Commands

Mode List

Internal Name

Prompt

Mode Description

access_list

config-access-list

Dynamic Routing Accesss List

acl

config-acl

Access Control List

acl_rule

config-acl-rule

ACL Rule

aspath

config-aspath

AS Path ordered rule

auth

config-user

User Authentication

bfd

config-bfd

Bidirectional Forwarding Detection

bfd_key

config-bfd-key

BFD key

bgp

config-bgp

BGP server

bgp_ip4multi

config-bgp-ip4multi

BGP IPv4 Multicast Address Family

bgp_ip4multi_nbr

config-bgp-ip4multi-nbr

BGP IPv4 Multicast Address Family Neighbor

bgp_ip4uni

config-bgp-ip4uni

BGP IPv4 Unicast Address Family

bgp_ip4uni_nbr

config-bgp-ip4uni-nbr

BGP IPv4 Unicast Address Family Neighbor

bgp_ip6multi

config-bgp-ip6multi

BGP IPv6 Multicast Address Family

bgp_ip6multi_nbr

config-bgp-ip6multi-nbr

BGP IPv6 Multicast Address Family Neighbor

bgp_ip6uni

config-bgp-ip6uni

BGP IPv6 Unicast Address Family

bgp_ip6uni_nbr

config-bgp-ip6uni-nbr

BGP IPv6 Unicast Address Family Neighbor

bgp_neighbor

config-bgp-neighbor

BGP Neighbor

bond

config-bond

Interface bonding

bridge

config-bridge

Bridge

community_list

config-community

BGP community list

config

config

Configuration

frr_bgp

config-frr-bgp

Dynamic Routing BGP

gre

config-gre

Generic Route Encapsulation

host_acl

config-host-acl

Host Access List

host_acl_rule

config-host-acl-rule

Host Access List Rule

host_if

config-host-if

Host interface

http

config-http

HTTP server

ike_authentication

config-ike-auth

IKE peer authentication

ike_authentication_round

config-ike-auth-round

IKE peer authentication round

ike_child

config-ike-child

IKE child SA

ike_child_proposal

config-ike-child-proposal

IKE child SA proposal

ike_identity

config-ike-identity

IKE peer identity

ike_proposal

config-ike-proposal

IKE proposal

interface

config-interface

Interface

ipsec_crypto_ike

config-ipsec-crypto-ike

IKE

ipsec_crypto_manual

config-crypto-manual

IPsec static keying

ipsec_tunnel

config-ipsec-tun

IPsec tunnel

kea_dhcp4

config-kea-dhcp4

DHCP4 Server

kea_dhcp4_log

config-kea-dhcp4-log

DHCP4 Log

kea_dhcp4_log_out

config-kea-dhcp4-log-out

DHCP4 Log output

kea_dhcp4_opt

config-kea-dhcp4-opt

DHCP4 option

kea_subnet4

config-kea-dhcp4-subnet4

DHCP4 subnet4

kea_subnet4_opt

config-kea-subnet4-opt

DHCP4 subnet4 option

kea_subnet4_pool

config-kea-subnet4-pool

DHCP4 subnet4 pool

kea_subnet4_pool_opt

config-kea-subnet4-pool-opt

DHCP4 subnet4 pool option

kea_subnet4_reservation

config-kea-subnet4-reservation

DHCP4 subnet4 host reservation

kea_subnet4_reservation_opt

config-kea-subnet4-reservation-opt

DHCP4 subnet4 host res option

loopback

config-loopback

Loopback interface

macip

config-macip

MAC/IP access control list

macip_rule

config-macip-rule

MACIP Rule

map

config-map

MAP-E/MAP-T

map_param

config-map-param

MAP-E/MAP-T global parameter

master

Initial, priviledged

memif

config-memif

Memif interface

nacm_group

config-nacm-group

NACM group

nacm_rule

config-nacm-rule

NACM rule

nacm_rule_list

config-nacm-rule-list

NACM rule list

nat_reassembly

config-nat-reassembly

NAT reassembly

ntp

config-ntp

NTP

ntp_restrict

config-ntp-restrict

NTP restriction

ntp_server

config-ntp-server

NTP server

prefix_list

config-pref-list

Dynamic routing prefix list

route_dynamic_manager

config-route-dynamic-manager

Dynamic routing manager

route_map

config-rt-map

Route Map

route_table_v4

config-route-table-v4

IPv4 Static Route Table

route_table_v6

config-route-table-v6

IPv6 Static Route Table

rttbl4_next_hop

config-rttbl4-next-hop

IPv4 Next Hop

rttbl6_next_hop

config-rttbl6-next-hop

IPv6 Next Hop

span

config-span

SPAN

subif

config-subif

Sub-interface VLAN

tap

config-tap

Tap

unbound

config-unbound

Unbound DNS Server

unbound_fwd_zone

config-unbound-fwd-zone

Unbound forward-zone

unbound_local_host

config-unbound-local-host

Unbound local host override

unbound_local_zone

config-unbound-local-zone

Unbound local zone override

vxlan

config-vxlan

VXLAN

Master Mode Commands

tnsr# configure [terminal]
tnsr# debug cli [level <n>]
tnsr# debug tnsr (clear|set|value) <flags>
tnsr# debug vmgmt (clear|set|value) <flags>
tnsr# no debug (cli|tnsr|vmgmt)
tnsr# exit
tnsr# ls [-l]
tnsr# ping (<dest-host>|<dest-ip>) [ipv4|ipv6] [interface <if-name>]
        [source <src-addr>] [count <count>] [packet-size <bytes>]
        [ttl <ttl-hops>] [timeout <wait-sec>]
tnsr# pwd
tnsr# shell [<command>]
tnsr# traceroute (<dest-host>|<dest-ip>) [ipv4|ipv6] [interface <if-name>]
        [source <src-addr>] [packet-size <bytes>] [no-dns] [timeout <seconds>]
        [ttl <ttl-hos>] [waittime <wait-sec>]
tnsr# whoami

Package Management Commands

tnsr# package (info|list) [available|installed|updates] [<pkg-name>]
tnsr# package install <pkg-glob>
tnsr# package remove <pkg-glob>
tnsr# package search <term>
tnsr# package upgrade <pkg-glob>

Public Key Infrastructure Commands

tnsr# pki ca list
tnsr# pki ca <name> (append <source-name>|delete|enter|get|import <file>)
tnsr# pki certificate list
tnsr# pki certificate <name> (delete|enter|get|import <file>)
tnsr# pki private-key list
tnsr# pki private-key <name> (delete|enter|get|import <file>)
tnsr# pki private-key <name> generate [key-length (2048|3072|4096)]
tnsr# pki signing-request list
tnsr# pki signing-request <name> (delete|generate|get|sign (ca-name <ca>|self))
tnsr# pki signing-request set (city|common-name|country|org|org-unit|state) <text>
tnsr# pki signing-request set digest (md5|sha1|sha224|sha256|sha384|sha512)
tnsr# pki signing-request settings (clear|show)

Config Mode Commands

tnsr(config)# [no] acl <acl-name>
tnsr(config)# [no] auth user <user-name>
tnsr(config)# [no] bfd conf-key-id <conf-key-id>
tnsr(config)# [no] bfd session <bfd-session>
tnsr(config)# [no] cli option auto-discard
tnsr(config)# configuration candidate clear
tnsr(config)# configuration candidate commit
tnsr(config)# configuration candidate discard
tnsr(config)# configuration candidate load <filename> [(replace|merge)]
tnsr(config)# configuration candidate validate
tnsr(config)# configuration copy candidate startup
tnsr(config)# configuration copy running (candidate|startup)
tnsr(config)# configuration copy startup candidate
tnsr(config)# configuration save (candidate|running) <filename>
tnsr(config)# [no] dataplane cpu corelist-workers [<corelist-workers>]
tnsr(config)# [no] dataplane cpu coremask-workers <coremask-workers>
tnsr(config)# [no] dataplane cpu main-core <main-core>
tnsr(config)# [no] dataplane cpu scheduler-policy (batch|fifo|idle|other|rr)
tnsr(config)# [no] dataplane cpu scheduler-priority <scheduler-priority>
tnsr(config)# [no] dataplane cpu skip-cores <skip-cores>
tnsr(config)# [no] dataplane cpu workers <workers>
tnsr(config)# dataplane dpdk dev <pci-id> (crypto|network)
                   [num-rx-queues [<num-rxqs>]] [num-tx-queues [<num-txqs>]]
                   [vlan-strip-offload (off|on)]
tnsr(config)# dataplane dpdk dev <pci-id> network name <name>
tnsr(config)# no dataplane dpdk dev <pci-id> [name] [num-rx-queues] [num-tx-queues] [vlan-strip-offload]
tnsr(config)# [no] dataplane dpdk no-multi-seg
tnsr(config)# [no] dataplane dpdk no-tx-checksum-offload
tnsr(config)# [no] dataplane dpdk uio-driver [<uio-driver>]
tnsr(config)# [no] dataplane dpdk vdev <sw-dev-type>
tnsr(config)# [no] dataplane ip heap-size [<size>]
tnsr(config)# [no] dataplane ip6 heap-size [<size>]
tnsr(config)# [no] dataplane ip6 hash-buckets [<size>]
tnsr(config)# [no] dataplane nat dslite-ce
tnsr(config)# [no] dataplane nat max-translations-per-user <n>
tnsr(config)# [no] dataplane nat mode (deterministic|endpoint-dependent|simple)
tnsr(config)# [no] dataplane nat mode-options simple (out2in-dpo|static-mapping-only)
tnsr(config)# [no] dataplane statseg heap-size <heap-size>[kKmMgG]
tnsr(config)# [no] dataplane statseg per-node-counters enable
tnsr(config)# [no] dataplane statseg socket-name <socket-name>
tnsr(config)# debug cli [level <n>]
tnsr(config)# debug tnsr (clear|set|value) <flags>
tnsr(config)# debug vmgmt (clear|set|value) <flags>
tnsr(config)# no debug (cli|tnsr|vmgmt)
tnsr(config)# dhcp4 (enable|disable)
tnsr(config)# [no] dhcp4 server
tnsr(config)# dslite aftr endpoint <ip6-address>
tnsr(config)# dslite b4 endpoint <ip6-address>
tnsr(config)# dslite pool address <ipv4-addr-first> [- <ipv4-addr-last>]
tnsr(config)# no dslite [pool address]
tnsr(config)# exit
tnsr(config)# [no] gre <gre-name>
tnsr(config)# [no] host acl <acl-name>
tnsr(config)# [no] host interface <host-if-name>
tnsr(config)# http (enable|disable)
tnsr(config)# [no] http server
tnsr(config)# [no] interface <if-name>
tnsr(config)# interface clear counters [<interface>]
tnsr(config)# [no] interface bond <instance>
tnsr(config)# [no] interface bridge domain <domain-id>
tnsr(config)# [no] interface loopback <name>
tnsr(config)# [no] interface memif interface <id>
tnsr(config)# [no] interface memif socket id <id> filename <file>
tnsr(config)# [no] interface subif <interface> <subid>
tnsr(config)# [no] interface tap <host-name>
tnsr(config)# [no] ipsec tunnel <tunnel-num>
tnsr(config)# [no] lldp system-name <system-name>
tnsr(config)# [no] lldp tx-hold <transmit-hold>
tnsr(config)# [no] lldp tx-interval <transmit-interval>
tnsr(config)# [no] macip <macip-name>
tnsr(config)# nacm (enable|disable)
tnsr(config)# no nacm enable
tnsr(config)# [no] nacm exec-default (deny|permit)
tnsr(config)# [no] nacm group <group-name>
tnsr(config)# [no] nacm read-default (deny|permit)
tnsr(config)# [no] nacm rule-list <rule-list-name>
tnsr(config)# [no] nacm write-default (deny|permit)
tnsr(config)# [no] nat deterministic mapping inside <inside-prefix> outside <outside-prefix>
tnsr(config)# [no] nat global-options nat44 forwarding (true|false)
tnsr(config)# [no] nat ipfix logging [domain <domain-id>] [src-port <src-port>]
tnsr(config)# [no] nat nat64 map <domain-name>
tnsr(config)# [no] nat nat64 map parameters
tnsr(config)# [no] nat pool (addresses <ip-first> [- <ip-last>]|interface <if-name>)
                   [twice-nat] [route-table <rt-tbl-name>]
tnsr(config)# [no] nat reassembly (ipv4|ipv6)
tnsr(config)# [no] nat static mapping (icmp|udp|tcp) local <ip-local> [<port-local>]
                   external (<ip-external>|<if-name>) [<port-external>]
                   [twice-nat] [out-to-in-only] [route-table <rt-tbl-name>]
tnsr(config)# [no] neighbor <interface> <ip-address> <mac-address> [no-adj-route-table-entry]
tnsr(config)# ntp (enable|disable)
tnsr(config)# no ntp enable
tnsr(config)# [no] ntp server
tnsr(config)# [no] route dynamic access-list <access-list-name>
tnsr(config)# route dynamic bgp
tnsr(config)# route dynamic manager
tnsr(config)# [no] route dynamic prefix-list <prefix-list-name>
tnsr(config)# [no] route dynamic route-map <route-map-name> (permit|deny) sequence <sequence>
tnsr(config)# no route dynamic route-map [<route-map-name> [(permit|deny) sequence <sequence>]]
tnsr(config)# [no] route (ipv4|ipv6) table <route-table-name>
tnsr(config)# service (backend|bgp|dataplane|dhcp|http|ike|ntp|restconf|unbound)
                 coredump (enable|disable)
tnsr(config)# service bgp (start|stop|restart|status)
tnsr(config)# service dataplane (start|stop|restart|status)
tnsr(config)# service dhcp (start|stop|reload|status) [dhcp4|dhcp6|dhcp_ddns]
tnsr(config)# service http (start|stop|restart|status)
tnsr(config)# service ntp (start|stop|restart|status)
tnsr(config)# service unbound (start|stop|status|restart|reload)
tnsr(config)# [no] span <if-name-src>
tnsr(config)# [no] sysctl vm nr_hugepages <u64>
tnsr(config)# [no] sysctl vm max_map_count <u64>
tnsr(config)# [no] sysctl kernel shmmem <u64>
tnsr(config)# [no] system contact <text>
tnsr(config)# [no] system description <text>
tnsr(config)# [no] system location <text>
tnsr(config)# [no] system name <text>
tnsr(config)# [no] unbound server
tnsr(config)# unbound (enable|disable)
tnsr(config)# no unbound enable
tnsr(config)# [no] vxlan <vxlan-name>

Show Commands in Both Master and Config Modes

tnsr# show acl [<acl-name>]
tnsr# show bfd
tnsr# show bfd keys [conf-key-id <conf-key-id>]
tnsr# show bfd sessions [conf-key-id <conf-key-id> | peer-ip-addr <peer-addr>]
tnsr# show cli
tnsr# show clock
tnsr# show configuration (candidate|running|startup) [xml|json]
tnsr# show counters [<interface>]
tnsr# show dataplane cpu threads
tnsr# show dslite
tnsr# show gre [<tunnel-name>]
tnsr# show host interface (acl|bonding|counters|ipv4|ipv6|link|mac|nat)
tnsr# show http [<config-file>]
tnsr# show interface [<if-name>] [(acl|bonding|counters|ipv4|ipv6|link|mac|nat)]

tnsr# show interface bridge domain [<bdi>]
tnsr# show interface loopback [<loopback-name>]
tnsr# show interface memif [<id>]
tnsr# show interface bond [<id>]
tnsr# show interface lacp [<if-name>]
tnsr# show interface tap
tnsr# show ipsec tunnel [<tunnel_number> [child|ike|verbose]]
tnsr# show kea [keactrl|dhcp4] [config-file]
tnsr# show macip [<macip-name>]
tnsr# show map [<map-domain-name>]
tnsr# show nacm [group [<group-name>] | rule-list [<rule-list-name>]]
tnsr# show nat [config|deterministic-mappings|interface-sides|reassembly|static-mappings]
tnsr# show nat dynamic (addresses|interfaces)
tnsr# show nat sessions [verbose]
tnsr# show neighbor [interface <if-name>]
tnsr# show ntp [(associations|peers) [associd <id>]]
tnsr# show ntp config-file
tnsr# show packet-counters
tnsr# show route dynamic access-list [<access-list-name>]
tnsr# show route dynamic bgp as-path [<as-path-name>]
tnsr# show route dynamic bgp community-list [<community-list-name>]
tnsr# show route dynamic bgp config [<as-number>]
tnsr# show route dynamic bgp neighbors [[<peer>] [advertised-routes|dampened-routes|
        flap-statistics|prefix-counts|received|received-routes|routes]]
tnsr# show route dynamic bgp network <prefix>
tnsr# show route dynamic bgp nexthop [detail]
tnsr# show route dynamic bgp peer-group <peer-group-name>
tnsr# show route dynamic bgp summary
tnsr# show route dynamic manager
tnsr# show route dynamic prefix-list [<prefix-list-name>]
tnsr# show route dynamic route-map [<route-map-name>]
tnsr# show route [table <route-table-name>]
tnsr# show span
tnsr# show sysctl
tnsr# show system
tnsr# show unbound [config-file]
tnsr# show version
tnsr# show vxlan [<vxlan-name>]

Access Control List Modes

Enter Access Control List Mode

tnsr(config)# acl <acl-name>
tnsr(config-acl)#

Access Control List Mode Commands

tnsr(config-acl)# rule <seq-number>

Remove Access Control List

tnsr(config)# no acl <acl-name>

Enter ACL Rule Mode

tnsr(config-acl)# rule <seq-number>
tnsr(config-acl-rule)#

ACL Rule Mode Commands

tnsr(config-acl-rule)# action (deny|permit|reflect)
tnsr(config-acl-rule)# ip-version (ipv4|ipv6)
tnsr(config-acl-rule)# no action [deny|permit|reflect]
tnsr(config-acl-rule)# destination address <ip-prefix>
tnsr(config-acl-rule)# no destination address [<ip-prefix>]
tnsr(config-acl-rule)# [no] destination port (any|<first> [- <last>])
tnsr(config-acl-rule)# [no] icmp type (any|<type-first> [- <type-last>])
tnsr(config-acl-rule)# [no] icmp code (any|<code-first> [- <code-last>])
tnsr(config-acl-rule)# [no] protocol (icmp|udp|tcp)
tnsr(config-acl-rule)# source address <ip-prefix>
tnsr(config-acl-rule)# no source address [<ip-prefix>]
tnsr(config-acl-rule)# [no] source port (any|<first> [- <last>])
tnsr(config-acl-rule)# [no] tcp flags mask <mask> value <value>
tnsr(config-acl-rule)# [no] tcp flags value <value> mask <mask>

Remove ACL Rule

tnsr(config-acl)# no rule <seq>

MACIP ACL Mode

Enter MACIP ACL Mode

tnsr(config)# macip <macip-name>
tnsr(config-macip)#

MACIP ACL Mode Commands

tnsr(config-macip)# rule <seq>

Remove MACIP ACL

tnsr(config-macip)# no macip <macip-name>

Enter MACIP ACL Rule Mode

tnsr(config-macip)# rule <seq-number>
tnsr(config-macip-rule)#

MACIP Rule Mode Commands

tnsr(config-macip-rule)# action (deny|permit)
tnsr(config-macip-rule)# no action [deny|permit]
tnsr(config-macip-rule)# ip-version (ipv4|ipv6)
tnsr(config-macip-rule)# address <ip-prefix>
tnsr(config-macip-rule)# no address [<ip-prefix>]
tnsr(config-macip-rule)# mac address <mac-address> [mask <mac-mask>]
tnsr(config-macip-rule)# mac mask <mac-mask> [address <mac-address>]
tnsr(config-macip-rule)# no mac
tnsr(config-macip-rule)# no mac address [<mac-address>] [mask [<mac-mask>]]
tnsr(config-macip-rule)# no mac mask [<mac-mask>] [address [<mac-address>]]

Remove MACIP ACL Rule

tnsr(config-macip)# no rule <seq-number>

GRE Mode

Enter GRE Mode

tnsr(config)# gre <gre-name>
tnsr(config-gre)#

GRE Mode Commands

tnsr(config-gre)# encapsulation route-table <rt-table-name>
tnsr(config-gre)# instance <id>
tnsr(config-gre)# destination <ip-address>
tnsr(config-gre)# source <ip-address>
tnsr(config-gre)# tunnel-type erspan session-id <session-id>
tnsr(config-gre)# tunnel-type (l3|teb)

Remove GRE Instance

tnsr(config)# no gre <gre-name>

HTTP mode

Enter HTTP mode

tnsr(config)# http server
tnsr(config-http)#

HTTP Mode Commands

tnsr(config-http)# authentication client-certificate-ca <cert-name>
tnsr(config-http)# authentication type (client-certificate|password|none)
tnsr(config-http)# enable restconf
tnsr(config-http)# disable restconf
tnsr(config-http)# server certificate <cert-name>

Remove http Configuration

tnsr(config)# no http server

Interface Mode

Enter Interface mode

tnsr(config)# interface <if-name>
tnsr(config-interface)#

Interface Mode Commands

tnsr(config-interface)# access-list (input|output) acl <acl-name> sequence <number>
tnsr(config-interface)# access-list macip <macip-name>
tnsr(config-interface)# no access-list
tnsr(config-interface)# no access-list acl <acl-name>
tnsr(config-interface)# no access-list macip [<macip-name>]
tnsr(config-interface)# no access-list [(input|output) [acl <acl-name> [sequence <number>]]]
tnsr(config-interface)# bond <instance> [long-timeout] [passive]
tnsr(config-interface)# [no] bond <instance>
tnsr(config-interface)# bridge domain <bridge-domain-id> [bvi <bvi>] [shg <shg>]
tnsr(config-interface)# description <string-description>
tnsr(config-interface)# [no] dhcp client ipv4 [hostname <host-name>]
tnsr(config-interface)# disable
tnsr(config-interface)# [no] enable
tnsr(config-interface)# [no] ip address <ip-prefix>
tnsr(config-interface)# [no] ip nat (inside|outside)
tnsr(config-interface)# [no] ip route-table <route-table-name-ipv4>
tnsr(config-interface)# [no] ipv6 address <ipv6-prefix>
tnsr(config-interface)# [no] ipv6 route-table <route-table-name-ipv6>
tnsr(config-interface)# lldp port-name <port-name>
tnsr(config-interface)# lldp management ipv4 <ip-address>
tnsr(config-interface)# lldp management ipv6 <ipv6-address>
tnsr(config-interface)# lldp management oid <oid>
tnsr(config-interface)# map (disable|enable|translate)
tnsr(config-interface)# no map (enable|translate)
tnsr(config-interface)# mac-address <mac-address>
tnsr(config-interface)# mtu <mtu>
tnsr(config-interface)# vlan tag-rewrite (disable|pop-1|pop-2)
tnsr(config-interface)# vlan tag-rewrite push-1 (dot1ad|dot1q) <tag1>
tnsr(config-interface)# vlan tag-rewrite push-2 (dot1ad|dot1q) <tag1> <tag2>
tnsr(config-interface)# vlan tag-rewrite (translate-1-1|translate-2-1) (dot1ad|dot1q) <tag1>
tnsr(config-interface)# vlan tag-rewrite (translate-1-2|translate-2-2) (dot1ad|dot1q) <tag1> <tag2>

Remove Interface

tnsr(config)# no interface <if-name>

Loopback Mode

Enter Loopback Mode

tnsr(config)# interface loopback <loopback-name>
tnsr(config-loopback)#

Loopback Mode Commands

tnsr(config-loopback)# instance <u16>
tnsr(config-loopback)# mac-address <mac-addr>
tnsr(config-loopback)# description <rest>

Remove Loopback interface

tnsr(config)# no interface <loop<n>>
tnsr(config)# no interface loopback <loopback-name>

Bridge Mode

Enter Bridge Mode

tnsr(config)# interface bridge <bdi>
tnsr(config-bridge)#

Bridge Mode commands

tnsr(config-bridge)# [no] arp entry ip <ip-addr> mac <mac-addr>
tnsr(config-bridge)# [no] arp term
tnsr(config-bridge)# [no] flood
tnsr(config-bridge)# [no] forward
tnsr(config-bridge)# [no] learn
tnsr(config-bridge)# [no] mac-age <mins>
tnsr(config-bridge)# [no] rewrite
tnsr(config-bridge)# [no] uu-flood

Remove Bridge

tnsr(config)# no interface bridge <bdi>

NAT Commands in Configure Mode

tnsr(config)# [no] nat static mapping (icmp|udp|tcp)
               local <ip> [<port>]
               external (<ip>|<if-name>) [<port>]
               [twice-nat] [out-to-in-only]
               [route-table <rt-tbl-name>]
tnsr(config)# [no] nat ipfix logging [domain <domain-id>] [src-port <port>]
tnsr(config)# [no] nat pool address <ip-first> [- <ip-last>] [twice-nat]
tnsr(config)# [no] nat pool interface <if-name> [twice-nat]

NAT Reassmbly Mode

Enter NAT Reassmbly Mode

tnsr(config)# nat reassembly (ipv4|ipv6)
tnsr(config-nat-reassembly)#

NAT Reassmbly Mode Commands

tnsr(config-nat-reassembly)# concurrent-reassemblies <max-reassemblies>
tnsr(config-nat-reassembly)# disable
tnsr(config-nat-reassembly)# enable
tnsr(config-nat-reassembly)# fragments <max-fragments>
tnsr(config-nat-reassembly)# timeout <seconds>

DS-Lite Commands in Configure Mode

tnsr(config)# dslite aftr endpoint <ip6-address>
tnsr(config)# dslite b4 endpoint <ip6-address>
tnsr(config)# dslite pool address <ipv4-addr-first> [- <ipv4-addr-last>]

Tap Mode

Enter Tap Mode

tnsr(config)# interface tap <tap-name>
tnsr(config-tap)#

Tap Mode commands

tnsr(config-tap)# [no] host bridge <bridge-name>
tnsr(config-tap)# [no] host ipv4 gateway <ipv4-addr>
tnsr(config-tap)# [no] host ipv4 prefix <ipv4-prefix>
tnsr(config-tap)# [no] host ipv6 gateway <ipv6-addr>
tnsr(config-tap)# [no] host ipv6 prefix <ipv6-prefix>
tnsr(config-tap)# [no] host mac-address <host-mac-address>
tnsr(config-tap)# [no] host name-space <netns>
tnsr(config-tap)# [no] instance <instance>
tnsr(config-tap)# [no] mac-address <mac-address>
tnsr(config-tap)# [no] rx-ring-size <size>
tnsr(config-tap)# [no] tx-ring-size <size>

Remove Tap

tnsr(config)# no interface tap <tap-name>

BFD Key Mode

Enter BFD Key Mode

tnsr(config)# bfd conf-key-id <conf-key-id>
tnsr(config-bfdkey)#

BFD Key Mode Commands

tnsr(config-bfdkey)# authentication type (keyed-sha1|meticulous-keyed-sha1)
tnsr(config-bfdkey)# secret < (<hex-pair>)[1-20] >

Remove BFD Key Configuration

tnsr(config)# no bfd conf-key-id <conf-key-id>

BFD Mode

Enter BFD Mode

tnsr(config)# bfd session <bfd-session>
tnsr(config-bfd)#

BFD Mode Commands

tnsr(config-bfd)# [no] bfd-key-id <bfd-key-id>
tnsr(config-bfd)# [no] conf-key-id <conf-key-id>
tnsr(config-bfd)# delayed (true|false)
tnsr(config-bfd)# desired-min-tx <microseconds>
tnsr(config-bfd)# detect-multiplier <n-packets>
tnsr(config-bfd)# disable
tnsr(config-bfd)# [no] enable
tnsr(config-bfd)# interface <if-name>
tnsr(config-bfd)# local address <ip-address>
tnsr(config-bfd)# peer address <ip-address>
tnsr(config-bfd)# remote address <ip-address>
tnsr(config-bfd)# required-min-rx <microseconds>

Remove BFD Configuration

tnsr(config)# no bfd session <bfd-session>

Change BFD Admin State

tnsr# bfd session <bfd-session>
tnsr(config-bfd)# disable
tnsr(config-bfd)# [no] enable
tnsr(config-bfd)#

Change BFD Authentication

tnsr(config)# bfd session <bfd-session>
tnsr(config-bfd)# bfd-key-id <bfd-key-id>
tnsr(config-bfd)# conf-key-id <conf-key-id>
tnsr(config-bfd)# delayed (true|false)

Host Interface Mode

Enter Host Interface Mode

tnsr(config)# host interface <if-name>
tnsr(config-host-if)#

Host Interface Mode Commands

tnsr(config-host-if)# [no] description <rest>
tnsr(config-host-if)# disable
tnsr(config-host-if)# [no] enable
tnsr(config-host-if)# [no] ip address <ipv4-prefix>
tnsr(config-host-if)# [no] ipv6 address <ipv6-prefix>
tnsr(config-host-if)# mtu <mtu-value>

Remove Host Interface

tnsr(config)# no host interface <if-name>

IPsec Tunnel Mode

Enter IPsec Tunnel Mode

tnsr(config)# ipsec tunnel <tunnel-num>
tnsr(config-ipsec-tun)#

IPsec Tunnel Mode Commands

tnsr(config-ipsec-tun)# crypto config-type (ike|manual)
tnsr(config-ipsec-tun)# crypto (ike|manual)
tnsr(config-ipsec-tun)# [no] local-address <ip-address>
tnsr(config-ipsec-tun)# [no] remote-address (<ip-address>|<hostname>)

Remove IPsec Tunnel

tnsr(config)# no ipsec tunnel <tunnel-num>

IKE mode

Enter IKE mode

tnsr(config-ipsec-tun)# crypto ike
tnsr(config-ipsec-crypto-ike)#

IKE Mode Commands

tnsr(config-ipsec-crypto-ike)# [no] authentication (local|remote)
tnsr(config-ipsec-crypto-ike)# [no] child <name>
tnsr(config-ipsec-crypto-ike)# [no] identity (local|remote)
tnsr(config-ipsec-crypto-ike)# lifetime <seconds>
tnsr(config-ipsec-crypto-ike)# no lifetime
tnsr(config-ipsec-crypto-ike)# [no] proposal <number>
tnsr(config-ipsec-crypto-ike)# version (0|1|2)
tnsr(config-ipsec-crypto-ike)# no version

Remove IKE configuration

tnsr(config-ipsec-tun)# no crypto ike

IKE Peer Authentication Mode

Enter IKE Peer Authentication Mode

tnsr(config-ipsec-crypto-ike)# authentication (local|remote)
tnsr(config-ike-auth)#

IKE Peer Authentication Mode Commands

tnsr(config-ike-auth)# [no] round (1|2)

Remove IKE Peer Authentication Configuration

tnsr(config-ipsec-crypto-ike)# no authentication (local|remote)

IKE Peer Authentication Round Mode

Enter IKE Peer Authentication Round Mode

tnsr(config-ike-auth)# round (1|2)
tnsr(config-ike-auth-round)#

IKE Peer Authentication Round Mode Commands

tnsr(config-ike-auth-round)# type psk
tnsr(config-ike-auth-round)# no type
tnsr(config-ike-auth-round)# psk <pre-shared-key>
tnsr(config-ike-auth-round)# no psk

Remove IKE Peer Authentication Round Configuration

tnsr(config-ike-auth)# no round (1|2)

IKE Child SA Mode

Enter IKE Child SA Mode

tnsr(config-ipsec-crypto-ike)# child <name>
tnsr(config-ike-child)#

IKE Child SA Mode Commands

tnsr(config-ike-child)# lifetime <seconds>
tnsr(config-ike-child)# no lifetime
tnsr(config-ike-child)# [no] proposal <number>

Remove IKE Child SA

tnsr(config-ipsec-crypto-ike)# no child <name>

IKE Child SA Proposal Mode

Enter IKE Child SA Proposal Mode

tnsr(config-ike-child)# proposal <number>
tnsr(config-ike-child-proposal)#

IKE Child SA Proposal Mode Commands

tnsr(config-ike-child-proposal)# encryption <crypto-algorithm>
tnsr(config-ike-child-proposal)# no encryption
tnsr(config-ike-child-proposal)# integrity <integrity-algorithm>
tnsr(config-ike-child-proposal)# no integrity
tnsr(config-ike-child-proposal)# group <pfs-group>
tnsr(config-ike-child-proposal)# no group
tnsr(config-ike-child-proposal)# sequence-number (esn|noesn)
tnsr(config-ike-child-proposal)# no sequence-number

Remove IKE Child SA Proposal

tnsr(config-ike-child)# no proposal <number>

IKE Peer Identity Mode

Enter IKE Peer Identity Mode

tnsr(config-ipsec-crypto-ike)# identity (local|remote)
tnsr(config-ike-identity)#

IKE Peer Identity Mode Commands

tnsr(config-ike-identity)# type (none|address|email|fqdn|dn|key-id)
tnsr(config-ike-identity)# no type
tnsr(config-ike-identity)# value <identity>
tnsr(config-ike-identity)# no value

Remove IKE Peer Identity Configuration

tnsr(config-ipsec-crypto-ike)# no identity (local|remote)

IKE Proposal Mode

Enter IKE Proposal Mode

tnsr(config-ipsec-crypto-ike)# proposal <number>
tnsr(config-ike-proposal)#

IKE Proposal Mode Commands

tnsr(config-ike-proposal)# encryption <crypto-algorithm>
tnsr(config-ike-proposal)# no encryption
tnsr(config-ike-proposal)# integrity <integrity-algorithm>
tnsr(config-ike-proposal)# no integrity
tnsr(config-ike-proposal)# prf <prf-algorithm>
tnsr(config-ike-proposal)# no prf
tnsr(config-ike-proposal)# group <diffie-hellman-group>
tnsr(config-ike-proposal)# no group

Remove IKE Proposal Configuration

tnsr(config-ipsec-crypto-ike)# no proposal <number>

Map Mode

Enter Map Mode

tnsr(config)# nat nat64 map <domain-name>

Map Mode Commands

tnsr(config-map)# [no] description <desc>
tnsr(config-map)# [no] embedded-address bit-length <ea-width>
tnsr(config-map)# [no] ipv4 prefix <ip4-prefix>
tnsr(config-map)# [no] ipv6 prefix <ip6-prefix>
tnsr(config-map)# [no] ipv6 source <ip6-src>
tnsr(config-map)# [no] mtu <mtu-val>
tnsr(config-map)# [no] port-set length <psid-length>
tnsr(config-map)# [no] port-set offset <psid-offset>
tnsr(config-map)# [no] rule port-set <psid> ipv6-destination <ip6-address>

Remove Map Entry

tnsr(config)# [no] nat nat64 map <domain-name>

Map Parameters Mode

Enter Map Parameters Mode

tnsr(config)# nat nat64 map parameters

Map Parameters Mode Commands

tnsr(config-map-param)# [no] fragment (inner|outer)
tnsr(config-map-param)# [no] fragment ignore-df
tnsr(config-map-param)# [no] icmp source-address <ipv4-address>
tnsr(config-map-param)# [no] icmp6 unreachable-msgs (disable|enable)
tnsr(config-map-param)# [no] pre-resolve (ipv4|ipv6) next-hop <ip46-address>
tnsr(config-map-param)# [no] reassembly (ipv4|ipv6) (buffers|ht-ratio|lifetime|pool-size) <value>
tnsr(config-map-param)# [no] security-check (disable|enable)
tnsr(config-map-param)# [no] security-check fragments (disable|enable)
tnsr(config-map-param)# [no] traffic-class copy (disable|enable)
tnsr(config-map-param)# [no] traffic-class tc <tc-value>

memif Mode

Enter memif Mode

tnsr(config)# interface memif interface <id>
tnsr(config-memif)#

memif mode Commands

tnsr(config-memif)# buffer-size <u16>
tnsr(config-memif)# mac-address <mac-addr>
tnsr(config-memif)# mode (ethernet|ip|punt/inject)
tnsr(config-memif)# ring-size <power-of-2>
tnsr(config-memif)# role master
tnsr(config-memif)# role slave [rx-queues <u8>|tx-queues <u8>]
tnsr(config-memif)# secret <string-24>
tnsr(config-memif)# socket-id <socket-id>

Remove memif Interface

tnsr(config)# no interface memif interface <id>

Dynamic Routing Access List Mode

Enter Dynamic Routing Access List Mode

tnsr(config)# route dynamic access-list <access-list-name>
tnsr(config-access-list)#

Dynamic Routing Access List Mode Commands

tnsr(config-access-list)# [no] remark <rest>
tnsr(config-access-list)# rule <seq#> (permit|deny) <ip-prefix>
tnsr(config-access-list)# no rule <seq#> [(permit|deny) [<ip-prefix>]]

Remove Dynamic Routing Access List

tnsr(config)# no route dynamic access-list <access-list-name>

Dynamic Routing Prefix List Mode

Enter Dynamic Routing Prefix List Mode

tnsr(config)# route dynamic prefix-list <pl-name>
tnsr(config-pref-list)#

Dynamic Routing Prefix List Mode Commands

tnsr(config-pref-list)# [no] sequence <seq> [(permit|deny) [le <upper-bound>] [ge <lower-bound>]]
tnsr(config-pref-list)# descripton <desc...>

Remove Dynamic Routing Prefix List

tnsr(config)# no route dynamic prefix-list <pl-name>

Dynamic Routing Route Map Rule Mode

Enter Dynamic Routing Route Map Rule Mode

tnsr(config)# route dynamic route-map <route-map-name> (permit|deny) sequence <sequence>
tnsr(config-rt-map)#

Dynamic Routing Route Map Mode Commands

tnsr(config-rt-map)# [no] description <string>

tnsr(config-rt-map)# [no] match as-path <as-path-name>
tnsr(config-rt-map)# [no] match community <comm-list-name> [exact-match]
tnsr(config-rt-map)# [no] match extcommunity <extcomm-list-name>
tnsr(config-rt-map)# [no] match interface <if-name>
tnsr(config-rt-map)# [no] match ip address access-list <access-list-name>
tnsr(config-rt-map)# [no] match ip address prefix-list <prefix-list-name>
tnsr(config-rt-map)# [no] match ip next-hop access-list <access-list-name>
tnsr(config-rt-map)# [no] match ip next-hop <ipv4-address>
tnsr(config-rt-map)# [no] match ip next-hop prefix-list <prefix-list-name>
tnsr(config-rt-map)# [no] match ipv6 address access-list <access-list-name>
tnsr(config-rt-map)# [no] match ipv6 address prefix-list <prefix-list-name>
tnsr(config-rt-map)# [no] match large-community <large-comm-list-name>
tnsr(config-rt-map)# [no] match local-preference <preference-uint32>
tnsr(config-rt-map)# [no] match metric <metric-uint32>
tnsr(config-rt-map)# [no] match origin (egp|igp|incomplete)
tnsr(config-rt-map)# [no] match peer <peer-ip-address>
tnsr(config-rt-map)# [no] match probability <percent>
tnsr(config-rt-map)# [no] match source-protocol <src-protocol>
tnsr(config-rt-map)# [no] match tag <value-(1-4294967295)>

tnsr(config-rt-map)# [no] set aggregator as <asn> ip address <ipv4-address>
tnsr(config-rt-map)# [no] set as-path exclude <string-of-as-numbers>
tnsr(config-rt-map)# [no] set as-path prepend <string-of-as-numbers>
tnsr(config-rt-map)# [no] set as-path prepend last-as <asn>
tnsr(config-rt-map)# [no] set atomic-aggregate
tnsr(config-rt-map)# [no] set community none
tnsr(config-rt-map)# [no] set community <community-value> [additive]
tnsr(config-rt-map)# [no] set comm-list <community-list-name> delete
tnsr(config-rt-map)# [no] set extcommunity (rt|soo) <extcommunity-list-name>
tnsr(config-rt-map)# [no] set forwarding-address <ipv6-address>
tnsr(config-rt-map)# [no] set ip next-hop <ipv4-address>|peer-address|unchanged
tnsr(config-rt-map)# [no] set ipv4 vpn next-hop (<ipv4-address>|<ipv6-address>)
tnsr(config-rt-map)# [no] set ipv6 next-hop global <ipv6-address>
tnsr(config-rt-map)# [no] set ipv6 next-hop local <ipv6-address>
tnsr(config-rt-map)# [no] set ipv6 next-hop peer-address
tnsr(config-rt-map)# [no] set ipv6 next-hop prefer-global
tnsr(config-rt-map)# [no] set ipv6 vpn next-hop (<ipv4-address>|<ipv6-address>)
tnsr(config-rt-map)# [no] set label-index <label>
tnsr(config-rt-map)# [no] set large-community none
tnsr(config-rt-map)# [no] set large-community <large-community-value> [additive]
tnsr(config-rt-map)# [no] set large-comm-list <large-comm-list-name> delete
tnsr(config-rt-map)# [no] set local-preference <preference>
tnsr(config-rt-map)# [no] set metric <metric-uint32>
tnsr(config-rt-map)# [no] set origin (egp|igp|unknown)
tnsr(config-rt-map)# [no] set originator <ipv4-addr>
tnsr(config-rt-map)# [no] set src <ip-address>
tnsr(config-rt-map)# [no] set tag <tag-(1-4294967295)>
tnsr(config-rt-map)# [no] set weight <weight>

tnsr(config-rt-map)# [no] call <rt-map-name>

tnsr(config-rt-map)# [no] on-match next
tnsr(config-rt-map)# [no] on-match goto <sequence>

Remove Dynamic Routing Route Map

tnsr(config-rt-map)# no route dynamic route-map <route-map-name>

Remove Dynamic Routing Route Map Rule

tnsr(config-rt-map)# no route dynamic route-map <route-map-name> [permit|deny] sequence <sequence>

Dynamic Routing Route Map Notes

  • <src-protocol> is one of:

    • bgp - BGP protocol

    • connected - Routes from directly connected peer

    • kernel - Routes from kernel

    • static - Statically configured routes

    • system - Routes from system configuration

Dynamic Routing BGP Mode

Enter Dynamic Routing BGP Mode

tnsr(config)# route dynamic bgp
tnsr(config-frr-bgp)#

Dynamic Routing BGP Mode Commands

tnsr(config-frr-bgp)# [no] as-path <as-path-name>
tnsr(config-frr-bgp)# clear * [soft]
tnsr(config-frr-bgp)# [no] community-list <comm-list-name> (standard|expanded)
                                  [extended|large]
tnsr(config-frr-bgp)# disable
tnsr(config-frr-bgp)# [no] enable
tnsr(config-frr-bgp)# [no] option debug (allow-martians|nht|update-groups)
tnsr(config-frr-bgp)# [no] option debug as4 [segment]
tnsr(config-frr-bgp)# [no] option debug bestpath <ipv6-prefix>
tnsr(config-frr-bgp)# [no] option debug keepalive [<peer>]
tnsr(config-frr-bgp)# [no] option debug neighbor-events [<peer>]
tnsr(config-frr-bgp)# [no] option debug updates
                                  [in <peer>|out <peer>|prefix (<ipv4-prefix>|<ipv6-prefix>)]
tnsr(config-frr-bgp)# [no] option debug zebra [prefix (<ipv4-prefix>|<ipv6-prefix>)]
tnsr(config-frr-bgp)# [no] server <asn>
tnsr(config-frr-bgp)# [no] route-map delay-timer <interval-sec>
tnsr(config-frr-bgp)# neighbor <if-name> <ip-address> <mac-address>
                                  [no-adj-route-table-entry]
tnsr(config-frr-bgp)# no neighbor <if-name> [<ip-address>
                                  [<mac-address> [no-adj-route-table-entry]]]

Dynamic Routing BGP Server Mode

Enter Dynamic Routing BGP Server Mode

tnsr(config-frr-bgp)# server <asn>
tnsr(config-bgp)#

Dynamic Routing BGP Server Mode Commands

tnsr(config-bgp)# [no] address-family (ipv4|ipv6) (unicast|multicast|vpn|labeled-unicast)
tnsr(config-bgp)# [no] address-family (vpnv4|vpnv6) unicast
tnsr(config-bgp)# [no] address-family <l2vpn evpn>
tnsr(config-bgp)# [no] always-compare-med
tnsr(config-bgp)# [no] bestpath as-path (confed|ignore|multipath-relax [as-set|no-as-set])
tnsr(config-bgp)# [no] bestpath compare-routerid
tnsr(config-bgp)# [no] bestpath med [confed|missing-as-worst]
tnsr(config-bgp)# [no] client-to-client reflection
tnsr(config-bgp)# [no] coalesce-time <uint32>
tnsr(config-bgp)# [no] cluster-id (<ipv4>|<(1..4294967295)>)
tnsr(config-bgp)# [no] confederation identifier <ASN>
tnsr(config-bgp)# [no] confederation peer <ASN>
tnsr(config-bgp)# [no] deterministic-med
tnsr(config-bgp)# [no] disable-ebgp-connected-route-check
tnsr(config-bgp)# [no] enforce-first-as
tnsr(config-bgp)# [no] listen limit <1-5000>
tnsr(config-bgp)# [no] listen range (<ip4-prefix>|<ip6-prefx>) peer-group <peer-group-name>
tnsr(config-bgp)# [no] max-med administrative [<med-value>]
tnsr(config-bgp)# [no] max-med on-startup period <secs-(5-86400)> [<med-value>]
tnsr(config-bgp)# [no] neighbor <peer>
tnsr(config-bgp)# [no] network import-check
tnsr(config-bgp)# [no] route-reflector allow-outbound-policy
tnsr(config-bgp)# [no] router-id <A.B.C.D>
tnsr(config-bgp)# [no] timers keep-alive <interval> hold-time <hold-time>
tnsr(config-bgp)# [no] update-delay <delay>
tnsr(config-bgp)# [no] write-quanta <num-of-packets>

Remove Dynamic Routing BGP Server

tnsr(config-frr-bgp)# no server <asn>

Dynamic Routing BGP Neighbor Mode

Enter Dynamic Routing BGP Neighbor Mode

tnsr(config-bgp)# neighbor <peer>
tnsr(config-bgp-neighbor)#

Dynamic Routing BGP Neighbor Mode Commands

tnsr(config-bgp-neighbor)# [no] advertisement-interval <interval-sec-0-600>
tnsr(config-bgp-neighbor)# [no] bfd [mutiplier <detect-multiplier-2-255> receive <rx-50-60000>
                                  transmit <tx-50-60000>]
tnsr(config-bgp-neighbor)# [no] capability (dynamic|extended-nexthop)
tnsr(config-bgp-neighbor)# [no] disable-connected-check
tnsr(config-bgp-neighbor)# [no] description <string>
tnsr(config-bgp-neighbor)# disable
tnsr(config-bgp-neighbor)# [no] dont-capability-negotiate
tnsr(config-bgp-neighbor)# [no] ebgp-multihop [hop-maximum <max-hop-count-1-255>]
tnsr(config-bgp-neighbor)# [no] enable
tnsr(config-bgp-neighbor)# [no] enforce-multihop
tnsr(config-bgp-neighbor)# [no] local-as <asn> [no-prepend [replace-as]]
tnsr(config-bgp-neighbor)# [no] override-capability
tnsr(config-bgp-neighbor)# [no] passive
tnsr(config-bgp-neighbor)# [no] password <line>
tnsr(config-bgp-neighbor)# [no] peer-group [<peer-group-name>]
tnsr(config-bgp-neighbor)# [no] port <port>
tnsr(config-bgp-neighbor)# [no] remote-as <asn>
tnsr(config-bgp-neighbor)# [no] solo
tnsr(config-bgp-neighbor)# [no] strict-capability-match
tnsr(config-bgp-neighbor)# [no] timers keepalive <interval-0-65535> holdtime <hold-0-65535>
tnsr(config-bgp-neighbor)# [no] timers connect <bgp-connect-1-65535>
tnsr(config-bgp-neighbor)# [no] ttl-security hops <n-hops>
tnsr(config-bgp-neighbor)# [no] update-source (<ifname>|<ip-address>)

Remove Dynamic Routing BGP Neighbor

tnsr(config-bgp)# no neighbor <peer>

Dynamic Routing BGP Address Family Mode

Enter Dynamic Routing BGP Address Family Mode

tnsr(config-bgp)# address-family ipv4 unicast
tnsr(config-bgp-ip4uni)#
tnsr(config-bgp)# address-family ipv4 multicast
tnsr(config-bgp-ip4multi)#
tnsr(config-bgp)# address-family ipv6 unicast
tnsr(config-bgp-ip6uni)#
tnsr(config-bgp)# address-family ipv6 multicast
tnsr(config-bgp-ip6multi)#

Dynamic Routing BGP IPv4 Unicast Address Family Mode Commands

tnsr(config-bgp-ip4uni)# [no] aggregate-address <ipv4-prefix> [as-set] [summary-only]
tnsr(config-bgp-ip4uni)# [no] distance external <extern> internal <intern> local <local>
tnsr(config-bgp-ip4uni)# [no] distance administrative <dist> prefix <ipv4-prefix>
                                access-list <access-list-name>
tnsr(config-bgp-ip4uni)# [no] maximum-paths <non-ibgp-paths> [igbp <ibgp-paths>
                                [equal-cluster-length]]
tnsr(config-bgp-ip4uni)# [no] neighbor <existing-neighbor>
tnsr(config-bgp-ip4uni)# [no] network <ipv4-prefix> [route-map <route-map>] [label-index <index>]
tnsr(config-bgp-ip4uni)# [no] redistribute <route-source> [metric <val>|route-map <rt-map>]
tnsr(config-bgp-ip4uni)# [no] redistribute table id <kernel-table-id> [metric <val>|
                                route-map <route-map-name>]
tnsr(config-bgp-ip4uni)# [no] table-map <route-map-name>

Dynamic Routing BGP IPv4 Multicast Address Family Mode Commands

tnsr(config-bgp-ip4multi)# [no] aggregate-address <ipv4-prefix> [as-set] [summary-only]
tnsr(config-bgp-ip4multi)# [no] distance external <extern> internal <intern> local <local>
tnsr(config-bgp-ip4multi)# [no] distance administrative <dist> prefix <ipv4-prefix>
                                access-list <access-list-name>
tnsr(config-bgp-ip4multi)# [no] neighbor <existing-neighbor>
tnsr(config-bgp-ip4multi)# [no] network <ipv4-prefix> [route-map <route-map>] [label-index <index>]
tnsr(config-bgp-ip4multi)# [no] table-map <route-map-name>

Dynamic Routing BGP IPv6 Unicast Address Family Mode Commands

tnsr(config-bgp-ip6uni)# [no] aggregate-address <ipv4-prefix> [as-set] [summary-only]
tnsr(config-bgp-ip6uni)# [no] distance external <extern> internal <intern> local <local>
tnsr(config-bgp-ip6uni)# [no] distance administrative <dist> prefix <ipv4-prefix>
                                access-list <access-list-name>
tnsr(config-bgp-ip6uni)# [no] maximum-paths <non-ibgp-paths> [igbp <ibgp-paths>
                                [equal-cluster-length]]
tnsr(config-bgp-ip6uni)# [no] neighbor <existing-neighbor>
tnsr(config-bgp-ip6uni)# [no] network <ipv4-prefix> [route-map <route-map>] [label-index <index>]
tnsr(config-bgp-ip6uni)# [no] redistribute <route-source> [metric <val>|route-map <rt-map>]
tnsr(config-bgp-ip6uni)# [no] redistribute table id <kernel-table-id> [metric <val>|
                                route-map <route-map-name>]
tnsr(config-bgp-ip6uni)# [no] table-map <route-map-name>

Dynamic Routing BGP IPv6 Multicast Address Family Mode Commands

tnsr(config-bgp-ip6multi)# [no] distance external <extern> internal <intern> local <local>
tnsr(config-bgp-ip6multi)# [no] distance administrative <dist> prefix <ipv4-prefix>
                                access-list <access-list-name>
tnsr(config-bgp-ip6multi)# [no] neighbor <existing-neighbor>
tnsr(config-bgp-ip6multi)# [no] network <ipv4-prefix> [route-map <route-map>] [label-index <index>]

Remove Dynamic Routing BGP Address Family

tnsr(config-bgp)# no address-family (ipv4|ipv6) (unicast|multicast)

Dynamic Routing BGP Notes

  • <peer> == IP address

  • <asn> == uint32? uint16?

  • <weight> == uint32?

  • <n-hops> == [1 .. max TTL]

  • <route-source> == kernel|static|connected|rip

Dynamic Routing BGP Address Family Neighbor Mode

Note

Though the samples below indicate IPv4 unicast, the same syntax is used for all address families.

Enter Dynamic Routing BGP Address Family Neighbor Mode

tnsr(config-bgp-ip4uni)# neighbor <existing-neighbor>
tnsr(config-bgp-ip4uni-nbr)#

Dynamic Routing BGP Address Family Neighbor Mode Commands

tnsr(config-bgp-ip4uni-nbr)# [no] activate
tnsr(config-bgp-ip4uni-nbr)# [no] addpath-tx-all-paths
tnsr(config-bgp-ip4uni-nbr)# [no] addpath-tx-bestpath-per-as
tnsr(config-bgp-ip4uni-nbr)# [no] allowas-in [<occurence-1-10>|<origin>]
tnsr(config-bgp-ip4uni-nbr)# [no] as-override
tnsr(config-bgp-ip4uni-nbr)# [no] attribute-unchanged [as-path|next-hop|med]
tnsr(config-bgp-ip4uni-nbr)# [no] capability orf prefix-list (send|receive|both)
tnsr(config-bgp-ip4uni-nbr)# [no] default-originate [route-map <route-map>]
tnsr(config-bgp-ip4uni-nbr)# [no] distribute-list <access-list-name> (in|out)
tnsr(config-bgp-ip4uni-nbr)# [no] filter-list <access-list-name> (in|out)
tnsr(config-bgp-ip4uni-nbr)# [no] maximum-prefix limit <val-1-4294967295>
tnsr(config-bgp-ip4uni-nbr)# [no] maximum-prefix restart <val-1-65535>
tnsr(config-bgp-ip4uni-nbr)# [no] maximum-prefix threshold <val-1-100>
tnsr(config-bgp-ip4uni-nbr)# [no] maximum-prefix warning-only
tnsr(config-bgp-ip4uni-nbr)# [no] next-hop-self [force]
tnsr(config-bgp-ip4uni-nbr)# [no] prefix-list <prefix-list-name> (in|out)
tnsr(config-bgp-ip4uni-nbr)# [no] remove-private-AS [all] [replace-AS]
tnsr(config-bgp-ip4uni-nbr)# [no] route-map <name> (in|out)
tnsr(config-bgp-ip4uni-nbr)# [no] route-reflector-client
tnsr(config-bgp-ip4uni-nbr)# [no] route-server-client
tnsr(config-bgp-ip4uni-nbr)# [no] send-community (standard|large|extended)
tnsr(config-bgp-ip4uni-nbr)# [no] soft-reconfiguration inbound
tnsr(config-bgp-ip4uni-nbr)# [no] unsuppress-map <route-map>
tnsr(config-bgp-ip4uni-nbr)# [no] weight <weight>

Remove Dynamic Routing BGP Address Family Neighbor

tnsr(config-bgp-ip4uni)# no neighbor <existing-neighbor>

Dynamic Routing BGP Community List Mode

Enter Dynamic Routing BGP Community List Mode

tnsr(config-frr-bgp)# community-list <cl-name> (standard|expanded) [extended|large]
tnsr(config-community)#

Dynamic Routing BGP Community List Mode Commands

tnsr(config-community)# description <desc...>
tnsr(config-community)# sequence <seq> (permit|deny) <community-value>
tnsr(config-community)# no description [<desc...>]
tnsr(config-community)# no sequence <seq> [(permit|deny) <community-value>]

Remove Dynamic Routing BGP Community List

tnsr(config-frr-bgp)# no community-list <cl-name> (standard|expanded) [extended|large]

Dynamic Routing BGP AS Path Mode

Enter Dynamic Routing BGP AS Path Mode

tnsr(config-frr-bgp)# as-path <as-path-name>
tnsr(config-aspath)#

Dynamic Routing BGP AS Path Mode Commands

tnsr(config-aspath)# [no] rule <seq> (permit|deny) <pattern>

Remove Dynamic Routing BGP AS Path

tnsr(config-frr-bgp)# no as-path <as-path-name>

Dynamic Routing Manager Mode

Enter Dynamic Routing Manager Mode

tnsr(config)# route dynamic manager
tnsr(config-route-dynamic-manager)#

Dynamic Routing Manager Mode Commands

tnsr(config-route-dynamic-manager)# [no] debug (events|fpm|nht)
tnsr(config-route-dynamic-manager)# [no] debug kernel [msgdump [send|receive]]
tnsr(config-route-dynamic-manager)# [no] debug packet [send|receive] [detailed]
tnsr(config-route-dynamic-manager)# [no] debug rib [detailed]
tnsr(config-route-dynamic-manager)# [no] log file <filename> [<level>]
tnsr(config-route-dynamic-manager)# [no] log syslog [<level>]

IPv4 Route Table Mode

Enter IPv4 Route Table Mode

tnsr(config)# route ipv4 table <route-table-name>
tnsr(config-route-table-v4)#

IPv4 Route Table Mode Commands

tnsr(config-route-table-v4)# description <rest-of-line>
tnsr(config-route-table-v4)# [no] route <destination-prefix>

Remove IPv4 Route Table

tnsr(config-route-table-v4)# no route ipv4 table <route-table-name>

IPv6 Route Table Mode

Enter IPv6 Route Table Mode

tnsr(config)# route ipv6 table <route-table-name>
tnsr(config-route-table-v6)#

IPv6 Route Table Mode Commands

tnsr(config-route-table-v6)# description <rest-of-line>
tnsr(config-route-table-v6)# [no] route <destination-prefix>

Remove IPv6 Route Table

tnsr(config-route-table-v6)# no route ipv6 table <route-table-name>

IPv4 or IPv6 Next Hop Mode

Enter IPv4 or IPv6 Next Hop Mode

tnsr(config-route-table-v46)# route <destination-prefix>
tnsr(config-rttbl46-next-hop)#

IPv4 or IPv6 Next Hop Mode Commands

tnsr(config-rttbl46-next-hop)# [no] description <rest-of-line>
tnsr(config-rttbl46-next-hop)# [no] next-hop <hop-id> via <ip46-addr>
                                   [<if-name>|<next-hop-table <route-table-name>>]
                                   [weight <multi-path-weight>]
                                   [preference <admin-preference>]
                                   [resolve-via-host] [resolve-via-attached]

tnsr(config-rttbl46-next-hop)# [no] next-hop <hop-id> via drop
tnsr(config-rttbl46-next-hop)# [no] next-hop <hop-id> via local
tnsr(config-rttbl46-next-hop)# [no] next-hop <hop-id> via null-send-unreach
tnsr(config-rttbl46-next-hop)# [no] next-hop <hop-id> via null-send-prohibit
tnsr(config-rttbl46-next-hop)# [no] next-hop <hop-id> classify <classify-table-name>
tnsr(config-rttbl46-next-hop)# [no] next-hop <hop-id> lookup [in] route-table <route-table-name>

Remove IPv4 or IPv6 Next Hop

tnsr(config-rttbl46-next-hop)# no next-hop <hop-id>

SPAN Mode

Enter SPAN Mode

tnsr(config)# span <if-name-src>
tnsr(config-span)#

SPAN Mode Commands

tnsr(config-span)# onto <if-name-dst> (hw|l2) (rx|tx|both|disabled)

Remove Single SPAN Destination

tnsr(config-span)# no onto <if-name-dst> [(hw|l2)]

Remove SPAN

tnsr(config)# no span <if-name-src>

VXLAN Mode

Enter VXLAN Mode

tnsr(config)# vxlan <tunnel-name>
tnsr(config-vxlan)#

VXLAN Mode Commands

tnsr(config-vxlan)# [no] destination <ip-addr>
tnsr(config-vxlan)# [no] encapsulation (ipv4|ipv6) route-table <rt-table-name>
tnsr(config-vxlan)# [no] instance <id>
tnsr(config-vxlan)# [no] multicast interface <if-name>
tnsr(config-vxlan)# [no] source <ip-addr>
tnsr(config-vxlan)# [no] vni <u24>

Remove VXLAN Tunnel

tnsr(config)# no vxlan [<tunnel-name>]

User Authentication Configuration Mode

Enter User Authentication Configuration Mode

tnsr(config)# auth user <user-name>
tnsr(config-user)#

User Authentication Mode Commands

tnsr(config-user)# [no] password <user-password>
tnsr(config-user)# [no] user-keys <key-name>

Remove User

tnsr(config)# no auth user <user-name>

NTP Configuration Mode

Enter NTP Configuration Mode

tnsr(config)# ntp server
tnsr(config-ntp)#

NTP Mode Commands

tnsr(config-ntp)# disable monitor
tnsr(config-ntp)# enable monitor
tnsr(config-ntp)# driftfile <file-path>
tnsr(config-ntp)# interface sequence <seq> (drop|ignore|listen)
                    (all|interface <if-name>|prefix <ip-prefix>)
tnsr(config-ntp)# logconfig sequence <seq> (add|delete|set)
                    (all|clock|peer|sync|sys) (all|events|info|statistics|status)
tnsr(config-ntp)# restrict (default|host <fqdn>|prefix <ip-prefix>|source)
tnsr(config-ntp)# server (address <ip-address>|host <fqdn>)
tnsr(config-ntp)# statsdir <directory-path>
tnsr(config-ntp)# tinker panic <n-secs>
tnsr(config-ntp)# tos orphan <stratum>

Remove NTP Server

tnsr(config)# no ntp server

NTP Restrict Mode

Enter NTP Restrict Mode

tnsr(config-ntp)# restrict (default|host <fqdn>|prefix <ip-prefix>|source)

NTP Restrict Mode Commands

tnsr(config-ntp-restrict)# kod
tnsr(config-ntp-restrict)# limited
tnsr(config-ntp-restrict)# nomodify
tnsr(config-ntp-restrict)# nopeer
tnsr(config-ntp-restrict)# noquery
tnsr(config-ntp-restrict)# noserve
tnsr(config-ntp-restrict)# notrap

Remove NTP Restriction

tnsr(config-ntp)# no restrict (default|host <fqdn>|prefix <ip-prefix>|source)

NTP Upstream Server Mode

Enter NTP Upstream Server Mode

tnsr(config-ntp)# server (address <ip-address>|host <fqdn>)

NTP Upstream Server Mode Commands

tnsr(config-ntp-server)# iburst
tnsr(config-ntp-server)# maxpoll <power-of-2-sec>
tnsr(config-ntp-server)# noselect
tnsr(config-ntp-server)# operational-mode (pool|server)
tnsr(config-ntp-server)# prefer

Remove NTP Upstream Server

tnsr(config-ntp)# no server (address <ip-address>|host <fqdn>)

NACM Group Mode

Enter NACM Group Mode

tnsr(config)# nacm group <group-name>
tnsr(config-nacm-group)#

NACM Group Mode Commands

tnsr(config-nacm-group)# [no] member <user-name>

Remove NACM Group

tnsr(config)# no nacm group <group-name>

NACM Rule-list Mode

Enter NACM Rule-list Mode

tnsr(config)# nacm rule-list <rule-list-name>
tnsr(config-nacm-rule-list)#

NACM Rule-list Mode Commands

tnsr(config-nacm-rule-list)# [no] group (*|<group-name>)
tnsr(config-nacm-rule-list)# [no] rule <rule-name>

Remove NACM Rule-list

tnsr(config)# no nacm rule-list <rule-list-name>

NACM Rule Mode

Enter NACM Rule Mode

tnsr(config-nacm-rule-list)# rule <rule-name>
tnsr(config-nacm-rule)#

NACM Rule Mode Commands

tnsr(config-nacm-rule)# [no] access-operations (*|create|read|update|delete|exec)
tnsr(config-nacm-rule)# [no] action (deny|permit)
tnsr(config-nacm-rule)# [no] module (*|<module-name>)
tnsr(config-nacm-rule)# [no] comment <rest>
tnsr(config-nacm-rule)# [no] rpc (*|<rpc-name>)
tnsr(config-nacm-rule)# [no] notification (*|<notification-name>)
tnsr(config-nacm-rule)# [no] path <node-id>

Remove NACM Rule

tnsr(config-nacm-rule-list)# no rule <rule-name>

DHCP IPv4 Server Config Mode

Enter DHCP IPv4 Server Mode

tnsr(config)# [no] dhcp4 server
tnsr(config)# dhcp4 {disable|enable}
tnsr(config)# no dhcp4 enable
tnsr(config-kea-dhcp4)#

DHCP IPv4 Server Mode Commands

tnsr(config-kea-dhcp4)# [no] decline-probation-period <seconds>
tnsr(config-kea-dhcp4)# [no] description <desc>
tnsr(config-kea-dhcp4)# [no] echo-client-id <boolean>
tnsr(config-kea-dhcp4)# [no] interface listen <if-name>
tnsr(config-kea-dhcp4)# [no] interface listen *
tnsr(config-kea-dhcp4)# [no] interface socket (raw|udp)
tnsr(config-kea-dhcp4)# [no] lease filename <filename>
tnsr(config-kea-dhcp4)# [no] lease lfc-interval <seconds>
tnsr(config-kea-dhcp4)# [no] lease persist <boolean>
tnsr(config-kea-dhcp4)# [no] logging <logger-name>
tnsr(config-kea-dhcp4)# [no] match-client-id <boolean>
tnsr(config-kea-dhcp4)# [no] next-server <ipv4-address>
tnsr(config-kea-dhcp4)# [no] option <dhcp4-option>
tnsr(config-kea-dhcp4)# [no] rebind-timer <seconds>
tnsr(config-kea-dhcp4)# [no] renew-timer <seconds>
tnsr(config-kea-dhcp4)# [no] valid-lifetime <seconds>

Remove DHCP IPv4 Server Configuration

tnsr(config)# no dhcp4 server

DHCP4 Subnet4 Mode

Enter DHCP4 Subnet4 Mode

tnsr(config-kea-dhcp4)# subnet <ipv4-prefix>
tnsr(config-kea-subnet4)#

DHCP4 Subnet4 Mode Commands

tnsr(config-kea-subnet4)# [no] id <uint32>
tnsr(config-kea-subnet4)# [no] option <dhcp4-option>
tnsr(config-kea-subnet4)# [no] pool <ipv4-prefix>|<ipv4-range>
tnsr(config-kea-subnet4)# [no] interface <if-name>

Remove DHCP4 IPv4 Subnet4 Configuration

tnsr(config-kea-dhcp4)# no subnet <ipv4-prefix>|<ipv4-range>

DHCP4 Subnet4 Pool Mode

Enter DHCP4 Subnet4 Pool Mode

tnsr(config-kea-subnet4)# pool <ipv4-prefix>|<ipv4-range>
tnsr(config-kea-subnet4-pool)#

DHCP4 Subnet4 Pool Mode Commands

tnsr(config-kea-subnet4-pool)# [no] option <dhcp4-option>

Remove DHCP4 IPv4 Subnet4 Pool

tnsr(config-kea-subnet4)# no pool <ipv4-prefix>|<ipv4-range>

DHCP4 Subnet4 Reservation Mode

Enter DHCP4 Subnet4 Reservation Mode

tnsr(config-kea-subnet4)# reservation <ipv4-address>
tnsr(config-kea-subnet4-reservation)#

DHCP4 Subnet4 Reservation Mode Commands

tnsr(config-kea-subnet4-reservation)# [no] hostname <hostname>
tnsr(config-kea-subnet4-reservation)# [no] mac-address <mac-address>
tnsr(config-kea-subnet4-reservation)# [no] option <dhcp4-option>

Remove DHCP4 IPv4 Subnet4 Reservation

tnsr(config-kea-subnet4)# no reservation <ipv4-address>

Kea DHCP4, Subnet4, Pool, or Reservation Option Mode

Enter DHCP4 Option Mode

tnsr(config-kea-*)# option <dhcp4-option>
tnsr(config-kea-*-opt)#

DHCP4 Option Mode Commands

tnsr(config-kea-*-opt)# [no] always-send <boolean>
tnsr(config-kea-*-opt)# [no] csv-format <boolean>
tnsr(config-kea-*-opt)# [no] data <option-data>
tnsr(config-kea-*-opt)# [no] space <space-name>

Remove DHCP4 Option Configuration

tnsr(config-kea-*)# no option <dhcp4-option>

Unbound Server Mode

Enter Unbound Server Mode

tnsr(config)# unbound server
tnsr(config-unbound)#

Unbound Server Mode Commands

tnsr(config-unbound)# disable (caps-for-id | harden (dnssec-stripped|glue) |
                        hide (version|identity) | ip4 | ip6 | message prefetch |
                        serve-expired | tcp | udp)
tnsr(config-unbound)# edns reassembly size <s>
tnsr(config-unbound)# enable (caps-for-id | harden (dnssec-stripped|glue) |
                        hide (version|identity) | ip4 | ip6 | message prefetch |
                        serve-expired | tcp | udp)
tnsr(config-unbound)# forward-zone <zone-name>
tnsr(config-unbound)# host cache (num-hosts <num> | slabs <s> | ttl <t>)
tnsr(config-unbound)# interface <ip4-address>
tnsr(config-unbound)# jostle timeout <t>
tnsr(config-unbound)# key cache slabs <s>
tnsr(config-unbound)# message cache (size <s> | slabs <s>)
tnsr(config-unbound)# port outgoing range <n>
tnsr(config-unbound)# rrset cache (size <s> | slabs <s>)
tnsr(config-unbound)# rrset-message cache ttl (minimum <min> | maximum <max>)
tnsr(config-unbound)# socket receive-buffer size <s>
tnsr(config-unbound)# tcp buffers (incoming <n> | outgoing <n>)
tnsr(config-unbound)# thread (num-queries <n> | num-threads <n> |
                        unwanted-reply-threshold <threshold>)
tnsr(config-unbound)# verbosity <level-0..5>

Remove Unbound Server

tnsr(config)# no unbound server

Unbound Forward-Zone Mode

Enter Unbound Forward-Zone Mode

tnsr(config-unbound)# forward-zone <zone-name>
tnsr(config-unbound-fwd-zone)#

Unbound Forward-Zone Mode Commands

tnsr(config-unbound-fwd-zone)# disable (forward-first | forward-tls-upstream)
tnsr(config-unbound-fwd-zone)# enable (forward-first | forward-tls-upstream)
tnsr(config-unbound-fwd-zone)# nameserver address <ip-address> [port <port>] [auth-name <name>]
tnsr(config-unbound-fwd-zone)# nameserver host <host-name>

Remove Unbound Forward-Zone Zone

tnsr(config-unbound)# no forward-zone <zone-name>

Subif Mode

Enter Subif Mode

tnsr(config)# interface subif <if-name> <subid>
tnsr(config-subif)#

Subif Mode Commands

tnsr(config-subif)# default
tnsr(config-subif)# dot1q (<outer-vlan-id>|any)
tnsr(config-subif)# exact-match
tnsr(config-subif)# inner-dot1q (inner-vlan-id>|any)
tnsr(config-subif)# outer-dot1ad (<outer-vlan-id>|any)
tnsr(config-subif)# outer-dot1q (<outer-vlan-id>|any)

Remove Subif

tnsr(config)# no interface subif <if-name> <subid>

Bond Mode

Enter Bond Mode

tnsr(config)# interface bond <instance>
tnsr(config-bond)#

Bond Mode Commands

tnsr(config-bond)# [no] load-balance (l2|l23|l34)
tnsr(config-bond)# [no] mode (round-robin|active-backup|xor|broadcast|lacp)
tnsr(config-bond)# [no] mac-address <mac-address>

Remove Bond

tnsr(config)# no interface bond <instance>

Host ACL Mode

Enter Host ACL Mode

tnsr(config)# host acl <acl-name>
tnsr(config-host-acl)#

Host ACL Mode Commands

tnsr(config-host-acl)# [no] description <text>
tnsr(config-host-acl)# [no] rule <rule-seq>
tnsr(config-host-acl)# [no] sequence <acl-seq>

Remove Host ACL

tnsr(config)# no host acl <acl-name>

Host ACL Rule Mode

Enter Host ACL Rule Mode

tnsr(config-host-acl)# rule <rule-seq>
tnsr(config-host-acl-rule)#

Host ACL Rule Mode Commands

tnsr(config-host-acl-rule)# [no] action (deny|permit)
tnsr(config-host-acl-rule)# [no] description <text>
tnsr(config-host-acl-rule)# [no] match input-interface <host-interface>
tnsr(config-host-acl-rule)# [no] match ip address (source|destination) <ip-addr>
tnsr(config-host-acl-rule)# [no] match ip icmp type
                              (address-mask-reply|address-mask-request|destination-unreachable|
                               echo-reply|echo-request|info-reply|info-request|parameter-problem|
                               redirect|router-advertisement|router-solicitation|source-quench|
                               time-exceeded|timestamp-reply|timestamp-request) [code <code>]
tnsr(config-host-acl-rule)# [no] match ip icmpv6 type
                              (destination-unreachable|echo-reply|echo-request|
                               mld-listener-query|mld-listener-reduction|mld-listener-report|
                               nd-neighbor-advert|nd-neighbor-solicit|nd-redirect|
                               nd-router-advert|nd-router-solicit|packet-too-big|
                               parameter-problem|router-renumbering|time-exceeded) [code <code>]
tnsr(config-host-acl-rule)# [no] match ip port (source|destination) <port-num>
tnsr(config-host-acl-rule)# [no] match ip port (source|destination) range start <low-port-num>
                              [end <high-port-num>]
tnsr(config-host-acl-rule)# [no] match ip protocol (icmp|tcp|udp)
tnsr(config-host-acl-rule)# [no] match ip tcp flag (ack|cwr|ece|fin|psh|rst|syn|urg)
tnsr(config-host-acl-rule)# [no] match ip version (4|6)
tnsr(config-host-acl-rule)# [no] match mac address (source|destination) <mac>

Remove Host ACL Rule

tnsr(config-host-acl)# no rule <rule-seq>