summaryrefslogtreecommitdiff
path: root/docs/_include
diff options
context:
space:
mode:
Diffstat (limited to 'docs/_include')
-rw-r--r--docs/_include/common-references.txt9
-rw-r--r--docs/_include/draw.io/pbr_example_1.drawio1
-rw-r--r--docs/_include/draw.io/vpn_s2s_ikev2.drawio1
-rw-r--r--docs/_include/interface-address-with-dhcp.txt21
-rw-r--r--docs/_include/interface-address.txt14
-rw-r--r--docs/_include/interface-common-with-dhcp.txt21
-rw-r--r--docs/_include/interface-common-without-dhcp.txt7
-rw-r--r--docs/_include/interface-common.txt35
-rw-r--r--docs/_include/interface-description.txt11
-rw-r--r--docs/_include/interface-dhcp-options.txt50
-rw-r--r--docs/_include/interface-dhcpv6-options.txt44
-rw-r--r--docs/_include/interface-dhcpv6-prefix-delegation.txt62
-rw-r--r--docs/_include/interface-disable-flow-control.txt23
-rw-r--r--docs/_include/interface-disable-link-detect.txt13
-rw-r--r--docs/_include/interface-disable.txt11
-rw-r--r--docs/_include/interface-eapol.txt37
-rw-r--r--docs/_include/interface-ip.txt157
-rw-r--r--docs/_include/interface-ipv6.txt55
-rw-r--r--docs/_include/interface-mac.txt11
-rw-r--r--docs/_include/interface-mirror.txt34
-rw-r--r--docs/_include/interface-mtu.txt11
-rw-r--r--docs/_include/interface-vlan-8021ad.txt153
-rw-r--r--docs/_include/interface-vlan-8021q.txt120
-rw-r--r--docs/_include/interface-vrf.txt13
-rw-r--r--docs/_include/interface-xdp.txt27
-rw-r--r--docs/_include/need_improvement.txt5
m---------docs/_include/vyos-1x0
27 files changed, 944 insertions, 2 deletions
diff --git a/docs/_include/common-references.txt b/docs/_include/common-references.txt
new file mode 100644
index 00000000..de4f76e7
--- /dev/null
+++ b/docs/_include/common-references.txt
@@ -0,0 +1,9 @@
+.. stop_vyoslinter
+
+.. _`accel-ppp`: https://accel-ppp.org/
+.. _`Secure Socket Tunneling Protocol`: https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol
+.. _Phabricator: https://phabricator.vyos.net/
+.. _802.1ad: https://en.wikipedia.org/wiki/IEEE_802.1ad
+.. _802.1q: https://en.wikipedia.org/wiki/IEEE_802.1Q
+
+.. start_vyoslinter \ No newline at end of file
diff --git a/docs/_include/draw.io/pbr_example_1.drawio b/docs/_include/draw.io/pbr_example_1.drawio
new file mode 100644
index 00000000..0d496572
--- /dev/null
+++ b/docs/_include/draw.io/pbr_example_1.drawio
@@ -0,0 +1 @@
+<mxfile modified="2019-06-20T09:46:15.910Z" host="www.draw.io" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" etag="pgW5M9QC_GIVY4GNWbyF" version="10.7.9" type="device"><diagram name="Page-1" id="c37626ed-c26b-45fb-9056-f9ebc6bb27b6">7VrbcqM4EP0aP4ZCgLk8xkk8u1UzW97K7FyepmRQsGoEYoUc2/P1K4G4CLBNJo7j2rLzAGpJrVafPq2WnYl9l2w/MJitPtEIkYllRtuJfT+xLMtzTPGQkl0pCQKnFMQMR6UINIJH/AspoZoXr3GEcm0gp5RwnOnCkKYpCrkmg4zRjT7siRJ91QzGqCd4DCHpS7/iiK+UFJhm0/EHwvFKLe1PVccShj9jRtepWm9i2U/Fp+xOYKVLjc9XMKKblsh+mNh3jFJeviXbO0Skbyu3lfPme3pruxlK+ZgJn4MU/ArY39bX3eKfT37yffHh8w2wSzXPkKxRtQ+XCIWzCD9Lq/lOecr9dy1NnXG05TeQ4Did2LdiBEFPXDxET+H+lN/kBciyD9jZtpkp3mL1LFbIM5h2ZcuuQGoctGPUUn8+LkClSbimVKYvIMS9RYVsyDghLryiS9/HUa/zCwgswzSAMcI5YxxhaZZYK54Q8QZE3zNiHAu2fYRLRBY0xxxT4Y/7JeWcJmKActB9KMIYMSEgcuSsJtcdJZQVait6NUpv1VxOM+klzujPmsRWLWlpME3fnEsEnjAhQ5prkspBEcxXKFIN0ZPJ7SXbWCZCA9PcM7DISrkRErqOaj9I49B2L0lBTX2RUhFNEGc7MURNuAkCv5yj0qkTlM1NKzf5SrZqpSVgqbQLVT6Ma91NThAvKi28JEU4r04RrLDzgnOEdZwG58kRJ/bUKZKEZYzwzjVJnDNJeO6lJQnLHUgSHcBRJAov1cxRnIjdPjSiGUqjW1nPSZgJzHMcCmErSNAW82+t9+/S58ZUte63CoKisVMNGa0tBGf2fO66fWSjKfIjZygWXHdmzee9uLFrIOWmDsMofEDXLEQHvBcMw92Csyo622hWMoYI5PhZN2MIYbXCguIiK1TR5HeiyfV94VZNS7kDNbFdY/Z0TXVdoK+LQxYj3tMlsIe71rBMDsgPmd1Zyp0GaqnR1gnz9CnipbSjYUKNxyvIEZyNHOb/jxzWu5LD87wqgOs48w3fbj6/SxXPORtVukv1qPI2cQ+s43HfPTFDnIfUEIe6OOdz9dRDXTtwO7Fq2q4feEOx2hzevQLgaPUxXEkUhUf75G9qgpAmkqA1y+YwwUT6/gtiEUyhEqsvQ4B1qruDr0eq5Vcwt9li+85AZVCVCyevDGxwPAhkEZft9YD65gcuq+Hmiz3jAZ0AU98Z8AzwBxIJqDLJ6WumnmO+fLz9C9RX8iUbLvH3lfMbZbUs6FPKEkiGS3rg+obA2xD7msuCcE8R38Fos8IcPWawyNUbwVWdlSPZoLMPjOOHM1CLT+Vfj+gpTVE1WZkO9hJ4FOUOxPTBM+nMsTR0Rx+VaQU4WZFrf8A0+pEhhrMVYpDkRtYpMS4j754cM6XGcbUEMXCj8vw+oN5b4TniOnXF8xCeUx3P6TvjaY8ohd78FARmtb9LOgb7l6PiGDTPcwz612Pw9yl4/Gp25liqflS85s0Xg3aZ5yAYcXu4AnoRB6FoNj9ml18hNP8xYD/8Bw==</diagram></mxfile> \ No newline at end of file
diff --git a/docs/_include/draw.io/vpn_s2s_ikev2.drawio b/docs/_include/draw.io/vpn_s2s_ikev2.drawio
new file mode 100644
index 00000000..b240c191
--- /dev/null
+++ b/docs/_include/draw.io/vpn_s2s_ikev2.drawio
@@ -0,0 +1 @@
+<mxfile modified="2019-07-18T20:12:29.116Z" host="www.draw.io" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" etag="se-JT0q6YZwCfwyGJaAA" version="10.9.8" type="device"><diagram name="Page-1" id="c37626ed-c26b-45fb-9056-f9ebc6bb27b6">7Zrdk6I4EMD/Gh+lSMLn4zgz7j7cVk3V1H3svWxFiJhaIB7EUfevv4QEIYCje6eOW4XzIOmQTtL5ddP0OEGP2e5TgderLywm6QTa8W6CniYQIoCA+JKSvZJA2/WVJClorGSgEbzSH0QLbS3d0JiUxo2csZTTtSmMWJ6TiBsyXBRsa962ZKk56xonpCd4jXDal/5JY77SUmDbTcdnQpOVnjpwdccCR9+Tgm1yPd8EomX1Ud0ZrnXp+8sVjtm2JULPE/RYMMbVVbZ7JKk0bm02NW5+pPew7oLk/JwBv/tf4d9PP749rV+/8DAihK2iqRwg1bzhdEPqfVSr5fvaQtUeidQCJmi2XVFOXtc4kr1bAYWQrXiW6m6tjhSc7I4uFBy2L7giLCO82Itb9ICp43pqjGZqilytZNuckOM4SrZqHQ6qccSaiuSgvbGMuNDG+RlDgTs0FLADdHeWOsNQwhXW8jLbJTKqWBEtI2YJ83FSlPrbtFaMy1VlWVs0ljRNH1nKikobspEXhL6Ql7xg30mrR/tj3VP7tzDpTBqeiijwG16Q9IWVlFOWi74F45xlrRseUprIDs7kATZHLBdycGnZiFhGo3qFLOdznNFUnssfpIhxjrVYR0AAL8aA65gMwNDtMYCCAQZAEF7LW0YGbsmAg+4PATQicEsEfMe3XBOCAKCPhsA5DQGJRTqmmyVJMrHh50Y0I3n8ILM80ZuznJg4kB3lf0lbi62r1ldteXn9tGs39q0zabExQ/O55/Vpil0SxM4QTZ43g/N5jyakJ3ohBRXGk+SqyXNhSLXI6rCrdrVMK6ybzUqr1r7d6uuL51SeQtVS5pQ2fB8cYXK2KSJy+rnNcZEQfsqx+yC2IKsz5DZjtawgKeb0zVzuEHd6hhdGxUYazgMPWQFqPp30B3qmRrVrraSdHPf0hu/p9UPf8lof15xF2aw3iwAX71u3reUN5bubOxLHjy+7O8LxT4zwbfDuCHGh1t14/eGU/3sgcMdA0AoEQXDPgQD+EoHA8aDhsHbHZcWbutVx07ODAfKBBfruXqt2PTAQKy4dDKADf9K1nbqmclPXBkOZnpeK454txEXCKzqVQPqc4fXePxtWd0zLKid6EDeAYL1rOmstwIcWCCzRbYmNzqFTqxUNpdmcTYhbK+iEG5FrcTOImA6ug0w7GmgR1qlgJDyrSlC7OWJG47iKWUMlADN1vETq13sGuHY/+weO2/fFujR1+RrAUOJ3FSYs6I4YqAd7FwOvrvu0a0H+LSkYeupfhwIZ+UYI4DSEdvc1EDWiDwPBG8PBrUlw7LsLB/4YDm4MAewWBg9l/w+DILh5tgjHbLH9bhPeXbYYHkXi/xHwxmkTCBZF98DLNc6PK9/qnUv1OSsynA4gZlvyT25f+tWBI6W5h5dJXYewE/8uPLPibJYiwOSsGrQz6VU9lq78O4q5HKyXDgaQVkXyS9AK7O7LdwgGshlYv/0blQZ0JV5rR/hlgUUjsNcCtle1Ce2PpvUK7+LQGcK3qHYzPmWrUlwv8Rp8CxsokF7tMQuv8Do+DEJKliMH+vnldP9FNZSBXwYD0Wx+TqbKu82P9tDzvw==</diagram></mxfile> \ No newline at end of file
diff --git a/docs/_include/interface-address-with-dhcp.txt b/docs/_include/interface-address-with-dhcp.txt
new file mode 100644
index 00000000..4ff78c01
--- /dev/null
+++ b/docs/_include/interface-address-with-dhcp.txt
@@ -0,0 +1,21 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} address <address | dhcp |
+ dhcpv6>
+
+ Configure interface `<interface>` with one or more interface addresses.
+
+ * **address** can be specified multiple times as IPv4 and/or IPv6
+ address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64
+ * **dhcp** interface address is received by DHCP from a DHCP server
+ on this segment.
+ * **dhcpv6** interface address is received by DHCPv6 from a DHCPv6
+ server on this segment.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} address 192.0.2.1/24
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} address 2001:db8::1/64
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcp
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6 \ No newline at end of file
diff --git a/docs/_include/interface-address.txt b/docs/_include/interface-address.txt
new file mode 100644
index 00000000..00a9ec09
--- /dev/null
+++ b/docs/_include/interface-address.txt
@@ -0,0 +1,14 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> address <address>
+
+ Configure interface `<interface>` with one or more interface
+ addresses.
+
+ * **address** can be specified multiple times as IPv4 and/or IPv6
+ address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} address 192.0.2.1/24
+ set interfaces {{ var0 }} {{ var1 }} address 2001:db8::1/64 \ No newline at end of file
diff --git a/docs/_include/interface-common-with-dhcp.txt b/docs/_include/interface-common-with-dhcp.txt
new file mode 100644
index 00000000..47b4796f
--- /dev/null
+++ b/docs/_include/interface-common-with-dhcp.txt
@@ -0,0 +1,21 @@
+.. cmdinclude:: /_include/interface-address-with-dhcp.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-common.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+**DHCP(v6)**
+
+.. cmdinclude:: /_include/interface-dhcp-options.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-dhcpv6-options.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
diff --git a/docs/_include/interface-common-without-dhcp.txt b/docs/_include/interface-common-without-dhcp.txt
new file mode 100644
index 00000000..73d39dd0
--- /dev/null
+++ b/docs/_include/interface-common-without-dhcp.txt
@@ -0,0 +1,7 @@
+.. cmdinclude:: /_include/interface-address.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-common.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt
new file mode 100644
index 00000000..5a997482
--- /dev/null
+++ b/docs/_include/interface-common.txt
@@ -0,0 +1,35 @@
+.. cmdinclude:: /_include/interface-description.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-disable.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-disable-flow-control.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-disable-link-detect.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-mac.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-mtu.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-ip.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-ipv6.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+
+.. cmdinclude:: /_include/interface-vrf.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
diff --git a/docs/_include/interface-description.txt b/docs/_include/interface-description.txt
new file mode 100644
index 00000000..064d9559
--- /dev/null
+++ b/docs/_include/interface-description.txt
@@ -0,0 +1,11 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} description <description>
+
+ Set a human readable, descriptive alias for this connection. Alias is used by
+ e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} description 'This is an awesome interface running on VyOS' \ No newline at end of file
diff --git a/docs/_include/interface-dhcp-options.txt b/docs/_include/interface-dhcp-options.txt
new file mode 100644
index 00000000..1a0ce260
--- /dev/null
+++ b/docs/_include/interface-dhcp-options.txt
@@ -0,0 +1,50 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcp-options client-id <description>
+
+ :rfc:`2131` states: The client MAY choose to explicitly provide the identifier
+ through the 'client identifier' option. If the client supplies a 'client
+ identifier', the client MUST use the same 'client identifier' in all
+ subsequent messages, and the server MUST use that identifier to identify the
+ client.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcp-options client-id 'foo-bar'
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcp-options host-name <hostname>
+
+ Instead of sending the real system hostname to the DHCP server, overwrite the
+ host-name with this given-value.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcp-options host-name 'VyOS'
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcp-options vendor-class-id <vendor-id>
+
+ The vendor-class-id option can be used to request a specific class of vendor
+ options from the server.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcp-options vendor-class-id 'VyOS'
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcp-options no-default-route
+
+ Only request an address from the DHCP server but do not request a default
+ gateway.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcp-options no-default-route
diff --git a/docs/_include/interface-dhcpv6-options.txt b/docs/_include/interface-dhcpv6-options.txt
new file mode 100644
index 00000000..e047e92a
--- /dev/null
+++ b/docs/_include/interface-dhcpv6-options.txt
@@ -0,0 +1,44 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcpv6-options duid <duid>
+
+ The DHCP unique identifier (DUID) is used by a client to get an IP address
+ from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length
+ identifier field up to 128 bytes. Its actual length depends on its type. The
+ server compares the DUID with its database and delivers configuration data
+ (address, lease times, DNS servers, etc.) to the client.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} duid '0e:00:00:01:00:01:27:71:db:f0:00:50:56:bf:c5:6d'
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcpv6-options parameters-only
+
+ This statement specifies dhcp6c to only exchange informational configuration
+ parameters with servers. A list of DNS server addresses is an example of such
+ parameters. This statement is useful when the client does not need stateful
+ configuration parameters such as IPv6 addresses or prefixes.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options parameters-only
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcpv6-options rapid-commit
+
+ When rapid-commit is specified, dhcp6c will include a rapid-commit option in
+ solicit messages and wait for an immediate reply instead of advertisements.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options rapid-commit
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcpv6-options temporary
+
+ Request only a temporary address and not form an IA_NA (Identity Association
+ for Non-temporary Addresses) partnership.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options temporary
diff --git a/docs/_include/interface-dhcpv6-prefix-delegation.txt b/docs/_include/interface-dhcpv6-prefix-delegation.txt
new file mode 100644
index 00000000..1ef94c14
--- /dev/null
+++ b/docs/_include/interface-dhcpv6-prefix-delegation.txt
@@ -0,0 +1,62 @@
+**DHCPv6 Prefix Delegation (PD)**
+
+VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation
+is supported by most ISPs who provide native IPv6 for consumers on fixed
+networks.
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcpv6-options pd <id> length <length>
+
+ Some ISPs by default only delegate a /64 prefix. To request for a specific
+ prefix size use this option to request for a bigger delegation for this pd
+ `<id>`. This value is in the range from 32 - 64 so you could request up to a
+ /32 prefix (if your ISP allows this) down to a /64 delegation.
+
+ The default value corresponds to 64.
+
+ To request a /56 prefix from your ISP use:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options pd 0 length 56
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcpv6-options pd <id> interface <delegatee>
+ address <address>
+
+ Specify the interface address used locally on the interfcae where the prefix
+ has been delegated to. ID must be a decimal integer.
+
+ It will be combined with the delegated prefix and the sla-id to form a
+ complete interface address. The default is to use the EUI-64 address of the
+ interface.
+
+ .. stop_vyoslinter
+
+ Example: Delegate a /64 prefix to interface eth8 which will use a local
+ address on this router of ``<prefix>::ffff``, as the address 65534 will
+ correspond to ``ffff`` in hexadecimal notation.
+
+ .. start_vyoslinter
+
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options pd 0 interface eth8 address 65534
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} dhcpv6-options pd <id> interface <delegatee> sla-id <id>
+
+ Specify the identifier value of the site-level aggregator (SLA) on the
+ interface. ID must be a decimal number greater then 0 which fits in the
+ length of SLA IDs (see below).
+
+ Example: If ID is 1 and the client is delegated an IPv6 prefix
+ 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6
+ prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified
+ interface.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options pd 0 interface eth8 sla-id 1
+
diff --git a/docs/_include/interface-disable-flow-control.txt b/docs/_include/interface-disable-flow-control.txt
new file mode 100644
index 00000000..347f1145
--- /dev/null
+++ b/docs/_include/interface-disable-flow-control.txt
@@ -0,0 +1,23 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ disable-flow-control
+
+ Ethernet flow control is a mechanism for temporarily stopping the transmission
+ of data on Ethernet family computer networks. The goal of this mechanism is to
+ ensure zero packet loss in the presence of network congestion.
+
+ The first flow control mechanism, the pause frame, was defined by the IEEE
+ 802.3x standard.
+
+ A sending station (computer or network switch) may be transmitting data faster
+ than the other end of the link can accept it. Using flow control, the
+ receiving station can signal the sender requesting suspension of
+ transmissions until the receiver catches up.
+
+ Use this command to disable the generation of Ethernet flow control (pause
+ frames).
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} disable-flow-control \ No newline at end of file
diff --git a/docs/_include/interface-disable-link-detect.txt b/docs/_include/interface-disable-link-detect.txt
new file mode 100644
index 00000000..1a766715
--- /dev/null
+++ b/docs/_include/interface-disable-link-detect.txt
@@ -0,0 +1,13 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} disable-link-detect
+
+ Use this command to direct an interface to not detect any physical state
+ changes on a link, for example, when the cable is unplugged.
+
+ Default is to detects physical link state changes.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} disable-link-detect \ No newline at end of file
diff --git a/docs/_include/interface-disable.txt b/docs/_include/interface-disable.txt
new file mode 100644
index 00000000..774c1cdd
--- /dev/null
+++ b/docs/_include/interface-disable.txt
@@ -0,0 +1,11 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} disable
+
+ Disable given `<interface>`. It will be placed in administratively down
+ (``A/D``) state.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} disable \ No newline at end of file
diff --git a/docs/_include/interface-eapol.txt b/docs/_include/interface-eapol.txt
new file mode 100644
index 00000000..68e5073d
--- /dev/null
+++ b/docs/_include/interface-eapol.txt
@@ -0,0 +1,37 @@
+:abbr:`EAP (Extensible Authentication Protocol)` over LAN (EAPoL) is a network
+port authentication protocol used in IEEE 802.1X (Port Based Network Access
+Control) developed to give a generic network sign-on to access network
+resources.
+
+EAPoL comes with an identify option. We automatically use the interface MAC
+address as identity parameter.
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} eapol ca-cert-file <file>
+
+ SSL :abbr:`CA (Certificate Authority)` x509 PEM file used afor authentication
+ of the remote side.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol ca-cert-file /config/auth/ca.pem
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} eapol cert-file <file>
+
+ SSL/x509 public certificate file provided by the client to authenticate
+ against the 802.1x system.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol cert-file /config/auth/public.pem
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} eapol key-file <file>
+
+ SSL/x509 private certificate file provided by the client to authenticate
+ against the 802.1x system.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol key-file /config/auth/private.key
diff --git a/docs/_include/interface-ip.txt b/docs/_include/interface-ip.txt
new file mode 100644
index 00000000..89937806
--- /dev/null
+++ b/docs/_include/interface-ip.txt
@@ -0,0 +1,157 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip arp-cache-timeout
+
+ Once a neighbor has been found, the entry is considered to be valid for at
+ least for this specifc time. An entry's validity will be extended if it
+ receives positive feedback from higher level protocols.
+
+ This defaults to 30 seconds.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip arp-cache-timeout 180
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip disable-arp-filter
+
+ If set the kernel can respond to arp requests with addresses from other
+ interfaces. This may seem wrong but it usually makes sense, because it
+ increases the chance of successful communication. IP addresses are owned by
+ the complete host on Linux, not by particular interfaces. Only for more
+ complex setups like load-balancing, does this behaviour cause problems.
+
+ If not set (default) allows you to have multiple network interfaces on the
+ same subnet, and have the ARPs for each interface be answered based on whether
+ or not the kernel would route a packet from the ARP'd IP out that interface
+ (therefore you must use source based routing for this to work).
+
+ In other words it allows control of which cards (usually 1) will respond to an
+ arp request.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip disable-arp-filter
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip disable-forwarding
+
+ Configure interface-specific Host/Router behaviour. If set, the interface will
+ switch to host mode and IPv6 forwarding will be disabled on this interface.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip disable-forwarding
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip enable-arp-accept
+
+ Define behavior for gratuitous ARP frames who's IP is not already present in
+ the ARP table. If configured create new entries in the ARP table.
+
+ Both replies and requests type gratuitous arp will trigger the ARP table to be
+ updated, if this setting is on.
+
+ If the ARP table already contains the IP address of the gratuitous arp frame,
+ the arp table will be updated regardless if this setting is on or off.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-arp-accept
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip enable-arp-announce
+
+ Define different restriction levels for announcing the local source IP address
+ from IP packets in ARP requests sent on interface.
+
+ Use any local address, configured on any interface if this is not set.
+
+ If configured, try to avoid local addresses that are not in the target's
+ subnet for this interface. This mode is useful when target hosts reachable via
+ this interface require the source IP address in ARP requests to be part of
+ their logical network configured on the receiving interface. When we generate
+ the request we will check all our subnets that include the target IP and will
+ preserve the source address if it is from such subnet. If there is no such
+ subnet we select source address according to the rules for level 2.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-arp-announce
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip enable-arp-ignore
+
+ Define different modes for sending replies in response to received ARP
+ requests that resolve local target IP addresses:
+
+ If configured, reply only if the target IP address is local address configured
+ on the incoming interface.
+
+ If this option is unset (default), reply for any local target IP address,
+ configured on any interface.
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-arp-ignore
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip enable-proxy-arp
+
+ Use this command to enable proxy Address Resolution Protocol (ARP) on this
+ interface. Proxy ARP allows an Ethernet interface to respond with its own
+ :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP
+ addresses on subnets attached to other interfaces on the system. Subsequent
+ packets sent to those destination IP addresses are forwarded appropriately by
+ the system.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-proxy-arp
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip proxy-arp-pvlan
+
+ Private VLAN proxy arp. Basically allow proxy arp replies back to the same
+ interface (from which the ARP request/solicitation was received).
+
+ This is done to support (ethernet) switch features, like :rfc:`3069`, where
+ the individual ports are NOT allowed to communicate with each other, but they
+ are allowed to talk to the upstream router. As described in :rfc:`3069`, it is
+ possible to allow these hosts to communicate through the upstream router by
+ proxy_arp'ing.
+
+ .. note:: Don't need to be used together with proxy_arp.
+
+ This technology is known by different names:
+
+ - In :rfc:`3069` it is called VLAN Aggregation
+
+ - Cisco and Allied Telesyn call it Private VLAN
+
+ - Hewlett-Packard call it Source-Port filtering or port-isolation
+
+ - Ericsson call it MAC-Forced Forwarding (RFC Draft)
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ip source-validation <strict | loose | disable>
+
+ Enable policy for source validation by reversed path, as specified in
+ :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict
+ mode to prevent IP spoofing from DDos attacks. If using asymmetric routing
+ or other complicated routing, then loose mode is recommended.
+
+ - strict: Each incoming packet is tested against the FIB and if the interface
+ is not the best reverse path the packet check will fail. By default failed
+ packets are discarded.
+
+ - loose: Each incoming packet's source address is also tested against the FIB
+ and if the source address is not reachable via any interface the packet
+ check will fail.
+
+ - disable: No source validation
diff --git a/docs/_include/interface-ipv6.txt b/docs/_include/interface-ipv6.txt
new file mode 100644
index 00000000..e03817cf
--- /dev/null
+++ b/docs/_include/interface-ipv6.txt
@@ -0,0 +1,55 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ipv6 address autoconf
+
+ :abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts
+ can configure themselves automatically when connected to an IPv6 network using
+ the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message
+ Protocol version 6)` router discovery messages. When first connected to a
+ network, a host sends a link-local router solicitation multicast request for
+ its configuration parameters; routers respond to such a request with a router
+ advertisement packet that contains Internet Layer configuration parameters.
+
+ .. note:: This method automatically disables IPv6 traffic forwarding on the
+ interface in question.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address autoconf
+
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ipv6 address eui64 <prefix>
+
+ :abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in
+ :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address eui64 2001:db8:beef::/64
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ipv6 address no-default-link-local
+
+ Do not assign a link-local IPv6 address to this interface.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address no-default-link-local
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} ipv6 disable-forwarding
+
+ Configure interface-specific Host/Router behaviour. If set, the interface will
+ switch to host mode and IPv6 forwarding will be disabled on this interface.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 disable-forwarding
diff --git a/docs/_include/interface-mac.txt b/docs/_include/interface-mac.txt
new file mode 100644
index 00000000..03aa6106
--- /dev/null
+++ b/docs/_include/interface-mac.txt
@@ -0,0 +1,11 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} mac <xx:xx:xx:xx:xx:xx>
+
+ Configure user defined :abbr:`MAC (Media Access Control)` address on given
+ `<interface>`.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} mac '00:01:02:03:04:05' \ No newline at end of file
diff --git a/docs/_include/interface-mirror.txt b/docs/_include/interface-mirror.txt
new file mode 100644
index 00000000..f2b340fe
--- /dev/null
+++ b/docs/_include/interface-mirror.txt
@@ -0,0 +1,34 @@
+SPAN port mirroring can copy the inbound/outbound traffic of the interface to
+the specified interface, usually the interface can be connected to some special
+equipment, such as behavior control system, intrusion detection system and
+traffic collector, and can copy all related traffic from this port
+
+VyOS uses the `mirror` option to configure port mirroring. The configuration
+is divided into 2 different directions. Destination ports should be configured
+for different traffic directions.
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> mirror
+ ingress <monitor-interface>
+
+ Configure port mirroring for `interface` inbound traffic and copy the
+ traffic to `monitor-interface`
+
+ Example: Mirror the inbound traffic of `{{ var1 }}` port to `{{ var2 }}`
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} mirror ingress {{ var2 }}
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> mirror egress
+ <monitor-interface>
+
+ Configure port mirroring for `interface` outbound traffic and copy the
+ traffic to `monitor-interface`
+
+ Example: Mirror the outbound traffic of `{{ var1 }}` port to `{{ var2 }}`
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} mirror egress {{ var2 }}
+
+
diff --git a/docs/_include/interface-mtu.txt b/docs/_include/interface-mtu.txt
new file mode 100644
index 00000000..76812507
--- /dev/null
+++ b/docs/_include/interface-mtu.txt
@@ -0,0 +1,11 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} mtu <mtu>
+
+ Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It
+ is the size (in bytes) of the largest ethernet frame sent on this link.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} mtu 9000 \ No newline at end of file
diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt
new file mode 100644
index 00000000..0a1722dc
--- /dev/null
+++ b/docs/_include/interface-vlan-8021ad.txt
@@ -0,0 +1,153 @@
+.. include:: /_include/need_improvement.txt
+
+IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as
+an amendment to IEEE standard 802.1q VLAN interfaces as described above.
+802.1ad was incorporated into the base 802.1q_ standard in 2011. The technique
+is also known as provider bridging, Stacked VLANs, or simply QinQ or Q-in-Q.
+"Q-in-Q" can for supported devices apply to C-tag stacking on C-tag (Ethernet
+Type = 0x8100).
+
+The original 802.1q_ specification allows a single Virtual Local Area Network
+(VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple
+VLAN tags to be inserted into a single frame, an essential capability for
+implementing Metro Ethernet network topologies. Just as QinQ extends 802.1Q,
+QinQ itself is extended by other Metro Ethernet protocols.
+
+In a multiple VLAN header context, out of convenience the term "VLAN tag" or
+just "tag" for short is often used in place of "802.1q_ VLAN header". QinQ
+allows multiple VLAN tags in an Ethernet frame; together these tags constitute
+a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a
+frame that has 2 VLAN 802.1q_ headers (double-tagged).
+
+In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags that
+are used.
+
+The inner tag is the tag which is closest to the payload portion of the frame.
+It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer
+tag is the one closer/closest to the Ethernet header, its name is S-TAG
+(service tag with Ethernet Type = 0x88a8).
+
+
+.. cmdinclude:: /_include/interface-address-with-dhcp.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-description.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-disable.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-disable-link-detect.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-mac.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-mtu.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-ip.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-ipv6.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-vrf.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+**DHCP(v6)**
+
+.. cmdinclude:: /_include/interface-dhcp-options.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-dhcpv6-options.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif-s
+ :var3: <vlan-id>
+ :var4: 1000
+ :var5: vif-c
+ :var6: <vlan-id>
+ :var7: 20
+
+.. include:: /_include/common-references.txt
diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt
new file mode 100644
index 00000000..1a527590
--- /dev/null
+++ b/docs/_include/interface-vlan-8021q.txt
@@ -0,0 +1,120 @@
+IEEE 802.1q_, often referred to as Dot1q, is the networking standard that
+supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network. The standard
+defines a system of VLAN tagging for Ethernet frames and the accompanying
+procedures to be used by bridges and switches in handling such frames.
+The standard also contains provisions for a quality-of-service prioritization
+scheme commonly known as IEEE 802.1p and defines the
+Generic Attribute Registration Protocol.
+
+Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can
+include VLAN tags. When a frame enters the VLAN-aware portion of the network, a
+tag is added to represent the VLAN membership. Each frame must be
+distinguishable as being within exactly one VLAN. A frame in the VLAN-aware
+portion of the network that does not contain a VLAN tag is assumed to be
+flowing on the native VLAN.
+
+The standard was developed by IEEE 802.1, a working group of the IEEE 802
+standards committee, and continues to be actively revised. One of the notable
+revisions is 802.1Q-2014 which incorporated IEEE 802.1aq
+(Shortest Path Bridging) and much of the IEEE 802.1d standard.
+
+802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The
+term used for this is ``vif``.
+
+.. cfgcmd:: set interfaces {{ var0 }} <interface> vif <vlan-id>
+
+ Create a new VLAN interface on interface `<interface>` using the VLAN number
+ provided via `<vlan-id>`.
+
+ You can create multiple VLAN interfaces on a physical interface. The VLAN ID
+ range is from 0 to 4094.
+
+ .. note:: Only 802.1Q-tagged packets are accepted on Ethernet vifs.
+
+.. cmdinclude:: /_include/interface-address-with-dhcp.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-description.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-disable.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-disable-link-detect.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-mac.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-mtu.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-ip.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-ipv6.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-vrf.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+**DHCP(v6)**
+
+.. cmdinclude:: /_include/interface-dhcp-options.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-dhcpv6-options.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt
+ :var0: {{ var0 }}
+ :var1: {{ var1 }}
+ :var2: vif
+ :var3: <vlan-id>
+ :var4: 10
+
+.. include:: /_include/common-references.txt
diff --git a/docs/_include/interface-vrf.txt b/docs/_include/interface-vrf.txt
new file mode 100644
index 00000000..1fa94f9f
--- /dev/null
+++ b/docs/_include/interface-vrf.txt
@@ -0,0 +1,13 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
+ {{ var5 }} {{ var6 }} vrf <vrf>
+
+ Place interface in given VRF instance.
+
+ .. seealso:: There is an entire chapter about how to configure a :ref:`vrf`,
+ please check this for additional information.
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} vrf red \ No newline at end of file
diff --git a/docs/_include/interface-xdp.txt b/docs/_include/interface-xdp.txt
new file mode 100644
index 00000000..d87151fc
--- /dev/null
+++ b/docs/_include/interface-xdp.txt
@@ -0,0 +1,27 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> xdp
+
+ Enable support for Linux :abbr:`XDP (eXpress Data Path)` on recent 1.3 rolling
+ releases. You must enable it for every interface which should participate in
+ the XDP forwarding.
+
+ XDP is an eBPF based high performance data path merged in the Linux kernel
+ since version 4.8. The idea behind XDP is to add an early hook in the RX path
+ of the kernel, and let a user supplied eBPF program decide the fate of the
+ packet. The hook is placed in the NIC driver just after the interrupt
+ processing, and before any memory allocation needed by the network stack
+ itself, because memory allocation can be an expensive operation.
+
+ .. warning:: This is highly experimental!
+
+ .. note:: Enabling this feature will break any form of NAT or Firewalling on
+ this interface, as XDP is handled way earlier in the driver then iptables/
+ nftables.
+
+ Enabling this feature will only load the XDP router code as described here:
+ https://blog.apnic.net/2020/04/30/how-to-build-an-xdp-based-bgp-peering-router/
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} xdp \ No newline at end of file
diff --git a/docs/_include/need_improvement.txt b/docs/_include/need_improvement.txt
index f7556465..1ce50685 100644
--- a/docs/_include/need_improvement.txt
+++ b/docs/_include/need_improvement.txt
@@ -8,8 +8,9 @@
<p class="admonition-title">Call for Contributions</p>
-This page needs improvements, examples and explanations.
-Please take a look at the Contributing Guide for :ref:`documentation`.
+This section needs improvements, examples and explanations.
+
+Please take a look at the Contributing Guide for our :ref:`documentation`.
.. raw:: html
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
new file mode 160000
+Subproject 0dd41096f14771ffa476f52793308bffac51b59