Category: show filters

read more see 7 comments

read more add comment

Last week I've described how you can extend the exec-mode CLI commands with almost no knowledge of Tcl. A bit more work is required if your commands include Tcl special characters (quotes, braces or backslashes).

For example, to display all routes advertised by customers of AS X, you'd use the following show command: show ip bgp regexp _X_([0-9]+)(_\1)*$ (the regular expression is explained in the AS-path based filter of customer BGP routes post). This command cannot be entered as a Tcl string with variable substitution; Tcl would interpret the [ and \ characters. You could enter the whole command in curly braces, but then there would be no variable substitution that we need to insert command line parameters. To make Tcl happy, use the following Tcl commands:

1. set cmd {first-part-of-command} stores the command prefix into the cmd variable;
2. append cmd $argv appends the command line arguments to the command;
3. append cmd {rest-of-command} appends the rest of the IOS exec command;
4. puts [exec $cmd] executes the command and prints the results.

For example, the following code will display the customers of a BGP AS specified in the command line (after being stored in a flash file and defined in an alias, of course):

set cmd {show ip bgp regexp _}
append cmd $argv
append cmd {_([0-9]+)(_\1)*$}
puts [exec $cmd]

The various show filters available in Cisco IOS are a great tool to minimize the amount of printout you have to analyze, their only problem (from my perspective) is that you cannot make an alias out of them, as you usually have to supply one or more parameters to the show command and these parameters have to be inserted before the filter (and the alias command does not support replaceable parameters). You could solve the problem with Tcl shell, but I'm not sure many networking engineers are fluent Tcl programmers. Fortunately, the code you need is so simple anyone can create a working solution.

The section filter of the show commands contains a nasty bug (at least in the IOS release 12.4T) in IOS release 12.2SRC: if a line in the section matches the same regular expression as the section header, the rest of the section is not printed.

The brief display of the state of IPv6 interfaces in the router (show ipv6 interface brief) is significantly different from the well-known show ip interface brief display as the IPv6 address might not fit in the same line as all the other data. To filter the printout and display only the operational interfaces, you have to replace the include filter with the section filter, which displays all the lines matching the regular expression as well as associated follow-up lines.

PE-A#show ipv6 interface brief | section up
Serial1/0                  [up/up]
    unassigned
Serial1/1                  [up/up]
    FE80::C800:CFF:FEA7:0
Loopback0                  [up/up]
    unassigned

The definition of the associated follow-up lines depends on the printout. Usually the indented lines are assumed to belong to a section, but you might be surprised.

I’m probably getting old … I keep forgetting the exact names (and capitalization) of route-maps I’ve configured on the router. The show route-maps command is way too verbose when I’m simply looking for the exact name of the route-map I want to use, so I wrote a Tcl script that displays the names of the route-maps configured on the router. If you add a -d switch, it also displays their descriptions (to be more precise, the first description configured in the route-map).

You can use the show process cpu sorted command in combination with an output filter to display only those IOS processes that consumed noticeable amount of CPU time in the last five minutes, last minute or last five seconds. Use the following patterns to construct your regular expression:

• The [0-9.]+% pattern will match any non-zero percentage;
• The 0.00% pattern will obviously match the zero-percentage display;
• As the percentage figures are separated by various amounts of whitespace characters, we have to use the ' +' pattern to match those;

The show filter should exclude the processes that have the zero percentage in the desired column and any percentage in the other two columns (any other filter would show too many or too few processes). To display processes active in the last minute, use the show process cpu sorted 1min | exclude [0-9.]+% +0.00% +[0-9.]+% command (and define an alias to make it easier to use).

A few days ago, Jeremy Stretch asked me whether there's a command to display packet lists attached to router's interfaces. While he got pretty far with the output filters, he would like to have a nice tabular format as well as the contents of the access lists displayed next to the interfaces. The show ip access-list interface name command comes pretty close, but it displays the information only for a single interface, so it was time to write another Tcl script. To install it on your router:

1. Download it from my web site and copy it to your router's flash or NVRAM.
2. Define an alias, for example alias exec filters tclsh flash:packetFilters.tcl.

The script recognizes two parameters: the all parameter displays all interfaces, including ones with no access lists and the verbose parameter displays the contents of the access list after the interface name.

Are you as upset as I am with the constant display of the legend in front of the routes displayed with the show ip route command? Two output filters can help you.

After I've published the Tcl script that displays the interface IP parameters in a formatted table, cos quickly pointed out a bug: I've expected the IP addresses in the address mask format. In the meantime, I've figured out the root cause of the problem (our remote labs are set to display IP masks in decimal format for compatibility reasons) and fixed the Tcl script. It temporarily sets the terminal ip netmask-format to bit-count before executing the show command. The new script recognizes three parameters:

• active: display only interfaces that are up/up;


• configured: display only interfaces with configured IP addresses (unnumbered interfaces using IP address of an interface without one count as configured since IOS reports their IP address as 0.0.0.0).


• address: displays IP address of the unnumbered interface, not the interface that it's borrowing the address from.

You can view the Tcl source or download it from my web site.

Recently I was investigating MTU-related problems and got mightily upset when I had to search for the interface IP MTU size in the long printout produced by the show ip interface command. Obviously I could display the IP MTU size of a single interface with the show ip interface name | include MTU filter, but I wanted to have a nice tabular printout. Obviously it was time for another Tcl script.

To use it, download it and store it into the flash memory of your router. Configure alias exec ipconfig tclsh flash:ipInterfaces.tcl and you can use ipconfig or ipconfig active to display interface IP addresses.

If you want to execute IOS show commands periodically (for example, to monitor router status or take snapshots of routing tables), you can combine new output redirection features introduced in IOS release 12.2T in an Embedded Event Manager (EEM) applet. For example, to store the brief interface status into a file on an FTP server, use the following EEM applet:

event manager applet SaveInterfaceStatus
 event timer watchdog name SaveIfStat time 60
 action 1.0 cli command "show ip interface brief | redirect ftp://username@password:host/path"
 action 2.0 syslog msg "Interface status saved"

Notes:

• The timer watchdog EEM event defines a recurring event triggered every X seconds.
• Output of a show command can be redirected only to a TFTP or FTP server, redirection to a web (HTTP) server does not work yet.
• The syslog action is configured for debugging purposes only and can be removed in production environment.
• More complex functionality (for example, sending show command output in an email) can be implemented with help of Tcl EEM policies