3.2.1. cmd¶
Execute remote commands on the NETCONF server.
cmd banner¶
vsr> cmd banner pre-login [message <string>] [reset]
vsr> cmd banner post-login [message <string>] [reset]
Manage login banner.
Input Parameters¶
pre-login
Manage banner before a user logs in.
message <string>
Message to display.
reset
Reset message to factory defaults.
post-login
Manage banner after a user logs in.
message <string>
Message to display.
reset
Reset message to factory defaults.
cmd reboot¶
vsr> cmd reboot [delay <uint32>] [cancel] [force]
Schedule a system reboot after a grace period.
Input Parameters¶
delay <uint32>
The number of seconds to wait before reboot. During that time, it is possible to cancel the reboot.
cancel
If defined, cancel a pending reboot.
force
If defined, force reboot even if startup configuration is different than running configuration.
cmd poweroff¶
vsr> cmd poweroff [delay <uint32>] [cancel] [force]
Schedule a system poweroff after a grace period.
Input Parameters¶
delay <uint32>
The number of seconds to wait before poweroff. During that time, it is possible to cancel the poweroff.
cancel
If defined, cancel a pending poweroff.
force
If defined, force poweroff even if startup configuration is different than running configuration.
cmd ping¶
vsr> cmd ping [vrf <string>] [l3vrf <string>] [count <uint16>] [packetsize <uint16>] \
... [nodns] [ipv6] [source <string>] [rate <1-1000>] [dont-fragment] \
... <destination>
Send ICMP ECHO_REQUEST messages to network hosts and print their responses.
Input Parameters¶
vrf <string>
The VRF in which to send the ICMP ECHO_REQUESTs. By default, they are sent in the ‘main’ vrf.
l3vrf <string>
Specify the l3vrf.
count <uint16>
Stop after sending count ECHO_REQUEST packets.
packetsize <uint16>
Specifies the number of data bytes to be sent. The default is 56, which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.
nodns
Numeric output only. No attempt will be made to lookup symbolic names for host addresses.
ipv6
Force IPv6 operation only. By default, it is detected from the destination. If destination is a host name, ipv4 is used by default unless this flag is set.
source <string>
Either an address, or an interface name. If interface is an address, it sets source address to specified interface address. If interface in an interface name, it sets source interface to specified interface. For IPv6, when doing ping to a link-local scope address, link specification (by the ‘%’-notation in destination, or by this option) is required.
rate <1-1000>
The number of packets to send per second. By default, 1 packet is sent every second.
dont-fragment
Prohibit fragmentation, even local one.
<destination>
(mandatory)The destination host (name or IP address).
cmd traceroute¶
vsr> cmd traceroute [vrf <string>] [l3vrf <string>] [nodns] [ipv6] [source SOURCE] \
... [source-interface <string>] <host>
Display the route (path) that was used to connect to a certain IP address or hostname. It also measures the transit delays among hops.
Input Parameters¶
vrf <string>
The VRF in which the packets are sent by traceroute. By default, they are sent in the ‘main’ vrf.
l3vrf <string>
Specify the l3vrf.
nodns
Do not try to map IP addresses to host names when displaying them.
ipv6
Force IPv6 operation only. By default, it is detected from the destination. If destination is a host name, ipv4 is used by default unless this flag is set.
source SOURCE
Chooses an alternative source address. Note that an address of one of the interfaces must be selected. By default, the address of the outgoing interface is used.
SOURCE
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
source-interface <string>
Specifies the interface through which traceroute should send packets. By default, the interface is selected according to the routing table.
<host>
(mandatory)The destination host (name or IP address).
cmd traffic-capture¶
vsr> cmd traffic-capture [vrf <string>] [count <1-1000>] [filter <pcap-expr>] <ifname> \
... [details]
Print traffic flowing on a network interface.
Input Parameters¶
vrf <string>
The VRF in which to capture traffic. This must be the VRF the interface belongs to. By default, the interface is assumed to be in the ‘main’ vrf.
count <1-1000>
Stop after capturing count packets.
filter <pcap-expr>
Optional filter expression. This must be a valid PCAP filter. See https://www.tcpdump.org/manpages/pcap-filter.7.html for more details.
<ifname>
(mandatory)The name of the network interface on which to monitor traffic.
details
Show verbose packets.
cmd traffic-capture new¶
vsr> cmd traffic-capture new [name <name>] [vrf <string>] [count <1-1000>] [filter <pcap-expr>] \
... <ifname>
Capture traffic flowing on a network interface.
Input Parameters¶
name <name>
The name of the capture file. If not set a unique name will be automatically chosen (in format YYYY-MM-DD_HH-MM-SS.<ifname>.pcap). otherwise, if the file already exists it will be overwritten.
vrf <string>
The VRF in which to capture traffic. This must be the VRF the interface belongs to. By default, the interface is assumed to be in the ‘main’ vrf.
count <1-1000>
Stop after capturing count packets.
filter <pcap-expr>
Optional filter expression. This must be a valid PCAP filter. See https://www.tcpdump.org/manpages/pcap-filter.7.html for more details.
<ifname>
(mandatory)The name of the network interface on which to monitor traffic.
cmd traffic-capture read¶
vsr> cmd traffic-capture read <name>
Read a captured traffic flow.
Input Parameters¶
<name>
(mandatory)The name of the capture to read.
cmd traffic-capture export¶
vsr> cmd traffic-capture export [vrf <string>] url URL [user <string>] [password <string>] <name>
Export a captured traffic flow.
Input Parameters¶
vrf <string>
The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.
url URL
(mandatory)The destination URL.
URL
valuesDescription
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<smtp-url>
An SMTP(S) email URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
<name>
(mandatory)The name of the capture to export.
cmd traffic-capture delete¶
vsr> cmd traffic-capture delete <name>
Delete a captured traffic flow.
Input Parameters¶
<name>
(mandatory)The name of the capture to delete.
cmd identify-port¶
vsr> cmd identify-port NAME [duration <uint16>]
Initiate adapter-specific action intended to enable an operator to easily identify a physical network interface by sight. Typically this involves blinking one or more LEDs on the specific network port. For this command to work effectively, ports must not be managed by the fast path.
Input Parameters¶
NAME
(mandatory)The port name.
NAME
PCI port name.
duration <uint16>
Length of time to perform the identification, in seconds.
cmd certificate cmp enroll¶
vsr> cmd certificate cmp enroll name NAME ca-profile CA-PROFILE secret <string>{1,128} subject SUBJECT \
... [san SAN]
Enroll a certificate using CMP protocol.
Input Parameters¶
name NAME
(mandatory)The Name of the certificate to be enrolled.
NAME
Certificate name.
ca-profile CA-PROFILE
(mandatory)The name of the CA profile.
CA-PROFILE
Certificate name.
secret <string>{1,128}
(mandatory)The passphrase used to protect the outgoing messages and for validating the incoming messages.
subject SUBJECT
(mandatory)The distinguished name (DN) of the subject to use in the requested certificate, example: /CN=6WIND/O=IT.
SUBJECT
X500 Distinguished Name.
san SAN
List of Subject Alternative Names.
SAN
valuesDescription
dns:<domain-name>
X509v3 Subject Alternative Name.
ip:<ipv4-address>
X509v3 Subject Alternative Name.
ip:<ipv6-address>
X509v3 Subject Alternative Name.
email:<email-address>
X509v3 Subject Alternative Name.
uri:<uri>
X509v3 Subject Alternative Name.
cmd certificate cmp update¶
vsr> cmd certificate cmp update [ca-profile CA-PROFILE] name NAME
Update a certificate using CMP protocol.
Input Parameters¶
ca-profile CA-PROFILE
The name of the CA profile.
CA-PROFILE
Certificate name.
name NAME
(mandatory)The name of the certificate to be updated.
NAME
Certificate name.
cmd certificate cmp scheduled-update¶
vsr> cmd certificate cmp scheduled-update [ca-profile CA-PROFILE] name NAME
Schedule updates of a certificate using CMP protocol.
Input Parameters¶
ca-profile CA-PROFILE
The name of the CA profile.
CA-PROFILE
Certificate name.
name NAME
(mandatory)The name of the certificate to be updated.
NAME
Certificate name.
cmd system-image¶
vsr> cmd system-image install-on-disk [backup-url BACKUP-URL] [user <string>] [password <string>] \
... <device>
vsr> cmd system-image import [name <name>] [vrf <string>] [user <string>] [password <string>] \
... URL [md5 MD5] [sha256 SHA256] [force] [timeout <uint32>]
vsr> cmd system-image delete <name>
vsr> cmd system-image list
vsr> cmd system-image rename <name> new-name <string>
vsr> cmd system-image set-default [<name>]
vsr> cmd system-image set-next [<name>]
Manage system images.
Input Parameters¶
install-on-disk
Install the system on a specific device.
backup-url BACKUP-URL
The URL where the backup files are stored.
BACKUP-URL
valuesDescription
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
<device>
(mandatory)The device on which to install the currently booted image (example: sda).
import
Import a new system .update image from a remote URL.
name <name>
The custom name to assign of the .update image.
vrf <string>
The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
URL
(mandatory)The URL from which to download the .update image.
URL
valuesDescription
<http[s]://[user[:passwd]@]host[:port]/path/to/file.update>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp://[user[:passwd]@]host[:port]/path/to/file.update>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp://[user[:passwd]@]host[:port]/path/to/file.update>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp://[user[:passwd]@]host[:port]/path/to/file.update>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp://host[:port]/path/to/file.update>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
md5 MD5
The md5 hexadecimal digest or its URL.
MD5
valuesDescription
<http[s]://[user[:passwd]@]host[:port]/path/to/file.update>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp://[user[:passwd]@]host[:port]/path/to/file.update>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp://[user[:passwd]@]host[:port]/path/to/file.update>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp://[user[:passwd]@]host[:port]/path/to/file.update>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp://host[:port]/path/to/file.update>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<md5-hex-digest>{32}
No description.
sha256 SHA256
The sha256 hexadecimal digest or its URL.
SHA256
valuesDescription
<http[s]://[user[:passwd]@]host[:port]/path/to/update.sha256>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp://[user[:passwd]@]host[:port]/path/to/update.sha256>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp://[user[:passwd]@]host[:port]/path/to/update.sha256>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp://[user[:passwd]@]host[:port]/path/to/update.sha256>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp://host[:port]/path/to/update.sha256>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<sha256-hex-digest>{64}
No description.
force
If defined, force system-import even if startup configuration is different than running configuration.
timeout <uint32>
At the end of this timeout period, the system will reboot to the default image, unless the user sets the default image with ‘cmd system-image set-default <image>’. 0 means no timeout.
delete
Delete an imported image.
<name>
(mandatory)The name of the image to delete.
list
Display a list of imported images.
rename
Rename an image.
<name>
(mandatory)The current name of the image.
new-name <string>
(mandatory)The new name of the image.
set-default
Set a system image as default boot image.
<name>
The name of the image to set as default.
set-next
Set a system image as next boot image. If it does not boot, the system will reboot to the default image. This option is not available for LVM disks.
<name>
The name of the image to set as next.
cmd backup¶
vsr> cmd backup import [vrf <string>] url URL [user <string>] [password <string>]
vsr> cmd backup export [vrf <string>] url URL [user <string>] [password <string>]
Import/export backup archives containing configurations, keys, certificates, licenses.
Input Parameters¶
import
Import backup archive from a remote server. WARNING: it will overwrite current configurations.
vrf <string>
The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.
url URL
(mandatory)The source URL.
URL
valuesDescription
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
export
Export backup archive to a remote server.
vrf <string>
The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.
url URL
(mandatory)The destination URL.
URL
valuesDescription
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<smtp-url>
An SMTP(S) email URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
cmd set-next-boot-params¶
vsr> cmd set-next-boot-params [intel-iommu true|false] [iommu-allow-unsafe-interrupts true|false] \
... [ixgbe-allow-unsupported-sfp true|false] [isolate-cpus ISOLATE-CPUS]
Set boot parameters, taking effect at next reboot. Image must be installed on disk.
Input Parameters¶
intel-iommu true|false
Enable intel iommu driver. Control intel_iommu=on|off kernel option.
iommu-allow-unsafe-interrupts true|false
Enable PCI passthrough on hardware that does not support interrupt remapping, when VM are trusted. Control vfio_iommu_type1.allow_unsafe_interrupts=0|1 kernel option.
ixgbe-allow-unsupported-sfp true|false
Bypass SFPs types restrictions on Intel ixgbe NICs. Control ixgbe.allow_unsupported_sfp=0|1 kernel option.
isolate-cpus ISOLATE-CPUS
Isolate cpus from kernel threads, rcu callbacks, and reduce the scheduler ticks. A good value for this parameter is the fast path coremask.
ISOLATE-CPUS
valuesDescription
<coremask>
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’.
none
Unset the coremask.
cmd license certificate¶
vsr> cmd license certificate import [url URL] [user <string>] [password <string>] [content <string>] \
... serial <string>
vsr> cmd license certificate list
vsr> cmd license certificate delete <string>
vsr> cmd license certificate request-activation serial <string>
vsr> cmd license certificate request-deactivation serial <string>
vsr> cmd license certificate cancel-request
Manage license certificate requests for offline activation through an activation webpage.
Input Parameters¶
import
Import a license certificate. It will be used to activate the license on the device. The certificate will be deleted when the first configuration using it is committed.
url URL
The URL from which to download the license certificate.
URL
valuesDescription
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
content <string>
The raw contents of the license certificate.
serial <string>
(mandatory)The serial number associated with the license certificate.
list
List downloaded license certificates that not are consumed yet.
delete
Delete a license certificate.
<string>
(mandatory)The name of license certificate to delete.
request-activation
Request an activation certificate for a serial number. The resulting certificate must then be entered on the Licensing User Portal, in the Offline Activation tab. The resulting certificate must be imported using the cmd license certificate import command. The licensing has to be disabled in configuration to use this rpc.
serial <string>
(mandatory)The serial number associated to this activation request.
request-deactivation
Request an deactivation certificate for a serial number. The resulting certificate must then be entered on the Licensing User Portal, in the Offline Activation tab. Requesting the certificate will disable the license on this device. The licensing has to be disabled in configuration to use this rpc.
serial <string>
(mandatory)The serial number associated to this deactivation request.
cancel-request
Cancel any request in progress.
cmd license file¶
vsr> cmd license file import [url URL] [user <string>] [password <string>] [content <string>] \
... serial <string>
vsr> cmd license file list
vsr> cmd license file delete <string>
Manage license files.
Input Parameters¶
import
Import a license file.
url URL
The URL from which to download the license file.
URL
valuesDescription
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
content <string>
The raw contents of the license file.
serial <string>
(mandatory)The serial number associated with the license file. It will be used as reference in the configuration.
list
List downloaded license files.
delete
Delete a license file.
<string>
(mandatory)The name of license file to delete.
cmd troubleshooting-report¶
vsr> cmd troubleshooting-report list
vsr> cmd troubleshooting-report delete <name>
vsr> cmd troubleshooting-report flush
vsr> cmd troubleshooting-report new
vsr> cmd troubleshooting-report export [vrf <string>] url URL [user <string>] [password <string>] \
... <name>
Manage troubleshooting reports.
Input Parameters¶
list
List existing troubleshooting reports.
delete
Delete an existing troubleshooting report.
<name>
(mandatory)The name of the report to delete.
flush
Delete all existing troubleshooting reports.
new
Generate a new troubleshooting report.
export
Export an existing troubleshooting report to a remote server via SFTP.
vrf <string>
The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.
url URL
(mandatory)The destination URL.
URL
valuesDescription
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<smtp-url>
An SMTP(S) email URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
<name>
(mandatory)The name of the report to export.
cmd dns proxy clear-cache¶
vsr> cmd dns proxy clear-cache [vrf <string>]
Clear DNS proxy cache.
Input Parameters¶
vrf <string>
Specify the VRF.
cmd dns resolve¶
vsr> cmd dns resolve [vrf <string>] [l3vrf <string>] domain DOMAIN
Resolve a DNS.
Input Parameters¶
vrf <string>
Specify the VRF.
l3vrf <string>
Specify the L3VRF.
domain DOMAIN
(mandatory)Specify the domain name.
DOMAIN
The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.
Output Data¶
address ADDRESS
Addresses of the domain name.
ADDRESS
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
cmd dhcp-client renew-lease¶
vsr> cmd dhcp-client renew-lease [vrf <string>] [l3vrf <string>] IFNAME [ip-version IP-VERSION]
Renew DHCP client lease period.
Input Parameters¶
vrf <string>
Specify the VRF.
l3vrf <string>
Specify the l3vrf.
IFNAME
(mandatory)The interface name.
IFNAME
An interface name.
ip-version IP-VERSION
Specify the IP version.
IP-VERSION
valuesDescription
ipv4
Renew the IPv4 lease.
ipv6
Renew the IPv6 lease.
cmd bgp rpki ssh-key create¶
Note
requires a Product License.
vsr> cmd bgp rpki ssh-key create type TYPE name <string>
Create SSH keys.
Input Parameters¶
type TYPE
(mandatory)SSH key type.
TYPE
valuesDescription
rsa-1024
RSA in 1024 bits.
rsa-2048
RSA in 2048 bits.
rsa-4096
RSA in 4096 bits.
ecdsa-256
ECDSA in 256 bits.
ecdsa-384
ECDSA in 384 bits.
ecdsa-521
ECDSA in 521 bits.
ed25519
EDDSA in 25519 bits.
name <string>
(mandatory)Name of the new key pair.
cmd bgp rpki ssh-key list¶
Note
requires a Product License.
vsr> cmd bgp rpki ssh-key list [detail]
List SSH keys.
Input Parameters¶
detail
Show public key.
cmd bgp rpki ssh-key delete¶
Note
requires a Product License.
vsr> cmd bgp rpki ssh-key delete <string>
Delete SSH keys.
Input Parameters¶
<string>
(mandatory)Delete an existing key pair.
cmd bgp rpki ssh-host add¶
Note
requires a Product License.
vsr> cmd bgp rpki ssh-host add HOST [port PORT] [vrf VRF]
Add host to routing known hosts.
Input Parameters¶
HOST
(mandatory)Host name to add to known hosts.
HOST
The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.
port PORT
Use a specific port to join the remote host.
PORT
A 16-bit port number used by a transport protocol such as TCP or UDP.
vrf VRF
Specify the VRF.
VRF
valuesDescription
main
The main vrf.
<string>
The vrf name.
cmd bgp rpki ssh-host delete¶
Note
requires a Product License.
vsr> cmd bgp rpki ssh-host delete HOST-NAME
Delete host from routing known hosts.
Input Parameters¶
HOST-NAME
(mandatory)Host name to remove from known hosts.
HOST-NAME
The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.
cmd certificate import¶
Note
requires a Product License.
vsr> cmd certificate import [vrf VRF] [name NAME] [url URL] [private-key-url PRIVATE-KEY-URL] \
... [private-key-password <string>{1,128}] [user <string>] [password <string>] \
... [force]
Import an X509 certificate from network, in PEM format.
Input Parameters¶
vrf VRF
The vrf in which the import is performed.
VRF
valuesDescription
main
The main vrf.
<string>
The vrf name.
name NAME
The name to assign of the certificate.
NAME
Certificate name.
url URL
The URL from which to download the certificate in PEM format.
URL
valuesDescription
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
private-key-url PRIVATE-KEY-URL
The URL from which to download the certificate private key in PEM format.
PRIVATE-KEY-URL
valuesDescription
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
private-key-password <string>{1,128}
Optional password to decrypt the private key.
user <string>
Both the url and private-key-url user name (NOT URL-encoded). If specified, the user name must NOT be included in the URLs.
password <string>
Both the url and private-key-url password (NOT URL-encoded). If specified, the password must NOT be included in the URLs.
force
Delete the certificate if it exists, this will allow update behavior for the import command.
cmd certificate export¶
Note
requires a Product License.
vsr> cmd certificate export [vrf VRF] [name NAME] url URL [user <string>] [password <string>]
Export an X509 certificate in PEM format.
Input Parameters¶
vrf VRF
The vrf in which the export is performed.
VRF
valuesDescription
main
The main vrf.
<string>
The vrf name.
name NAME
The name of the certificate.
NAME
Certificate name.
url URL
(mandatory)The URL where the certificate is uploaded.
URL
valuesDescription
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
cmd certificate add¶
Note
requires a Product License.
vsr> cmd certificate add [name NAME] [data <string>] [private-key <string>] [private-key-password <string>{1,128}] \
... [force]
Add an X509 certificate in PEM format.
Input Parameters¶
name NAME
The name to assign to the certificate.
NAME
Certificate name.
data <string>
PEM-encoded X509 certificate.
private-key <string>
PEM-encoded X509 private key.
private-key-password <string>{1,128}
Optional password to decrypt the private key.
force
Overwrite the certificate or private-key if it exists.
cmd certificate delete¶
Note
requires a Product License.
vsr> cmd certificate delete name NAME
Delete an X509 certificate.
Input Parameters¶
name NAME
(mandatory)The name of the certificate.
NAME
Certificate name.
cmd certificate-request delete¶
Note
requires a Product License.
vsr> cmd certificate-request delete name NAME
Delete an X509 certificate signing request (PKCS #10).
Input Parameters¶
name NAME
(mandatory)The name of the certificate.
NAME
Certificate name.
cmd certificate-request generate¶
Note
requires a Product License.
vsr> cmd certificate-request generate name NAME subject SUBJECT [private-key-algorithm PRIVATE-KEY-ALGORITHM] \
... [san SAN] [force]
Generate an X509 certificate signing request (PKCS #10).
Input Parameters¶
name NAME
(mandatory)The name to assign to the certificate.
NAME
Certificate name.
subject SUBJECT
(mandatory)The distinguished name (DN) of the subject to use in the requested certificate, example: /CN=6WIND/O=IT.
SUBJECT
X500 Distinguished Name.
private-key-algorithm PRIVATE-KEY-ALGORITHM
The private key algorithm.
PRIVATE-KEY-ALGORITHM
valuesDescription
rsa-512
RSA with 512 bit key.
rsa-1024
RSA with 1024 bit key.
rsa-2048
RSA with 2048 bit key.
rsa-4096
RSA with 4096 bit key.
rsa-8192
RSA with 8192 bit key.
rsa-pss-512
RSA Probabilistic Signature Scheme with 512 bit key (a.k.a. RSASSA-PSS, defined in RFC3447).
rsa-pss-1024
RSA Probabilistic Signature Scheme with 1024 bit key (a.k.a. RSASSA-PSS, defined in RFC3447).
rsa-pss-2048
RSA Probabilistic Signature Scheme with 2048 bit key (a.k.a. RSASSA-PSS, defined in RFC3447).
rsa-pss-4096
RSA Probabilistic Signature Scheme with 4096 bit key (a.k.a. RSASSA-PSS, defined in RFC3447).
rsa-pss-8192
RSA Probabilistic Signature Scheme with 8192 bit key (a.k.a. RSASSA-PSS, defined in RFC3447).
ecdsa-nistp256
ECDSA with 256-bit prime field Weierstrass curve (a.k.a. NIST P-256, secp256r1, prime256v1).
ecdsa-nistp384
ECDSA with 384-bit prime field Weierstrass curve (a.k.a. NIST P-384, secp384r1, ansip384r1).
ecdsa-nistp521
ECDSA with 521-bit prime field Weierstrass curve (a.k.a. NIST P-521, secp521r1, ansip521r1).
ecdsa-brainpoolp256r1
ECDSA with 256-bit prime field Brainpool curve (a.k.a. brainpoolP256r1, defined in RFC5639).
ecdsa-brainpoolp384r1
ECDSA with 384-bit prime field Brainpool curve (a.k.a. brainpoolP384r1, defined in RFC5639).
ecdsa-brainpoolp512r1
ECDSA with 512-bit prime field Brainpool curve (a.k.a. brainpoolP512r1, defined in RFC5639).
ed25519
EdDSA using SHA512 and Curve25519 (a.k.a. Ed25519, defined in RFC8032).
ed448
EdDSA using SHAKE256 and Curve448 (a.k.a. Ed448, defined in RFC8032).
san SAN
List of Subject Alternative Names.
SAN
valuesDescription
dns:<domain-name>
X509v3 Subject Alternative Name.
ip:<ipv4-address>
X509v3 Subject Alternative Name.
ip:<ipv6-address>
X509v3 Subject Alternative Name.
email:<email-address>
X509v3 Subject Alternative Name.
uri:<uri>
X509v3 Subject Alternative Name.
force
Overwrite the certificate-request if it exists.
cmd certificate-request export¶
Note
requires a Product License.
vsr> cmd certificate-request export [vrf VRF] [name NAME] url URL [user <string>] [password <string>]
Export an X509 certificate signing request (PKCS #10).
Input Parameters¶
vrf VRF
The vrf in which the export is performed.
VRF
valuesDescription
main
The main vrf.
<string>
The vrf name.
name NAME
The name of the certificate request.
NAME
Certificate name.
url URL
(mandatory)The URL where the certificate request is uploaded.
URL
valuesDescription
<http-url>
An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>
An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>
An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>
An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>
A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
user <string>
The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.
password <string>
The URL password (not percent-encoded). If specified, the user name should not be included in the URL.
cmd compress-alarm¶
vsr> cmd compress-alarm [resource RESOURCE] [alarm-type-id ALARM-TYPE-ID] [alarm-type-qualifier ALARM-TYPE-QUALIFIER]
This operation requests that the server compress entries in the alarm list by removing all but the latest ‘status-change’ entry for all matching alarms. Conditions in the input are logically ANDed. If no input condition is given, all alarms are compressed.
Input Parameters¶
resource RESOURCE
Compress the alarms matching this resource.
RESOURCE
valuesDescription
<xpath1.0>
This type represents an XPATH 1.0 expression. When a schema node is defined that uses this type, the description of the schema node MUST specify the XPath context in which the XPath expression is evaluated.
<object-identifier>
The object-identifier type represents administratively assigned names in a registration-hierarchical-name tree. Values of this type are denoted as a sequence of numerical non-negative sub-identifier values. Each sub-identifier value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers are separated by single dots and without any intermediate whitespace. The ASN.1 standard restricts the value space of the first sub-identifier to 0, 1, or 2. Furthermore, the value space of the second sub-identifier is restricted to the range 0 to 39 if the first sub-identifier is 0 or 1. Finally, the ASN.1 standard requires that an object identifier has always at least two sub-identifiers. The pattern captures these restrictions. Although the number of sub-identifiers is not limited, module designers should realize that there may be implementations that stick with the SMIv2 limit of 128 sub-identifiers. This type is a superset of the SMIv2 OBJECT IDENTIFIER type since it is not restricted to 128 sub-identifiers. Hence, this type SHOULD NOT be used to represent the SMIv2 OBJECT IDENTIFIER type; the object-identifier-128 type SHOULD be used instead.
<string>
This type is used to match resources of type ‘resource’. Since the type ‘resource’ is a union of different types, the ‘resource-match’ type is also a union of corresponding types. If the type is given as an XPath 1.0 expression, a resource of type ‘instance-identifier’ matches if the instance is part of the node set that is the result of evaluating the XPath 1.0 expression. For example, the XPath 1.0 expression: /ietf-interfaces:interfaces/ietf-interfaces:interface [ietf-interfaces:type=’ianaift:ethernetCsmacd’] would match the resource instance-identifier: /if:interfaces/if:interface[if:name=’eth1’], assuming that the interface ‘eth1’ is of type ‘ianaift:ethernetCsmacd’. If the type is given as an object identifier, a resource of type ‘object-identifier’ matches if the match object identifier is a prefix of the resource’s object identifier. For example, the value: 1.3.6.1.2.1.2.2 would match the resource object identifier: 1.3.6.1.2.1.2.2.1.1.5 If the type is given as an UUID or a string, it is interpreted as an XML Schema regular expression, which matches a resource of type ‘yang:uuid’ or ‘string’ if the given regular expression matches the resource string. If the type is given as an XPath expression, it is evaluated in the following XPath context: o The set of namespace declarations is the set of prefix and namespace pairs for all YANG modules implemented by the server, where the prefix is the YANG module name and the namespace is as defined by the ‘namespace’ statement in the YANG module. If a leaf of this type is encoded in XML, all namespace declarations in scope on the leaf element are added to the set of namespace declarations. If a prefix found in the XML is already present in the set of namespace declarations, the namespace in the XML is used. o The set of variable bindings is empty. o The function library is the core function library, and the functions are defined in Section 10 of RFC 7950. o The context node is the root node in the data tree.
alarm-type-id ALARM-TYPE-ID
Compress alarms with this ‘alarm-type-id’.
ALARM-TYPE-ID
Identifies an alarm type. The description of the alarm type id MUST indicate whether or not the alarm type is abstract. An abstract alarm type is used as a base for other alarm type ids and will not be used as a value for an alarm or be present in the alarm inventory.
alarm-type-qualifier ALARM-TYPE-QUALIFIER
Compress the alarms with this ‘alarm-type-qualifier’.
ALARM-TYPE-QUALIFIER
If an alarm type cannot be fully specified at design time by ‘alarm-type-id’, this string qualifier is used in addition to fully define a unique alarm type. The definition of alarm qualifiers is considered to be part of the instrumentation and is out of scope for this module. An empty string is used when this is part of a key.
Output Data¶
compressed-alarms <uint32>
Number of compressed alarm entries.
cmd twamp ping¶
Note
requires a Product License.
vsr> cmd twamp ping [vrf VRF] [l3vrf <string>] server SERVER [source SOURCE] sender-udp-port-range SENDER-UDP-PORT-RANGE \
... [reflector-udp-port REFLECTOR-UDP-PORT] [packet-count <10-1000>] \
... [packet-interval <100-10000>] [packet-tos <0-255>]
Start a twamp session.
Input Parameters¶
vrf VRF
The VRF in which to start the TWAMP client.
VRF
valuesDescription
main
The main vrf.
<string>
The vrf name.
l3vrf <string>
Specify the l3vrf.
server SERVER
(mandatory)The server on which the client will connect to. This is also the IP used for the test session.
SERVER
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
source SOURCE
The source IP used to reach the server and make the test.
SOURCE
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
sender-udp-port-range SENDER-UDP-PORT-RANGE
(mandatory)The sender port or port range used for the test.
SENDER-UDP-PORT-RANGE
A single port or a range between 1025 and 65535. Examples: 10000-20000.
reflector-udp-port REFLECTOR-UDP-PORT
The UDP port to be used by the reflector for the test.
REFLECTOR-UDP-PORT
A 16-bit port number used by a transport protocol such as TCP or UDP.
packet-count <10-1000>
Number of packets to send during the session.
packet-interval <100-10000>
The delay between each TWAMP-Test packet in milliseconds.
packet-tos <0-255>
The type of service to use in test packets (IPv4 only).
cmd aaa query¶
vsr> cmd aaa query radius [source SOURCE] username <string> password <string> address ADDRESS \
... [port <uint16>] secret <string> [details] [vrf VRF] tacacs [source SOURCE] \
... username <string> password <string> address ADDRESS [port <uint16>] \
... secret <string> [details] [vrf VRF]
Query AAA connectivity services.
Input Parameters¶
radius
Input parameters with Radius default port value.
source SOURCE
The source IP address used to reach the server.
SOURCE
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
username <string>
(mandatory)Username to test.
password <string>
(mandatory)User associated password.
address ADDRESS
(mandatory)Network Access Server address.
ADDRESS
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
port <uint16>
Network Access Server port.
secret <string>
(mandatory)Network Access Server secret.
details
If defined, includes AAA output details.
vrf VRF
Execute the AAA query on the designated VRF.
VRF
valuesDescription
main
The main vrf.
<string>
The vrf name.
tacacs
Input parameters with Tacacs default port value.
source SOURCE
The source IP address used to reach the server.
SOURCE
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
username <string>
(mandatory)Username to test.
password <string>
(mandatory)User associated password.
address ADDRESS
(mandatory)Network Access Server address.
ADDRESS
valuesDescription
<ipv4-address>
An IPv4 address.
<ipv6-address>
An IPv6 address.
port <uint16>
Network Access Server port.
secret <string>
(mandatory)Network Access Server secret.
details
If defined, includes AAA output details.
vrf VRF
Execute the AAA query on the designated VRF.
VRF
valuesDescription
main
The main vrf.
<string>
The vrf name.
Output Data¶
service <string>
AAA service name that returned the response.
username <string>
Username returned by the AAA service.
password <string>
Password returned by the AAA service.
address <string>
Network Access Server address returned by the AAA service.
port <uint32>
Network Access Server port returned by the AAA service.
success true|false
(mandatory)AAA query success state.
details <string>
AAA query details.