diff options
| -rw-r--r-- | docs/automation/command-scripting.rst | 2 | ||||
| -rw-r--r-- | docs/configexamples/azure-vpn-bgp.rst | 2 | ||||
| -rw-r--r-- | docs/configexamples/azure-vpn-dual-bgp.rst | 2 | ||||
| -rw-r--r-- | docs/configexamples/bgp-ipv6-unnumbered.rst | 4 | ||||
| -rw-r--r-- | docs/configexamples/ha.rst | 2 | ||||
| -rw-r--r-- | docs/configexamples/inter-vrf-routing-vrf-lite.rst | 16 | ||||
| -rw-r--r-- | docs/configexamples/l3vpn-hub-and-spoke.rst | 22 | ||||
| -rw-r--r-- | docs/configuration/interfaces/macsec.rst | 20 | ||||
| -rw-r--r-- | docs/configuration/pki/index.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/policy/examples.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/protocols/bgp.rst | 16 | ||||
| -rw-r--r-- | docs/configuration/vpn/openconnect.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/vpn/sstp.rst | 3 |
13 files changed, 47 insertions, 50 deletions
diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst index db4724cd..ed76a879 100644 --- a/docs/automation/command-scripting.rst +++ b/docs/automation/command-scripting.rst @@ -28,7 +28,7 @@ example, if you want to disable a BGP peer on VRRP transition to backup: #!/bin/vbash source /opt/vyatta/etc/functions/script-template configure - set protocols bgp local-as 65536 + set protocols bgp system-as 65536 set protocols bgp neighbor 192.168.2.1 shutdown commit exit diff --git a/docs/configexamples/azure-vpn-bgp.rst b/docs/configexamples/azure-vpn-bgp.rst index 7dc2f332..11d5a78b 100644 --- a/docs/configexamples/azure-vpn-bgp.rst +++ b/docs/configexamples/azure-vpn-bgp.rst @@ -122,7 +122,7 @@ Vyos configuration .. code-block:: none - set protocols bgp local-as 64499 + set protocols bgp system-as 64499 set protocols bgp neighbor 10.0.0.4 remote-as '65540' set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound' set protocols bgp neighbor 10.0.0.4 timers holdtime '30' diff --git a/docs/configexamples/azure-vpn-dual-bgp.rst b/docs/configexamples/azure-vpn-dual-bgp.rst index 8cf2c0ef..fc8e8bdb 100644 --- a/docs/configexamples/azure-vpn-dual-bgp.rst +++ b/docs/configexamples/azure-vpn-dual-bgp.rst @@ -138,7 +138,7 @@ Vyos configuration .. code-block:: none - set protocols bgp local-as 64499 + set protocols bgp system-as 64499 set protocols bgp neighbor 10.0.0.4 remote-as '65540' set protocols bgp neighbor 10.0.0.4 address-family ipv4-unicast soft-reconfiguration 'inbound' set protocols bgp neighbor 10.0.0.4 timers holdtime '30' diff --git a/docs/configexamples/bgp-ipv6-unnumbered.rst b/docs/configexamples/bgp-ipv6-unnumbered.rst index d8965b6b..f7a530d8 100644 --- a/docs/configexamples/bgp-ipv6-unnumbered.rst +++ b/docs/configexamples/bgp-ipv6-unnumbered.rst @@ -15,7 +15,7 @@ Configuration .. code-block:: none - set protocols bgp local-as 64496 + set protocols bgp system-as 64496 set protocols bgp address-family ipv4-unicast redistribute connected set protocols bgp address-family ipv6-unicast redistribute connected set protocols bgp neighbor eth1 interface v6only @@ -35,7 +35,7 @@ Configuration .. code-block:: none - set protocols bgp local-as 64499 + set protocols bgp system-as 64499 set protocols bgp address-family ipv4-unicast redistribute connected set protocols bgp address-family ipv6-unicast redistribute connected set protocols bgp neighbor eth1 interface v6only diff --git a/docs/configexamples/ha.rst b/docs/configexamples/ha.rst index 2a503a11..1ceda8e9 100644 --- a/docs/configexamples/ha.rst +++ b/docs/configexamples/ha.rst @@ -567,7 +567,7 @@ it is not 203.0.113.0/24. set policy route-map BGPPREPENDOUT rule 10 match ip address prefix-list 'BGPOUT' set policy route-map BGPPREPENDOUT rule 10000 action 'deny' - set protocols bgp local-as 65551 + set protocols bgp system-as 65551 set protocols bgp address-family ipv4-unicast network 192.0.2.0/24 set protocols bgp address-family ipv4-unicast redistribute connected metric '50' set protocols bgp address-family ipv4-unicast redistribute ospf metric '50' diff --git a/docs/configexamples/inter-vrf-routing-vrf-lite.rst b/docs/configexamples/inter-vrf-routing-vrf-lite.rst index e109c12c..eed848db 100644 --- a/docs/configexamples/inter-vrf-routing-vrf-lite.rst +++ b/docs/configexamples/inter-vrf-routing-vrf-lite.rst @@ -239,10 +239,10 @@ to inject configured networks into the BGP process but still inside the VRF. .. code-block:: none # set BGP global local-as - set protocols bgp local-as <ASN> + set protocols bgp system-as <ASN> # set BGP VRF local-as and redistribution - set vrf name <VRF> protocols bgp local-as <ASN> + set vrf name <VRF> protocols bgp system-as <ASN> set vrf name <VRF> protocols bgp address-family <AF IPv4/IPv6> redistribute static - Verification @@ -631,7 +631,7 @@ Full configuration from all devices set interfaces ethernet eth3 address '2001:db8::6/127' set interfaces ethernet eth3 vrf 'Internet' set protocols bgp address-family ipv4-unicast - set protocols bgp local-as '64496' + set protocols bgp system-as '64496' set vrf name Internet protocols bgp address-family ipv4-unicast export vpn set vrf name Internet protocols bgp address-family ipv4-unicast import vpn set vrf name Internet protocols bgp address-family ipv4-unicast rd vpn export '64496:100' @@ -642,7 +642,7 @@ Full configuration from all devices set vrf name Internet protocols bgp address-family ipv6-unicast rd vpn export '64496:100' set vrf name Internet protocols bgp address-family ipv6-unicast route-target vpn export '64496:100' set vrf name Internet protocols bgp address-family ipv6-unicast route-target vpn import '64496:1 64496:2' - set vrf name Internet protocols bgp local-as '64496' + set vrf name Internet protocols bgp system-as '64496' set vrf name Internet protocols bgp neighbor 10.2.2.2 address-family ipv4-unicast set vrf name Internet protocols bgp neighbor 10.2.2.2 remote-as '64497' set vrf name Internet protocols bgp neighbor 2001:db8::7 address-family ipv6-unicast @@ -660,7 +660,7 @@ Full configuration from all devices set vrf name LAN1 protocols bgp address-family ipv6-unicast redistribute static set vrf name LAN1 protocols bgp address-family ipv6-unicast route-target vpn export '64496:1' set vrf name LAN1 protocols bgp address-family ipv6-unicast route-target vpn import '64496:100 64496:50 64496:2' - set vrf name LAN1 protocols bgp local-as '64496' + set vrf name LAN1 protocols bgp system-as '64496' set vrf name LAN1 protocols static route 10.0.0.0/24 next-hop 10.1.1.2 set vrf name LAN1 protocols static route6 2001:db8:0:1::/64 next-hop 2001:db8::1 set vrf name LAN1 table '101' @@ -676,7 +676,7 @@ Full configuration from all devices set vrf name LAN2 protocols bgp address-family ipv6-unicast redistribute static set vrf name LAN2 protocols bgp address-family ipv6-unicast route-target vpn export '64496:2' set vrf name LAN2 protocols bgp address-family ipv6-unicast route-target vpn import '64496:100 64496:50 64496:1' - set vrf name LAN2 protocols bgp local-as '64496' + set vrf name LAN2 protocols bgp system-as '64496' set vrf name LAN2 protocols static route 172.16.0.0/24 next-hop 172.16.2.2 set vrf name LAN2 protocols static route6 2001:db8:0:2::/64 next-hop 2001:db8::3 set vrf name LAN2 table '102' @@ -692,7 +692,7 @@ Full configuration from all devices set vrf name Management protocols bgp address-family ipv6-unicast redistribute static set vrf name Management protocols bgp address-family ipv6-unicast route-target vpn export '64496:50' set vrf name Management protocols bgp address-family ipv6-unicast route-target vpn import '64496:1 64496:2' - set vrf name Management protocols bgp local-as '64496' + set vrf name Management protocols bgp system-as '64496' set vrf name Management protocols static route 192.168.0.0/24 next-hop 192.168.3.2 set vrf name Management protocols static route6 2001:db8:0:3::/64 next-hop 2001:db8::5 set vrf name Management table '103' @@ -751,7 +751,7 @@ Full configuration from all devices set interfaces ethernet eth3 address '2001:db8::7/127' set protocols bgp address-family ipv4-unicast redistribute connected set protocols bgp address-family ipv6-unicast redistribute connected - set protocols bgp local-as '64497' + set protocols bgp system-as '64497' set protocols bgp neighbor 10.2.2.1 address-family ipv4-unicast default-originate set protocols bgp neighbor 10.2.2.1 remote-as '64496' set protocols bgp neighbor 2001:db8::6 address-family ipv6-unicast default-originate diff --git a/docs/configexamples/l3vpn-hub-and-spoke.rst b/docs/configexamples/l3vpn-hub-and-spoke.rst index a9957095..8e1d0051 100644 --- a/docs/configexamples/l3vpn-hub-and-spoke.rst +++ b/docs/configexamples/l3vpn-hub-and-spoke.rst @@ -329,7 +329,7 @@ VPN (L3VPN) routes between them: .. code-block:: none - set protocols bgp local-as '65001' + set protocols bgp system-as '65001' set protocols bgp neighbor 10.0.0.7 address-family ipv4-vpn route-reflector-client set protocols bgp neighbor 10.0.0.7 peer-group 'RR_VPNv4' set protocols bgp neighbor 10.0.0.8 address-family ipv4-vpn route-reflector-client @@ -346,7 +346,7 @@ VPN (L3VPN) routes between them: .. code-block:: none - set protocols bgp local-as '65001' + set protocols bgp system-as '65001' set protocols bgp neighbor 10.0.0.7 address-family ipv4-vpn route-reflector-client set protocols bgp neighbor 10.0.0.7 peer-group 'RR_VPNv4' set protocols bgp neighbor 10.0.0.8 address-family ipv4-vpn route-reflector-client @@ -363,7 +363,7 @@ VPN (L3VPN) routes between them: .. code-block:: none - set protocols bgp local-as '65001' + set protocols bgp system-as '65001' set protocols bgp neighbor 10.0.0.1 address-family ipv4-vpn nexthop-self set protocols bgp neighbor 10.0.0.1 peer-group 'RR_VPNv4' set protocols bgp neighbor 10.0.0.2 address-family ipv4-vpn nexthop-self @@ -377,7 +377,7 @@ VPN (L3VPN) routes between them: .. code-block:: none - set protocols bgp local-as '65001' + set protocols bgp system-as '65001' set protocols bgp neighbor 10.0.0.1 address-family ipv4-vpn nexthop-self set protocols bgp neighbor 10.0.0.1 peer-group 'RR_VPNv4' set protocols bgp neighbor 10.0.0.2 address-family ipv4-vpn nexthop-self @@ -391,7 +391,7 @@ VPN (L3VPN) routes between them: .. code-block:: none - set protocols bgp local-as '65001' + set protocols bgp system-as '65001' set protocols bgp neighbor 10.0.0.1 address-family ipv4-vpn nexthop-self set protocols bgp neighbor 10.0.0.1 peer-group 'RR_VPNv4' set protocols bgp neighbor 10.0.0.2 address-family ipv4-vpn nexthop-self @@ -424,7 +424,7 @@ import/export based on the pre-defined parameters. set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast redistribute connected set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn export '65035:1011' set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn import '65035:1030' - set vrf name BLUE_SPOKE protocols bgp local-as '65001' + set vrf name BLUE_SPOKE protocols bgp system-as '65001' set vrf name BLUE_SPOKE protocols bgp neighbor 10.50.50.2 address-family ipv4-unicast as-override set vrf name BLUE_SPOKE protocols bgp neighbor 10.50.50.2 remote-as '65035' @@ -446,7 +446,7 @@ import/export based on the pre-defined parameters. set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast redistribute connected set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast route-target vpn export '65035:1030' set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast route-target vpn import '65035:1011 65050:2011 65035:1030' - set vrf name BLUE_HUB protocols bgp local-as '65001' + set vrf name BLUE_HUB protocols bgp system-as '65001' set vrf name BLUE_HUB protocols bgp neighbor 10.80.80.2 address-family ipv4-unicast as-override set vrf name BLUE_HUB protocols bgp neighbor 10.80.80.2 remote-as '65035' @@ -468,7 +468,7 @@ import/export based on the pre-defined parameters. set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast redistribute connected set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn export '65035:1011' set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn import '65035:1030' - set vrf name BLUE_SPOKE protocols bgp local-as '65001' + set vrf name BLUE_SPOKE protocols bgp system-as '65001' set vrf name BLUE_SPOKE protocols bgp neighbor 10.60.60.2 address-family ipv4-unicast as-override set vrf name BLUE_SPOKE protocols bgp neighbor 10.60.60.2 remote-as '65035' @@ -496,7 +496,7 @@ configured L3VPN parameters. set interfaces ethernet eth0 address '10.50.50.2/24' # BGP for peering with PE - set protocols bgp local-as 65035 + set protocols bgp system-as 65035 set protocols bgp address-family ipv4-unicast network 10.0.0.80/32 set protocols bgp neighbor 10.50.50.1 ebgp-multihop '2' set protocols bgp neighbor 10.50.50.1 remote-as '65001' @@ -513,7 +513,7 @@ configured L3VPN parameters. set interfaces ethernet eth0 address '10.80.80.2/24' # BGP for peering with PE - set protocols bgp local-as 65035 + set protocols bgp system-as 65035 set protocols bgp address-family ipv4-unicast network 10.0.0.100/32 set protocols bgp address-family ipv4-unicast redistribute connected set protocols bgp neighbor 10.80.80.1 ebgp-multihop '2' @@ -531,7 +531,7 @@ configured L3VPN parameters. set interfaces ethernet eth0 address '10.60.60.2/24' # BGP for peering with PE - set protocols bgp local-as 65035 + set protocols bgp system-as 65035 set protocols bgp address-family ipv4-unicast network 10.0.0.90/32 set protocols bgp neighbor 10.60.60.1 ebgp-multihop '2' set protocols bgp neighbor 10.60.60.1 remote-as '65001' diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index 544bd4fc..338ad3ae 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -53,11 +53,12 @@ individual peers. .. cfgcmd:: set interfaces macsec <interface> security mka cak <key> IEEE 802.1X/MACsec pre-shared key mode. This allows configuring MACsec with - a pre-shared key using a (CAK,CKN) pair. + a pre-shared key using a :abbr:`CAK (MACsec connectivity association key)` and + :abbr:`CKN (MACsec connectivity association name)` pair. .. cfgcmd:: set interfaces macsec <interface> security mka ckn <key> - CAK Name + :abbr:`CKN (MACsec connectivity association name)` key .. cfgcmd:: set interfaces macsec <interface> security mka priority <priority> @@ -80,28 +81,27 @@ Replay protection Operation ********* -.. opcmd:: run generate macsec mka-cak +.. opcmd:: run generate macsec mka cak <gcm-aes-128|gcm-aes-256> - Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key + Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key 128 or 256 bits. .. code-block:: none - vyos@vyos:~$ generate macsec mka-cak + vyos@vyos:~$ generate macsec mka cak gcm-aes-128 20693b6e08bfa482703a563898c9e3ad +.. opcmd:: run generate macsec mka ckn -.. opcmd:: run generate macsec mka-ckn - - Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key + Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key. .. code-block:: none - vyos@vyos:~$ generate macsec mka-ckn + vyos@vyos:~$ generate macsec mka ckn 88737efef314ee319b2cbf30210a5f164957d884672c143aefdc0f5f6bc49eb2 .. opcmd:: show interfaces macsec - List all MACsec interfaces + List all MACsec interfaces. .. code-block:: none diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst index b46f821c..e83272f5 100644 --- a/docs/configuration/pki/index.rst +++ b/docs/configuration/pki/index.rst @@ -272,7 +272,7 @@ also to display them. Show only information for specified Certificate Authority. -.. opcmd:: show pki certificates +.. opcmd:: show pki certificate Show a list of installed certificates @@ -285,7 +285,7 @@ also to display them. ac2 Server CN=ac2.vyos.net CN=R3 2021-07-05 07:29:59 2021-10-03 07:29:58 No Yes Yes (R3) rw_server Server CN=VyOS RW CN=VyOS RW CA 2021-07-05 13:48:02 2022-07-05 13:48:02 No Yes Yes (vyos_rw) -.. opcmd:: show pki certificates <name> +.. opcmd:: show pki certificate <name> Show only information for specified certificate. diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst index c83e5f64..2d44f4bc 100644 --- a/docs/configuration/policy/examples.rst +++ b/docs/configuration/policy/examples.rst @@ -11,7 +11,7 @@ BGP Example set policy route-map setmet rule 2 set as-path prepend '2 2 2' # Apply policy to BGP - set protocols bgp local-as 1 + set protocols bgp system-as 1 set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index fb9b9d6e..6593730f 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -37,7 +37,7 @@ The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of BGP. BGP is a distance vector routing protocol, and the AS-Path framework provides distance vector metric and loop detection to BGP. -.. cfgcmd:: set protocols bgp local-as <asn> +.. cfgcmd:: set protocols bgp system-as <asn> Set local :abbr:`ASN (Autonomous System Number)` that this router represents. This is a a mandatory option! @@ -174,7 +174,7 @@ The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. VyOS does not have a special command to start the BGP process. The BGP process starts when the first neighbor is configured. -.. cfgcmd:: set protocols bgp local-as <asn> +.. cfgcmd:: set protocols bgp system-as <asn> Set local autonomous system number that this router represents. This is a mandatory option! @@ -1069,7 +1069,7 @@ A simple eBGP configuration: .. code-block:: none - set protocols bgp local-as 65534 + set protocols bgp system-as 65534 set protocols bgp neighbor 192.168.0.2 ebgp-multihop '2' set protocols bgp neighbor 192.168.0.2 remote-as '65535' set protocols bgp neighbor 192.168.0.2 update-source '192.168.0.1' @@ -1080,7 +1080,7 @@ A simple eBGP configuration: .. code-block:: none - set protocols bgp local-as 65535 + set protocols bgp system-as 65535 set protocols bgp neighbor 192.168.0.1 ebgp-multihop '2' set protocols bgp neighbor 192.168.0.1 remote-as '65534' set protocols bgp neighbor 192.168.0.1 update-source '192.168.0.2' @@ -1114,7 +1114,7 @@ A simple BGP configuration via IPv6. .. code-block:: none - set protocols bgp local-as 65534 + set protocols bgp system-as 65534 set protocols bgp neighbor 2001:db8::2 ebgp-multihop '2' set protocols bgp neighbor 2001:db8::2 remote-as '65535' set protocols bgp neighbor 2001:db8::2 update-source '2001:db8::1' @@ -1126,7 +1126,7 @@ A simple BGP configuration via IPv6. .. code-block:: none - set protocols bgp local-as 65535 + set protocols bgp system-as 65535 set protocols bgp neighbor 2001:db8::1 ebgp-multihop '2' set protocols bgp neighbor 2001:db8::1 remote-as '65534' set protocols bgp neighbor 2001:db8::1 update-source '2001:db8::2' @@ -1177,7 +1177,7 @@ Route filter can be applied using a route-map: set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT' set policy route-map AS65535-OUT rule 20 action 'permit' - set protocols bgp local-as 65534 + set protocols bgp system-as 65534 set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT' set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN' set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT' @@ -1205,7 +1205,7 @@ Route filter can be applied using a route-map: set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT' set policy route-map AS65534-OUT rule 20 action 'permit' - set protocols bgp local-as 65535 + set protocols bgp system-as 65535 set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT' set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN' set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT' diff --git a/docs/configuration/vpn/openconnect.rst b/docs/configuration/vpn/openconnect.rst index 43641d06..1b48571d 100644 --- a/docs/configuration/vpn/openconnect.rst +++ b/docs/configuration/vpn/openconnect.rst @@ -48,7 +48,7 @@ Server Configuration set vpn openconnect authentication local-users username <user> password <pass> set vpn openconnect authentication mode <local password|radius> - set vpn opneconnect network-settings client-ip-settings subnet <subnet> + set vpn openconnect network-settings client-ip-settings subnet <subnet> set vpn openconnect network-settings name-server <address> set vpn openconnect network-settings name-server <address> set vpn openconnect ssl ca-certificate <pki-ca-name> diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index f8bc4063..4f90260e 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -158,9 +158,6 @@ SSL Certificates Path to `<file>` pointing to the servers certificate (public portion). -.. cfgcmd:: set vpn sstp ssl key-file <file> - - Path to `<file>` pointing to the servers certificate (private portion). PPP Settings ------------ |