diff options
Diffstat (limited to 'docs/services')
| -rw-r--r-- | docs/services/conntrack.rst | 12 | ||||
| -rw-r--r-- | docs/services/dhcp-relay.rst | 20 | ||||
| -rw-r--r-- | docs/services/dhcp.rst | 12 | ||||
| -rw-r--r-- | docs/services/dhcpv6.rst | 68 | ||||
| -rw-r--r-- | docs/services/dns-forwarding.rst | 14 | ||||
| -rw-r--r-- | docs/services/dynamic-dns.rst | 24 | ||||
| -rw-r--r-- | docs/services/ipoe-server.rst | 16 | ||||
| -rw-r--r-- | docs/services/lldp.rst | 2 | ||||
| -rw-r--r-- | docs/services/mdns-repeater.rst | 4 | ||||
| -rw-r--r-- | docs/services/pppoe-server.rst | 30 | ||||
| -rw-r--r-- | docs/services/snmp.rst | 12 | ||||
| -rw-r--r-- | docs/services/ssh.rst | 6 | ||||
| -rw-r--r-- | docs/services/sstp-server.rst | 4 | ||||
| -rw-r--r-- | docs/services/tftp.rst | 4 | ||||
| -rw-r--r-- | docs/services/udp-broadcast-relay.rst | 8 | ||||
| -rw-r--r-- | docs/services/webproxy.rst | 8 |
16 files changed, 122 insertions, 122 deletions
diff --git a/docs/services/conntrack.rst b/docs/services/conntrack.rst index d40a3dbc..28f16d54 100644 --- a/docs/services/conntrack.rst +++ b/docs/services/conntrack.rst @@ -27,7 +27,7 @@ will be mandatorily defragmented. Configuration ^^^^^^^^^^^^^ -.. code-block:: console +.. code-block:: none # Protocols only for which local conntrack entries will be synced (tcp, udp, icmp, sctp) set service conntrack-sync accept-protocol @@ -69,20 +69,20 @@ The next exemple is a simple configuration of conntrack-sync. First of all, make sure conntrack is enabled by running -.. code-block:: console +.. code-block:: none show conntrack table ipv4 If the table is empty and you have a warning message, it means conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. -.. code-block:: console +.. code-block:: none set firewall state-policy established action accept You now should have a conntrack table -.. code-block:: console +.. code-block:: none $ show conntrack table ipv4 TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED, @@ -99,7 +99,7 @@ You now should have a conntrack table Now configure conntrack-sync service on ``router1`` **and** ``router2`` -.. code-block:: console +.. code-block:: none set service conntrack-sync accept-protocol 'tcp,udp,icmp' set service conntrack-sync event-listen-queue-size '8' @@ -115,7 +115,7 @@ the external-cache of the standby router On active router run: -.. code-block:: console +.. code-block:: none $ show conntrack-sync statistics diff --git a/docs/services/dhcp-relay.rst b/docs/services/dhcp-relay.rst index e2e4ff85..0b838442 100644 --- a/docs/services/dhcp-relay.rst +++ b/docs/services/dhcp-relay.rst @@ -28,27 +28,27 @@ Configuration Enable DHCP relay for eth1 and eth2: -.. code-block:: console +.. code-block:: none set service dhcp-relay interface eth1 set service dhcp-relay interface eth2 Set the IP address of the DHCP server: -.. code-block:: console +.. code-block:: none set service dhcp-relay server 10.0.1.4 The router should discard DHCP packages already containing relay agent information to ensure that only requests from DHCP clients are forwarded: -.. code-block:: console +.. code-block:: none set service dhcp-relay relay-options relay-agents-packets discard Commit the changes and show the results: -.. code-block:: console +.. code-block:: none commit show service dhcp-relay @@ -61,7 +61,7 @@ Commit the changes and show the results: The DHCP relay agent can be restarted with: -.. code-block:: console +.. code-block:: none restart dhcp relay-agent @@ -83,20 +83,20 @@ Configuration Set eth1 to be the listening interface for the DHCPv6 relay: -.. code-block:: console +.. code-block:: none set service dhcpv6-relay listen-interface eth1 Set eth2 to be the upstream interface and specify the IPv6 address of the DHCPv6 server: -.. code-block:: console +.. code-block:: none set service dhcpv6-relay upstream-interface eth2 address 2001:db8:100::4 Commit the changes and show results: -.. code-block:: console +.. code-block:: none commit show service dhcpv6-relay @@ -108,13 +108,13 @@ Commit the changes and show results: Show the current status of the DHCPv6 relay agent: -.. code-block:: console +.. code-block:: none show dhcpv6 relay-agent status The DHCPv6 relay agent can be restarted with: -.. code-block:: console +.. code-block:: none restart dhcpv6 relay-agent diff --git a/docs/services/dhcp.rst b/docs/services/dhcp.rst index 81a88741..f11d9a7e 100644 --- a/docs/services/dhcp.rst +++ b/docs/services/dhcp.rst @@ -21,13 +21,13 @@ on `pppoe0` Interface Configuration ^^^^^^^^^^^^^^^^^^^^^^^ -.. code-block:: console +.. code-block:: none set interface ethernet eth1 address 172.16.17.1/24 Multiple ranges can be defined and can contain holes. -.. code-block:: console +.. code-block:: none set service dhcp-server shared-network-name dhcpexample authoritative set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 default-router 172.16.17.1 @@ -86,7 +86,7 @@ Failover VyOS provides support for DHCP failover: -.. code-block:: console +.. code-block:: none set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover local-address '192.168.0.1' set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover name 'foo' @@ -97,13 +97,13 @@ VyOS provides support for DHCP failover: The primary and secondary statements determines whether the server is primary or secondary -.. code-block:: console +.. code-block:: none set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover status 'primary' or -.. code-block:: console +.. code-block:: none set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover status 'secondary' @@ -114,7 +114,7 @@ or Static mappings MAC/IP ^^^^^^^^^^^^^^^^^^^^^^ -.. code-block:: console +.. code-block:: none set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 static-mapping static-mapping-01 ip-address 172.16.17.10 set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 static-mapping static-mapping-01 mac-address ff:ff:ff:ff:ff:ff diff --git a/docs/services/dhcpv6.rst b/docs/services/dhcpv6.rst index 799c4332..db566d5f 100644 --- a/docs/services/dhcpv6.rst +++ b/docs/services/dhcpv6.rst @@ -5,25 +5,25 @@ DHCPv6 server VyOS provides DHCPv6 server functionality which is described in this section. In order to use the DHCPv6 server it has to be enabled first: -.. code-block:: console +.. code-block:: none set service dhcpv6-server To restart the DHCPv6 server (operational mode): -.. code-block:: console +.. code-block:: none restart dhcpv6 server To show the current status of the DHCPv6 server use: -.. code-block:: console +.. code-block:: none show dhcpv6 server status Show statuses of all assigned leases: -.. code-block:: console +.. code-block:: none show dhcpv6 server leases @@ -37,19 +37,19 @@ Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is `0...255`. Set a preference value for the DHCPv6 server: -.. code-block:: console +.. code-block:: none set service dhcpv6-server preference <preference value> Delete a preference: -.. code-block:: console +.. code-block:: none set service dhcpv6-server preference Show current preference: -.. code-block:: console +.. code-block:: none show service dhcpv6-server preference @@ -60,19 +60,19 @@ The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a `default-time`, `maximum-time` and `minimum-time` (all values in seconds): -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default <default-time> | maximum <maximum-time> | minimum <minimum-time>} Reset the custom lease times: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default | maximum | minimum} Show the current configuration: -.. code-block:: console +.. code-block:: none show service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default | maximum | minimum} @@ -81,19 +81,19 @@ Specify NIS domain A Network Information (NIS) domain can be set to be used for DHCPv6 clients: -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name> To Delete the NIS domain: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name> Show a configured NIS domain: -.. code-block:: console +.. code-block:: none show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name> @@ -103,13 +103,13 @@ Specify NIS+ domain The procedure to specify a Network Information Service Plus (NIS+) domain is similar to the NIS domain one: -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-domain <nisplus-domain-name> To Delete the NIS+ domain: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-domain <nisplus-domain-name> @@ -122,19 +122,19 @@ Specify NIS server address To specify a NIS server address for DHCPv6 clients: -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server <IPv6 address> Delete a specified NIS server address: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server <IPv6 address> Show specified NIS server addresses: -.. code-block:: console +.. code-block:: none show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server @@ -143,19 +143,19 @@ Specify NIS+ server address To specify a NIS+ server address for DHCPv6 clients: -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server <IPv6 address> Delete a specified NIS+ server address: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server <IPv6 address> Show specified NIS+ server addresses: -.. code-block:: console +.. code-block:: none show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server @@ -169,19 +169,19 @@ By IPv6 address A Session Initiation Protocol (SIP) server address can be specified for DHCPv6 clients: -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address <IPv6 address> Delete a specified SIP server address: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address <IPv6 address> Show specified SIP server addresses: -.. code-block:: console +.. code-block:: none show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address @@ -190,19 +190,19 @@ By FQDN A name for SIP server can be specified: -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name <sip-server-name> Delete a specified SIP server name: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name <sip-server-name> Show specified SIP server names: -.. code-block:: console +.. code-block:: none show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name @@ -211,19 +211,19 @@ Simple Network Time Protocol (SNTP) server address for DHCPv6 clients A SNTP server address can be specified for DHCPv6 clients: -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address <IPv6 address> Delete a specified SNTP server address: -.. code-block:: console +.. code-block:: none delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address <IPv6 address> Show specified SNTP server addresses: -.. code-block:: console +.. code-block:: none show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address @@ -241,14 +241,14 @@ connected to `eth1`, a DNS server at `2001:db8:111::111` is used for name services. The range of the address pool shall be `::100` through `::199`. The lease time will be left at the default value which is 24 hours. -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 address-range start 2001:db8:100::100 stop 2001:db8:100::199 set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 name-server 2001:db8:111::111 Commit the changes and show the configuration: -.. code-block:: console +.. code-block:: none commit show service dhcpv6-server @@ -279,14 +279,14 @@ MAC address `00:15:c5:b7:5e:23`, this host-specific mapping shall be named .. note:: The MAC address identifier is defined by the last 4 byte of the MAC address. -.. code-block:: console +.. code-block:: none set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 static-mapping client1 ipv6-address 2001:db8:100::101 set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 static-mapping client1 identifier c5b75e23 Commit the changes and show the configuration: -.. code-block:: console +.. code-block:: none show service dhcp-server shared-network-name NET1 shared-network-name NET1 { diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst index 2ab04707..84e4fc93 100644 --- a/docs/services/dns-forwarding.rst +++ b/docs/services/dns-forwarding.rst @@ -5,33 +5,33 @@ Use DNS forwarding if you want your router to function as a DNS server for the local network. There are several options, the easiest being 'forward all traffic to the system DNS server(s)' (defined with set system name-server): -.. code-block:: console +.. code-block:: none set service dns forwarding system Manually setting DNS servers for forwarding: -.. code-block:: console +.. code-block:: none set service dns forwarding name-server 8.8.8.8 set service dns forwarding name-server 8.8.4.4 Manually setting DNS servers with IPv6 connectivity: -.. code-block:: console +.. code-block:: none set service dns forwarding name-server 2001:4860:4860::8888 set service dns forwarding name-server 2001:4860:4860::8844 Setting a forwarding DNS server for a specific domain: -.. code-block:: console +.. code-block:: none set service dns forwarding domain example.com server 192.0.2.1 Set which networks or clients are allowed to query the DNS Server. Allow from all: -.. code-block:: console +.. code-block:: none set service dns forwarding allow-from 0.0.0.0/0 @@ -44,7 +44,7 @@ Router with two interfaces eth0 (WAN link) and eth1 (LAN). Split DNS for example * Other DNS requests are forwarded to Google's DNS servers. * The IP address for the LAN interface is 192.168.0.1. -.. code-block:: console +.. code-block:: none set service dns forwarding domain example.com server 192.0.2.1 set service dns forwarding name-server 8.8.8.8 @@ -60,7 +60,7 @@ servers. The IP addresses for the LAN interface are 192.168.0.1 and 2001:db8::1 -.. code-block:: console +.. code-block:: none set service dns forwarding domain example.com server 192.0.2.1 set service dns forwarding name-server 8.8.8.8 diff --git a/docs/services/dynamic-dns.rst b/docs/services/dynamic-dns.rst index a0d75979..6a3c6e28 100644 --- a/docs/services/dynamic-dns.rst +++ b/docs/services/dynamic-dns.rst @@ -16,44 +16,44 @@ VyOS CLI and RFC2136 First, create an RFC2136_ config node : -.. code-block:: console +.. code-block:: none edit service dns dynamic interface eth0 rfc2136 <confignodename> Present your RNDC key to ddclient : -.. code-block:: console +.. code-block:: none set key /config/dyndns/mydnsserver.rndc.key Set the DNS server IP/FQDN : -.. code-block:: console +.. code-block:: none set server dns.mydomain.com Set the NS zone to be updated : -.. code-block:: console +.. code-block:: none set zone mydomain.com Set the records to be updated : -.. code-block:: console +.. code-block:: none set record dyn set record dyn2 You can optionally set a TTL (note : default value is 600 seconds) : -.. code-block:: console +.. code-block:: none set ttl 600 This will generate the following ddclient config blocks: -.. code-block:: console +.. code-block:: none server=dns.mydomain.com protocol=nsupdate @@ -70,7 +70,7 @@ This will generate the following ddclient config blocks: You can also keep a different dns zone updated. Just create a new config node: -.. code-block:: console +.. code-block:: none edit service dns dynamic interface eth0 rfc2136 <confignode2> @@ -83,7 +83,7 @@ by ddclient. To use such a service, you must define a login, a password, one or multiple hostnames, a protocol and a server. -.. code-block:: console +.. code-block:: none edit service dns dynamic interface eth0 service HeNet set login my-login # set password my-password @@ -107,7 +107,7 @@ the services VyOS knows about: To use DynDNS for example: -.. code-block:: console +.. code-block:: none edit service dns dynamic interface eth0 service dyndns set login my-login @@ -116,7 +116,7 @@ To use DynDNS for example: It's possible to use multiple services : -.. code-block:: console +.. code-block:: none edit service dns dynamic interface eth0 service dyndns set login my-login @@ -139,7 +139,7 @@ record will be updated to point to your internal IP. ddclient_ has another way to determine the WAN IP address. This is controlled by these two options: -.. code-block:: console +.. code-block:: none set service dns dynamic interface eth0 use-web url set service dns dynamic interface eth0 use-web skip diff --git a/docs/services/ipoe-server.rst b/docs/services/ipoe-server.rst index 1e5e72dc..eed4cced 100644 --- a/docs/services/ipoe-server.rst +++ b/docs/services/ipoe-server.rst @@ -17,7 +17,7 @@ The clients mac address and the incoming interface is being used as control para The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration. -.. code-block:: console +.. code-block:: none set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 set service ipoe-server authentication mode 'local' @@ -29,7 +29,7 @@ Other DHCP discovery requests will be ignored, unless the client mac has been en The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command. -.. code-block:: console +.. code-block:: none vyos@vyos:~$ show ipoe-server sessions @@ -46,7 +46,7 @@ for devices routed via the clients cpe. IPv6 DNS addresses are optional. -.. code-block:: console +.. code-block:: none set service ipoe-server authentication interface eth3 mac-address 08:00:27:2F:D8:06 set service ipoe-server authentication mode 'local' @@ -57,7 +57,7 @@ IPv6 DNS addresses are optional. set service ipoe-server dnsv6-server server-3 '2001:db8:bbb::' set service ipoe-server interface eth3 client-subnet '192.168.1.0/24' -.. code-block:: console +.. code-block:: none vyos@ipoe-server# run sh ipoe-server sessions ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid @@ -74,7 +74,7 @@ Automatic VLAN creation To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time. -.. code-block:: console +.. code-block:: none set service ipoe-server interface eth2 network vlan set service ipoe-server interface eth2 vlan-id 100 @@ -88,7 +88,7 @@ RADIUS Setup To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used. -.. code-block:: console +.. code-block:: none set service ipoe-server authentication mode 'radius' set service ipoe-server authentication radius-server 10.100.100.1 secret 'password' @@ -105,7 +105,7 @@ Bandwidth Shaping for local users The rate-limit is set in kbit/sec. -.. code-block:: console +.. code-block:: none set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit download '500' set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit upload '500' @@ -115,7 +115,7 @@ The rate-limit is set in kbit/sec. set service ipoe-server interface eth2 client-subnet '192.168.0.0/24' -.. code-block:: console +.. code-block:: none vyos@vyos# run show ipoe-server sessions diff --git a/docs/services/lldp.rst b/docs/services/lldp.rst index d58e105e..dccd68fa 100644 --- a/docs/services/lldp.rst +++ b/docs/services/lldp.rst @@ -74,7 +74,7 @@ Display neighbors Exemple: -.. code-block:: console +.. code-block:: none vyos@vyos:~# show lldp neighbors Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station diff --git a/docs/services/mdns-repeater.rst b/docs/services/mdns-repeater.rst index abd3f7ef..22e824ba 100644 --- a/docs/services/mdns-repeater.rst +++ b/docs/services/mdns-repeater.rst @@ -12,14 +12,14 @@ multiple VLANs. To enable mDNS repeater you need to configure at least two interfaces. To re- broadcast all mDNS packets from `eth0` to `eth1` and vice versa run: -.. code-block:: console +.. code-block:: none set service mdns repeater interface eth0 set service mdns repeater interface eth1 mDNS repeater can be temporarily disabled without deleting the service using -.. code-block:: console +.. code-block:: none set service mdns repeater disable diff --git a/docs/services/pppoe-server.rst b/docs/services/pppoe-server.rst index 3f42ceab..8e37a068 100644 --- a/docs/services/pppoe-server.rst +++ b/docs/services/pppoe-server.rst @@ -15,7 +15,7 @@ The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1. -.. code-block:: console +.. code-block:: none set service pppoe-server access-concentrator 'ACN' set service pppoe-server authentication local-users username foo password 'bar' @@ -30,7 +30,7 @@ serves requests only on eth1. Connections can be locally checked via the command -.. code-block:: console +.. code-block:: none show pppoe-server sessions ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes @@ -48,7 +48,7 @@ If the CIDR notation is used, multiple subnets can be setup which are used seque **Client IP address via IP range definition** -.. code-block:: console +.. code-block:: none set service pppoe-server client-ip-pool start '10.1.1.100' set service pppoe-server client-ip-pool stop '10.1.1.111' @@ -56,7 +56,7 @@ If the CIDR notation is used, multiple subnets can be setup which are used seque **Client IP subnets via CIDR notation** -.. code-block:: console +.. code-block:: none set service pppoe-server client-ip-pool subnet '10.1.1.0/24' set service pppoe-server client-ip-pool subnet '10.1.2.0/24' @@ -70,7 +70,7 @@ To use a radius server, you need to switch to authentication mode radius and of course need to specify an IP for the server. You can have multiple RADIUS server configured, if you wish to achieve redundancy. -.. code-block:: console +.. code-block:: none set service pppoe-server access-concentrator 'ACN' set service pppoe-server authentication mode 'radius' @@ -84,7 +84,7 @@ RADIUS provides the IP addresses in the example above via Framed-IP-Address. For remotely disconnect sessions and change some authentication parameters you can configure dae-server -.. code-block:: console +.. code-block:: none set service pppoe-server authentication radius-settings dae-server ip-address '10.1.1.2' set service pppoe-server authentication radius-settings dae-server port '3799' @@ -92,20 +92,20 @@ For remotely disconnect sessions and change some authentication parameters you c Example, from radius-server send command for disconnect client with username test -.. code-block:: console +.. code-block:: none root@radius-server:~# echo "User-Name=test" | radclient -x 10.1.1.2:3799 disconnect secret123 You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log -.. code-block:: console +.. code-block:: none show log | match Disconnect* Example for changing rate-limit via RADIUS CoA -.. code-block:: console +.. code-block:: none echo "User-Name=test,Filter-Id=5000/4000" | radclient 10.1.1.2:3799 coa secret123 @@ -119,7 +119,7 @@ Automatic VLAN creation VLAN's can be created by accel-ppp on the fly if via the use of the kernel module vlan_mon, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface. -.. code-block:: console +.. code-block:: none set service pppoe-server interface eth3 vlan-id 100 set service pppoe-server interface eth3 vlan-id 200 @@ -141,7 +141,7 @@ Bandwidth Shaping for local users The rate-limit is set in kbit/sec. -.. code-block:: console +.. code-block:: none set service pppoe-server access-concentrator 'ACN' set service pppoe-server authentication local-users username foo password 'bar' @@ -158,7 +158,7 @@ The rate-limit is set in kbit/sec. Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'. -.. code-block:: console +.. code-block:: none show pppoe-server sessions ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes @@ -175,7 +175,7 @@ Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate The command below enables it, assuming the RADIUS connection has been setup and is working. -.. code-block:: console +.. code-block:: none set service pppoe-server authentication radius-settings rate-limit enable @@ -191,7 +191,7 @@ Dual-stack provisioning with IPv6 PD via pppoe The example below covers a dual-stack configuration via pppoe-server. -.. code-block:: console +.. code-block:: none set service pppoe-server authentication local-users username test password 'test' set service pppoe-server authentication mode 'local' @@ -207,7 +207,7 @@ The example below covers a dual-stack configuration via pppoe-server. The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address, to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use. -.. code-block:: console +.. code-block:: none vyos@pppoe-server:~$ sh pppoe-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst index 8fd6a21e..6418a516 100644 --- a/docs/services/snmp.rst +++ b/docs/services/snmp.rst @@ -90,7 +90,7 @@ plain text. Example ******* -.. code-block:: console +.. code-block:: none # Define a community set service snmp community routers authorization ro @@ -139,7 +139,7 @@ The securityapproach in v3 targets: Example ******* -.. code-block:: console +.. code-block:: none set service snmp v3 engineid '0x0aa0d6c6f450' set service snmp v3 group defaultgroup mode 'ro' @@ -160,7 +160,7 @@ After commit the resulting configuration will look like: .. note:: SNMPv3 keys won't we stored in plaintext. On ``commit`` the keys will be encrypted and the encrypted key is based on the engineid! -.. code-block:: console +.. code-block:: none vyos@vyos# show service snmp v3 { @@ -200,7 +200,7 @@ vyos@your_router:/config/user-data``. Once the script is uploaded, it needs to be configured via the command below. -.. code-block:: console +.. code-block:: none set service snmp script-extensions extension-name my-extension script your_script.sh commit @@ -209,7 +209,7 @@ be configured via the command below. The OID ``.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116``, once called, will contain the output of the extension. -.. code-block:: console +.. code-block:: none root@vyos:/home/vyos# snmpwalk -v2c -c public 127.0.0.1 nsExtendOutput1 NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."my-extension" = STRING: hello @@ -226,7 +226,7 @@ Templates Management. A template for VyOS can be easily imported. Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using the following content: -.. code-block:: console +.. code-block:: none <Configuration-Management Device="VyOS" SystemOID="1.3.6.1.4.1.44641"> <Commands> diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index c770140b..3af71899 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -30,7 +30,7 @@ Configuration Enabling SSH only requires you to add ``service ssh port NN``, where 'NN' is the port you want SSH to listen on. By default, SSH runs on port 22. -.. code-block:: console +.. code-block:: none set service ssh port 22 @@ -130,7 +130,7 @@ line. The third part is simply an identifier, and is for your own reference. Under the user (in this example, ``vyos``), add the public key and the type. The `identifier` is simply a string that is relevant to you. -.. code-block:: console +.. code-block:: none set system login user vyos authentication public-keys 'identifier' key "AAAAB3Nz...." set system login user vyos authentication public-keys 'identifier' type ssh-rsa" @@ -139,7 +139,7 @@ You can assign multiple keys to the same user by changing the identifier. In the following example, both Unicron and xrobau will be able to SSH into VyOS as the ``vyos`` user using their own keys. -.. code-block:: console +.. code-block:: none set system login user vyos authentication public-keys 'Unicron' key "AAAAB3Nz...." set system login user vyos authentication public-keys 'Unicron' type ssh-rsa diff --git a/docs/services/sstp-server.rst b/docs/services/sstp-server.rst index 6a394cc5..428a2e46 100644 --- a/docs/services/sstp-server.rst +++ b/docs/services/sstp-server.rst @@ -22,7 +22,7 @@ Self Signed CA and server certificates To generate the CA, the server private key and certificates the following commands can be used. -.. code-block:: console +.. code-block:: none vyos@vyos:~$ conf [edit] @@ -60,7 +60,7 @@ The example below will answer configuration request for the user user ``foo``. Use <tab> to setup the ``set sstp-settings ssl-certs ...``, it automatically looks for all files and directories in ``/config/user-data/sstp``. -.. code-block:: console +.. code-block:: none edit service sstp-server set authentication local-users username foo password 'bar' diff --git a/docs/services/tftp.rst b/docs/services/tftp.rst index 185e594f..9ce46b02 100644 --- a/docs/services/tftp.rst +++ b/docs/services/tftp.rst @@ -10,7 +10,7 @@ simple to implement. Example ^^^^^^^ -.. code-block:: console +.. code-block:: none # If you want to enable uploads, else TFTP server will act as read-only (optional) set service tftp-server allow-upload @@ -30,7 +30,7 @@ Example The resulting configuration will look like: -.. code-block:: console +.. code-block:: none vyos@vyos# show service tftp-server { diff --git a/docs/services/udp-broadcast-relay.rst b/docs/services/udp-broadcast-relay.rst index 995213fa..40f738e6 100644 --- a/docs/services/udp-broadcast-relay.rst +++ b/docs/services/udp-broadcast-relay.rst @@ -14,7 +14,7 @@ support 99 IDs! Example #1: To forward all broadcast packets received on `UDP port 1900` on `eth3`, `eth4` or `eth5` to all other interfaces in this configuration. -.. code-block:: console +.. code-block:: none set service broadcast-relay id 1 description 'SONOS' set service broadcast-relay id 1 interface 'eth3' @@ -25,7 +25,7 @@ Example #1: To forward all broadcast packets received on `UDP port 1900` on Example #2: To Forward all broadcasts packets received on `UDP port 6969` on `eth3` or `eth4` to the other interface in this configuration. -.. code-block:: console +.. code-block:: none set service broadcast-relay id 2 description 'SONOS MGMT' set service broadcast-relay id 2 interface 'eth3' @@ -38,14 +38,14 @@ Disable Instance(s) Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command: -.. code-block:: console +.. code-block:: none set service broadcast-relay id <n> disable In addition you can also disable the whole service without removing the configuration by: -.. code-block:: console +.. code-block:: none set service broadcast-relay disable diff --git a/docs/services/webproxy.rst b/docs/services/webproxy.rst index 8aca0b85..61546cda 100644 --- a/docs/services/webproxy.rst +++ b/docs/services/webproxy.rst @@ -19,7 +19,7 @@ URL Filtering is provided by Squidguard_. Configuration ^^^^^^^^^^^^^^ -.. code-block:: console +.. code-block:: none # Enable proxy service set service webproxy listen-address 192.168.0.1 @@ -46,7 +46,7 @@ Filtering by category If you wan't to use existing blacklists you have to create/download a database first. Otherwise you will not be able to commit the config changes. -.. code-block:: console +.. code-block:: none vyos@vyos# commit [ service webproxy ] @@ -83,7 +83,7 @@ The embedded Squid proxy can use LDAP to authenticate users against a company wide directory. The following configuration is an example of how to use Active Directory as authentication backend. Queries are done via LDAP. -.. code-block:: console +.. code-block:: none vyos@vyos# show service webproxy authentication { @@ -117,7 +117,7 @@ Adjusting cache size The size of the proxy cache can be adjusted by the user. -.. code-block:: console +.. code-block:: none set service webproxy cache-size Possible completions: |