In this issue:
ConfigureTerminal.com Networking Tips
Resources for the networking professional
Using the power of regular expressions with Show commands
By David Bombal

This is an advanced topic, so get your ready...

We have covered some basic regular expressions in our "Cool IOS Commands" EBook. Here I want to show you more complicated examples of how to use the power of regular expressions to filter output. This will allow the router to do the searching for text, rather than us doing it manually.

Regular expressions are used in many places in the IOS including BGP AS paths and Voice number translations. They are also used in other languages like Perl and TCL. Here however, we are going to concentrate on regular expressions with IOS show commands. We are going to use them to search for specific sets of strings.

A regular expression is a pattern (for example a phrase or a number) that can be used very effectively to filter output. Regular expressions are case-sensitive and allow for complex matching requirements.

I start with some simple examples so that you can learn each regular expression character individually and then we will combine them into complicated strings. As always with programming, there are many ways to do things, so use your imagination:

^ Regular Expression
Use this to look for text at the beginning of a string.

For Example: ^123 matches 1234, but not 01234 or 91234

On a router we can demonstrate this as follows: (without any regular expressions)

          Router#show run | include ip
          ip cef
          no ip dhcp use vrf connected
          ip dhcp pool ITS
          option 150 ip 10.1.1.1
          no ip domain lookup
          voice service voip
          allow-connections h323 to sip
          allow-connections sip to h323
          allow-connections sip to sip
          ip address 192.168.10.1 255.255.255.0
          ip address 192.168.11.1 255.255.255.0
          ip address 192.168.12.1 255.255.255.0
          ip address 192.168.13.1 255.255.255.0
          ip address 192.168.14.1 255.255.255.0
          <MORE>

However, if we use the following:
          Router#show run | include ^ip

          The output is:
          Router#show run | include ^ip
          ip cef
          ip dhcp pool ITS
          ip http server

Note - as expected, every line begins with "ip", string we matched on


$ Regular Expression:
Use this to look for text at the end of a string

For Example123$ matches 0123, but not 1234

On a router we can demonstrate this as follows: (without any regular expressions)

          Router#show run | include 1
          Current configuration : 5174 bytes
          ! Last configuration change at 15:27:21 UTC Wed Jan 24 2007
          ! NVRAM config last updated at 14:25:01 UTC Wed Jan 24 2007
          version 12.4
          network 10.1.1.0 255.255.255.0
          option 150 ip 10.1.1.1
          default-router 10.1.1.1
          source-address 10.1.1.1 port 5060
          create profile sync 0002381328447096
          voice register dn 1
          number 1100
          number 1101
          voice register pool 1
          id mac 0003.6B8B.174A
          number 1 dn 1
          codec g711ulaw
          ip address 192.168.10.1 255.255.255.0
          interface Loopback1
          ip address 192.168.11.1 255.255.255.0
          ip address 192.168.12.1 255.255.255.0
          ip address 192.168.13.1 255.255.255.0

but if we change it to
          Router#show run | include 1$

The output is:
          Router#show run | include 1$
          voice register dn 1
          number 1101
          voice register pool 1
          number 1 dn 1
          interface Loopback1
          interface Loopback11
          interface Loopback21
          interface FastEthernet0/1
          session target ipv4:10.1.1.1
          session target ipv4:10.1.1.11
          session target ipv4:10.1.1.21
          session target ipv4:10.1.1.31
          session target ipv4:10.1.1.41
          session target ipv4:10.1.1.51
          session target ipv4:10.1.1.61
          number 1001
          ephone 1
          button 1:1

Note - as expected, every line ends "1", string we matched on.


. Regular Expression:
The "." matches any single character.

For example:
0.0 matches 0x0 and 020
t..t matches strings such as test, text, and tart

On a router, let’s look for all lines that end in 0 and another single character:

          Router#sh run | include 0.$
          ! Last configuration change at 15:27:21 UTC Wed Jan 24 2007
          ! NVRAM config last updated at 14:25:01 UTC Wed Jan 24 2007
          load 7960-7940 P0S3-07-4-00
          number 1100
          number 1101
          clock rate 2000000
          destination-pattern 1000
          load 7910 P00405000700
          ip source-address 10.1.1.1 port 2000
          number 1000
          number 1001
          scheduler allocate 20000 1000
         
Note: All the lines end with 0 and another single character.


_ Regular Expression:
This replaces a long regular expression list by matching a comma (,), left brace ({), right brace (}), the beginning of the input string, the end of the input string, or a space.

The characters _1400_ can match any of the following strings:
          ^1400$
          ^1400space
          space1400
          {1400,
          ,1400,
          {1400}
          ,1400,

We are going to use it looking for a space - in the following example, we are looking for loopback interfaces with 2:

          Router#show ip route | include k2
          C 192.168.12.0/24 is directly connected, Loopback2
          C 192.168.31.0/24 is directly connected, Loopback21
          C 192.168.30.0/24 is directly connected, Loopback20
          C 192.168.32.0/24 is directly connected, Loopback22
         
If however, we use the "_" character we see the following:

          Router#show ip route | include k2_
          C 192.168.12.0/24 is directly connected, Loopback2

Note: Only loopback interface 2 is displayed.


[ ] Regular Expression:
This matches the characters or a range of characters separated by a hyphen, within left and right square brackets.
[02468w] matches for example 0, 4, and w, but not 1, 9, or K

On a router we can demonstrate as follows:

          Router#show ip route | include k[1-9]
          C 192.168.12.0/24 is directly connected, Loopback2
          C 192.168.29.0/24 is directly connected, Loopback19
          C 192.168.28.0/24 is directly connected, Loopback18
          C 192.168.13.0/24 is directly connected, Loopback3
          C 192.168.14.0/24 is directly connected, Loopback4
          C 192.168.31.0/24 is directly connected, Loopback21
          C 192.168.30.0/24 is directly connected, Loopback20
          C 192.168.15.0/24 is directly connected, Loopback5
          C 192.168.25.0/24 is directly connected, Loopback15
          C 192.168.24.0/24 is directly connected, Loopback14
          C 192.168.27.0/24 is directly connected, Loopback17
          C 192.168.26.0/24 is directly connected, Loopback16
          C 192.168.11.0/24 is directly connected, Loopback1
          C 192.168.21.0/24 is directly connected, Loopback11
          C 192.168.20.0/24 is directly connected, Loopback10
          C 192.168.23.0/24 is directly connected, Loopback13
          C 192.168.22.0/24 is directly connected, Loopback12
          C 192.168.17.0/24 is directly connected, Loopback7
          C 192.168.16.0/24 is directly connected, Loopback6
          C 192.168.19.0/24 is directly connected, Loopback9
          C 192.168.32.0/24 is directly connected, Loopback22
          C 192.168.18.0/24 is directly connected, Loopback8
         
However, if we combine this with the "_" character:

          Router#show ip route | include k[1-9]_
          C 192.168.12.0/24 is directly connected, Loopback2
          C 192.168.13.0/24 is directly connected, Loopback3
          C 192.168.14.0/24 is directly connected, Loopback4
          C 192.168.15.0/24 is directly connected, Loopback5
          C 192.168.11.0/24 is directly connected, Loopback1
          C 192.168.17.0/24 is directly connected, Loopback7
          C 192.168.16.0/24 is directly connected, Loopback6
          C 192.168.19.0/24 is directly connected, Loopback9
          C 192.168.18.0/24 is directly connected, Loopback8
         

| Regular Expression:
Use the | as a logical or statement.
Matches one of the characters or character patterns on either side of the vertical bar.
A(B|C)D matches ABD and ACD, but not AD, ABCD, ABBD, or ACCD

As an example, if you want to look for a route in the routing table that contains routes with 10 or 20 in it:
          Router#show ip route | include 10|20
          C 192.168.10.0/24 is directly connected, Loopback0
          C 192.168.20.0/24 is directly connected, Loopback10


\ Regular Expression:
Use this if the following character is not a wildcard, but an actual character you are looking for.

As an example, if you do the following:

          Router#show running-config | include 10..

The result you get is:

          network 10.1.1.0 255.255.255.0
          option 150 ip 10.1.1.1
          default-router 10.1.1.1
          source-address 10.1.1.1 port 5060
          ip address 10.1.1.1 255.255.255.0
          destination-pattern 10..
          session target ipv4:10.1.1.1
          session target ipv4:10.1.1.6
          session target ipv4:10.1.1.11
          session target ipv4:10.1.1.16
          session target ipv4:10.1.1.21
          session target ipv4:10.1.1.26
          session target ipv4:10.1.1.31
          session target ipv4:10.1.1.36
          session target ipv4:10.1.1.41
          dial-peer voice 10 voip
          session target ipv4:10.1.1.46
          session target ipv4:10.1.1.51
          session target ipv4:10.1.1.56
          session target ipv4:10.1.1.61
          session target ipv4:10.1.1.66
          registrar ipv4:10.1.1.1 expires 60
          load 7910 P00405000700
          --More--

If you changed it to the following:

          Router#show running-config | include 10..$

The result is:

          destination-pattern 10..
          number 1000
          number 1001
          scheduler allocate 20000 1000

But if we now change it to use the "\" character, we can tell the router that we are actually looking for a ".", not using it as a wildcard:

          Router#show running-config | include 10\.\.

The result now is:

          destination-pattern 10..

Here is another example:

          Router#sh ip route | include \.20|\.10

This will look for anything entries in the routing table that contain a . followed by 20 or 10 (looking for the . in the IP address)

The result is:

          C 192.168.10.0/24 is directly connected, Loopback0
          C 192.168.20.0/24 is directly connected, Loopback10


? Regular Expression:
This matches zero or one occurrence of the pattern. (Remember to precede the question mark with Ctrl-V sequence to prevent it from being interpreted as a help command.)
ba?b matches bb and bab

          route-views.oregon-ix.net>show ip route | include 25?5

          B     216.221.5.0/24 [20/2954] via 208.51.134.254, 1w1d          <========= 25 is matched
          B     210.51.225.0/24 [20/0] via 203.62.252.186, 2w3d
          B     204.255.51.0/24 [20/4294967294] via 144.228.241.81, 3w5d           <========= 255 is matched
          B     203.34.233.0/24 [20/0] via 203.62.252.186, 3w5d
          B     192.68.132.0/24 [20/0] via 216.218.252.145, 3w5d
          B     222.35.252.0/24 [20/559] via 64.125.0.137, 1w0d
          B     212.205.24.0/24 [20/7549] via 64.125.0.137, 2d05h
          B     212.103.178.0/24 [20/0] via 216.218.252.145, 2w3d
          B     209.50.226.0/24 [20/124] via 64.125.0.137, 3w5d
          B     208.50.227.0/24 [20/3107] via 208.51.134.254, 1d22h
          B     203.254.52.0/24 [20/0] via 213.140.32.146, 1w1d
          B     203.1.203.0/24 [20/0] via 203.62.252.186, 3d03h
          B     202.171.96.0/24 [20/361] via 129.250.0.11, 5d19h


+ Regular Expression:
This matches one or more sequences of the character preceding the plus sign.
5+ requires there to be at least one number 5 in the string to be matched

In this example we are searching for 0 followed by one or more 0's:

          Router#sh run | i 00+

          load 7960-7940 P0S3-07-4-00
          create profile sync 0002381328447097
          number 1100
          id mac 0003.6B8B.174A
          clock rate 2000000
          tftp-server flash:P0S3-07-4-00.bin
          tftp-server flash:P003-07-4-00.bin
          tftp-server flash:P0S3-07-4-00.loads
          tftp-server flash:P003-07-4-00.sbn
          tftp-server flash:P0S3-07-4-00.sb2
          tftp-server flash:P00405000700.bin
          tftp-server flash:P00405000700.sbn
          tftp-server flash:P0030702T023.bin
          tftp-server flash:P0030702T023.loads
          tftp-server flash:P0030702T023.sb2
          tftp-server flash:P0030702T023.sbn
          load 7910 P00405000700
          load 7960-7940 P0030702T023
          ip source-address 10.1.1.1 port 2000
          create cnf-files version-stamp 7960 Jan 28 2007 14:22:09
          number 1000
          number 1001

[] Regular Expression:
Nest characters for matching. Separate endpoints of a range with a dash (-).
(18)* matches any number of the two-character string 18
([A-Za-z][0-9])+ matches one or more instances of letter-digit pairs: b8 and W4, as examples

          Router#sh run | i ([A-Za-z][0-9])+

          allow-connections h323 to sip
          allow-connections sip to h323
          load 7960-7940 P0S3-07-4-00
          id mac 0003.6B8B.174A
          codec g711ulaw
          interface Loopback0
          interface Loopback1
          interface Loopback2
          interface Loopback3
          interface Loopback4
          interface Loopback5
          interface Loopback6
          interface Loopback7
          interface Loopback8
          interface Loopback9
          interface Loopback10
          interface Loopback11
          interface Loopback12
          interface Loopback13
          interface Loopback14
          interface Loopback15

* Regular Expression:
Matches zero or more sequences of the character preceding the asterisk. Also acts as a wildcard for matching any number of characters.
0* matches any occurrence of the number 0 including none

10\..* matches the characters 10. and any characters that follow 10.


          Router#sh run | i 10\..*

          network 10.1.1.0 255.255.255.0
          option 150 ip 10.1.1.1
          default-router 10.1.1.1
          source-address 10.1.1.1 port 5060
          ip address 192.168.10.1 255.255.255.0
          ip address 10.1.1.1 255.255.255.0
          destination-pattern 10..
          session target ipv4:10.1.1.1
          session target ipv4:10.1.1.6
          session target ipv4:10.1.1.11
          session target ipv4:10.1.1.16
          session target ipv4:10.1.1.21
          session target ipv4:10.1.1.26
          session target ipv4:10.1.1.31
          session target ipv4:10.1.1.36
          session target ipv4:10.1.1.41
          session target ipv4:10.1.1.46
          session target ipv4:10.1.1.51
          session target ipv4:10.1.1.56
          session target ipv4:10.1.1.61
          session target ipv4:10.1.1.66

In this section we learnt about the different regular expressions and saw some examples. In the next section, let’s use regular expressions on an Internet Backbone router.
 

 
Get a router to phone you
By David Bombal

There are many hidden commands in the IOS. In this newsletter we look at the hidden IOS command that gets a router to call you.

The command is "csim start <telephone number>". I have found this command to be extremely useful for troubleshooting and testing PRI circuits. Especially if I am telneting to a remote router. It will allow you to get the router to call your cell/mobile phone as an example to make sure that there circuit to the PSTN is functioning and that you have configured things correctly.

Note: This command relies on dial peers being correctly configured on the router.

Here is an example - this example sends all calls that start with a 9 out of the PRI at 0/0/0

         enable
         conf t
         dial-peer voice 1000 pots
         destination-pattern 9T
         port 0/0/0:15


         Router#csim start 902071231000

The router will call 902071231000 out of PRI 0/0/0
 
Your questions answered: How to stop password recovery
By David Bombal

Question:

        Hi David.       

        How do I disable Password Recovery? (Which version does it apply to?)       

        Regards
        Kenneth

Answer:

Kenneth,

Thanks for your question. The command to stop password recovery is "no service password-recovery".

The "no service password-recovery" feature is a security enhancement that prevents anyone with console access from accessing the router configuration and clearing the password and gaining access to the router's configuration.

Please note that they will still be able to reset the router to factory defaults, but will not gain access to the configuration. It will also prevent anyone from changing the configuration register values and accessing NVRAM.

Normally when doing password recovery you are able to get into privileged mode and copy the startup config to running config - for a demonstration on how to do a password recovery, please go here: http://www.ConfigureTerminal.com/free/PasswordRecovery/PasswordRecovery.html

 

Visual DEMO:

 

 

DEMO of Password Recovery on a live router

 

 
 

 

This feature was introduced in 12.3(8)YA and integrated in 12.3(14)T.

It is recommended that you save a copy of the system configuration file in another location from the switch or router. If you are using a switch that is operating in VTP transparent mode, it is also recommend that save a copy of the vlan.dat file in another location from the switch. (You still may want to use that config at some point).

To enable this, do the following:
enable
configure terminal
config-register 0x2102
service password-recovery

To recover a device once the "no service password-recovery" has been enabled, press the Break key within 5 seconds after the image decompresses during boot. You are prompted to confirm the Break key action. When you confirm the action, the startup configuration is erased, the password-recovery procedure is enabled, and the router boots with the factory default configuration.


 
Searching for specific text using linenum and includes
 By David Bombal
 

Here we are combining two powerful IOS commands to save time when searching for text.

If you want to learn more about the individual commands, please get download our "Cool IOS Commands" EBook from http://www.ConfigureTerminal.com/Cool_IOS_Commands.html

In this example, we are looking to see if a dial-peer with a destination pattern of 1000 has been created, and we want to see what dial-peer number it is using. The first command we will use is:

         show run linenum | include 1000

This will display the text with the destination pattern as follows:

         Router#show run linenum | include 1000
         254 : destination-pattern 1000
         280 : number 1000
         306 : scheduler allocate 20000 1000

We can see that the destination pattern command is on line 254. Now we can do a show run starting with line number 253:

         Router#show run linenum | begin 253
         253 : dial-peer voice 1321 voip
         254 : destination-pattern 1000
         255 : session target ipv4:10.1.1.6

Thus we can see that the dial peer number used is 1321.

There are many cases where this can be used; another example would be with IPSec crypto maps or ISAKMP policies.

These commands can be used in many cases to save time when searching for text.

 

 
Do you have a question for David Bombal?

Drop him a line at QuestionsForDavid@ConfigureTerminal.com -- and you might see your question answered in an upcoming issue of the www.ConfigureTerminal.com Networking Tips Newsletter!
 
Tell us what you think!

We'd love to hear what you think of this issue!

Please send your comments, questions, and ideas for upcoming issues to us at:

         NewsletterSuggestions@ConfigureTerminal.com

Your feedback matters to us!

 
To contact us...

If you have any questions, email info@ConfigureTerminal.com
 
If you have received this mailing in error, or if you no longer wish to receive email from Network Experts Limited, please send a e-mail with the word "unsubscribe" in the title to unsubscribe@ConfigureTerminal.com You will be automatically excluded from any future mailings including our "ConfigureTerminal.com Networking Tips" Newsletter that shares tons of free Networking tips, tricks, and techniques.

Please remember to include the email address we have contacted you at, so that we can complete your request without delay .

Network Experts Limited
2 Minton Place
Victoria Road
Bicester
OX26 6QB

Copyright 2003-2007 by Network Experts Limited.

All information contained in this newsletter is subject to the terms and conditions posted on our website here

All rights reserved.

www.ConfigureTerminal.com