show running-config – Current Configuration Guide

Purpose of `show running-config`

Definition: show running-config (or show run) is a Cisco IOS command used to display the current active configuration in RAM on a router, switch, or firewall.

Shows all settings currently in effect.
Critical for troubleshooting, verification, documentation, and audits.

Difference: Running-Config vs. Startup-Config

Aspect	Running-config	Startup-config
Location	RAM (volatile)	NVRAM (non-volatile)
Purpose	Live/active config (affects device instantly)	Backup loaded at next reload/reboot
Persistence	Lost after reload if not saved	Remains until overwritten
How to View	`show running-config`	`show startup-config`

Tip: Always save running-config to startup-config after making changes using:
copy running-config startup-config

Structure of Running Configuration

Global Settings: Hostname, domain, logging, enable secret/passwords
Interface Configurations: IP, VLAN, speed/duplex, shutdown/no shutdown
Routing Protocols: OSPF, EIGRP, RIP, BGP, etc.
Access Control Lists: Permit/deny rules (numbered/named)
VLAN & Switching: VLAN definitions, spanning-tree, EtherChannel

Sample Output:

hostname HQ-Router
!
interface GigabitEthernet0/0
 ip address 10.10.1.1 255.255.255.0
 no shutdown
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 shutdown
!
router ospf 1
 network 10.10.1.0 0.0.0.255 area 0
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
line vty 0 4
 password 7 070C285F4D06
 login

Interpreting Key Sections

Section	Purpose/Content	Example
Global	Hostname, domain, logging, SNMP, enable secret	hostname BranchRouter ip domain-name example.com enable secret 5 $1$mERr$...
Interfaces	IP, VLAN, shutdown, speed/duplex, access-group	interface Vlan10 ip address 10.1.10.1 255.255.255.0 no shutdown
Lines	Console, VTY access, passwords	line vty 0 4 password cisco login
ACLs	Security rules (permit/deny)	access-list 100 deny ip any 10.1.20.0 0.0.0.255 access-list 100 permit ip any any
Routing Protocols	OSPF, EIGRP, RIP, BGP	router ospf 10 network 10.1.10.0 0.0.0.255 area 0

Navigating and Filtering Large Configurations

Use SPACE for next page, ENTER for next line.
Disable paging: terminal length 0
Search/filter with pipelines:
- show run | include ospf (only lines containing 'ospf')
- show run | begin interface (start at matching line)
- show run | section interface GigabitEthernet0/1 (show config section)

Saving, Exporting, and Backing Up Configurations

Save to startup-config: copy running-config startup-config
Export to TFTP/FTP/SCP: copy running-config tftp: (for backups or sharing)
Schedule automated backups: Use kron or network management tools (see below).

Kron Example – Daily TFTP Backup at 3:00 AM

kron policy-list backup-config
 cli copy running-config tftp:
exit
kron occurrence daily-backup at 3:00 recurring
 policy-list backup-config
exit

Making and Managing Configuration Changes

All changes in configuration mode (conf t) apply instantly to running-config.
Changes are NOT persistent after reboot unless saved to startup-config.
Common edits: IP address assignment, VLAN membership, password change, ACL modification.

Best Practice: After any major change, always save config and document who/what/when/why.

Security Considerations

Sensitive data is visible: passwords (unless encrypted), SNMP communities, keys, etc.
Use enable secret for strong encryption instead of enable password.
Avoid hardcoding passwords—use AAA (RADIUS/TACACS+) when possible.
Restrict access to configuration files and use secure protocols for export (SCP, SFTP).

Best Practices

Always save changes (copy running-config startup-config).
Automate regular backups to external servers.
Document all configuration changes for audit and troubleshooting.
Use filtering/searching to efficiently review large configs.

Example: Troubleshooting with show running-config

Scenario: John cannot access the server at 10.1.10.100 from his PC (different VLANs, routed by L3 switch).

Check interface configs:
```
show running-config | section interface
```
- Ensure correct IP/subnet, not shutdown, proper VLAN.
- Example:
```
interface Vlan10
 ip address 10.1.10.1 255.255.255.0
 no shutdown
!
interface Vlan20
 ip address 10.1.20.1 255.255.255.0
 shutdown
```
  Analysis: Vlan20 is shutdown—devices in VLAN 20 cannot route traffic.
  Action: no shutdown on Vlan20.
Check routing protocols:
```
show running-config | section router
```
- Verify all required networks are advertised.
- Example:
```
router ospf 10
 network 10.1.10.0 0.0.0.255 area 0
```
  Analysis: VLAN 20 not included—add network 10.1.20.0 0.0.0.255 area 0.

Check ACLs:

show running-config | include access-list

show running-config | section interface

Are ACLs applied that block traffic?

Example:

interface Vlan10
 ip access-group 100 in
!
access-list 100 deny ip any 10.1.20.0 0.0.0.255
access-list 100 permit ip any any

Analysis: ACL 100 denies all to VLAN 20—remove/adjust as needed.

Save and document:
```
copy running-config startup-config
```

Exam Tips and Key Points

show running-config reveals all active settings—including unsaved changes.
Distinguish running-config (live/volatile) vs. startup-config (persistent).
Use filtering (| section, | include) for efficient troubleshooting.
Protect sensitive config data (passwords, SNMP, keys).
Always save configs after changes and automate backups.
Document all changes—essential for audits and troubleshooting.

Show Running-Config Command Quiz

1. What does the `show running-config` command display?

A. The current active configuration stored in RAM B. The saved configuration file in NVRAM C. The startup sequence for the device D. The historical log of all commands entered

Correct answer is A. The running-config is the active configuration stored in RAM that the device is currently using.

2. What is the main difference between running-config and startup-config?

A. Running-config is saved permanently; startup-config is temporary B. Startup-config is active; running-config is backup C. Both are stored in RAM D. Running-config is active in RAM; startup-config is saved in NVRAM for reboot

Correct answer is D. Running-config is live config in RAM; startup-config is stored in NVRAM and loaded at boot.

3. Which command is used to save the running configuration to the startup configuration?

A. copy startup-config running-config B. copy running-config startup-config C. save config D. write erase

Correct answer is B. This command copies the live running-config into startup-config to persist changes.

4. In the running configuration, where would you expect to find interface IP addresses and shutdown commands?

A. Global configuration section B. VLAN configuration C. Interface configuration section D. Routing protocol section

Correct answer is C. Interface IPs and shutdown commands are found under each interface's config block.

5. What can the `show running-config | include` command do?

A. Filter the running configuration output to show only lines containing a specific string B. Save the running configuration to a file C. Show the configuration of a specific interface D. Reload the configuration

Correct answer is A. The pipe and include filter output to lines with the keyword.

6. What is a potential security concern when viewing the running configuration?

A. It hides IP addresses B. It only shows saved configurations C. It disables the interface during viewing D. It may expose sensitive data like passwords and SNMP community strings

Correct answer is D. Running-config may contain sensitive info like passwords, requiring protection.

7. Which of these commands backs up the running configuration to an external TFTP server?

A. copy startup-config tftp: B. copy running-config tftp: C. backup config D. save config tftp

Correct answer is B. This copies the current running-config to the TFTP server for backup.

8. What must you do after making changes in configuration mode to ensure they persist after a reboot?

A. Nothing, changes save automatically B. Run write erase C. Copy running-config to startup-config using copy running-config startup-config D. Reboot the device immediately

Correct answer is C. To save config changes permanently, copy running-config to startup-config.

9. How can you view the configuration specific to the VTY lines using the running config?

A. show run | section vty B. show run vty C. show vty config D. show running-config line vty

Correct answer is A. The pipe and section filter show the config starting at the vty section.

10. Which statement about changes in running-config is true?

A. Changes are saved automatically to startup-config B. Changes are discarded immediately after exit C. Changes only take effect after reboot D. Changes take effect immediately but are lost on reboot unless saved

Correct answer is D. Running-config changes are live but must be saved to persist after reboot.

← Back to Home