Category: command line interface

There are two ways you can configure local usernames without a password:

• By using the username user command without the password option, you create a username that has a blank password (the operator has to press ENTER at the Password: prompt)
• With the username user nopassword command, you create a user where the operator will not be prompted for the password at all.

Hopefully, you would use such usernames only with the autocommand option to give guest users a short overview of the router's operation (for example, display the interface status).

Note: this article is part of You've asked for it series.

Hard-core IOS oldtimers could probably remember the sequence of parameters in the extended IP ping dialog even when woken up in the middle of the night. However, another venerable tradition has been made obsolete in one of the IOS 12.x releases: the ping command now accepts parameters like data, repeat, size, timeout or source.

For example, to send 500 long pings with data pattern 0000 to 10.0.0.10, you could use the ping ip 10.0.0.10 data 0000 repeat 500 size 18000 validate command.

Starting in IOS release 12.3(2)T, Tcl shell is accessible from the command line interface with the tclsh command. After entering this command, you get the Router(tcl)# prompt and can enter individual Tcl commands (the help is confusing, though – you get help on exec-mode commands, but none of them work).

Cisco IOS long had the autocommand option by which you could attach any command to a username and have it execute after successful login. For example, username x autocommand show ip interface brief command would configure the router to display the interface status after someone would log in as user x.

After the autocommand is executed, the user is logged out and the session is disconnected, unless you configure the username user nohangup option, which causes the session to remain active, giving the operator another login prompt.

Displaying configuration of a single interface can be a time-consuming task if your router has extremely long configuration (for example, high-end device with hundreds of interfaces, route-maps, access-lists etc.). In this case, the interface keyword of the show running-config command becomes extremely useful.

Someone has recently asked an interesting question - can you disable the reload command? Although I would strongly discourage you from doing that (after all, every router I've ever worked on since a venerable MGS running IOS 10.0 had to be reloaded every now and then), here's what you can do:

• define an alias for the reload command that does something else. For example, alias exec reload show ip interface brief. While this would remind a careless operator, it would still not prevent someone using an abbreviation like relo to reload the device.
• Use TACACS+ command accounting and disable the reload command on the TACACS+ server. The benefit of this approach is that you can do it on user-by-user basis ... but of course you need TACACS+ server, RADIUS will not do.
• Disable the reload command with the Embedded Event Manager applet.

Every introductory Cisco course tells you that you can stop any IOS command (for example, ping or traceroute) with the Ctrl/^ (also written as ^^ or Ctrl-Shift-6) escape character. What they usually forget to tell you is how to do that on non-US-ASCII keyboards or with telnet programs that do not want to recognize weird control characters.

The trick is simple - if you cannot generate ^^ (ASCII code 30), change the escape character. You can change it for the current session with the terminal escape-character char exec-level command or permanently with the escape-character char line configuration command. For example, to set the escape character for the current session to ctrl-C, use terminal escape-character 3 command.

Note: this article is part of You've asked for it series.

With IOS file system (IFS) introduced in IOS release 11.3AA (integrated in 12.0), IOS got the more command that displays any local or remote file that you could specify with IFS. The obvious use of the more command would be display of startup configuration (more nvram:startup-config), but you could also display built-in Tcl EEM policies (for example, more system:lib/tcl/http.tcl) or remote router configurations (for example, more tftp://host/cfg-file). But that's not all, you could even troubleshoot web servers and display HTML generated by the web server (for example, more http://192.168.0.2/index.html).

Note: IOS documentation claims that the show running command is obsolete and that you should use more system:running-config. This is not true, as the show running command has a number of interesting options that are not implemented with the more command.

The IOS command line interface has long included unix-style pipes that you could use to limit the output generated by the show commmands. Initially, the only available filters were begin (include everything after the first regular expression match), end (stop the output at the RE match) or include (include only matching lines).

IOS release 12.3(2)T (integrated in 12.4) brought us a few new filters, among them the section filter that includes or excludes whole sections (start of section being defined by a line with no leading space). You can use this filter to focus on parts of your router configuration. For example, to display only the routing protocols configuration, use show running | section include router command.

Of course, you can go a step further and define an alias, for example alias exec events show running | include ^event manager configuration command defines the exec-mode events command that lists all EEM applets.

Someone managed to scramble the VTY numbers displayed with the show users and show line commands in IOS release 12.4. The VTY numbers in the show printouts no longer correspond to the numbers in the router configuration.

If you want to disable the Cisco IOS more ... prompt (for example, when listing router's configuration with the show running command), set the terminal screen length to zero with the terminal length 0 exec-mode command. To change the terminal lenght permanently, use the length lines line configuration command, for example:

line console
 length 0
line vty 0 4
 length 0

Note: this article is part of You've asked for it series.

I always hate it when Cisco IOS asks me for things I've already supplied in a command line, the most notable case being the copy command. For example, if you supply the complete source and destination file name in the command line, IOS still insists on asking you all the same questions (at least filling in the parameters I've supplied in the command line):

fw#copy system:running-config tftp://10.0.0.2/fw-test
Source filename [running-config]?
Address or name of remote host [10.0.0.2]?
Destination filename [fw-test]?
!!
2009 bytes copied in 0.604 secs (3326 bytes/sec)

You can disable the annoying questions with the file prompt quiet configuration command (the default value of this parameter is noisy).

Cisco IOS supports the Unix tar format with the archive command. For example, to inspect the contents of the Secure Device Manager (SDM) that is present in Flash memory on most routers, use the archive tar /table flash:sdm.tar command.

You can also use the archive tar /xtract command to extract a tar file (local or external) into a directory (yet again local or external). For example, with the command archive tar /xtract flash:sdm.tar tftp://10.0.0.10 you'd extract the SDM tar archive to a TFTP server.

Note: tar extract cannot create subdirectories on a TFTP server, the directory structure has to be prepared in advance.