Edition mode

Enter into a context

The configuration is organized hierarchically. All configuration is available under the config node.

config/
├── system
│   ├── auth
│   ├── fast-path
│   └── ...
└── vrf
    ├── dns
    ├── interface
    └── ...

To enter into a context, type its name, followed by the key in case of a list.

vsr running config#
vsr running config# vrf main
vsr running vrf main# interface
vsr running interface# physical eth0
vsr running physical eth0#

This can also be done in one command:

vsr running config# vrf main interface physical eth0
vsr running physical eth0#

Note

The CLI commands are generated from YANG files, which also specifies the NETCONF API of the device. A CLI context corresponds to a container or a list statement in the YANG file.

Set configuration values

To set the value of a leaf, type its name and its value:

vsr running physical eth0# port pci-b0s4
vsr running physical eth0# mtu 1500
vsr running physical eth0# show config
physical eth0
   (...)
   port pci-b0s4
   mtu 1500
   (...)

Several leaves can be set in one command, achieving the same result:

vsr running physical eth0# port pci-b0s4 mtu 1500
vsr running physical eth0#

Finally, it is possible to set the value of leaves that are in a different path. In that case, specify the path, followed by the leaves and their values. Note that the current directory remains unchanged.

vsr running config# vrf main interface physical eth0 mtu 1500 port pci-b0s4
vsr running config#

Note

The CLI commands are generated from YANG files, which also specifies the NETCONF API of the device. A CLI configuration leaf corresponds to a leaf or a leaflist statement in the YANG file.

Delete a configuration node

A configuration node (either a leaf or a context) can be deleted with the command del, followed by the path of the node:

vsr running physical eth0# mtu 1500
vsr running physical eth0# show config
physical eth0
   (...)
   mtu 1500
   (...)
vsr running physical eth0# del mtu
vsr running physical eth0# show config
[... no mtu ...]

Complex configuration commands

Some commands need to have a more complex syntax, because a couple name/value is not sufficient. In this case, the CLI behavior is customized with extensions in the YANG files.

Particularly, a YANG container or list can be used to define oneliner commands. For example, the interface IP neighbor context uses an extension to have a specific syntax:

neighbor <ip> link-layer-address <mac>

The following example shows that it does not follow the same syntax than the simple case described above. Each neighbor is identified by its key, and the argument attached to the neighbor is mandatory. To delete a neighbor, only the key is needed.

vsr running ipv4# neighbor 10.100.0.0 link-layer-address 11:11:11:11:11:11
vsr running ipv4# neighbor 10.200.0.0 link-layer-address 22:22:22:22:22:22
vsr running ipv4# show config
ipv4
   neighbor 10.100.0.0 link-layer-address 11:11:11:11:11:11
   neighbor 10.200.0.0 link-layer-address 22:22:22:22:22:22
   enabled true
   ..
vsr running ipv4# del neighbor 10.100.0.0
vsr running ipv4# show config
ipv4
   neighbor 10.200.0.0 link-layer-address 22:22:22:22:22:22
   enabled true
   ..

Show configuration

The show config command is used to display the configuration. In edition mode, it shows the staging configuration by default, relative to the current path.

The syntax of the command is: show config [staging|running|startup|(file <file>)] [text|xml|json] [all|nodefault] [relative|absolute] [fullpath|nopath] [show-passwords|hide-passwords] [<path...>]

Note

show config (show the configuration) should not be confused with show state (get the operational state).

vsr running config# vrf main ssh-server
vsr running ssh-server# show config
ssh-server
   enabled true
   port 22
   ..

It is possible to show the running or the startup configuration:

vsr running config# vrf main ssh-server
vsr running ssh-server# show config running
ssh-server
   enabled true
   port 22
   ..

The configuration can be displayed in different format (text, xml or json):

vsr running config# vrf main ssh-server
vsr running ssh-server# show config json
{
  "vrouter-ssh-server:ssh-server": {
    "enabled": true,
    "port": 22
  }
}

The configuration nodes set to the default value can be stripped from the configuration with nodefault (in this example port set to 22 and enabled set to true are not displayed):

vsr running config# vrf main ssh-server
vsr running ssh-server# show config xml nodefault
<ssh-server xmlns="urn:6wind:vrouter/ssh-server">
</ssh-server>

A path can be specified, which can be absolute, or relative to the current path:

vsr running config# vrf main ssh-server
vsr running ssh-server# show config
ssh-server
   enabled true
   port 22
   ..
vsr running ssh-server#
vsr running ssh-server# show config .. ..
config
   vrf main
      ssh-server
         enabled true
         port 22
         ..
      ..
   ..
vsr running ssh-server# show config /
config
    vrf main
        ssh-server
            enabled true
            port 22
            ..
        ..
    ..
vsr running ssh-server# show config / vrf main ssh-server
ssh-server
  enabled true
  port 22
  ..

The configuration root path can be relative (default), or absolute. If absolute is specified, all the parent containers are displayed, but the configuration that is not in the specified path is stripped. This example demonstrates the feature:

vsr running ssh-server# show config /
vrf main
    ssh-server
        enabled true
        port 22
        ..
    ..
vrf vr1
    ..
vsr running ssh-server# show config
ssh-server
    enabled true
    port 22
    ..
vsr running ssh-server# show config absolute
vrf main
    ssh-server
        enabled true
        port 22
        ..
    ..

When the configuration is displayed in a text format, the full path can be prepended to each node. This eases copy/paste, or filtering using the match output filter:

vsr running ssh-server# show config fullpath
/ vrf main ssh-server
/ vrf main ssh-server enabled true
/ vrf main ssh-server port 22

The show config command is also available in the operational mode. In this case, the running configuration is displayed by default as there is no staging configuration.

All configurations above are displayed in plain text. If you do not want to display some sensitive data like passwords, specify hide-passwords. Below, it displays TACACS+ servers configured on the system:

vsr> show config system aaa tacacs
tacas 1
   address 127.0.0.1
   port 49
   secret test_tacacs
   timeout 3
   vrf main
   ..
vsr> show config hide-passwords system aaa tacacs
tacas 1
   address 127.0.0.1
   port 49
   secret HIDDEN
   timeout 3
   vrf main
   ..

By default, sensitive information is displayed with the show config command. You can change this behavior in the cliconfig:

vsr> cliconfig
vsr config.xml /# display-password false
vsr config.xml /# save
Saving in config.xml
File exists. Overwrite? [y/N] y
vsr config.xml /# exit
vsr> show config system aaa tacacs
tacas 1
   address 127.0.0.1
   port 49
   secret HIDDEN
   timeout 3
   vrf main
   ..

However, you can still use hide-password or show-passwords to override the configuration set in cliconfig. Following the previous cliconfig, for which display-password is set to false, use show-passwords to print configuration in plain text:

vsr> show config show-passwords system aaa tacacs
tacas 1
   address 127.0.0.1
   port 49
   secret test_tacacs
   timeout 3
   vrf main
   ..

Show state

The show state command is used to display the current state of the device. The arguments and the output of the command are similar to the show config command.

The syntax of the command is show state [text|xml|json] [all|nodefault] [relative|absolute|fullpath] [show-passwords|hide-passwords] [<path...>].

Without path argument, the displayed state depends on the current location in the configuration. At root, it displays all the state:

vsr running config# show state
vrf main
    network-stack
        icmp
            ignore-icmp-echo-broadcast false
            rate-limit-icmp 1000
            rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
            ..
        ipv4
            forwarding true
(...)

When called from an interface context, only the state of this interface is displayed:

vsr running physical ens2# pwd
/ vrf main interface physical ens2
vsr running physical ens2# show state
physical ens2
    mtu 1500
    promiscuous false
    enabled false
    port pci-b0s2
    rx-cp-protection false
(...)

Like in the show config command, the path and the output format can be specified.

Diff configurations

The diff command shows the differences between two configurations. Additions are prefixed by a + and deletions by a -. All lines changed in the same directory are prefixed by a title line starting with ===.

Without argument, it displays the differences between the origin configuration and the staging configuration in the current directory: in other words, it shows the uncommitted user changes.

vsr running config# vrf main
vsr running vrf main# interface physical eth0
vsr running physical eth0#! port pci-b0s2
vsr running physical eth0# diff
=== / vrf main interface
+ physical eth0
+     port pci-b0s2
+     enabled true
+     ipv4
+         enabled true
+         ..
+     ipv6
+         enabled true
+         ..
+     ..

A path argument can be appended:

vsr running physical eth0# diff /
=== /
+ vrf main
+     interface
+         physical eth0
+             port pci-b0s2
+             enabled true
+             ipv4
+                 enabled true
+                 ..
+             ipv6
+                 enabled true
+                 ..
+             ..
+         ..
+     ..
vsr running physical eth0# diff ..

The configurations used for the diff can be specified:

vsr running fast-path# diff file my-config startup
=== / system
- fast-path
-     enabled false
-     port pci-b0s2
-     cp-protection
-         budget 10
-         ..
-     linux-sync
-         fpm-socket-size 2097152
-         nl-socket-size 67108864
-         ..
-     ..

An already committed configuration can also be compared with another configuration:

vsr running config# show commit
commit id date                  user  description
========= ====                  ====  ===========
2         23/02/28 15:01:07 CET admin
1         23/02/28 15:00:59 CET admin
vsr running config# diff commit 2 startup
=== /
+ vrf main
+     interface
+         physical eth0
+             port pci-b0s2
+             enabled true
+             ipv4
+                 enabled true
+                 ..
+             ipv6
+                 enabled true
+                 ..
+             ..
+         ..
+     ..

Note

The commit ID can also be retrieved in the state with: show state system commit-history

Any configuration can also be compared with the configuration part of the current system state. The following example shows that the DNS server is not configured as expected (enabled in the running configuration but disabled in the state):

vsr> diff running state vrf main dns-server
=== / vrf main dns-server
- enabled true
- use-system-servers true
- bind eth0
vsr>

If the fullpath argument is passed, each line is expressed with an absolute path:

vsr running config# diff fullpath running staging /
=== /
+ / vrf vr0
+ / vrf vr0 interface
+ / vrf vr0 interface loopback loop0
+ / vrf vr0 interface loopback loop0 enabled true
+ / vrf vr0 interface loopback loop0 ipv4
+ / vrf vr0 interface loopback loop0 ipv4 enabled true
+ / vrf vr0 interface loopback loop0 ipv6
+ / vrf vr0 interface loopback loop0 ipv6 enabled true
=== / system fast-path
- / system fast-path enabled true
+ / system fast-path enabled false

Commit configuration changes

Once you are satisfied with your changes in the staging configuration, you can apply the changes by committing the configuration. This operation copies the content of the staging configuration into the running configuration.

vsr> edit running
vsr running config# vrf main
vsr running vrf main# ssh-server
vsr running ssh-server# show config
ssh-server
   enabled true
   port 22
   ..
vsr running ssh-server# show config running
vsr running ssh-server# commit
Configuration committed.
vsr running ssh-server# show config running
ssh-server
   enabled true
   port 22
   ..

Note

After a call to commit, the running configuration is updated immediately. In contrast, the state of the system can take some time to change, depending on the configuration.

Commit configuration changes with confirmation

Alternatively to directly committing your changes, you can use the commit confirmed command. This operation applies the staging configuration into the running configuration for a certain period of time. During this time, you can choose to confirm or cancel these changes. If the period expires, the changes are reverted.

The commit confirmed command can take two arguments:

  • period <int>: timeout period for confirmed commit, in seconds (default: 600)

  • persist id <int>: id used to persist changes after the session terminates

Here is an example how to use it:

vsr> edit running
vsr running config# vrf main ssh-server
vsr running ssh-server# show config staging
ssh-server
    enabled true
    port 22
    permit-root-login yes
    ..
vsr running ssh-server# show config running
vsr running ssh-server# commit confirmed period 60
Configuration committed.
vsr running ssh-server# show config running
ssh-server
    enabled true
    port 22
    permit-root-login yes
    ..

The staging configuration dumped on show config staging is in sync with the running configuration dumped on show config running for a timeout period of 60 seconds.

You can either wait for the timeout period to expire or cancel your changes using the cancel command during the timeout period and your changes will be reverted:

vsr running ssh-server# cancel
vsr running ssh-server# show config staging
ssh-server
    enabled true
    port 22
    permit-root-login yes
    ..
vsr running ssh-server# show config running
vsr running ssh-server#

The running configuration has been removed while the staging configuration is still the same.

During the timeout period, if you feel satisfied with your changes, you can confirm them using the confirm command, and the changes will be issued permanently.

vsr> edit running
vsr running config# vrf main ssh-server
vsr running ssh-server# commit confirmed period 10
vsr running ssh-server#
vsr running ssh-server# confirm
vsr running ssh-server# show config running
ssh-server
    enabled true
    port 22
    permit-root-login yes
    ..

In the above example, even after 10 seconds, the running configuration will persist.

If you leave nc-cli after using commit confirmed without using the persist-id argument, the changes will be cancelled. To persist those changes, you need to assign an id to the configuration.

vsr> edit running
vsr running config# vrf main ssh-server
vsr running ssh-server# commit confirmed period 60 persist-id 1
vsr running ssh-server# exit
vsr> exit

Getting back to the nc-cli, this id is used to either cancel or confirm the changes.

vsr>
vsr> show config running vrf main ssh-server
ssh-server
    enabled true
    port 22
    permit-root-login yes
    ..
vsr> edit running
vsr running config# cancel persist-id 1
vsr running config# show config running vrf main ssh-server
vsr running config#
vsr>
vsr> show config running vrf main ssh-server
ssh-server
    enabled true
    port 22
    permit-root-login yes
    ..
vsr> edit running
vsr running config# confirm persist-id 1
vsr running config# show config running vrf main ssh-server
ssh-server
    enabled true
    port 22
    permit-root-login yes
    ..
vsr running config#

Note

With the persist-id option, the countdown before the period expires will continue running even out of nc-cli.

Note

Certain elements are undefined if not already set. If you try to configure and use the commit-confirm command on these elements if not previously set, it won’t be possible to revert the applied commit by using cancel or waiting for the timeout period to expire. One example of this kind of elements is: system hostname.

Add a description to the commit

When committing a configuration, a description can be added with the description parameter:

vsr running config# vrf main ssh-server
vsr running config# commit description "Enable SSH server"

The description can be retrieved in the state:

vsr> show state system commit-history
commit-history 1
 date 2023-02-28T15:00:59.636482+01:00
 user admin
 description "Enable SSH server"
 ..

Or with the show commit command:

vsr> show commit
commit id date                  user  description
========= ====                  ====  ===========
1         23/02/15 15:24:12 CET admin Enable SSH server

Clear configuration changes

Exiting the edition mode cancels the changes done in the staging configuration.

vsr running config# exit
Exit: not saved/applied, are you sure? [y/N] y