From 2aaeedd7c1533a1458b48b57ac9fbccead376261 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 18:57:24 +0100 Subject: interface: split into basic and advanced section --- docs/interfaces/basic-index.rst | 52 +++++++++++++++++++++++++++++++++++++++++ docs/interfaces/index.rst | 7 ++---- 2 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 docs/interfaces/basic-index.rst (limited to 'docs/interfaces') diff --git a/docs/interfaces/basic-index.rst b/docs/interfaces/basic-index.rst new file mode 100644 index 00000000..67be1a90 --- /dev/null +++ b/docs/interfaces/basic-index.rst @@ -0,0 +1,52 @@ +.. _basic_network-interfaces: + +################## +Network Interfaces +################## + +Configured interfaces on a VyOS system can be displayed using the +``show interfaces`` command. + +.. code-block:: none + + vyos@vyos:~$ show interfaces + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + eth0 172.16.51.129/24 u/u OUTSIDE + eth1 192.168.0.1/24 u/u INSIDE + lo 127.0.0.1/8 u/u + ::1/128 + +A specific interface can be shown using the ``show interfaces `` +command. + +.. code-block:: none + + vyos@vyos:~$ show interfaces ethernet eth0 + eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 + link/ether 00:53:29:44:3b:0f brd ff:ff:ff:ff:ff:ff + inet 172.16.51.129/24 brd 172.16.51.255 scope global eth0 + inet6 fe80::20c:29ff:fe44:3b0f/64 scope link + valid_lft forever preferred_lft forever + Description: OUTSIDE + + RX: bytes packets errors dropped overrun mcast + 274397 3064 0 0 0 0 + TX: bytes packets errors dropped carrier collisions + 257276 1890 0 0 0 0 + +Different network interfaces provide type-specific configuration. Ethernet +interfaces, for example, allow the configuration of speed and duplex. + +Many services, such as network routing, firewall, and traffic policy also +maintain interface-specific configuration. These will be covered in their +respective sections. + + +.. toctree:: + :maxdepth: 2 + + addresses + ethernet + pppoe diff --git a/docs/interfaces/index.rst b/docs/interfaces/index.rst index 0513adf1..95f60d11 100644 --- a/docs/interfaces/index.rst +++ b/docs/interfaces/index.rst @@ -47,14 +47,11 @@ respective sections. .. toctree:: :maxdepth: 2 - addresses dummy - ethernet - l2tpv3 - pppoe - wireless bridge bond + l2tpv3 + wireless tunnel vlan qinq -- cgit v1.2.3 From e95095d26622fa4cbaa5ab782194ec4607237aa6 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:24:09 +0100 Subject: ethernet: document more configuration/operation commands --- docs/interfaces/ethernet.rst | 303 +++++++++++++++++++++++++++++++++---------- 1 file changed, 234 insertions(+), 69 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/ethernet.rst b/docs/interfaces/ethernet.rst index a8cee8c2..4a5abded 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/interfaces/ethernet.rst @@ -1,72 +1,237 @@ .. _ethernet-interface: +######## Ethernet --------- - -Ethernet interfaces allow for the configuration of speed, duplex, and hw-id -(MAC address). Below is an example configuration: - -.. code-block:: none - - set interfaces ethernet eth1 address '192.168.0.1/24' - set interfaces ethernet eth1 address '2001:db8:1::ffff/64' - set interfaces ethernet eth1 description 'INSIDE' - set interfaces ethernet eth1 duplex 'auto' - set interfaces ethernet eth1 speed 'auto' - -Resulting in: - -.. code-block:: none - - ethernet eth1 { - address 192.168.0.1/24 - address 2001:db8:1::ffff/64 - description INSIDE - duplex auto - hw-id 00:53:29:44:3b:19 - smp_affinity auto - speed auto - } - -In addition, Ethernet interfaces provide the extended operational commands: - -* ``show interfaces ethernet physical`` -* ``show interfaces ethernet statistics`` - -Statistics available are driver dependent. - -.. code-block:: none - - vyos@vyos:~$ show interfaces ethernet eth0 physical - Settings for eth0: - Supported ports: [ TP ] - Supported link modes: 10baseT/Half 10baseT/Full - 100baseT/Half 100baseT/Full - 1000baseT/Full - Supports auto-negotiation: Yes - Advertised link modes: 10baseT/Half 10baseT/Full - 100baseT/Half 100baseT/Full - 1000baseT/Full - Advertised pause frame use: No - Advertised auto-negotiation: Yes - Speed: 1000Mb/s - Duplex: Full - Port: Twisted Pair - PHYAD: 0 - Transceiver: internal - Auto-negotiation: on - MDI-X: Unknown - Supports Wake-on: d - Wake-on: d - Current message level: 0x00000007 (7) - Link detected: yes - driver: e1000 - version: 7.3.21-k8-NAPI - firmware-version: - bus-info: 0000:02:01.0 - - vyos@vyos:~$ show interfaces ethernet eth0 statistics - NIC statistics: - rx_packets: 3530 - tx_packets: 2179 - [...] +######## + +Configuration +############# + +Address +------- + +.. cfgcmd:: set interfaces ethernet '' address
+ + Configure ethernet interface `` with one or more interface + addresses. + + * **address** can be specified multiple times as IPv4 and/or IPv6 address, + e.g. 192.0.2.1/24 and/or 2001:db8::1/64 + * **dhcp** interface address is received by DHCP from a DHCP server on this + segment. + * **dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on + this segment. + + Example: + + .. code-block:: none + + set interfaces ethernet eth0 address 192.0.2.1/24 + set interfaces ethernet eth0 address 192.0.2.2/24 + set interfaces ethernet eth0 address 2001:db8::ffff/64 + set interfaces ethernet eth0 address 2001:db8:100::ffff/64 + +.. cfgcmd:: set interfaces ethernet '' ipv6 address autoconf + + :abbr:`SLAAC (Stateless Address Autoconfiguration)` is specified in + :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected + to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 + (Internet Control Message Protocol version 6) router discovery messages. + When first connected to a network, a host sends a link-local router + solicitation multicast request for its configuration parameters; routers + respond to such a request with a router advertisement packet that contains + Internet Layer configuration parameters. + + .. note:: This method automatically disables IPv6 traffic forwarding on the + interface in question. + +.. cfgcmd:: set interfaces ethernet '' ipv6 address eui64 '' + + :abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in + :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address. + + .. code-block:: none + + set interfaces ethernet eth0 ipv6 address eui64 2001:db8:beef::/64 + +Speed/Duplex +------------ + +.. cfgcmd:: set interfaces ethernet '' duplex + + Configure physical interface duplex setting. + + * auto - interface duplex setting is auto-negotiated + * full - always use full-duplex + * half - always use half-duplex + + VyOS default will be `auto`. + +.. cfgcmd:: set interfaces ethernet '' speed + + Configure physical interface speed setting. + + * auto - interface speed is auto-negotiated + * 10 - 10 MBit/s + * 100 - 100 MBit/s + * 1000 - 1 GBit/s + * 2500 - 2.5 GBit/s + * 5000 - 5 GBit/s + * 10000 - 10 GBit/s + * 25000 - 25 GBit/s + * 40000 - 40 GBit/s + * 50000 - 50 GBit/s + * 100000 - 100 GBit/s + + VyOS default will be `auto`. + +Link Administration +------------------- + +.. cfgcmd:: set interfaces ethernet '' description '' + + Assign given `` to interface. Description will also be passed + to SNMP monitoring systems. + +.. cfgcmd:: set interfaces ethernet '' disable + + Disable given ethernet interface. It will be placed in administratively down + state. + +.. cfgcmd:: set interfaces ethernet '' disable-flow-control + + Disable Ethernet flow control (pause frames). + + +.. cfgcmd:: set interfaces ethernet '' mac '' + + Configure user defined :abbr:`MAC (Media Access Control)` address on given + ``. + +.. cfgcmd:: set interfaces ethernet '' mtu '' + + Configure :abbr:`MTU (Maximum Transmission Unit)` on given ``. It + is the size (in bytes) of the largest ethernet frame sent on this link. + +Router Advertisements +--------------------- + +Router advertisements are described in :rfc:`4861#section-4.6.2`. They are part +of what is known as :abbr:`SLAAC (Stateless Address Autoconfiguration)`. + +.. cfgcmd:: set interfaces ethernet '' ipv6 router-advert send-advert + + Enable or disable router advertisements in this ``. + +.. cfgcmd:: set interfaces ethernet '' ipv6 router-advert prefix '' + + Prefix information is described in :rfc:`4861#section-4.6.2`. + +Operation +========= + +.. opcmd:: show interfaces ethernet + + Show Ethernet interface information + + .. code-block:: none + + vyos@vyos:~$ show interfaces ethernet + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + eth0 172.18.201.10/24 u/u LAN + eth1 172.18.202.11/24 u/u WAN + eth2 - u/D + +.. opcmd:: show interfaces ethernet '' + + Show detailed information on given `` + + .. code-block:: + + vyos@vyos:~$ show interfaces ethernet eth0 + eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 00:50:44:00:f5:c9 brd ff:ff:ff:ff:ff:ff + inet6 fe80::250:44ff:fe00:f5c9/64 scope link + valid_lft forever preferred_lft forever + + RX: bytes packets errors dropped overrun mcast + 56735451 179841 0 0 0 142380 + TX: bytes packets errors dropped carrier collisions + 5601460 62595 0 0 0 0 + +.. opcmd:: show interfaces ethernet '' physical + + Show information about physical `` + + .. code-block:: + + vyos@vyos:~$ show interfaces ethernet eth0 physical + Settings for eth0: + Supported ports: [ TP ] + Supported link modes: 1000baseT/Full + 10000baseT/Full + Supported pause frame use: No + Supports auto-negotiation: No + Supported FEC modes: Not reported + Advertised link modes: Not reported + Advertised pause frame use: No + Advertised auto-negotiation: No + Advertised FEC modes: Not reported + Speed: 10000Mb/s + Duplex: Full + Port: Twisted Pair + PHYAD: 0 + Transceiver: internal + Auto-negotiation: off + MDI-X: Unknown + Supports Wake-on: uag + Wake-on: d + Link detected: yes + driver: vmxnet3 + version: 1.4.16.0-k-NAPI + firmware-version: + expansion-rom-version: + bus-info: 0000:0b:00.0 + supports-statistics: yes + supports-test: no + supports-eeprom-access: no + supports-register-dump: yes + supports-priv-flags: no + +.. opcmd:: show interfaces ethernet '' transceiver + + Show transceiver information from plugin modules, e.g SFP+, QSFP + + .. code-block:: none + + vyos@vyos:~$ show interfaces ethernet eth5 transceiver + Identifier : 0x03 (SFP) + Extended identifier : 0x04 (GBIC/SFP defined by 2-wire interface ID) + Connector : 0x07 (LC) + Transceiver codes : 0x00 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 + Transceiver type : Ethernet: 1000BASE-SX + Encoding : 0x01 (8B/10B) + BR, Nominal : 1300MBd + Rate identifier : 0x00 (unspecified) + Length (SMF,km) : 0km + Length (SMF) : 0m + Length (50um) : 550m + Length (62.5um) : 270m + Length (Copper) : 0m + Length (OM3) : 0m + Laser wavelength : 850nm + Vendor name : CISCO-FINISAR + Vendor OUI : 00:90:65 + Vendor PN : FTRJ-8519-7D-CS4 + Vendor rev : A + Option values : 0x00 0x1a + Option : RX_LOS implemented + Option : TX_FAULT implemented + Option : TX_DISABLE implemented + BR margin, max : 0% + BR margin, min : 0% + Vendor SN : FNS092xxxxx + Date code : 0506xx + -- cgit v1.2.3 From 554e5357b73dc5bae22aa6dc058587e2a1265236 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:24:43 +0100 Subject: interface: remove addresses from basic-index --- docs/interfaces/addresses.rst | 3 +-- docs/interfaces/basic-index.rst | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/addresses.rst b/docs/interfaces/addresses.rst index 709490c8..3fc9b89b 100644 --- a/docs/interfaces/addresses.rst +++ b/docs/interfaces/addresses.rst @@ -96,8 +96,7 @@ The command is ``set interfaces $type $name ipv6 address autoconf``. Examples: set interfaces ethernet eth0 vif 90 ipv6 address autoconf set interfaces bridge br0 ipv6 address autoconf -.. note:: This method automatically disables IPv6 traffic forwarding on the - interface in question. + EUI-64 ****** diff --git a/docs/interfaces/basic-index.rst b/docs/interfaces/basic-index.rst index 67be1a90..4f950a2b 100644 --- a/docs/interfaces/basic-index.rst +++ b/docs/interfaces/basic-index.rst @@ -47,6 +47,5 @@ respective sections. .. toctree:: :maxdepth: 2 - addresses ethernet pppoe -- cgit v1.2.3 From d778d022b3f0ca4369b31b9717239e75219aa540 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:26:41 +0100 Subject: pppoe: use documented section style guide --- docs/interfaces/pppoe.rst | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/pppoe.rst b/docs/interfaces/pppoe.rst index ef595b97..f96beb50 100644 --- a/docs/interfaces/pppoe.rst +++ b/docs/interfaces/pppoe.rst @@ -1,7 +1,8 @@ .. _pppoe-interface: +##### PPPoE -===== +##### :abbr:`PPPoE (Point-to-Point Protocol over Ethernet)` is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, @@ -14,14 +15,14 @@ PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP. Operating Modes ---------------- +=============== VyOS supports setting up PPPoE in two different ways to a PPPoE internet connection. This is due to most ISPs provide a modem that is also a wireless router. Home Users -********** +---------- In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` @@ -34,7 +35,7 @@ few extra layers of complexity, particularly if you use some NAT or tunnel features. Business Users -************** +-------------- In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control @@ -51,7 +52,7 @@ configure it to open the PPPoE session for you and your DSL Transceiver vDSL/aDSL understands. Configuration Example -~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^ Requirements: @@ -95,7 +96,7 @@ assigning it to the pppoe0 itself as shown here: set interfaces ethernet eth0 pppoe 0 firewall out name NET-OUT VLAN Example -++++++++++++ +"""""""""""" Some recent ISPs require you to build the PPPoE connection through a VLAN interface. One of those ISPs is e.g. Deutsche Telekom in Germany. VyOS @@ -116,7 +117,7 @@ which is the default VLAN for Deutsche Telekom: set interfaces ethernet eth0 vif 7 pppoe 0 password 'secret' Troubleshooting ---------------- +^^^^^^^^^^^^^^^ .. opcmd:: disconnect interface -- cgit v1.2.3 From 52f5d4f1d9400a28d5ab4f8f2e5e45d84d657357 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:29:49 +0100 Subject: pppoe: indent opcmd explanations by 3 --- docs/interfaces/pppoe.rst | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/pppoe.rst b/docs/interfaces/pppoe.rst index f96beb50..9888d682 100644 --- a/docs/interfaces/pppoe.rst +++ b/docs/interfaces/pppoe.rst @@ -51,8 +51,8 @@ configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands. -Configuration Example -^^^^^^^^^^^^^^^^^^^^^ +Example +======= Requirements: @@ -96,7 +96,7 @@ assigning it to the pppoe0 itself as shown here: set interfaces ethernet eth0 pppoe 0 firewall out name NET-OUT VLAN Example -"""""""""""" +------------ Some recent ISPs require you to build the PPPoE connection through a VLAN interface. One of those ISPs is e.g. Deutsche Telekom in Germany. VyOS @@ -117,30 +117,31 @@ which is the default VLAN for Deutsche Telekom: set interfaces ethernet eth0 vif 7 pppoe 0 password 'secret' Troubleshooting -^^^^^^^^^^^^^^^ +=============== .. opcmd:: disconnect interface -Test disconnecting given connection-oriented interface. `` can be -``pppoe0`` as example. + Test disconnecting given connection-oriented interface. `` can be + ``pppoe0`` as example. .. opcmd:: connect interface -Test connecting given connection-oriented interface. `` can be -``pppoe0`` as example. + Test connecting given connection-oriented interface. `` can be + ``pppoe0`` as example. .. opcmd:: show interfaces pppoe -Check PPPoE connection logs with the following command which shows the current -statistics, status and some of the settings (i.e. MTU) for the current -connection on (e.g. ``pppoe0``) + Check PPPoE connection logs with the following command which shows the + current statistics, status and some of the settings (i.e. MTU) for the + current connection on (e.g. ``pppoe0``) .. opcmd:: show interfaces pppoe log -Show entire log for the PPPoE connection starting with the oldest data. Scroll -down with the key to reach the end where the current data is. + Show entire log for the PPPoE connection starting with the oldest data. + Scroll down with the key to reach the end where the current data is. .. opcmd:: show interfaces pppoe log tail -Shows the same log as without the 'tail' option but start with the last few -lines and continues to show added lines until you exit with ``Ctrl + x`` + Shows the same log as without the 'tail' option but start with the last few + lines and continues to show added lines until you exit with ``Ctrl + x`` + -- cgit v1.2.3 From 158bd1f9d4c077368f5850eee485689f19a35202 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:54:40 +0100 Subject: dummy: extend interface documentation --- docs/interfaces/dummy.rst | 88 +++++++++++++++++++++++++++++++++++++------- docs/interfaces/ethernet.rst | 4 +- 2 files changed, 77 insertions(+), 15 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/dummy.rst b/docs/interfaces/dummy.rst index 9dbb9668..77bd3cc2 100644 --- a/docs/interfaces/dummy.rst +++ b/docs/interfaces/dummy.rst @@ -1,25 +1,87 @@ .. _dummy-interface: +##### Dummy ------ +##### +The dummy interface is really a little exotic, but rather useful nevertheless. Dummy interfaces are much like the loopback interface, except you can have as many as you want. Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes. -Configuration commands: +Configuration +############# -.. code-block:: none +Address +------- + +.. cfgcmd:: set interfaces dummy '' address
+ + Configure dummy interface `` with one or more interface + addresses. + + * **address** can be specified multiple times as IPv4 and/or IPv6 address, + e.g. 192.0.2.1/24 and/or 2001:db8::1/64 + * **dhcp** interface address is received by DHCP from a DHCP server on this + segment. + * **dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on + this segment. + + Example: + + .. code-block:: none + + set interfaces dummy dum10 address 192.0.2.1/24 + set interfaces dummy dum10 address 192.0.2.2/24 + set interfaces dummy dum10 address 2001:db8::ffff/64 + set interfaces dummy dum10 address 2001:db8:100::ffff/64 + +Link Administration +------------------- + +.. cfgcmd:: set interfaces dummy '' description '' + + Assign given `` to interface. Description will also be passed + to SNMP monitoring systems. + +.. cfgcmd:: set interfaces dummy '' disable + + Disable given ``. It will be placed in administratively down + state. + +Operation +========= + +.. opcmd:: show interfaces dummy + + Show brief interface information.information + + .. code-block:: none + + vyos@vyos:~$ show interfaces dummy + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + dum0 172.18.254.201/32 u/u + +.. opcmd:: show interfaces dummy '' + + Show detailed information on given `` + + .. code-block:: + + vyos@vyos:~$ show interfaces ethernet eth0 + dum0: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 + link/ether 26:7c:8e:bc:fc:f5 brd ff:ff:ff:ff:ff:ff + inet 172.18.254.201/32 scope global dum0 + valid_lft forever preferred_lft forever + inet6 fe80::247c:8eff:febc:fcf5/64 scope link + valid_lft forever preferred_lft forever + + RX: bytes packets errors dropped overrun mcast + 0 0 0 0 0 0 + TX: bytes packets errors dropped carrier collisions + 1369707 4267 0 0 0 0 - vyos@vyos# set interfaces dummy dum0 - Possible completions: - + address IP address - description Interface description - disable Disable interface - > ip IPv4 routing parameters - > ipv6 IPv6 routing parameters - redirect Incoming packet redirection destination - > traffic-policy - Traffic-policy for interface diff --git a/docs/interfaces/ethernet.rst b/docs/interfaces/ethernet.rst index 4a5abded..d9d14299 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/interfaces/ethernet.rst @@ -95,7 +95,7 @@ Link Administration .. cfgcmd:: set interfaces ethernet '' disable - Disable given ethernet interface. It will be placed in administratively down + Disable given ``. It will be placed in administratively down state. .. cfgcmd:: set interfaces ethernet '' disable-flow-control @@ -132,7 +132,7 @@ Operation .. opcmd:: show interfaces ethernet - Show Ethernet interface information + Show brief interface information. .. code-block:: none -- cgit v1.2.3 From 79ccadbccbab3a44fd46b1a25940ffd26bee9554 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:56:28 +0100 Subject: interfaces: basic: rename to "Basic Interfaces" --- docs/interfaces/basic-index.rst | 46 +++-------------------------------------- 1 file changed, 3 insertions(+), 43 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/basic-index.rst b/docs/interfaces/basic-index.rst index 4f950a2b..a59d8c47 100644 --- a/docs/interfaces/basic-index.rst +++ b/docs/interfaces/basic-index.rst @@ -1,48 +1,8 @@ .. _basic_network-interfaces: -################## -Network Interfaces -################## - -Configured interfaces on a VyOS system can be displayed using the -``show interfaces`` command. - -.. code-block:: none - - vyos@vyos:~$ show interfaces - Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down - Interface IP Address S/L Description - --------- ---------- --- ----------- - eth0 172.16.51.129/24 u/u OUTSIDE - eth1 192.168.0.1/24 u/u INSIDE - lo 127.0.0.1/8 u/u - ::1/128 - -A specific interface can be shown using the ``show interfaces `` -command. - -.. code-block:: none - - vyos@vyos:~$ show interfaces ethernet eth0 - eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 - link/ether 00:53:29:44:3b:0f brd ff:ff:ff:ff:ff:ff - inet 172.16.51.129/24 brd 172.16.51.255 scope global eth0 - inet6 fe80::20c:29ff:fe44:3b0f/64 scope link - valid_lft forever preferred_lft forever - Description: OUTSIDE - - RX: bytes packets errors dropped overrun mcast - 274397 3064 0 0 0 0 - TX: bytes packets errors dropped carrier collisions - 257276 1890 0 0 0 0 - -Different network interfaces provide type-specific configuration. Ethernet -interfaces, for example, allow the configuration of speed and duplex. - -Many services, such as network routing, firewall, and traffic policy also -maintain interface-specific configuration. These will be covered in their -respective sections. - +################ +Basic Interfaces +################ .. toctree:: :maxdepth: 2 -- cgit v1.2.3 From 954ee55be75d799b57350cc3926b2a7e14d85858 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:58:15 +0100 Subject: interfaces: rename index to advanced-index --- docs/index.rst | 2 +- docs/interfaces/advanced-index.rst | 19 ++++++++++++ docs/interfaces/index.rst | 59 -------------------------------------- 3 files changed, 20 insertions(+), 60 deletions(-) create mode 100644 docs/interfaces/advanced-index.rst delete mode 100644 docs/interfaces/index.rst (limited to 'docs/interfaces') diff --git a/docs/index.rst b/docs/index.rst index 93541f39..affde670 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -33,7 +33,7 @@ VyOS User Guide :name: advanced :maxdepth: 2 - interfaces/index + interfaces/advanced-index services/index system/index firewall diff --git a/docs/interfaces/advanced-index.rst b/docs/interfaces/advanced-index.rst new file mode 100644 index 00000000..9f137198 --- /dev/null +++ b/docs/interfaces/advanced-index.rst @@ -0,0 +1,19 @@ +.. _network-interfaces: + +################## +Network Interfaces +################## + +.. toctree:: + :maxdepth: 2 + + dummy + bridge + bond + l2tpv3 + wireless + tunnel + vlan + qinq + vxlan + geneve diff --git a/docs/interfaces/index.rst b/docs/interfaces/index.rst deleted file mode 100644 index 95f60d11..00000000 --- a/docs/interfaces/index.rst +++ /dev/null @@ -1,59 +0,0 @@ -.. _network-interfaces: - -################## -Network Interfaces -################## - -Configured interfaces on a VyOS system can be displayed using the -``show interfaces`` command. - -.. code-block:: none - - vyos@vyos:~$ show interfaces - Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down - Interface IP Address S/L Description - --------- ---------- --- ----------- - eth0 172.16.51.129/24 u/u OUTSIDE - eth1 192.168.0.1/24 u/u INSIDE - lo 127.0.0.1/8 u/u - ::1/128 - -A specific interface can be shown using the ``show interfaces `` -command. - -.. code-block:: none - - vyos@vyos:~$ show interfaces ethernet eth0 - eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 - link/ether 00:53:29:44:3b:0f brd ff:ff:ff:ff:ff:ff - inet 172.16.51.129/24 brd 172.16.51.255 scope global eth0 - inet6 fe80::20c:29ff:fe44:3b0f/64 scope link - valid_lft forever preferred_lft forever - Description: OUTSIDE - - RX: bytes packets errors dropped overrun mcast - 274397 3064 0 0 0 0 - TX: bytes packets errors dropped carrier collisions - 257276 1890 0 0 0 0 - -Different network interfaces provide type-specific configuration. Ethernet -interfaces, for example, allow the configuration of speed and duplex. - -Many services, such as network routing, firewall, and traffic policy also -maintain interface-specific configuration. These will be covered in their -respective sections. - - -.. toctree:: - :maxdepth: 2 - - dummy - bridge - bond - l2tpv3 - wireless - tunnel - vlan - qinq - vxlan - geneve -- cgit v1.2.3 From acd4109c2d4b07ef7427619f93cccbd6c6e68b80 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 19:58:35 +0100 Subject: interfaces: delete obsolete addresses.rst --- docs/interfaces/addresses.rst | 174 ------------------------------------------ 1 file changed, 174 deletions(-) delete mode 100644 docs/interfaces/addresses.rst (limited to 'docs/interfaces') diff --git a/docs/interfaces/addresses.rst b/docs/interfaces/addresses.rst deleted file mode 100644 index 3fc9b89b..00000000 --- a/docs/interfaces/addresses.rst +++ /dev/null @@ -1,174 +0,0 @@ -.. _interfaces-addresses: - -Addresses ---------- - -Each interface can be configured with a description and address. Interface -addresses might be: - -* Static IPv4 ``address 172.16.51.129/24`` -* Static IPv6 ``address 2001:db8:1::ffff/64`` -* DHCP IPv4 ``address dhcp`` -* DHCP IPv6 ``address dhcpv6`` - -.. cfgcmd:: set interfaces ethernet eth0 description 'OUTSIDE' - - An interface description is assigned using the following command: - -IPv4 -^^^^ - -Static Address -************** - -This method is supported on all interfaces, apart from OpenVPN that uses -different syntax and wireless modems that are always autoconfigured through -PPP. - -The command is ``set interfaces $type $name address $address``. Examples: - -.. code-block:: none - - set interfaces ethernet eth0 address 192.0.2.1/24 - set interfaces tunnel tun0 address 10.0.0.1/30 - set interfaces bridge br0 address 203.0.113.45/26 - set interfaces ethernet eth0 vif 30 address 198.51.100.254/24 - -DHCP -**** - -This method is supported on all physical interfaces, and those that are -directly connected to a physical interface (Ethernet, VLAN, Bridge, Bond, -Pseudo-ethernet, Wireless). - -The command is ``set interfaces $type $name address dhcp``. Examples: - -.. code-block:: none - - set interfaces ethernet eth0 vif 90 address dhcp - set interfaces bridge br0 address dhcp - -IPv6 -^^^^ - -Static Address -************** - -This method is supported on all interfaces, apart from OpenVPN that uses -different syntax and wireless modems that are always autoconfigured through -PPP. Static IPv6 addresses are supported on all interfaces -except :ref:`tunnel-interface`. - -The command is ``set interfaces $type $name address $address``. Examples: - -.. code-block:: none - - set interfaces ethernet eth0 address 2001:db8:100::ffff/64 - set interfaces tunnel tun0 address 2001:db8::1/64 - set interfaces bridge br0 address 2001:db8:200::1/64 - set interfaces ethernet eth0 vif 30 address 2001:db8:3::ffff/64 - -DHCP -**** - -This method is supported on all physical interfaces, and those that are -directly connected to a physical interface (Ethernet, VLAN, Bridge, Bond, -Pseudo-ethernet, Wireless). - -The command is `set interfaces $type $name address dhcpv6`. Examples: - -.. code-block:: none - - set interfaces bonding bond1 address dhcpv6 - set interfaces bridge br0 vif 56 address dhcpv6 - -Autoconfiguration (SLAAC) -************************* - -SLAAC is specified in :rfc:`4862`. This method is supported on all physical -interfaces, and those that are directly connected to a physical interface -(Ethernet, VLAN, Bridge, Bond, Pseudo-ethernet, Wireless). - -The command is ``set interfaces $type $name ipv6 address autoconf``. Examples: - -.. code-block:: none - - set interfaces ethernet eth0 vif 90 ipv6 address autoconf - set interfaces bridge br0 ipv6 address autoconf - - - -EUI-64 -****** - -EUI-64 (64-Bit Extended Unique Identifier) as specified in :rfc:`4291`. IPv6 -addresses in /64 networks can be automatically generated from the prefix and -MAC address, if you specify the prefix. - -The command is `set interfaces $type $name ipv6 address eui64 $prefix`. -Examples: - -.. code-block:: none - - set interfaces bridge br0 ipv6 address eui64 2001:db8:beef::/64 - set interfaces pseudo-ethernet peth0 ipv6 address eui64 2001:db8:aa::/64 - - -Router Advertisements -********************* - -Router advertisements are described in :rfc:`4861#section-4.6.2`. They are part -of what is known as SLAAC (Stateless Address Autoconfiguration). - -To enable or disable, use: - -.. code-block:: none - - set interfaces ipv6 router-advert send-advert - - -To set the options described in "Router Advertisement Message Format": - -.. code-block:: none - - vyos@vyos# set interfaces ipv6 router-advert - Possible completions: - cur-hop-limit Value to be placed in the "Current Hop Limit" field in RAs - default-lifetime Value to be placed in "Router Lifetime" field in RAs - default-preference Default router preference - link-mtu Value of link MTU to place in RAs - managed-flag Value for "managed address configuration" flag in RAs - max-interval Maximum interval between unsolicited multicast RAs - min-interval Minimum interval between unsolicited multicast RAs - + name-server IPv6 address of a Recursive DNS Server - other-config-flag Value to be placed in the "other configuration" flag in RAs - +> prefix IPv6 prefix to be advertised in Router Advertisements (RAs) - reachable-time Value to be placed in "Reachable Time" field in RAs - retrans-timer Value to place in "Retrans Timer" field in RAs. - send-advert Enable/disable sending RAs - - -Prefix Information -~~~~~~~~~~~~~~~~~~ - -Prefix information is described in :rfc:`4861#section-4.6.2`. - -.. code-block:: none - - vyos@vyos# set interfaces ipv6 router-advert prefix - Possible completions: - autonomous-flag Whether prefix can be used for address auto-configuration - on-link-flag Flag that prefix can be used for on-link determination - preferred-lifetime Time in seconds that the prefix will remain preferred - valid-lifetime Time in seconds that the prefix will remain valid - -Receiving Router Advertisements -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To receive and accept RAs on an interface, you need to enable it with the -following configuration command - -.. code-block:: none - - vyos@vyos# set system sysctl custom net.ipv6.conf..accept_ra value 2 - -- cgit v1.2.3 From e0cc028ed45ff2130ac99d6a9707fca7a47c3e71 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 20:03:00 +0100 Subject: Fix warnings on code-block and inline directives --- docs/interfaces/dummy.rst | 2 +- docs/interfaces/ethernet.rst | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/dummy.rst b/docs/interfaces/dummy.rst index 77bd3cc2..1b35cefd 100644 --- a/docs/interfaces/dummy.rst +++ b/docs/interfaces/dummy.rst @@ -69,7 +69,7 @@ Operation Show detailed information on given `` - .. code-block:: + .. code-block:: none vyos@vyos:~$ show interfaces ethernet eth0 dum0: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 diff --git a/docs/interfaces/ethernet.rst b/docs/interfaces/ethernet.rst index d9d14299..d0537b41 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/interfaces/ethernet.rst @@ -33,10 +33,10 @@ Address .. cfgcmd:: set interfaces ethernet '' ipv6 address autoconf - :abbr:`SLAAC (Stateless Address Autoconfiguration)` is specified in + :abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 - (Internet Control Message Protocol version 6) router discovery messages. + (Internet Control Message Protocol version 6)` router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains @@ -148,7 +148,7 @@ Operation Show detailed information on given `` - .. code-block:: + .. code-block:: none vyos@vyos:~$ show interfaces ethernet eth0 eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 @@ -165,7 +165,7 @@ Operation Show information about physical `` - .. code-block:: + .. code-block:: none vyos@vyos:~$ show interfaces ethernet eth0 physical Settings for eth0: -- cgit v1.2.3 From e3c3a6917be3a41a48847a7775a1baeb218ef974 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Dec 2019 20:05:03 +0100 Subject: interfaces: set toc maxdepth to 1 --- docs/interfaces/advanced-index.rst | 2 +- docs/interfaces/basic-index.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/advanced-index.rst b/docs/interfaces/advanced-index.rst index 9f137198..00c1c73e 100644 --- a/docs/interfaces/advanced-index.rst +++ b/docs/interfaces/advanced-index.rst @@ -5,7 +5,7 @@ Network Interfaces ################## .. toctree:: - :maxdepth: 2 + :maxdepth: 1 dummy bridge diff --git a/docs/interfaces/basic-index.rst b/docs/interfaces/basic-index.rst index a59d8c47..3477b238 100644 --- a/docs/interfaces/basic-index.rst +++ b/docs/interfaces/basic-index.rst @@ -5,7 +5,7 @@ Basic Interfaces ################ .. toctree:: - :maxdepth: 2 + :maxdepth: 1 ethernet pppoe -- cgit v1.2.3 From 37850e2f6f9efed96c9e807fd98623465337d330 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 11:28:52 +0100 Subject: remove all enclosing '' from cfgcmd/opcmd --- docs/appendix/examples/dmvpn.rst | 4 ++-- docs/configuration-overview.rst | 2 +- docs/interfaces/dummy.rst | 8 ++++---- docs/interfaces/ethernet.rst | 30 +++++++++++++++--------------- docs/routing/bgp.rst | 10 +++++----- docs/routing/static.rst | 32 ++++++++++++++++---------------- docs/services/dhcp.rst | 26 +++++++++++++------------- docs/services/ssh.rst | 10 +++++----- docs/services/tftp.rst | 2 +- docs/services/udp-broadcast-relay.rst | 8 ++++---- docs/system/config-management.rst | 2 +- docs/system/default-route.rst | 4 ++-- docs/system/flow-accounting.rst | 30 +++++++++++++++--------------- docs/system/host-information.rst | 10 +++++----- docs/system/ntp.rst | 8 ++++---- docs/system/proxy.rst | 8 ++++---- docs/system/serial-console.rst | 6 +++--- docs/system/task-scheduler.rst | 8 ++++---- docs/system/time-zone.rst | 2 +- docs/system/user-management.rst | 26 +++++++++++++------------- 20 files changed, 118 insertions(+), 118 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/appendix/examples/dmvpn.rst b/docs/appendix/examples/dmvpn.rst index cbb9f300..49b1fcaa 100644 --- a/docs/appendix/examples/dmvpn.rst +++ b/docs/appendix/examples/dmvpn.rst @@ -17,7 +17,7 @@ Configuration set interfaces tunnel tun100 multicast 'enable' set interfaces tunnel tun100 parameters ip key '1' - set protocols nhrp tunnel tun100 cisco-authentication '' + set protocols nhrp tunnel tun100 cisco-authentication set protocols nhrp tunnel tun100 holding-time '300' set protocols nhrp tunnel tun100 multicast 'dynamic' set protocols nhrp tunnel tun100 redirect @@ -43,7 +43,7 @@ Configuration set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' - set vpn ipsec profile NHRPVPN authentication pre-shared-secret '' + set vpn ipsec profile NHRPVPN authentication pre-shared-secret set vpn ipsec profile NHRPVPN bind tunnel 'tun100' set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB' diff --git a/docs/configuration-overview.rst b/docs/configuration-overview.rst index 646f4dea..0ee4e0f5 100644 --- a/docs/configuration-overview.rst +++ b/docs/configuration-overview.rst @@ -109,7 +109,7 @@ added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands. set service ssh port '22' set system config-management commit-revisions '20' set system console device ttyS0 speed '9600' - set system login user vyos authentication encrypted-password '' + set system login user vyos authentication encrypted-password '$6$Vt68...QzF0' set system login user vyos level 'admin' set system ntp server '0.pool.ntp.org' set system ntp server '1.pool.ntp.org' diff --git a/docs/interfaces/dummy.rst b/docs/interfaces/dummy.rst index 1b35cefd..c74e5f48 100644 --- a/docs/interfaces/dummy.rst +++ b/docs/interfaces/dummy.rst @@ -16,7 +16,7 @@ Configuration Address ------- -.. cfgcmd:: set interfaces dummy '' address
+.. cfgcmd:: set interfaces dummy address
Configure dummy interface `` with one or more interface addresses. @@ -40,12 +40,12 @@ Address Link Administration ------------------- -.. cfgcmd:: set interfaces dummy '' description '' +.. cfgcmd:: set interfaces dummy description Assign given `` to interface. Description will also be passed to SNMP monitoring systems. -.. cfgcmd:: set interfaces dummy '' disable +.. cfgcmd:: set interfaces dummy disable Disable given ``. It will be placed in administratively down state. @@ -65,7 +65,7 @@ Operation --------- ---------- --- ----------- dum0 172.18.254.201/32 u/u -.. opcmd:: show interfaces dummy '' +.. opcmd:: show interfaces dummy Show detailed information on given `` diff --git a/docs/interfaces/ethernet.rst b/docs/interfaces/ethernet.rst index d0537b41..693634fb 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/interfaces/ethernet.rst @@ -10,7 +10,7 @@ Configuration Address ------- -.. cfgcmd:: set interfaces ethernet '' address
+.. cfgcmd:: set interfaces ethernet address
Configure ethernet interface `` with one or more interface addresses. @@ -31,7 +31,7 @@ Address set interfaces ethernet eth0 address 2001:db8::ffff/64 set interfaces ethernet eth0 address 2001:db8:100::ffff/64 -.. cfgcmd:: set interfaces ethernet '' ipv6 address autoconf +.. cfgcmd:: set interfaces ethernet ipv6 address autoconf :abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected @@ -45,7 +45,7 @@ Address .. note:: This method automatically disables IPv6 traffic forwarding on the interface in question. -.. cfgcmd:: set interfaces ethernet '' ipv6 address eui64 '' +.. cfgcmd:: set interfaces ethernet ipv6 address eui64 :abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address. @@ -57,7 +57,7 @@ Address Speed/Duplex ------------ -.. cfgcmd:: set interfaces ethernet '' duplex +.. cfgcmd:: set interfaces ethernet duplex Configure physical interface duplex setting. @@ -67,7 +67,7 @@ Speed/Duplex VyOS default will be `auto`. -.. cfgcmd:: set interfaces ethernet '' speed +.. cfgcmd:: set interfaces ethernet speed Configure physical interface speed setting. @@ -88,27 +88,27 @@ Speed/Duplex Link Administration ------------------- -.. cfgcmd:: set interfaces ethernet '' description '' +.. cfgcmd:: set interfaces ethernet description Assign given `` to interface. Description will also be passed to SNMP monitoring systems. -.. cfgcmd:: set interfaces ethernet '' disable +.. cfgcmd:: set interfaces ethernet disable Disable given ``. It will be placed in administratively down state. -.. cfgcmd:: set interfaces ethernet '' disable-flow-control +.. cfgcmd:: set interfaces ethernet disable-flow-control Disable Ethernet flow control (pause frames). -.. cfgcmd:: set interfaces ethernet '' mac '' +.. cfgcmd:: set interfaces ethernet mac Configure user defined :abbr:`MAC (Media Access Control)` address on given ``. -.. cfgcmd:: set interfaces ethernet '' mtu '' +.. cfgcmd:: set interfaces ethernet mtu Configure :abbr:`MTU (Maximum Transmission Unit)` on given ``. It is the size (in bytes) of the largest ethernet frame sent on this link. @@ -119,11 +119,11 @@ Router Advertisements Router advertisements are described in :rfc:`4861#section-4.6.2`. They are part of what is known as :abbr:`SLAAC (Stateless Address Autoconfiguration)`. -.. cfgcmd:: set interfaces ethernet '' ipv6 router-advert send-advert +.. cfgcmd:: set interfaces ethernet ipv6 router-advert send-advert Enable or disable router advertisements in this ``. -.. cfgcmd:: set interfaces ethernet '' ipv6 router-advert prefix '' +.. cfgcmd:: set interfaces ethernet ipv6 router-advert prefix Prefix information is described in :rfc:`4861#section-4.6.2`. @@ -144,7 +144,7 @@ Operation eth1 172.18.202.11/24 u/u WAN eth2 - u/D -.. opcmd:: show interfaces ethernet '' +.. opcmd:: show interfaces ethernet Show detailed information on given `` @@ -161,7 +161,7 @@ Operation TX: bytes packets errors dropped carrier collisions 5601460 62595 0 0 0 0 -.. opcmd:: show interfaces ethernet '' physical +.. opcmd:: show interfaces ethernet physical Show information about physical `` @@ -200,7 +200,7 @@ Operation supports-register-dump: yes supports-priv-flags: no -.. opcmd:: show interfaces ethernet '' transceiver +.. opcmd:: show interfaces ethernet transceiver Show transceiver information from plugin modules, e.g SFP+, QSFP diff --git a/docs/routing/bgp.rst b/docs/routing/bgp.rst index d8860e15..14ea1238 100644 --- a/docs/routing/bgp.rst +++ b/docs/routing/bgp.rst @@ -159,14 +159,14 @@ BGP Router Configuration ASN and Router ID ----------------- -.. cfgcmd:: set protocols bgp '' +.. cfgcmd:: set protocols bgp First of all you must configure BGP router with the :abbr:`ASN (Autonomous System Number)`. The AS number is an identifier for the autonomous system. The BGP protocol uses the AS number for detecting whether the BGP connection is internal or external. -.. cfgcmd:: set protocols bgp '' parameters router-id +.. cfgcmd:: set protocols bgp parameters router-id This command specifies the router-ID. If router ID is not specified it will use the highest interface IP address. @@ -174,19 +174,19 @@ ASN and Router ID Route Selection --------------- -.. cfgcmd:: set protocols bgp '' parameters bestpath as-path confed +.. cfgcmd:: set protocols bgp parameters bestpath as-path confed This command specifies that the length of confederation path sets and sequences should should be taken into account during the BGP best path decision process. -.. cfgcmd:: set protocols bgp '' parameters bestpath as-path multipath-relax +.. cfgcmd:: set protocols bgp parameters bestpath as-path multipath-relax This command specifies that BGP decision process should consider paths of equal AS_PATH length candidates for multipath computation. Without the knob, the entire AS_PATH must match for multipath computation. -.. cfgcmd:: set protocols bgp '' parameters bestpath as-path ignore +.. cfgcmd:: set protocols bgp parameters bestpath as-path ignore Ignore AS_PATH length when selecting a route diff --git a/docs/routing/static.rst b/docs/routing/static.rst index cebe42fa..52a73354 100644 --- a/docs/routing/static.rst +++ b/docs/routing/static.rst @@ -18,32 +18,32 @@ used to determine the forwarding table used for unicast packet forwarding. Static Routes ############# -.. cfgcmd:: set protocols static route '' next-hop '
' +.. cfgcmd:: set protocols static route next-hop
Configure next-hop `
` for an IPv4 static route. Multiple static routes can be created. -.. cfgcmd:: set protocols static route '' next-hop '
' disable +.. cfgcmd:: set protocols static route next-hop
disable Disable this IPv4 static route entry. -.. cfgcmd:: set protocols static route '' next-hop '
' distance '' +.. cfgcmd:: set protocols static route next-hop
distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. Range is 1 to 255, default is 1. -.. cfgcmd:: set protocols static route6 '' next-hop '
' +.. cfgcmd:: set protocols static route6 next-hop
Configure next-hop `
` for an IPv6 static route. Multiple static routes can be created. -.. cfgcmd:: set protocols static route6 '' next-hop '
' disable +.. cfgcmd:: set protocols static route6 next-hop
disable Disable this IPv6 static route entry. -.. cfgcmd:: set protocols static route6 '' next-hop '
' distance '' +.. cfgcmd:: set protocols static route6 next-hop
distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. @@ -57,34 +57,34 @@ Static Routes Interface Routes ================ -.. cfgcmd:: set protocols static interface-route '' next-hop-interface '' +.. cfgcmd:: set protocols static interface-route next-hop-interface Allows you to configure the next-hop interface for an interface-based IPv4 static route. `` will be the next-hop interface where trafic is routed for the given ``. -.. cfgcmd:: set protocols static interface-route '' next-hop-interface '' disable +.. cfgcmd:: set protocols static interface-route next-hop-interface disable Disables interface-based IPv4 static route. -.. cfgcmd:: set protocols static interface-route '' next-hop-interface '' distance '' +.. cfgcmd:: set protocols static interface-route next-hop-interface distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. Range is 1 to 255, default is 1. -.. cfgcmd:: set protocols static interface-route6 '' next-hop-interface '' +.. cfgcmd:: set protocols static interface-route6 next-hop-interface Allows you to configure the next-hop interface for an interface-based IPv6 static route. `` will be the next-hop interface where trafic is routed for the given ``. -.. cfgcmd:: set protocols static interface-route6 '' next-hop-interface '' disable +.. cfgcmd:: set protocols static interface-route6 next-hop-interface disable Disables interface-based IPv6 static route. -.. cfgcmd:: set protocols static interface-route6 '' next-hop-interface '' distance '' +.. cfgcmd:: set protocols static interface-route6 next-hop-interface distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. @@ -95,7 +95,7 @@ Interface Routes Blackhole ========= -.. cfgcmd:: set protocols static route '' blackhole +.. cfgcmd:: set protocols static route blackhole Use this command to configure a "black-hole" route on the router. A black-hole route is a route for which the system silently discard packets @@ -103,12 +103,12 @@ Blackhole it does not prevent them from being used as a more specific route inside your network. -.. cfgcmd:: set protocols static route '' blackhole distance '' +.. cfgcmd:: set protocols static route blackhole distance Defines blackhole distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. -.. cfgcmd:: set protocols static route6 '' blackhole +.. cfgcmd:: set protocols static route6 blackhole Use this command to configure a "black-hole" route on the router. A black-hole route is a route for which the system silently discard packets @@ -116,7 +116,7 @@ Blackhole it does not prevent them from being used as a more specific route inside your network. -.. cfgcmd:: set protocols static route6 '' blackhole distance '' +.. cfgcmd:: set protocols static route6 blackhole distance Defines blackhole distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. diff --git a/docs/services/dhcp.rst b/docs/services/dhcp.rst index 94efeaf1..bcadb673 100644 --- a/docs/services/dhcp.rst +++ b/docs/services/dhcp.rst @@ -146,23 +146,23 @@ inside the subnet definition but can be outside of the range statement. DHCP Options ------------ -.. cfgcmd:: set service dhcp-server shared-network-name '' subnet 192.0.2.0/24 default-router '
' +.. cfgcmd:: set service dhcp-server shared-network-name subnet 192.0.2.0/24 default-router
Specify the default routers IPv4 address which should be used in this subnet. This can - of course - be a VRRP address (DHCP option 003). -.. cfgcmd:: set service dhcp-server shared-network-name '' subnet 192.0.2.0/24 dns-server '
' +.. cfgcmd:: set service dhcp-server shared-network-name subnet 192.0.2.0/24 dns-server
Specify the DNS nameservers used (Option 006). This option may be used mulltiple times to specify additional DNS nameservers. -.. cfgcmd:: set service dhcp-server shared-network-name '' subnet 192.0.2.0/24 domain-name '' +.. cfgcmd:: set service dhcp-server shared-network-name subnet 192.0.2.0/24 domain-name The domain-name parameter should be the domain name that will be appended to the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP Option 015). -.. cfgcmd:: set service dhcp-server shared-network-name '' subnet 192.0.2.0/24 domain-search '' +.. cfgcmd:: set service dhcp-server shared-network-name subnet 192.0.2.0/24 domain-search The domain-name parameter should be the domain name used when completing DNS request where no full FQDN is passed. This option can be given multiple times @@ -401,41 +401,41 @@ Configuration Options Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``. -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' lease-time {default | maximum | minimum} +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet lease-time {default | maximum | minimum} The default lease time for DHCPv6 leases is 24 hours. This can be changed by supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values need to be supplied in seconds. -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' nis-domain '' +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet nis-domain A :abbr:`NIS (Network Information Service)` domain can be set to be used for DHCPv6 clients. -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' nisplus-domain '' +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet nisplus-domain The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one: -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' nis-server '
' +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet nis-server
Specify a NIS server address for DHCPv6 clients. -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' nisplus-server '
' +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet nisplus-server
Specify a NIS+ server address for DHCPv6 clients. -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' sip-server-address '
' +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet sip-server-address
Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address for all DHCPv6 clients. -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' sip-server-name '' +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet sip-server-name Specify a :abbr:`SIP (Session Initiation Protocol)` server by FQDN for all DHCPv6 clients. -.. cfgcmd:: set service dhcpv6-server shared-network-name '' subnet '' sntp-server-address '
' +.. cfgcmd:: set service dhcpv6-server shared-network-name subnet sntp-server-address
A SNTP server address can be specified for DHCPv6 clients. @@ -570,7 +570,7 @@ https://wiki.vyos.net/wiki/Network_address_setup. Configuration ------------- -.. cfgcmd:: set service dhcp-relay interface '' +.. cfgcmd:: set service dhcp-relay interface Enable the DHCP relay service on the given interface. diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index fde575ea..1dd996d4 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -30,17 +30,17 @@ and integrity of data over an unsecured network, such as the Internet. Configuration ============= -.. cfgcmd:: set service ssh port '' +.. cfgcmd:: set service ssh port -Enabling SSH only requires you to specify the port ```` you want SSH to +Enabling SSH only requires you to specify the port ```` you want SSH to listen on. By default, SSH runs on port 22. -.. cfgcmd:: set service ssh listen-address '
' +.. cfgcmd:: set service ssh listen-address
Specify IPv4/IPv6 listen address of SSH server. Multiple addresses can be defined. -.. cfgcmd:: set service ssh ciphers '' +.. cfgcmd:: set service ssh ciphers Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers. @@ -71,7 +71,7 @@ security! Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible. -.. cfgcmd:: set service ssh macs '' +.. cfgcmd:: set service ssh macs Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. diff --git a/docs/services/tftp.rst b/docs/services/tftp.rst index 8647dfa8..ce87011c 100644 --- a/docs/services/tftp.rst +++ b/docs/services/tftp.rst @@ -22,7 +22,7 @@ files. content on image upgrades. Any directory under ``/config`` is save at this will be migrated. -.. cfgcmd:: set service tftp-server listen-address '
' +.. cfgcmd:: set service tftp-server listen-address
Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening diff --git a/docs/services/udp-broadcast-relay.rst b/docs/services/udp-broadcast-relay.rst index 10939c9d..f9e1b03e 100644 --- a/docs/services/udp-broadcast-relay.rst +++ b/docs/services/udp-broadcast-relay.rst @@ -17,23 +17,23 @@ support 99 IDs! Configuration ------------- -.. cfgcmd:: set service broadcast-relay id '' description '' +.. cfgcmd:: set service broadcast-relay id description A description can be added for each and every unique relay ID. This is usefull to distinguish between multiple different ports/appliactions. -.. cfgcmd:: set service broadcast-relay id '' interface '' +.. cfgcmd:: set service broadcast-relay id interface The interface used to receive and relay individual broadcast packets. If you want to receive/relay packets on both `eth1` and `eth2` both interfaces need to be added. -.. cfgcmd:: set service broadcast-relay id '' port '' +.. cfgcmd:: set service broadcast-relay id port The UDP port number used by your apllication. It is mandatory for this kind of operation. -.. cfgcmd:: set service broadcast-relay id '' disable +.. cfgcmd:: set service broadcast-relay id disable Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command: diff --git a/docs/system/config-management.rst b/docs/system/config-management.rst index df2a80aa..9d65adb3 100644 --- a/docs/system/config-management.rst +++ b/docs/system/config-management.rst @@ -13,7 +13,7 @@ stored on a remote host for archiving/backup reasons. Change the number of commit revisions to ``, the default setting for this value is to store 20 revisions locally. -.. cfgcmd:: set system config-management commit-archive location '' +.. cfgcmd:: set system config-management commit-archive location If you want to save all config changes to a remote destination. Set the commit-archive location. Every time a commit is successfully the diff --git a/docs/system/default-route.rst b/docs/system/default-route.rst index a46790e4..27c74188 100644 --- a/docs/system/default-route.rst +++ b/docs/system/default-route.rst @@ -5,13 +5,13 @@ Default Gateway/Route ##################### In the past (VyOS 1.1) used a gateway-address configured under the system tree -(:cfgcmd:`set system gateway-address '
'`), this is no longer supported +(:cfgcmd:`set system gateway-address
`), this is no longer supported and existing configurations are migrated to the new CLI command. Configuration ============= -.. cfgcmd:: set protocols static route 0.0.0.0/0 next-hop '
' +.. cfgcmd:: set protocols static route 0.0.0.0/0 next-hop
Specify static route into the routing table sending all non local traffic to the nexthop address `
`. diff --git a/docs/system/flow-accounting.rst b/docs/system/flow-accounting.rst index 52a2a18d..df58e1f3 100644 --- a/docs/system/flow-accounting.rst +++ b/docs/system/flow-accounting.rst @@ -45,7 +45,7 @@ Configururation In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting. -.. cfgcmd:: set system flow-accounting interface '' +.. cfgcmd:: set system flow-accounting interface Configure and enable collection of flow information for the interface identified by ``. @@ -68,12 +68,12 @@ you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command: -.. cfgcmd:: set system flow-accounting buffer-size '' +.. cfgcmd:: set system flow-accounting buffer-size In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility: -.. cfgcmd:: set system flow-accounting syslog-facility '' +.. cfgcmd:: set system flow-accounting syslog-facility Flow Export @@ -85,7 +85,7 @@ exported them to a collection server. NetFlow ^^^^^^^ -.. cfgcmd:: set system flow-accounting netflow version '' +.. cfgcmd:: set system flow-accounting netflow version There are multiple versions available for the NetFlow data. The `` used in the exported flow data can be configured here. The following @@ -95,20 +95,20 @@ NetFlow * **9** - NetFlow version 9 (default) * **10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917` -.. cfgcmd:: set system flow-accounting netflow server '
' +.. cfgcmd:: set system flow-accounting netflow server
Configure address of NetFlow collector. NetFlow server at `
` can be both listening on an IPv4 or IPv6 address. -.. cfgcmd:: set system flow-accounting netflow source-ip '
' +.. cfgcmd:: set system flow-accounting netflow source-ip
IPv4 or IPv6 source address of NetFlow packets -.. cfgcmd:: set system flow-accounting netflow engine-id '' +.. cfgcmd:: set system flow-accounting netflow engine-id NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255. -.. cfgcmd:: set system flow-accounting netflow sampling-rate '' +.. cfgcmd:: set system flow-accounting netflow sampling-rate Use this command to configure the sampling rate for flow accounting. The system samples one in every `` packets, where `` is the value @@ -120,7 +120,7 @@ NetFlow Per default every packet is sampled (that is, the sampling rate is 1). -.. cfgcmd:: set system flow-accounting netflow timeout expiry interval '' +.. cfgcmd:: set system flow-accounting netflow timeout expiry interval Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds. @@ -128,24 +128,24 @@ NetFlow You may also additionally configure timeouts for different types of connections. -.. cfgcmd:: set system flow-accounting netflow max-flows '' +.. cfgcmd:: set system flow-accounting netflow max-flows If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192). sFlow ^^^^^ -.. cfgcmd:: set system flow-accounting sflow server '
' +.. cfgcmd:: set system flow-accounting sflow server
Configure address of sFlow collector. sFlow server at `
` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time! -.. cfgcmd:: set system flow-accounting sflow sampling-rate '' +.. cfgcmd:: set system flow-accounting sflow sampling-rate Enable sampling of packets, which will be transmitted to sFlow collectors. -.. cfgcmd:: set system flow-accounting sflow agent-address '
' +.. cfgcmd:: set system flow-accounting sflow agent-address
Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By @@ -169,7 +169,7 @@ Operation Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces. -.. opcmd:: show flow-accounting interface '' +.. opcmd:: show flow-accounting interface Show flow accounting information for given ``. @@ -186,7 +186,7 @@ display captured network traffic information for all configured interfaces. eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 40006 22 tcp 16 146 1 9444 eth0 00:53:01:b2:22:48 00:53:02:58:a2:92 192.0.2.100 192.0.2.14 0 0 icmp 192 27 1 4455 -.. opcmd:: show flow-accounting interface '' host '
' +.. opcmd:: show flow-accounting interface host
Show flow accounting information for given `` for a specific host only. diff --git a/docs/system/host-information.rst b/docs/system/host-information.rst index e4cbd584..30efe01e 100644 --- a/docs/system/host-information.rst +++ b/docs/system/host-information.rst @@ -20,7 +20,7 @@ network and is used to distinguish one device from another on specific networks or over the internet. On the other hand this will be the name which appears on the command line prompt. -.. cfgcmd:: set system host-name '' +.. cfgcmd:: set system host-name Set system hostname. The hostname can be up to 63 characters. A hostname must start and end with a letter or digit, and have as interior characters @@ -36,7 +36,7 @@ unique. VyOS appends the domain name as a suffix to any unqualified name. For example, if you set the domain name `example.com`, and you would ping the unqualified name of `crux`, then VyOS qualifies the name to `crux.example.com`. -.. cfgcmd:: set system domain-name '' +.. cfgcmd:: set system domain-name Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen. @@ -48,16 +48,16 @@ How an IP address is assigned to an interface in :ref:`ethernet-interface`. This section shows how to statically map an IP address to a hostname for local (meaning on this VyOS instance) name resolution. -.. cfgcmd:: set system static-host-mapping host-name '' inet '
' +.. cfgcmd:: set system static-host-mapping host-name inet
Create a static hostname mapping which will always resolve the name `` to IP address `
`. -.. cfgcmd:: set system static-host-mapping host-name '' alias '' +.. cfgcmd:: set system static-host-mapping host-name alias Create named `` for the configured static mapping for ``. Thus the address configured as :cfgcmd:`set system static-host-mapping - host-name '' inet '
'` can be reached via multiple names. + host-name inet
` can be reached via multiple names. Multiple aliases can pe specified per host-name. diff --git a/docs/system/ntp.rst b/docs/system/ntp.rst index 0836f2fa..5fd1837f 100644 --- a/docs/system/ntp.rst +++ b/docs/system/ntp.rst @@ -33,9 +33,9 @@ in :rfc:`1305`. Configuration ============= -.. cfgcmd:: set system ntp server '
' +.. cfgcmd:: set system ntp server
- Configure one or more servers for synchronisation. Server name cen be either + Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`. There are 3 default NTP server set. You are able to change them. @@ -44,13 +44,13 @@ Configuration * 1.pool.ntp.org * 2.pool.ntp.org -.. cfgcmd:: set system ntp listen-address '
' +.. cfgcmd:: set system ntp listen-address
Setup VyOS as an NTP responder, you must specify the `
` and optionally the permitted clients. Multiple listen addresses can be configured. -.. cfgcmd:: set system ntp allow-clients address '
' +.. cfgcmd:: set system ntp allow-clients address
List of networks or client addresses permitted to contact this NTP server. Multiple networks can be configured. diff --git a/docs/system/proxy.rst b/docs/system/proxy.rst index 40bdf998..8e0339a7 100644 --- a/docs/system/proxy.rst +++ b/docs/system/proxy.rst @@ -8,21 +8,21 @@ Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`). -.. cfgcmd:: set system proxy url '' +.. cfgcmd:: set system proxy url Set proxy for all connections initiated by VyOS, including HTTP, HTTPS, and FTP (anonymous ftp). -.. cfgcmd:: set system proxy port '' +.. cfgcmd:: set system proxy port Configure proxy port if it does not listen to the default port 80. -.. cfgcmd:: set system proxy username '' +.. cfgcmd:: set system proxy username Some proxys require/support the "basic" HTTP authentication scheme as per :rfc:`7617`, thus a username can be configured. -.. cfgcmd:: set system proxy password '' +.. cfgcmd:: set system proxy password Some proxys require/support the "basic" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured. diff --git a/docs/system/serial-console.rst b/docs/system/serial-console.rst index cd27fa21..309c6ad2 100644 --- a/docs/system/serial-console.rst +++ b/docs/system/serial-console.rst @@ -16,7 +16,7 @@ access to the console is the only way to diagnose and correct software failures. Major upgrades to the installed distribution may also require console access. -.. cfgcmd:: set system console device '' +.. cfgcmd:: set system console device Defines the specified device as a system console. Available console devices can be (see completion helper): @@ -25,7 +25,7 @@ Major upgrades to the installed distribution may also require console access. * ``ttyUSBX`` - USB Serial device name * ``hvc0`` - Xen console -.. cfgcmd:: set system console device '' speed '' +.. cfgcmd:: set system console device speed The speed (baudrate) of the console device. Supported values are: @@ -44,6 +44,6 @@ Network Console TBD. -.. cfgcmd:: set system console network '' +.. cfgcmd:: set system console network ... and many more commands ... \ No newline at end of file diff --git a/docs/system/task-scheduler.rst b/docs/system/task-scheduler.rst index 869a0600..382da39f 100644 --- a/docs/system/task-scheduler.rst +++ b/docs/system/task-scheduler.rst @@ -11,7 +11,7 @@ use of UNIX cron_. be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration. -.. cfgcmd:: set system task-scheduler task '' interval '' +.. cfgcmd:: set system task-scheduler task interval Specify the time interval when `` should be executed. The interval is specified as number with one of the following suffixes: @@ -23,17 +23,17 @@ use of UNIX cron_. .. note:: If suffix is omitted, minutes are implied. -.. cfgcmd:: set system task-scheduler task '' crontab-spec '' +.. cfgcmd:: set system task-scheduler task crontab-spec Set execution time in common cron_ time format. A cron `` of ``30 */6 * * *`` would execute the `` at minute 30 past every 6th hour. -.. cfgcmd:: set system task-scheduler task '' executable path '' +.. cfgcmd:: set system task-scheduler task executable path Specify absolute `` to script which will be run when `` is executed. -.. cfgcmd:: set system task-scheduler task '' executable arguments '' +.. cfgcmd:: set system task-scheduler task executable arguments Arguments which will be passed to the executable. diff --git a/docs/system/time-zone.rst b/docs/system/time-zone.rst index d65e1d78..025c4376 100644 --- a/docs/system/time-zone.rst +++ b/docs/system/time-zone.rst @@ -8,7 +8,7 @@ Time Zone setting is very important as e.g all your logfile entries will be based on the configured zone. Without proper time zone configuration it will be very difficult to compare logfiles from different systems. -.. cfgcmd:: set system time-zone '' +.. cfgcmd:: set system time-zone Specify the systems `` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US diff --git a/docs/system/user-management.rst b/docs/system/user-management.rst index b2dd3d08..bb9a6e90 100644 --- a/docs/system/user-management.rst +++ b/docs/system/user-management.rst @@ -15,23 +15,23 @@ Authentication Dial-In User Service)` accounts are supported. Local ===== -.. cfgcmd:: set system login user '' full-name "" +.. cfgcmd:: set system login user full-name "" Create new system user with username `` and real-name specified by ``. -.. cfgcmd:: set system login user '' authentication plaintext-password '' +.. cfgcmd:: set system login user authentication plaintext-password Specify the plaintext password user by user `` on this system. The plaintext password will be automatically transferred into a secure hashed password and not saved anywhere in plaintext. -.. cfgcmd:: set system login user '' authentication encrypted-password '' +.. cfgcmd:: set system login user authentication encrypted-password Setup encrypted password for given username. This is usefull for transferring a hashed password from system to system. -.. cfgcmd:: set system login user '' group '' +.. cfgcmd:: set system login user group Specify additional group membership for given username ``. @@ -55,12 +55,12 @@ and paste it. Some terminal emulators may accidentally split this over several lines. Be attentive when you paste it that it only pastes as a single line. The third part is simply an identifier, and is for your own reference. -.. cfgcmd:: set system login user '' authentication public-keys '' key '' +.. cfgcmd:: set system login user authentication public-keys key Assign the SSH public key portion `` identified by per-key `` to the local user ``. -.. cfgcmd:: set system login user '' authentication public-keys '' type '' +.. cfgcmd:: set system login user authentication public-keys type Every SSH public key portion referenced by `` requires the configuration of the `` of public-key used. This type can be any of: @@ -75,7 +75,7 @@ The third part is simply an identifier, and is for your own reference. .. note:: You can assign multiple keys to the same user by using a unique identifier per SSH key. -.. cfgcmd:: loadkey '' '' +.. cfgcmd:: loadkey SSH keys can not only be specified on the command-line but also loaded for a given user with `` from a file pointed to by `.` Keys @@ -113,17 +113,17 @@ Dial-In User Service)` servers as backend for user authentication. Configuration ------------- -.. cfgcmd:: set system login radius server '
' secret '' +.. cfgcmd:: set system login radius server
secret Specify the `
` of the RADIUS server user with the pre-shared-secret given in ``. Multiple servers can be specified. -.. cfgcmd:: set system login radius server '
' port '' +.. cfgcmd:: set system login radius server
port Configure the discrete port under which the RADIUS server can be reached. This defaults to 1812. -.. cfgcmd:: set system login radius server '
' timeout '' +.. cfgcmd:: set system login radius server
timeout Setup the `` in seconds when querying the RADIUS server. @@ -132,7 +132,7 @@ Configuration the attribute you will only get regular, non privilegued, system users. -.. cfgcmd:: set system login radius source-address '
' +.. cfgcmd:: set system login radius source-address
RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be @@ -148,12 +148,12 @@ Login Banner You are able to set post-login or pre-login banner messages to display certain information for this system. -.. cfgcmd:: set system login banner pre-login '' +.. cfgcmd:: set system login banner pre-login Configure `` which is shown during SSH connect and before a user is logged in. -.. cfgcmd:: set system login banner post-login '' +.. cfgcmd:: set system login banner post-login Configure `` which is shown after user has logged in to the system. -- cgit v1.2.3 From 92f65db0256c6f3bef42c62cb32ce02512944743 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:13:36 +0100 Subject: loopback: add missing interface description --- docs/interfaces/basic-index.rst | 1 + docs/interfaces/loopback.rst | 69 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 docs/interfaces/loopback.rst (limited to 'docs/interfaces') diff --git a/docs/interfaces/basic-index.rst b/docs/interfaces/basic-index.rst index 3477b238..c652c7bb 100644 --- a/docs/interfaces/basic-index.rst +++ b/docs/interfaces/basic-index.rst @@ -8,4 +8,5 @@ Basic Interfaces :maxdepth: 1 ethernet + loopback pppoe diff --git a/docs/interfaces/loopback.rst b/docs/interfaces/loopback.rst new file mode 100644 index 00000000..ccdc88e5 --- /dev/null +++ b/docs/interfaces/loopback.rst @@ -0,0 +1,69 @@ +.. _loopback-interface: + +######## +Loopback +######## + +The loopback networking interface is a virtual network device implemented +entirely in software. All traffic sent to it "loops back" and just targets +services on your local machine. + +.. note:: There can only be one loopback ``lo`` interface on the system. If + you need multiple interfaces, please use the :ref:`dummy-interface` + interface type. + +Configuration +============= + +Address +------- + +.. cfgcmd:: set interfaces loopback lo address
+ + Configure Loopback interface `lo` with one or more interface addresses. + + * **address** can be specified multiple times as IPv4 and/or IPv6 address, + e.g. 192.0.2.1/24 and/or 2001:db8::1/64 + +Link Administration +------------------- + +.. cfgcmd:: set interfaces loopback lo description + + Assign given `` to interface `lo`. Description will also be + passed to SNMP monitoring systems. + +Operation +========= + +.. opcmd:: show interfaces loopback + + Show brief interface information. + + .. code-block:: none + + vyos@vyos:~$ show interfaces loopback + Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down + Interface IP Address S/L Description + --------- ---------- --- ----------- + lo 127.0.0.1/8 u/u + ::1/128 + +.. opcmd:: show interfaces loopback lo + + Show detailed information on given loopback interface `lo`. + + .. code-block:: none + + vyos@vyos:~$ show interfaces ethernet eth0 + lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + + RX: bytes packets errors dropped overrun mcast + 300 6 0 0 0 0 + TX: bytes packets errors dropped carrier collisions + 300 6 0 0 0 0 -- cgit v1.2.3 From d1d636612fbf4bb80ad9097ed451f845ab4690c7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:14:06 +0100 Subject: dummy: add reference to loopback interface --- docs/interfaces/dummy.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/dummy.rst b/docs/interfaces/dummy.rst index c74e5f48..3bf7bc1d 100644 --- a/docs/interfaces/dummy.rst +++ b/docs/interfaces/dummy.rst @@ -5,10 +5,10 @@ Dummy ##### The dummy interface is really a little exotic, but rather useful nevertheless. -Dummy interfaces are much like the loopback interface, except you can have -as many as you want. Dummy interfaces can be used as interfaces that always -stay up (in the same fashion to loopbacks in Cisco IOS), or for testing -purposes. +Dummy interfaces are much like the :ref:`loopback-interface` interface, except +you can have as many as you want. Dummy interfaces can be used as interfaces +that always stay up (in the same fashion to loopbacks in Cisco IOS), or for +testing purposes. Configuration ############# -- cgit v1.2.3 From 158b50d2476d5e5efe3189f4a933aa480f9b0a43 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:15:24 +0100 Subject: geneve: add Configuration headline --- docs/interfaces/geneve.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/interfaces') diff --git a/docs/interfaces/geneve.rst b/docs/interfaces/geneve.rst index dc762738..b0bfde06 100644 --- a/docs/interfaces/geneve.rst +++ b/docs/interfaces/geneve.rst @@ -32,6 +32,9 @@ Geneve Header: | Variable Length Options | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +Configuration +============= + .. cfgcmd:: set interfaces geneve gnv0 address '192.0.2.2/24' Create GENEVE tunnel listening on local address `192.0.2.2/24`. -- cgit v1.2.3 From 5a09b36ecbcfcfa3f71861d7c586b9edee73b61a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:17:20 +0100 Subject: vxlan: use documented section style guide --- docs/interfaces/vxlan.rst | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/vxlan.rst b/docs/interfaces/vxlan.rst index e597e167..04e38f7e 100644 --- a/docs/interfaces/vxlan.rst +++ b/docs/interfaces/vxlan.rst @@ -1,7 +1,8 @@ .. _vxlan-interface: +##### VXLAN ------ +##### :abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization technology that attempts to address the scalability problems associated with large cloud @@ -33,7 +34,7 @@ may be blocked by the hypervisor. per VXLAN interface basis to get it working accross multiple vendors. Multicast VXLAN -^^^^^^^^^^^^^^^^ +=============== Example Topology: @@ -65,8 +66,8 @@ For optimal scalability Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leafs. Unfortunately, VyOS does not yet support this. -Configuration commands -^^^^^^^^^^^^^^^^^^^^^^ +Configuration +============= .. code-block:: none @@ -83,8 +84,8 @@ Configuration commands remote # Remote address of the VXLAN tunnel, used for PTP instead of multicast vni <1-16777215> # Virtual Network Identifier (required) -Configuration Example -^^^^^^^^^^^^^^^^^^^^^ +Example +------- The setup is this: @@ -239,7 +240,7 @@ configuration directive to support a user-specified destination port to override that behavior is available using the above command. Older Examples -^^^^^^^^^^^^^^ +-------------- Example for bridging normal L2 segment and vxlan overlay network, and using a vxlan interface as routing interface. @@ -304,7 +305,7 @@ gateway. You can add an IP to a bridge to create a gateway. } Unicast VXLAN -^^^^^^^^^^^^^ +============= Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can set directly. Let's change the Multicast example from above: -- cgit v1.2.3 From ce35b285a9a90c73343d32165f25991ea6b63ab8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:42:41 +0100 Subject: dummy: smoothen IPv6 address description --- docs/interfaces/dummy.rst | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/dummy.rst b/docs/interfaces/dummy.rst index 3bf7bc1d..7fee2700 100644 --- a/docs/interfaces/dummy.rst +++ b/docs/interfaces/dummy.rst @@ -19,14 +19,8 @@ Address .. cfgcmd:: set interfaces dummy address
Configure dummy interface `` with one or more interface - addresses. - - * **address** can be specified multiple times as IPv4 and/or IPv6 address, - e.g. 192.0.2.1/24 and/or 2001:db8::1/64 - * **dhcp** interface address is received by DHCP from a DHCP server on this - segment. - * **dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on - this segment. + addresses. Address can be specified multiple times as IPv4 and/or IPv6 + address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64 Example: -- cgit v1.2.3 From 460c8b7a43434d1c914b654f5940a087bbe9019e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:42:58 +0100 Subject: loopback: smoothen IPv6 address description --- docs/interfaces/loopback.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/loopback.rst b/docs/interfaces/loopback.rst index ccdc88e5..2d554de4 100644 --- a/docs/interfaces/loopback.rst +++ b/docs/interfaces/loopback.rst @@ -21,9 +21,8 @@ Address .. cfgcmd:: set interfaces loopback lo address
Configure Loopback interface `lo` with one or more interface addresses. - - * **address** can be specified multiple times as IPv4 and/or IPv6 address, - e.g. 192.0.2.1/24 and/or 2001:db8::1/64 + Address can be specified multiple times as IPv4 and/or IPv6 address, e.g. + 192.0.2.1/24 and/or 2001:db8::1/64. Link Administration ------------------- -- cgit v1.2.3 From 779858390878e81e16fa02347182da52547bef05 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:43:20 +0100 Subject: ethernet: add (A/D) shortcut for admin down --- docs/interfaces/ethernet.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/ethernet.rst b/docs/interfaces/ethernet.rst index 693634fb..0c2347e4 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/interfaces/ethernet.rst @@ -96,7 +96,7 @@ Link Administration .. cfgcmd:: set interfaces ethernet disable Disable given ``. It will be placed in administratively down - state. + (``A/D``) state. .. cfgcmd:: set interfaces ethernet disable-flow-control -- cgit v1.2.3 From 5811a15d43b7d58796bdbe80e4dfb66c36d6d579 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:43:45 +0100 Subject: vxlan: use documented section style guide --- docs/interfaces/vxlan.rst | 204 ++++++++++++++++++++++++---------------------- 1 file changed, 107 insertions(+), 97 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/vxlan.rst b/docs/interfaces/vxlan.rst index 04e38f7e..927eb40b 100644 --- a/docs/interfaces/vxlan.rst +++ b/docs/interfaces/vxlan.rst @@ -33,12 +33,108 @@ may be blocked by the hypervisor. for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working accross multiple vendors. +Configuration +============= + +Address +------- + +.. cfgcmd:: set interfaces vxlan address
+ + Configure VXLAN interface `` with one or more interface + addresses. Address can be specified multiple times as IPv4 and/or IPv6 + address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64 + + Example: + + .. code-block:: none + + set interfaces vxlan vxlan0 address 192.0.2.1/24 + set interfaces vxlan vxlan0 address 192.0.2.2/24 + set interfaces vxlan vxlan0 address 2001:db8::ffff/64 + set interfaces vxlan vxlan0 address 2001:db8:100::ffff/64 + + +.. cfgcmd:: set interfaces vxlan ipv6 address autoconf + + :abbr:`SLAAC (Stateless Address Autoconfiguration)` + :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected + to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 + (Internet Control Message Protocol version 6)` router discovery messages. + When first connected to a network, a host sends a link-local router + solicitation multicast request for its configuration parameters; routers + respond to such a request with a router advertisement packet that contains + Internet Layer configuration parameters. + + +.. cfgcmd:: set interfaces vxlan ipv6 address eui64 + + :abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in + :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address. + + .. code-block:: none + + set interfaces vxlan vxlan0 ipv6 address eui64 2001:db8:beef::/64 + + +.. cfgcmd:: set interfaces vxlan link + + Interface used for VXLAN underlay. This is mandatory when using VXLAN via + a multicast network. VXLAN traffic will always enter and exit this interface. + + +.. cfgcmd:: set interfaces vxlan group
+ + Multicast group address for VXLAN interface. VXLAN tunnels can be built + either via Multicast or via Unicast. + + +.. cfgcmd:: set interfaces vxlan remote
+ + IPv4 remote address of the VXLAN tunnel. Alternative to multicast, the + remote IPv4 address of the VXLAN tunnel can set directly. + + +.. cfgcmd:: set interfaces vxlan port + + Configure port number of remote VXLAN endpoint. + + .. note:: As VyOS is Linux based the default port used is not using 4789 + as the default IANA-assigned destination UDP port number. Instead VyOS + uses the Linux default port of 8472. + + +.. cfgcmd:: set interfaces vxlan vni + + Each VXLAN segment is identified through a 24-bit segment ID, termed the + :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))`, This allows + up to 16M VXLAN segments to coexist within the same administrative domain. + + +Link Administration +------------------- + +.. cfgcmd:: set interfaces vxlan description + + Assign given `` to interface. Description will also be passed + to SNMP monitoring systems. + +.. cfgcmd:: set interfaces vxlan disable + + Disable given ``. It will be placed in administratively down + (``A/D``) state. + +.. cfgcmd:: set interfaces vxlan mtu + + Configure :abbr:`MTU (Maximum Transmission Unit)` on given ``. It + is the size (in bytes) of the largest ethernet frame sent on this link. + MTU ranges from 1450 to 9000 bytes. For best performance you should have + a MTU > 1550 bytes on your underlay. + Multicast VXLAN =============== -Example Topology: - -PC4 - Leaf2 - Spine1 - Leaf3 - PC5 +Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5 PC4 has IP 10.0.0.4/24 and PC5 has IP 10.0.0.5/24, so they believe they are in the same broadcast domain. @@ -66,30 +162,10 @@ For optimal scalability Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leafs. Unfortunately, VyOS does not yet support this. -Configuration -============= - -.. code-block:: none - - interfaces - vxlan - address # IP address of the VXLAN interface - description # Description - group # IPv4 Multicast group address (required) - ip # IPv4 routing options - ipv6 # IPv6 routing options - link # IP interface for underlay of this vxlan overlay (optional) - mtu # MTU - policy # Policy routing options - remote # Remote address of the VXLAN tunnel, used for PTP instead of multicast - vni <1-16777215> # Virtual Network Identifier (required) - Example ------- -The setup is this: - -Leaf2 - Spine1 - Leaf3 +The setup is this: Leaf2 - Spine1 - Leaf3 Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2. @@ -112,7 +188,7 @@ Topology: Eth0 towards Spine1, IP-address 10.1.3.3/24 Eth1 towards a vlan-aware switch -Spine1 Configuration: +**Spine1 Configuration:** .. code-block:: none @@ -132,10 +208,10 @@ Spine1 Configuration: Multicast-routing is required for the leafs to forward traffic between each other in a more scalable way. This also requires PIM to be enabled towards the -Leafs so that the Spine can learn what multicast groups each Leaf expect traffic -from. +Leafs so that the Spine can learn what multicast groups each Leaf expect +traffic from. -Leaf2 configuration: +**Leaf2 configuration:** .. code-block:: none @@ -160,7 +236,7 @@ Leaf2 configuration: set interfaces vxlan vxlan242 link 'eth0' set interfaces vxlan vxlan242 vni '242' -Leaf3 configuration: +**Leaf3 configuration:** .. code-block:: none @@ -239,77 +315,11 @@ its pre-standard value of 8472 to preserve backwards compatibility. A configuration directive to support a user-specified destination port to override that behavior is available using the above command. -Older Examples --------------- - -Example for bridging normal L2 segment and vxlan overlay network, and using a -vxlan interface as routing interface. - -.. code-block:: none - - interfaces { - bridge br0 { - member { - interface vxlan0 { - } - } - } - ethernet eth0 { - address dhcp - } - loopback lo { - } - vxlan vxlan0 { - group 239.0.0.1 - vni 0 - } - vxlan vxlan1 { - address 192.168.0.1/24 - link eth0 - group 239.0.0.1 - vni 1 - } - } - -Here is a working configuration that creates a VXLAN between two routers. Each -router has a VLAN interface (26) facing the client devices and a VLAN interface -(30) that connects it to the other routers. With this configuration, traffic -can flow between both routers' VLAN 26, but can't escape since there is no L3 -gateway. You can add an IP to a bridge to create a gateway. - -.. code-block:: none - - interfaces { - bridge br0 { - member { - interface eth0.26 { - } - interface vxlan0 { - } - } - } - ethernet eth0 { - duplex auto - smp-affinity auto - speed auto - vif 30 { - address 10.7.50.6/24 - } - } - loopback lo { - } - vxlan vxlan0 { - group 239.0.0.241 - vni 241 - } - } - Unicast VXLAN ============= -Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can set directly. -Let's change the Multicast example from above: - +Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be +set directly. Let's change the Multicast example from above: .. code-block:: none -- cgit v1.2.3 From 0632e8d8d0c2f2eb70ede5f02aa9c77cab2be2d0 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 12:44:44 +0100 Subject: bridge: use documented section style guide --- docs/interfaces/bridge.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/bridge.rst b/docs/interfaces/bridge.rst index a7bbbca6..50f0a58c 100644 --- a/docs/interfaces/bridge.rst +++ b/docs/interfaces/bridge.rst @@ -1,7 +1,8 @@ .. _bridge-interface: +###### Bridge ------- +###### Interfaces in VyOS can be bridged together to provide software switching of Layer-2 traffic. -- cgit v1.2.3 From cd5f73a781c46ee6b702e4056e769a5a66cffdc9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 13:18:24 +0100 Subject: ethernet: use common wording on interface address --- docs/interfaces/ethernet.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/ethernet.rst b/docs/interfaces/ethernet.rst index 0c2347e4..1a1edb32 100644 --- a/docs/interfaces/ethernet.rst +++ b/docs/interfaces/ethernet.rst @@ -12,8 +12,7 @@ Address .. cfgcmd:: set interfaces ethernet address
- Configure ethernet interface `` with one or more interface - addresses. + Configure interface `` with one or more interface addresses. * **address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64 -- cgit v1.2.3 From 37ad1d5bc694daf3ffd7ad8ef317cdb42735c425 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 30 Dec 2019 13:19:01 +0100 Subject: bridge: rewrite with new cfgcmd/opcmd syntax --- docs/interfaces/bridge.rst | 308 +++++++++++++++++++++++++++++++++------------ 1 file changed, 230 insertions(+), 78 deletions(-) (limited to 'docs/interfaces') diff --git a/docs/interfaces/bridge.rst b/docs/interfaces/bridge.rst index 50f0a58c..18fb19ba 100644 --- a/docs/interfaces/bridge.rst +++ b/docs/interfaces/bridge.rst @@ -4,110 +4,262 @@ Bridge ###### -Interfaces in VyOS can be bridged together to provide software switching of -Layer-2 traffic. +A Bridge is a way to connect two Ethernet segments together in a protocol +independent way. Packets are forwarded based on Ethernet address, rather than +IP address (like a router). Since forwarding is done at Layer 2, all protocols +can go transparently through a bridge. The Linux bridge code implements a +subset of the ANSI/IEEE 802.1d standard. -A bridge is created when a bridge interface is defined. In the example below -we create a bridge named br100 with eth1 and eth2 as the bridge member ports. +Configuration +############# -.. code-block:: none +Address +------- - set interfaces bridge 'br100' - set interfaces bridge br100 member interface eth1 - set interfaces bridge br100 member interface eth2 +.. cfgcmd:: set interfaces bridge address
-Each bridge member can be assiged a port cost and priority using the following -commands: + Configure interface `` with one or more interface addresses. -.. code-block:: none + * **address** can be specified multiple times as IPv4 and/or IPv6 address, + e.g. 192.0.2.1/24 and/or 2001:db8::1/64 + * **dhcp** interface address is received by DHCP from a DHCP server on this + segment. + * **dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on + this segment. - set interfaces bridge br100 member interface eth1 cost 10 - set interfaces bridge br100 member interface eth1 priority 1024 + Example: -Interfaces assigned to a bridge do not have address configuration. An IP -address can be assigned to the bridge interface itself, however, like any -normal interface. + .. code-block:: none -.. code-block:: none + set interfaces bridge br0 address 192.0.2.1/24 + set interfaces bridge br0 address 192.0.2.2/24 + set interfaces bridge br0 address 2001:db8::ffff/64 + set interfaces bridge br0 address 2001:db8:100::ffff/64 - set interfaces bridge br100 address '192.168.100.1/24' - set interfaces bridge br100 address '2001:db8:100::1/64' -Example Result: +.. cfgcmd:: set interfaces bridge ipv6 address autoconf -.. code-block:: none + :abbr:`SLAAC (Stateless Address Autoconfiguration)` + :rfc:`4862`. IPv6 hosts can configure themselves automatically when connected + to an IPv6 network using the Neighbor Discovery Protocol via :abbr:`ICMPv6 + (Internet Control Message Protocol version 6)` router discovery messages. + When first connected to a network, a host sends a link-local router + solicitation multicast request for its configuration parameters; routers + respond to such a request with a router advertisement packet that contains + Internet Layer configuration parameters. - bridge br100 { - address 192.168.100.1/24 - address 2001:db8:100::1/64 - member { - interface eth1 { - cost 10 - priority 1024 - } - interface eth2 { - } - } + .. note:: This method automatically disables IPv6 traffic forwarding on the + interface in question. - } - [...] -In addition to normal IP interface configuration, bridge interfaces support -Spanning-Tree Protocol. STP is disabled by default. +.. cfgcmd:: set interfaces bridge ipv6 address eui64 -.. note:: Please use caution when introducing spanning-tree protocol on a - network as it may result in topology changes. + :abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in + :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address. -To enable spanning-tree use the `set interfaces bridge stp` command: + .. code-block:: none -.. code-block:: none + set interfaces bridge eth0 ipv6 address eui64 2001:db8:beef::/64 - set interfaces bridge br100 stp -STP `priority`, `forwarding-delay`, `hello-time`, and `max-age` can be -configured for the bridge. The MAC aging time can also be configured -using the `aging` directive. +.. cfgcmd:: set interfaces bridge aging