From 8943fc9f877cbee3301a8261ddd27b4b1f15f174 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 30 Nov 2020 20:53:36 +0100 Subject: arrange services and protocols --- docs/configuration/protocols/static.rst | 195 ++++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 docs/configuration/protocols/static.rst (limited to 'docs/configuration/protocols/static.rst') diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst new file mode 100644 index 00000000..fbde8228 --- /dev/null +++ b/docs/configuration/protocols/static.rst @@ -0,0 +1,195 @@ +.. _static-routing: + +###### +Static +###### + +Static routes are manually configured routes, which, in general, cannot be +updated dynamically from information VyOS learns about the network topology from +other routing protocols. However, if a link fails, the router will remove +routes, including static routes, from the :abbr:`RIPB (Routing Information +Base)` that used this interface to reach the next hop. In general, static +routes should only be used for very simple network topologies, or to override +the behavior of a dynamic routing protocol for a small number of routes. The +collection of all routes the router has learned from its configuration or from +its dynamic routing protocols is stored in the RIB. Unicast routes are directly +used to determine the forwarding table used for unicast packet forwarding. + +Static Routes +############# + +.. cfgcmd:: set protocols static route next-hop
+ + Configure next-hop `
` for an IPv4 static route. Multiple static + routes can be created. + +.. cfgcmd:: set protocols static route next-hop
disable + + Disable this IPv4 static route entry. + +.. cfgcmd:: set protocols static route next-hop
distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + +.. cfgcmd:: set protocols static route6 next-hop
+ + Configure next-hop `
` for an IPv6 static route. Multiple static + routes can be created. + +.. cfgcmd:: set protocols static route6 next-hop
disable + + Disable this IPv6 static route entry. + +.. cfgcmd:: set protocols static route6 next-hop
distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + + +Interface Routes +================ + +.. cfgcmd:: set protocols static interface-route next-hop-interface + + Allows you to configure the next-hop interface for an interface-based IPv4 + static route. `` will be the next-hop interface where trafic is + routed for the given ``. + +.. cfgcmd:: set protocols static interface-route next-hop-interface disable + + Disables interface-based IPv4 static route. + +.. cfgcmd:: set protocols static interface-route next-hop-interface distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + + Allows you to configure the next-hop interface for an interface-based IPv6 + static route. `` will be the next-hop interface where trafic is + routed for the given ``. + +.. cfgcmd:: set protocols static interface-route6 next-hop-interface disable + + Disables interface-based IPv6 static route. + +.. cfgcmd:: set protocols static interface-route6 next-hop-interface distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + + +Blackhole +========= + +.. cfgcmd:: set protocols static route blackhole + + Use this command to configure a "black-hole" route on the router. A + black-hole route is a route for which the system silently discard packets + that are matched. This prevents networks leaking out public interfaces, but + it does not prevent them from being used as a more specific route inside your + network. + +.. cfgcmd:: set protocols static route blackhole distance + + Defines blackhole distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + +.. cfgcmd:: set protocols static route6 blackhole + + Use this command to configure a "black-hole" route on the router. A + black-hole route is a route for which the system silently discard packets + that are matched. This prevents networks leaking out public interfaces, but + it does not prevent them from being used as a more specific route inside your + network. + +.. cfgcmd:: set protocols static route6 blackhole distance + + Defines blackhole distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + +Alternate Routing Tables +======================== + +TBD + +Alternate routing tables are used with policy based routing of by utilizing +:ref:`vrf`. + + +.. _routing-arp: + +### +ARP +### + +:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for +discovering the link layer address, such as a MAC address, associated with a +given internet layer address, typically an IPv4 address. This mapping is a +critical function in the Internet protocol suite. ARP was defined in 1982 by +:rfc:`826` which is Internet Standard STD 37. + +In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is +provided by the Neighbor Discovery Protocol (NDP). + +To manipulate or display ARP_ table entries, the following commands are +implemented. + +Configure +========= + +.. cfgcmd:: set protocols static arp
hwaddr + + This will configure a static ARP entry always resolving `
` to + ``. + + Example: + + .. code-block:: none + + set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa + +Operation +========= + +.. opcmd:: show protocols static arp + + Display all known ARP table entries spanning across all interfaces + +.. code-block:: none + + vyos@vyos:~$ show protocols static arp + Address HWtype HWaddress Flags Mask Iface + 10.1.1.1 ether 00:53:00:de:23:2e C eth1 + 10.1.1.100 ether 00:53:00:de:23:aa CM eth1 + + +.. opcmd:: show protocols static arp interface eth1 + + Display all known ARP table entries on a given interface only (`eth1`): + +.. code-block:: none + + vyos@vyos:~$ show protocols static arp interface eth1 + Address HWtype HWaddress Flags Mask Iface + 10.1.1.1 ether 00:53:00:de:23:2e C eth1 + 10.1.1.100 ether 00:53:00:de:23:aa CM eth1 + +.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol -- cgit v1.2.3 From 6f6950d14e46ef92d961682b23fb28936c23f9b7 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 7 Dec 2020 20:29:11 +0100 Subject: fix build errors after arrange --- docs/changelog/index.rst | 3 ++ docs/cli.rst | 9 ++---- docs/configuration/firewall/index.rst | 54 ++++++++++++++++++++------------- docs/configuration/protocols/static.rst | 11 +++++-- docs/configuration/system/index.rst | 10 +++++- docs/configuration/vpn/index.rst | 13 +++++++- docs/configuration/vpn/rsa-keys.rst | 4 +++ docs/contributing/documentation.rst | 2 +- 8 files changed, 73 insertions(+), 33 deletions(-) create mode 100644 docs/configuration/vpn/rsa-keys.rst (limited to 'docs/configuration/protocols/static.rst') diff --git a/docs/changelog/index.rst b/docs/changelog/index.rst index 26262932..8d2e8a86 100644 --- a/docs/changelog/index.rst +++ b/docs/changelog/index.rst @@ -1,3 +1,6 @@ +.. _release-notes: + + ######### Changelog ######### diff --git a/docs/cli.rst b/docs/cli.rst index 34ab3df6..7964c490 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -12,8 +12,7 @@ Operational Mode Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the -modification of system configuration. The list of all operational level commands -is available at :ref:`operational_level_commands`. +modification of system configuration. The CLI provides a built-in help system. In the CLI the ``?`` key may be used to display available commands. The ``TAB`` key can be used to auto-complete @@ -75,9 +74,6 @@ When viewing in page mode the following commands are available: Configuration Mode ################## -The list of all operational level commands is available at -:ref:`configuration_level_commands`. - To enter configuration mode use the ``configure`` command: .. code-block:: none @@ -112,7 +108,8 @@ thus also be easily cloned by simply copying the required configuration files. Terminology -=========== +########### + live A VyOS system has three major types of configurations: diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 2615774f..e95ecb53 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -1,11 +1,12 @@ .. _firewall: +######## Firewall -======== - +######## +******** Overview --------- +******** VyOS makes use of Linux `netfilter `_ for packet filtering. @@ -24,8 +25,9 @@ or zone based firewall policy. OS, is a reference to as `local` with respect to its input interface. +*************** Global settings ---------------- +*************** Some firewall settings are global and have a affect on the whole system. @@ -140,8 +142,9 @@ Some firewall settings are global and have a affect on the whole system. Set the global setting for related connections. +****** Groups ------- +****** Firewall groups represent collections of IP addresses, networks, or ports. Once created, a group can be referenced by firewall rules as @@ -158,7 +161,7 @@ names. Address Groups -************** +============== In a **address group** a single IP adresses or IP address ranges are definded. @@ -182,7 +185,7 @@ definded. Network Groups -************** +============== While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need @@ -207,7 +210,7 @@ recommended. Port Groups -*********** +=========== A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that @@ -232,8 +235,9 @@ filtering unnecessary ports. Ranges of ports can be specified by using Provide a port group description. +********* Rule-Sets ----------- +********* A rule-set is a named collection of firewall rules that can be applied to an interface or zone. Each rule is numbered, has an action to apply @@ -281,7 +285,7 @@ the action of the rule will executed. If you want to disable a rule but let it in the configuration. Matching criteria -***************** +================= There are a lot of matching criteria gainst which the package can be tested. @@ -413,8 +417,9 @@ There are a lot of matching criteria gainst which the package can be tested. Match against the state of a packet. +*********************************** Applying a Rule-Set to an Interface ------------------------------------ +*********************************** A Rule-Set can be appliend to every inteface: @@ -439,8 +444,9 @@ A Rule-Set can be appliend to every inteface: several interfaces. An interface can only have one rule-set per chain. +************************** Zone-based Firewall Policy --------------------------- +************************** As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when @@ -453,7 +459,7 @@ An basic introduction to zone-based firewalls can be found `here and an example at :ref:`examples-zone-policy`. Define a Zone -************* +============= To define a zone setup either one with interfaces or a local zone. @@ -477,7 +483,7 @@ To define a zone setup either one with interfaces or a local zone. Applying a Rule-Set to a Zone -***************************** +============================= Before you are able to apply a rule-set to a zone you have to create the zones first. @@ -496,11 +502,12 @@ first. set zone-policy zone LAN from DMZ firewall name DMZv4-to-LANv4 +*********************** Operation-mode Firewall ------------------------ +*********************** Rule-set overview -***************** +================= .. opcmd:: show firewall @@ -663,7 +670,7 @@ Rule-set overview Zone-Policy Overview -******************** +==================== .. opcmd:: show zone-policy zone @@ -684,7 +691,7 @@ Zone-Policy Overview Show Firewall log -***************** +================= .. opcmd:: show log firewall [name | ipv6name] @@ -698,7 +705,7 @@ Show Firewall log Example Partial Config ----------------------- +====================== .. code-block:: none @@ -770,9 +777,10 @@ Example Partial Config .. _routing-mss-clamp: -################ + +**************** TCP-MSS Clamping -################ +**************** As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP @@ -788,9 +796,11 @@ value for IPv4 and IPv6. in 1452 bytes on a 1492 byte MTU. + IPv4 ==== + .. cfgcmd:: set firewall options interface adjust-mss Use this command to set the maximum segment size for IPv4 transit @@ -808,6 +818,8 @@ for your WireGuard `wg02` tunnel. set firewall options interface pppoe0 adjust-mss '1452' set firewall options interface wg02 adjust-mss '1372' + + IPv6 ==== diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst index fbde8228..43b77c41 100644 --- a/docs/configuration/protocols/static.rst +++ b/docs/configuration/protocols/static.rst @@ -15,8 +15,9 @@ collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding. +************* Static Routes -############# +************* .. cfgcmd:: set protocols static route next-hop
@@ -152,8 +153,9 @@ provided by the Neighbor Discovery Protocol (NDP). To manipulate or display ARP_ table entries, the following commands are implemented. +********* Configure -========= +********* .. cfgcmd:: set protocols static arp
hwaddr @@ -166,8 +168,11 @@ Configure set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa + +********* Operation -========= +********* + .. opcmd:: show protocols static arp diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index ecf09a64..4bb16c42 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -22,7 +22,7 @@ System name-server name-servers-dhcp ntp - options + option proxy static-host-mapping sysctl @@ -30,3 +30,11 @@ System task-scheduler time-zone wifi-requlatory-domain + + +.. toctree:: + :maxdepth: 1 + :includehidden: + + default-route + eventhandler diff --git a/docs/configuration/vpn/index.rst b/docs/configuration/vpn/index.rst index 397093c2..abaca198 100644 --- a/docs/configuration/vpn/index.rst +++ b/docs/configuration/vpn/index.rst @@ -12,4 +12,15 @@ VPN openconnect pptp rsa-keys - sstp \ No newline at end of file + sstp + + + +pages to sort + +.. toctree:: + :maxdepth: 1 + :includehidden: + + dmvpn + site2site_ipsec \ No newline at end of file diff --git a/docs/configuration/vpn/rsa-keys.rst b/docs/configuration/vpn/rsa-keys.rst new file mode 100644 index 00000000..9f289d0d --- /dev/null +++ b/docs/configuration/vpn/rsa-keys.rst @@ -0,0 +1,4 @@ + +######## +RSA-Keys +######## \ No newline at end of file diff --git a/docs/contributing/documentation.rst b/docs/contributing/documentation.rst index 197f5b03..f15595bf 100644 --- a/docs/contributing/documentation.rst +++ b/docs/contributing/documentation.rst @@ -261,7 +261,7 @@ Page content The documentation have 3 different types of pages, the same kind of pages must have the same structure to achieve a recognition factor. -For all *.rst files must follow the same TOC Level syntax and have to start with +For all rst files must follow the same TOC Level syntax and have to start with .. code-block:: -- cgit v1.2.3 From 7b04596343a1894a638ff1de030fb0a179980194 Mon Sep 17 00:00:00 2001 From: rebortg Date: Fri, 11 Dec 2020 22:41:24 +0100 Subject: protocols: fix lint errors --- docs/configuration/protocols/bfd.rst | 9 ++++++--- docs/configuration/protocols/igmp.rst | 12 ++++++++---- docs/configuration/protocols/isis.rst | 20 ++++++++++++-------- docs/configuration/protocols/mpls.rst | 4 ++++ docs/configuration/protocols/rpki.rst | 6 +++++- docs/configuration/protocols/static.rst | 24 ++++++++++++++++-------- 6 files changed, 51 insertions(+), 24 deletions(-) (limited to 'docs/configuration/protocols/static.rst') diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst index b8fdf489..20ff3b8a 100644 --- a/docs/configuration/protocols/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -25,19 +25,22 @@ Configure BFD Allow this BFD peer to not be directly connected -.. cfgcmd:: set protocols bfd peer
source [address
| interface ] +.. cfgcmd:: set protocols bfd peer
source + [address
| interface ] Bind listener to specifid interface/address, mandatory for IPv6 .. cfgcmd:: set protocols bfd peer
interval echo-interval <10-60000> - The minimal echo receive transmission interval that this system is capable of handling + The minimal echo receive transmission interval that this system is + capable of handling .. cfgcmd:: set protocols bfd peer
interval multiplier <2-255> Remote transmission interval will be multiplied by this value -.. cfgcmd:: set protocols bfd peer
interval [receive | transmit] <10-60000> +.. cfgcmd:: set protocols bfd peer
interval + [receive | transmit] <10-60000> Interval in milliseconds diff --git a/docs/configuration/protocols/igmp.rst b/docs/configuration/protocols/igmp.rst index 9104b0c9..7109deb6 100644 --- a/docs/configuration/protocols/igmp.rst +++ b/docs/configuration/protocols/igmp.rst @@ -96,7 +96,8 @@ These are the commands for a basic setup. can communicate with PIM neighbors. -.. cfgcmd:: set protocols pim rp address
group +.. cfgcmd:: set protocols pim rp address
group + Use this comand to manually configure a Rendevouz Point for PIM so that join messages can be sent there. Set the Rendevouz Point address @@ -140,7 +141,8 @@ You can also tune multicast with the following commands. platforms cannot see data flowing in better than 30 second chunks. -.. cfgcmd:: set protocols igmp interface join source +.. cfgcmd:: set protocols igmp interface join + source Use this command to allow the selected interface join a multicast group defining the multicast address you want to join and the source @@ -153,7 +155,8 @@ You can also tune multicast with the following commands. host query interval (1-1800) in seconds that PIM will use. -.. cfgcmd:: set protocols igmp interface +.. cfgcmd:: set protocols igmp interface Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is @@ -180,7 +183,8 @@ upstream interface, and one or more downstream interfaces. Configuration ============= -.. cfgcmd:: set protocols igmp-proxy interface role +.. cfgcmd:: set protocols igmp-proxy interface role + * **upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 64cc2535..753637f9 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -6,12 +6,14 @@ IS-IS ##### -:abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway routing protocol. -Like OSPF, IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s -topology and, from that database, to determine the best (that is, shortest) path to a destination. -The routers exchange topology information with their nearest neighbors. -IS-IS runs directly on the data link layer (Layer 2). -IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. +:abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state +interior gateway routing protocol. Like OSPF, IS-IS runs the Dijkstra +shortest-path first (SPF) algorithm to create a database of the network’s +topology and, from that database, to determine the best (that is, shortest) +path to a destination. The routers exchange topology information with their +nearest neighbors. IS-IS runs directly on the data link layer (Layer 2). +IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be +8 to 20 bytes long, but are generally 10 bytes long. For example :abbr:`NET (Network Entity Title)` @@ -28,12 +30,14 @@ The IS-IS address consists of three parts: ``0001`` IS-IS area number (Area1) System identifier: - ``1921.6800.1002`` For system idetifier we recommend to use IP address or MAC address of the router. + ``1921.6800.1002`` For system idetifier we recommend to use IP address or + MAC address of the router. NET selector: ``00`` Must always be 00, to indicate "this system". -Simple IS-IS configuration using 2 nodes and redistributing connected interfaces. +Simple IS-IS configuration using 2 nodes and redistributing connected +interfaces. **Node 1:** diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst index 863e7f62..3b59d8ea 100644 --- a/docs/configuration/protocols/mpls.rst +++ b/docs/configuration/protocols/mpls.rst @@ -240,4 +240,8 @@ Reset Use this command to reset an LDP neighbor/TCP session that is established +.. stop_vyoslinter + .. _`Wikipedia (MPLS)`: https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching + +.. start_vyoslinter \ No newline at end of file diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst index 9813b1b6..c3ff442b 100644 --- a/docs/configuration/protocols/rpki.rst +++ b/docs/configuration/protocols/rpki.rst @@ -100,6 +100,8 @@ Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using the `RIPE Labs RPKI Test`_ experimental tool. +.. stop_vyoslinter + .. _tweet by EvilMog: https://twitter.com/Evil_Mog/status/1230924170508169216 .. _Routinator: https://www.nlnetlabs.nl/projects/rpki/routinator/ .. _GoRTR: https://github.com/cloudflare/gortr @@ -110,4 +112,6 @@ Test`_ experimental tool. .. _RPKI analytics: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/ .. _RIPE Labs RPKI Test: https://sg-pub.ripe.net/jasper/rpki-web-test/ .. _excellent guide to RPKI: https://rpki.readthedocs.io/ -.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.html +.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.htm + +.. start_vyoslinter diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst index 43b77c41..42c0c4b7 100644 --- a/docs/configuration/protocols/static.rst +++ b/docs/configuration/protocols/static.rst @@ -28,7 +28,8 @@ Static Routes Disable this IPv4 static route entry. -.. cfgcmd:: set protocols static route next-hop
distance +.. cfgcmd:: set protocols static route next-hop
+ distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. @@ -47,7 +48,8 @@ Static Routes Disable this IPv6 static route entry. -.. cfgcmd:: set protocols static route6 next-hop
distance +.. cfgcmd:: set protocols static route6 next-hop
+ distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. @@ -61,34 +63,40 @@ Static Routes Interface Routes ================ -.. cfgcmd:: set protocols static interface-route next-hop-interface +.. cfgcmd:: set protocols static interface-route next-hop-interface + Allows you to configure the next-hop interface for an interface-based IPv4 static route. `` will be the next-hop interface where trafic is routed for the given ``. -.. cfgcmd:: set protocols static interface-route next-hop-interface disable +.. cfgcmd:: set protocols static interface-route next-hop-interface + disable Disables interface-based IPv4 static route. -.. cfgcmd:: set protocols static interface-route next-hop-interface distance +.. cfgcmd:: set protocols static interface-route next-hop-interface + distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. Range is 1 to 255, default is 1. -.. cfgcmd:: set protocols static interface-route6 next-hop-interface +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + Allows you to configure the next-hop interface for an interface-based IPv6 static route. `` will be the next-hop interface where trafic is routed for the given ``. -.. cfgcmd:: set protocols static interface-route6 next-hop-interface disable +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + disable Disables interface-based IPv6 static route. -.. cfgcmd:: set protocols static interface-route6 next-hop-interface distance +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. -- cgit v1.2.3 From 0ae01b4a1c6e6376b2db498618c65801a809e826 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 5 Feb 2021 22:53:53 +0100 Subject: vrf: static: T2450: adjust to new CLI syntax --- docs/configexamples/azure-vpn-bgp.rst | 2 +- docs/configexamples/azure-vpn-dual-bgp.rst | 4 ++-- .../dhcp-relay-through-gre-bridge.rst | 4 ++-- docs/configexamples/tunnelbroker-ipv6.rst | 2 +- docs/configuration/interfaces/openvpn.rst | 6 ++--- docs/configuration/interfaces/pppoe.rst | 4 ++-- docs/configuration/interfaces/wireguard.rst | 4 ++-- docs/configuration/protocols/static.rst | 12 +++++----- docs/configuration/vrf/index.rst | 28 +++++++++++----------- 9 files changed, 33 insertions(+), 33 deletions(-) (limited to 'docs/configuration/protocols/static.rst') diff --git a/docs/configexamples/azure-vpn-bgp.rst b/docs/configexamples/azure-vpn-bgp.rst index 265e28c7..1d61b3b8 100644 --- a/docs/configexamples/azure-vpn-bgp.rst +++ b/docs/configexamples/azure-vpn-bgp.rst @@ -114,7 +114,7 @@ Vyos configuration .. code-block:: none - set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1 + set protocols static route 10.0.0.4/32 interface vti1 - Configure your BGP settings diff --git a/docs/configexamples/azure-vpn-dual-bgp.rst b/docs/configexamples/azure-vpn-dual-bgp.rst index 13d4b5a2..0a48156c 100644 --- a/docs/configexamples/azure-vpn-dual-bgp.rst +++ b/docs/configexamples/azure-vpn-dual-bgp.rst @@ -129,8 +129,8 @@ Vyos configuration .. code-block:: none - set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1 - set protocols static interface-route 10.0.0.5/32 next-hop-interface vti2 + set protocols static route 10.0.0.4/32 interface vti1 + set protocols static route 10.0.0.5/32 interface vti2 - Configure your BGP settings diff --git a/docs/configexamples/dhcp-relay-through-gre-bridge.rst b/docs/configexamples/dhcp-relay-through-gre-bridge.rst index 0db5fa0a..afa4d854 100644 --- a/docs/configexamples/dhcp-relay-through-gre-bridge.rst +++ b/docs/configexamples/dhcp-relay-through-gre-bridge.rst @@ -29,7 +29,7 @@ DHCP Server set protocols ospf area 0 network '192.168.3.0/24' set protocols ospf area 0 network '10.0.2.0/24' set protocols ospf parameters router-id '192.168.3.3' - set protocols static interface-route 10.0.1.2/32 next-hop-interface tun100 + set protocols static route 10.0.1.2/32 interface tun100 set service dhcp-server shared-network-name asdf authoritative set service dhcp-server shared-network-name asdf subnet 192.168.3.0/24 range 0 start '192.168.3.30' set service dhcp-server shared-network-name asdf subnet 192.168.3.0/24 range 0 stop '192.168.3.40' @@ -70,7 +70,7 @@ DHCP Relay set protocols ospf area 0 network '192.168.0.0/24' set protocols ospf area 0 network '10.100.100.0/24' set protocols ospf parameters router-id '10.100.100.1' - set protocols static interface-route 192.168.3.3/32 next-hop-interface tun100 + set protocols static route 192.168.3.3/32 interface tun100 set service dhcp-relay interface 'eth0' set service dhcp-relay interface 'tun100' set service dhcp-relay server '192.168.3.3' diff --git a/docs/configexamples/tunnelbroker-ipv6.rst b/docs/configexamples/tunnelbroker-ipv6.rst index b6f1cc07..1df814dc 100644 --- a/docs/configexamples/tunnelbroker-ipv6.rst +++ b/docs/configexamples/tunnelbroker-ipv6.rst @@ -35,7 +35,7 @@ tunnel information page. set interfaces tunnel tun0 mtu '1472' set interfaces tunnel tun0 multicast 'disable' set interfaces tunnel tun0 remote-ip Server_IPv4_from_Tunnelbroker # This is the IP of the Tunnelbroker server - set protocols static interface-route6 ::/0 next-hop-interface tun0 # Tell all traffic to go over this tunnel + set protocols static route6 ::/0 interface tun0 # Tell all traffic to go over this tunnel commit If your WAN connection is over PPPoE, you may need to set the MTU on the above diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 2c273b34..8b32743f 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -159,13 +159,13 @@ Local Configuration: .. code-block:: none - set protocols static interface-route 10.1.0.0/16 next-hop-interface vtun1 + set protocols static route 10.1.0.0/16 interface vtun1 Remote Configuration: .. code-block:: none - set protocols static interface-route 10.0.0.0/16 next-hop-interface vtun1 + set protocols static route 10.0.0.0/16 interface vtun1 Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and function identically to ethernet interfaces. @@ -253,7 +253,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves: .. code-block:: none - set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10 + set protocols static route 10.23.0.0/20 interface vtun10 Generate X.509 Certificate and Keys ----------------------------------- diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index 0fdbba42..1bbccc0c 100644 --- a/docs/configuration/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -130,7 +130,7 @@ PPPoE options .. note:: In all modes except 'none', all default routes using this interface will be removed when the interface is torn down - even manually installed - static interface-routes. + static routes. .. cfgcmd:: set interfaces pppoe idle-timeout