summaryrefslogtreecommitdiff
path: root/docs/appendix
diff options
context:
space:
mode:
Diffstat (limited to 'docs/appendix')
-rw-r--r--docs/appendix/commandtree/configmode.rst62
-rw-r--r--docs/appendix/commandtree/operationmode.rst58
-rw-r--r--docs/appendix/examples/azure-vpn-bgp.rst16
-rw-r--r--docs/appendix/examples/azure-vpn-dual-bgp.rst16
-rw-r--r--docs/appendix/examples/bgp-ipv6-unnumbered.rst20
-rw-r--r--docs/appendix/examples/dmvpn.rst6
-rw-r--r--docs/appendix/examples/ha.rst42
-rw-r--r--docs/appendix/examples/ospf-unnumbered.rst12
-rw-r--r--docs/appendix/examples/tunnelbroker-ipv6.rst12
-rw-r--r--docs/appendix/examples/zone-policy.rst22
-rw-r--r--docs/appendix/migrate-from-vyatta.rst6
-rw-r--r--docs/appendix/vyos-on-baremetal.rst12
12 files changed, 142 insertions, 142 deletions
diff --git a/docs/appendix/commandtree/configmode.rst b/docs/appendix/commandtree/configmode.rst
index e286e85f..29dc43d0 100644
--- a/docs/appendix/commandtree/configmode.rst
+++ b/docs/appendix/commandtree/configmode.rst
@@ -3,7 +3,7 @@
Configuration mode
------------------
-.. code-block:: console
+.. code-block:: none
confirm Confirm prior commit-confirm
comment Add comment to this configuration element
@@ -39,21 +39,21 @@ The command cannot be used at the top of the configuration hierarchy, only on su
To add a comment to a section, while being already at the proper section level:
-.. code-block:: console
+.. code-block:: none
[edit <section>]
vyos@vyos# comment "Type Comment Here"
To add a comment directly to a section, from the top or a higher section:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# comment <section> "Type Comment Here"
To remove a comment, add a blank comment to overwrite:
-.. code-block:: console
+.. code-block:: none
[edit <section>]
vyos@vyos# comment ""
@@ -63,7 +63,7 @@ Examples
To add a comment to the "interfaces" section:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# edit interfaces
@@ -74,7 +74,7 @@ To add a comment to the "interfaces" section:
The comment would then appear like this:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# show
@@ -86,7 +86,7 @@ The comment would then appear like this:
An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the ``show interfaces`` command would return starting after the "interfaces {" line, hiding the comment:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# show interfaces
@@ -96,7 +96,7 @@ An important thing to note is that since the comment is added on top of the sect
To add a comment to the interfaces section from the top:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# comment interfaces "test"
@@ -104,7 +104,7 @@ To add a comment to the interfaces section from the top:
The comment can be added to any node that already exists, even if it's multiple levels lower:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# comment interfaces ethernet eth0 vif 222 address "Far down comment"
@@ -119,7 +119,7 @@ To discard the changes without committing, use the ``discard`` command. The ``co
The confirm keyword can be added, see ``commit-confirm``. A comment can be entered, it will appear in the commit log.
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# commit
@@ -134,7 +134,7 @@ The ``commit-confirm`` command commits the proposed changes to the configuration
If the ``confirm`` command is not entered before the timer expiration, the configuration will be rolled back and VyOS will reboot.
The default timer value is 10 minutes, but a custom value can be entered.
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# commit-confirm
@@ -149,7 +149,7 @@ Compare
VyOS maintains backups of previous configurations. To compare configuration revisions in configuration mode, use the compare command:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# compare
@@ -178,7 +178,7 @@ The ``copy`` command allows you to copy a configuration object.
Copy the configuration entrys from a firewall name WAN rule 1 to rule 2.
-.. code-block:: console
+.. code-block:: none
[edit firewall name WAN]
vyos@vyos# show
@@ -212,7 +212,7 @@ The ``delte`` command is to delete a configuration entry.
This Example delete the hole ``service tftp-server`` section.
-.. code-block:: console
+.. code-block:: none
delete service tftp-server
@@ -221,7 +221,7 @@ Discard
The ``discard`` command removes all pending configuration changes.
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# discard
@@ -235,7 +235,7 @@ The ``edit`` command allows you to navigate down into the configuration tree.
To get back to an upper level, use the ``up`` command or use the ``top`` command to get back to the upper most level.
The ``[edit]`` text displays where the user is located in the configuration tree.
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# edit interfaces
@@ -255,14 +255,14 @@ The ``exit`` command doesn't save the configuration, only the ``save`` command d
Exiting from a configuration level:
-.. code-block:: console
+.. code-block:: none
[edit interfaces ethernet eth0]
vyos@vyos# exit
Exiting from configuration mode:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# exit
@@ -271,14 +271,14 @@ Exiting from configuration mode:
Exiting from operational mode:
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ exit
logout
Error message when trying to exit with uncommitted changes:
-.. code-block:: console
+.. code-block:: none
vyos@vyos# exit
Cannot exit: configuration modified.
@@ -287,7 +287,7 @@ Error message when trying to exit with uncommitted changes:
Warning message when exiting with unsaved changes:
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# exit
@@ -298,7 +298,7 @@ Load
The ``load`` command load a configuration from a local or remote file. You have to be use ``commit`` to make the change active
-.. code-block:: console
+.. code-block:: none
<Enter> Load from system config file
<file> Load from file on local machine
@@ -310,7 +310,7 @@ The ``load`` command load a configuration from a local or remote file. You have
tftp://<host>/<file> Load from file on remote machine
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# load
@@ -324,7 +324,7 @@ Loadkey
Copies the content of a public key to the ~/.ssh/authorized_keys file.
-.. code-block:: console
+.. code-block:: none
loadkey <username> [tab]
@@ -342,7 +342,7 @@ The ``merge`` command merge the config from a local or remote file with the runn
In the example below exist a ``default-firewall.config`` file with some common firewall rules you saved earlier.
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# show firewall
@@ -384,7 +384,7 @@ The ``rename`` command allows you to rename or move a configuration object.
See here how to move the configuration entrys from vlanid 3 to 2
-.. code-block:: console
+.. code-block:: none
[edit interfaces ethernet eth1]
vyos@vyos# show
@@ -418,7 +418,7 @@ Rollback
You can ``rollback`` configuration using the rollback command, however this command will currently trigger a system reboot.
Use the compare command to verify the configuration you want to rollback to.
-.. code-block:: console
+.. code-block:: none
vyos@vyos# compare 1
[edit system]
@@ -436,7 +436,7 @@ Run
The ``run`` command allows you to execute any operational mode commands without exiting the configuration session.
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# run show interfaces
@@ -451,7 +451,7 @@ Save
The ``save`` command saves the current configuration to non-volatile storage. VyOS also supports saving and loading configuration remotely using SCP, FTP, or TFTP.
-.. code-block:: console
+.. code-block:: none
<Enter> Save to system config file
<file> Save to file on local machine
@@ -465,7 +465,7 @@ Set
The ``set`` command create all configuration entrys
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
@@ -477,7 +477,7 @@ The ``show`` command in the configuration mode displays the configuration and sh
Show the hole config, the address and description of eth1 is moving to vlan 2 if you commit the changes.
-.. code-block:: console
+.. code-block:: none
[edit]
vyos@vyos# show
diff --git a/docs/appendix/commandtree/operationmode.rst b/docs/appendix/commandtree/operationmode.rst
index 96c7a631..8092f248 100644
--- a/docs/appendix/commandtree/operationmode.rst
+++ b/docs/appendix/commandtree/operationmode.rst
@@ -8,7 +8,7 @@ After this is the first view after the login.
Please see :ref:`cli` for navigation in the CLI
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ [tab]
@@ -44,7 +44,7 @@ Please see :ref:`cli` for navigation in the CLI
Add
^^^
-.. code-block:: console
+.. code-block:: none
raid Add a RAID set element
system Add an item to a system facility
@@ -52,7 +52,7 @@ Add
Clear
^^^^^
-.. code-block:: console
+.. code-block:: none
console Clear screen
firewall Clear firewall statistics
@@ -69,13 +69,13 @@ Clone
The ``clone`` command allows you to clone a configuration from a system image to another one, or from the running config to another system image.
To clone the running config to a system image:
-.. code-block:: console
+.. code-block:: none
clone system config <system-image> from running
To clone from system image A to system image B:
-.. code-block:: console
+.. code-block:: none
clone system config <system-image-B> from <system-image-A>
@@ -85,7 +85,7 @@ Configure
The ``configure`` command allows you to enter configuration mode.
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ configure
[edit]
@@ -97,7 +97,7 @@ Connect
The ``connect`` command allows you to bring up a connection oriented interface, like a pppoe interface.
-.. code-block:: console
+.. code-block:: none
connect interface <interface>
@@ -108,7 +108,7 @@ The ``copy`` command allows you to copy a file to your running config or over im
It can look like this example:
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ copy file [tab]
Possible completions:
@@ -127,7 +127,7 @@ It can look like this example:
To copy from file A to file B:
-.. code-block:: console
+.. code-block:: none
copy <file A> to <file B>
@@ -135,7 +135,7 @@ To copy from file A to file B:
Delete
^^^^^^
-.. code-block:: console
+.. code-block:: none
conntrack Delete Conntrack entries
file Delete files in a particular image
@@ -149,14 +149,14 @@ Disconnect
The ``disconnect`` command allows you to take down a connection oriented interface, like a pppoe interface.
-.. code-block:: console
+.. code-block:: none
disconnect interface <interface>
Force
^^^^^
-.. code-block:: console
+.. code-block:: none
arp Send gratuitous ARP request or reply
cluster Force a cluster state transition
@@ -167,14 +167,14 @@ Format
The ``format`` command allows you to format a disk the same way as another one.
-.. code-block:: console
+.. code-block:: none
format disk <target> like <source>
Generate
^^^^^^^^
-.. code-block:: console
+.. code-block:: none
openvpn OpenVPN key generation tool
ssh-server-key
@@ -188,7 +188,7 @@ Install
The ``install`` command allows you to install the system image on the disk.
-.. code-block:: console
+.. code-block:: none
install image
@@ -198,7 +198,7 @@ Monitor
``monitor`` can be used to continually view what is happening on the router.
-.. code-block:: console
+.. code-block:: none
bandwidth Monitor interface bandwidth in real time
bandwidth-test
@@ -232,7 +232,7 @@ Ping
The ``ping`` command allows you to send an ICMP-EchoRequest packet and display the ICMP-EchoReply received.
-.. code-block:: console
+.. code-block:: none
<hostname> Send Internet Control Message Protocol (ICMP) echo request
<x.x.x.x>
@@ -244,7 +244,7 @@ Poweroff
The ``poweroff`` command allows you to properly shut down the VyOS instance. Without any modifier, the command is executed immediately.
-.. code-block:: console
+.. code-block:: none
<Enter> Execute the current command
at Poweroff at a specific time
@@ -256,7 +256,7 @@ Reboot
^^^^^^
The ``reboot`` command allows you to properly restart the VyOS instance. Without any modifier, the command is executed immediately.
-.. code-block:: console
+.. code-block:: none
<Enter> Execute the current command
at Poweroff at a specific time
@@ -269,7 +269,7 @@ Release
The ``release`` command allows you to release a DHCP or DHCPv6 lease.
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ release dhcp interface <int>
vyos@vyos:~$ release dhcpv6 interface <int>
@@ -280,7 +280,7 @@ Rename
The ``rename`` command allows you to rename a system image.
-.. code-block:: console
+.. code-block:: none
rename system image <currentname> <newname>
@@ -290,7 +290,7 @@ Renew
The ``renew`` command allows you to renew a DHCP or DHCPv6 lease.
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ renew dhcp interface <int>
vyos@vyos:~$ renew dhcpv6 interface <int>
@@ -298,7 +298,7 @@ The ``renew`` command allows you to renew a DHCP or DHCPv6 lease.
Reset
^^^^^
-.. code-block:: console
+.. code-block:: none
conntrack Reset all currently tracked connections
conntrack-sync
@@ -315,7 +315,7 @@ Reset
Restart
^^^^^^^
-.. code-block:: console
+.. code-block:: none
cluster Restart cluster node
conntrack-sync
@@ -335,7 +335,7 @@ Restart
Set
^^^
-.. code-block:: console
+.. code-block:: none
<OPTION> Bash builtin set command
console Control console behaviors
@@ -346,7 +346,7 @@ Set
Show
^^^^
-.. code-block:: console
+.. code-block:: none
arp Show Address Resolution Protocol (ARP) information
bridge Show bridging information
@@ -410,7 +410,7 @@ In the past the ``telnet`` command allowed you to connect remotely to another de
Telnet is unencrypted and should not use anymore. But its nice to test if an TCP Port to a host is open.
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ telnet 192.168.1.3 443
Trying 192.168.1.3...
@@ -426,7 +426,7 @@ Traceroute
The ``traceroute`` command allows you to trace the path taken to a particular device.
-.. code-block:: console
+.. code-block:: none
<hostname> Track network path to specified node
<x.x.x.x>
@@ -438,7 +438,7 @@ The ``traceroute`` command allows you to trace the path taken to a particular de
Update
^^^^^^
-.. code-block:: console
+.. code-block:: none
dns Update DNS information
webproxy Update webproxy \ No newline at end of file
diff --git a/docs/appendix/examples/azure-vpn-bgp.rst b/docs/appendix/examples/azure-vpn-bgp.rst
index 896f43d4..57f82396 100644
--- a/docs/appendix/examples/azure-vpn-bgp.rst
+++ b/docs/appendix/examples/azure-vpn-bgp.rst
@@ -52,7 +52,7 @@ Vyos configuration
- Configure the IKE and ESP settings to match a subset
of those supported by Azure:
-.. code-block:: console
+.. code-block:: none
set vpn ipsec esp-group AZURE compression 'disable'
set vpn ipsec esp-group AZURE lifetime '3600'
@@ -73,26 +73,26 @@ Vyos configuration
- Enable IPsec on eth0
-.. code-block:: console
+.. code-block:: none
set vpn ipsec ipsec-interfaces interface 'eth0'
- Configure a VTI with a dummy IP address
-.. code-block:: console
+.. code-block:: none
set interfaces vti vti1 address '10.10.1.5/32'
set interfaces vti vti1 description 'Azure Tunnel'
- Clamp the VTI's MSS to 1350 to avoid PMTU blackholes.
-.. code-block:: console
+.. code-block:: none
set firewall options interface vti1 adjust-mss 1350
- Configure the VPN tunnel
-.. code-block:: console
+.. code-block:: none
set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3'
set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret'
@@ -108,13 +108,13 @@ Vyos configuration
- **Important**: Add an interface route to reach Azure's BGP listener
-.. code-block:: console
+.. code-block:: none
set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1
- Configure your BGP settings
-.. code-block:: console
+.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
@@ -123,6 +123,6 @@ Vyos configuration
- **Important**: Disable connected check \
-.. code-block:: console
+.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
diff --git a/docs/appendix/examples/azure-vpn-dual-bgp.rst b/docs/appendix/examples/azure-vpn-dual-bgp.rst
index 27007709..cbe9a4d9 100644
--- a/docs/appendix/examples/azure-vpn-dual-bgp.rst
+++ b/docs/appendix/examples/azure-vpn-dual-bgp.rst
@@ -55,7 +55,7 @@ Vyos configuration
- Configure the IKE and ESP settings to match a subset
of those supported by Azure:
-.. code-block:: console
+.. code-block:: none
set vpn ipsec esp-group AZURE compression 'disable'
set vpn ipsec esp-group AZURE lifetime '3600'
@@ -76,13 +76,13 @@ Vyos configuration
- Enable IPsec on eth0
-.. code-block:: console
+.. code-block:: none
set vpn ipsec ipsec-interfaces interface 'eth0'
- Configure two VTIs with a dummy IP address each
-.. code-block:: console
+.. code-block:: none
set interfaces vti vti1 address '10.10.1.5/32'
set interfaces vti vti1 description 'Azure Primary Tunnel'
@@ -92,14 +92,14 @@ Vyos configuration
- Clamp the VTI's MSS to 1350 to avoid PMTU blackholes.
-.. code-block:: console
+.. code-block:: none
set firewall options interface vti1 adjust-mss 1350
set firewall options interface vti2 adjust-mss 1350
- Configure the VPN tunnels
-.. code-block:: console
+.. code-block:: none
set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3'
set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret'
@@ -127,14 +127,14 @@ Vyos configuration
- **Important**: Add an interface route to reach both Azure's BGP listeners
-.. code-block:: console
+.. code-block:: none
set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1
set protocols static interface-route 10.0.0.5/32 next-hop-interface vti2
- Configure your BGP settings
-.. code-block:: console
+.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 remote-as '65540'
set protocols bgp 64499 neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound'
@@ -149,7 +149,7 @@ Vyos configuration
- **Important**: Disable connected check, otherwise the routes learned
from Azure will not be imported into the routing table.
-.. code-block:: console
+.. code-block:: none
set protocols bgp 64499 neighbor 10.0.0.4 disable-connected-check
set protocols bgp 64499 neighbor 10.0.0.5 disable-connected-check
diff --git a/docs/appendix/examples/bgp-ipv6-unnumbered.rst b/docs/appendix/examples/bgp-ipv6-unnumbered.rst
index 0aceee01..0e5f48b4 100644
--- a/docs/appendix/examples/bgp-ipv6-unnumbered.rst
+++ b/docs/appendix/examples/bgp-ipv6-unnumbered.rst
@@ -10,7 +10,7 @@ Configuration
- Router A:
-.. code-block:: console
+.. code-block:: none
set protocols bgp 65020 address-family ipv4-unicast redistribute connected
set protocols bgp 65020 address-family ipv6-unicast redistribute connected
@@ -29,7 +29,7 @@ Configuration
- Router B:
-.. code-block:: console
+.. code-block:: none
set protocols bgp 65021 address-family ipv4-unicast redistribute connected
set protocols bgp 65021 address-family ipv6-unicast redistribute connected
@@ -51,7 +51,7 @@ Results
- Router A:
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -64,7 +64,7 @@ Results
192.168.0.1/32
::1/128
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
@@ -79,7 +79,7 @@ Results
B>* 192.168.0.2/32 [20/0] via fe80::a00:27ff:fe3b:7ed2, eth2, 00:05:07
* via fe80::a00:27ff:fe7b:4000, eth1, 00:05:07
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
@@ -93,7 +93,7 @@ Results
5 packets transmitted, 5 received, 0% packet loss, time 4086ms
rtt min/avg/max/mdev = 0.575/0.612/0.682/0.047 ms
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show ip bgp summary
@@ -112,7 +112,7 @@ Results
- Router B:
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -125,7 +125,7 @@ Results
192.168.0.2/32
::1/128
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
@@ -140,7 +140,7 @@ Results
* via fe80::a00:27ff:fe93:e142, eth2, 00:06:18
C>* 192.168.0.2/32 is directly connected, lo, 00:44:11
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
@@ -153,7 +153,7 @@ Results
4 packets transmitted, 4 received, 0% packet loss, time 3051ms
rtt min/avg/max/mdev = 0.427/0.598/0.782/0.155 ms
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show ip bgp summary
IPv4 Unicast Summary:
diff --git a/docs/appendix/examples/dmvpn.rst b/docs/appendix/examples/dmvpn.rst
index 4ccce3d9..30ca8e86 100644
--- a/docs/appendix/examples/dmvpn.rst
+++ b/docs/appendix/examples/dmvpn.rst
@@ -9,7 +9,7 @@ General infomration can be found in the :ref:`vpn-dmvpn` chapter.
Configuration
^^^^^^^^^^^^^
-.. code-block:: console
+.. code-block:: none
set interfaces tunnel tun100 address '172.16.253.134/29'
set interfaces tunnel tun100 encapsulation 'gre'
@@ -54,7 +54,7 @@ Cisco IOS Spoke
This example is verified with a Cisco 2811 platform running IOS 15.1(4)M9 and
VyOS 1.1.7 (helium) up to VyOS 1.2 (Crux).
-.. code-block:: console
+.. code-block:: none
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M9, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
@@ -65,7 +65,7 @@ VyOS 1.1.7 (helium) up to VyOS 1.2 (Crux).
Use this configuration on your Cisco device:
-.. code-block:: console
+.. code-block:: none
crypto pki token default removal timeout 0
crypto keyring DMVPN
diff --git a/docs/appendix/examples/ha.rst b/docs/appendix/examples/ha.rst
index 1c37463c..6dbc0334 100644
--- a/docs/appendix/examples/ha.rst
+++ b/docs/appendix/examples/ha.rst
@@ -94,7 +94,7 @@ Bonding on Hardware Router
Create a LACP bond on the hardware router. We are assuming that eth0 and eth1 are connected to port 8 on both switches, and that those ports are configured as a Port-Channel.
-.. code-block:: console
+.. code-block:: none
set interfaces bonding bond0 description 'Switch Port-Channel'
set interfaces bonding bond0 hash-policy 'layer2'
@@ -111,14 +111,14 @@ VLAN 100 and 201 will have floating IP addresses, but VLAN50 does not, as this i
For the hardware router, replace ``eth0`` with ``bond0``. As (almost) every command is identical, this will not be specified unless different things need to be performed on different hosts.
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 vif 50 address '192.0.2.21/24'
In this case, the hardware router has a different IP, so it would be
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet bond0 vif 50 address '192.0.2.22/24'
@@ -128,7 +128,7 @@ Add (temporary) default route, and enable SSH
It is assumed that the routers provided by upstream are capable of acting as a default router. Add that as a static route, and enable SSH so you can now SSH into the routers, rather than using the console.
-.. code-block:: console
+.. code-block:: none
set protocols static route 0.0.0.0/0 next-hop 192.0.2.11
set service ssh
@@ -158,7 +158,7 @@ This has a floating IP address of 10.200.201.1, using virtual router ID 201. The
router1
~~~~~~~
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 vif 201 address 10.200.201.2/24
set high-availability vrrp group int hello-source-address '10.200.201.2'
@@ -173,7 +173,7 @@ router1
router2
~~~~~~~
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet bond0 vif 201 address 10.200.201.3/24
set high-availability vrrp group int hello-source-address '10.200.201.3'
@@ -194,7 +194,7 @@ The virtual router ID is just a random number between 1 and 254, and can be set
router1
~~~~~~~
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 vif 100 address 203.0.113.2/24
set high-availability vrrp group public hello-source-address '203.0.113.2'
@@ -209,7 +209,7 @@ router1
router2
~~~~~~~
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet bond0 vif 100 address 203.0.113.3/24
set high-availability vrrp group public hello-source-address '203.0.113.3'
@@ -226,7 +226,7 @@ Create vrrp sync-group
The sync group is used to replicate connection tracking. It needs to be assigned to a random VRRP group, and we are creating a sync group called ``sync`` using the vrrp group ``int``.
-.. code-block:: console
+.. code-block:: none
set high-availability vrrp sync-group sync member 'int'
@@ -236,7 +236,7 @@ Testing
At this point, you should be able to see both IP addresses when you run ``show interfaces``\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2).
-.. code-block:: console
+.. code-block:: none
vyos@router1:~$ show vrrp
Name Interface VRID State Last Transition
@@ -254,7 +254,7 @@ NAT and conntrack-sync
Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface.
Note we explicitly exclude the primary upstream network so that BGP or OSPF traffic doesn't accidentally get NAT'ed.
-.. code-block:: console
+.. code-block:: none
set nat source rule 10 destination address '!192.0.2.0/24'
set nat source rule 10 outbound-interface 'eth0.50'
@@ -267,7 +267,7 @@ Configure conntrack-sync and disable helpers
Most conntrack modules cause more problems than they're worth, especially in a complex network. Turn them off by default, and if you need to turn them on later, you can do so.
-.. code-block:: console
+.. code-block:: none
set system conntrack modules ftp disable
set system conntrack modules gre disable
@@ -279,7 +279,7 @@ Most conntrack modules cause more problems than they're worth, especially in a c
Now enable replication between nodes. Replace eth0.201 with bond0.201 on the hardware router.
-.. code-block:: console
+.. code-block:: none
set service conntrack-sync accept-protocol 'tcp,udp,icmp'
set service conntrack-sync event-listen-queue-size '8'
@@ -315,7 +315,7 @@ router1
Replace the 99.99.99.99 with whatever the other router's IP address is.
-.. code-block:: console
+.. code-block:: none
set interfaces wireguard wg01 address '10.254.60.1/30'
set interfaces wireguard wg01 description 'router1-to-offsite1'
@@ -339,7 +339,7 @@ offsite1
This is connecting back to the STATIC IP of router1, not the floating.
-.. code-block:: console
+.. code-block:: none
set interfaces wireguard wg01 address '10.254.60.2/30'
set interfaces wireguard wg01 description 'offsite1-to-router1'
@@ -373,7 +373,7 @@ This filter is applied to ``redistribute connected``. If we WERE to advertise i
via their default route, establish the connection, and then OSPF would say '192.0.2.0/24 is available via this tunnel', at which point
the tunnel would break, OSPF would drop the routes, and then 192.0.2.0/24 would be reachable via default again. This is called 'flapping'.
-.. code-block:: console
+.. code-block:: none
set policy access-list 150 description 'Outbound OSPF Redistribution'
set policy access-list 150 rule 10 action 'permit'
@@ -394,7 +394,7 @@ Create Import Filter
We only want to import networks we know about. Our OSPF peer should only be advertising networks in the 10.201.0.0/16 range. Note that this is an INVERSE MATCH. You deny in access-list 100 to accept the route.
-.. code-block:: console
+.. code-block:: none
set policy access-list 100 description 'Inbound OSPF Routes from Peers'
set policy access-list 100 rule 10 action 'deny'
@@ -415,7 +415,7 @@ Enable OSPF
Every router **must** have a unique router-id.
The 'reference-bandwidth' is used because when OSPF was originally designed, the idea of a link faster than 1gbit was unheard of, and it does not scale correctly.
-.. code-block:: console
+.. code-block:: none
set protocols ospf area 0.0.0.0 authentication 'md5'
set protocols ospf area 0.0.0.0 network '10.254.60.0/24'
@@ -440,7 +440,7 @@ As a reminder, only advertise routes that you are the default router for. This i
192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that
network over a tunnel that connects to that network!
-.. code-block:: console
+.. code-block:: none
set protocols ospf access-list 150 export 'connected'
set protocols ospf redistribute connected
@@ -458,7 +458,7 @@ Priorities
Set the cost on the secondary links to be 200. This means that they will not be used unless the primary links are down.
-.. code-block:: console
+.. code-block:: none
set interfaces wireguard wg01 ip ospf cost '10'
set interfaces wireguard wg02 ip ospf cost '200'
@@ -476,7 +476,7 @@ router1
The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24.
-.. code-block:: console
+.. code-block:: none
set policy prefix-list BGPOUT description 'BGP Export List'
set policy prefix-list BGPOUT rule 10 action 'deny'
diff --git a/docs/appendix/examples/ospf-unnumbered.rst b/docs/appendix/examples/ospf-unnumbered.rst
index 923e0286..47f3011c 100644
--- a/docs/appendix/examples/ospf-unnumbered.rst
+++ b/docs/appendix/examples/ospf-unnumbered.rst
@@ -10,7 +10,7 @@ Configuration
- Router A:
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 address '10.0.0.1/24'
set interfaces ethernet eth1 address '192.168.0.1/32'
@@ -27,7 +27,7 @@ Configuration
- Router B:
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth0 address '10.0.0.2/24'
set interfaces ethernet eth1 address '192.168.0.2/32'
@@ -48,7 +48,7 @@ Results
- Router A:
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -61,7 +61,7 @@ Results
192.168.0.1/32
::1/128
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
@@ -83,7 +83,7 @@ Results
- Router B:
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
@@ -96,7 +96,7 @@ Results
192.168.0.2/32
::1/128
-.. code-block:: console
+.. code-block:: none
vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
diff --git a/docs/appendix/examples/tunnelbroker-ipv6.rst b/docs/appendix/examples/tunnelbroker-ipv6.rst
index e8fc9a8b..2977604d 100644
--- a/docs/appendix/examples/tunnelbroker-ipv6.rst
+++ b/docs/appendix/examples/tunnelbroker-ipv6.rst
@@ -17,7 +17,7 @@ Setting up the initial tunnel
- Set up the initial IPv6 tunnel. Replace the field below from the fields on the `Tunnelbroker.net <https://www.tunnelbroker.net/>`_ tunnel information page.
-.. code-block:: console
+.. code-block:: none
conf
set interfaces tunnel tun0 address Client_IPv6_from_Tunnelbroker # This will be your VyOS install's public IPv6 address
@@ -34,7 +34,7 @@ Setting up the initial tunnel
- At this point you should be able to ping an IPv6 address. Try pinging Google:
-.. code-block:: console
+.. code-block:: none
ping6 -c2 2001:4860:4860::8888
@@ -47,7 +47,7 @@ Setting up the initial tunnel
- Assuming the pings are successful, you need to add some DNS servers. Some options:
-.. code-block:: console
+.. code-block:: none
set system name-server 2001:4860:4860::8888 # Google
set system name-server 2001:4860:4860::8844 # Google
@@ -57,7 +57,7 @@ Setting up the initial tunnel
- You should now be able to ping something by IPv6 DNS name:
-.. code-block:: console
+.. code-block:: none
# ping6 -c2 one.one.one.one
PING one.one.one.one(one.one.one.one) 56 data bytes
@@ -87,7 +87,7 @@ Single LAN Setup
Single LAN setup where eth1 is your LAN interface. Use the /64 (all the xxxx should be replaced with the information from your `Routed /64` tunnel):
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth1 address '2001:470:xxxx:xxxx::1/64'
set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8888'
@@ -118,7 +118,7 @@ In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65
So, when your LAN is eth1, your DMZ is eth2, your cameras live on eth3, etc:
-.. code-block:: console
+.. code-block:: none
set interfaces ethernet eth1 address '2001:470:xxxx:1::1/64'
set interfaces ethernet eth1 ipv6 router-advert name-server '2001:4860:4860::8888'
diff --git a/docs/appendix/examples/zone-policy.rst b/docs/appendix/examples/zone-policy.rst
index 66cc3338..7a25d063 100644
--- a/docs/appendix/examples/zone-policy.rst
+++ b/docs/appendix/examples/zone-policy.rst
@@ -8,7 +8,7 @@ Native IPv4 and IPv6
We have three networks.
-.. code-block:: console
+.. code-block:: none
WAN - 172.16.10.0/24, 2001:0DB8:0:9999::0/64
LAN - 192.168.100.0/24, 2001:0DB8:0:AAAA::0/64
@@ -25,7 +25,7 @@ WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30.
It will look something like this:
-.. code-block:: console
+.. code-block:: none
interfaces {
ethernet eth0 {
@@ -80,7 +80,7 @@ ruleset.
In rules, it is good to keep them named consistently. As the number of rules
you have grows, the more consistency you have, the easier your life will be.
-.. code-block:: console
+.. code-block:: none
Rule 1 - State Established, Related
Rule 2 - State Invalid
@@ -105,7 +105,7 @@ significant headaches when trying to troubleshoot a connectivity issue.
To add logging to the default rule, do:
-.. code-block:: console
+.. code-block:: none
set firewall name <ruleSet> enable-default-log
@@ -143,7 +143,7 @@ The following are the rules that were created for this example
(may not be complete), both in IPv4 and IPv6. If there is no IP specified,
then the source/destination address is not explicit.
-.. code-block:: console
+.. code-block:: none
WAN – DMZ:192.168.200.200 – tcp/80
WAN – DMZ:192.168.200.200 – tcp/443
@@ -195,7 +195,7 @@ then the source/destination address is not explicit.
Since we have 4 zones, we need to setup the following rulesets.
-.. code-block:: console
+.. code-block:: none
Lan-wan
Lan-local
@@ -217,7 +217,7 @@ connection attempts.
This is an example of the three base rules.
-.. code-block:: console
+.. code-block:: none
name wan-lan {
default-action drop
@@ -241,7 +241,7 @@ This is an example of the three base rules.
Here is an example of an IPv6 DMZ-WAN ruleset.
-.. code-block:: console
+.. code-block:: none
ipv6-name dmz-wan-6 {
default-action drop
@@ -317,7 +317,7 @@ zone-policy.
Start by setting the interface and default action for each zone.
-.. code-block:: console
+.. code-block:: none
set zone-policy zone dmz default-action drop
set zone-policy zone dmz interface eth0.30
@@ -342,7 +342,7 @@ LAN, WAN, DMZ, local and TUN (tunnel)
v6 pairs would be:
-.. code-block:: console
+.. code-block:: none
lan-tun
lan-local
@@ -363,7 +363,7 @@ You would have to add a couple of rules on your wan-local ruleset to allow proto
Something like:
-.. code-block:: console
+.. code-block:: none
rule 400 {
action accept
diff --git a/docs/appendix/migrate-from-vyatta.rst b/docs/appendix/migrate-from-vyatta.rst
index 7ca64c16..051d7cef 100644
--- a/docs/appendix/migrate-from-vyatta.rst
+++ b/docs/appendix/migrate-from-vyatta.rst
@@ -30,7 +30,7 @@ You just use ``add system image``, as if it was a new VC release (see
is to verify the new images digital signature. You will have to add the public
key manually once as it is not shipped the first time.
-.. code-block:: console
+.. code-block:: none
vyatta@vyatta:~$ wget http://wiki.vyos.net/so3group_maintainers.key
Connecting to vyos.net (x.x.x.x:80)
@@ -41,7 +41,7 @@ key manually once as it is not shipped the first time.
For completion the key below corresponds to the key listed in the URL above.
-.. code-block:: console
+.. code-block:: none
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
@@ -101,7 +101,7 @@ Next add the VyOS image.
This example uses VyOS 1.0.0, however, it's better to install the latest
release.
-.. code-block:: console
+.. code-block:: none
vyatta@vyatta:~$ show system image
The system currently has the following image(s) installed:
diff --git a/docs/appendix/vyos-on-baremetal.rst b/docs/appendix/vyos-on-baremetal.rst
index e6b7597e..2b155fd7 100644
--- a/docs/appendix/vyos-on-baremetal.rst
+++ b/docs/appendix/vyos-on-baremetal.rst
@@ -114,7 +114,7 @@ Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine.
Connect serial port to a PC through null modem cable (RXD / TXD crossed over).
Set terminal emulator to 115200 8N1.
-.. code-block:: console
+.. code-block:: none
PC Engines apu4
coreboot build 20171130
@@ -135,7 +135,7 @@ Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing
``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter``
to continue.
-.. code-block:: console
+.. code-block:: none
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x VyOS - Boot Menu x
@@ -147,7 +147,7 @@ to continue.
The image will be loaded and the last lines you will get will be:
-.. code-block:: console
+.. code-block:: none
Loading /live/vmlinuz... ok
Loading /live/initrd.img...
@@ -155,7 +155,7 @@ The image will be loaded and the last lines you will get will be:
The Kernel will now spin up using a different console setting. Set terminal
emulator to 9600 8N1 and after a while your console will show:
-.. code-block:: console
+.. code-block:: none
Loading /live/vmlinuz... ok
Loading /live/initrd.img...
@@ -172,14 +172,14 @@ your first successful boot.
Use the following command to adjust the :ref:`serial-console` settings:
-.. code-block:: console
+.. code-block:: none
set system console device ttyS0 speed 115200
.. note:: Once you ``commit`` the above changes access to the serial interface
is lost until you set your terminal emulator to 115200 8N1 again.
-.. code-block:: console
+.. code-block:: none
vyos@vyos# show system console
device ttyS0 {