11 files changed, 188 insertions, 139 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index 954f20cf..92f2da8d 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -242,7 +242,7 @@ Rule-Sets
 A rule-set is a named collection of firewall rules that can be applied
 to an interface or a zone. Each rule is numbered, has an action to apply
 if the rule is matched, and the ability to specify the criteria to
-match. Data packets go through the rules from 1 - 9999, at the first match
+match. Data packets go through the rules from 1 - 999999, at the first match
 the action of the rule will be executed.
 
 .. cfgcmd:: set firewall name <name> description <text>
@@ -262,25 +262,26 @@ the action of the rule will be executed.
 
    Use this command to enable the logging of the default action.
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> action [drop | reject |
-   accept]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> action [drop | reject |
+.. cfgcmd:: set firewall name <name> rule <1-999999> action [drop | reject |
    accept]
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> action [drop | 
+   reject | accept]
 
    This required setting defines the action of the current rule.
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> description <text>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> description <text>
+.. cfgcmd:: set firewall name <name> rule <1-999999> description <text>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> description <text>
 
    Provide a description for each rule.
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> log [disable | enable]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> log [disable | enable]
+.. cfgcmd:: set firewall name <name> rule <1-999999> log [disable | enable]
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> log [disable |
+   enable]
 
    Enable or disable logging for the matched packet.
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> disable
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> disable
+.. cfgcmd:: set firewall name <name> rule <1-999999> disable
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> disable
 
    If you want to disable a rule but let it in the configuration.
 
@@ -290,13 +291,13 @@ Matching criteria
 There are a lot of matching criteria against which the package can be tested.
 
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> source address 
+.. cfgcmd:: set firewall name <name> rule <1-999999> source address 
    [address | addressrange | CIDR]
-.. cfgcmd:: set firewall name <name> rule <1-9999> destination address
+.. cfgcmd:: set firewall name <name> rule <1-999999> destination address
    [address | addressrange | CIDR]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> source address
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source address
    [address | addressrange | CIDR]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> destination address
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination address
    [address | addressrange | CIDR]
 
    This is similar to the network groups part, but here you are able to negate
@@ -310,9 +311,9 @@ There are a lot of matching criteria against which the package can be tested.
       set firewall ipv6-name WAN-IN-v6 rule 100 source address 2001:db8::202
 
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> source mac-address 
+.. cfgcmd:: set firewall name <name> rule <1-999999> source mac-address 
    <mac-address>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> source mac-address 
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source mac-address 
    <mac-address>
 
    Only in the source criteria, you can specify a mac-address.
@@ -322,13 +323,13 @@ There are a lot of matching criteria against which the package can be tested.
       set firewall name LAN-IN-v4 rule 100 source mac-address 00:53:00:11:22:33 
       set firewall name LAN-IN-v4 rule 101 source mac-address !00:53:00:aa:12:34
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> source port
+.. cfgcmd:: set firewall name <name> rule <1-999999> source port
    [1-65535 | portname | start-end]
-.. cfgcmd:: set firewall name <name> rule <1-9999> destination port
+.. cfgcmd:: set firewall name <name> rule <1-999999> destination port
    [1-65535 | portname | start-end]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> source port
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source port
    [1-65535 | portname | start-end]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> destination port
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination port
    [1-65535 | portname | start-end]
 
    A port can be set with a port number or a name which is here
@@ -347,42 +348,42 @@ There are a lot of matching criteria against which the package can be tested.
 
       set firewall ipv6-name WAN-IN-v6 rule 10 source port '!22,https,3333-3338'
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> source group
+.. cfgcmd:: set firewall name <name> rule <1-999999> source group
    address-group <name>
-.. cfgcmd:: set firewall name <name> rule <1-9999> destination group
+.. cfgcmd:: set firewall name <name> rule <1-999999> destination group
    address-group <name>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> source group
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source group
    address-group <name>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> destination group
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination group
    address-group <name>
 
    Use a specific address-group
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> source group
+.. cfgcmd:: set firewall name <name> rule <1-999999> source group
    network-group <name>
-.. cfgcmd:: set firewall name <name> rule <1-9999> destination group
+.. cfgcmd:: set firewall name <name> rule <1-999999> destination group
    network-group <name>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> source group
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source group
    network-group <name>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> destination group
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination group
    network-group <name>
 
    Use a specific network-group
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> source group
+.. cfgcmd:: set firewall name <name> rule <1-999999> source group
    port-group <name>
-.. cfgcmd:: set firewall name <name> rule <1-9999> destination group
+.. cfgcmd:: set firewall name <name> rule <1-999999> destination group
    port-group <name>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> source group
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source group
    port-group <name>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> destination group
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination group
    port-group <name>
 
    Use a specific port-group
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> protocol [<text> |
+.. cfgcmd:: set firewall name <name> rule <1-999999> protocol [<text> |
    <0-255> | all | tcp_udp]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> protocol [<text> |
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> protocol [<text> |
    <0-255> | all | tcp_udp]
 
    Match a protocol criteria. A protocol number or a name which is here
@@ -396,8 +397,8 @@ There are a lot of matching criteria against which the package can be tested.
       set firewall name WAN-IN-v4 rule 11 protocol !tcp_udp
       set firewall ipv6-name WAN-IN-v6 rule 10 protocol tcp
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> tcp flags <text>
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> tcp flags <text>
+.. cfgcmd:: set firewall name <name> rule <1-999999> tcp flags <text>
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> tcp flags <text>
 
    Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``,
    ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma
@@ -409,9 +410,9 @@ There are a lot of matching criteria against which the package can be tested.
       set firewall name WAN-IN-v4 rule 12 tcp flags 'SYN'
       set firewall name WAN-IN-v4 rule 13 tcp flags 'SYN,!ACK,!FIN,!RST'
 
-.. cfgcmd:: set firewall name <name> rule <1-9999> state [established |
+.. cfgcmd:: set firewall name <name> rule <1-999999> state [established |
    invalid | new | related] [enable | disable]
-.. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> state [established |
+.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> state [established |
    invalid | new | related] [enable | disable]
 
    Match against the state of a packet.
@@ -628,7 +629,7 @@ Rule-set overview
 
    This will show you a statistic of all rule-sets since the last boot.
    
-.. opcmd:: show firewall [name | ipv6name] <name> rule <1-9999>
+.. opcmd:: show firewall [name | ipv6name] <name> rule <1-999999>
 
    This command will give an overview of a rule in a single rule-set
 
@@ -664,7 +665,7 @@ Rule-set overview
 
    This will show you a rule-set statistic since the last boot.
 
-.. opcmd:: show firewall [name | ipv6name] <name> rule <1-9999>
+.. opcmd:: show firewall [name | ipv6name] <name> rule <1-999999>
 
    This command will give an overview of a rule in a single rule-set.
 
diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst
index c302d6a9..8568370d 100644
--- a/docs/configuration/protocols/index.rst
+++ b/docs/configuration/protocols/index.rst
@@ -1,3 +1,5 @@
+.. _protocols:
+
 #########
 Protocols
 #########
diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst
index 05a851f1..416a42c3 100644
--- a/docs/configuration/protocols/isis.rst
+++ b/docs/configuration/protocols/isis.rst
@@ -1,6 +1,6 @@
 .. include:: /_include/need_improvement.txt
 
-.. _isis:
+.. _routing-isis:
 
 #####
 IS-IS
@@ -16,51 +16,51 @@ neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS
 addresses are called :abbr:`NETs (Network Entity Titles)` and can be
 8 to 20 bytes long, but are generally 10 bytes long.
 
-For example :abbr:`NET (Network Entity Title)`
+*******
+General
+*******
 
-.. code-block:: none
+Configuration
+=============
+
+Mandatory Settings
+------------------
 
-  49.0001.1921.6800.1002.00
+.. cfgcmd:: set protocols isis net <network-entity-title>
 
-The IS-IS address consists of three parts:
+  This commad also sets network entity title (NET) provided in ISO format.
 
-  :abbr:`AFI (Address family authority identifier)`
-    ``49`` The AFI value 49 is what IS-IS uses for private addressing.
+  For example :abbr:`NET (Network Entity Title)`
 
-  Area identifier:
-    ``0001`` IS-IS area number (Area1)
+  .. code-block:: none
 
-  System identifier:
-    ``1921.6800.1002`` For system idetifier we recommend to use IP address or
-    MAC address of the router.
+    49.0001.1921.6800.1002.00
 
-  NET selector:
-    ``00`` Must always be 00, to indicate "this system".
+  The IS-IS address consists of the following parts:
 
+  * :abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value
+    49 is what IS-IS uses for private addressing.
 
-General Configuration
----------------------
+  * Area identifier: ``0001`` IS-IS area number (Area1)
 
-.. cfgcmd:: set protocols isis <name> net <network-entity-title>
+  * System identifier: ``1921.6800.1002`` - for system idetifiers we recommend
+    to use IP address or MAC address of the router itself.
 
-  This command enables the ISIS process by specifying the ISIS domain with
-  ‘name’. ISIS implementation does not yet support multiple ISIS processes
-  but you must specify the name of ISIS process. This commad also sets
-  network entity title (NET) provided in ISO format.
+  * NET selector: ``00`` Must always be 00, to indicate "this system".
 
-.. cfgcmd:: set protocols isis <name> interface <interface>
+.. cfgcmd:: set protocols isis interface <interface>
 
   This command activates ISIS adjacency on this interface. Note that the name
   of ISIS instance must be the same as the one used to configure the ISIS
   process.
-  
-.. cfgcmd:: set protocols isis <name> dynamic-hostname
+
+.. cfgcmd:: set protocols isis dynamic-hostname
 
   This command enables support for dynamic hostname. Dynamic hostname mapping
   determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism
   for IS-IS.
 
-.. cfgcmd:: set protocols isis <name> level <level-1|level-1-2|level-2>
+.. cfgcmd:: set protocols isis level <level-1|level-1-2|level-2>
 
   This command defines the ISIS router behavior:
 
@@ -68,12 +68,12 @@ General Configuration
       **level-1-2** Act as both a station router and an area router.
       **level-2-only** Act as an area router only.
 
-.. cfgcmd:: set protocols isis <name> lsp-mtu <size>
+.. cfgcmd:: set protocols isis lsp-mtu <size>
 
   This command configures the maximum size of generated LSPs, in bytes. The
   size range is 128 to 4352.
 
-.. cfgcmd:: set protocols isis <name> metric-style <narrow|transition|wide>
+.. cfgcmd:: set protocols isis metric-style <narrow|transition|wide>
 
   This command sets old-style (ISO 10589) or new-style packet formats:
 
@@ -81,19 +81,19 @@ General Configuration
       **transition** Send and accept both styles of TLVs during transition.
       **wide** Use new style of TLVs to carry wider metric.
 
-.. cfgcmd:: set protocols isis <name> purge-originator
+.. cfgcmd:: set protocols isis purge-originator
 
   This command enables :rfc:`6232` purge originator identification. Enable
   purge originator identification (POI) by adding the type, length and value
   (TLV) with the Intermediate System (IS) identification to the LSPs that do
   not contain POI information. If an IS generates a purge, VyOS adds this TLV
-  with the system ID of the IS to the purge. 
+  with the system ID of the IS to the purge.
 
-.. cfgcmd:: set protocols isis <name> set-attached-bit
+.. cfgcmd:: set protocols isis set-attached-bit
 
   This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`.
 
-.. cfgcmd:: set protocols isis <name> set-overload-bit
+.. cfgcmd:: set protocols isis set-overload-bit
 
   This command sets overload bit to avoid any transit traffic through this
   router. It is described in :rfc:`3787`.
@@ -102,107 +102,108 @@ General Configuration
   level-1
 
   This command will generate a default-route in L1 database.
-  
+
 .. cfgcmd:: set protocols isis name default-information originate <ipv4|ipv6>
   level-2
 
   This command will generate a default-route in L2 database.
 
 
-Interfaces Configuration
-------------------------
+Interface Configuration
+-----------------------
 
-.. cfgcmd:: set protocols isis <name> interface <interface> circuit-type
+.. cfgcmd:: set protocols isis interface <interface> circuit-type
   <level-1|level-1-2|level-2-only>
 
   This command specifies circuit type for interface:
 
-      **level-1** Level-1 only adjacencies are formed.
-      **level-1-2** Level-1-2 adjacencies are formed
-      **level-2-only** Level-2 only adjacencies are formed
+  * **level-1** Level-1 only adjacencies are formed.
+  * **level-1-2** Level-1-2 adjacencies are formed
+  * **level-2-only** Level-2 only adjacencies are formed
 
-.. cfgcmd:: set protocols isis <name> interface <interface> hello-interval
+.. cfgcmd:: set protocols isis interface <interface> hello-interval
   <seconds>
 
   This command sets hello interval in seconds on a given interface.
   The range is 1 to 600.
 
-.. cfgcmd:: set protocols isis <name> interface <interface> hello-multiplier
+.. cfgcmd:: set protocols isis interface <interface> hello-multiplier
   <seconds>
 
-  This command sets multiplier for hello holding time on a given 
+  This command sets multiplier for hello holding time on a given
   interface. The range is 2 to 100.
 
-.. cfgcmd:: set protocols isis <name> interface <interface> hello-padding
+.. cfgcmd:: set protocols isis interface <interface> hello-padding
 
   This command configures padding on hello packets to accommodate asymmetrical
   maximum transfer units (MTUs) from different hosts as described in
   :rfc:`3719`. This helps to prevent a premature adjacency Up state when one
-  routing device’s MTU does not meet the requirements to establish the
-  adjacency. 
+  routing devices MTU does not meet the requirements to establish the adjacency.
+
+.. cfgcmd:: set protocols isis interface <interface> metric <metric>
 
-.. cfgcmd:: set protocols isis <name> interface <interface> metric <metric>
+  This command set default metric for circuit.
 
-  This command set default metric for circuit. The metric range is 1 to 
-  16777215 (Max value depend if metric support narrow or wide value).
+  The metric range is 1 to 16777215 (Max value depend if metric support narrow
+  or wide value).
 
-.. cfgcmd:: set protocols isis <name> interface <interface> network
+.. cfgcmd:: set protocols isis interface <interface> network
   point-to-point
 
-  This command specifies network type to ‘Point-to-Point’. The default network
-  type is broadcast.
+  This command specifies network type to Point-to-Point. The default
+  network type is broadcast.
 
-.. cfgcmd:: set protocols isis <name> interface <interface> passive
+.. cfgcmd:: set protocols isis interface <interface> passive
 
   This command configures the passive mode for this interface.
 
-.. cfgcmd:: set protocols isis <name> interface <interface> password
+.. cfgcmd:: set protocols isis interface <interface> password
   plaintext-password <text>
 
   This command configures the authentication password for the interface.
 
-.. cfgcmd:: set protocols isis <name> interface <interface> priority <number>
+.. cfgcmd:: set protocols isis interface <interface> priority <number>
 
   This command sets priority for the interface for
   :abbr:`DIS (Designated Intermediate System)` election. The priority
   range is 0 to 127.
 
-.. cfgcmd:: set protocols isis <name> interface <interface> psnp-interval
+.. cfgcmd:: set protocols isis interface <interface> psnp-interval
   <number>
 
   This command sets PSNP interval in seconds. The interval range is 0
   to 127.
 
-.. cfgcmd:: set protocols isis <name> interface <interface>
+.. cfgcmd:: set protocols isis interface <interface>
   no-three-way-handshake
 
   This command disables Three-Way Handshake for P2P adjacencies which
   described in :rfc:`5303`. Three-Way Handshake is enabled by default.
 
 
-Redistribution Configuration
-----------------------------
+Route Redistribution
+--------------------
 
-.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source> level-1
+.. cfgcmd:: set protocols isis redistribute ipv4 <route source> level-1
 
   This command redistributes routing information from the given route source
   into the ISIS database as Level-1. There are six modes available for route
   source: bgp, connected, kernel, ospf, rip, static.
 
-.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source> level-2
+.. cfgcmd:: set protocols isis redistribute ipv4 <route source> level-2
 
   This command redistributes routing information from the given route source
   into the ISIS database as Level-2. There are six modes available for route
   source: bgp, connected, kernel, ospf, rip, static.
-   
-.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source>
+
+.. cfgcmd:: set protocols isis redistribute ipv4 <route source>
   <level-1|level-2> metric <number>
 
   This command specifies metric for redistributed routes from the given route
   source. There are six modes available for route source: bgp, connected,
   kernel, ospf, rip, static. The metric range is 1 to 16777215.
 
-.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source>
+.. cfgcmd:: set protocols isis redistribute ipv4 <route source>
   <level-1|level-2> route-map <name>
 
   This command allows to use route map to filter redistributed routes from
@@ -210,15 +211,15 @@ Redistribution Configuration
   bgp, connected, kernel, ospf, rip, static.
 
 
-Timers Configuration
---------------------
+Timers
+------
 
-.. cfgcmd:: set protocols isis <name> lsp-gen-interval <seconds>
+.. cfgcmd:: set protocols isis lsp-gen-interval <seconds>
 
   This command sets minimum interval in seconds between regenerating same
   LSP. The interval range is 1 to 120.
-  
-.. cfgcmd:: set protocols isis <name> lsp-refresh-interval <seconds>
+
+.. cfgcmd:: set protocols isis lsp-refresh-interval <seconds>
 
   This command sets LSP refresh interval in seconds. IS-IS generates LSPs
   when the state of a link changes. However, to ensure that routing
@@ -227,32 +228,32 @@ Timers Configuration
   the state of the links. The interval range is 1 to 65235. The default
   value is 900 seconds.
 
-.. cfgcmd:: set protocols isis <name> max-lsp-lifetime <seconds>
+.. cfgcmd:: set protocols isis max-lsp-lifetime <seconds>
 
   This command sets LSP maximum LSP lifetime in seconds. The interval range
   is 350 to 65535. LSPs remain in a database for 1200 seconds by default.
   If they are not refreshed by that time, they are deleted. You can change
   the LSP refresh interval or the LSP lifetime. The LSP refresh interval
   should be less than the LSP lifetime or else LSPs will time out before
-  they are refreshed. 
-  
-.. cfgcmd:: set protocols isis <name> spf-interval <seconds>
+  they are refreshed.
+
+.. cfgcmd:: set protocols isis spf-interval <seconds>
 
   This command sets minimum interval between consecutive SPF calculations in
   seconds.The interval range is 1 to 120.
 
-.. cfgcmd:: set protocols isis <name> spf-delay-ietf holddown <milliseconds>
+.. cfgcmd:: set protocols isis spf-delay-ietf holddown <milliseconds>
 
-.. cfgcmd:: set protocols isis <name> spf-delay-ietf init-delay 
+.. cfgcmd:: set protocols isis spf-delay-ietf init-delay
   <milliseconds>
 
-.. cfgcmd:: set protocols isis <name> spf-delay-ietf long-delay 
+.. cfgcmd:: set protocols isis spf-delay-ietf long-delay
   <milliseconds>
 
-.. cfgcmd:: set protocols isis <name> spf-delay-ietf short-delay 
+.. cfgcmd:: set protocols isis spf-delay-ietf short-delay
   <milliseconds>
 
-.. cfgcmd:: set protocols isis <name> spf-delay-ietf time-to-learn 
+.. cfgcmd:: set protocols isis spf-delay-ietf time-to-learn
   <milliseconds>
 
   This commands specifies the Finite State Machine (FSM) intended to
@@ -260,8 +261,9 @@ Timers Configuration
   to IGP events. The process described in :rfc:`8405`.
 
 
-Configuration Example
----------------------
+*******
+Example
+*******
 
 Simple IS-IS configuration using 2 nodes and redistributing connected
 interfaces.
@@ -278,9 +280,9 @@ interfaces.
   set policy route-map EXPORT-ISIS rule 10 action 'permit'
   set policy route-map EXPORT-ISIS rule 10 match ip address prefix-list 'EXPORT-ISIS'
 
-  set protocols isis FOO interface eth1
-  set protocols isis FOO net '49.0001.1921.6800.1002.00'
-  set protocols isis FOO redistribute ipv4 connected level-2 route-map 'EXPORT-ISIS'
+  set protocols isis interface eth1
+  set protocols isis net '49.0001.1921.6800.1002.00'
+  set protocols isis redistribute ipv4 connected level-2 route-map 'EXPORT-ISIS'
 
 **Node 2:**
 
@@ -288,14 +290,14 @@ interfaces.
 
   set interfaces ethernet eth1 address '192.0.2.2/24'
 
-  set protocols isis FOO interface eth1
-  set protocols isis FOO net '49.0001.1921.6800.2002.00'
+  set protocols isis interface eth1
+  set protocols isis net '49.0001.1921.6800.2002.00'
 
 Show ip routes on Node2:
 
 .. code-block:: none
 
-  vyos@r2:~$ show ip route isis 
+  vyos@r2:~$ show ip route isis
   Codes: K - kernel route, C - connected, S - static, R - RIP,
          O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
          T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst
index 1f1e2aa9..0c6dcbd9 100644
--- a/docs/configuration/service/https.rst
+++ b/docs/configuration/service/https.rst
@@ -4,7 +4,7 @@
 HTTP-API
 ########
 
-VyOS provide a HTTP API. You can use it to execute op-mode commands,
+VyOS provides an HTTP API. You can use it to execute op-mode commands,
 update VyOS, set or delete config.
 
 Please take a look at the :ref:`vyosapi` page for an detailed how-to.
@@ -15,7 +15,7 @@ Configuration
 
 .. cfgcmd:: set service https api keys id <name> key <apikey>
 
-   Set an named api key, every key have the same, full permissions
+   Set a named api key, every key has the same, full permissions
    on the system.
 
 .. cfgcmd:: set service https api debug
@@ -25,7 +25,7 @@ Configuration
 
 .. cfgcmd:: set service https api port
 
-   Set the listen port of the local API, this have non effect of the
+   Set the listen port of the local API, this has no effect on the
    webserver. The default is port 8080
 
 .. cfgcmd:: set service https api strict
@@ -46,7 +46,7 @@ Configuration
 
 .. cfgcmd:: set service https api-restrict virtual-host <vhost>
 
-   Nginx exposes the local API on all virtual servers, by default
+   Nginx exposes the local API on all virtual servers, by default. 
    Use this to restrict nginx to one or more virtual hosts.
 
 .. cfgcmd:: set service https certificates certbot domain-name <text>
@@ -71,14 +71,15 @@ Configuration
 Example Configuration
 *********************
 
-Set an API-KEY is the minimal configuration to get a working API Endpoint.
+Setting an API-KEY is the minimal configuration needed to get a working API 
+Endpoint.
 
 .. code-block:: none
 
    set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
 
 
-To use this full configuration we asume a publice accessable hostname.
+To use this full configuration we asume a globally resolvable hostname.
 
 .. code-block:: none
 
@@ -88,4 +89,4 @@ To use this full configuration we asume a publice accessable hostname.
    set service https virtual-host rtr01 listen-address 198.51.100.2
    set service https virtual-host rtr01 listen-port 11443
    set service https virtual-host rtr01 server-name rtr01.example.com
-   set service https api-restrict virtual-host rtr01.example.com
-\ No newline at end of file
+   set service https api-restrict virtual-host rtr01.example.com
diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst
index 8d895f9d..ad99cec0 100644
--- a/docs/configuration/service/pppoe-server.rst
+++ b/docs/configuration/service/pppoe-server.rst
@@ -388,6 +388,7 @@ The example below covers a dual-stack configuration via pppoe-server.
   set service pppoe-server client-ip-pool stop '192.168.0.10'
   set service pppoe-server client-ipv6-pool delegate '2001:db8:8003::/48' delegation-prefix '56'
   set service pppoe-server client-ipv6-pool prefix '2001:db8:8002::/48' mask '64'
+  set service pppoe-server ppp-options ipv6 allow
   set service pppoe-server name-server '10.1.1.1'
   set service pppoe-server name-server '2001:db8:4860::8888'
   set service pppoe-server interface 'eth2'
diff --git a/docs/configuration/service/snmp.rst b/docs/configuration/service/snmp.rst
index 2a55b775..1977bf7f 100644
--- a/docs/configuration/service/snmp.rst
+++ b/docs/configuration/service/snmp.rst
@@ -1,3 +1,5 @@
+:lastproofread: 2022-02-01
+
 .. _snmp:
 
 ####
@@ -129,7 +131,7 @@ sent in clear text between a manager and agent. Each SNMPv3 message contains
 security parameters which are encoded as an octet string. The meaning of these
 security parameters depends on the security model being used.
 
-The securityapproach in v3 targets:
+The security approach in v3 targets:
 
 * Confidentiality – Encryption of packets to prevent snooping by an
   unauthorized source.
@@ -161,7 +163,7 @@ Example
   set service snmp v3 view default oid 1
 
 After commit the plaintext passwords will be hashed and stored in your
-configuration. The resulting LCI config will look like:
+configuration. The resulting CLI config will look like:
 
 .. code-block:: none
 
@@ -201,7 +203,7 @@ VyOS MIBs
 
 All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/mibs/``
 
-you are be able to download the files with the a activate ssh service like this
+You can download the file to your local host with an active ssh service like this
 
 .. code-block:: none
 
@@ -270,4 +272,4 @@ following content:
 .. _SNMPv2: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_2
 .. _SNMPv3: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3
 
-.. start_vyoslinter
-\ No newline at end of file
+.. start_vyoslinter
diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst
index 24881186..e03d1e70 100644
--- a/docs/configuration/service/ssh.rst
+++ b/docs/configuration/service/ssh.rst
@@ -127,8 +127,8 @@ Operation
 
 .. opcmd:: generate ssh client-key /path/to/private_key
 
-  Re-generated a known pub/private keyfile which can e.g. used to connect to
-  other services (RPKI cache).
+  Re-generated a known pub/private keyfile which can be used to connect to
+  other services (e.g. RPKI cache).
 
   Example:
 
@@ -153,5 +153,36 @@ Operation
     |        =.. o=.oo|
     +----[SHA256]-----+
 
-  Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub``
+  Two new files ``/config/auth/id_rsa_rpki`` and
+  ``/config/auth/id_rsa_rpki.pub``
   will be created.
+
+.. opcmd:: generate public-key-command name <username> path <location>
+
+   Generate the configuration mode commands to add a public key for
+   :ref:`ssh_key_based_authentication`.
+   ``<location>`` can be a local path or a URL pointing at a remote file.
+
+   Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP.
+
+  Example:
+
+  .. code-block:: none
+
+    alyssa@vyos:~$ generate public-key-command name alyssa path sftp://example.net/home/alyssa/.ssh/id_rsa.pub
+    # To add this key as an embedded key, run the following commands:
+    configure
+    set system login user alyssa authentication public-keys alyssa@example.net key AAA...
+    set system login user alyssa authentication public-keys alyssa@example.net type ssh-rsa
+    commit
+    save
+    exit
+
+    ben@vyos:~$ generate public-key-command user ben path ~/.ssh/id_rsa.pub
+    # To add this key as an embedded key, run the following commands:
+    configure
+    set system login user ben authentication public-keys ben@vyos key AAA...
+    set system login user ben authentication public-keys ben@vyos type ssh-dss
+    commit
+    save
+    exit
diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst
index cba5c0e0..763b834c 100644
--- a/docs/configuration/system/ipv6.rst
+++ b/docs/configuration/system/ipv6.rst
@@ -10,6 +10,9 @@ System configuration commands
    Use this command to disable assignment of IPv6 addresses on all
    interfaces.
 
+   .. note:: This command is deprecated in VyOS 1.3 (equuleus) and removed in
+      VyOS 1.4 (sagitta). IPv6 address family can no longer be disabled.
+
 .. cfgcmd:: set system ipv6 disable-forwarding
 
    Use this command to disable IPv6 forwarding on all interfaces.
diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst
index 61201de7..08746201 100644
--- a/docs/configuration/system/login.rst
+++ b/docs/configuration/system/login.rst
@@ -84,6 +84,10 @@ The third part is simply an identifier, and is for your own reference.
 
 .. cfgcmd:: loadkey <username> <location>
 
+   **Deprecation notice:** ``loadkey`` has been deprecated in favour of
+   :opcmd:`generate public-key-commands` and will be removed in a future
+   version. See :ref:`ssh`.
+
    SSH keys can not only be specified on the command-line but also loaded for
    a given user with `<username>` from a file pointed to by `<location>.` Keys
    can be either loaded from local filesystem or any given remote location
diff --git a/docs/configuration/vpn/index.rst b/docs/configuration/vpn/index.rst
index abaca198..b90dc90a 100644
--- a/docs/configuration/vpn/index.rst
+++ b/docs/configuration/vpn/index.rst
@@ -1,3 +1,5 @@
+.. _vpn:
+
 ###
 VPN
 ###
diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst
index 9b48668a..7091b51a 100644
--- a/docs/configuration/vrf/index.rst
+++ b/docs/configuration/vrf/index.rst
@@ -214,7 +214,7 @@ Operation
 =========
 
 It is not sufficient to only configure a VRF but VRFs must be maintained, too.
-For VR Fmaintenance the followin operational commands are in place.
+For VRF maintenance, the following operational commands are in place.
 
 .. opcmd:: show vrf