CCIE Pursuit Blog

July 17, 2007

Must Use Command: Filtering output with the “section” command

Filed under: Cool Commands,IOS,Lab Tips,Tech Tips — cciepursuit @ 12:28 pm

Every once in a great while, an IOS command (or command option) comes along that completely changes the way that you work.  For me, the latest one of these command is the “section” option.  A co-worker of mine first pointed out this filtering option about 6 months ago.  Ever since then I have been using it daily.

You need to be running fairly recent code to use this filtering option(12.3(2)T ).  The Cisco documention on this option is a little light on details:

In many cases, it is useful to filter the output of a show command to match a specific expression. Filtering provides some control over the type and amount of information displayed by the system. The show section command provides enhanced filtering capabilities by matching lines in the show command output containing specific expressions as well as matching any entries associated with those expressions. Filtering is especially useful, for example, when displaying large configuration files using the show running-configuration command or the show interfaces command.

I’ve found that Ivan Pepelnjak’s explanation is much better:

A section starts with a line with no leading blank and includes all lines following it until the start of the next section. The section filter is commonly used to filter router configuration printouts, but can also be used for any other show command.

However you want to describe it, the command is pure gold.  My favorite use of this filtering option is when I want to see the configuration for a given routing protocol’s process statement.  In the past you could issue the “show run | begin eigrp” in order to see the output, but that meant an entire screen of output and – since the search ended with the first instance of “eigrp” it encountered in the running-configuration –  you would sometimes stop your search at an interface level command.  Using “sh run | section eigrp” is much cleaner and returns results similar to the “show run interface sx/x” command.

Let’s see only the BGP process from the running-configuation:
r1#sh run | sec bgp
router bgp 12
 no synchronization
 bgp log-neighbor-changes
 network 137.1.200.0 mask 255.255.255.0
 neighbor 137.1.200.2 remote-as 12
 no auto-summary

r1#

How beautiful is that?!! <wipes tears from eyes>

Sometimes you get a little bit of weirdness in your output:

r1#sh run | sec rip
 description -> VLAN11 137.1.1.0/24
 description ->r2 FR dlci 102

router rip
 network 137.1.0.0
 no auto-summary
r1#

I’m assuming that the descriptions were included because of the “rip” in the word “description”.

Another great use is to pull protocol-specific output from the “show ip protocols” output.  On this router we are running a slew of different routing protocols:

r1#sh ip protocols summary
Index Process Name
0     connected
1     static
5     bgp 12
2     rip
4     eigrp 100
3     ospf 100

If we want to see detailed OSPF information, we would need to either use the “show ip protocols” command and then scroll through screens of information:

r1#sh ip protocols
Routing Protocol is “bgp 12”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  IGP synchronization is disabled
  Automatic route summarization is disabled
  Neighbor(s):
    Address          FiltIn FiltOut DistIn DistOut Weight RouteMap
    137.1.200.2
  Maximum path: 1
  Routing Information Sources:
    Gateway         Distance      Last Update
    137.1.200.2          200      00:10:08
  Distance: external 20 internal 200 local 200

Routing Protocol is “rip”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Sending updates every 30 seconds, next due in 26 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: rip
  Default version control: send version 1, receive any version
    Interface             Send  Recv  Triggered RIP  Key-chain
    FastEthernet0/0       1     1 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    Serial0/0             1     1 2
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    137.1.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    137.1.200.2          120      00:00:05
  Distance: (default is 120)

Routing Protocol is “eigrp 100”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
  EIGRP maximum hopcount 100
  EIGRP maximum metric variance 1
  Redistributing: eigrp 100
  EIGRP NSF-aware route hold timer is 240s
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    137.1.1.0/24
    137.1.200.0/24
  Routing Information Sources:
    Gateway         Distance      Last Update
    137.1.200.2           90      00:17:48
  Distance: internal 90 external 170

Routing Protocol is “ospf 100”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 137.1.200.1
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    137.1.1.0 0.0.0.255 area 0
    137.1.200.0 0.0.0.255 area 0
 Reference bandwidth unit is 100 mbps
  Routing Information Sources:
    Gateway         Distance      Last Update
    172.16.2.1           110      00:18:04
  Distance: (default is 110)

Yuck!!!  Or we could issue the “show ip protocols | b ospf” command.  This would be fine in this case as OSPF is the last protocol listed, but if we did “sh ip prot | b rip” we would still end up with a screen’s worth of information.  BUT if we use our good friend “section” then we can pull only the details that we want:

All I want is the OSPF-specific information:
r1#sh ip prot | sec ospf
Routing Protocol is “ospf 100”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 137.1.200.1
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    137.1.1.0 0.0.0.255 area 0
    137.1.200.0 0.0.0.255 area 0
 Reference bandwidth unit is 100 mbps
  Routing Information Sources:
    Gateway         Distance      Last Update
    172.16.2.1           110      00:19:00
  Distance: (default is 110)
r1#

SWEET!!!

Another great use is to pull interface configuration details.  This is a better option than “show run interface Serialx/x” in those cases where you want to see the running-configuration for ALL Serial interfaces instead of just a single Serial interface.  In this case you need to be aware that the section option IS case-sensitive:

No output because “serial” does not begin with a capital “S”:
r1#sh run | sec serial
r1#

Here’s the correct form:
r1#sh run | sec Serial
interface Serial0/0
 description ->r2 FR dlci 102
 ip address 137.1.200.1 255.255.255.0
 encapsulation frame-relay
 ip ospf network point-to-point
 frame-relay map ip 137.1.200.2 102 broadcast
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
interface Serial0/1
 no ip address
 shutdown
r1#

One more advantage that this command has over the “show run interface Serialx/x” command is that you can use the “section” option to filter on a single interface and it will return all of the subinterfaces configured under that interface as well.  How cool is that?!

Cool….use this to get your physical and subint configs:

Remember: use an uppercase “S” and no space:
r1#sh run | sec Serial0/0
interface Serial0/0
 no ip address
 encapsulation frame-relay
 no frame-relay inverse-arp
interface Serial0/0.1 multipoint
 ip address 10.0.0.1 255.0.0.0
 frame-relay map ip 10.0.0.2 102 broadcast

Once you start using this command you will wonder how you ever lived without it.  You’ll undoubtedly find many more uses than the ones I have listed here.  Just keep in mind that you will need to be running pretty recent code for IOS to understand this command.


Cisco Documentation:show <command> section

Advertisements

5 Comments »

  1. […] Egy nagyon hasznos parancsot találtam itt. […]

    Pingback by xcke’s blog » Blog Archive » Section filtering — October 24, 2007 @ 3:09 am | Reply

  2. […] policy-map, service-policy, etc), then you can easily see all of these elements with the section filter: r3(config-cmap)#do sh run | sec FROM_FTP class-map match-all FROM_FTP_SERVER  match access-group […]

    Pingback by Quick QoS Tip « CCIE Pursuit — December 10, 2007 @ 8:16 pm | Reply

  3. Absolutely brilliant! Didn’t know about this! Hopefully this will gain me just that extra bit of time on the lab! Great post!

    Comment by Arden — December 14, 2007 @ 12:22 am | Reply

  4. Thanks, its really awesome!

    Comment by A/./KUR — January 7, 2008 @ 3:26 pm | Reply

  5. […] CCIEPersuit had blogged about this command back in 2007 (see, told you it wasn’t new, that’s just how far behind the times I […]

    Pingback by Killer show command - The ’section’ filter « Teneo !!! — February 16, 2009 @ 12:40 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: