Configuration Fundamentals Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Using the Cisco IOS Command-Line Interface
Using the Cisco IOS Command-Line Interface
Last Updated: December 14, 2012
The Cisco IOS command-line interface (CLI) is the primary user interface used for configuring, monitoring, and maintaining Cisco devices. This user interface allows you to directly and simply execute Cisco IOS commands, whether using a router console or terminal, or using remote access methods.
This chapter describes the basic features of the Cisco IOS CLI and how to use them. Topics covered include an introduction to Cisco IOS command modes, navigation and editing features, help features, and command history features.
Additional user interfaces include Setup mode (used for first-time startup), the Cisco Web Browser, and user menus configured by a system administrator. For information about Setup mode, see Using Setup Mode to Configure a Cisco Networking Device and Using AutoInstall to Remotely Configure Cisco Networking Devices. For information on issuing commands using the Cisco Web Browser, see "Using the Cisco Web Browser User Interface". For information on user menus, see "Managing Connections, Menus, and System Banners".
For a complete description of the user interface commands in this chapter, see the Cisco IOS Configuration Fundamentals Command Reference. To locate documentation of other commands that appear in this chapter, use the Cisco IOS Master Command List, All Releases .
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco IOS XE CLI Command Modes Overview
To aid in the configuration of Cisco devices, the Cisco IOS XE command-line interface is divided into different command modes. Each command mode has its own set of commands available for the configuration, maintenance, and monitoring of router and network operations. The commands available to you at any given time depend on the mode you are in. Entering a question mark (?) at the system prompt (router prompt) allows you to obtain a list of commands available for each command mode.
The use of specific commands allows you to navigate from one command mode to another. The standard order that a user would access the modes is as follows: user EXEC mode; privileged EXEC mode; global configuration mode; specific configuration modes; configuration submodes; and configuration subsubmodes.
When you start a session on a router, you generally begin in user EXEC mode, which is one of two access levels of the EXEC mode. For security purposes, only a limited subset of EXEC commands are available in user EXEC mode. This level of access is reserved for tasks that do not change the configuration of the router, such as determining the router status.
In order to have access to all commands, you must enter privileged EXEC mode, which is the second level of access for the EXEC mode. Normally, you must enter a password to enter privileged EXEC mode. In privileged EXEC mode, you can enter any EXEC command, because privileged EXEC mode is a superset of the user EXEC mode commands.
Most EXEC mode commands are one-time commands, such as show or more commands, which show the current configuration status, and clear commands, which clear counters or interfaces. EXEC mode commands are not saved across reboots of the router.
From privileged EXEC mode, you can enter global configuration mode. In this mode, you can enter commands that configure general system characteristics. You also can use global configuration mode to enter specific configuration modes. Configuration modes, including global configuration mode, allow you to make changes to the running configuration. If you later save the configuration, these commands are stored across router reboots.
From global configuration mode you can enter a variety of protocol-specific or feature-specific configuration modes. The CLI hierarchy requires that you enter these specific configuration modes only through global configuration mode. As an example, this chapter describes interface configuration mode, a commonly used configuration mode.
From configuration modes, you can enter configuration submodes. Configuration submodes are used for the configuration of specific features within the scope of a given configuration mode. As an example, this chapter describes the subinterface configuration mode, a submode of the interface configuration mode.
ROM monitor mode is a separate mode used when the router cannot boot properly. If your system (router, switch, or access server) does not find a valid system image to load when it is booting, the system will enter ROM monitor mode. ROM monitor (ROMMON) mode can also be accessed by interrupting the boot sequence during startup.
The following sections contain detailed information on these command modes:
Cisco IOS XE CLI Command Modes Overview follows these sections and summarizes the main Cisco IOS XE command modes.
Cisco IOS XE CLI Task List
To familiarize yourself with the features of the Cisco IOS XE CLI, perform any of the tasks described in the following sections:
Getting Context-Sensitive Help
Entering a question mark (?) at the system prompt displays a list of commands available for each command mode. You also can get a list of the arguments and keywords available for any command with the context-sensitive help feature.
To get help specific to a command mode, a command name, a keyword, or an argument, use any of the following commands:
Note that the system prompt will vary depending on which configuration mode you are in.
When context-sensitive help is used, the space (or lack of a space) before the question mark (?) is significant. To obtain a list of commands that begin with a particular character sequence, type in those characters followed immediately by the question mark (?). Do not include a space. This form of help is called word help, because it completes a word for you. For more information, see the "Completing a Partial Command Name " section later in this chapter.
To list keywords or arguments, enter a question mark (?) in place of a keyword or argument. Include a space before the?. This form of help is called command syntax help, because it shows you which keywords or arguments are available based on the command, keywords, and arguments you already have entered.
You can abbreviate commands and keywords to the number of characters that allow a unique abbreviation. For example, you can abbreviate the configureterminalcommand to configt. Because the abbreviated form of the command is unique, the router will accept the abbreviated form and execute the command.
Entering thehelp command (available in any command mode) will provide the following description of the help system:
Router# help Help may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must back up until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show pr?'.)
As described in the help command output, you can use the question mark (?) to complete a partial command name (partial help), or to obtain a list of arguments or keywords that will complete the current command.
The following example illustrates how the context-sensitive help feature enables you to create an access list from configuration mode.
Enter the letters co at the system prompt followed by a question mark (?). Do not leave a space between the last letter and thequestion mark. The system provides the commands that begin with co.
Router# co? configure connect copy
Enter the configure command followed by a space and aquestion mark to list the keywords for the command and a brief explanation:
Router# configure ? memory Configure from NV memory network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP network host terminal Configure from the terminal <cr>
The <cr> symbol ("cr" stands for carriage return) appears in the list to indicate that one of your options is to press the Return or Enter key to execute the command, without adding any keywords. In this example, the output indicates that your options for the configure command are configurememory (configure from NVRAM), configurenetwork (configure from a file on the network), configureoverwrite-network (configure from a file on the network and replace the file in NVRAM), or configureterminal (configure manually from the terminal connection). For most commands, the <cr> symbol is used to indicate that you can execute the command with the syntax you have already entered. However, the configure command is a special case, because the CLI will prompt you for the missing syntax:
Router# configure Configuring from terminal, memory, or network [terminal]? terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#
The default response for the ? prompt is indicated in the CLI output by a bracketed option at the end of the line. In the preceding example, pressing the Enter (or Return) key is equivalent to typing in the word "terminal."
Enter the configureterminal command to enter global configuration mode:
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#
The CLI provides error isolation in the form of an error indicator, a caret symbol ( ^). The ^ symbol appears at the point in the command string where the user has entered incorrect or unrecognized command syntax. For example, the caret symbol in the following output shows the letter that was mistyped in the command:
Router# configure terminal ^ % Invalid input detected at '^' marker. Router#
Note that an error message (indicated by the % symbol) appears on the screen to alert you to the error marker.
Enter the access-list command followed by a space and a question mark to list the available options for the command:
Router(config)# access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list
The two numbers within the angle brackets represent an inclusive range. Enter the access list number 99 and then enter another question mark to see the arguments that apply to the keyword and brief explanations:
Router(config)# access-list 99 ? deny Specify packets to reject permit Specify packets to forward
Enter the deny argument followed by a question mark (?)to list additional options:
Router(config)# access-list 99 deny ? A.B.C.D Address to match
Generally, uppercase letters represent variables (arguments). Enter the IP address followed by a question mark (?) to list additional options:
Router(config)# access-list 99 deny 172.31.134.0 ? A.B.C.D Mask of bits to ignore <cr>
In this output, A.B.C.D indicates that use of a wildcard mask is allowed. The wildcard mask is a method for matching IP addresses or ranges of IP addresses. For example, a wildcard mask of 0.0.0.255 matches any number in the range from 0 to 255 that appears in the fourth octet of an IP address.
Enter the wildcard mask followed by a question mark (?) to list further options:
Router(config)# access-list 99 deny 172.31.134.0 0.0.0.255 ? <cr>
The <cr> symbol by itself indicates there are no more keywords or arguments. Press Enter (or Return) to execute the command.:
Router(config)# access-list 99 deny 172.31.134.0 0.0.0.255
The system adds an entry to access list 99 that denies access to all hosts on subnet 172.31.134.0, while ignoring bits for IP addresses that end in 0 to 255.
Using the no and default Forms of Commands
Almost every configuration command has a no form. In general, use the no form to disable a feature or function. Use the command without the nokeyword to reenable a disabled feature or to enable a feature that is disabled by default. For example, IP routing is enabled by default. To disable IP routing, use the noiprouting form of the iprouting command. To reenable it, use the plain iprouting form. The Cisco IOS software command reference publications describe the function of the no form of the command whenever a no form is available.
Many CLI commands also have adefault form. By issuing the defaultcommand-name command, you can configure the command to its default setting. The Cisco IOS software command reference documents generally describe the function of the default form of the command when the default form performs a different function than the plain and no forms of the command. To see what default commands are available on your system, enter default? in the appropriate command mode.
Using Command History
The Cisco IOS CLI provides a history or record of commands that you have entered. This feature is particularly useful for recalling long or complex commands or entries, including access lists. To use the command history feature, perform any of the tasks described in the following sections:
Using CLI Editing Features and Shortcuts
A variety of shortcuts and editing features are enabled for the Cisco IOS CLI. The following subsections describe these features:
Moving the Cursor on the Command Line
The table below shows the key combinations or sequences you can use to move the cursor on the command line to make corrections or changes. Ctrl indicates the Control key, which must be pressed simultaneously with its associated letter key. Esc indicates the Escape key, which must be pressed first, followed by its associated letter key. Keys are not case sensitive. Many letters used for CLI navigation and editing were chosen to provide an easy way of remembering their functions. In the table below characters are bolded in the "Function Summary" column to indicate the relation between the letter used and the function.
Completing a Partial Command Name
If you cannot remember a complete command name, or if you want to reduce the amount of typing you have to perform, enter the first few letters of the command, then press the Tab key. The command line parser will complete the command if the string entered is unique to the command mode. If your keyboard does not have a Tab key, press Ctrl-I instead.
The CLI will recognize a command once you have entered enough characters to make the command unique. For example, if you enter conf in privileged EXEC mode, the CLI will be able to associate your entry with the configure command, because only the configure command begins with conf.
In the following example the CLI recognizes the unique string for privileged EXEC mode of confwhen the Tab key is pressed:
Router# conf <Tab > Router# configure
When you use the command completion feature the CLI displays the full command name. The command is not executed until you use the Return or Enter key. This way you can modify the command if the full command was not what you intended by the abbreviation. If you enter a set of characters that could indicate more than one command, the system beeps to indicate that the text string is not unique.
If the CLI cannot complete the command, enter a question mark (?) to obtain a list of commands that begin with that set of characters. Do not leave a space between the last letter you enter and the question mark (?).
For example, entering co? will list all commands available in the current command mode:
Router# co? configure connect copy Router# co
Note that the characters you enter before the question mark appear on the screen to allow you to complete the command entry.
Recalling Deleted Entries
The CLI stores commands or keywords that you delete in a history buffer. Only character strings that begin or end with a space are stored in the buffer; individual characters that you delete (using Backspace or Ctrl-D) are not stored. The buffer stores the last ten items that have been deleted using Ctrl-K, Ctrl-U, or Ctrl-X. To recall these items and paste them in the command line, use the following key combinations:
Note that the Esc, Y key sequence will not function unless you press the Ctrl-Y key combination first. If you press Esc, Ymore than ten times, you will cycle back to the most recent entry in the buffer.
Editing Command Lines that Wrap
The CLI provides a wrap-around feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten characters of the line, but you can scroll back and check the syntax at the beginning of the command. To scroll back, press Ctrl-B or the Left Arrow key repeatedly until you scroll back to the beginning of the command entry, or press Ctrl-A to return directly to the beginning of the line.
In the following example, the access-list command entry extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed. The dollar sign ($) indicates that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left.
Router(config)# access-list 101 permit tcp 172.31.134.5 255.255.255.0 172.31.1 Router(config)# $ 101 permit tcp 172.31.134.5 255.255.255.0 172.31.135.0 255.25 Router(config)# $t tcp 172.31.134.5 255.255.255.0 172.31.135.0 255.255.255.0 eq Router(config)# $31.134.5 255.255.255.0 172.31.135.0 255.255.255.0 eq 45
When you have completed the entry, press Ctrl-A to check the complete syntax before pressing the Return key to execute the command. The dollar sign ($) appears at the end of the line to indicate that the line has been scrolled to the right:
Router(config)# access-list 101 permit tcp 172.31.134.5 255.255.255.0 172.31.1$
The Cisco IOS XE software assumes you have a terminal screen that is 80 columns wide. If you have a different screen-width, use the terminal width user EXEC command to set the width of your terminal.
Use line wrapping in conjunction with the command history feature to recall and modify previous complex command entries. See the Recalling Commands section in this chapter for information about recalling previous command entries.
Use any of the following keys or key combinations to delete command entries if you make a mistake or change your mind:
Continuing Output at the --More-- Prompt
When you use the Cisco IOS XE CLI, output often extends beyond the visible screen length. For cases where output continues beyond the bottom of the screen, such as with the output of many ?, show, or more commands, the output is paused and a --More-- prompt appears at the bottom of the screen. To resume output, press the Return key to scroll down one line, or press the Spacebar to display the next full screen of output.
For information about filtering output from the --More-- prompt, see the Searching and Filtering CLI Output module in this chapter.
Redisplaying the Current Command Line
If you are entering a command and the system suddenly sends a message to your screen, you can easily recall your current command line entry. To redisplay the current command line (refresh the screen), use either of the following key combinations:
Transposing Mistyped Characters
If you have mistyped a command entry, you can transpose the mistyped characters. To transpose characters, use the following key combination:
You can capitalize or lowercase words or capitalize a set of letters with simple key sequences. Note, however, that Cisco IOS XE commands are generally case-insensitive, and are typically all in lowercase. To change the capitalization of commands, use any of the following key sequences:
Designating a Keystroke as a Command Entry
You can configure the system to recognize a particular keystroke (key combination or sequence) as command aliases. In other words, you can set a keystroke as a shortcut for executing a command. To enable the system to interpret a keystroke as a command, use the either of the following key combinations before entering the command sequence:
Disabling and Reenabling Editing Features
The editing features described in the previous sections are automatically enabled on your system. However, there may be some unique situations that could warrant disabling these editing features. For example, you may have scripts that conflict with editing functionality. To globally disable editing features, use the following command in line configuration mode:
To disable the editing features for the current terminal session, use the following command in user EXEC mode:
To reenable the editing features for the current terminal session, use the following command in user EXEC mode:
To reenable the editing features for a specific line, use the following command in line configuration mode:
Searching and Filtering CLI Output
The Cisco IOS CLI provides ways of searching through large amounts of command output and filtering output to exclude information you do not need. These features are enabled forshow and more commands, which generally display large amounts of data.
When output continues beyond what is displayed on your screen, the Cisco IOS CLI displays a --More-- prompt. Pressing Return displays the next line; pressing the Spacebar displays the next screen of output. The CLI String Search feature allows you to search or filter output from --More-- prompts.
Using the Cisco IOS XE CLI Examples
Determining Command Syntax and Using Command History Example
The CLI provides error isolation in the form of an error indicator, a caret symbol (^). The ^ symbol appears at the point in the command string where you have entered an incorrect command, keyword, or argument.
In the following example, suppose you want to set the clock. Use context-sensitive help to determine the correct command syntax for setting the clock.
Router# clock ? set Set the time and date Router# clock
The help output shows that the set keyword is required. Determine the syntax for entering the time:
Router# clock set ? hh:mm:ss Current time Router# clock set
Enter the current time:
Router# clock set 13:32:00 % Incomplete command.
The system indicates that you need to provide additional arguments to complete the command. Press Ctrl-P or the Up Arrow to automatically repeat the previous command entry. Then add a space and question mark (?) to reveal the additional arguments:
Router# clock set 13:32:00 ? <1-31> Day of the month MONTH Month of the year
Now you can complete the command entry:
Router# clock set 13:32:00 February 01 ^ % Invalid input detected at '^' marker.
The caret symbol (^) and help response indicate an error at 01. To list the correct syntax, enter the command up to the point where the error occurred and then enter a question mark (?):
Router# clock set 13:32:00 February ? <1-31> Day of the month Router# clock set 13:32:00 February 23 ? <1993-2035> Year
Enter the year using the correct syntax and press Enter or Return to execute the command:
Router# clock set 13:32:00 February 23 2001
Searching and Filtering CLI Output Examples
The following is partial sample output from the morenvram:startup-config|begin privileged EXEC mode command that begins unfiltered output with the first line that contains the regular expression ip. At the --More-- prompt, the user specifies a filter to exclude output lines that contain the regular expression ip.
Router# more nvram:startup-config | begin ip address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! security passwords min-length 1 ! no aaa new-model ip subnet-zero no ip domain lookup ip host sjc-tftp02 184.108.40.206 ip host sjc-tftp01 220.127.116.11 ip host dirt 18.104.22.168 ! ! multilink bundle-name authenticated ! ! redundancy mode sso ! ! bba-group pppoe global ! ! interface GigabitEthernet0/0/0 ip address 10.4.9.158 255.255.255.0 media-type rj45 speed 1000 duplex full negotiation auto no cdp enable ! interface GigabitEthernet0/0/1 no ip address media-type rj45 speed 1000 duplex full negotiation auto no cdp enable ! interface POS0/1/0 no ip address shutdown no cdp enable ! interface POS0/1/1 no ip address shutdown no cdp enable ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address speed 1000 duplex full negotiation auto ! ip default-gateway 10.4.9.1 ip classless ip default-network 0.0.0.0 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 ip route 22.214.171.124 255.255.0.0 10.4.9.1 ! no ip http server no ip http secure-server ! ! snmp mib bulkstat schema E0 snmp mib bulkstat schema IFMIB snmp mib bulkstat transfer 23 snmp mib bulkstat transfer bulkstat1 ! ! control-plane ! ! line con 0 exec-timeout 30 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 password lab login ! end
The following is partial sample output of the morenvram:startup-config|include privileged EXEC command. It only displays lines that contain the regular expression ip .
Router# more nvram:startup-config | include ip ip subnet-zero ip domain-name cisco.com ip name-server 1192.168.48.48 ip name-server 172.16.2.132
The following is partial sample output from the morenvram:startup-config|excludeprivileged EXEC command. It excludes lines that contain the regular expression service . At the --More-- prompt, the user specifies a filter with the regular expression Dialer1. Specifying this filter resumes the output with the first line that contains Dialer1.
Router# more nvram:startup-config | exclude service ! version 12.2 ! hostname router ! boot system flash no logging buffered ! ip subnet-zero ip domain-name cisco.com . . . --More-- /Dialer1 filtering... interface Dialer1 no ip address no ip directed-broadcast dialer in-band no cdp enable
The following is partial sample output from theshowinterface user EXEC or privileged EXEC command mode with an output search specified. The use of the keywords beginFastEthernet after the pipe begins unfiltered output with the first line that contains the regular expression Fast Ethernet . At the --More-- prompt, the user specifies a filter that displays only the lines that contain the regular expression Serial .
Router# show interface | begin FastEthernet FastEthernet0/0 is up, line protocol is up Hardware is Lance, address is 0060.837c.6399 (bia 0060.837c.6399) Description: ip address is 126.96.36.199 255.255.255.0 Internet address is 188.8.131.52/24 . . . 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out --More-- +Serial filtering... Serial1 is up, line protocol is up Serial2 is up, line protocol is up Serial3 is up, line protocol is down Serial4 is down, line protocol is down Serial5 is up, line protocol is up Serial6 is up, line protocol is up Serial7 is up, line protocol is up
The following is partial sample output from theshowbuffers|excludecommand. It excludes lines that contain the regular expression 0 misses . At the --More-- prompt, the user specifies a search that continues the filtered output beginning with the first line that contains Serial0.
Router# show buffers | exclude 0 misses Buffer elements: 398 in free list (500 max allowed) Public buffer pools: Small buffers, 104 bytes (total 50, permanent 50): 50 in free list (20 min, 150 max allowed) 551 hits, 3 misses, 0 trims, 0 created Big buffers, 1524 bytes (total 50, permanent 50): 49 in free list (5 min, 150 max allowed) Very Big buffers, 4520 bytes (total 10, permanent 10): . . . Huge buffers, 18024 bytes (total 0 permanent 0): 0 in free list (0 min, 4 max allowed) --More-- /Serial0 filtering... Serial0 buffers, 1543 bytes (total 64, permanent 64): 16 in free list (0 min, 64 max allowed) 48 hits, 0 fallbacks
The following is partial sample output from theshowinterface|includeuser EXEC or privileged EXEC command mode. The use of the include(is) keywords after the pipe (|) causes the command to display only lines that contain the regular expression ( is ). The parenthesis force the inclusion of the spaces before and after is. Use of the parenthesis ensures that only lines containing is with a space both before and after it will be included in the output (excluding from the search, for example, words like "disconnect") .
router# show interface | include ( is ) ATM0 is administratively down, line protocol is down Hardware is ATMizer BX-50 Dialer0/1 is up (spoofing), line protocol is up (spoofing) Hardware is Unknown DTR is pulsed for 1 seconds on reset FastEthernet0/0 is up, line protocol is up Hardware is Lance, address is 0060.837c.6399 (bia 0060.837c.6399) Internet address is 172.21.53.199/24 FastEthernet0/1 is up, line protocol is up Hardware is Lance, address is 0060.837c.639c (bia 0060.837c.639c) Internet address is 10.5.5.99/24 Serial0:0 is down, line protocol is down Hardware is DSX1 . . . --More--
At the --More-- prompt, the user specifies a search that continues the filtered output beginning with the first line that contains Serial0:13:
/Serial0:13 filtering... Serial0:13 is down, line protocol is down Hardware is DSX1 Internet address is 10.0.0.2/8 0 output errors, 0 collisions, 2 interface resets Timeslot(s) Used:14, Transmitter delay is 0 flag
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.