command, it not only includes lines containing the expression you supply, but it also matches sections of the configuration (bits with a blank line above them) that contain the expression you give, and includes the whole section (the indented configuration below) in the output. So when you execute “show run | sec bgp” it’s going to match on the line “router bgp xxxxx” and include the entire block of BGP configuration that follows. It would also match on any other line including “bgp”. And like all IOS matches, it’s case sensitive (and I don’t think you can change that), which is a shame, because in an ideal case-insensitive world you could use ‘BGP’ in any BGP-related route-map names, and then get those returned too. As it stands, you’d have to use ‘bgp’ in order to match. Still, food for thought.


So let’s try looking for ‘bgp’:

router#sh run | sec bgp
 redistribute bgp 65000 metric 50000 400 254 1 1500
router bgp 65000
 no synchronization
 bgp router-id
 bgp log-neighbor-changes
 timers bgp 10 30
 neighbor remote-as 65001
 neighbor send-community both
 neighbor soft-reconfiguration inbound
 no auto-summary
ip bgp-community new-format
access-list 198 permit tcp host eq bgp any
access-list 198 permit tcp host any eq bgp
snmp-server view MONITOR bgp excluded
snmp-server enable traps bgp

What do we see? Well, we see some lines from within other sections:

 redistribute bgp 65000 metric 50000 400 254 1 1500

In this case, it’s from within the ‘router eigrp’ section, but since it contains the word ‘bgp’, it’s included. The same applies to the last 5 lines of the output:

ip bgp-community new-format
access-list 198 permit tcp host eq bgp any
access-list 198 permit tcp host any eq bgp
snmp-server view MONITOR bgp excluded
snmp-server enable traps bgp

These lines are the same ones you would see if you did “show run | i bgp” – a simple pattern match. Where the ‘section’ command is different is that because the pattern “bgp” was matched in this line:

router bgp 65000

and this line begins a ‘section’, the whole section (the BGP configuration) is included.

Handy, right?

Desirable Feature

Really though, “section” is just semi-smart pattern matching, and it’s not quite as powerful as I’d ideally want. You can’t use the command and assume you have seen all relevant configuration.

What I¬†would like to see is a new command – let’s call it “related” – that shows me all configuration¬†related to BGP. So for example, if I have a route-map applied to a BGP neighbor, I’d like that route-map configuration to be shown in my output too. In turn, if that route-map refers to a prefix-list or access-list in a match clause, I’d like the option to include those too. Perhaps the command needs to have a default behavior which is to only follow references one layer down, and an option to specify how many iterations you can go through, e.g.:

show running | related bgp Shows bgp router config, and includes any referenced route-maps, prefix-lists, etc.
show running | related2 bgp Shows bgp router config, and includes any referenced route-maps, prefix-lists, etc. Where a route-map references an ACL, prefix-list, as-path access-list or similar, that too would be included in the output – i.e. we are recursing references two layers down

Think about how handy this would be for QoS configurations, for example? The standard modular QoS configuration is very logical but it’s a huge pain to follow in the configuration because every clause refers to some other snippet of configuration. Wouldn’t it be great if you could see all referenced configuration for a particular policy in a single command?

I can dream… Would you like a command like this? Do you have a better idea? Please let me know!

1 Comment on Never Too Old To Learn – Show Config

  1. You can do some sho runs directly on your qos policies such as ‘show run class’ or ‘show run policy’.

    There is also ‘show run partition’ which is similar to the | section output but it’s purely the block of info you request. For example ‘show run part router isis’ shows you everything under the isis section without such things as a route map named isis. It is quite pedantic though. If your isis process is 12 and you do ‘show run part router isis’ you get nothing back, you need to do ‘show run part router isis 12’

    Switches don’t always support the section pipe which can be quite irritating.

Leave a Reply

Your email address will not be published.


Warning: Undefined array key "rerror" in /home/clabr/public_html/movingpackets/wp-content/plugins/wp-recaptcha/recaptcha.php on line 291

This site uses Akismet to reduce spam. Learn how your comment data is processed.