Regex in Cisco IOS
Regular expressions, or regex, are templates to match text patterns. They provide a way to describe and parse text, and provide a flexible means of contructing highly tuned searches and functions on large sets of data.
Regular expressions have two classes of characters; Pattern Characters, those that make up the section of data that you are matching against, and Metacharacters...
Regex Cheat Sheet
Regular Expressions use Metacharacters to build the expression statement. General Metacharacters that can be used anywhere in the expression are as follows:
\
: general escape character with several uses
^
: assert start of string (or line, in multiline mode)
$
: assert end of string (or line, in multiline mode)
.
: match any character except newline (by default)
[
: start character class definition
|
: start of alternative branch
(
: start subpattern
)
: end subpattern
?
: extends the meaning of (
\*
: 0 or more quantifier
\+
: 1 or more quantifier
{
: start min/max quantifier
Part of a pattern that is in square brackets is called a "character class". Metacharacters that can be used within a character class are as follows:
\
: general escape character
^
: negate the class, but only if the first character
-
: indicates character range
[
: POSIX character class (only if followed by POSIX syntax)
]
: terminates the character class
Examples
/^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/
The above will match any URL beginning with "http", "https" or nothing. Next is the domain name: one or more numbers, letters, dots, or hypens followed by another dot then two to six letters or dots. The following section is the optional files and directories. Inside the group, we want to match any number of forward slashes, letters, numbers, underscores, spaces, dots, or hyphens.
^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
The above looks terrifying, but in actual fact this is nothing more than an expression to match an IPv4 address. 4 dot-seperated octets of 3 characters each ranging from 0-9 each, but together not exceeding the maximum byte size of 255. The ^ and $ containing the expression can be removed to find IPv4 addresses within lines.
The above examples outline just how powerful and malleable regular expressions can be. Regex can be used in code, in text editing and parsing and even on the commandline.
Following are some useful examples for how you can put regular expressions to work on the Cisco CLI...
Useful regular expressions for Cisco Troubleshooting
router#show run | i ^interface|^_ip address
This will match all lines in the running config that start with "interface" or " ip address" (note the underscore representing the space). This is useful for displaying all IP interfaces with their subnet masks intact, and because this is pulled from the running config it is easily usable for pasting to make configuration changes.
router#show ip int brief | e unassigned
Shows you all of the IP-capable interfaces on the box, except for the ones that have not been assigned an IP address. I use this often, especially on big switch/routers where most of the physical interfaces do not have an IP addresses, but the SVIs do.
router#show run | i ip route.*Serial1/1
Shows you all static routes in your configuration pointing out Serial1/1, no matter what they are. Substitute your own interface name. Useful if you’re doing clean up after decommissioning an interface where you didn’t run a dynamic routing protocol.
router#show int status | i Gi[2-6]/20
! Shows you the status of all port 20s in slots 2-6 of a chassis with gig cards. Putting the 2-6 in square brackets is a regex telling the parser that any character that’s 2 through 6 inclusive is a match.
router#show int status | i Gi[246]/20
Shows you the status of all port 20s in slots 2, 4, and 6 of a chassis with gig cards. Here, [246] tells the parser that values 2, 4, or 6 are all matches for that position.
router#show int status | i Gi./2_
Shows you the status of all ports ending in 2. The underscore represents a space, so this makes sure you don’t get a match for “20” or “22” when all you really want is “2”. The dot is a wildcard, allowing for any single character in that position. If you want to match a random number of additional wildcard characters, follow the dot with an asterisk.
router#show int status | i Gi7/(29|3[0-9])
bash
Shows you the status of all ports in slot 7, 29 – 39 inclusive. You get the “Gi7/”, right? No regex magic there. The “29|” could be translated “29 or”. The “3[0-9]” could be translated “3 followed by any of the digits 0 through 9 inclusive”. Put it all together, and you get a match for any line containing Gi7/, followed by 29 or 30-39.
router#show int status | i _101_
Displays all lines contain the number 101 with a leading and trailing space. Useful if you want to show all the ports in a particular VLAN, in this case 101.
router#show int status | i a-100_|_100_
Displays all the ports that are running at 100Mbps, whether statically defined or auto-negotiated. Will also match interfaces in Vlan100, though. Sadly, Cisco does not allow you to double pip within IOS, else a second pip could match on the VLAN line to filter.
router#show interface | i line|escription|bits
Presents all interfaces, their descriptions, and the bits per second flowing through them, both input and output. Does not distinguish between up/down status.
router#sh ip int br | i 192\.168\.[8-11]\.
This will filter your "show ip int brief" output to return only interfaces matching lines containing IPs within 192.168.8.0/22. This is useful for troubleshooting issues within specific network ranges.
router#show bgp regexp ^[0-9]+_[0-9]+$
Shows all prefixes in BGP table with AS-Path length of 2.
router#show ip route vrf *
To view the routing tables of all configured VRFs.
router#show mac-address-table | i (.*)\.(.*)\.1234
Track down the associated interface in the CAM-table for a specific MAC-address ending in "1234".
I hope this has been a useful and insightful introduction to basic regular expression construction.
Thanks for reading!