diff options
Diffstat (limited to 'docs/services')
| -rw-r--r-- | docs/services/conntrack.rst | 12 | ||||
| -rw-r--r-- | docs/services/dhcp-relay.rst | 20 | ||||
| -rw-r--r-- | docs/services/dhcp.rst | 12 | ||||
| -rw-r--r-- | docs/services/dhcpv6.rst | 68 | ||||
| -rw-r--r-- | docs/services/dns-forwarding.rst | 14 | ||||
| -rw-r--r-- | docs/services/dynamic-dns.rst | 24 | ||||
| -rw-r--r-- | docs/services/ipoe-server.rst | 16 | ||||
| -rw-r--r-- | docs/services/lldp.rst | 2 | ||||
| -rw-r--r-- | docs/services/mdns-repeater.rst | 4 | ||||
| -rw-r--r-- | docs/services/pppoe-server.rst | 30 | ||||
| -rw-r--r-- | docs/services/snmp.rst | 12 | ||||
| -rw-r--r-- | docs/services/ssh.rst | 6 | ||||
| -rw-r--r-- | docs/services/sstp-server.rst | 4 | ||||
| -rw-r--r-- | docs/services/tftp.rst | 4 | ||||
| -rw-r--r-- | docs/services/udp-broadcast-relay.rst | 8 | ||||
| -rw-r--r-- | docs/services/webproxy.rst | 8 |
16 files changed, 122 insertions, 122 deletions
diff --git a/docs/services/conntrack.rst b/docs/services/conntrack.rst index 27db622d..d40a3dbc 100644 --- a/docs/services/conntrack.rst +++ b/docs/services/conntrack.rst @@ -27,7 +27,7 @@ will be mandatorily defragmented. Configuration ^^^^^^^^^^^^^ -.. code-block:: sh +.. code-block:: console # Protocols only for which local conntrack entries will be synced (tcp, udp, icmp, sctp) set service conntrack-sync accept-protocol @@ -69,20 +69,20 @@ The next exemple is a simple configuration of conntrack-sync. First of all, make sure conntrack is enabled by running -.. code-block:: sh +.. code-block:: console show conntrack table ipv4 If the table is empty and you have a warning message, it means conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. -.. code-block:: sh +.. code-block:: console set firewall state-policy established action accept You now should have a conntrack table -.. code-block:: sh +.. code-block:: console $ show conntrack table ipv4 TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED, @@ -99,7 +99,7 @@ You now should have a conntrack table Now configure conntrack-sync service on ``router1`` **and** ``router2`` -.. code-block:: sh +.. code-block:: console set service conntrack-sync accept-protocol 'tcp,udp,icmp' set service conntrack-sync event-listen-queue-size '8' @@ -115,7 +115,7 @@ the external-cache of the standby router On active router run: -.. code-block:: sh +.. code-block:: console $ show conntrack-sync statistics diff --git a/docs/services/dhcp-relay.rst b/docs/services/dhcp-relay.rst index c6bccb22..e2e4ff85 100644 --- a/docs/services/dhcp-relay.rst +++ b/docs/services/dhcp-relay.rst @@ -28,27 +28,27 @@ Configuration Enable DHCP relay for eth1 and eth2: -.. code-block:: sh +.. code-block:: console set service dhcp-relay interface eth1 set service dhcp-relay interface eth2 Set the IP address of the DHCP server: -.. code-block:: sh +.. code-block:: console set service dhcp-relay server 10.0.1.4 The router should discard DHCP packages already containing relay agent information to ensure that only requests from DHCP clients are forwarded: -.. code-block:: sh +.. code-block:: console set service dhcp-relay relay-options relay-agents-packets discard Commit the changes and show the results: -.. code-block:: sh +.. code-block:: console commit show service dhcp-relay @@ -61,7 +61,7 @@ Commit the changes and show the results: The DHCP relay agent can be restarted with: -.. code-block:: sh +.. code-block:: console restart dhcp relay-agent @@ -83,20 +83,20 @@ Configuration Set eth1 to be the listening interface for the DHCPv6 relay: -.. code-block:: sh +.. code-block:: console set service dhcpv6-relay listen-interface eth1 Set eth2 to be the upstream interface and specify the IPv6 address of the DHCPv6 server: -.. code-block:: sh +.. code-block:: console set service dhcpv6-relay upstream-interface eth2 address 2001:db8:100::4 Commit the changes and show results: -.. code-block:: sh +.. code-block:: console commit show service dhcpv6-relay @@ -108,13 +108,13 @@ Commit the changes and show results: Show the current status of the DHCPv6 relay agent: -.. code-block:: sh +.. code-block:: console show dhcpv6 relay-agent status The DHCPv6 relay agent can be restarted with: -.. code-block:: sh +.. code-block:: console restart dhcpv6 relay-agent diff --git a/docs/services/dhcp.rst b/docs/services/dhcp.rst index 36162bbe..81a88741 100644 --- a/docs/services/dhcp.rst +++ b/docs/services/dhcp.rst @@ -21,13 +21,13 @@ on `pppoe0` Interface Configuration ^^^^^^^^^^^^^^^^^^^^^^^ -.. code-block:: sh +.. code-block:: console set interface ethernet eth1 address 172.16.17.1/24 Multiple ranges can be defined and can contain holes. -.. code-block:: sh +.. code-block:: console set service dhcp-server shared-network-name dhcpexample authoritative set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 default-router 172.16.17.1 @@ -86,7 +86,7 @@ Failover VyOS provides support for DHCP failover: -.. code-block:: sh +.. code-block:: console set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover local-address '192.168.0.1' set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover name 'foo' @@ -97,13 +97,13 @@ VyOS provides support for DHCP failover: The primary and secondary statements determines whether the server is primary or secondary -.. code-block:: sh +.. code-block:: console set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover status 'primary' or -.. code-block:: sh +.. code-block:: console set service dhcp-server shared-network-name 'LAN' subnet '192.168.0.0/24' failover status 'secondary' @@ -114,7 +114,7 @@ or Static mappings MAC/IP ^^^^^^^^^^^^^^^^^^^^^^ -.. code-block:: sh +.. code-block:: console set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 static-mapping static-mapping-01 ip-address 172.16.17.10 set service dhcp-server shared-network-name dhcpexample subnet 172.16.17.0/24 static-mapping static-mapping-01 mac-address ff:ff:ff:ff:ff:ff diff --git a/docs/services/dhcpv6.rst b/docs/services/dhcpv6.rst index e70b3eba..799c4332 100644 --- a/docs/services/dhcpv6.rst +++ b/docs/services/dhcpv6.rst @@ -5,25 +5,25 @@ DHCPv6 server VyOS provides DHCPv6 server functionality which is described in this section. In order to use the DHCPv6 server it has to be enabled first: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server To restart the DHCPv6 server (operational mode): -.. code-block:: sh +.. code-block:: console restart dhcpv6 server To show the current status of the DHCPv6 server use: -.. code-block:: sh +.. code-block:: console show dhcpv6 server status Show statuses of all assigned leases: -.. code-block:: sh +.. code-block:: console show dhcpv6 server leases @@ -37,19 +37,19 @@ Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is `0...255`. Set a preference value for the DHCPv6 server: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server preference <preference value> Delete a preference: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server preference Show current preference: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server preference @@ -60,19 +60,19 @@ The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a `default-time`, `maximum-time` and `minimum-time` (all values in seconds): -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default <default-time> | maximum <maximum-time> | minimum <minimum-time>} Reset the custom lease times: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default | maximum | minimum} Show the current configuration: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server shared-network-name <name> subnet <ipv6net> lease-time {default | maximum | minimum} @@ -81,19 +81,19 @@ Specify NIS domain A Network Information (NIS) domain can be set to be used for DHCPv6 clients: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name> To Delete the NIS domain: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name> Show a configured NIS domain: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-domain <nis-domain-name> @@ -103,13 +103,13 @@ Specify NIS+ domain The procedure to specify a Network Information Service Plus (NIS+) domain is similar to the NIS domain one: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-domain <nisplus-domain-name> To Delete the NIS+ domain: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-domain <nisplus-domain-name> @@ -122,19 +122,19 @@ Specify NIS server address To specify a NIS server address for DHCPv6 clients: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server <IPv6 address> Delete a specified NIS server address: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server <IPv6 address> Show specified NIS server addresses: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nis-server @@ -143,19 +143,19 @@ Specify NIS+ server address To specify a NIS+ server address for DHCPv6 clients: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server <IPv6 address> Delete a specified NIS+ server address: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server <IPv6 address> Show specified NIS+ server addresses: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server shared-network-name <name> subnet <ipv6net> nisplus-server @@ -169,19 +169,19 @@ By IPv6 address A Session Initiation Protocol (SIP) server address can be specified for DHCPv6 clients: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address <IPv6 address> Delete a specified SIP server address: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address <IPv6 address> Show specified SIP server addresses: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-address @@ -190,19 +190,19 @@ By FQDN A name for SIP server can be specified: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name <sip-server-name> Delete a specified SIP server name: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name <sip-server-name> Show specified SIP server names: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sip-server-name @@ -211,19 +211,19 @@ Simple Network Time Protocol (SNTP) server address for DHCPv6 clients A SNTP server address can be specified for DHCPv6 clients: -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address <IPv6 address> Delete a specified SNTP server address: -.. code-block:: sh +.. code-block:: console delete service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address <IPv6 address> Show specified SNTP server addresses: -.. code-block:: sh +.. code-block:: console show service dhcpv6-server shared-network-name <name> subnet <ipv6net> sntp-server-address @@ -241,14 +241,14 @@ connected to `eth1`, a DNS server at `2001:db8:111::111` is used for name services. The range of the address pool shall be `::100` through `::199`. The lease time will be left at the default value which is 24 hours. -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 address-range start 2001:db8:100::100 stop 2001:db8:100::199 set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 name-server 2001:db8:111::111 Commit the changes and show the configuration: -.. code-block:: sh +.. code-block:: console commit show service dhcpv6-server @@ -279,14 +279,14 @@ MAC address `00:15:c5:b7:5e:23`, this host-specific mapping shall be named .. note:: The MAC address identifier is defined by the last 4 byte of the MAC address. -.. code-block:: sh +.. code-block:: console set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 static-mapping client1 ipv6-address 2001:db8:100::101 set service dhcpv6-server shared-network-name NET1 subnet 2001:db8:100::/64 static-mapping client1 identifier c5b75e23 Commit the changes and show the configuration: -.. code-block:: sh +.. code-block:: console show service dhcp-server shared-network-name NET1 shared-network-name NET1 { diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst index 4aaf6919..2ab04707 100644 --- a/docs/services/dns-forwarding.rst +++ b/docs/services/dns-forwarding.rst @@ -5,33 +5,33 @@ Use DNS forwarding if you want your router to function as a DNS server for the local network. There are several options, the easiest being 'forward all traffic to the system DNS server(s)' (defined with set system name-server): -.. code-block:: sh +.. code-block:: console set service dns forwarding system Manually setting DNS servers for forwarding: -.. code-block:: sh +.. code-block:: console set service dns forwarding name-server 8.8.8.8 set service dns forwarding name-server 8.8.4.4 Manually setting DNS servers with IPv6 connectivity: -.. code-block:: sh +.. code-block:: console set service dns forwarding name-server 2001:4860:4860::8888 set service dns forwarding name-server 2001:4860:4860::8844 Setting a forwarding DNS server for a specific domain: -.. code-block:: sh +.. code-block:: console set service dns forwarding domain example.com server 192.0.2.1 Set which networks or clients are allowed to query the DNS Server. Allow from all: -.. code-block:: sh +.. code-block:: console set service dns forwarding allow-from 0.0.0.0/0 @@ -44,7 +44,7 @@ Router with two interfaces eth0 (WAN link) and eth1 (LAN). Split DNS for example * Other DNS requests are forwarded to Google's DNS servers. * The IP address for the LAN interface is 192.168.0.1. -.. code-block:: sh +.. code-block:: console set service dns forwarding domain example.com server 192.0.2.1 set service dns forwarding name-server 8.8.8.8 @@ -60,7 +60,7 @@ servers. The IP addresses for the LAN interface are 192.168.0.1 and 2001:db8::1 -.. code-block:: sh +.. code-block:: console set service dns forwarding domain example.com server 192.0.2.1 set service dns forwarding name-server 8.8.8.8 diff --git a/docs/services/dynamic-dns.rst b/docs/services/dynamic-dns.rst index 67de6471..a0d75979 100644 --- a/docs/services/dynamic-dns.rst +++ b/docs/services/dynamic-dns.rst @@ -16,44 +16,44 @@ VyOS CLI and RFC2136 First, create an RFC2136_ config node : -.. code-block:: sh +.. code-block:: console edit service dns dynamic interface eth0 rfc2136 <confignodename> Present your RNDC key to ddclient : -.. code-block:: sh +.. code-block:: console set key /config/dyndns/mydnsserver.rndc.key Set the DNS server IP/FQDN : -.. code-block:: sh +.. code-block:: console set server dns.mydomain.com Set the NS zone to be updated : -.. code-block:: sh +.. code-block:: console set zone mydomain.com Set the records to be updated : -.. code-block:: sh +.. code-block:: console set record dyn set record dyn2 You can optionally set a TTL (note : default value is 600 seconds) : -.. code-block:: sh +.. code-block:: console set ttl 600 This will generate the following ddclient config blocks: -.. code-block:: sh +.. code-block:: console server=dns.mydomain.com protocol=nsupdate @@ -70,7 +70,7 @@ This will generate the following ddclient config blocks: You can also keep a different dns zone updated. Just create a new config node: -.. code-block:: sh +.. code-block:: console edit service dns dynamic interface eth0 rfc2136 <confignode2> @@ -83,7 +83,7 @@ by ddclient. To use such a service, you must define a login, a password, one or multiple hostnames, a protocol and a server. -.. code-block:: sh +.. code-block:: console edit service dns dynamic interface eth0 service HeNet set login my-login # set password my-password @@ -107,7 +107,7 @@ the services VyOS knows about: To use DynDNS for example: -.. code-block:: sh +.. code-block:: console edit service dns dynamic interface eth0 service dyndns set login my-login @@ -116,7 +116,7 @@ To use DynDNS for example: It's possible to use multiple services : -.. code-block:: sh +.. code-block:: console edit service dns dynamic interface eth0 service dyndns set login my-login @@ -139,7 +139,7 @@ record will be updated to point to your internal IP. ddclient_ has another way to determine the WAN IP address. This is controlled by these two options: -.. code-block:: sh +.. code-block:: console set service dns dynamic interface eth0 use-web url set service dns dynamic interface eth0 use-web skip diff --git a/docs/services/ipoe-server.rst b/docs/services/ipoe-server.rst index 925ef373..1e5e72dc 100644 --- a/docs/services/ipoe-server.rst +++ b/docs/services/ipoe-server.rst @@ -17,7 +17,7 @@ The clients mac address and the incoming interface is being used as control para The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration. -.. code-block:: sh +.. code-block:: console set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 set service ipoe-server authentication mode 'local' @@ -29,7 +29,7 @@ Other DHCP discovery requests will be ignored, unless the client mac has been en The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command. -.. code-block:: sh +.. code-block:: console vyos@vyos:~$ show ipoe-server sessions @@ -46,7 +46,7 @@ for devices routed via the clients cpe. IPv6 DNS addresses are optional. -.. code-block:: sh +.. code-block:: console set service ipoe-server authentication interface eth3 mac-address 08:00:27:2F:D8:06 set service ipoe-server authentication mode 'local' @@ -57,7 +57,7 @@ IPv6 DNS addresses are optional. set service ipoe-server dnsv6-server server-3 '2001:db8:bbb::' set service ipoe-server interface eth3 client-subnet '192.168.1.0/24' -.. code-block:: sh +.. code-block:: console vyos@ipoe-server# run sh ipoe-server sessions ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid @@ -74,7 +74,7 @@ Automatic VLAN creation To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time. -.. code-block:: sh +.. code-block:: console set service ipoe-server interface eth2 network vlan set service ipoe-server interface eth2 vlan-id 100 @@ -88,7 +88,7 @@ RADIUS Setup To use a RADIUS server for authentication and bandwidth-shaping, the following example configuration can be used. -.. code-block:: sh +.. code-block:: console set service ipoe-server authentication mode 'radius' set service ipoe-server authentication radius-server 10.100.100.1 secret 'password' @@ -105,7 +105,7 @@ Bandwidth Shaping for local users The rate-limit is set in kbit/sec. -.. code-block:: sh +.. code-block:: console set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit download '500' set service ipoe-server authentication interface eth2 mac-address 08:00:27:2f:d8:06 rate-limit upload '500' @@ -115,7 +115,7 @@ The rate-limit is set in kbit/sec. set service ipoe-server interface eth2 client-subnet '192.168.0.0/24' -.. code-block:: sh +.. code-block:: console vyos@vyos# run show ipoe-server sessions diff --git a/docs/services/lldp.rst b/docs/services/lldp.rst index 37214506..d58e105e 100644 --- a/docs/services/lldp.rst +++ b/docs/services/lldp.rst @@ -74,7 +74,7 @@ Display neighbors Exemple: -.. code-block:: sh +.. code-block:: console vyos@vyos:~# show lldp neighbors Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station diff --git a/docs/services/mdns-repeater.rst b/docs/services/mdns-repeater.rst index 0afdc90a..abd3f7ef 100644 --- a/docs/services/mdns-repeater.rst +++ b/docs/services/mdns-repeater.rst @@ -12,14 +12,14 @@ multiple VLANs. To enable mDNS repeater you need to configure at least two interfaces. To re- broadcast all mDNS packets from `eth0` to `eth1` and vice versa run: -.. code-block:: sh +.. code-block:: console set service mdns repeater interface eth0 set service mdns repeater interface eth1 mDNS repeater can be temporarily disabled without deleting the service using -.. code-block:: sh +.. code-block:: console set service mdns repeater disable diff --git a/docs/services/pppoe-server.rst b/docs/services/pppoe-server.rst index 03e14971..3f42ceab 100644 --- a/docs/services/pppoe-server.rst +++ b/docs/services/pppoe-server.rst @@ -15,7 +15,7 @@ The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1. -.. code-block:: sh +.. code-block:: console set service pppoe-server access-concentrator 'ACN' set service pppoe-server authentication local-users username foo password 'bar' @@ -30,7 +30,7 @@ serves requests only on eth1. Connections can be locally checked via the command -.. code-block:: sh +.. code-block:: console show pppoe-server sessions ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes @@ -48,7 +48,7 @@ If the CIDR notation is used, multiple subnets can be setup which are used seque **Client IP address via IP range definition** -.. code-block:: sh +.. code-block:: console set service pppoe-server client-ip-pool start '10.1.1.100' set service pppoe-server client-ip-pool stop '10.1.1.111' @@ -56,7 +56,7 @@ If the CIDR notation is used, multiple subnets can be setup which are used seque **Client IP subnets via CIDR notation** -.. code-block:: sh +.. code-block:: console set service pppoe-server client-ip-pool subnet '10.1.1.0/24' set service pppoe-server client-ip-pool subnet '10.1.2.0/24' @@ -70,7 +70,7 @@ To use a radius server, you need to switch to authentication mode radius and of course need to specify an IP for the server. You can have multiple RADIUS server configured, if you wish to achieve redundancy. -.. code-block:: sh +.. code-block:: console set service pppoe-server access-concentrator 'ACN' set service pppoe-server authentication mode 'radius' @@ -84,7 +84,7 @@ RADIUS provides the IP addresses in the example above via Framed-IP-Address. For remotely disconnect sessions and change some authentication parameters you can configure dae-server -.. code-block:: sh +.. code-block:: console set service pppoe-server authentication radius-settings dae-server ip-address '10.1.1.2' set service pppoe-server authentication radius-settings dae-server port '3799' @@ -92,20 +92,20 @@ For remotely disconnect sessions and change some authentication parameters you c Example, from radius-server send command for disconnect client with username test -.. code-block:: sh +.. code-block:: console root@radius-server:~# echo "User-Name=test" | radclient -x 10.1.1.2:3799 disconnect secret123 You can also use another attributes for identify client for disconnect, like Framed-IP-Address, Acct-Session-Id, etc. Result commands appears in log -.. code-block:: sh +.. code-block:: console show log | match Disconnect* Example for changing rate-limit via RADIUS CoA -.. code-block:: sh +.. code-block:: console echo "User-Name=test,Filter-Id=5000/4000" | radclient 10.1.1.2:3799 coa secret123 @@ -119,7 +119,7 @@ Automatic VLAN creation VLAN's can be created by accel-ppp on the fly if via the use of the kernel module vlan_mon, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface. -.. code-block:: sh +.. code-block:: console set service pppoe-server interface eth3 vlan-id 100 set service pppoe-server interface eth3 vlan-id 200 @@ -141,7 +141,7 @@ Bandwidth Shaping for local users The rate-limit is set in kbit/sec. -.. code-block:: sh +.. code-block:: console set service pppoe-server access-concentrator 'ACN' set service pppoe-server authentication local-users username foo password 'bar' @@ -158,7 +158,7 @@ The rate-limit is set in kbit/sec. Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'. -.. code-block:: sh +.. code-block:: console show pppoe-server sessions ifname | username | ip | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes @@ -175,7 +175,7 @@ Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate The command below enables it, assuming the RADIUS connection has been setup and is working. -.. code-block:: sh +.. code-block:: console set service pppoe-server authentication radius-settings rate-limit enable @@ -191,7 +191,7 @@ Dual-stack provisioning with IPv6 PD via pppoe The example below covers a dual-stack configuration via pppoe-server. -.. code-block:: sh +.. code-block:: console set service pppoe-server authentication local-users username test password 'test' set service pppoe-server authentication mode 'local' @@ -207,7 +207,7 @@ The example below covers a dual-stack configuration via pppoe-server. The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address, to terminate the pppoe endpoint on the client side and a /56 subnet for the clients internal use. -.. code-block:: sh +.. code-block:: console vyos@pppoe-server:~$ sh pppoe-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes diff --git a/docs/services/snmp.rst b/docs/services/snmp.rst index f169bb95..8fd6a21e 100644 --- a/docs/services/snmp.rst +++ b/docs/services/snmp.rst @@ -90,7 +90,7 @@ plain text. Example ******* -.. code-block:: sh +.. code-block:: console # Define a community set service snmp community routers authorization ro @@ -139,7 +139,7 @@ The securityapproach in v3 targets: Example ******* -.. code-block:: sh +.. code-block:: console set service snmp v3 engineid '0x0aa0d6c6f450' set service snmp v3 group defaultgroup mode 'ro' @@ -160,7 +160,7 @@ After commit the resulting configuration will look like: .. note:: SNMPv3 keys won't we stored in plaintext. On ``commit`` the keys will be encrypted and the encrypted key is based on the engineid! -.. code-block:: sh +.. code-block:: console vyos@vyos# show service snmp v3 { @@ -200,7 +200,7 @@ vyos@your_router:/config/user-data``. Once the script is uploaded, it needs to be configured via the command below. -.. code-block:: sh +.. code-block:: console set service snmp script-extensions extension-name my-extension script your_script.sh commit @@ -209,7 +209,7 @@ be configured via the command below. The OID ``.1.3.6.1.4.1.8072.1.3.2.3.1.1.4.116.101.115.116``, once called, will contain the output of the extension. -.. code-block:: sh +.. code-block:: console root@vyos:/home/vyos# snmpwalk -v2c -c public 127.0.0.1 nsExtendOutput1 NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."my-extension" = STRING: hello @@ -226,7 +226,7 @@ Templates Management. A template for VyOS can be easily imported. Create a file named ``VyOS-1.3.6.1.4.1.44641.ConfigMgmt-Commands`` using the following content: -.. code-block:: sh +.. code-block:: console <Configuration-Management Device="VyOS" SystemOID="1.3.6.1.4.1.44641"> <Commands> diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index caa255ce..c770140b 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -30,7 +30,7 @@ Configuration Enabling SSH only requires you to add ``service ssh port NN``, where 'NN' is the port you want SSH to listen on. By default, SSH runs on port 22. -.. code-block:: sh +.. code-block:: console set service ssh port 22 @@ -130,7 +130,7 @@ line. The third part is simply an identifier, and is for your own reference. Under the user (in this example, ``vyos``), add the public key and the type. The `identifier` is simply a string that is relevant to you. -.. code-block:: sh +.. code-block:: console set system login user vyos authentication public-keys 'identifier' key "AAAAB3Nz...." set system login user vyos authentication public-keys 'identifier' type ssh-rsa" @@ -139,7 +139,7 @@ You can assign multiple keys to the same user by changing the identifier. In the following example, both Unicron and xrobau will be able to SSH into VyOS as the ``vyos`` user using their own keys. -.. code-block:: sh +.. code-block:: console set system login user vyos authentication public-keys 'Unicron' key "AAAAB3Nz...." set system login user vyos authentication public-keys 'Unicron' type ssh-rsa diff --git a/docs/services/sstp-server.rst b/docs/services/sstp-server.rst index bed2e1a6..6a394cc5 100644 --- a/docs/services/sstp-server.rst +++ b/docs/services/sstp-server.rst @@ -22,7 +22,7 @@ Self Signed CA and server certificates To generate the CA, the server private key and certificates the following commands can be used. -.. code-block:: sh +.. code-block:: console vyos@vyos:~$ conf [edit] @@ -60,7 +60,7 @@ The example below will answer configuration request for the user user ``foo``. Use <tab> to setup the ``set sstp-settings ssl-certs ...``, it automatically looks for all files and directories in ``/config/user-data/sstp``. -.. code-block:: sh +.. code-block:: console edit service sstp-server set authentication local-users username foo password 'bar' diff --git a/docs/services/tftp.rst b/docs/services/tftp.rst index 96b33a65..185e594f 100644 --- a/docs/services/tftp.rst +++ b/docs/services/tftp.rst @@ -10,7 +10,7 @@ simple to implement. Example ^^^^^^^ -.. code-block:: sh +.. code-block:: console # If you want to enable uploads, else TFTP server will act as read-only (optional) set service tftp-server allow-upload @@ -30,7 +30,7 @@ Example The resulting configuration will look like: -.. code-block:: sh +.. code-block:: console vyos@vyos# show service tftp-server { diff --git a/docs/services/udp-broadcast-relay.rst b/docs/services/udp-broadcast-relay.rst index 9ea53826..995213fa 100644 --- a/docs/services/udp-broadcast-relay.rst +++ b/docs/services/udp-broadcast-relay.rst @@ -14,7 +14,7 @@ support 99 IDs! Example #1: To forward all broadcast packets received on `UDP port 1900` on `eth3`, `eth4` or `eth5` to all other interfaces in this configuration. -.. code-block:: sh +.. code-block:: console set service broadcast-relay id 1 description 'SONOS' set service broadcast-relay id 1 interface 'eth3' @@ -25,7 +25,7 @@ Example #1: To forward all broadcast packets received on `UDP port 1900` on Example #2: To Forward all broadcasts packets received on `UDP port 6969` on `eth3` or `eth4` to the other interface in this configuration. -.. code-block:: sh +.. code-block:: console set service broadcast-relay id 2 description 'SONOS MGMT' set service broadcast-relay id 2 interface 'eth3' @@ -38,14 +38,14 @@ Disable Instance(s) Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command: -.. code-block:: sh +.. code-block:: console set service broadcast-relay id <n> disable In addition you can also disable the whole service without removing the configuration by: -.. code-block:: sh +.. code-block:: console set service broadcast-relay disable diff --git a/docs/services/webproxy.rst b/docs/services/webproxy.rst index 36571f75..8aca0b85 100644 --- a/docs/services/webproxy.rst +++ b/docs/services/webproxy.rst @@ -19,7 +19,7 @@ URL Filtering is provided by Squidguard_. Configuration ^^^^^^^^^^^^^^ -.. code-block:: sh +.. code-block:: console # Enable proxy service set service webproxy listen-address 192.168.0.1 @@ -46,7 +46,7 @@ Filtering by category If you wan't to use existing blacklists you have to create/download a database first. Otherwise you will not be able to commit the config changes. -.. code-block:: sh +.. code-block:: console vyos@vyos# commit [ service webproxy ] @@ -83,7 +83,7 @@ The embedded Squid proxy can use LDAP to authenticate users against a company wide directory. The following configuration is an example of how to use Active Directory as authentication backend. Queries are done via LDAP. -.. code-block:: sh +.. code-block:: console vyos@vyos# show service webproxy authentication { @@ -117,7 +117,7 @@ Adjusting cache size The size of the proxy cache can be adjusted by the user. -.. code-block:: sh +.. code-block:: console set service webproxy cache-size Possible completions: |