Merge branch 'master' of github.com:vyos/vyos-documentation

6 files changed, 146 insertions, 219 deletions

diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst
index b5b12a5b..c51a0aff 100644
--- a/docs/configuration/service/dhcp-server.rst
+++ b/docs/configuration/service/dhcp-server.rst
@@ -4,7 +4,7 @@
 DHCP Server
 ###########
 
-VyOS uses ISC DHCP server for both IPv4 and IPv6 address assignment.
+VyOS uses Kea DHCP server for both IPv4 and IPv6 address assignment.
 
 ***********
 IPv4 server
@@ -26,12 +26,7 @@ Configuration
    Create DNS record per client lease, by adding clients to /etc/hosts file.
    Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`
 
-.. cfgcmd:: set service dhcp-server host-decl-name
-
-   Will drop `<shared-network-name>_` from client DNS record, using only the
-   host declaration name and domain: `<hostname>.<domain-name>`
-
-.. cfgcmd:: set service dhcp-server shared-network-name <name> domain-name <domain-name>
+.. cfgcmd:: set service dhcp-server shared-network-name <name> option domain-name <domain-name>
 
    The domain-name parameter should be the domain name that will be appended to
    the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP
@@ -40,7 +35,7 @@ Configuration
    This is the configuration parameter for the entire shared network definition.
    All subnets will inherit this configuration item if not specified locally.
 
-.. cfgcmd:: set service dhcp-server shared-network-name <name> domain-search <domain-name>
+.. cfgcmd:: set service dhcp-server shared-network-name <name> option domain-search <domain-name>
 
    The domain-name parameter should be the domain name used when completing DNS
    request where no full FQDN is passed. This option can be given multiple times
@@ -49,7 +44,7 @@ Configuration
    This is the configuration parameter for the entire shared network definition.
    All subnets will inherit this configuration item if not specified locally.
 
-.. cfgcmd:: set service dhcp-server shared-network-name <name> name-server <address>
+.. cfgcmd:: set service dhcp-server shared-network-name <name> option name-server <address>
 
    Inform client that the DNS server can be found at `<address>`.
 
@@ -58,21 +53,6 @@ Configuration
 
    Multiple DNS servers can be defined.
 
-.. cfgcmd:: set service dhcp-server shared-network-name <name> ping-check
-
-   When the DHCP server is considering dynamically allocating an IP address to a
-   client, it first sends an ICMP Echo request (a ping) to the address being
-   assigned. It waits for a second, and if no ICMP Echo response has been heard,
-   it assigns the address.
-
-   If a response is heard, the lease is abandoned, and the server does not
-   respond to the client. The lease will remain abandoned for a minimum of
-   abandon-lease-time seconds (defaults to 24 hours).
-
-   If there are no free addresses but there are abandoned IP addresses, the
-   DHCP server will attempt to reclaim an abandoned IP address regardless of the
-   value of abandon-lease-time.
-
 .. cfgcmd:: set service dhcp-server listen-address <address>
 
    This configuration parameter lets the DHCP server to listen for DHCP 
@@ -91,14 +71,20 @@ Individual Client Subnet
    network.
 
 .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet>
-   default-router <address>
+   subnet-id <id>
+
+   This configuration parameter is required and must be unique to each subnet.
+   It is required to map subnets to lease file entries.
+
+.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet>
+   option default-router <address>
 
    This is a configuration parameter for the `<subnet>`, saying that as part of
    the response, tell the client that the default gateway can be reached at
    `<address>`.
 
 .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet>
-   name-server <address>
+   option name-server <address>
 
    This is a configuration parameter for the subnet, saying that as part of the
    response, tell the client that the DNS server can be found at `<address>`.
@@ -133,40 +119,19 @@ Individual Client Subnet
    This option can be specified multiple times.
 
 .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet>
-   domain-name <domain-name>
+   option domain-name <domain-name>
 
    The domain-name parameter should be the domain name that will be appended to
    the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP
    Option 015).
 
 .. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet>
-   domain-search <domain-name>
+   option domain-search <domain-name>
 
    The domain-name parameter should be the domain name used when completing DNS
    request where no full FQDN is passed. This option can be given multiple times
    if you need multiple search domains (DHCP Option 119).
 
-.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet>
-   ping-check
-
-   When the DHCP server is considering dynamically allocating an IP address to a
-   client, it first sends an ICMP Echo request (a ping) to the address being
-   assigned. It waits for a second, and if no ICMP Echo response has been heard,
-   it assigns the address.
-
-   If a response is heard, the lease is abandoned, and the server does not
-   respond to the client. The lease will remain abandoned for a minimum of
-   abandon-lease-time seconds (defaults to 24 hours).
-
-   If a there are no free addresses but there are abandoned IP addresses, the
-   DHCP server will attempt to reclaim an abandoned IP address regardless of the
-   value of abandon-lease-time.
-
-.. cfgcmd:: set service dhcp-server shared-network-name <name> subnet <subnet>
-   enable-failover
-
-   Enable DHCP failover configuration for this address pool.
-
 Failover
 --------
 
@@ -238,6 +203,7 @@ inside the subnet definition but can be outside of the range statement.
 
 .. code-block:: none
 
+  set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 subnet-id 1
   set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 ip-address 192.168.1.100
   set service dhcp-server shared-network-name 'NET1' subnet 192.168.1.0/24 static-mapping client1 mac-address aa:bb:11:22:33:00
 
@@ -251,6 +217,7 @@ The configuration will look as follows:
            ip-address 192.168.1.100
            mac-address aa:bb:11:22:33:00
        }
+       subnet-id 1
    }
 
 Options
@@ -391,32 +358,6 @@ Options
 
 Multi: can be specified multiple times.
 
-Raw Parameters
-==============
-
-Raw parameters can be passed to shared-network-name, subnet and static-mapping:
-
-.. code-block:: none
-
-  set service dhcp-server shared-network-name <name> shared-network-parameters
-     <text>       Additional shared-network parameters for DHCP server.
-  set service dhcp-server shared-network-name <name> subnet <subnet> subnet-parameters
-     <text>       Additional subnet parameters for DHCP server.
-  set service dhcp-server shared-network-name <name> subnet <subnet> static-mapping <description> static-mapping-parameters
-     <text>       Additional static-mapping parameters for DHCP server.
-                  Will be placed inside the "host" block of the mapping.
-
-These parameters are passed as-is to isc-dhcp's dhcpd.conf under the
-configuration node they are defined in. They are not validated so an error in
-the raw parameters won't be caught by vyos's scripts and will cause dhcpd to
-fail to start. Always verify that the parameters are correct before committing
-the configuration. Refer to isc-dhcp's dhcpd.conf manual for more information:
-https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf
-
-Quotes can be used inside parameter values by replacing all quote characters
-with the string ``&quot;``. They will be replaced with literal quote characters
-when generating dhcpd.conf.
-
 Example
 =======
 
@@ -439,12 +380,12 @@ Common configuration, valid for both primary and secondary node.
 
 .. code-block:: none
 
-  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 default-router '192.0.2.254'
-  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 name-server '192.0.2.254'
-  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 domain-name 'vyos.net'
+  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option default-router '192.0.2.254'
+  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option name-server '192.0.2.254'
+  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 option domain-name 'vyos.net'
   set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 start '192.0.2.10'
   set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 range 0 stop '192.0.2.250'
-  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 enable-failover
+  set service dhcp-server shared-network-name NET-VYOS subnet 192.0.2.0/24 subnet-id '1'
 
 
 **Primary**
@@ -467,47 +408,6 @@ Common configuration, valid for both primary and secondary node.
 
 .. _dhcp-server:v4_example_raw:
 
-Raw Parameters
---------------
-
-* Override static-mapping's name-server with a custom one that will be sent only
-  to this host.
-* An option that takes a quoted string is set by replacing all quote characters
-  with the string ``&quot;`` inside the static-mapping-parameters value.
-  The resulting line in dhcpd.conf will be
-  ``option pxelinux.configfile "pxelinux.cfg/01-00-15-17-44-2d-aa";``.
-
-
-.. code-block:: none
-
-  set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;"
-  set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option pxelinux.configfile &quot;pxelinux.cfg/01-00-15-17-44-2d-aa&quot;;"
-
-Option 43 for UniFI
--------------------
-
-* These parameters need to be part of the DHCP global options.
-  They stay unchanged.
-
-
-.. code-block:: none
-
- set service dhcp-server global-parameters 'option space ubnt;'
- set service dhcp-server global-parameters 'option ubnt.unifi-address code 1 = ip-address;'
- set service dhcp-server global-parameters 'class &quot;ubnt&quot; {'
- set service dhcp-server global-parameters 'match if substring (option vendor-class-identifier, 0, 4) = &quot;ubnt&quot;;'
- set service dhcp-server global-parameters 'option vendor-class-identifier &quot;ubnt&quot;;'
- set service dhcp-server global-parameters 'vendor-option-space ubnt;'
- set service dhcp-server global-parameters '}'
-
-* Now we add the option to the scope, adapt to your setup
-
-
-.. code-block:: none
-
- set service dhcp-server shared-network-name example-scope subnet 10.1.1.0/24 subnet-parameters 'option ubnt.unifi-address 172.16.1.10;'
-
-
 Operation Mode
 ==============
 
@@ -549,18 +449,43 @@ Operation Mode
 .. code-block:: none
 
   vyos@vyos:~$ show dhcp server leases
-  IP address      Hardware address    State    Lease start          Lease expiration     Remaining   Pool         Hostname
-  --------------  ------------------  -------  -------------------  -------------------  ----------  -----------  ---------
-  192.0.2.104     00:53:01:dd:ee:ff   active   2019/12/05 14:24:23  2019/12/06 02:24:23  6:05:35     dhcpexample  test1
-  192.0.2.115     00:53:01:ae:af:bf   active   2019/12/05 18:02:37  2019/12/06 06:02:37  9:43:49     dhcpexample  test2
+  IP Address      MAC address        State    Lease start          Lease expiration     Remaining    Pool      Hostname    Origin
+  --------------  -----------------  -------  -------------------  -------------------  -----------  --------  ----------  --------
+  192.168.11.134  00:50:79:66:68:09  active   2023/11/29 09:51:05  2023/11/29 10:21:05  0:24:10      LAN       VPCS1       local
+  192.168.11.133  50:00:00:06:00:00  active   2023/11/29 09:51:38  2023/11/29 10:21:38  0:24:43      LAN       VYOS-6      local
+  10.11.11.108    50:00:00:05:00:00  active   2023/11/29 09:51:43  2023/11/29 10:21:43  0:24:48      VIF-1001  VYOS5       local
+  192.168.11.135  00:50:79:66:68:07  active   2023/11/29 09:55:16  2023/11/29 09:59:16  0:02:21                            remote
+  vyos@vyos:~$
 
 .. hint:: Static mappings aren't shown. To show all states, use
    ``show dhcp server leases state all``.
 
+.. opcmd:: show dhcp server leases origin [local | remote]
+
+   Show statuses of all active leases granted by local (this server) or
+   remote (failover server):
+
+.. code-block:: none
+
+  vyos@vyos:~$ show dhcp server leases origin remote
+  IP Address      MAC address        State    Lease start          Lease expiration     Remaining    Pool      Hostname    Origin
+  --------------  -----------------  -------  -------------------  -------------------  -----------  --------  ----------  --------
+  192.168.11.135  00:50:79:66:68:07  active   2023/11/29 09:55:16  2023/11/29 09:59:16  0:02:21                            remote
+  vyos@vyos:~$
+
 .. opcmd:: show dhcp server leases pool <pool>
 
    Show only leases in the specified pool.
 
+.. code-block:: none
+
+  vyos@vyos:~$ show dhcp server leases pool LAN
+  IP Address      MAC address        State    Lease start          Lease expiration     Remaining    Pool    Hostname    Origin
+  --------------  -----------------  -------  -------------------  -------------------  -----------  ------  ----------  --------
+  192.168.11.134  00:50:79:66:68:09  active   2023/11/29 09:51:05  2023/11/29 10:21:05  0:23:55      LAN     VPCS1       local
+  192.168.11.133  50:00:00:06:00:00  active   2023/11/29 09:51:38  2023/11/29 10:21:38  0:24:28      LAN     VYOS-6      local
+  vyos@vyos:~$
+
 .. opcmd:: show dhcp server leases sort <key>
 
    Sort the output by the specified key. Possible keys: ip, hardware_address,
@@ -572,7 +497,6 @@ Operation Mode
    free, expired, released, abandoned, reset, backup (default = active)
 
 
-
 ***********
 IPv6 server
 ***********
@@ -590,6 +514,12 @@ Configuration
    Clients receiving advertise messages from multiple servers choose the server
    with the highest preference value. The range for this value is ``0...255``.
 
+.. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet <subnet>
+   subnet-id <id>
+
+   This configuration parameter is required and must be unique to each subnet.
+   It is required to map subnets to lease file entries.
+
 .. cfgcmd:: set service dhcpv6-server shared-network-name <name> subnet
    <prefix> lease-time {default | maximum | minimum}
 
@@ -666,6 +596,7 @@ server. The following example describes a common scenario.
 
   set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 address-range start 2001:db8::100 stop 2001:db8::199
   set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 name-server 2001:db8::ffff
+  set service dhcpv6-server shared-network-name 'NET1' subnet 2001:db8::/64 subnet-id 1
 
 The configuration will look as follows:
 
@@ -680,6 +611,7 @@ The configuration will look as follows:
                 }
              }
              name-server 2001:db8::ffff
+             subnet-id 1
           }
       }
 
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst
index 2caeb22d..7624d309 100644
--- a/docs/configuration/service/dns.rst
+++ b/docs/configuration/service/dns.rst
@@ -143,6 +143,19 @@ avoid being tracked by the provider of your upstream DNS server.
    168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream
    DNS server(s) to be used for reverse lookups of these zones.
 
+.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535>
+
+   Maximum number of times an expired record’s TTL is extended by 30s when
+   serving stale. Extension only occurs if a record cannot be refreshed. A
+   value of 0 means the Serve Stale mechanism is not used. To allow records
+   becoming stale to be served for an hour, use a value of 120.
+
+.. cfgcmd:: set service dns forwarding exclude-throttle-address <ip|prefix>
+
+   When an authoritative server does not answer a query or sends a reply the
+   recursor does not like, it is throttled. Any servers matching the supplied
+   netmasks will never be throttled.
+
 Example
 =======
 
@@ -381,12 +394,12 @@ By default, ddclient_ will update a dynamic dns record using the IP address
 directly attached to the interface. If your VyOS instance is behind NAT, your
 record will be updated to point to your internal IP.
 
-Above, command syntax isn noted to configure dynamic dns on a specific interface. 
-It is possible to overlook the additional address option, web, when completeing 
-those commands. ddclient_ has another way to determine the WAN IP address, using 
-a web-based url to determine the external IP. Each of the commands above will 
-need to be modified to use 'web' as the 'interface' specified if this functionality 
-is to be utilized. 
+Above, command syntax isn noted to configure dynamic dns on a specific interface.
+It is possible to overlook the additional address option, web, when completeing
+those commands. ddclient_ has another way to determine the WAN IP address, using
+a web-based url to determine the external IP. Each of the commands above will
+need to be modified to use 'web' as the 'interface' specified if this functionality
+is to be utilized.
 
 This functionality is controlled by adding the following configuration:
 
diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst
index eb2e30eb..973c5355 100644
--- a/docs/configuration/service/https.rst
+++ b/docs/configuration/service/https.rst
@@ -1,7 +1,7 @@
 .. _http-api:
 
 ########
-HTTP-API
+HTTP API
 ########
 
 VyOS provide an HTTP API. You can use it to execute op-mode commands,
@@ -13,75 +13,71 @@ Please take a look at the :ref:`vyosapi` page for an detailed how-to.
 Configuration
 *************
 
-.. cfgcmd:: set service https api keys id <name> key <apikey>
+.. cfgcmd:: set service https allow-client address <address>
 
-   Set a named api key. Every key has the same, full permissions
-   on the system.
+   Only allow certain IP addresses or prefixes to access the https
+   webserver.
 
-.. cfgcmd:: set service https api debug
+.. cfgcmd:: set service https certificates ca-certificate <name>
 
-   To enable debug messages. Available via :opcmd:`show log` or
-   :opcmd:`monitor log`
+   Use CA certificate from PKI subsystem
 
-.. cfgcmd:: set service https api strict
+.. cfgcmd:: set service https certificates certificate <name>
 
-   Enforce strict path checking
+   Use certificate from PKI subsystem
 
-.. cfgcmd:: set service https virtual-host <vhost> listen-address
-            <ipv4 or ipv6 address>
+.. cfgcmd:: set service https certificates dh-params <name>
 
-   Address to listen for HTTPS requests
+   Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem.
+   Must be at least 2048 bits in length.
 
-.. cfgcmd:: set service https virtual-host <vhost> port <1-65535>
+.. cfgcmd:: set service https listen-address <address>
 
-   Port to listen for HTTPS requests; default 443
+   Webserver should only listen on specified IP address
 
-.. cfgcmd:: set service https virtual-host <vhost> server-name <text>
+.. cfgcmd:: set service https port <number>
 
-   Server names for virtual hosts it can be exact, wildcard or regex.
+   Webserver should listen on specified port.
 
-.. cfgcmd:: set service https api-restrict virtual-host <vhost>
+   Default: 443
 
-   By default, nginx exposes the local API on all virtual servers.
-   Use this to restrict nginx to one or more virtual hosts.
+.. cfgcmd:: set service https enable-http-redirect
 
-.. cfgcmd:: set service https certificates certbot domain-name <text>
+   Enable automatic redirect from http to https.
 
-   Domain name(s) for which to obtain certificate
+.. cfgcmd:: set service https tls-version <1.2 | 1.3>
 
-.. cfgcmd:: set service https certificates certbot email
+   Select TLS version used.
 
-   Email address to associate with certificate
+   This defaults to both 1.2 and 1.3.
 
-.. cfgcmd:: set service https certificates system-generated-certificate
+.. cfgcmd:: set service https vrf <name>
 
-   Use an automatically generated self-signed certificate
+   Start Webserver in given  VRF.
 
-.. cfgcmd:: set service https certificates system-generated-certificate
-   lifetime <days>
+API
+===
 
-   Lifetime in days; default is 365
+.. cfgcmd:: set service https api keys id <name> key <apikey>
 
+   Set a named api key. Every key has the same, full permissions
+   on the system.
 
-*********************
-Example Configuration
-*********************
+.. cfgcmd:: set service https api debug
 
-Set an API-KEY is the minimal configuration to get a working API Endpoint.
+   To enable debug messages. Available via :opcmd:`show log` or
+   :opcmd:`monitor log`
 
-.. code-block:: none
+.. cfgcmd:: set service https api strict
 
-   set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
+   Enforce strict path checking
 
+*********************
+Example Configuration
+*********************
 
-To use this full configuration we asume a public accessible hostname.
+Set an API-KEY is the minimal configuration to get a working API Endpoint.
 
 .. code-block:: none
 
    set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
-   set service https certificates certbot domain-name rtr01.example.com
-   set service https certificates certbot email mail@example.com
-   set service https virtual-host rtr01 listen-address 198.51.100.2
-   set service https virtual-host rtr01 port 11443
-   set service https virtual-host rtr01 server-name rtr01.example.com
-   set service https api-restrict virtual-host rtr01
diff --git a/docs/configuration/service/lldp.rst b/docs/configuration/service/lldp.rst
index aa357211..12a9e0b6 100644
--- a/docs/configuration/service/lldp.rst
+++ b/docs/configuration/service/lldp.rst
@@ -54,7 +54,7 @@ Configuration
    Disable transmit of LLDP frames on given `<interface>`. Useful to exclude
    certain interfaces from LLDP when ``all`` have been enabled.
 
-.. cfgcmd:: set service lldp snmp enable
+.. cfgcmd:: set service lldp snmp
 
    Enable SNMP queries of the LLDP database
 
diff --git a/docs/configuration/service/monitoring.rst b/docs/configuration/service/monitoring.rst
index 0aa93e71..245af067 100644
--- a/docs/configuration/service/monitoring.rst
+++ b/docs/configuration/service/monitoring.rst
@@ -109,11 +109,11 @@ Monitoring functionality with ``telegraf`` and ``InfluxDB 2`` is provided.
 Telegraf is the open source server agent to help you collect metrics, events
 and logs from your routers.
 
-.. cfgcmd:: set service monitoring telegraf authentication organization <organization>
+.. cfgcmd:: set service monitoring telegraf influxdb authentication organization <organization>
 
    Authentication organization name
 
-.. cfgcmd:: set service monitoring telegraf authentication token <token>
+.. cfgcmd:: set service monitoring telegraf influxdb authentication token <token>
 
    Authentication token
 
@@ -121,11 +121,11 @@ and logs from your routers.
 
    Remote ``InfluxDB`` bucket name
 
-.. cfgcmd:: set service monitoring port <port>
+.. cfgcmd:: set service monitoring telegraf influxdb port <port>
 
    Remote port
 
-.. cfgcmd:: set service monitoring telegraf url <url>
+.. cfgcmd:: set service monitoring telegraf influxdb url <url>
 
    Remote URL
 
@@ -138,12 +138,11 @@ An example of a configuration that sends ``telegraf`` metrics to remote
 
 .. code-block:: none
 
-  set service monitoring telegraf authentication organization 'vyos'
-  set service monitoring telegraf authentication token 'ZAml9Uy5wrhA...=='
-  set service monitoring telegraf bucket 'bucket_vyos'
-  set service monitoring telegraf port '8086'
-  set service monitoring telegraf source 'all'
-  set service monitoring telegraf url 'http://r1.influxdb2.local'
+  set service monitoring telegraf influxdb authentication organization 'vyos'
+  set service monitoring telegraf influxdb authentication token 'ZAml9Uy5wrhA...=='
+  set service monitoring telegraf influxdb bucket 'bucket_vyos'
+  set service monitoring telegraf influxdb port '8086'
+  set service monitoring telegraf influxdb url 'http://r1.influxdb2.local'
 
 .. _azure-data-explorer: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/azure_data_explorer
 .. _prometheus-client: https://github.com/influxdata/telegraf/tree/master/plugins/outputs/prometheus_client
diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst
index 3a0adee7..a230d9fe 100644
--- a/docs/configuration/service/pppoe-server.rst
+++ b/docs/configuration/service/pppoe-server.rst
@@ -57,48 +57,35 @@ Client Address Pools
 --------------------
 
 To automatically assign the client an IP address as tunnel endpoint, a
-client IP pool is needed. The source can be either RADIUS or a local
-subnet or IP range definition.
-
-Once the local tunnel endpoint ``set service pppoe-server gateway-address
-'10.1.1.2'`` has been defined, the client IP pool can be either defined
-as a range or as subnet using CIDR notation. If the CIDR notation is
-used, multiple subnets can be setup which are used sequentially.
+client IP pool is needed. The source can be either RADIUS or a
+named pool. There is possibility to create multiple named pools.
+Each named pool can include only one address range. To use multiple
+address ranges configure ``next-pool`` option.
 
 
 **Client IP address via IP range definition**
 
-.. cfgcmd:: set service pppoe-server client-ip-pool start <address>
-
-   Use this command to define the first IP address of a pool of
-   addresses to be given to PPPoE clients. It must be within a /24
-   subnet.
-
-.. cfgcmd:: set service pppoe-server client-ip-pool stop <address>
-
-   Use this command to define the last IP address of a pool of
-   addresses to be given to PPPoE clients. It must be within a /24
-   subnet.
-
-.. code-block:: none
+.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> range <x.x.x.x-x.x.x.x | x.x.x.x/x>
 
-  set service pppoe-server client-ip-pool start '10.1.1.100'
-  set service pppoe-server client-ip-pool stop '10.1.1.111'
+   Use this command to define the IP address range to be given
+   to PPPoE clients. If notation ``x.x.x.x-x.x.x.x``,
+   it must be within a /24 subnet. If notation ``x.x.x.x/x`` is
+   used there is possibility to set host/netmask.
 
+.. cfgcmd:: set service pppoe-server client-ip-pool <POOL-NAME> next-pool <NEXT-POOL-NAME>
 
-**Client IP subnets via CIDR notation**
+   Use this command to define the next address pool name.
 
-.. cfgcmd:: set service pppoe-server client-ip-pool subnet <address>
+.. cfgcmd:: set service pppoe-server default-pool <POOL-NAME>
 
-   Use this command for every pool of client IP addresses you want to
-   define. The addresses of this pool will be given to PPPoE clients.
-   You must use CIDR notation.
+   Use this command to define default address pool name.
 
 .. code-block:: none
 
-  set service pppoe-server client-ip-pool subnet '10.1.1.0/24'
-  set service pppoe-server client-ip-pool subnet '10.1.2.0/23'
-  set service pppoe-server client-ip-pool subnet '10.1.4.0/22'
+  set service pppoe-server client-ip-pool IP-POOL next-pool 'IP-POOL2'
+  set service pppoe-server client-ip-pool IP-POOL range '10.0.10.5/24'
+  set service pppoe-server client-ip-pool IP-POOL2 range '10.0.0.10-10.0.0.12'
+  set service pppoe-server default-pool 'IP-POOL'
 
 
 **RADIUS based IP pools (Framed-IP-Address)**
@@ -213,8 +200,8 @@ For Local Users
   set service pppoe-server authentication local-users username foo rate-limit download '20480'
   set service pppoe-server authentication local-users username foo rate-limit upload '10240'
   set service pppoe-server authentication mode 'local'
-  set service pppoe-server client-ip-pool start '10.1.1.100'
-  set service pppoe-server client-ip-pool stop '10.1.1.111'
+  set service pppoe-server client-ip-pool IP-POOL range '10.1.1.100/24'
+  set service pppoe-server default-pool 'IP-POOL'
   set service pppoe-server name-server '10.100.100.1'
   set service pppoe-server name-server '10.100.200.1'
   set service pppoe-server interface 'eth1'
@@ -367,8 +354,8 @@ address from the pool 10.1.1.100-111, terminates at the local endpoint
   set service pppoe-server access-concentrator 'ACN'
   set service pppoe-server authentication local-users username foo password 'bar'
   set service pppoe-server authentication mode 'local'
-  set service pppoe-server client-ip-pool start '10.1.1.100'
-  set service pppoe-server client-ip-pool stop '10.1.1.111'
+  set service pppoe-server client-ip-pool IP-POOL range '10.1.1.100-10.1.1.111'
+  set service pppoe-server default-pool 'IP-POOL'
   set service pppoe-server interface eth1
   set service pppoe-server gateway-address '10.1.1.2'
   set service pppoe-server name-server '10.100.100.1'
@@ -385,8 +372,8 @@ The example below covers a dual-stack configuration via pppoe-server.
 
   set service pppoe-server authentication local-users username test password 'test'
   set service pppoe-server authentication mode 'local'
-  set service pppoe-server client-ip-pool start '192.168.0.1'
-  set service pppoe-server client-ip-pool stop '192.168.0.10'
+  set service pppoe-server client-ip-pool IP-POOL range '192.168.0.1/24'
+  set service pppoe-server default-pool 'IP-POOL'
   set service pppoe-server client-ipv6-pool delegate '2001:db8:8003::/48' delegation-prefix '56'
   set service pppoe-server client-ipv6-pool prefix '2001:db8:8002::/48' mask '64'
   set service pppoe-server ppp-options ipv6 allow