Getting Started
Command modes
The Vyatta CLI has two command modes: operational mode and configuration mode.
Operational mode provides access to operational commands for showing and clearing information and enabling or disabling debugging, as well as commands for configuring terminal settings, loading and saving configuration, and restarting the system. When you log in to the system, the system is in operational mode.
Configuration mode provides access to commands for creating, modifying, deleting, committing and showing configuration information and commands for navigating through the configuration hierarchy.
To enter configuration mode from operational mode, enter the
configure
command.To return to operational mode from configuration mode, enter the
exit
command. If uncommitted changes remain, you must eithercommit
the changes, by using the commit command, or discard the changes, by using thediscard
command (orexit discard
), before you can exit to operational mode. When the system is restarted, it loads the last saved configuration.
Entering the exit
command in operational mode logs you off the system.
Accessing the CLI
To access the CLI, you log in to the DANOS vRouter, either directly through the VGA console, a serial console, or remotely by using a Secure Shell (SSH) or Telnet session. The VGA console also provides nine virtual console sessions. These virtual consoles (tty1 through tty9) can be accessed by using the key combinations ALT-F1 (for tty1) through ALT-F9 (for tty9). tty1 through tty6 provide a login prompt. tty7 through tty9 are not used.
Regardless of the access method you choose, after the startup messages are completed, the login prompt appears, as follows:
vyatta login:
Log in by using the ID and password of a defined user account.
By default, the system has one predefined user account: the vyatta user. The default password for the vyatta account is vyatta. The vyatta user has administrator-level privileges and can execute all DANOS vRouter commands and all operating system commands.
User privilege levels
The DANOS vRouter supports three privilege levels for users: Operator, Admin and Superuser.
Operator users
Operator users have read-only access to configuration plus the ability to execute DANOS vRouter operational commands. Operator users can view in operational mode (by using show
commands), configure their terminal settings (by using the set terminal command), and exit from the Vyatta CLI (by using the exit
command). Operator users cannot enter configuration mode; however, they can display configuration by entering the show configuration
command in operational mode.
Basic commands for displaying information (for example, show configuration
plus the pipe
commands, such as more
, for managing display output) are available. Commands that use control constructs (such as if
, for
, and so on), list operators (such as ;, &&, and so on), and redirection are not available to operator users.
To create an operator user, enter the following command:
vyatta@vyatta# set system login user user-name level operator
vyatta@vyatta# set system login user user-name authentication plaintext-password password
vyatta@vyatta# commit
where user-name is the ID of the user account you are creating and password is the password you are assigning to the user.
Operating system shell commands are not available to operator users and, consequently, the list of commands returned by using command completion for operator-level users is restricted to DANOS vRouter commands.
Admin users
Administrator (admin) users have full access to the Vyatta CLI. Admin users can view, configure, and delete information and execute all DANOS vRouter operational commands. Admin users can also execute all non-root operating system shell commands and constructs.
The vyatta default user is an admin user.
To create an admin user, enter the following set of commands in configuration mode.
vyatta@vyatta# set system login user user-name level admin
vyatta@vyatta# set system login user user-name authentication plaintext-password password
vyatta@vyatta# commit
where user-name is the ID of the user account you want to create and password is the password you are assigning to the user.
Although operating system shell commands are always available to admin users, they are not shown when these users employ command completion to query the CLI for available commands. This is because there are several hundred operating system shell commands and constructs available at any time: showing all available operating system shell commands makes it very difficult to distinguish available CLI commands.
Admin users can see available commands by entering ?
at the command prompt.
Superuser users
Superuser users have all the access privileges of an admin user, but also have full sudo/root access to the operating system. TACACS+ command restrictions are not applied to the user with users with superuser level access.
To create a superuser user, enter the following command:
vyatta@vyatta# set system login user user-name level superuser
vyatta@vyatta# set system login user user-name authentication plaintext-password password
vyatta@vyatta# commit
where user-name is the ID of the user account you are creating and password is the password you are assigning to the user.
Command completion
To save keystrokes, the system accepts unambiguous command prefixes in place of the full command. For example, typing sh configu
inoperational mode is equivalent to typing show configuration
.
You can also have the system automatically complete a command syntax by entering or pressing any of the following at the command prompt.
<TAB>
Automatic completion of a command
If the command is unambiguous, the system generates the next token in the syntax.
If more than one completion is possible, the system displays the set of possible tokens. Pressing <Tab> a second time displays command help for each possible token.
?
The set of possible tokens. Pressing ? a second time displays command help for each possible token.
In configuration mode, the following symbols are displayed next to nodes in their completion help text to indicate the node type.
+
Multinode
>
Non-leaf node
+>
Tag node (multiple non-leaf)
You can remove the restriction on command completion by setting the VYATTA_RESTRICTED_MODE environment variable to none, as follows:
export VYATTA_RESTRICTED_MODE=none
This setting removes the restriction on command completion for all users, regardless of privilege level.
Operational commands
Running operational commands
Operational commands are run in operational mode. The operational commands available to you can be displayed by entering ?
at the command prompt in operational mode.
Running an operational command in configuration mode
You can run an operational command without leaving configuration mode by using the run
command.