Edition mode¶
Enter into a context¶
The configuration is organized hierarchically. All configuration is
available under the config node.
config/
├── system
│ ├── auth
│ ├── fast-path
│ └── ...
└── vrf
├── dns
├── interface
└── ...
To enter into a context, type its name, followed by the key in case of a list.
vsr running config#
vsr running config# vrf main
vsr running vrf main# interface
vsr running interface# physical eth0
vsr running physical eth0#
This can also be done in one command:
vsr running config# vrf main interface physical eth0
vsr running physical eth0#
Note
The CLI commands are generated from YANG files, which also specifies the NETCONF API of the device. A CLI context corresponds to a container or a list statement in the YANG file.
Set configuration values¶
To set the value of a leaf, type its name and its value:
vsr running physical eth0# port pci-b0s4
vsr running physical eth0# mtu 1500
vsr running physical eth0# show config
physical eth0
(...)
port pci-b0s4
mtu 1500
(...)
Several leaves can be set in one command, achieving the same result:
vsr running physical eth0# port pci-b0s4 mtu 1500
vsr running physical eth0#
Finally, it is possible to set the value of leaves that are in a different path. In that case, specify the path, followed by the leaves and their values. Note that the current directory remains unchanged.
vsr running config# vrf main interface physical eth0 mtu 1500 port pci-b0s4
vsr running config#
Note
The CLI commands are generated from YANG files, which also specifies the NETCONF API of the device. A CLI configuration leaf corresponds to a leaf or a leaflist statement in the YANG file.
Delete a configuration node¶
A configuration node (either a leaf or a context) can be deleted with
the command del, followed by the path of the node:
vsr running physical eth0# mtu 1500
vsr running physical eth0# show config
physical eth0
(...)
mtu 1500
(...)
vsr running physical eth0# del mtu
vsr running physical eth0# show config
[... no mtu ...]
Complex configuration commands¶
Some commands need to have a more complex syntax, because a couple
name/value is not sufficient. In this case, the CLI behavior is
customized with extensions in the YANG files.
Particularly, a YANG container or list can be used to define oneliner commands. For example, the interface IP neighbor context uses an extension to have a specific syntax:
neighbor <ip> link-layer-address <mac>
The following example shows that it does not follow the same syntax than the simple case described above. Each neighbor is identified by its key, and the argument attached to the neighbor is mandatory. To delete a neighbor, only the key is needed.
vsr running ipv4# neighbor 10.100.0.0 link-layer-address 11:11:11:11:11:11
vsr running ipv4# neighbor 10.200.0.0 link-layer-address 22:22:22:22:22:22
vsr running ipv4# show config
ipv4
neighbor 10.100.0.0 link-layer-address 11:11:11:11:11:11
neighbor 10.200.0.0 link-layer-address 22:22:22:22:22:22
enabled true
..
vsr running ipv4# del neighbor 10.100.0.0
vsr running ipv4# show config
ipv4
neighbor 10.200.0.0 link-layer-address 22:22:22:22:22:22
enabled true
..
Show configuration¶
The show config command is used to display the configuration. In edition
mode, it shows the staging configuration by default, relative to the
current path.
The syntax of the command is: show config [staging|running|startup|(file <file>)]
[text|xml|json] [all|nodefault] [relative|absolute] [fullpath|nopath]
[show-passwords|hide-passwords] [<path...>]
Note
show config (show the configuration) should not be confused with
show state (get the operational state).
vsr running config# vrf main ssh-server
vsr running ssh-server# show config
ssh-server
enabled true
port 22
..
It is possible to show the running or the startup configuration:
vsr running config# vrf main ssh-server
vsr running ssh-server# show config running
ssh-server
enabled true
port 22
..
The configuration can be displayed in different format (text, xml or json):
vsr running config# vrf main ssh-server
vsr running ssh-server# show config json
{
"vrouter-ssh-server:ssh-server": {
"enabled": true,
"port": 22
}
}
The configuration nodes set to the default value can be stripped from
the configuration with nodefault (in this example port set to 22
and enabled set to true are not displayed):
vsr running config# vrf main ssh-server
vsr running ssh-server# show config xml nodefault
<ssh-server xmlns="urn:6wind:vrouter/ssh-server">
</ssh-server>
A path can be specified, which can be absolute, or relative to the current path:
vsr running config# vrf main ssh-server
vsr running ssh-server# show config
ssh-server
enabled true
port 22
..
vsr running ssh-server#
vsr running ssh-server# show config .. ..
config
vrf main
ssh-server
enabled true
port 22
..
..
..
vsr running ssh-server# show config /
config
vrf main
ssh-server
enabled true
port 22
..
..
..
vsr running ssh-server# show config / vrf main ssh-server
ssh-server
enabled true
port 22
..
The configuration root path can be relative (default), or absolute.
If absolute is specified, all the parent containers are displayed,
but the configuration that is not in the specified path is stripped.
This example demonstrates the feature:
vsr running ssh-server# show config /
vrf main
ssh-server
enabled true
port 22
..
..
vrf vr1
..
vsr running ssh-server# show config
ssh-server
enabled true
port 22
..
vsr running ssh-server# show config absolute
vrf main
ssh-server
enabled true
port 22
..
..
When the configuration is displayed in a text format, the full path can
be prepended to each node. This eases copy/paste, or filtering using the
match output filter:
vsr running ssh-server# show config fullpath
/ vrf main ssh-server
/ vrf main ssh-server enabled true
/ vrf main ssh-server port 22
The show config command is also available in the operational mode. In this
case, the running configuration is displayed by default as there is no
staging configuration.
All configurations above are displayed in plain text. If you do not want to
display some sensitive data like passwords, specify hide-passwords.
Below, it displays TACACS+ servers configured on the system:
vsr> show config system aaa tacacs
tacas 1
address 127.0.0.1
port 49
secret test_tacacs
timeout 3
vrf main
..
vsr> show config hide-passwords system aaa tacacs
tacas 1
address 127.0.0.1
port 49
secret HIDDEN
timeout 3
vrf main
..
By default, sensitive information is displayed with the show config command.
You can change this behavior in the cliconfig:
vsr> cliconfig
vsr config.xml /# display-password false
vsr config.xml /# save
Saving in config.xml
File exists. Overwrite? [y/N] y
vsr config.xml /# exit
vsr> show config system aaa tacacs
tacas 1
address 127.0.0.1
port 49
secret HIDDEN
timeout 3
vrf main
..
However, you can still use hide-password or show-passwords to override the
configuration set in cliconfig.
Following the previous cliconfig, for which display-password
is set to false, use show-passwords to print configuration in plain text:
vsr> show config show-passwords system aaa tacacs
tacas 1
address 127.0.0.1
port 49
secret test_tacacs
timeout 3
vrf main
..
Show state¶
The show state command is used to display the current state of the device.
The arguments and the output of the command are similar to the show config
command.
The syntax of the command is show state [text|xml|json] [all|nodefault]
[relative|absolute|fullpath] [show-passwords|hide-passwords] [<path...>].
Without path argument, the displayed state depends on the current location in the configuration. At root, it displays all the state:
vsr running config# show state
vrf main
network-stack
icmp
ignore-icmp-echo-broadcast false
rate-limit-icmp 1000
rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
..
ipv4
forwarding true
(...)
When called from an interface context, only the state of this interface is displayed:
vsr running physical ens2# pwd
/ vrf main interface physical ens2
vsr running physical ens2# show state
physical ens2
mtu 1500
promiscuous false
enabled false
port pci-b0s2
rx-cp-protection false
(...)
Like in the show config command, the path and the output format can be
specified.
Diff configurations¶
The diff command shows the differences between two configurations.
Additions are prefixed by a + and deletions by a -. All lines
changed in the same directory are prefixed by a title line starting with
===.
Without argument, it displays the differences between the origin configuration and the staging configuration in the current directory: in other words, it shows the uncommitted user changes.
vsr running config# vrf main
vsr running vrf main# interface physical eth0
vsr running physical eth0#! port pci-b0s2
vsr running physical eth0# diff
=== / vrf main interface
+ physical eth0
+ port pci-b0s2
+ enabled true
+ ipv4
+ enabled true
+ ..
+ ipv6
+ enabled true
+ ..
+ ..
A path argument can be appended:
vsr running physical eth0# diff /
=== /
+ vrf main
+ interface
+ physical eth0
+ port pci-b0s2
+ enabled true
+ ipv4
+ enabled true
+ ..
+ ipv6
+ enabled true
+ ..
+ ..
+ ..
+ ..
vsr running physical eth0# diff ..
The configurations used for the diff can be specified:
vsr running fast-path# diff file my-config startup
=== / system
- fast-path
- enabled false
- port pci-b0s2
- cp-protection
- budget 10
- ..
- linux-sync
- fpm-socket-size 2097152
- nl-socket-size 67108864
- ..
- ..
An already committed configuration can also be compared with another configuration:
vsr running config# show commit
commit id date user description
========= ==== ==== ===========
2 23/02/28 15:01:07 CET admin
1 23/02/28 15:00:59 CET admin
vsr running config# diff commit 2 startup
=== /
+ vrf main
+ interface
+ physical eth0
+ port pci-b0s2
+ enabled true
+ ipv4
+ enabled true
+ ..
+ ipv6
+ enabled true
+ ..
+ ..
+ ..
+ ..
Note
The commit ID can also be retrieved in the state with:
show state system commit-history
Any configuration can also be compared with the configuration part of the current system state. The following example shows that the DNS server is not configured as expected (enabled in the running configuration but disabled in the state):
vsr> diff running state vrf main dns-server
=== / vrf main dns-server
- enabled true
- use-system-servers true
- bind eth0
vsr>
If the fullpath argument is passed, each line is expressed with
an absolute path:
vsr running config# diff fullpath running staging /
=== /
+ / vrf vr0
+ / vrf vr0 interface
+ / vrf vr0 interface loopback loop0
+ / vrf vr0 interface loopback loop0 enabled true
+ / vrf vr0 interface loopback loop0 ipv4
+ / vrf vr0 interface loopback loop0 ipv4 enabled true
+ / vrf vr0 interface loopback loop0 ipv6
+ / vrf vr0 interface loopback loop0 ipv6 enabled true
=== / system fast-path
- / system fast-path enabled true
+ / system fast-path enabled false
Commit configuration changes¶
Once you are satisfied with your changes in the staging configuration, you can apply the changes by committing the configuration. This operation copies the content of the staging configuration into the running configuration.
vsr> edit running
vsr running config# vrf main
vsr running vrf main# ssh-server
vsr running ssh-server# show config
ssh-server
enabled true
port 22
..
vsr running ssh-server# show config running
vsr running ssh-server# commit
Configuration committed.
vsr running ssh-server# show config running
ssh-server
enabled true
port 22
..
Note
After a call to commit, the running configuration is updated
immediately. In contrast, the state of the system can take some
time to change, depending on the configuration.
Commit configuration changes with confirmation¶
Alternatively to directly committing your changes, you can use the
commit confirmed command. This operation applies the staging configuration
into the running configuration for a certain period of time. During this time,
you can choose to confirm or cancel these changes. If the period expires, the
changes are reverted.
The commit confirmed command can take two arguments:
period <int>: timeout period for confirmed commit, in seconds (default: 600)
persist id <int>: id used to persist changes after the session terminates
Here is an example how to use it:
vsr> edit running
vsr running config# vrf main ssh-server
vsr running ssh-server# show config staging
ssh-server
enabled true
port 22
permit-root-login yes
..
vsr running ssh-server# show config running
vsr running ssh-server# commit confirmed period 60
Configuration committed.
vsr running ssh-server# show config running
ssh-server
enabled true
port 22
permit-root-login yes
..
The staging configuration dumped on show config staging is in sync with the
running configuration dumped on show config running for a timeout period of 60
seconds.
You can either wait for the timeout period to expire or cancel your changes
using the cancel command during the timeout period and your changes will be
reverted:
vsr running ssh-server# cancel
vsr running ssh-server# show config staging
ssh-server
enabled true
port 22
permit-root-login yes
..
vsr running ssh-server# show config running
vsr running ssh-server#
The running configuration has been removed while the staging configuration is still the same.
During the timeout period, if you feel satisfied with your changes, you can
confirm them using the confirm command, and the changes will be issued
permanently.
vsr> edit running
vsr running config# vrf main ssh-server
vsr running ssh-server# commit confirmed period 10
vsr running ssh-server#
vsr running ssh-server# confirm
vsr running ssh-server# show config running
ssh-server
enabled true
port 22
permit-root-login yes
..
In the above example, even after 10 seconds, the running configuration will persist.
If you leave nc-cli after using commit confirmed without using the
persist-id argument, the changes will be cancelled. To persist those changes,
you need to assign an id to the configuration.
vsr> edit running
vsr running config# vrf main ssh-server
vsr running ssh-server# commit confirmed period 60 persist-id 1
vsr running ssh-server# exit
vsr> exit
Getting back to the nc-cli, this id is used to either cancel or confirm the changes.
vsr>
vsr> show config running vrf main ssh-server
ssh-server
enabled true
port 22
permit-root-login yes
..
vsr> edit running
vsr running config# cancel persist-id 1
vsr running config# show config running vrf main ssh-server
vsr running config#
vsr>
vsr> show config running vrf main ssh-server
ssh-server
enabled true
port 22
permit-root-login yes
..
vsr> edit running
vsr running config# confirm persist-id 1
vsr running config# show config running vrf main ssh-server
ssh-server
enabled true
port 22
permit-root-login yes
..
vsr running config#
Note
With the persist-id option, the countdown before the period expires will
continue running even out of nc-cli.
Note
Certain elements are undefined if not already set.
If you try to configure and use the commit-confirm command on these
elements if not previously set, it won’t be possible to revert the applied
commit by using cancel or waiting for the timeout period to expire. One
example of this kind of elements is: system hostname.
Add a description to the commit¶
When committing a configuration, a description can be added with the
description parameter:
vsr running config# vrf main ssh-server
vsr running config# commit description "Enable SSH server"
The description can be retrieved in the state:
vsr> show state system commit-history
commit-history 1
date 2023-02-28T15:00:59.636482+01:00
user admin
description "Enable SSH server"
..
Or with the show commit command:
vsr> show commit
commit id date user description
========= ==== ==== ===========
1 23/02/15 15:24:12 CET admin Enable SSH server
Clear configuration changes¶
Exiting the edition mode cancels the changes done in the staging configuration.
vsr running config# exit
Exit: not saved/applied, are you sure? [y/N] y