Parsing Cisco Show Command Output

Posted on May 31, 2012 by

If you have done even the basics in networking you have probably used a “show” command at some point on a Cisco networking device. Show commands give us insight into the configuration, performance and issues that face that device. One issue with show commands, however, is that they can be very verbose. Many commands give you way more information than you are looking for and are difficult to get through quickly. Luckily for you and I there are output modifiers to help us parse the output.
I will attempt to teach this short lesson with an example. Say you want to look at all interfaces and see what access lists are applied to them. You could do “show run” and read all of the output until you find what you are looking for.

You could also do something like this to get just that interfaces info:
Switch#show run interface GigabitEthernet0/1
Or, finally, you could use the output modifier or pipe to cut the crap like this:

Switch# show run | include ^interface|access-group
...
interface GigabitEthernet2/1/1
interface GigabitEthernet2/1/2
interface GigabitEthernet2/1/3
interface GigabitEthernet2/1/4
interface TenGigabitEthernet2/1/1
interface TenGigabitEthernet2/1/2
interface Vlan1
interface Vlan10
interface Vlan20
interface Vlan21
interface Vlan30
interface Vlan40
 ip access-group 1 in
...

As you can see the final option gives us nothing but what we are looking for: Interfaces and access lists bound to them.

To take this a step further lets actually have us a look at this access list. Traditionally we would “show run” again and wade through the config. Why not just pipe it to the output modifier?

Switch# show run | include access-list 1
access-list 1 permit any log

Or

Switch# show run | begin access-list 1
access-list 1 permit any log

If you didn’t follow what as happening in the example let me get into the details. First, we issue a show command. That command generates the full output like we would expect to typically see. Instead of being written to the screen, however, the output is piped over to an output modifier. There are a few different modifiers to choose from.

begin: Begin showing output at the first place that matches the following regular expression
include: Show only lines that include a string that matches the following regular expression
exclude: exclude lines that match the following regular expression

Most of the expressions you would use behind these commands can be quite simple. Details of regular expressions are outside of this lesson but here are a few examples that could help you get started:

^interface: Any line that begins with the word “interface”
[0-9]: Any number
[0-9].*\.[0-9].*\.[0-9].*\.[0-9].*: Any IP Address

Some of the expressions I use the most are:

switch#show cdp neighbors | include S I:
  !Shows all CDP neighbors that are switches
switch#show cdp entry * | inc Device ID| IP address:
  !Shows just the names and IP address of all CDP neighbors
switch#show interface gigabitEthernet 0/1 | include error:
  !Shows error counts on a single interface
switch#show interface gigabitEthernet 0/1 | include input rate|output rate:
  !Shows the 5 minute in and out rates for an interface
switch#show arp | inc 192.168.1.76
  !Shows the arp entry that contains this IP address
switch#show run | inc ^interface|ip address
  !Shows the interfaces and there IP configuration
This entry was posted in Networking and tagged , , , , . Bookmark the permalink.

One Response to Parsing Cisco Show Command Output

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.