Must Use Command: Filtering output with the “section” command

Every once in a great while, an IOS command (or command option) comes along that completely changes the way that you work.  For me, the latest one of these command is the “section” option.  A co-worker of mine first pointed out this filtering option about 6 months ago.  Ever since then I have been using it daily.

You need to be running fairly recent code to use this filtering option(12.3(2)T ).  The Cisco documention on this option is a little light on details:

In many cases, it is useful to filter the output of a show command to match a specific expression. Filtering provides some control over the type and amount of information displayed by the system. The show section command provides enhanced filtering capabilities by matching lines in the show command output containing specific expressions as well as matching any entries associated with those expressions. Filtering is especially useful, for example, when displaying large configuration files using the show running-configuration command or the show interfaces command.

I’ve found that Ivan Pepelnjak’s explanation is much better:

A section starts with a line with no leading blank and includes all lines following it until the start of the next section. The section filter is commonly used to filter router configuration printouts, but can also be used for any other show command.

However you want to describe it, the command is pure gold.  My favorite use of this filtering option is when I want to see the configuration for a given routing protocol’s process statement.  In the past you could issue the “show run | begin eigrp” in order to see the output, but that meant an entire screen of output and – since the search ended with the first instance of “eigrp” it encountered in the running-configuration -  you would sometimes stop your search at an interface level command.  Using “sh run | section eigrp” is much cleaner and returns results similar to the “show run interface sx/x” command.

Let’s see only the BGP process from the running-configuation:
r1#sh run | sec bgp
router bgp 12
 no synchronization
 bgp log-neighbor-changes
 network 137.1.200.0 mask 255.255.255.0
 neighbor 137.1.200.2 remote-as 12
 no auto-summary
r1#

How beautiful is that?!! <wipes tears from eyes>

Sometimes you get a little bit of weirdness in your output:

r1#sh run | sec rip
 description -> VLAN11 137.1.1.0/24
 description ->r2 FR dlci 102
router rip
 network 137.1.0.0
 no auto-summary
r1#

I’m assuming that the descriptions were included because of the “rip” in the word “description”.

Another great use is to pull protocol-specific output from the “show ip protocols” output.  On this router we are running a slew of different routing protocols:

r1#sh ip protocols summary
Index Process Name
0     connected
1     static
5     bgp 12
2     rip
4     eigrp 100
3     ospf 100

If we want to see detailed OSPF information, we would need to either use the “show ip protocols” command and then scroll through screens of information:

r1#sh ip protocols
Routing Protocol is “bgp 12″
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  IGP synchronization is disabled
  Automatic route summarization is disabled
  Neighbor(s):
    Address          FiltIn FiltOut DistIn DistOut Weight RouteMap
    137.1.200.2
  Maximum path: 1
  Routing Information Sources:
    Gateway         Distance      Last Update
    137.1.200.2          200      00:10:08
  Distance: external 20 internal 200 local 200

Routing Protocol is “rip”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Sending updates every 30 seconds, next due in 26 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: rip
  Default version control: send version 1, receive any version
    Interface             Send  Recv  Triggered RIP  Key-chain
    FastEthernet0/0       1     1 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    Serial0/0             1     1 2
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    137.1.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    137.1.200.2          120      00:00:05
  Distance: (default is 120)

Routing Protocol is “eigrp 100″
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
  EIGRP maximum hopcount 100
  EIGRP maximum metric variance 1
  Redistributing: eigrp 100
  EIGRP NSF-aware route hold timer is 240s
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    137.1.1.0/24
    137.1.200.0/24
  Routing Information Sources:
    Gateway         Distance      Last Update
    137.1.200.2           90      00:17:48
  Distance: internal 90 external 170

Routing Protocol is “ospf 100″
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 137.1.200.1
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    137.1.1.0 0.0.0.255 area 0
    137.1.200.0 0.0.0.255 area 0
 Reference bandwidth unit is 100 mbps
  Routing Information Sources:
    Gateway         Distance      Last Update
    172.16.2.1           110      00:18:04
  Distance: (default is 110)

Yuck!!!  Or we could issue the “show ip protocols | b ospf” command.  This would be fine in this case as OSPF is the last protocol listed, but if we did “sh ip prot | b rip” we would still end up with a screen’s worth of information.  BUT if we use our good friend “section” then we can pull only the details that we want:

All I want is the OSPF-specific information:
r1#sh ip prot | sec ospf
Routing Protocol is “ospf 100″
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 137.1.200.1
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    137.1.1.0 0.0.0.255 area 0
    137.1.200.0 0.0.0.255 area 0
 Reference bandwidth unit is 100 mbps
  Routing Information Sources:
    Gateway         Distance      Last Update
    172.16.2.1           110      00:19:00
  Distance: (default is 110)
r1#

SWEET!!!

Another great use is to pull interface configuration details.  This is a better option than “show run interface Serialx/x” in those cases where you want to see the running-configuration for ALL Serial interfaces instead of just a single Serial interface.  In this case you need to be aware that the section option IS case-sensitive:

No output because “serial” does not begin with a capital “S”:
r1#sh run | sec serial
r1#

Here’s the correct form:
r1#sh run | sec Serial
interface Serial0/0
 description ->r2 FR dlci 102
 ip address 137.1.200.1 255.255.255.0
 encapsulation frame-relay
 ip ospf network point-to-point
 frame-relay map ip 137.1.200.2 102 broadcast
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
interface Serial0/1
 no ip address
 shutdown
r1#

One more advantage that this command has over the “show run interface Serialx/x” command is that you can use the “section” option to filter on a single interface and it will return all of the subinterfaces configured under that interface as well.  How cool is that?!

Cool….use this to get your physical and subint configs:

Remember: use an uppercase “S” and no space:
r1#sh run | sec Serial0/0
interface Serial0/0
 no ip address
 encapsulation frame-relay
 no frame-relay inverse-arp
interface Serial0/0.1 multipoint
 ip address 10.0.0.1 255.0.0.0
 frame-relay map ip 10.0.0.2 102 broadcast

Once you start using this command you will wonder how you ever lived without it.  You’ll undoubtedly find many more uses than the ones I have listed here.  Just keep in mind that you will need to be running pretty recent code for IOS to understand this command.

---

Cisco Documentation:show <command> section