IOS Tips

Contents Keyboard shortcuts Filter output Skip through the configuration Do the do Insert question marks Disable domain lookup on typos Synchronous logging Revert a configuration to its default Show only applied access lists Speed up running-config display Changing the break character to Ctrl+C Show running configuration with all defaults Reload command Decrypting type-7 passwords in house on a device

Keyboard shortcuts
These shortcuts can be used to speed up operating with the CLI: Ctrl+B or Left Ctrl+F or Right Esc, B Esc, F Ctrl+A Ctrl+E Ctrl+P or Up Ctrl+N or Down Ctrl+T Ctrl+W Ctrl+U Ctrl+K Ctrl+X Ctrl+L Ctrl+C Ctrl+Z Move the cursor one character to the left Move the cursor one character to the right Move the cursor one word to the left Move the cursor one word to the right Move cursor to the beginning of the line Move cursor to the end of the line Retrieve last command from history Retrieve next command from history Swap the current character with the one before it Erase one word Erase the entire line Erase all characters from the current cursor position to the end of the line Erase all characters from the current cursor position to the beginning of the line Reprint the line Exit configuration mode Apply the current command and exit configuration mode

Filter output
Most show commands support filtering with the pipe (|) character, allowing a user to display only the information he's looking for. Switch# show interface status | include notconnect Gi1/0/7 notconnect 1 Gi1/0/9 notconnect 1 Gi1/0/22 notconnect 1

auto auto auto

auto 10/100/1000BaseTX auto 10/100/1000BaseTX auto 10/100/1000BaseTX

Filter options are include, exclude, and begin. The remaining characters after one of these filter types is processed as a regular expression, which could be a simple string (as in the example above) or something a bit more complex. The example below demonstrates filtering for interface numbers and any assigned IP addresses. http://packetlife.net/wiki/ios-tips/ Page 1

Switch# show run | include interface|ip address interface FastEthernet0 ip address 192.168.0.1 255.255.255.0 interface FastEthernet1 interface FastEthernet2 ip address 192.168.1.1 255.255.255.0 ip address 192.168.2.1 255.255.255.0 secondary interface FastEthernet3 You can also filter by section. Thanks to Carl Baccus to reminding me to include this. R1# show run | section bgp router bgp 100 no synchronization redistribute connected neighbor 172.16.0.2 remote-as 200 neighbor 172.16.0.9 remote-as 300 no auto-summary

Skip through the configuration

You can begin viewing a configuration with the begin filter: Router# show run | begin interface interface FastEthernet0/0 no ip address shutdown ... You can also skip forward to a certain line once you've already begun viewing the configuration by hitting / at the --More-prompt, followed by the string you want to match: Router# sh run Building configuration... Current configuration : 601 bytes ! version 12.4 ... ! ! /interface filtering... interface FastEthernet0/0 no ip address shutdown ...

Do the do
Exec commands can be issued from within configuration mode via the do command. This can be handy for double-checking the current configuration before applying any changes.

http://packetlife.net/wiki/ios-tips/

Page 2

Switch(config-if)# do show run int f0 Building configuration... Current configuration : 31 bytes ! interface FastEthernet0 description Internal LAN ip address 172.16.0.1 255.255.0.0 end

Insert question marks

You can insert question marks into literal strings (such as interface descriptions) by typing CTRL+V immediately before the question mark. This acts as an escape character and prevents the command line from summoning the help menu. Switch(config-if)# description Where does this go[ctrl+v]? The interface description will appear as "Where does this go?"

Disable domain lookup on typos

Don't you hate it when this happens? Switch# shrun Translating "shrun"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address You can disable automatic DNS lookups with no ip domain-lookup, which will remove the delay before returning a new console prompt. However, this will also prevent you from referencing remote hosts by name, for example when telneting. Switch(config)# no ip domain-lookup ... Switch# shrun Translating "shrun" % Unknown command or computer name, or unable to find computer address Another option is to leave DNS enabled, but configure your console ports and vtys to have no preferred transport for logging in to remote devices. Router(config)# line console 0 Router(config-line)# transport preferred none ... Router# asdfxyz ^ % Invalid input detected at '^' marker. Router# You can no longer telnet by typing an IP address on the console, instead use the "telnet" or "ssh" commands for connecting to the desired hostname or ip address.

Synchronous logging

http://packetlife.net/wiki/ios-tips/

Page 3

When logging to the console is enabled, a Cisco device will often dump messages directly to the screen. This can become irritating when it interrupts you in the midst of typing a command. (FYI, you can continue typing normally and the command will still take, but this still throws some people off.) Synchronous logging can be enabled to "clean up" the CLI when this happens, outputting a fresh prompt below the message, along with any partially completed command. Switch(config)# line Switch(config-line)# Switch(config)# line Switch(config-line)# con 0 logging synchronous vty 0 15 logging synchronous

Revert a configuration to its default

The default command, called from global configuration, can be used to revert any part of a configuration to its default value (which is often nothing). For example, it can be used to remove all configuration from a particular interface: Switch(config)# default g1/0/5 Interface GigabitEthernet1/0/5 set to default configuration Switch(config)# ^Z Switch# show run int g1/0/5 Building configuration... Current configuration : 38 bytes ! interface GigabitEthernet1/0/5 end

Show only applied access lists

For reasons unknown to me, IOS doesn't include a command to view what interfaces have ACLs applied. The closest we can get is drudging through the entire output of show ip interface. But, with a little ingenuity and the help of regular expressions, we can summon an efficient view of where our ACLs are applied. Switch# sh ip int | inc line protocol|access list is [^ ]+$ FastEthernet0 is up, line protocol is down FastEthernet1 is up, line protocol is up Inbound access list is prohibit-web FastEthernet2 is up, line protocol is up Inbound access list is 42 FastEthernet3 is up, line protocol is down FastEthernet4 is up, line protocol is up For those curious, the regex above matches a line which either a) contains the string "line protocol", or b) contains the string "access list is " followed by a single word. This matches an ACL number or name (which can't contain spaces) but not "not set".

Speed up running-config display

When the show running-config command is issued, the output has to be assembled from numerous values in memory into the human-friendly display you see on the CLI. Unfortunately, the longer your configuration is, the more time this takes. IOS 12.3T introduced a feature to cache the running configuration text for quicker output: Router(config)# parser config cache interface

http://packetlife.net/wiki/ios-tips/

Page 4

Changing the break character to Ctrl+C

Router(config)# line Router(config-line)# Router(config)# line Router(config-line)# vty 0 15 escape-character 3 con 0 escape-character 3

Show running configuration with all defaults

Append the full command to show running-config to include all the default statements which are normally hidden for brevity.

Reload command
One of the classic mistakes is to incorrectly update an access-list on an interface when you are connected to the device remotely. And suddenly, the Telnet connection is dropped to the router because of a forgotten list entry that would permit your incoming connection. When you are doing something tricky, you can use the following feature of the reload command, which causes the router to reboot in a certain number of minutes. For example, let's tell the router to reboot in three minutes. Router# reload in 3 Reload scheduled in 3 minutes Proceed with reload? [confirm] Now, we have three minutes to do what we need to do. Let's say we are applying an access-list to serial0. Router# config terminal Enter configuration commands, one per line. Router(config)# interface serial0 Router(config-if)# ip access-group 110 in Router(config-if)# ^Z

End with CNTL/Z.

We made the change and everything still works. (Well, at least our connection wasn't dropped.) Now all we have to do cancel the impending reload with the following command: Router# reload cancel If the reload is not canceled, all the changes made will be discarded since they only exist in the running configuration.

Decrypting type-7 passwords in house on a device

A good way to catch trailing spaces within passwords Router(config)#username user1 password 0 pass1word Router#sh run | inc username username user1 password 0 pass1word Router(config)#service password-encryption Router#sh run | inc username username user1 password 7 06160E325F1F1E161713

http://packetlife.net/wiki/ios-tips/

Page 5

then

Router(config)# key chain TEST Router(config-keychain)# key 1 Router(config-keychain-key)# key-string 7 06160E325F1F1E161713 Router(config-keychain-key)#sh key chain TEST Key-chain TEST: key 1 -- text "pass1word" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now]

http://packetlife.net/wiki/ios-tips/

Page 6