The Vyatta CLI has two command modes: operational mode and configuration mode.
Operational mode provides access to operational commands for showing and clearing information and enabling or disabling debugging, as well as commands for configuring terminal settings, loading and saving configuration, and restarting the system. When you log in to the system, the system is in operational mode.
Configuration mode provides access to commands for creating, modifying, deleting, committing and showing configuration information and commands for navigating through the configuration hierarchy.
To enter configuration mode from operational mode, enter the configure command.
To return to operational mode from configuration mode, enter the exit command. If uncommitted changes remain, you must either commit the changes, by using the commit command, or discard the changes, by using the discard command (or exit discard), before you can exit to operational mode. When the system is restarted, it loads the last saved configuration.
Entering the exit command in operational mode logs you off the system.
To access the CLI, you log in to the DANOS vRouter, either directly through the VGA console, a serial console, or remotely by using a Secure Shell (SSH) or Telnet session. The VGA console also provides nine virtual console sessions. These virtual consoles (tty1 through tty9) can be accessed by using the key combinations ALT-F1 (for tty1) through ALT-F9 (for tty9). tty1 through tty6 provide a login prompt. tty7 through tty9 are not used.
Regardless of the access method you choose, after the startup messages are completed, the login prompt appears, as follows:
vyatta login:
Log in by using the ID and password of a defined user account.
By default, the system has one predefined user account: the vyatta user. The default password for the vyatta account is vyatta. The vyatta user has administrator-level privileges and can execute all DANOS vRouter commands and all operating system commands.
The DANOS vRouter supports three privilege levels for users: Operator, Admin and Superuser.
Operator users have read-only access to configuration plus the ability to execute DANOS vRouter operational commands. Operator users can view in operational mode (by using show commands), configure their terminal settings (by using the set terminal command), and exit from the Vyatta CLI (by using the exit command). Operator users cannot enter configuration mode; however, they can display configuration by entering the show configuration command in operational mode.
Basic commands for displaying information (for example, show configuration plus the pipe commands, such as more, for managing display output) are available. Commands that use control constructs (such as if, for, and so on), list operators (such as ;, &&, and so on), and redirection are not available to operator users.
To create an operator user, enter the following command:
vyatta@vyatta# set system login user user-name level operatorvyatta@vyatta# set system login user user-name authentication plaintext-password passwordvyatta@vyatta# commit
where user-name is the ID of the user account you are creating and password is the password you are assigning to the user.
Operating system shell commands are not available to operator users and, consequently, the list of commands returned by using command completion for operator-level users is restricted to DANOS vRouter commands.
Administrator (admin) users have full access to the Vyatta CLI. Admin users can view, configure, and delete information and execute all DANOS vRouter operational commands. Admin users can also execute all non root operating system shell commands and constructs.
The vyatta default user is an admin user.
To create an admin user, enter the following set of commands in configuration mode.
vyatta@vyatta# set system login user user-name level adminvyatta@vyatta# set system login user user-name authentication plaintext-password passwordvyatta@vyatta# commit
where user-name is the ID of the user account you want to create and password is the password you are assigning to the user.
Although operating system shell commands are always available to admin users, they are not shown when these users employ command completion to query the CLI for available commands. This is because there are several hundred operating system shell commands and constructs available at any time: showing all available operating system shell commands makes it very difficult to distinguish available CLI commands.
Admin users can see available commands by entering ? at the command prompt.
Superuser users have all the access privileges of an admin user, but also have full sudo/root access to the operating system. TACACS+ command restrictions are not applied to the user with users with superuser level access.
To create a superuser user, enter the following command:
vyatta@vyatta# set system login user user-name level superuservyatta@vyatta# set system login user user-name authentication plaintext-password passwordvyatta@vyatta# commit
where user-name is the ID of the user account you are creating and password is the password you are assigning to the user.
To save keystrokes, the system accepts unambiguous command prefixes in place of the full command. For example, typing sh configu inoperational mode is equivalent to typing show configuration.
You can also have the system automatically complete a command syntax by entering or pressing any of the following at the command prompt.
<TAB>
Automatic completion of a command
If the command is unambiguous, the system generates the next token in the syntax.
If more than one completion is possible, the system displays the set of possible tokens. Pressing <Tab> a second time displays command help for each possible token.
?
The set of possible tokens. Pressing ? a second time displays command help for each possible token.
In configuration mode, the following symbols are displayed next to nodes in their completion help text to indicate the node type.
+
Multinode
>
Non-leaf node
+>
Tag node (multiple non-leaf)
You can remove the restriction on command completion by setting the VYATTA_RESTRICTED_MODE environment variable to none, as follows:
export VYATTA_RESTRICTED_MODE=none
This setting removes the restriction on command completion for all users, regardless of privilege level.
Operational commands are run in operational mode. The operational commands available to you can be displayed by entering ? at the command prompt in operational mode.
You can run an operational command without leaving configuration mode by using the run command.
Several versions of system configuration information exist on the system at a given time.
Active or “running” configuration
This configuration is the one that is loaded and being used by the system.
Candidate configuration
When you enter configuration mode and make configuration changes, changes remain in candidate configuration until you commit the changes, at which time the configuration becomes active or running.
DANOS vRouter configuration is organized as a hierarchy of configuration statements, with a hierarchical tree of nodes similar to the directory structure on a UNIX file system. Three kinds of statements exist:
Configuration nodes. These nodes can be either
Single-nodes (just one instance can be created; for example, the service ssh timeout)
Multi-nodes (more than one instance can be created; for example, service ssh port)
Attribute statements. These statements set the values or characteristics for parameters within a node.
You can tell where you are in the configuration tree by the [edit] prompt, which is context sensitive.
At the top of the configuration tree, the [edit] prompt looks like this:[edit]
When you are in another location, the edit prompt indicates your location by showing the node hierarchy in order, like this:[edit service ssh]
The following commands for navigating in configuration mode are available:
edit config-node
Navigates to the specified configuration node for editing.
The node must already be created the configuration committed.
exit
Jumps to the top of the configuration tree.
If you are already at the top of the configuration tree, exit from configuration mode and return to operational mode.
top
Jumps to the top of the configuration tree.
up
Moves up one node in the configuration tree.
Use the show command in configuration mode to display configuration. You can restrict the display to a particular node by specifying the path to the node.
The following example shows how to display configuration for all configured interfaces.
vyatta@R1# show interfaces
interfaces {
dataplane dp0p1s1 {
address 10.10.1.1/24
mac 00:13:46:e6:f6:87
}
dataplane dp0s2 {
address dhcp
}
loopback lo
} |
The following example shows how to display configuration for only the dp0p1s1 dataplane interface.
vyatta@R1# show interfaces dataplane dp0p1s1
dataplane dp0p1s1 {
address 10.10.1.1/24
mac 00:13:46:e6:f6:87
} |
When the display is too large for one screen, the display stops after one screen is shown. In this case, press one of the following keys to perform the indicated action.
<Enter> to display the next line
<Space> to display the next screen
<q> to interrupt the display and return to the command prompt
You can display configuration information without leaving operational mode by using the show configuration command, as in the following example.
vyatta@R1:~$ show configuration
interfaces { [0/3747]
dataplane dp0p1s1 {
address 10.10.1.1/24
hw-id 00:13:46:e6:f6:87
}
dataplane dp0s2 {
address dhcp
}
loopback lo
}
service {
netconf
ssh {
port 22
port 830
}
telnet
} |
Add new configuration by creating a configuration node by using the set command in configuration mode. Modify existing configuration by using the set command in configuration mode, as in the following example.
vyatta@R1# set interfaces dataplane dp0p1s1 address 192.168.1.100/24 vyatta@R1# |
Then use the show command to see the change.
vyatta@R1# show interfaces dataplane dp0p1s1 +address 192.168.1.100/24 mac 00:13:46:e6:f6:87 vyatta@R1# |
Notice the plus sign (+) in front of the new statement. This + shows that this statement has been added to the configuration, but the change is not yet committed. The change does not take effect until the configuration is committed by using the commit command.
Another option is to use the compare command to see the change.
vyatta@R1# compare [edit interfaces dataplane dp0p1s1] +address 192.168.1.100/24 vyatta@R1# |
You can change the configuration from the root of the configuration tree or use the edit command to navigate to the part of the tree where you want to modify or add a configuration.
The configuration tree is nearly empty when you first startup, except for a few automatically configured nodes. You must create a node for any functionality you want to configure on the system. When a node is created, any default values that exist for its attributes are applied to the node.
Use the delete command to delete a configuration statement or a complete configuration node, as in the following example.
vyatta@R1# delete interfaces dataplane dp0p1s1address 192.168.1.100/24
Then use the show command to see the change.
vyatta@R1# show interfaces dataplane dp0p1s1 -address 192.168.1.100/24 mac 00:13:46:e6:f6:87 vyatta@R1# |
Notice the minus sign (-) in front of the deleted statement. This - shows that this statement has been deleted from the configuration, but the change is not yet committed. The change does not take effect until configuration is committed by using the commit command.
Another option is to use the compare command to see the change.
vyatta@R1# compare [edit interfaces dataplane dp0p1s1] -address 192.168.1.100/24 vyatta@R1# |
Some configuration nodes are mandatory; these nodes cannot be deleted. Some configuration nodes are mandatory but have default values; if you delete one of these nodes, the default value is restored.
In a DANOS vRouter, configuration changes do not take effect until you commit them by using the commit command.
vyatta@R1# commit
A line that contains uncommitted changes is flagged as follows:
> to indicate the line has been modified
+ to indicate the line has been added
- to indicate the line has been deleted
After you commit the changes, the flag disappears, as in the following example.
vyatta@R1# show interfaces dataplane dp0p1s1 -address 192.168.1.100/24 mac 00:13:46:e6:f6:87 vyatta@R1# commit vyatta@R1# show interfaces dataplane dp0p1s1 mac 00:13:46:e6:f6:87 vyatta@R1# |
When you commit changes in the configuration mode, the changes are saved to the startup configuration. As a result, the changes are preserved even after a reboot. |
If your login username is not a member of the "secrets" login user group and you either save a configuration through the REST API or use the save command, the encrypted passwords in the configuration file are replaced with the ******** placeholder. If you load this configuration, the replaced password fields trigger validation errors because the placeholder does not match the format for an encrypted password. Do not commit this configuration. If you ignore the error message |
You cannot exit from configuration mode with uncommitted configuration changes; you must either commit the changes or discard them. If you do not want to commit the changes, you can discard them by using the exit discard command.
vyatta@R1# exit Cannot exit: configuration modified. Use 'exit discard' to discard the changes and exit. vyatta@R1# exit discard vyatta@R1:~$ |