7 There are five routing daemons in use, and there is one manager daemon.
8 These daemons may be located on separate machines from the manager
9 daemon. Each of these daemons will listen on a particular port for
10 incoming VTY connections. The routing daemons are:
19 The following sections discuss commands common to all the routing
27 .. index:: Configuration files for running the software
29 .. index:: Files for running configurations
31 .. index:: Modifying the herd's behavior
33 .. index:: Getting the herd running
35 In a config file, you can write the debugging options, a vty's password,
36 routing daemon configurations, a log file name, and so forth. This
37 information forms the initial command set for a routing beast as it is
40 Config files are generally found in |INSTALL_PREFIX_ETC|.
42 Each of the daemons has its own config file. The daemon name plus ``.conf`` is
43 the default config file name. For example, zebra's default config file name is
44 :file:`zebra.conf`. You can specify a config file using the :option:`-f` or
45 :option:`--config_file` options when starting the daemon.
47 .. _basic-config-commands:
52 .. index:: hostname HOSTNAME
54 .. clicmd:: hostname HOSTNAME
56 Set hostname of the router.
59 single: no password PASSWORD
60 single: password PASSWORD
62 .. clicmd:: [no] password PASSWORD
64 Set password for vty interface. The ``no`` form of the command deletes the
65 password. If there is no password, a vty won't accept connections.
68 single: no enable password PASSWORD
69 single: enable password PASSWORD
71 .. clicmd:: [no] enable password PASSWORD
73 Set enable password. The ``no`` form of the command deletes the enable
77 single: no log trap [LEVEL]
78 single: log trap LEVEL
80 .. clicmd:: [no] log trap LEVEL
82 These commands are deprecated and are present only for historical
83 compatibility. The log trap command sets the current logging level for all
84 enabled logging destinations, and it sets the default for all future logging
85 commands that do not specify a level. The normal default logging level is
86 debugging. The ``no`` form of the command resets the default level for future
87 logging commands to debugging, but it does not change the logging level of
88 existing logging destinations.
91 single: no log stdout [LEVEL]
92 single: log stdout [LEVEL]
94 .. clicmd:: [no] log stdout LEVEL
96 Enable logging output to stdout. If the optional second argument specifying
97 the logging level is not present, the default logging level (typically
98 debugging, but can be changed using the deprecated ``log trap`` command) will
99 be used. The ``no`` form of the command disables logging to stdout. The
100 ``LEVEL`` argument must have one of these values: emergencies, alerts,
101 critical, errors, warnings, notifications, informational, or debugging. Note
102 that the existing code logs its most important messages with severity
106 single: no log file [FILENAME [LEVEL]]
107 single: log file FILENAME [LEVEL]
109 .. clicmd:: [no] log file [FILENAME [LEVEL]]
111 If you want to log into a file, please specify ``filename`` as
114 log file /var/log/frr/bgpd.log informational
116 If the optional second argument specifying the logging level is not present,
117 the default logging level (typically debugging, but can be changed using the
118 deprecated ``log trap`` command) will be used. The ``no`` form of the command
119 disables logging to a file. *Note:* if you do not configure any file logging,
120 and a daemon crashes due to a signal or an assertion failure, it will attempt
121 to save the crash information in a file named /var/tmp/frr.<daemon
122 name>.crashlog. For security reasons, this will not happen if the file exists
123 already, so it is important to delete the file after reporting the crash
127 single: no log syslog [LEVEL]
128 single: log syslog [LEVEL]
130 .. clicmd:: [no] log syslog [LEVEL]
132 Enable logging output to syslog. If the optional second argument specifying
133 the logging level is not present, the default logging level (typically
134 debugging, but can be changed using the deprecated ``log trap`` command) will
135 be used. The ``no`` form of the command disables logging to syslog.
138 single: no log monitor [LEVEL]
139 single: log monitor [LEVEL]
141 .. clicmd:: [no] log monitor [LEVEL]
143 Enable logging output to vty terminals that have enabled logging using the
144 ``terminal monitor`` command. By default, monitor logging is enabled at the
145 debugging level, but this command (or the deprecated ``log trap`` command) can
146 be used to change the monitor logging level. If the optional second argument
147 specifying the logging level is not present, the default logging level
148 (typically debugging, but can be changed using the deprecated ``log trap``
149 command) will be used. The ``no`` form of the command disables logging to
153 single: no log facility [FACILITY]
154 single: log facility [FACILITY]
156 .. clicmd:: [no] log facility [FACILITY]
158 This command changes the facility used in syslog messages. The default
159 facility is ``daemon``. The ``no`` form of the command resets
160 the facility to the default ``daemon`` facility.
163 single: no log record-priority
164 single: log record-priority
166 .. clicmd:: [no] log record-priority
168 To include the severity in all messages logged to a file, to stdout, or to
169 a terminal monitor (i.e. anything except syslog),
170 use the ``log record-priority`` global configuration command.
171 To disable this option, use the ``no`` form of the command. By default,
172 the severity level is not included in logged messages. Note: some
173 versions of syslogd (including Solaris) can be configured to include
174 the facility and level in the messages emitted.
177 single: log timestamp precision (0-6)
178 single: [no] log timestamp precision (0-6)
180 .. clicmd:: [no] log timestamp precision [(0-6)]
182 This command sets the precision of log message timestamps to the given number
183 of digits after the decimal point. Currently, the value must be in the range
184 0 to 6 (i.e. the maximum precision is microseconds). To restore the default
185 behavior (1-second accuracy), use the ``no`` form of the command, or set the
186 precision explicitly to 0.
190 log timestamp precision 3
192 In this example, the precision is set to provide timestamps with
193 millisecond accuracy.
195 .. index:: log commands
197 .. clicmd:: log commands
199 This command enables the logging of all commands typed by a user to
200 all enabled log destinations. The note that logging includes full
201 command lines, including passwords. Once set, command logging can only
202 be turned off by restarting the daemon.
204 .. index:: service password-encryption
206 .. clicmd:: service password-encryption
210 .. index:: service advanced-vty
212 .. clicmd:: service advanced-vty
214 Enable advanced mode VTY.
216 .. index:: service terminal-length (0-512)
218 .. clicmd:: service terminal-length (0-512)
220 Set system wide line configuration. This configuration command applies
221 to all VTY interfaces.
227 Enter vty configuration mode.
229 .. index:: banner motd default
231 .. clicmd:: banner motd default
233 Set default motd string.
235 .. index:: no banner motd
237 .. clicmd:: no banner motd
239 No motd banner string will be printed.
241 .. index:: exec-timeout MINUTE [SECOND]
243 .. clicmd:: exec-timeout MINUTE [SECOND]
245 Set VTY connection timeout value. When only one argument is specified
246 it is used for timeout value in minutes. Optional second argument is
247 used for timeout value in seconds. Default timeout value is 10 minutes.
248 When timeout value is zero, it means no timeout.
250 .. index:: no exec-timeout
252 .. clicmd:: no exec-timeout
254 Do not perform timeout at all. This command is as same as *exec-timeout 0 0*.
256 .. index:: access-class ACCESS-LIST
258 .. clicmd:: access-class ACCESS-LIST
260 Restrict vty connections with an access list.
262 .. _sample-config-file:
267 Below is a sample configuration file for the zebra daemon.
272 ! Zebra configuration file
276 enable password zebra
283 '!' and '#' are comment characters. If the first character of the word
284 is one of the comment characters then from the rest of the line forward
285 will be ignored as a comment.
289 password zebra!password
291 If a comment character is not the first character of the word, it's a
292 normal character. So in the above example '!' will not be regarded as a
293 comment and the password is set to 'zebra!password'.
295 .. _terminal-mode-commands:
297 Terminal Mode Commands
298 ======================
300 .. index:: write terminal
302 .. clicmd:: write terminal
304 Displays the current configuration to the vty interface.
306 .. index:: write file
308 .. clicmd:: write file
310 Write current configuration to configuration file.
312 .. index:: configure terminal
314 .. clicmd:: configure terminal
316 Change to configuration mode. This command is the first step to
319 .. index:: terminal length (0-512)
321 .. clicmd:: terminal length (0-512)
323 Set terminal display length to ``(0-512)``. If length is 0, no
324 display control is performed.
330 Show a list of currently connected vty sessions.
336 List all available commands.
338 .. index:: show version
340 .. clicmd:: show version
342 Show the current version of |PACKAGE_NAME| and its build host information.
344 .. index:: show logging
346 .. clicmd:: show logging
348 Shows the current configuration of the logging system. This includes
349 the status of all logging destinations.
351 .. index:: logmsg LEVEL MESSAGE
353 .. clicmd:: logmsg LEVEL MESSAGE
355 Send a message to all logging destinations that are enabled for messages
356 of the given severity.
358 .. _common-invocation-options:
360 Common Invocation Options
361 =========================
363 These options apply to all |PACKAGE_NAME| daemons.
366 .. option:: -d, --daemon
370 .. option:: -f, --config_file <file>
372 Set configuration file name.
374 .. option:: -h, --help
376 Display this help and exit.
378 .. option:: -i, --pid_file <file>
380 Upon startup the process identifier of the daemon is written to a file,
381 typically in :file:`/var/run`. This file can be used by the init system
382 to implement commands such as ``.../init.d/zebra status``,
383 ``.../init.d/zebra restart`` or ``.../init.d/zebra stop``.
385 The file name is an run-time option rather than a configure-time option
386 so that multiple routing daemons can be run simultaneously. This is
387 useful when using |PACKAGE_NAME| to implement a routing looking glass. One
388 machine can be used to collect differing routing views from differing
389 points in the network.
391 .. option:: -A, --vty_addr <address>
393 Set the VTY local address to bind to. If set, the VTY socket will only
394 be bound to this address.
396 .. option:: -P, --vty_port <port>
398 Set the VTY TCP port number. If set to 0 then the TCP VTY sockets will not
401 .. option:: -u <user>
403 Set the user and group to run as.
405 .. option:: -v, --version
407 Print program version.
409 .. _loadable-module-support:
411 Loadable Module Support
412 =======================
414 FRR supports loading extension modules at startup. Loading, reloading or
415 unloading modules at runtime is not supported (yet). To load a module, use
416 the following command line option at daemon startup:
419 .. option:: -M, --module <module:options>
421 Load the specified module, optionally passing options to it. If the module
422 name contains a slash (/), it is assumed to be a full pathname to a file to
423 be loaded. If it does not contain a slash, the |INSTALL_PREFIX_MODULES|
424 directory is searched for a module of the given name; first with the daemon
425 name prepended (e.g. ``zebra_mod`` for ``mod``), then without the daemon
428 This option is available on all daemons, though some daemons may not have
429 any modules available to be loaded.
434 If SNMP is enabled during compile-time and installed as part of the package,
435 the ``snmp`` module can be loaded for the *zebra*, *bgpd*, *ospfd*, *ospf6d*
438 The module ignores any options passed to it. Refer to :ref:`snmp-support`
439 for information on its usage.
444 If FPM is enabled during compile-time and installed as part of the package, the
445 ``fpm`` module can be loaded for the *zebra* daemon. This provides the
446 Forwarding Plane Manager ("FPM") API.
448 The module expects its argument to be either ``Netlink`` or ``protobuf``,
449 specifying the encapsulation to use. ``Netlink`` is the default, and
450 ``protobuf`` may not be available if the module was built without protobuf
451 support. Refer to :ref:`zebra-fib-push-interface` for more information.
453 .. _virtual-terminal-interfaces:
455 Virtual Terminal Interfaces
456 ===========================
458 VTY -- Virtual Terminal [aka TeletYpe] Interface is a command line
459 interface (CLI) for user interaction with the routing daemon.
466 VTY stands for Virtual TeletYpe interface. It means you can connect to
467 the daemon via the telnet protocol.
469 To enable a VTY interface, you have to setup a VTY password. If there
470 is no VTY password, one cannot connect to the VTY interface at all.
474 % telnet localhost 2601
476 Connected to localhost.
477 Escape character is '^]'.
479 Hello, this is |PACKAGE_NAME| (version |PACKAGE_VERSION|)
482 User Access Verification
486 enable . . . Turn on privileged commands
487 exit . . . Exit current mode and down to previous mode
488 help . . . Description of the interactive help system
489 list . . . Print command list
490 show . . . Show system inform
492 wh. . . Display who is on a vty
495 Router# configure terminal
496 Router(config)# interface eth0
497 Router(config-if)# ip address 10.0.0.1/8
498 Router(config-if)# ^Z
507 There are three basic VTY modes:
509 There are commands that may be restricted to specific VTY modes.
516 This mode is for read-only access to the CLI. One may exit the mode by
517 leaving the system, or by entering `enable` mode.
524 This mode is for read-write access to the CLI. One may exit the mode by
525 leaving the system, or by escaping to view mode.
532 This page is for describing other modes.
534 .. _vty-cli-commands:
539 Commands that you may use at the command-line are described in the following
540 three subsubsections.
542 .. _cli-movement-commands:
544 CLI Movement Commands
545 ^^^^^^^^^^^^^^^^^^^^^
547 These commands are used for moving the CLI cursor. The :kbd:`C` character
548 means press the Control Key.
550 :kbd:`C-f` / :kbd:`LEFT`
551 Move forward one character.
553 :kbd:`C-b` / :kbd:`RIGHT`
554 Move backward one character.
557 Move forward one word.
560 Move backward one word.
563 Move to the beginning of the line.
566 Move to the end of the line.
569 .. _cli-editing-commands:
574 These commands are used for editing text on a line. The :kbd:`C`
575 character means press the Control Key.
578 :kbd:`C-h` / :kbd:`DEL`
579 Delete the character before point.
583 Delete the character after point.
595 Kill to the end of the line.
599 Kill line from the beginning, erasing input.
606 CLI Advanced Commands
607 ^^^^^^^^^^^^^^^^^^^^^
609 There are several additional CLI commands for command line completions,
610 insta-help, and VTY session management.
614 Interrupt current input and moves to the next line.
618 End current configuration session and move to top node.
621 :kbd:`C-n` / :kbd:`DOWN`
622 Move down to next line in the history buffer.
625 :kbd:`C-p` / :kbd:`UP`
626 Move up to previous line in the history buffer.
630 Use command line completion by typing :kbd:`TAB`.
634 You can use command line help by typing ``help`` at the beginning of the
635 line. Typing :kbd:`?` at any point in the line will show possible
638 .. index:: find COMMAND...
639 .. clicmd:: find COMMAND...
641 This commmand performs a simple substring search across all defined commands
642 in all modes. As an example, suppose you're in enable mode and can't
643 remember where the command to turn OSPF segment routing on is:
647 frr# find segment-routing on
648 (ospf) segment-routing on
650 The CLI mode is displayed next to each command. In this example,
651 :clicmd:`segment-routing on` is under the `router ospf` mode.
653 Similarly, suppose you want a listing of all commands that contain "l2vpn":
658 (view) show [ip] bgp l2vpn evpn [json]
659 (view) show [ip] bgp l2vpn evpn all <A.B.C.D|A.B.C.D/M> [json]
660 (view) show [ip] bgp l2vpn evpn all neighbors A.B.C.D advertised-routes [json]
661 (view) show [ip] bgp l2vpn evpn all neighbors A.B.C.D routes [json]
662 (view) show [ip] bgp l2vpn evpn all overlay
668 VTY supports optional modifiers at the end of commands that perform
669 postprocessing on command output or modify the action of commands. These do not
670 show up in the :kbd:`?` or :kbd:`TAB` suggestion lists.
672 ``... | include REGEX``
673 Filters the output of the preceding command, including only lines which
674 match the POSIX Extended Regular Expression ``REGEX``. Do not put the regex
681 frr# show ip bgp sum json | include remoteAs
688 frr# show run | include neigh.*[0-9]{2}\.0\.[2-4]\.[0-9]*
689 neighbor 10.0.2.106 remote-as 99
690 neighbor 10.0.2.107 remote-as 99
691 neighbor 10.0.2.108 remote-as 99
692 neighbor 10.0.2.109 remote-as 99
693 neighbor 10.0.2.110 remote-as 99
694 neighbor 10.0.3.111 remote-as 111