blog
    Using the "show parser du ...
    22 January 09

    Using the "show parser dump" command

    Posted byBrian McGahan
    facebooktwitterlinkedin
    news-featured

    As we well know, one of the best features of Cisco IOS is the parser’s context sensitive help and tab-completion when typing in configuration or verification commands. One of the lesser known features related to this, however, is the ability to view all officially supported commands available in the parser on a per-mode basis on the CLI via the show parser dump command.

    show parser dump lists all commands in exec mode, global configuration mode, route-map mode, etc. prefixed by the privilege level of the command. This includes the negation (e.g. “no router rip”) and the default (e.g. “default interface”) in addition to the actual command and its arguments. The advantage of this output is that you can quickly find the complete syntax for a command, or set of commands, just by filtering through the parser dump.

    For example let’s take a look at the output of the “show parser dump route-map”, which shows us all commands under the route-map subconfiguration mode.

    Router#show parser dump route-map
    Mode Name :route-map
    0 no description <string>
    0 no description
    0 no description
    0 no match interface <interface>
    0 no match interface
    0 no match interface
    0 no match metric external <1-4294967295> +- <1-4294967295>
    0 no match metric external <1-4294967295> +- <1-4294967295>
    0 no match metric external <1-4294967295>
    0 no match metric external <1-4294967295>
    0 no match metric external
    0 no match metric <1-4294967295> +- <1-4294967295>
    0 no match metric <1-4294967295> +- <1-4294967295>
    0 no match metric <1-4294967295>
    0 no match metric <1-4294967295>
    0 no match metric
    [output omitted]
    0 default description <string>
    0 default description
    0 default description
    0 default match interface <interface>
    0 default match interface
    0 default match interface
    0 default match metric external <1-4294967295> +- <1-4294967295>
    0 default match metric external <1-4294967295> +- <1-4294967295>
    0 default match metric external <1-4294967295>
    0 default match metric external <1-4294967295>
    0 default match metric external
    0 default match metric <1-4294967295> +- <1-4294967295>
    0 default match metric <1-4294967295> +- <1-4294967295>
    0 default match metric <1-4294967295>
    0 default match metric <1-4294967295>
    0 default match metric
    [output omitted]
    15 description <string>
    15 description
    15 description
    15 match interface <interface>
    15 match interface
    15 match interface
    15 match metric external <1-4294967295> +- <1-4294967295>
    15 match metric external <1-4294967295> +- <1-4294967295>
    15 match metric external <1-4294967295>
    15 match metric external <1-4294967295>
    15 match metric external
    15 match metric <1-4294967295> +- <1-4294967295>
    15 match metric <1-4294967295> +- <1-4294967295>
    15 match metric <1-4294967295>
    15 match metric <1-4294967295>
    15 match metric
    [output omitted]

    Note that in the above output the commands are listed redundantly with both the prefixes “no” and “clear”, in addition to the actual command. The number at the beginning of the line is the command’s privilege level, which means that to issue the “no match interface” command you must have at least privilege level 0, but to actually issue the “match interface” command, you must be at privilege level 15.

    One way to cut down on unnecessary output, while still keeping it useful, is to filter the output to only include lines that start with “15”, such as follows:

    Router#show parser dump route-map | include ^15_
    15 description <string>
    15 description
    15 description
    15 match interface <interface>
    15 match interface
    15 match interface
    15 match metric external <1-4294967295> +- <1-4294967295>
    15 match metric external <1-4294967295> +- <1-4294967295>
    15 match metric external <1-4294967295>
    15 match metric external <1-4294967295>
    15 match metric external
    15 match metric <1-4294967295> +- <1-4294967295>
    15 match metric <1-4294967295> +- <1-4294967295>
    15 match metric <1-4294967295>
    15 match metric <1-4294967295>
    15 match metric
    15 match tag <0-4294967295>
    15 match tag
    15 match tag
    15 match route-type internal
    15 match route-type external type-1
    15 match route-type external type-2
    15 match route-type external
    [output omitted]

    From this we can see that there is much less output than before, but we still maintain all the necessary commands we want to see. Here’s another example, where we look for all OSPF related commands at the interface level:

    Router#show parser dump interface | include ^15_(.*)ospf
    15 ip ospf authentication
    15 ip ospf authentication-key
    15 ip ospf message-digest-key <1-255>
    15 ip ospf network
    15 ip ospf cost <1-65535>
    15 ip ospf resync-timeout <1-65535>
    15 ip ospf hello-interval <1-65535>
    15 ip ospf dead-interval
    15 ip ospf priority <0-255>
    15 ip ospf retransmit-interval <1-65535>
    15 ip ospf transmit-delay <1-65535>
    15 ip ospf lls
    15 ip ospf flood-reduction
    15 ip ospf demand-circuit
    15 ip ospf mtu-ignore
    15 ip ospf database-filter
    15 ip ospf <1-65535> area <address> secondaries none
    15 ip ospf <1-65535> area <address>
    15 ip ospf <1-65535> area <0-4294967295>
    15 ip ospf authentication
    15 ip ospf authentication-key
    15 ip ospf message-digest-key <1-255>
    15 ip ospf network
    15 ip ospf cost <1-65535>
    15 ip ospf resync-timeout <1-65535>
    15 ip ospf hello-interval <1-65535>
    15 ip ospf dead-interval
    15 ip ospf priority <0-255>
    15 ip ospf retransmit-interval <1-65535>
    15 ip ospf transmit-delay <1-65535>
    15 ip ospf lls
    15 ip ospf flood-reduction
    15 ip ospf demand-circuit
    15 ip ospf mtu-ignore
    15 ip ospf database-filter
    15 ip ospf <1-65535> area <address> secondaries none
    15 ip ospf <1-65535> area <address>
    15 ip ospf <1-65535> area <0-4294967295>
    15 ipv6 ospf authentication ipsec spi <256-4294967295>
    15 ipv6 ospf authentication null
    15 ipv6 ospf network
    15 ipv6 ospf cost <1-65535>
    15 ipv6 ospf hello-interval <1-65535>
    15 ipv6 ospf dead-interval <1-65535>
    15 ipv6 ospf priority <0-255>
    15 ipv6 ospf retransmit-interval <1-65535>
    15 ipv6 ospf transmit-delay <1-65535>
    15 ipv6 ospf flood-reduction
    15 ipv6 ospf demand-circuit
    15 ipv6 ospf mtu-ignore
    15 ipv6 ospf database-filter
    15 ipv6 ospf neighbor <address>
    15 ipv6 ospf neighbor <address> cost <1-65535>
    15 ipv6 ospf neighbor <address> database-filter all out
    15 ipv6 ospf neighbor <address>
    15 ipv6 ospf neighbor <address> priority <0-255>
    15 ipv6 ospf neighbor <address> poll-interval <0-4294967295>
    15 ipv6 ospf neighbor <address>
    15 ipv6 ospf <1-65535> area <address> instance <0-255>
    15 ipv6 ospf <1-65535> area <address>
    15 ipv6 ospf <1-65535> area <0-4294967295>

    Note that this included both OSPFv2 and OSPFv3 commands (IPv4 vs. IPv6) since I didn’t limit the output just to “ip ospf”. Another great example for this is IPSec related commands in global configuration. These commands generally include the words “crypto”, “ipsec”, or “isakmp”. With the below output we can look for any iteration of this. Note that since the regular expression is fairly complex, the CPUHOG message appears that the exec process is becoming CPU intensive:

    Router#show parser dump configure | include ^15_(.*)((crypto)|(ipsec)|(isakmp))
    

    *Jan 19 11:31:52.032: %SYS-3-CPUHOG: Task is running for (2004)msecs, more than (2000)msecs (0/0),process = Exec.
    -Traceback= 0x8005B2A4 0x8005B9F8 0x8006911C 0x8006A778 0x8006A250 0x811AB110 0x811AB004 0x811AB570 0x811A470C 0x811A39E8 0x811C3974 0x80244E10 0x80248504
    *Jan 19 11:31:54.035: %SYS-3-CPUHOG: Task is running for (4007)msecs, more than (2000)msecs (0/0),process = Exec.
    -Traceback= 0x80065318 0x8006A630 0x8006A250 0x811AB110 0x811AB004 0x811AB570 0x811A470C 0x811A39E8 0x811C3974 0x80244E10 0x80248504
    *Jan 19 11:31:54.187: %SYS-3-CPUYLD: Task ran for (4156)msecs, more than (2000)msecs (0/0),process = Exec

    *Jan 19 11:32:32.538: %SYS-3-CPUHOG: Task is running for (2003)msecs, more than (2000)msecs (0/0),process = Exec.
    -Traceback= 0x8006A40C 0x8006A250 0x811AB110 0x811AB004 0x811AB570 0x811A470C 0x811A39E8 0x811C3974 0x80244E10 0x80248504
    *Jan 19 11:32:34.541: %SYS-3-CPUHOG: Task is running for (4006)msecs, more than (2000)msecs (0/0),process = Exec.
    -Traceback= 0x8006A414 0x8006A250 0x811AB110 0x811AB004 0x811AB570 0x811A470C 0x811A39E8 0x811C3974 0x80244E10 0x80248504
    *Jan 19 11:32:34.606: %SYS-3-CPUYLD: Task ran for (4068)msecs, more than (2000)msecs (0/0),process = Exec15 ip nbar port-map ipsec
    15 crypto pki token default max-retries
    15 crypto pki token default removal timeout
    15 crypto pki token default user-pin
    15 crypto pki token default secondary config
    15 crypto pki token <string>
    15 crypto pki authenticate <string>
    15 crypto pki enroll <string> interface <string> use <string> password <string>
    15 crypto pki enroll <string> interface <string> use <string>
    15 crypto pki enroll <string>
    15 crypto pki enroll
    15 crypto pki import <string> pkcs12 terminal <string>
    15 crypto pki import <string> pkcs12 <URL>
    15 crypto pki import <string> pem usage-keys exportable terminal <string>
    15 crypto pki import <string> pem usage-keys exportable url <URL>
    15 crypto pki import <string> pem usage-keys
    15 crypto pki import <string> pem
    15 crypto pki import <string> certificate
    15 crypto pki export <string> pkcs12 terminal <string>
    15 crypto pki export <string> pkcs12 <URL>
    15 crypto pki export <string> pem terminal 3des <string>
    15 crypto pki export <string> pem terminal des
    15 crypto pki export <string> pem terminal
    15 crypto pki export <string> pem url <URL>
    15 crypto pki crl request <string>
    15 crypto pki certificate query
    15 crypto pki certificate map <string>
    15 crypto pki certificate map <string> <1-65535>
    15 crypto pki certificate validate <string>
    15 crypto ca
    15 crypto provisioning petitioner
    15 crypto provisioning registrar
    15 crypto wui tti
    15 crypto engine software ipsec
    15 crypto engine nm <0-3>
    15 crypto engine onboard Number
    15 crypto engine aim Number
    15 crypto engine em <0-3>
    15 crypto engine slot Number
    15 crypto engine accelerator
    15 crypto engine accelerator Number
    15 crypto key generate rsa usage-keys label <string> modulus <360-2048> exportable
    15 crypto key generate rsa usage-keys label <string> modulus <360-2048>
    15 crypto key generate rsa usage-keys label <string>
    15 crypto key generate rsa usage-keys
    15 crypto key generate rsa general-keys
    15 crypto key generate rsa
    15 crypto key generate
    15 crypto key zeroize rsa <string>
    15 crypto key zeroize rsa
    15 crypto key zeroize
    15 crypto key export rsa <string> pem terminal 3des <string>
    15 crypto key export rsa <string> pem terminal des
    15 crypto key export rsa <string> pem url <URL>
    15 crypto key import rsa <string> pem usage-keys exportable terminal <string>
    15 crypto key import rsa <string> pem usage-keys exportable url <URL>
    15 crypto key import rsa <string> pem usage-keys
    15 crypto key import rsa <string> pem
    15 crypto key pubkey-chain rsa
    15 crypto key encrypt write rsa name <string> passphrase <string>
    15 crypto key encrypt write rsa name <string>
    15 crypto key encrypt write rsa
    15 crypto key encrypt
    15 crypto key decrypt write rsa name <string> passphrase <string>
    15 crypto key decrypt write rsa name <string>
    15 crypto key decrypt write rsa
    15 crypto key decrypt
    15 crypto keyring <string> vrf <string>
    15 crypto keyring <string>
    15 crypto xauth <interface>
    15 crypto logging session
    15 crypto isakmp aggressive-mode disable
    15 crypto isakmp invalid-spi-recovery
    15 crypto isakmp policy <1-10000>
    15 crypto isakmp key <string> hostname <string> no-xauth
    15 crypto isakmp key <string> hostname <string>
    15 crypto isakmp key <string> address <address> <address>
    15 crypto isakmp key <string> address <address>
    15 crypto isakmp key <string>
    15 crypto isakmp key <0-9>
    15 crypto isakmp key
    15 crypto isakmp key
    15 crypto isakmp identity
    15 crypto isakmp keepalive
    15 crypto isakmp client configuration address-pool local
    15 crypto isakmp client configuration group <string>
    15 crypto isakmp xauth timeout
    15 crypto isakmp peer hostname <string> vrf <string>
    15 crypto isakmp peer hostname <string>
    15 crypto isakmp peer address <address>
    15 crypto isakmp nat keepalive
    15 crypto isakmp profile <string>
    15 crypto ipsec optional retry
    15 crypto ipsec optional
    15 crypto ipsec security-association lifetime seconds
    15 crypto ipsec security-association lifetime seconds
    15 crypto ipsec security-association lifetime kilobytes
    15 crypto ipsec security-association idle-time
    15 crypto ipsec security-association idle-time default
    15 crypto ipsec security-association idle-time
    15 crypto ipsec security-association replay disable
    15 crypto ipsec security-association replay disable
    15 crypto ipsec security-association replay window-size
    15 crypto ipsec security-association replay window-size
    15 crypto ipsec transform-set <string>
    15 crypto ipsec fragmentation
    15 crypto ipsec df-bit
    15 crypto ipsec nat-transparency spi-matching
    15 crypto ipsec nat-transparency udp-encapsulation
    15 crypto ipsec profile <string>
    15 crypto identity <string>
    15 crypto call admission limit ike sa
    15 crypto mib ipsec flowmib history tunnel size
    15 crypto mib ipsec flowmib history failure size
    15 crypto dynamic-map <string> <1-65535>
    15 crypto dynamic-map <string>
    15 crypto dynamic-map <string> <1-65535>
    15 crypto map <string> <1-65535>
    15 crypto map <string>
    15 crypto map <string> <1-65535> ipsec-manual
    15 crypto map <string> <1-65535> ipsec-isakmp dynamic <string> discover
    15 crypto map <string> <1-65535> ipsec-isakmp dynamic <string>
    15 crypto map <string> <1-65535> ipsec-isakmp profile <string>
    15 crypto map <string> <1-65535> ipsec-isakmp
    15 crypto map <string> <1-65535>
    15 crypto map <string> local-address
    15 crypto map <string> redundancy replay-interval inbound <0-1000> outbound <1000-100000>
    15 crypto map <string> client configuration address initiate
    15 crypto map <string> client authentication list
    15 crypto map <string> client accounting list
    15 crypto map <string> isakmp authorization list
    15 crypto map <string> isakmp-profile
    15 ip mobile tunnel crypto
    15 snmp-server enable traps isakmp policy add
    15 snmp-server enable traps isakmp policy delete
    15 snmp-server enable traps isakmp tunnel start
    15 snmp-server enable traps isakmp tunnel stop
    15 snmp-server enable traps ipsec cryptomap add
    15 snmp-server enable traps ipsec cryptomap delete
    15 snmp-server enable traps ipsec cryptomap attach
    15 snmp-server enable traps ipsec cryptomap detach
    15 snmp-server enable traps ipsec tunnel start
    15 snmp-server enable traps ipsec tunnel stop
    15 snmp-server enable traps ipsec too-many-sas
    15 snmp-server host <string> vrf <string> traps version 1 <string> isakmp
    15 snmp-server host <string> vrf <string> traps version 1 <string> ipsec

    For outputs that you want to reference frequently, like the “crypto” output above if you are in the CCIE Security Lab Exam, you can either log your output to a file through your terminal emulation software, or you can redirect the output to a file in flash, as seen below.

    Router#show parser dump router router.output.dump
    Router#dir flash:
    Directory of flash:/

    1 -rw- 29925948 <no date> c2600-adventerprisek9-mz.124-17.bin
    2 -rw- 289862 Aug 29 2008 08:17:36 +00:00 crashinfo_20080829-081736
    7 -rw- 55690 <no date> router.output.dump

    49807356 bytes total (19478896 bytes free)

    Router#more flash:router.output.dump | include ^15_(.*)eigrp
    15 distance eigrp
    15 eigrp router-id
    15 eigrp stub
    15 eigrp log-neighbor-changes
    15 eigrp log-neighbor-warnings <1-65535>
    15 eigrp log-neighbor-warnings
    15 eigrp event-logging
    15 eigrp event-log-size
    15 distance eigrp
    15 eigrp router-id
    15 eigrp stub
    15 eigrp log-neighbor-changes
    15 eigrp log-neighbor-warnings <1-65535>
    15 eigrp log-neighbor-warnings
    15 eigrp event-logging
    15 eigrp event-log-size
    15 distance eigrp
    15 eigrp router-id
    15 eigrp stub
    15 eigrp log-neighbor-changes
    15 eigrp log-neighbor-warnings <1-65535>
    15 eigrp log-neighbor-warnings
    15 eigrp event-logging
    [output omitted]
    </pre>

    Hey! Don’t miss anything - subscribe to our newsletter!

    © 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo