3.2.1. cmd

Execute remote commands on the NETCONF server.

cmd banner

vsr> cmd banner pre-login [message <string>] [reset]
vsr> cmd banner post-login [message <string>] [reset]

Manage login banner.

Input Parameters

pre-login

Manage banner before a user logs in.

message <string>

Message to display.

reset

Reset message to factory defaults.

post-login

Manage banner after a user logs in.

message <string>

Message to display.

reset

Reset message to factory defaults.

cmd reboot

vsr> cmd reboot [delay <uint32>] [cancel] [force]

Schedule a system reboot after a grace period.

Input Parameters

delay <uint32>

The number of seconds to wait before reboot. During that time, it is possible to cancel the reboot.

cancel

If defined, cancel a pending reboot.

force

If defined, force reboot even if startup configuration is different than running configuration.

cmd poweroff

vsr> cmd poweroff [delay <uint32>] [cancel] [force]

Schedule a system poweroff after a grace period.

Input Parameters

delay <uint32>

The number of seconds to wait before poweroff. During that time, it is possible to cancel the poweroff.

cancel

If defined, cancel a pending poweroff.

force

If defined, force poweroff even if startup configuration is different than running configuration.

cmd ping

vsr> cmd ping [vrf <string>] [l3vrf <string>] [count <uint16>] [packetsize <uint16>] \
...            [nodns] [ipv6] [source <string>] [rate <uint16>] <destination>

Send ICMP ECHO_REQUEST messages to network hosts and print their responses.

Input Parameters

vrf <string>

The VRF in which to send the ICMP ECHO_REQUESTs. By default, they are sent in the ‘main’ vrf.

l3vrf <string>

Specify the l3vrf.

count <uint16>

Stop after sending count ECHO_REQUEST packets.

packetsize <uint16>

Specifies the number of data bytes to be sent. The default is 56, which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.

nodns

Numeric output only. No attempt will be made to lookup symbolic names for host addresses.

ipv6

Force IPv6 operation only. By default, it is detected from the destination. If destination is a host name, ipv4 is used by default unless this flag is set.

source <string>

Either an address, or an interface name. If interface is an address, it sets source address to specified interface address. If interface in an interface name, it sets source interface to specified interface. For IPv6, when doing ping to a link-local scope address, link specification (by the ‘%’-notation in destination, or by this option) is required.

rate <uint16>

The number of packets to send per second. By default, 1 packet is sent every second.

<destination> (mandatory)

The destination host (name or IP address).

cmd traceroute

vsr> cmd traceroute [vrf <string>] [l3vrf <string>] [nodns] [ipv6] [source SOURCE] \
...            [source-interface <string>] <host>

Display the route (path) that was used to connect to a certain IP address or hostname. It also measures the transit delays among hops.

Input Parameters

vrf <string>

The VRF in which the packets are sent by traceroute. By default, they are sent in the ‘main’ vrf.

l3vrf <string>

Specify the l3vrf.

nodns

Do not try to map IP addresses to host names when displaying them.

ipv6

Force IPv6 operation only. By default, it is detected from the destination. If destination is a host name, ipv4 is used by default unless this flag is set.

source SOURCE

Chooses an alternative source address. Note that an address of one of the interfaces must be selected. By default, the address of the outgoing interface is used.

SOURCE

An IPv4 or IPv6 address.

source-interface <string>

Specifies the interface through which traceroute should send packets. By default, the interface is selected according to the routing table.

<host> (mandatory)

The destination host (name or IP address).

cmd traffic-capture

vsr> cmd traffic-capture [vrf <string>] [count <uint16>] [filter <pcap-expr>] <ifname> \
...            [details]

Print traffic flowing on a network interface.

Input Parameters

vrf <string>

The VRF in which to capture traffic. This must be the VRF the interface belongs to. By default, the interface is assumed to be in the ‘main’ vrf.

count <uint16>

Stop after capturing count packets.

filter <pcap-expr>

Optional filter expression. This must be a valid PCAP filter. See https://www.tcpdump.org/manpages/pcap-filter.7.html for more details.

<ifname> (mandatory)

The name of the network interface on which to monitor traffic.

details

Show verbose packets.

cmd traffic-capture new

vsr> cmd traffic-capture new [name <name>] [vrf <string>] [count <uint16>] [filter <pcap-expr>] \
...            <ifname>

Capture traffic flowing on a network interface.

Input Parameters

name <name>

The name of the capture file. If not set a unique name will be automatically chosen (in format YYYY-MM-DD_HH-MM-SS.<ifname>.pcap). otherwise, if the file already exists it will be overwritten.

vrf <string>

The VRF in which to capture traffic. This must be the VRF the interface belongs to. By default, the interface is assumed to be in the ‘main’ vrf.

count <uint16>

Stop after capturing count packets.

filter <pcap-expr>

Optional filter expression. This must be a valid PCAP filter. See https://www.tcpdump.org/manpages/pcap-filter.7.html for more details.

<ifname> (mandatory)

The name of the network interface on which to monitor traffic.

cmd traffic-capture list

vsr> cmd traffic-capture list 

List captured traffic flow.

cmd traffic-capture read

vsr> cmd traffic-capture read <name>

Read a captured traffic flow.

Input Parameters

<name> (mandatory)

The name of the capture to read.

cmd traffic-capture export

vsr> cmd traffic-capture export [vrf <string>] url URL [user <string>] [password <string>] <name>

Export a captured traffic flow.

Input Parameters

vrf <string>

The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.

url URL (mandatory)

The destination URL.

URL values	Description
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<smtp-url>	An SMTP(S) email URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

<name> (mandatory)

The name of the capture to export.

cmd traffic-capture flush

vsr> cmd traffic-capture flush 

Flush all captured traffic flow.

cmd traffic-capture delete

vsr> cmd traffic-capture delete <name>

Delete a captured traffic flow.

Input Parameters

<name> (mandatory)

The name of the capture to delete.

cmd identify-port

vsr> cmd identify-port NAME [duration <uint16>]

Initiate adapter-specific action intended to enable an operator to easily identify a physical network interface by sight. Typically this involves blinking one or more LEDs on the specific network port.

Input Parameters

NAME (mandatory)

The port name.

NAME	PCI port name.

duration <uint16>

Length of time to perform the identification, in seconds.

cmd certificate cmp enroll

vsr> cmd certificate cmp enroll [vrf VRF] url URL ca-name CA-NAME name NAME secret <string> [issuer ISSUER] \
...            subject SUBJECT [private-key-length <uint16>] [san <string>]

Enroll a certificate using CMP protocol.

Input Parameters

vrf VRF

The vrf in which CMP exchanges are performed.

VRF	The vrf name.

url URL (mandatory)

The HTTP URL of the CMP server where enrollment requests will be addressed.

URL	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.

ca-name CA-NAME (mandatory)

The name of the CMP server certificate. It may be the certificate authority itself, or a registration authority. This certificate must be imported to the database before any update request.

CA-NAME

Certificate name.

name NAME (mandatory)

The Name of the certificate to be enrolled.

NAME	Certificate name.

secret <string> (mandatory)

The passphrase used to protect the outgoing messages and for validating the incoming messages.

issuer ISSUER

The distinguished name (DN) of the issuer to use in the requested certificate, i.e. the name of the certificate authority that should issue this certificate, example: /CN=6WIND/O=IT. By default, the subject of the ca-name certificate.

ISSUER

X500 Distinguished Name.

subject SUBJECT (mandatory)

The distinguished name (DN) of the subject to use in the requested certificate, example: /CN=6WIND/O=IT.

SUBJECT

X500 Distinguished Name.

private-key-length <uint16>

The length of the private key used to generate the end user certificate.

san <string>

One or more IP addresses, DNS names, or URIs separated by commas to add as Subject Alternative Name(s) in the certificate extension extension, example: 10.1.2.3,6wind.com,http://trustcer.xy/enrollcert/.

cmd certificate cmp update

vsr> cmd certificate cmp update [vrf VRF] url URL ca-name CA-NAME name NAME [private-key-length <uint16>] \
...            [san <string>]

Update a certificate using CMP protocol.

Input Parameters

vrf VRF

The vrf in which CMP exchanges are performed.

VRF	The vrf name.

url URL (mandatory)

The HTTP URL of the CMP server where update requests will be addressed.

URL	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.

ca-name CA-NAME (mandatory)

The name of the CMP server certificate. It may be the certificate authority itself, or a registration authority. This certificate must be imported to the database before any update request.

CA-NAME

Certificate name.

name NAME (mandatory)

The name of the certificate to be updated.

NAME	Certificate name.

private-key-length <uint16>

The length of the private key used to generate the end user certificate.

san <string>

One or more IP addresses, DNS names, or URIs separated by commas to add as Subject Alternative Name(s) in the certificate extension extension, example: 10.1.2.3,6wind.com,http://trustcer.xy/enrollcert/.

cmd system-image

vsr> cmd system-image install-on-disk [backup-url BACKUP-URL] [user <string>] [password <string>] \
...            <device>
vsr> cmd system-image import [name <name>] [vrf <string>] [user <string>] [password <string>] \
...            URL [md5 MD5] [force]
vsr> cmd system-image delete <name>
vsr> cmd system-image list
vsr> cmd system-image rename <name> new-name <string>
vsr> cmd system-image set-default [<name>]
vsr> cmd system-image set-next [<name>]

Manage system images.

Input Parameters

install-on-disk

Install the system on a specific device.

backup-url BACKUP-URL

The URL where the backup files are stored.

BACKUP-URL values	Description
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

<device> (mandatory)

The device on which to install the currently booted image (example: sda).

import

Import a new system .update image from a remote URL.

name <name>

The custom name to assign of the .update image.

vrf <string>

The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

URL (mandatory)

The URL from which to download the .update image.

URL values	Description
<http[s]://[user[:passwd]@]host[:port]/path/to/file.update>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp://[user[:passwd]@]host[:port]/path/to/file.update>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp://[user[:passwd]@]host[:port]/path/to/file.update>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp://[user[:passwd]@]host[:port]/path/to/file.update>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp://host[:port]/path/to/file.update>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].

md5 MD5

The md5 hexadecimal digest or its URL.

MD5 values	Description
<http[s]://[user[:passwd]@]host[:port]/path/to/file.update>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp://[user[:passwd]@]host[:port]/path/to/file.update>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp://[user[:passwd]@]host[:port]/path/to/file.update>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp://[user[:passwd]@]host[:port]/path/to/file.update>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp://host[:port]/path/to/file.update>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<md5-hex-digest>	No description.

force

If defined, force system-import even if startup configuration is different than running configuration.

delete

Delete an imported image.

<name> (mandatory)

The name of the image to delete.

list

Display a list of imported images.

rename

Rename an image.

<name> (mandatory)

The current name of the image.

new-name <string> (mandatory)

The new name of the image.

set-default

Set a system image as default boot image.

<name>

The name of the image to set as default.

set-next

Set a system image as next boot image. If it does not boot, the system will reboot to the default image. This option is not available for LVM disks.

<name>

The name of the image to set as next.

cmd backup

vsr> cmd backup import [vrf <string>] url URL [user <string>] [password <string>]
vsr> cmd backup export [vrf <string>] url URL [user <string>] [password <string>]

Import/export backup archives containing configurations, keys, certificates, licenses.

Input Parameters

import

Import backup archive from a remote server. WARNING: it will overwrite current configurations.

vrf <string>

The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.

url URL (mandatory)

The source URL.

URL values	Description
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

export

Export backup archive to a remote server.

vrf <string>

The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.

url URL (mandatory)

The destination URL.

URL values	Description
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<smtp-url>	An SMTP(S) email URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

cmd set-next-boot-params

vsr> cmd set-next-boot-params [intel-iommu true|false] [iommu-allow-unsafe-interrupts true|false] \
...            [ixgbe-allow-unsupported-sfp true|false] [isolate-cpus ISOLATE-CPUS]

Set boot parameters, taking effect at next reboot. Image must be installed on disk.

Input Parameters

intel-iommu true|false

Enable intel iommu driver. Control intel_iommu=on|off kernel option.

iommu-allow-unsafe-interrupts true|false

Enable PCI passthrough on hardware that does not support interrupt remapping, when VM are trusted. Control vfio_iommu_type1.allow_unsafe_interrupts=0|1 kernel option.

ixgbe-allow-unsupported-sfp true|false

Bypass SFPs types restrictions on Intel ixgbe NICs. Control ixgbe.allow_unsupported_sfp=0|1 kernel option.

isolate-cpus ISOLATE-CPUS

Isolate cpus from kernel threads, rcu callbacks, and reduce the scheduler ticks. A good value for this parameter is the fast path coremask.

ISOLATE-CPUS values	Description
<coremask>	A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’.
none	Unset the coremask.

cmd license certificate

vsr> cmd license certificate import [url URL] [user <string>] [password <string>] [content <string>] \
...            serial <string>
vsr> cmd license certificate list
vsr> cmd license certificate delete <string>
vsr> cmd license certificate request-activation serial <string>
vsr> cmd license certificate request-deactivation serial <string>
vsr> cmd license certificate cancel-request

Manage license certificate requests for offline activation through an activation webpage.

Input Parameters

import

Import a license certificate. It will be used to activate the license on the device. The certificate will be deleted when the first configuration using it is committed.

url URL

The URL from which to download the license certificate.

URL values	Description
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

content <string>

The raw contents of the license certificate.

serial <string> (mandatory)

The serial number associated with the license certificate.

list

List downloaded license certificates that not are consumed yet.

delete

Delete a license certificate.

<string> (mandatory)

The name of license certificate to delete.

request-activation

Request an activation certificate for a serial number. The resulting certificate must then be entered on the Licensing User Portal, in the Offline Activation tab. The resulting certificate must be imported using the cmd license certificate import command. The licensing has to be disabled in configuration to use this rpc.

serial <string> (mandatory)

The serial number associated to this activation request.

request-deactivation

Request an deactivation certificate for a serial number. The resulting certificate must then be entered on the Licensing User Portal, in the Offline Activation tab. Requesting the certificate will disable the license on this device. The licensing has to be disabled in configuration to use this rpc.

serial <string> (mandatory)

The serial number associated to this deactivation request.

cancel-request

Cancel any request in progress.

cmd license file

vsr> cmd license file import [url URL] [user <string>] [password <string>] [content <string>] \
...            serial <string>
vsr> cmd license file list
vsr> cmd license file delete <string>

Manage license files.

Input Parameters

import

Import a license file.

url URL

The URL from which to download the license file.

URL values	Description
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

content <string>

The raw contents of the license file.

serial <string> (mandatory)

The serial number associated with the license file. It will be used as reference in the configuration.

list

List downloaded license files.

delete

Delete a license file.

<string> (mandatory)

The name of license file to delete.

cmd license refresh

vsr> cmd license refresh 

Refresh the license.

cmd troubleshooting-report

vsr> cmd troubleshooting-report list
vsr> cmd troubleshooting-report delete <name>
vsr> cmd troubleshooting-report flush
vsr> cmd troubleshooting-report new
vsr> cmd troubleshooting-report export [vrf <string>] url URL [user <string>] [password <string>] \
...            <name>

Manage troubleshooting reports.

Input Parameters

list

List existing troubleshooting reports.

delete

Delete an existing troubleshooting report.

<name> (mandatory)

The name of the report to delete.

flush

Delete all existing troubleshooting reports.

new

Generate a new troubleshooting report.

export

Export an existing troubleshooting report to a remote server via SFTP.

vrf <string>

The VRF in which remote access is done. By default, they are sent in the ‘main’ vrf.

url URL (mandatory)

The destination URL.

URL values	Description
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<smtp-url>	An SMTP(S) email URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

<name> (mandatory)

The name of the report to export.

cmd dns proxy clear-cache

vsr> cmd dns proxy clear-cache [vrf <string>]

Clear DNS proxy cache.

Input Parameters

vrf <string>

Specify the VRF.

cmd dhcp-client renew-lease

vsr> cmd dhcp-client renew-lease [vrf <string>] [l3vrf <string>] IFNAME

Renew DHCP client lease period.

Input Parameters

vrf <string>

Specify the VRF.

l3vrf <string>

Specify the l3vrf.

IFNAME (mandatory)

The interface name.

IFNAME

An interface name.

cmd bgp rpki ssh-key create

Note

requires a Product License.

vsr> cmd bgp rpki ssh-key create type TYPE name <string>

Create SSH keys.

Input Parameters

type TYPE (mandatory)

SSH key type.

TYPE values	Description
rsa-1024	RSA in 1024 bits.
rsa-2048	RSA in 2048 bits.
rsa-4096	RSA in 4096 bits.
ecdsa-256	ECDSA in 256 bits.
ecdsa-384	ECDSA in 384 bits.
ecdsa-521	ECDSA in 521 bits.
ed25519	EDDSA in 25519 bits.

name <string> (mandatory)

Name of the new key pair.

cmd bgp rpki ssh-key list

Note

requires a Product License.

vsr> cmd bgp rpki ssh-key list [detail]

List SSH keys.

Input Parameters

detail

Show public key.

cmd bgp rpki ssh-key delete

Note

requires a Product License.

vsr> cmd bgp rpki ssh-key delete <string>

Delete SSH keys.

Input Parameters

<string> (mandatory)

Delete an existing key pair.

cmd bgp rpki ssh-host add

Note

requires a Product License.

vsr> cmd bgp rpki ssh-host add HOST [port PORT] [vrf VRF]

Add host to routing known hosts.

Input Parameters

HOST (mandatory)

Host name to add to known hosts.

HOST

The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

port PORT

Use a specific port to join the remote host.

PORT	A 16-bit port number used by a transport protocol such as TCP or UDP.

vrf VRF

Specify the VRF.

VRF	The vrf name.

cmd bgp rpki ssh-host delete

Note

requires a Product License.

vsr> cmd bgp rpki ssh-host delete HOST-NAME

Delete host from routing known hosts.

Input Parameters

HOST-NAME (mandatory)

Host name to remove from known hosts.

HOST-NAME

The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

cmd certificate import

Note

requires a Product License.

vsr> cmd certificate import [vrf VRF] [name NAME] url URL [private-key-url PRIVATE-KEY-URL] \
...            [user <string>] [password <string>] [force]

Import a X509 certificate from network, in PEM format.

Input Parameters

vrf VRF

The vrf in which the import is performed.

VRF	The vrf name.

name NAME

The name to assign of the certificate.

NAME	Certificate name.

url URL (mandatory)

The URL from which to download the certificate in PEM format.

URL values	Description
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].

private-key-url PRIVATE-KEY-URL

The URL from which to download the certificate private key in PEM format.

PRIVATE-KEY-URL values	Description
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].

user <string>

Both the url and private-key-url user name (NOT URL-encoded). If specified, the user name must NOT be included in the URLs.

password <string>

Both the url and private-key-url password (NOT URL-encoded). If specified, the password must NOT be included in the URLs.

force

Delete the certificate if it exists, this will allow update behavior for the import command.

cmd certificate export

Note

requires a Product License.

vsr> cmd certificate export [vrf VRF] [name NAME] url URL [user <string>] [password <string>]

Export a X509 certificate in PEM format.

Input Parameters

vrf VRF

The vrf in which the export is performed.

VRF	The vrf name.

name NAME

The name of the certificate.

NAME	Certificate name.

url URL (mandatory)

The URL where the certificate is updloaded.

URL values	Description
<http-url>	An HTTP(S) file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<sftp-url>	An SFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<scp-url>	An SCP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<ftp-url>	An FTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2]. The :/?#[]@!$&’()*+,;= characters in the user and password must be percent-encoded (e.g: ‘?’ becomes ‘%3f’). See RFC 3986 section 2.1. For convenience, you should use the separate user and password fields.
<tftp-url>	A TFTP file URL. IPv6 addresses must be surrounded by square brackets [1234:bada::2].

user <string>

The URL user name (not percent-encoded). If specified, the user name should not be included in the URL.

password <string>

The URL password (not percent-encoded). If specified, the user name should not be included in the URL.

cmd certificate add

Note

requires a Product License.

vsr> cmd certificate add [name NAME] data <string> [private-key <string>]

Add a X509 certificate in PEM format.

Input Parameters

name NAME

The name to assign to the certificate.

NAME	Certificate name.

data <string> (mandatory)

PEM-encoded X509 certificate.

private-key <string>

PEM-encoded X509 private key.

cmd certificate delete

Note

requires a Product License.

vsr> cmd certificate delete name NAME

Delete a X509 certificate.

Input Parameters

name NAME (mandatory)

The name of the certificate.

NAME	Certificate name.

cmd compress-alarm

vsr> cmd compress-alarm [resource RESOURCE] [alarm-type-id ALARM-TYPE-ID] [alarm-type-qualifier ALARM-TYPE-QUALIFIER]

This operation requests that the server compress entries in the alarm list by removing all but the latest ‘status-change’ entry for all matching alarms. Conditions in the input are logically ANDed. If no input condition is given, all alarms are compressed.

Input Parameters

resource RESOURCE

Compress the alarms matching this resource.

RESOURCE

This type is used to match resources of type ‘resource’. Since the type ‘resource’ is a union of different types, the ‘resource-match’ type is also a union of corresponding types. If the type is given as an XPath 1.0 expression, a resource of type ‘instance-identifier’ matches if the instance is part of the node set that is the result of evaluating the XPath 1.0 expression. For example, the XPath 1.0 expression: /ietf-interfaces:interfaces/ietf-interfaces:interface [ietf-interfaces:type=’ianaift:ethernetCsmacd’] would match the resource instance-identifier: /if:interfaces/if:interface[if:name=’eth1’], assuming that the interface ‘eth1’ is of type ‘ianaift:ethernetCsmacd’. If the type is given as an object identifier, a resource of type ‘object-identifier’ matches if the match object identifier is a prefix of the resource’s object identifier. For example, the value: 1.3.6.1.2.1.2.2 would match the resource object identifier: 1.3.6.1.2.1.2.2.1.1.5 If the type is given as an UUID or a string, it is interpreted as an XML Schema regular expression, which matches a resource of type ‘yang:uuid’ or ‘string’ if the given regular expression matches the resource string. If the type is given as an XPath expression, it is evaluated in the following XPath context: o The set of namespace declarations is the set of prefix and namespace pairs for all YANG modules implemented by the server, where the prefix is the YANG module name and the namespace is as defined by the ‘namespace’ statement in the YANG module. If a leaf of this type is encoded in XML, all namespace declarations in scope on the leaf element are added to the set of namespace declarations. If a prefix found in the XML is already present in the set of namespace declarations, the namespace in the XML is used. o The set of variable bindings is empty. o The function library is the core function library, and the functions are defined in Section 10 of RFC 7950. o The context node is the root node in the data tree.

alarm-type-id ALARM-TYPE-ID

Compress alarms with this ‘alarm-type-id’.

ALARM-TYPE-ID

Identifies an alarm type. The description of the alarm type id MUST indicate whether or not the alarm type is abstract. An abstract alarm type is used as a base for other alarm type ids and will not be used as a value for an alarm or be present in the alarm inventory.

alarm-type-qualifier ALARM-TYPE-QUALIFIER

Compress the alarms with this ‘alarm-type-qualifier’.

ALARM-TYPE-QUALIFIER

If an alarm type cannot be fully specified at design time by ‘alarm-type-id’, this string qualifier is used in addition to fully define a unique alarm type. The definition of alarm qualifiers is considered to be part of the instrumentation and is out of scope for this module. An empty string is used when this is part of a key.

Output Data

compressed-alarms <uint32>

Number of compressed alarm entries.