Vyatta Ip Services Ref Vc5 V03

Notes:	Hide Notes

Slide 1: Title VYATTA, INC. \| Vyatta System IP Services REFERENCE GUIDE SSH Telnet DHCP DNS NAT Web Caching Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and Canada) Slide 2: Copyright COPYRIGHT Copyright © 2005–2009 Vyatta, Inc. All rights reserved. Vyatta reserves the right to make changes to software, hardware, and documentation without notice. For the most recent version of documentation, visit the Vyatta web site at vyatta.com. PROPRIETARY NOTICES Vyatta is a registered trademark of Vyatta, Inc. VMware, VMware ESX, and VMware server are trademarks of VMware, Inc. All other trademarks are the property of their respective owners. ISSUE DATE: February 2009 DOCUMENT REVISION. VC5 v03 RELEASED WITH: VC5.0.2 PART NO. A0-0114-10-0002 Slide 3: iii Table of Contents Quick Reference to Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii Quick List of Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Organization of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Advisory Paragraphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Typographic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Vyatta Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii Chapter 1 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 SSH Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 service ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 service ssh allow-root <state> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 service ssh port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 service ssh protocol-version <version> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Chapter 2 Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Telnet Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Telnet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 service telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 service telnet allow-root <state> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 service telnet port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 telnet <address> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Chapter 3 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Slide 4: iv clear dhcp client process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 clear dhcp lease ip <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 clear dhcp leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 service dhcp-relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 service dhcp-relay interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 service dhcp-relay relay-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 service dhcp-relay server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 service dhcp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 service dhcp-server disabled <state> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 service dhcp-server shared-network-name <name> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 service dhcp-server shared-network-name <name> subnet <ipv4net> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 service dhcp-server shared-network-name <name> subnet <ipv4net> authoritative <state> . . . . . . . . . . . . . . . . . 36 service dhcp-server shared-network-name <name> subnet <ipv4net> bootfile-name <bootfile> . . . . . . . . . . . . . . 38 service dhcp-server shared-network-name <name> subnet <ipv4net> client-prefix-length <prefix> . . . . . . . . . . . . 40 service dhcp-server shared-network-name <name> subnet <ipv4net> default-router <ipv4> . . . . . . . . . . . . . . . . . 42 service dhcp-server shared-network-name <name> subnet <ipv4net> dns-server <ipv4> . . . . . . . . . . . . . . . . . . . . 44 service dhcp-server shared-network-name <name> subnet <ipv4net> domain-name <domain-name> . . . . . . . . . 46 service dhcp-server shared-network-name <name> subnet <ipv4net> exclude <ipv4> . . . . . . . . . . . . . . . . . . . . . . 48 service dhcp-server shared-network-name <name> subnet <ipv4net> failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 service dhcp-server shared-network-name <name> subnet <ipv4net> failover local-address <ipv4> . . . . . . . . . . . . 52 service dhcp-server shared-network-name <name> subnet <ipv4net> failover name <peer-name> . . . . . . . . . . . . 54 service dhcp-server shared-network-name <name> subnet <ipv4net> failover peer-address <ipv4> . . . . . . . . . . . . 56 service dhcp-server shared-network-name <name> subnet <ipv4net> failover status <status> . . . . . . . . . . . . . . . . 58 service dhcp-server shared-network-name <name> subnet <ipv4net> ip-forwarding enable <state> . . . . . . . . . . . 60 service dhcp-server shared-network-name <name> subnet <ipv4net> lease <seconds> . . . . . . . . . . . . . . . . . . . . . 62 service dhcp-server shared-network-name <name> subnet <ipv4net> ntp-server <ipv4> . . . . . . . . . . . . . . . . . . . . 64 service dhcp-server shared-network-name <name> subnet <ipv4net> pop-server <ipv4> . . . . . . . . . . . . . . . . . . . . 66 service dhcp-server shared-network-name <name> subnet <ipv4net> server-identifier <ipv4> . . . . . . . . . . . . . . . . 68 service dhcp-server shared-network-name <name> subnet <ipv4net> smtp-server <ipv4> . . . . . . . . . . . . . . . . . . . 70 service dhcp-server shared-network-name <name> subnet <ipv4net> start <ipv4> stop <ipv4> . . . . . . . . . . . . . . . 72 service dhcp-server shared-network-name <name> subnet <ipv4net> static-mapping . . . . . . . . . . . . . . . . . . . . . . 74 service dhcp-server shared-network-name <name> subnet <ipv4net> static-route destination-subnet <ipv4net> . . 76 service dhcp-server shared-network-name <name> subnet <ipv4net> static-route router <ipv4> . . . . . . . . . . . . . . 78 service dhcp-server shared-network-name <name> subnet <ipv4net> tftp-server-name <servername> . . . . . . . . . 80 service dhcp-server shared-network-name <name> subnet <ipv4net> time-offset <seconds> . . . . . . . . . . . . . . . . 82 service dhcp-server shared-network-name <name> subnet <ipv4net> time-server <ipv4> . . . . . . . . . . . . . . . . . . . 84 service dhcp-server shared-network-name <name> subnet <ipv4net> wins-server <ipv4> . . . . . . . . . . . . . . . . . . . 86 service dhcp-server shared-network-name <name> subnet <ipv4net> wpad-url <url> . . . . . . . . . . . . . . . . . . . . . . 88 show dhcp client leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 show dhcp leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 show dhcp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Chapter 4 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 DNS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 IP Services Rel VC5 v. 03 Vyatta Slide 5: v DNS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 System DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 DNS Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 DNS Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Configuring Access to a Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Configuring Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Configuring DNS Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Statically Configured Entries and DNS Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 clear dns forwarding all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 clear dns forwarding cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 service dns dynamic interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 service dns dynamic interface <interface> service <service> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 service dns dynamic interface <interface> service <service> host-name <hostname> . . . . . . . . . . . . . . . . . . . . . . 113 service dns dynamic interface <interface> service <service> login <service-login> . . . . . . . . . . . . . . . . . . . . . . . . 115 service dns dynamic interface <interface> service <service> password <service-password> . . . . . . . . . . . . . . . . . 117 service dns forwarding cache-size <size> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 service dns forwarding dhcp <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 service dns forwarding listen-on <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 service dns forwarding name-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 service dns forwarding system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 show dns dynamic status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 show dns forwarding nameservers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 show dns forwarding statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 update dns dynamic interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Chapter 5 NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 NAT Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 NAT Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Benefits of NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Types of NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Interaction Between NAT, Routing, Firewall, and DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Interaction between NAT and Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Concepts for Configuring NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 NAT Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 NAT Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Filters: Protocols, Source, and Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Address Conversion: “Inside” and “Outside” Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 IP Services Rel VC5 v. 03 Vyatta Slide 6: vi “Inbound” and “Outbound” Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 NAT Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Source NAT (One-to-One) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Source NAT (Many-to-One) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Source NAT (Many-to-Many) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Source NAT (One-to-Many) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Masquerade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Destination NAT (One-to-One) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Destination NAT (One-to-Many) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Bi-Directional NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Masquerade NAT and VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 clear nat counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 clear nat translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 service nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 service nat rule <rule-num> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 service nat rule <rule-num> destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 service nat rule <rule-num> exclude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 service nat rule <rule-num> inbound-interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 service nat rule <rule-num> inside-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 service nat rule <rule-num> outbound-interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 service nat rule <rule-num> outside-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 service nat rule <rule-num> protocol <protocol> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 service nat rule <rule-num> source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 service nat rule <rule-num> type <type> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 show nat rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 show nat statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Chapter 6 Web Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Web Caching Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Web Caching Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Web Caching Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Configuring Web Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Web Caching Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 service webproxy cache-size <size> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 service webproxy default-port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 service webproxy disable-access-log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 service webproxy listen-address <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 service webproxy listen-address <ipv4> disable-transparent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 service webproxy listen-address <ipv4> port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 IP Services Rel VC5 v. 03 Vyatta Slide 7: vii Glossary of Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 IP Services Rel VC5 v. 03 Vyatta Slide 8: viii Quick Reference to Commands Use this section to help you quickly locate a command. clear dhcp client process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 clear dhcp lease ip <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 clear dhcp leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 clear dns forwarding all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 clear dns forwarding cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 clear nat counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 clear nat translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 service dhcp-relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 service dhcp-relay interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 service dhcp-relay relay-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 service dhcp-relay server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 service dhcp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 service dhcp-server disabled <state> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 service dhcp-server shared-network-name <name> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 service dhcp-server shared-network-name <name> subnet <ipv4net> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 service dhcp-server shared-network-name <name> subnet <ipv4net> authoritative <state> . . . . . . . . . . . . . . . . . . . . . 36 service dhcp-server shared-network-name <name> subnet <ipv4net> bootfile-name <bootfile> . . . . . . . . . . . . . . . . . . 38 service dhcp-server shared-network-name <name> subnet <ipv4net> client-prefix-length <prefix> . . . . . . . . . . . . . . . . 40 service dhcp-server shared-network-name <name> subnet <ipv4net> default-router <ipv4> . . . . . . . . . . . . . . . . . . . . . 42 service dhcp-server shared-network-name <name> subnet <ipv4net> dns-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . 44 service dhcp-server shared-network-name <name> subnet <ipv4net> domain-name <domain-name> . . . . . . . . . . . . . 46 service dhcp-server shared-network-name <name> subnet <ipv4net> exclude <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . 48 service dhcp-server shared-network-name <name> subnet <ipv4net> failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 service dhcp-server shared-network-name <name> subnet <ipv4net> failover local-address <ipv4> . . . . . . . . . . . . . . . 52 service dhcp-server shared-network-name <name> subnet <ipv4net> failover name <peer-name> . . . . . . . . . . . . . . . . 54 service dhcp-server shared-network-name <name> subnet <ipv4net> failover peer-address <ipv4> . . . . . . . . . . . . . . . 56 service dhcp-server shared-network-name <name> subnet <ipv4net> failover status <status> . . . . . . . . . . . . . . . . . . . 58 service dhcp-server shared-network-name <name> subnet <ipv4net> ip-forwarding enable <state> . . . . . . . . . . . . . . . 60 service dhcp-server shared-network-name <name> subnet <ipv4net> lease <seconds> . . . . . . . . . . . . . . . . . . . . . . . . . 62 service dhcp-server shared-network-name <name> subnet <ipv4net> ntp-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . 64 service dhcp-server shared-network-name <name> subnet <ipv4net> pop-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . 66 service dhcp-server shared-network-name <name> subnet <ipv4net> server-identifier <ipv4> . . . . . . . . . . . . . . . . . . . 68 Slide 9: ix service dhcp-server shared-network-name <name> subnet <ipv4net> smtp-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . 70 service dhcp-server shared-network-name <name> subnet <ipv4net> start <ipv4> stop <ipv4> . . . . . . . . . . . . . . . . . . 72 service dhcp-server shared-network-name <name> subnet <ipv4net> static-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . 74 service dhcp-server shared-network-name <name> subnet <ipv4net> static-route destination-subnet <ipv4net> . . . . . 76 service dhcp-server shared-network-name <name> subnet <ipv4net> static-route router <ipv4> . . . . . . . . . . . . . . . . . 78 service dhcp-server shared-network-name <name> subnet <ipv4net> tftp-server-name <servername> . . . . . . . . . . . . . 80 service dhcp-server shared-network-name <name> subnet <ipv4net> time-offset <seconds> . . . . . . . . . . . . . . . . . . . . 82 service dhcp-server shared-network-name <name> subnet <ipv4net> time-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . 84 service dhcp-server shared-network-name <name> subnet <ipv4net> wins-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . 86 service dhcp-server shared-network-name <name> subnet <ipv4net> wpad-url <url> . . . . . . . . . . . . . . . . . . . . . . . . . . 88 service dns dynamic interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 service dns dynamic interface <interface> service <service> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 service dns dynamic interface <interface> service <service> host-name <hostname> . . . . . . . . . . . . . . . . . . . . . . . . . . 113 service dns dynamic interface <interface> service <service> login <service-login> . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 service dns dynamic interface <interface> service <service> password <service-password> . . . . . . . . . . . . . . . . . . . . . 117 service dns forwarding cache-size <size> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 service dns forwarding dhcp <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 service dns forwarding listen-on <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 service dns forwarding name-server <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 service dns forwarding system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 service nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 service nat rule <rule-num> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 service nat rule <rule-num> destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 service nat rule <rule-num> exclude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 service nat rule <rule-num> inbound-interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 service nat rule <rule-num> inside-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 service nat rule <rule-num> outbound-interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 service nat rule <rule-num> outside-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 service nat rule <rule-num> protocol <protocol> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 service nat rule <rule-num> source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 service nat rule <rule-num> type <type> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 service ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 service ssh allow-root <state> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 service ssh port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 service ssh protocol-version <version> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 service telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 service telnet allow-root <state> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 service telnet port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 service webproxy cache-size <size> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 service webproxy default-port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 service webproxy disable-access-log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 service webproxy listen-address <ipv4> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 service webproxy listen-address <ipv4> disable-transparent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 service webproxy listen-address <ipv4> port <port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 IP Services Rel VC5 v. 03 Vyatta Slide 10: x show dhcp client leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 show dhcp leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 show dhcp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 show dns dynamic status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 show dns forwarding nameservers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 show dns forwarding statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 show nat rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 show nat statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 telnet <address> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 update dns dynamic interface <interface> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 IP Services Rel VC5 v. 03 Vyatta Slide 11: xi Quick List of Examples Use this list to help you locate examples you’d like to try or look at. Example 2-2 “telnet 192.168.1.77”: Displaying the Telnet session being established . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Example 3-1 ”show dhcp leases” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Example 3-2 ”show dhcp statistics” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Example 4-5 Displaying information for hosts configured for DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Example 4-6 Displaying DNS forwarding name server information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Example 4-7 Displaying DNS forwarding statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Example 5-1 Creating a NAT rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Example 5-2 Creating a source NAT (SNAT) rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Example 5-3 Filtering packets by protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Example 5-4 Filtering packets by source address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Example 5-5 Filtering packets by source network address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Example 5-6 Filtering packets by destination address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Example 5-7 Setting an inside IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Example 5-8 Setting a range of inside addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Example 5-9 Setting an outside address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Example 5-10 Setting a range of outside addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Example 5-11 Setting the inbound interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Example 5-12 Setting the outbound interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Example 5-23 Single NAT exclusion rule: correct behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Example 5-24 Multiple NAT exclusion rules: unexpected behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Example 5-25 Single NAT exclusion rule: correct behavior - using exclude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Example 5-26 Multiple NAT exclusion rules: expected behavior - using exclude . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Slide 12: xii IP Services Rel VC5 v. 03 Vyatta Slide 13: xiii Preface This guide explains how to deploy IP services on the Vyatta system. It describes the available commands and provides configuration examples. This preface provides information about using this guide. The following topics are covered: • • • • Intended Audience Organization of This Guide Document Conventions Vyatta Publications Slide 14: Intended Audience xiv Intended Audience This guide is intended for experienced system and network administrators. Depending on the functionality to be used, readers should have specific knowledge in the following areas: • • • • • • Networking and data communications TCP/IP protocols General router configuration Routing protocols Network administration Network security Organization of This Guide This guide has the following aid to help you find the information you are looking for: • Quick Reference to Commands Use this section to help you quickly locate a command. • Quick List of Examples Use this list to help you locate examples you’d like to try or look at. This guide has the following chapters and appendixes: Chapter Chapter 1: SSH Description This chapter explains how to set up Secure Shell (SSH) access on the Vyatta system. This chapter explains how to set up Telnet access on the Vyatta system. This chapter describes how to implement DHCP on the Vyatta system. This chapter explains how to use Domain Name System (DNS) on the Vyatta system. This chapter explains how to set up network address translation (NAT) on the Vyatta system. This chapter explains how to set up web caching on the Vyatta system. Page 1 Chapter 2: Telnet 9 Chapter 3: DHCP 17 Chapter 4: DNS 94 Chapter 5: NAT 135 Chapter 6: Web Caching 197 IP Services Rel VC5 v. 03 Vyatta Slide 15: Document Conventions xv Glossary of Acronyms 210 Document Conventions This guide contains advisory paragraphs and uses typographic conventions. Advisory Paragraphs This guide uses the following advisory paragraphs: Warnings alert you to situations that may pose a threat to personal safety, as in the following example: WARNING Risk of injury. Switch off power at the main breaker before attempting to connect the remote cable to the service power at the utility box. Cautions alert you to situations that might cause harm to your system or damage to equipment, or that may affect service, as in the following example: CAUTION Risk of loss of service. Restarting a running system will interrupt service. Notes provide information you might need to avoid problems or configuration errors: NOTE You must create and configure network interfaces before enabling them for routing protocols. IP Services Rel VC5 v. 03 Vyatta Slide 16: Document Conventions xvi Typographic Conventions This document uses the following typographic conventions: Examples, command-line output, and representations of configuration nodes. In an example, your input: something you type at a command line. In-line commands, keywords, and file names . Arguments and variables, where you supply a value. A key on your keyboard. Combinations of keys are joined by plus signs (“+”). An example is <Ctrl>+<Alt>+<Del>. Enumerated options for completing a syntax. An example is [enable \| disable]. A inclusive range of numbers. An example is 1–65535, which means 1 through 65535. A range of enumerated values. An example is eth0..eth3, which means eth0, eth1, eth2, and eth3. A value that can optionally represent a list of elements (a space-separated list in the first case, and a comma-separated list in the second case). Courier boldface Courier boldface italics <key> [ arg1 \| arg2] num1–numN arg1..argN arg [arg ...] arg,[arg,...] IP Services Rel VC5 v. 03 Vyatta Slide 17: Vyatta Publications xvii Vyatta Publications More information about the Vyatta system is available in the Vyatta technical library, and on www.vyatta.com and www.vyatta.org. Full product documentation is provided in the Vyatta technical library. To see what documentation is available for your release, see the Vyatta Documentation Map. This guide is posted with every release of Vyatta software and provides a great starting point for finding what you need. IP Services Rel VC5 v. 03 Vyatta Slide 18: 1 Chapter 1: SSH This chapter explains how to set up Secure Shell (SSH) access on the Vyatta system. This chapter presents the following topics: • • SSH Configuration SSH Commands Slide 19: Chapter 1: SSH SSH Configuration 2 SSH Configuration Configuring SSH is optional, but creating the SSH service will provide secure remote access to the Vyatta system. Example 1-1 enables SSH on the default port (port 22), as shown in Figure 1-1. By default, only SSH version 2 is enabled, but Example 1-1 enables SSH for all versions of SSH. Figure 1-1 Enabling SSH access R1 SSH: Enabled , Port 22, all versions To enable the SSH service on the Vyatta system, perform the following steps in configuration mode: Example 1-1 Enabling SSH access Step Create the configuration node for the SSH service. Commit the information Command vyatta@R1# set service ssh protocol-version all [edit] vyatta@R1# commit OK [edit] vyatta@R1# show service ssh protocol-version: "all" [edit] Show the configuration. IP Services Rel VC5 v. 03 Vyatta Slide 20: Chapter 1: SSH SSH Commands 3 SSH Commands This chapter contains the following commands. Configuration Commands service ssh Enables SSH as an access protocol on the Vyatta system. Specifies whether or not to allow root logins on SSH connections. Specifies the port the system will use for the SSH service. Specifies which versions of SSH are enabled. service ssh allow-root <state> service ssh port <port> service ssh protocol-version <version> Operational Commands None IP Services Rel VC5 v. 03 Vyatta Slide 21: Chapter 1: SSH SSH Commands 4 service ssh Enables SSH as an access protocol on the Vyatta system. Syntax set service ssh delete service ssh show service ssh Command Mode Configuration mode. Configuration Statement service { ssh { } } Parameters None. Default None. Usage Guidelines Use this command to configure the system to allow SSH requests from remote systems to the local system. Creating the SSH configuration node enables SSH as an access protocol. By default, the router uses port 22 for the SSH service, and SSH version 2 alone is used. Use the set form of this command to create the SSH configuration. Use the delete form of this command to remove the SSH configuration. If you delete the SSH configuration node you will disable SSH access to the system. Use the show form of this command to view the SSH configuration. IP Services Rel VC5 v. 03 Vyatta Slide 22: Chapter 1: SSH SSH Commands 5 service ssh allow-root <state> Specifies whether or not to allow root logins on SSH connections. Syntax set service ssh allow-root state delete service ssh allow-root show service ssh allow-root Command Mode Configuration mode. Configuration Statement service { ssh { allow-root: [true\|false] } } Parameters state Specifies whether or not root logins are allowed on connections to SSH. Supported values are as follows: true: Root logins are allowed on SSH. false: Root logins are not allowed on SSH. Default Root logins are not allowed on SSH connections. Usage Guidelines Use this command to specify whether or not root logins are allowed on SSH connections. Use the set form of this command to specify whether or not root logins are allowed on SSH connections. Use the delete form of this command to restore the default allow-root configuration. Use the show form of this command to view the allow-root configuration. IP Services Rel VC5 v. 03 Vyatta Slide 23: Chapter 1: SSH SSH Commands 6 service ssh port <port> Specifies the port the system will use for the SSH service. Syntax set service ssh port port delete service ssh port show service ssh port Command Mode Configuration mode. Configuration Statement service { ssh { port: 1-65534 } } Parameters port The port the system will use for the SSH service. The range is 1 to 65534. The default is 22 Default The SSH service runs on port 22. Usage Guidelines Use this command to specify the port the system will use for the SSH service. Use the set form of this command to specify the port the system will use for the SSH service. Use the delete form of this command to restore the default port configuration. Use the show form of this command to view the port configuration. IP Services Rel VC5 v. 03 Vyatta Slide 24: Chapter 1: SSH SSH Commands 7 service ssh protocol-version <version> Specifies which versions of SSH are enabled. Syntax set service ssh protocol-version version delete service ssh protocol-version show service ssh protocol-version Command Mode Configuration mode. Configuration Statement service { ssh { protocol-version: [v1\|v2\|all] } } Parameters version Specifies which versions of SSH are enabled. Supported values are as follows: v1: SSH version 1 alone is enabled. v2: SSH version 2 alone is enabled. all: Both SSH version 1 and SSH version 2 are both enabled. Default SSH version 2 alone is enabled. IP Services Rel VC5 v. 03 Vyatta Slide 25: Chapter 1: SSH SSH Commands 8 Usage Guidelines Use this command to specify which versions of SSH are enabled. Use the set form of this command to specify which versions of SSH are enabled. Use the delete form of this command to restore the default protocol-version configuration. Use the show form of this command to view the protocol-version configuration. IP Services Rel VC5 v. 03 Vyatta Slide 26: 9 Chapter 2: Telnet This chapter explains how to set up Telnet access on the Vyatta system. This chapter presents the following topics: • • Telnet Configuration Telnet Commands Slide 27: Chapter 2: Telnet Telnet Configuration 10 Telnet Configuration Configuring Telnet is optional, but creating the Telnet service will allow you to access the Vyatta system remotely. Example 2-1 enables Telnet on the default port (port 23), as shown in Figure 2-1. Figure 2-1 Enabling Telnet access R1 Telnet : Enabled , Port 23 To enable the Telnet service on the Vyatta system, perform the following steps in configuration mode: Example 2-1 Enabling Telnet access Step Create the configuration node for the Telnet service. Commit the information. Command vyatta@R1# set service telnet [edit] vyatta@R1# commit OK [edit] vyatta@R1# show service telnet { } [edit] Show the configuration. IP Services Rel VC5 v. 03 Vyatta Slide 28: Chapter 2: Telnet Telnet Commands 11 Telnet Commands This chapter contains the following commands. Configuration Commands service telnet Configures Telnet as an access protocol on the system. Specifies whether or not root logins are allowed on Telnet connections. Specifies the port the system will use for the Telnet service. service telnet allow-root <state> service telnet port <port> Operational Commands telnet <address> Creates a terminal session to a Telnet server. IP Services Rel VC5 v. 03 Vyatta Slide 29: Chapter 2: Telnet Telnet Commands 12 service telnet Configures Telnet as an access protocol on the system. Syntax set service telnet delete service telnet show service telnet Command Mode Configuration mode. Configuration Statement service { telnet { } } Parameters None. Default None. Usage Guidelines Use this command to configure the system to accept Telnet as an access service to the system. Creating the Telnet configuration node enables Telnet as an access protocol. By default, the system uses port 23 for the Telnet service. Use the set form of this command to create the Telnet configuration. Use the delete form of this command to remove the Telnet configuration. If you delete the Telnet configuration node you will disable Telnet access to the system. Use the show form of this command to view the Telnet configuration. IP Services Rel VC5 v. 03 Vyatta Slide 30: Chapter 2: Telnet Telnet Commands 13 service telnet allow-root <state> Specifies whether or not root logins are allowed on Telnet connections. Syntax set service telnet allow-root state delete service telnet allow-root show service telnet allow-root Command Mode Configuration mode. Configuration Statement service { telnet { allow-root: [true\|false] } } Parameters state Specifies whether or not root logins are allowed on connections to Telnet. Supported values are as follows: true: Root logins are allowed on Telnet. false: Root logins are not allowed on Telnet. Default Root logins are not allowed on Telnet connections. Usage Guidelines Use this command to specify whether or not root logins are allowed on Telnet connections. Use the set form of this command to specify whether or not root logins are allowed on Telnet connections. Use the delete form of this command to restore the default allow-root configuration. Use the show form of this command to view the allow-root configuration. IP Services Rel VC5 v. 03 Vyatta Slide 31: Chapter 2: Telnet Telnet Commands 14 service telnet port <port> Specifies the port the system will use for the Telnet service. Syntax set service telnet port port delete service telnet port show service telnet port Command Mode Configuration mode. Configuration Statement service { telnet { port: 1-65534 } } Parameters port The port the system will use for the Telnet service. The range is 1 to 65534. Default The default is port 23. Usage Guidelines Use this command to specify the port the system will use for the Telnet service. Use the set form of this command to specify the port the system will use for the Telnet service. Use the delete form of this command to restore the default port configuration. Use the show form of this command to view the port configuration. IP Services Rel VC5 v. 03 Vyatta Slide 32: Chapter 2: Telnet Telnet Commands 15 telnet <address> Creates a terminal session to a Telnet server. Syntax telnet address [service] Command Mode Operational mode. Parameters address Mandatory. The IP address or hostname of the Telnet server to connect to. Optional. The port number or service name you wish to connect to. The range for ports is 65535. Any service name in the file /etc/services is permitted. The default is port 23. service Default If no port is specified, the system connects through port 23 (the well-known port for the Telnet service). Usage Guidelines Use this command to create a terminal session to a remote machine running a Telnet service. IP Services Rel VC5 v. 03 Vyatta Slide 33: Chapter 2: Telnet Telnet Commands 16 Examples Example 2-2 shows a telnet session being established to 192.168.1.77. Example 2-2 “telnet 192.168.1.77”: Displaying the Telnet session being established vyatta@R1:~$ telnet 192.168.1.77 Entering character mode Escape character is '^]'. Welcome to Vyatta vyatta login: IP Services Rel VC5 v. 03 Vyatta Slide 34: 17 Chapter 3: DHCP This chapter describes how to implement DHCP on the Vyatta system. This chapter presents the following topics: • DHCP Commands Slide 35: Chapter 3: DHCP DHCP Commands 18 DHCP Commands This chapter contains the following commands. Configuration Commands DHCP Relay service dhcp-relay Configures the system to relay DHCP client messages to an off-net DHCP server. Specifies the interface to use for accepting DHCP requests or relaying DHCP client messages. Specifies whether to add the Relay Agent Information option (option 82) to the client-to-server packet. Sets the IP address of the DHCP server. service dhcp-relay interface <interface> service dhcp-relay relay-options service dhcp-relay server <ipv4> DHCP Server service dhcp-server service dhcp-server disabled <state> Enables DHCP server functionality. Allows you to disable the DHCP server without discarding configuration. Defines a pool of addresses for DHCP leases. Specifies the IPv4 network to be served by a DHCP address pool. Specifies whether the DHCP server is authoritative. service dhcp-server shared-network-name <name> service dhcp-server shared-network-name <name> subnet <ipv4net> service dhcp-server shared-network-name <name> subnet <ipv4net> authoritative <state> service dhcp-server shared-network-name <name> subnet <ipv4net> client-prefix-length <prefix> service dhcp-server shared-network-name <name> subnet <ipv4net> default-router <ipv4> service dhcp-server shared-network-name <name> subnet <ipv4net> dns-server <ipv4> service dhcp-server shared-network-name <name> subnet <ipv4net> domain-name <domain-name> service dhcp-server shared-network-name <name> subnet <ipv4net> exclude <ipv4> service dhcp-server shared-network-name <name> subnet <ipv4net> failover Specifies the subnet prefix length to be assigned to clients. Specifies the address of the default router for DHCP clients on this subnet. Specifies the address of a DNS server for DHCP clients. Provides the domain name for DHCP clients. Excludes an IP address to from a DHCP address pool. Enables DHCP failover functionality for a DHCP address pool on a subnet. IP Services Rel VC5 v. 03 Vyatta Slide 36: Chapter 3: DHCP DHCP Commands 19 service dhcp-server shared-network-name <name> subnet <ipv4net> lease <seconds> service dhcp-server shared-network-name <name> subnet <ipv4net> server-identifier <ipv4> service dhcp-server shared-network-name <name> subnet <ipv4net> start <ipv4> stop <ipv4> service dhcp-server shared-network-name <name> subnet <ipv4net> static-mapping service dhcp-server shared-network-name <name> subnet <ipv4net> wins-server <ipv4> Specifies how long the address assigned by the DHCP server will be valid. Specifies the address for the DHCP server identifier. Specifies the range of addresses that will be assigned to DHCP clients. Specifies a static IP address for a specific DHCP client. Specifies the address of a WINS server that is available to DHCP clients. Operational Commands clear dhcp client process clear dhcp lease ip <ipv4> Restarts the DHCP client process. Removes the DHCP lease for the specified IP address. Removes current DHCP leases. Displays DHCP client information. Displays current DHCP lease information. Displays DHCP server statistics. clear dhcp leases show dhcp client leases show dhcp leases show dhcp statistics IP Services Rel VC5 v. 03 Vyatta Slide 37: Chapter 3: DHCP DHCP Commands 20 clear dhcp client process Restarts the DHCP client process. Syntax clear dhcp client process Command Mode Operational mode. Parameters None. Default None. Usage Guidelines Use this command to restart the DHCP client process. DHCP is configured using the service dhcp-server command (see page 31). IP Services Rel VC5 v. 03 Vyatta Slide 38: Chapter 3: DHCP DHCP Commands 21 clear dhcp lease ip <ipv4> Removes the DHCP lease for the specified IP address. Syntax clear dhcp lease ip ipv4 Command Mode Operational mode. Parameters ipv4 Clears the DHCP lease for the specified IP address. Default None. Usage Guidelines Use this command to remove a DHCP lease. DHCP is configured using the service dhcp-server command (see page 31). IP Services Rel VC5 v. 03 Vyatta Slide 39: Chapter 3: DHCP DHCP Commands 22 clear dhcp leases Removes current DHCP leases. Syntax clear dhcp leases Command Mode Operational mode. Parameters None. Default None. Usage Guidelines Use this command to remove all DHCP leases. DHCP is configured using the service dhcp-server command (see page 31). IP Services Rel VC5 v. 03 Vyatta Slide 40: Chapter 3: DHCP DHCP Commands 23 service dhcp-relay Configures the system to relay DHCP client messages to an off-net DHCP server. Syntax set service dhcp-relay delete service dhcp-relay show service dhcp-relay Command Mode Configuration mode. Configuration Statement service { dhcp-relay { } } Parameters None. Default None. Usage Guidelines Use this command to configure the system as a DHCP relay agent. A DHCP relay agent receives DHCP packets from DHCP clients and forwards them to a DHCP server. This allows you to place DHCP clients and DHCP servers on different networks; that is, across router interfaces. The relay agent is configured with addresses of DHCP servers to which they should relay client DHCP message. The relay agent intercepts the broadcast, sets the gateway address (the giaddr field of the DHCP packet) and, if configured, inserts the Relay Agent Information option (option 82) in the packet and forwards it to the DHCP server. The DHCP server echoes the option back verbatim to the relay agent in server-to-client replies, and the relay agent strips the option before forwarding the reply to the client. IP Services Rel VC5 v. 03 Vyatta Slide 41: Chapter 3: DHCP DHCP Commands 24 Use the set form of this command to define DHCP relay configuration. Use the delete form of this command to remove DHCP relay configuration. Use the show form of this command to view DHCP relay configuration. IP Services Rel VC5 v. 03 Vyatta Slide 42: Chapter 3: DHCP DHCP Commands 25 service dhcp-relay interface <interface> Specifies the interface to use for accepting DHCP requests or relaying DHCP client messages. Syntax set dhcp-relay interface interface delete dhcp-relay interface interface show dhcp-relay interface Command Mode Configuration mode. Configuration Statement service { dhcp-relay { interface text { } } } Parameters interface Mandatory. Multi-node. The interface to use to accept DHCP requests or relay DHCP client messages. If the interface through which requests are received is different from the interface used to reach the DHCP server specified in the request, both interfaces must be configured. You can assign multiple interfaces to be used for DHCP by creating multiple interface configuration nodes. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 43: Chapter 3: DHCP DHCP Commands 26 Usage Guidelines Use this command to specify the interface to use to accept DHCP requests or relay DHCP client messages. Use the set form of this command to specify the interface to use to accept DHCP requests or relay DHCP client messages. Use the delete form of this command to remove the specified value. Use the show form of this command to view the specified value. IP Services Rel VC5 v. 03 Vyatta Slide 44: Chapter 3: DHCP DHCP Commands 27 service dhcp-relay relay-options Specifies whether to add the Relay Agent Information option (option 82) to the client-to-server packet. Syntax set service dhcp-relay relay-options [hop-count count \| max-size size \| port port \| relay-agents-packets policy] delete service dhcp-relay relay-options [hop-count \| max-size \| port \| relay-agents-packets] show service dhcp-relay relay-options [hop-count \| max-size \| port \| relay-agents-packets] Command Mode Configuration mode. Configuration Statement service { dhcp-relay { relay-options { hop-count: 1-255 max-size: 64-1400 port: 1-65535 relay-agents-packets: [discard\|forward] } } } Parameters hop-count count Optional. Sets the time-to-live, in seconds, for outgoing relayed messages. The range is 1 to 255. The default is 10. IP Services Rel VC5 v. 03 Vyatta Slide 45: Chapter 3: DHCP DHCP Commands 28 max-size size Optional. Sets the maximum size of the DHCP packet to be created after appending the relay agent information option. If, after appending the information, the packet would exceed this size, the packet is forwarded without appending the information. The range is 64 to 1400. The default is 576. If this option not configured, the router does not forward DHCP packets that exceed the MTU of the interface on which relaying is configured. port port Optional. Specifies the port on this interface to be used for relaying DHCP client messages. The range is 1 to 65535. relay-agents-packet policy Optional. Sets the reforwarding policy for a DHCP relay agent. This is the action the router will take if the DHCP message already contains relay information. Supported values are as follows: discard: If the packet already contains relay information, it will be discarded. forward: The packet will be forwarded regardless of whether it contains relay information. The default is forward. Default Usage Guidelines Use this command to configure the Relay Agent Information option (option 82) in the client-to-server packet, as specified by RFC 3046, and configure DHCP relay options. Use the set form of this command to set DHCP relay options. Use the delete form of this command to restore default DHCP relay option values. Use the show form of this command to view DHCP relay option configuration. IP Services Rel VC5 v. 03 Vyatta Slide 46: Chapter 3: DHCP DHCP Commands 29 service dhcp-relay server <ipv4> Sets the IP address of the DHCP server. Syntax set dhcp-relay server ipv4 delete dhcp-relay server ipv4 show dhcp-relay server Command Mode Configuration mode. Configuration Statement service { dhcp-relay { server ipv4 { } } } Parameters ipv4 Mandatory. Multi-node. The IP address of the DHCP server. You can relay messages to more than one DHCP server, by creating multiple server configuration nodes. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 47: Chapter 3: DHCP DHCP Commands 30 Usage Guidelines Use this command to specify the IP address of the DHCP server. Use the set form of this command to specify the IP address of the DHCP server in a DHCP relay configuration. Use the delete form of this command to remove DHCP server configuration in a DHCP relay configuration. Use the show form of this command to view DHCP server configuration in a DHCP relay configuration. IP Services Rel VC5 v. 03 Vyatta Slide 48: Chapter 3: DHCP DHCP Commands 31 service dhcp-server Enables DHCP server functionality. Syntax set service dhcp-server delete service dhcp-server show service dhcp-server Command Mode Configuration mode. Configuration Statement service { dhcp-server { } } Parameters None. Default None. Usage Guidelines Use this command to configure a pool of addresses the system can use for Dynamic Host Configuration Protocol (DHCP). At least one address pool must be configured for DHCP to be available as a service. Each subnet specified contains a distinct address pool. A given interface can support more than one address pool (that is, more than one subnet). Use the set form of this command to enable DHCP server functionality. Use the delete form of this command to remove the DHCP server functionality. Use the show form of this command to view DHCP server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 49: Chapter 3: DHCP DHCP Commands 32 service dhcp-server disabled <state> Allows you to disable the DHCP server without discarding configuration. Syntax set dhcp-server disabled state delete dhcp-server disabled show dhcp-server disabled Command Mode Configuration mode. Configuration Statement service { dhcp-server { disabled: [true\|false] } } Parameters state The administrative state of the DHCP server. Supported values are as follows: true: Disables DHCP server without discarding configuration. false: Enables the DHCP server. Default DHCP server functionality is disabled. Usage Guidelines Use this command to disable the DHCP server without discarding configuration. Use the set form of this command to specify whether the DHCP server should be disabled or not. Use the delete form of this command to restore the default state. Use the show form of this command to view DHCP server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 50: Chapter 3: DHCP DHCP Commands 33 service dhcp-server shared-network-name <name> Defines a pool of addresses for DHCP leases. Syntax set service dhcp-server shared-network-name name delete service dhcp-server shared-network-name name show service dhcp-server shared-network-name name Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { } } } Parameters name Mandatory. Multi-node. The name for the DHCP address pool. You can define multiple address pools by creating multiple shared-network-name configuration nodes, each with a different name. Default None. Usage Guidelines Use this command to create a DHCP server address pool with the specified name. Use the set form of this command to create a DHCP address pool. Use the delete form of this command to remove a DHCP address pool. Use the show form of this command to view DHCP address pool configuration. IP Services Rel VC5 v. 03 Vyatta Slide 51: Chapter 3: DHCP DHCP Commands 34 service dhcp-server shared-network-name <name> subnet <ipv4net> Specifies the IPv4 network to be served by a DHCP address pool. Syntax set service dhcp-server shared-network-name name subnet ipv4net delete service dhcp-server shared-network-name name subnet ipv4net show service dhcp-server shared-network-name name subnet ipv4net Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network to be served with the addresses defined the specified address pool. The format is ip-addr/prefix. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 52: Chapter 3: DHCP DHCP Commands 35 Usage Guidelines Use this command to specify the IPv4 network to be served with the addresses that are defined in this named rule. DHCP requests from devices on this subnet are served static address assignments or an address from the defined range. Use the set form of this command to specify the DHCP address pool subnet. Use the delete form of this command to remove DHCP address pool subnet configuration. Use the show form of this command to view tDHCP address pool subnet configuration. IP Services Rel VC5 v. 03 Vyatta Slide 53: Chapter 3: DHCP DHCP Commands 36 service dhcp-server shared-network-name <name> subnet <ipv4net> authoritative <state> Specifies whether the DHCP server is authoritative. Syntax set service dhcp-server shared-network-name name subnet ipv4net authoritative state delete service dhcp-server shared-network-name name subnet ipv4net authoritative show service dhcp-server shared-network-name name subnet ipv4net authoritative Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { authoritative: [enable\|disable] } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies whether the DHCP server is the authoritative server. Supported values are as follows: enable: Enables authoritative state. disable: Disables authoritative state. The default is disable. authoritative IP Services Rel VC5 v. 03 Vyatta Slide 54: Chapter 3: DHCP DHCP Commands 37 Default The DHCP server is not authoritative. Usage Guidelines Use this command to set the server as the authoritative DHCP server. Setting the server as authoritative sets the server as a master server and allows it to protect itself from rogue DHCP servers or misconfigured DHCP clients. If the server is authoritative, it sends a DHCPNAK to a misconfigured client; otherwise, the client cannot update its IP address until after the old lease expires. Use the set form of this command to enable or disable the authoritative state for a DHCP server. Use the delete form of this command to restore the default authoritative state. Use the show form of this command to view the authoritative DHCP configuration. IP Services Rel VC5 v. 03 Vyatta Slide 55: Chapter 3: DHCP DHCP Commands 38 service dhcp-server shared-network-name <name> subnet <ipv4net> bootfile-name <bootfile> Specifies a bootstrap file from which diskless PCs can boot. Syntax set service dhcp-server shared-network-name name subnet ipv4net bootfile-name bootfile delete service dhcp-server shared-network-name name subnet ipv4net bootfile-name show service dhcp-server shared-network-name name subnet ipv4net bootfile-name Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { bootfile-name: text } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. The name of the bootstrap file to be used to boot. bootfile Default None. IP Services Rel VC5 v. 03 Vyatta Slide 56: Chapter 3: DHCP DHCP Commands 39 Usage Guidelines Use this command to specify a bootstrap file from which diskless PCs may boot. Use the set form of this command to specify the bootstrap file. Use the delete form of this command to remove boot file configuration. Use the show form of this command to view boot file configuration. IP Services Rel VC5 v. 03 Vyatta Slide 57: Chapter 3: DHCP DHCP Commands 40 service dhcp-server shared-network-name <name> subnet <ipv4net> client-prefix-length <prefix> Specifies the subnet prefix length to be assigned to clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net client-prefix-length prefix delete service dhcp-server shared-network-name name subnet ipv4net client-prefix-length show service dhcp-server shared-network-name name subnet ipv4net client-prefix-length Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { client-prefix-length: 0-32 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. The subnet prefix length that will be assigned to each client. By default, the prefix length defined in the subnet parameter is assigned. The range is 0 to 32. prefix IP Services Rel VC5 v. 03 Vyatta Slide 58: Chapter 3: DHCP DHCP Commands 41 Default None. Usage Guidelines Use this command to specify the subnet prefix length that will be assigned to each client. Use the set form of this command to specify the subnet prefix length that will be assigned to each client. Use the delete form of this command to remove the client-prefix-length configuration. Use the show form of this command to view the client-prefix-length configuration. IP Services Rel VC5 v. 03 Vyatta Slide 59: Chapter 3: DHCP DHCP Commands 42 service dhcp-server shared-network-name <name> subnet <ipv4net> default-router <ipv4> Specifies the address of the default router for DHCP clients on this subnet. Syntax set service dhcp-server shared-network-name name subnet ipv4net default-router ipv4 delete service dhcp-server shared-network-name name subnet ipv4net default-router show service dhcp-server shared-network-name name subnet ipv4net default-router Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { default-router: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Gives the address of the default router for DHCP clients on this subnet. The default router should be on the same subnet as the client. The format is an IP address. ipv4 Default None. IP Services Rel VC5 v. 03 Vyatta Slide 60: Chapter 3: DHCP DHCP Commands 43 Usage Guidelines Use this command to specify the address of the default router for DHCP clients on this subnet. Use the set form of this command to specify the address of the default router for DHCP clients on this subnet. Use the delete form of this command to remove the default-router configuration. Use the show form of this command to view the default-router configuration. IP Services Rel VC5 v. 03 Vyatta Slide 61: Chapter 3: DHCP DHCP Commands 44 service dhcp-server shared-network-name <name> subnet <ipv4net> dns-server <ipv4> Specifies the address of a DNS server for DHCP clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net dns-server ipv4 delete service dhcp-server shared-network-name name subnet ipv4net dns-server ipv4 show service dhcp-server shared-network-name name subnet ipv4net dns-server Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { dns-server: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Multi-node. The IPv4 address of the DNS server . You can specify more than one DNS server by issuing this statement multiple times. ipv4 Default None. IP Services Rel VC5 v. 03 Vyatta Slide 62: Chapter 3: DHCP DHCP Commands 45 Usage Guidelines Use this command to specify the address of a DNS server that is available to DHCP clients. Use the set form of this command to specify the address of a DNS server that is available to DHCP clients. Use the delete form of this command to remove DNS server configuration. Use the show form of this command to view DNS server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 63: Chapter 3: DHCP DHCP Commands 46 service dhcp-server shared-network-name <name> subnet <ipv4net> domain-name <domain-name> Provides the domain name for DHCP clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net domain-name domain-name delete service dhcp-server shared-network-name name subnet ipv4net domain-name show service dhcp-server shared-network-name name subnet ipv4net domain-name Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { domain-name: text } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. The domain name to be given to DHCP clients on this subnet. A domain name can include letters, numbers, hyphens (“-”), and one period (“.”). For example, “vyatta.com”. domain-name Default None. IP Services Rel VC5 v. 03 Vyatta Slide 64: Chapter 3: DHCP DHCP Commands 47 Usage Guidelines Use this command to specify the domain name to be used by DHCP clients on this subnet. Use the set form of this command to specify the client domain name. Use the delete form of this command to remove client domain name configuration. Use the show form of this command to view client domain name configuration. IP Services Rel VC5 v. 03 Vyatta Slide 65: Chapter 3: DHCP DHCP Commands 48 service dhcp-server shared-network-name <name> subnet <ipv4net> exclude <ipv4> Excludes an IP address to from a DHCP address pool. Syntax set service dhcp-server shared-network-name name subnet ipv4net exclude ipv4 delete service dhcp-server shared-network-name name subnet ipv4net exclude ipv4 show service dhcp-server shared-network-name name subnet ipv4net exclude Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { exclude: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Multi-node. The IP address to be excluded from the lease range. You can exclude more than one IP address by creating multiple exclude configuration nodes. ipv4 Default None. IP Services Rel VC5 v. 03 Vyatta Slide 66: Chapter 3: DHCP DHCP Commands 49 Usage Guidelines Use this command to exclude IP address from a DHCP address pool. Excluded addresses are never leased to DHCP clients. Use the set form of this command to exclude an IP address from the lease range. Use the delete form of this command to remove an IP address from the exclusion list. Use the show form of this command to view excluded addresses. IP Services Rel VC5 v. 03 Vyatta Slide 67: Chapter 3: DHCP DHCP Commands 50 service dhcp-server shared-network-name <name> subnet <ipv4net> failover Enables DHCP failover functionality for a DHCP address pool on a subnet. Syntax set service dhcp-server shared-network-name name subnet ipv4net failover delete service dhcp-server shared-network-name name subnet ipv4net failover show service dhcp-server shared-network-name name subnet ipv4net failover Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { failover { local-address: ipv4 } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 68: Chapter 3: DHCP DHCP Commands 51 Usage Guidelines Use this command to enable DHCP failover for an address pool on a given network. In a failover configuration, two DHCP servers act as failover peers, with one of the peers designated as the primary and the other as the secondary. For DHCP failover to work: • • • Both peers must be Vyatta systems, and must be running the same version of Vyatta software. Each server must be configured to point to the other as the failover peer. The time on the servers must be exactly synchronized. The system times should be synchronized before configuring DHCP failover. Use of NTP time synchronization is highly recommended. However, if difficulties arise due to incorrect system times, disable NTP, reset the times correctly, and then re-enable NTP. Note that DHCP leases are only assigned in failover configurations if proper communication is established between the two failover peers. If the configuration is incorrect (if, for example, one failover peer is configured but the other is not), DHCP leases will not be dispersed. Use the set form of this command to define DHCP failover configuration Use the delete form of this command to remove DHCP failover configuration. Use the show form of this command to view DCHP failover configuration. IP Services Rel VC5 v. 03 Vyatta Slide 69: Chapter 3: DHCP DHCP Commands 52 service dhcp-server shared-network-name <name> subnet <ipv4net> failover local-address <ipv4> Specifies the DHCP failover IP address for the local failover peer. Syntax set service dhcp-server shared-network-name name subnet ipv4net failover local-address ipv4 delete service dhcp-server shared-network-name name subnet ipv4net failover local-address show service dhcp-server shared-network-name name subnet ipv4net failover local-address Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { failover { local-address: ipv4 name: text peer-address: ipv4 status: [primary\|secondary] } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. The IP address for the local failover peer. ipv4 IP Services Rel VC5 v. 03 Vyatta Slide 70: Chapter 3: DHCP DHCP Commands 53 Default None. Usage Guidelines Use this command to specify the DHCP failover IP address for the local failover peer. Use the set form of this command to set the DHCP failover IP address. Use the delete form of this command to remove local failover IP address configuration. Use the show form of this command to view local failover IP address configuration. IP Services Rel VC5 v. 03 Vyatta Slide 71: Chapter 3: DHCP DHCP Commands 54 service dhcp-server shared-network-name <name> subnet <ipv4net> failover name <peer-name> Specifies the DHCP failover peer name for the local peer. Syntax set service dhcp-server shared-network-name name subnet ipv4net failover name peer-name delete service dhcp-server shared-network-name name subnet ipv4net failover name show service dhcp-server shared-network-name name subnet ipv4net failover name Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { failover { name: text } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. The DHCP failover peer name for the local peer. peer-name Default None. IP Services Rel VC5 v. 03 Vyatta Slide 72: Chapter 3: DHCP DHCP Commands 55 Usage Guidelines Use this command to specify a name for the local peer in a DHCP failover pair. Use the set form of this command to specify the DHCP failover peer name. Use the delete form of this command to remove the local peer name configuration. Use the show form of this command to view local peer name configuration. IP Services Rel VC5 v. 03 Vyatta Slide 73: Chapter 3: DHCP DHCP Commands 56 service dhcp-server shared-network-name <name> subnet <ipv4net> failover peer-address <ipv4> Specifies the DHCP failover IP address for the local peer. Syntax set service dhcp-server shared-network-name name subnet ipv4net failover peer-address ipv4 delete service dhcp-server shared-network-name name subnet ipv4net failover peer-address show service dhcp-server shared-network-name name subnet ipv4net failover peer-address Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { failover { peer-address: ipv4 } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Specifies the IP address for the failover peer. ipv4 IP Services Rel VC5 v. 03 Vyatta Slide 74: Chapter 3: DHCP DHCP Commands 57 Default None. Usage Guidelines Use this command to specify the DHCP failover IP address for the local peer. Use the set form of this command to specify the DHCP failover IP address for the local peer. Use the delete form of this command to remove the IP address configuration. Use the show form of this command to view the IP address configuration. IP Services Rel VC5 v. 03 Vyatta Slide 75: Chapter 3: DHCP DHCP Commands 58 service dhcp-server shared-network-name <name> subnet <ipv4net> failover status <status> Specifies the DHCP failover status for this peer. Syntax set service dhcp-server shared-network-name name subnet ipv4net failover status status delete service dhcp-server shared-network-name name subnet ipv4net failover status show service dhcp-server shared-network-name name subnet ipv4net failover status Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { failover { status: [primary\|secondary] } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Indicates whether this peer is the primary or secondary peer in the failover configuration. Supported values are as follows: primary: The local system is primary peer. secondary: The local system is the secondary peer. status IP Services Rel VC5 v. 03 Vyatta Slide 76: Chapter 3: DHCP DHCP Commands 59 Default None. Usage Guidelines Use this command to specify the DHCP failover status of this system. Use the set form of this command to specify whether this system is primary or secondary. Use the delete form of this command to remove failover status configuration. Use the show form of this command to view failover status configuration. IP Services Rel VC5 v. 03 Vyatta Slide 77: Chapter 3: DHCP DHCP Commands 60 service dhcp-server shared-network-name <name> subnet <ipv4net> ip-forwarding enable <state> Specifies whether the client should configure its IP layer for packet forwarding. Syntax set service dhcp-server shared-network-name name subnet ipv4net ip-forwarding enable state delete service dhcp-server shared-network-name name subnet ipv4net ip-forwarding enable show service dhcp-server shared-network-name name subnet ipv4net ip-forwarding enable Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { ip-forwarding { enable: [true\|false] } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. IP Services Rel VC5 v. 03 Vyatta Slide 78: Chapter 3: DHCP DHCP Commands 61 state Specifies whether or not the client should configure its IP layer for packet forwarding. Supported values are as follows: true: The client should configure its IP later for packet forwarding. false: The client should not configure its IP later for packet forwarding. The default false. Default The DHCP server does not direct clients to configure for packet forwarding. Usage Guidelines Use this command to specify whether the DHCP server directs clients to configure the IP layer for packet forwarding. Use the set form of this command to specify whether the client should configure its IP layer for packet forwarding. Use the delete form of this command to restore the default configuration. Use the show form of this command to view IP forwarding configuration. IP Services Rel VC5 v. 03 Vyatta Slide 79: Chapter 3: DHCP DHCP Commands 62 service dhcp-server shared-network-name <name> subnet <ipv4net> lease <seconds> Specifies how long the address assigned by the DHCP server will be valid. Syntax set service dhcp-server shared-network-name name subnet ipv4net lease seconds delete service dhcp-server shared-network-name name subnet ipv4net lease show service dhcp-server shared-network-name name subnet ipv4net lease Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { lease: u32 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies how long the address assigned by the DHCP server will be valid, in seconds. The range is 120 to 4294967296. seconds Default The default is 86400 (24 hours). IP Services Rel VC5 v. 03 Vyatta Slide 80: Chapter 3: DHCP DHCP Commands 63 Usage Guidelines Use this command to specify how long the address assigned by the DHCP server will be valid. Use the set form of this command to specify how long the address assigned by the DHCP server will be valid. Use the delete form of this command to remove the lease configuration. Use the show form of this command to view the lease configuration. IP Services Rel VC5 v. 03 Vyatta Slide 81: Chapter 3: DHCP DHCP Commands 64 service dhcp-server shared-network-name <name> subnet <ipv4net> ntp-server <ipv4> Specifies the address of an NTP (Network Time Protocol) server available to clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net ntp-server ipv4 delete service dhcp-server shared-network-name name subnet ipv4net ntp-server ipv4 show service dhcp-server shared-network-name name subnet ipv4net ntp-server Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { ntp-server: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies the IP address of an NTP server available to clients. Multiple NTP server addresses can be specified in separate commands. The list of NTP servers should be specified in order of preference. ipv4 Default None. IP Services Rel VC5 v. 03 Vyatta Slide 82: Chapter 3: DHCP DHCP Commands 65 Usage Guidelines Use this command to specify the address of an NTP (Network Time Protocol) server available to clients. Use the set form of this command to specify the address of an NTP server available to clients. Use the delete form of this command to remove the NTP server configuration. Use the show form of this command to view the NTP server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 83: Chapter 3: DHCP DHCP Commands 66 service dhcp-server shared-network-name <name> subnet <ipv4net> pop-server <ipv4> Specifies the address of a POP3 (Post Office Protocol 3) server available to clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net pop-server ipv4 delete service dhcp-server shared-network-name name subnet ipv4net pop-server ipv4 show service dhcp-server shared-network-name name subnet ipv4net pop-server Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { pop-server: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies the IP address of an POP3 server available to clients. Multiple POP3 server addresses can be specified in separate commands. The list of POP3 servers should be specified in order of preference. ipv4 Default None. IP Services Rel VC5 v. 03 Vyatta Slide 84: Chapter 3: DHCP DHCP Commands 67 Usage Guidelines Use this command to specify the address of an POP3 (Post Office Protocol 3) server available to clients. Use the set form of this command to specify the address of an POP3 server available to clients. Use the delete form of this command to remove the POP3 server configuration. Use the show form of this command to view the POP3 server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 85: Chapter 3: DHCP DHCP Commands 68 service dhcp-server shared-network-name <name> subnet <ipv4net> server-identifier <ipv4> Specifies the address for the DHCP server identifier. Syntax set service dhcp-server shared-network-name name subnet ipv4net server-identifier ipv4 delete service dhcp-server shared-network-name name subnet ipv4net server-identifier show service dhcp-server shared-network-name name subnet ipv4net server-identifier Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { server-identifier ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies the address for the DHCP server identifier. ipv4 Default None. IP Services Rel VC5 v. 03 Vyatta Slide 86: Chapter 3: DHCP DHCP Commands 69 Usage Guidelines Use this command to specify the address for the DHCP server identifier. The server identifier option is a field in a DHCP message that identifies the DHCP server as the destination address from clients to servers. When the DHCP server includes this field in a DHCPOffer, the client can use it to distinguish between multiple lease offers. The server identifier must be an address that is reachable from the client. Use the set form of this command to specify the address for the DHCP server identifier. Use the delete form of this command to remove the address for the DHCP server identifier. Use the show form of this command to view the DHCP server identifier configuration. IP Services Rel VC5 v. 03 Vyatta Slide 87: Chapter 3: DHCP DHCP Commands 70 service dhcp-server shared-network-name <name> subnet <ipv4net> smtp-server <ipv4> Specifies the address of a SMTP (Simple Mail Transfer Protocol) server available to clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net smtp-server ipv4 delete service dhcp-server shared-network-name name subnet ipv4net smtp-server ipv4 show service dhcp-server shared-network-name name subnet ipv4net smtp-server Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { smtp-server: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies the IP address of an SMTP server available to clients. Multiple SMTP server addresses can be specified in separate commands. The list of SMTP servers should be specified in order of preference. ipv4 IP Services Rel VC5 v. 03 Vyatta Slide 88: Chapter 3: DHCP DHCP Commands 71 Default None. Usage Guidelines Use this command to specify the address of an SMTP (Simple Mail Transfer Protocol) server available to clients. Use the set form of this command to specify the address of an SMTP server available to clients. Use the delete form of this command to remove the SMTP server configuration. Use the show form of this command to view the SMTP server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 89: Chapter 3: DHCP DHCP Commands 72 service dhcp-server shared-network-name <name> subnet <ipv4net> start <ipv4> stop <ipv4> Specifies the range of addresses that will be assigned to DHCP clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net start ipv4 stop ipv4 delete service dhcp-server shared-network-name name subnet ipv4net start [ipv4 [stop]] show service dhcp-server shared-network-name name subnet ipv4net start [ipv4] Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { start ipv4 { stop: ipv4 } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Multi-node. The start address in an address range. This is the first address in the range that can be assigned. You can define multiple address ranges within an address pool, by creating multiple start configuration nodes. start IP Services Rel VC5 v. 03 Vyatta Slide 90: Chapter 3: DHCP DHCP Commands 73 stop Mandatory. The stop address in this address range. This is the last address in the range that can be assigned. Default None. Usage Guidelines Use this command to specify the range of addresses that will be assigned to DHCP clients. Use the set form of this command to specify the range of addresses that will be assigned to DHCP clients. Use the delete form of this command to remove the address range configuration. Use the show form of this command to view the address range configuration. IP Services Rel VC5 v. 03 Vyatta Slide 91: Chapter 3: DHCP DHCP Commands 74 service dhcp-server shared-network-name <name> subnet <ipv4net> static-mapping Specifies a static IP address for a specific DHCP client. Syntax set service dhcp-server shared-network-name name subnet ipv4net static-mapping mapname {ip-address ipv4\| mac-address mac} delete service dhcp-server shared-network-name name subnet ipv4net static-mapping mapname [ip-address\|mac-address] show service dhcp-server shared-network-name name subnet ipv4net static-mapping mapname [ip-address\|mac-address] Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { static-mapping text { ip-address: ipv4 mac-address: text } } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. IP Services Rel VC5 v. 03 Vyatta Slide 92: Chapter 3: DHCP DHCP Commands 75 mapname Optional. Multi-node. Allows you to statically map an IP address within an address pool to the MAC address of a device on the network. You can define multiple static mappings of this type by creating multiple static-mapping configuration nodes. ipv4 Mandatory. The IP address to be statically assigned to the device. Mandatory. The MAC address to be statically mapped to the specified IP address. mac Default None. Usage Guidelines Use this command to specify a static IP address for a specific DHCP client based on its MAC address. Use the set form of this command to specify a static IP address for a specific DHCP client based on its MAC address. Use the delete form of this command to remove the static mapping configuration. Use the show form of this command to view the static mapping configuration. IP Services Rel VC5 v. 03 Vyatta Slide 93: Chapter 3: DHCP DHCP Commands 76 service dhcp-server shared-network-name <name> subnet <ipv4net> static-route destination-subnet <ipv4net> Specifies the destination subnet of a static route for clients to store in their routing cache. Syntax set service dhcp-server shared-network-name name subnet ipv4net static-route destination-subnet ipv4net2 delete service dhcp-server shared-network-name name subnet ipv4net static-route destination-subnet show service dhcp-server shared-network-name name subnet ipv4net static-route destination-subnet Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { static-route { destination-subnet: ipv4net } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Specifies the destination IP subnet of a static route for clients to store in their routing table. ipv4net2 IP Services Rel VC5 v. 03 Vyatta Slide 94: Chapter 3: DHCP DHCP Commands 77 Default None. Usage Guidelines Use this command to specify the destination subnet of a static route for clients to store in their routing cache. The other part of the static route is defined by the the service dhcp-server shared-network-name <name> subnet <ipv4net> static-route router <ipv4> command (see page 78). Only one static route can be defined for a given subnet. Use the set form of this command to specify the destination subnet of a static route for clients to store in their routing cache. Use the delete form of this command to remove the destination subnet configuration. Use the show form of this command to view the destination subnet configuration. IP Services Rel VC5 v. 03 Vyatta Slide 95: Chapter 3: DHCP DHCP Commands 78 service dhcp-server shared-network-name <name> subnet <ipv4net> static-route router <ipv4> Specifies the router for the destination of a static route for clients to store in their routing cache. Syntax set service dhcp-server shared-network-name name subnet ipv4net static-route router ipv4 delete service dhcp-server shared-network-name name subnet ipv4net static-route router show service dhcp-server shared-network-name name subnet ipv4net static-route router Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { static-route { router: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Specifies the IP address of the router for the destination of a static route for clients to store in their routing cache. ipv4 IP Services Rel VC5 v. 03 Vyatta Slide 96: Chapter 3: DHCP DHCP Commands 79 Default None. Usage Guidelines Use this command to specify the router for the destination of a static route for clients to store in their routing cache. The other part of the static route is defined by the the service dhcp-server shared-network-name <name> subnet <ipv4net> static-route destination-subnet <ipv4net> command (see page 76). Use the set form of this command to specify the router for the destination of a static route for clients to store in their routing cache. Use the delete form of this command to remove the router configuration. Use the show form of this command to view the router configuration. IP Services Rel VC5 v. 03 Vyatta Slide 97: Chapter 3: DHCP DHCP Commands 80 service dhcp-server shared-network-name <name> subnet <ipv4net> tftp-server-name <servername> Specifies the name of a TFTP (Trivial File Transfer Protocol) server available to clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net tftp-server-name servername delete service dhcp-server shared-network-name name subnet ipv4net tftp-server-name show service dhcp-server shared-network-name name subnet ipv4net tftp-server-name Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { tftp-server-name: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Specifies the name of a TFTP server available to clients. servername Default None. IP Services Rel VC5 v. 03 Vyatta Slide 98: Chapter 3: DHCP DHCP Commands 81 Usage Guidelines Use this command to specify the name of a TFTP (Trivial File Transfer Protocol) server available to clients. Use the set form of this command to specify the name of a TFTP (Trivial File Transfer Protocol) server available to clients. Use the delete form of this command to remove the TFTP server configuration. Use the show form of this command to view the TFTP server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 99: Chapter 3: DHCP DHCP Commands 82 service dhcp-server shared-network-name <name> subnet <ipv4net> time-offset <seconds> Specifies the offset of the client’s subnet in seconds from UTC (Coordinated Universal Time). Syntax set service dhcp-server shared-network-name name subnet ipv4net time-offset seconds delete service dhcp-server shared-network-name name subnet ipv4net time-offset show service dhcp-server shared-network-name name subnet ipv4net time-offset Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { time-offset: u32 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Specifies the offset of the client’s subnet in seconds from UTC (Coordinated Universal Time). seconds Default None. IP Services Rel VC5 v. 03 Vyatta Slide 100: Chapter 3: DHCP DHCP Commands 83 Usage Guidelines Use this command to specify the offset of the client’s subnet in seconds from UTC (Coordinated Universal Time). Use the set form of this command to specify the offset of the client’s subnet in seconds from UTC (Coordinated Universal Time). Use the delete form of this command to remove the time offset configuration. Use the show form of this command to view the time offset configuration. IP Services Rel VC5 v. 03 Vyatta Slide 101: Chapter 3: DHCP DHCP Commands 84 service dhcp-server shared-network-name <name> subnet <ipv4net> time-server <ipv4> Specifies the address of an RFC868 time server available to clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net time-server ipv4 delete service dhcp-server shared-network-name name subnet ipv4net time-server ipv4 show service dhcp-server shared-network-name name subnet ipv4net time-server Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { time-server: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies the IP address of an RFC868 time server available to clients. Multiple time server addresses can be specified in separate commands. The list of time servers should be specified in order of preference. ipv4 IP Services Rel VC5 v. 03 Vyatta Slide 102: Chapter 3: DHCP DHCP Commands 85 Default None. Usage Guidelines Use this command to specify the address of an RFC 868 time server available to clients. Use the set form of this command to specify the address of a time server available to clients. Use the delete form of this command to remove the time server configuration. Use the show form of this command to view the time server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 103: Chapter 3: DHCP DHCP Commands 86 service dhcp-server shared-network-name <name> subnet <ipv4net> wins-server <ipv4> Specifies the address of a WINS server that is available to DHCP clients. Syntax set service dhcp-server shared-network-name name subnet ipv4net wins-server ipv4 delete service dhcp-server shared-network-name name subnet ipv4net wins-server ipv4 show service dhcp-server shared-network-name name subnet ipv4net wins-server Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { wins-server: ipv4 } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Multi-node. Gives the address of a NetBIOS Windows Internet Naming Server (WINS) available to DHCP clients on this subnet. The WINS server provides a name resolution services the Microsoft DHCP clients can use to correlate host names to IP addresses. You can specify more than one WINS server by issuing this statement multiple times. The format is an IP address. ipv4 IP Services Rel VC5 v. 03 Vyatta Slide 104: Chapter 3: DHCP DHCP Commands 87 Default None. Usage Guidelines Use this command to specify the address of a WINS server that is available to DHCP clients. Use the set form of this command to specify the address of a WINS server that is available to DHCP clients. Use the delete form of this command to remove the wins-server configuration. Use the show form of this command to view the wins-server configuration. IP Services Rel VC5 v. 03 Vyatta Slide 105: Chapter 3: DHCP DHCP Commands 88 service dhcp-server shared-network-name <name> subnet <ipv4net> wpad-url <url> Specifies the Web Proxy Autodiscovery (WPAD) URL Syntax set service dhcp-server shared-network-name name subnet ipv4net wpad-url url delete service dhcp-server shared-network-name name subnet ipv4net wpad-url show service dhcp-server shared-network-name name subnet ipv4net wpad-url Command Mode Configuration mode. Configuration Statement service { dhcp-server { shared-network-name text { subnet ipv4net { wpad-url: text } } } } Parameters name ipv4net Mandatory. The DHCP address pool. Mandatory. Multi-node. The IPv4 network served by the DHCP address pool. The format is ip-addr/prefix. Optional. Specifies the Web Proxy Autodiscovery (WPAD) URL url Default None. IP Services Rel VC5 v. 03 Vyatta Slide 106: Chapter 3: DHCP DHCP Commands 89 Usage Guidelines Use this command to specify the Web Proxy Autodiscovery (WPAD) URL Use the set form of this command to specify the Web Proxy Autodiscovery (WPAD) URL Use the delete form of this command to remove the WPAD URL configuration. Use the show form of this command to view the WPAD URL configuration. IP Services Rel VC5 v. 03 Vyatta Slide 107: Chapter 3: DHCP DHCP Commands 90 show dhcp client leases Displays DHCP client information. Syntax show dhcp client leases [interface ethx] Command Mode Operational mode. Parameters ethx Shows client information for the specified interface. Usage Guidelines Use this command to see current DHCP client information. When used with no option, this command displays all client information. When an interface is provided, this command displays client information for the specified interface. DHCP is configured using the the service dhcp-server command (see page 31). IP Services Rel VC5 v. 03 Vyatta Slide 108: Chapter 3: DHCP DHCP Commands 91 show dhcp leases Displays current DHCP lease information. Syntax show dhcp leases [pool pool-name] Command Mode Operational mode. Parameters pool-name Shows lease information for the specified address pool. Usage Guidelines Use this command to see current lease information for DHCP subscribers. When used with no option, this command displays all current lease information. When address pool is provided, this command displays lease information for the specified address pool. DHCP is configured using the the service dhcp-server command (see page 31). Examples Example 3-1 shows sample output of show dhcp leases with no option. Example 3-1 ”show dhcp leases” vyatta@R1> show dhcp leases IP address ---------192.168.11.101 vyatta@R1> Hardware Address ---------------00:12:3f:e3:af:67 Lease expiration ---------------2007/06/23 16:28:26 Pool ---POOL1 Client Name ----------Laptop 9 IP Services Rel VC5 v. 03 Vyatta Slide 109: Chapter 3: DHCP DHCP Commands 92 show dhcp statistics Displays DHCP server statistics. Syntax show dhcp statistics [pool pool-name] Command Mode Operational mode. Parameters pool-name Shows DHCP statistics for the specified address pool Usage Guidelines Use this command to see current lease information for DHCP subscribers. When used with no option, this command displays all current lease information. When address pool is provided, this command displays lease information for the specified address pool. DHCP is configured using the the service dhcp-server command (see page 31). Examples Example 3-2 shows sample output of show dhcp statistics with no option. Example 3-2 ”show dhcp statistics” vyatta@R1> show dhcp statistics Total DHCP requests for all pools: Total DHCP responses for all pools: 2 0 IP Services Rel VC5 v. 03 Vyatta Slide 110: Chapter 3: DHCP DHCP Commands 93 pool ---POOL1 vyatta@R1> pool size --------100 # leased -------1 # avail ------99 IP Services Rel VC5 v. 03 Vyatta Slide 111: 94 Chapter 4: DNS This chapter explains how to use Domain Name System (DNS) on the Vyatta system. This chapter presents the following topics: • • DNS Configuration DNS Commands Slide 112: Chapter 4: DNS DNS Configuration 95 DNS Configuration This section presents the following topics: • • DNS Overview DNS Configuration Examples DNS Overview The Domain Name System (DNS) is an Internet directory service providing mappings between human-readable domain names and numeric IP addresses. DNS mappings are recorded in resource records that are stored on name servers distributed throughout the Internet. A device needing to access a host across the Internet sends a DNS query to a name server. The name server consults its resource records and returns an answer with the IP address of the specified name. The DNS system forms its own network on the Internet. If the requested record is not local to the consulted name server, the name server consults another name server, and so on, until the requested information is located and returned. There are billions of resource records in the DNS system. To keep the data manageable, the records are divided into zones, which contain resource records for a DNS domain or subdomain. The Vyatta system supports three main DNS-related features: • • • System DNS Dynamic DNS DNS Forwarding System DNS In system DNS, you define the list of name servers that the Vyatta system can use to resolve hostnames to IP addresses. This list is created using the system name-server command. (The system name-server command is described in the Vyatta Basic System Reference Guide; for your convenience, an example of system DNS is provided in this chapter in “Example 4-1 Configuring static access to a DNS name server.”) Dynamic DNS Originally, DNS mappings were statically specified in “zone files,” which were periodically loaded onto DNS servers. This worked reasonably well at a time when most hosts were configured with static IP addresses. However, since the 1990s, many network IP Services Rel VC5 v. 03 Vyatta Slide 113: Chapter 4: DNS DNS Configuration 96 endpoints have been assigned IP addresses using dynamic protocols such as Dynamic Host Configuration Protocol. Until 1997, devices with DHCP-assigned IP addresses essentially could not participate in the DNS system. In 1997, the Internet Engineering Task Force (IETF) published RFC 2136, Dynamic Updates in the Domain Name System, describing the dynamic DNS update protocol. Dynamic DNS (DDNS) provides a mechanism for DNS entries to be established and removed dynamically. Devices using dynamic DNS can notify a domain name server in real time of changes to host name, IP address, or other DNS-related information. This feature is particularly useful for systems where a dynamic IP address is provided by the Internet Service Provider (ISP). Whenever the IP address changes, the Vyatta system updates a DDNS service provider with the change. The DDNS provider is responsible for propagating this change to other DNS servers. The Vyatta system supports a number of DDNS providers. DNS Forwarding In many environments using consumer-level ISP connections, the ISP both assigns the client router with its IP address and notifies the client router of the DNS server to use. In many cases, the IP address of the DNS server itself is assigned through DHCP and changes periodically; the ISP notifies the client router of the change in DNS server IP address through periodic updates. This makes it problematic to statically configure a DNS server IP address on the client router’s DHCP server for its LAN clients. In cases like these, the Vyatta system can use DNS forwarding (also called DNS relay) to maintain connectivity between hosts on its network and the ISP’s DNS server. When DNS forwarding is used, the client router offers its own client-side IP address (which is static) as the DNS server address to the hosts on its network, so that all client DNS requests are made to the client router’s client-side address. When DNS requests are made, the client router forwards them to the ISP DNS server; answers are directed back to the client router and forwarded through to the client hosts. If the ISP changes the address of its DNS server, the client router simply records the new address of the server. The server address remains unchanged from the point of view of the LAN clients. Another advantage to DNS forwarding is that DNS requests are cached in the Vyatta system (until either the time-to-live value in the DNS record expires or the cache fills). Subsequent requests for a cached entry are responded to locally, with a corresponding reduction in WAN traffic. DNS Configuration Examples This section presents the following topics: • • Configuring Access to a Name Server Configuring Dynamic DNS IP Services Rel VC5 v. 03 Vyatta Slide 114: Chapter 4: DNS DNS Configuration 97 • • Configuring DNS Forwarding Statically Configured Entries and DNS Forwarding This section includes the following examples: • • • Example 4-1 Configuring static access to a DNS name server Example 4-2 Setting up dynamic DNS Example 4-3 Setting up DNS forwarding Configuring Access to a Name Server In order to be able to translate host names (such as www.vyatta.com) to IP addresses (such as 69.59.150.141), the system must be able to access a DNS server. Configuring access to a DNS server is a function of basic system management, and is described in the Vyatta Basic System Reference Guide. For your convenience, the configuration example is repeated here. Example 4-1 configures a static IP address for the DNS server at address 12.34.56.100. To configure the Vyatta system in this way, perform the following steps. Example 4-1 Configuring static access to a DNS name server Step Specify the IP address of the DNS server. Command vyatta@R1# set system name-server 12.34.56.100 [edit] Configuring Dynamic DNS Figure 4-1 shows a typical DDNS scenario. In this scenario: • • • • • • The Vyatta system (R1) is connected to an ISP via eth0. The network domain is company.com. The Vyatta system hostname is r1.company.com. The company’s web server is located behind the Vyatta system. Its hostname is www.company.com. The ISP is providing dynamic IP addresses to its clients through DHCP. The IP address of the Vyatta system’s eth0 interface changes over time due to the dynamic assignment by the ISP. IP Services Rel VC5 v. 03 Vyatta Slide 115: Chapter 4: DNS DNS Configuration 98 • The company’s web server is behind a Network Address Translation (NAT) device on the Vyatta system, so its IP address (as viewed from the Internet) changes when the ISP assigns a new address to the eth0 interface. Because the web server’s address changes, responses to DNS queries for www.company.com must also change to the new IP address. DDNS resolves this problem. • DDNS allows the Vyatta system (R1) to update the DNS system with the new IP address information for any local hostnames (for example, r1.company.com, and www.company.com) whenever the IP address on eth0 changes. The set-up process is as follows: 1 Sign up for DDNS service from one of the supported service providers: DNS Park: www.dnspark.com DSL Reports: www.dslreports.com DynDNS: www.dyndns.com easyDNS: www.easydns.com namecheap: www.namecheap.com SiteSolutions: www.sitelutions.com zoneedit: www.zoneedit.com. Instructions for sign-up are available at the individual providers. 2 Configure the Vyatta system (R1 in the example) with service provider information such as the service name, a login ID, and a password so that it knows how to log in and send updates to the DDNS service provider. Configure the Vyatta system with the hostnames that must be updated in the DNS system when the IP address on eth0 changes. Depending on the service provider, hostnames may or may not need to include 3 NOTE the domain name (e.g. “www” versus “www.company.com”). IP Services Rel VC5 v. 03 Vyatta Slide 116: Chapter 4: DNS DNS Configuration 99 Figure 4-1 Dynamic DNS DDNS update Dynamic DNS Service Provider R1 INTERNET r1.company.com eth1 eth0 DHCP from ISP company.com domain www.company.com Company web server Example 4-2 sets up DDNS for DDNS service provider DynDNS. This example assumes that you have already signed up with DynDNS). To configure the Vyatta system in this way, perform the following steps in configuration mode. Example 4-2 Setting up dynamic DNS Step Set the service provider. Command vyatta@R1# set service dns dynamic interface eth0 service dyndns [edit] vyatta@R1# set service dns dynamic interface eth0 service dyndns login vtest [edit] vyatta@R1# set service dns dynamic interface eth0 service dyndns password testpwd [edit] vyatta@R1# set service dns dynamic interface eth0 service dyndns host-name r1.company.com [edit] Set the DDNS service provider login id (e.g. vtest). Set the DDNS service provider password (e.g. testpwd). Specify r1 as a hostname whose DNS entry needs to be updated when the IP address on eth0 changes. IP Services Rel VC5 v. 03 Vyatta Slide 117: Chapter 4: DNS DNS Configuration 100 Example 4-2 Setting up dynamic DNS Specify www as a hostname whose DNS entry needs to be updated when the IP address on eth0 changes. Commit the change vyatta@R1# set service dns dynamic interface eth0 service dyndns host-name www.company.com [edit] vyatta@R1# commit OK [edit] vyatta@R1# show service dns dynamic interface eth0 { service dyndns { host-name r1.company.com host-name www.company.com login vtest password testpwd } } [edit] Show the dynamic DNS configuration. At this point, whenever the IP address on eth0 changes, the Vyatta system automatically logs onto the DynDNS service using login ID vtest and password testpwd. It sends an update for hostnames r1.company.com and www.company.com specifying the new IP address required to reach those hosts on the company.com domain. External users that query DNS for r1.company.com or www.company.com will subsequently be answered with the new address from the DNS system. Configuring DNS Forwarding There are two main steps to configuring the Vyatta system for DNS forwarding: 1 2 Specifying the DNS name servers to forward to Specifying the interfaces on which to listen for DNS requests Specifying DNS Name Servers There are three places for which name server locations can be obtained: • • • From the system name server list, defined using the set system name-server command. By DHCP. By listing additional name servers using the set service dns forwarding dhcp command IP Services Rel VC5 v. 03 Vyatta Slide 118: Chapter 4: DNS DNS Configuration 101 By default, the Vyatta system forwards DNS requests to name servers on the system name server list plus name servers obtained through DHCP. You can override the default behavior by specifying any or all of the following: • • • Specifically use system-defined name servers. To do this, use the set service dns forwarding system command. Specifically use name servers received for the interface that is using DHCP client to get an IP. To do this use the set service dns forwarding dhcp command. List additional name servers using the set service dns forwarding name-server command. These three options can be used in any combination; however, using any of them eliminates the default DNS forwarding behavior. When DNS forwarding starts or restarts, it broadcasts a message to all the name servers in the pool and selects the first name server to answer. This name server is used unless it becomes unreachable, in which case the system sends another broadcast message to the remaining name servers in the pool. Specifying the Listening Interfaces The listening interfaces are the interfaces to which internal clients will forward DNS reqests. The DNS forwarding service listens for these requests and forwards them to the name server. To set the listening interface, use the set service dns forwarding listen-on command. You can specify more than one interface by issuing this command multiple times. DNS Forwarding Scenario Once these steps are complete DNS forwarding is set up. At this point, the Vyatta DHCP server can be used to distribute the DNS forwarding interface address to DHCP clients. (For information about setting up a DHCP server on the Vyatta system, see “Chapter 3: DHCP.” Figure 4-3 shows a typical scenario where DNS forwarding would be deployed. In this scenario: • • • • The ISP is providing dynamic IP addresses to its customers, including a Vyatta system (R1) via DHCP. The Vyatta system (R1) is providing DHCP service to clients on its local network. Local clients send DNS requests to the Vyatta device. The DNS forwarding service on the Vyatta device forwards the requests to the ISP’s DNS server. IP Services Rel VC5 v. 03 Vyatta Slide 119: Chapter 4: DNS DNS Configuration 102 Figure 4-2 Scenario using DNS forwarding Forwarded request DNS request R1 192.168.1.254 eth1 eth0 DNS Server 1.2.3.4 INTERNET Client PC DHCP from R1 DNS Server = 192.168.1.254 DHCP from ISP DNS Server = 1.2.3.4 Example 4-3 sets up the key parts of the Vyatta system for the scenario above. To configure the Vyatta system in this way, perform the following steps in configuration mode. Example 4-3 Setting up DNS forwarding Step Set IP address/prefix on eth1 Command vyatta@R1# set interfaces ethernet eth1 address 192.168.1.254/24 [edit] vyatta@R1# set interfaces ethernet eth0 address dhcp [edit] vyatta@R1# set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.199 [edit] Set eth0 as a DHCP client Set up the DHCP Server on R1 by creating the configuration node for ETH1_POOL on subnet 192.168.1.0/24. Specify the start and stop IP addresses for the pool. Specify the default router for ETH1_POOL. vyatta@R1# set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 default-router 192.168.1.254 [edit] vyatta@R1# set service dns forwarding dhcp eth0 [edit] Create a DNS server list using DNS server information provided by the ISP’s DHCP Server (on eth0). IP Services Rel VC5 v. 03 Vyatta Slide 120: Chapter 4: DNS DNS Configuration 103 Example 4-3 Setting up DNS forwarding Listen for DNS requests on eth1 vyatta@R1# set service dns forwarding listen-on eth1 [edit] vyatta@R1# set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 192.168.1.254 [edit] vyatta@R1# commit [edit] vyatta@R1# show service dns forwarding { dhcp eth0 listen-on eth1 } [edit] Specify a DNS server for ETH1_POOL (in this case it will act as a DNS Forwarder). Commit the change Show the DNS-related configuration. Statically Configured Entries and DNS Forwarding Due to difficulties interworking with network address translation (NAT) on the corporate gateway, it is sometimes difficult to obtain correct IP addresses for hosts on the corporate network. To work around this problem, you can create static entries on a local Vyatta system using the system static-host-mapping command. Any entries configured in this way are compared with incoming DNS queries prior to the query being passed to DNS forwarding. If a match is found, the corresponding IP address is returned. Example 4-4 sets up the system to return an IP address of 12.34.56.78 if it receives a DNS query for either “vyatta.com” or “vdut1” Example 4-4 Setting up static entries Step Create the static host mapping configuration node. Command vyatta@R1# set system static-host-mapping host-name vyatta.com [edit] vyatta@R1# set system static-host-mapping host-name vyatta.com alias vdut1 [edit] vyatta@R1# set system static-host-mapping host-name vyatta.com inet 12.34.56.78 [edit] Provide an alias host name (this is optional). Specify the IP address to be returned in response to the DNS query. IP Services Rel VC5 v. 03 Vyatta Slide 121: Chapter 4: DNS DNS Configuration 104 Example 4-4 Setting up static entries Commit the change vyatta@R1# commit [edit] vyatta@R1# show system static-host-mapping host-name vyatta.com{ alias vdut1 inet 12.34.56.78 } [edit] Show the static host mapping configuration. IP Services Rel VC5 v. 03 Vyatta Slide 122: Chapter 4: DNS DNS Commands 105 DNS Commands This chapter contains the following commands Configuration Commands Dynamic DNS Configuration Commands service dns dynamic interface <interface> service dns dynamic interface <interface> service <service> service dns dynamic interface <interface> service <service> host-name <hostname> service dns dynamic interface <interface> service <service> login <service-login> service dns dynamic interface <interface> service <service> password <service-password> DNS Forwarding Configuration Commands service dns forwarding cache-size <size> Specifies the size of the DNS forwarding service cache. Specifies an interface on which DHCP updates to name server information will be received. Specifies an interface on which to listen for DNS requests. Specifies a name server to forward DNS requests to. Specifies DNS forwarding to system configured name servers. Enables support for DDNS on an interface. Specifies a DDNS service provider. Specifies the host name to update the DNS record for with DDNS service provider. Specifies the login ID to use to log on to a DDNS service provider. Specifies the password to use to log on to a DDNS service provider. Description service dns forwarding dhcp <interface> service dns forwarding listen-on <interface> service dns forwarding name-server <ipv4> service dns forwarding system Operational Commands clear dns forwarding all Description Clears all counters related to DNS forwarding and clears the DNS forwarding cache. Removes all entries in the DNS forwarding cache. Displays update status for all hosts configured for dynamic DNS updates. Displays name servers being used for DNS forwarding. Displays counters related to DNS forwarding. clear dns forwarding cache show dns dynamic status show dns forwarding nameservers show dns forwarding statistics IP Services Rel VC5 v. 03 Vyatta Slide 123: Chapter 4: DNS DNS Commands 106 update dns dynamic interface <interface> Sends a forced update to a DDNS service provider on the specified interface. IP Services Rel VC5 v. 03 Vyatta Slide 124: Chapter 4: DNS DNS Commands 107 clear dns forwarding all Clears all counters related to DNS forwarding and clears the DNS forwarding cache. Syntax clear dns forwarding all Command Mode Operational mode. Parameters None. Default None. Usage Guidelines Use this command to clear all counters related to DNS forwarding. All entries in the DNS forwarding cache are also removed. IP Services Rel VC5 v. 03 Vyatta Slide 125: Chapter 4: DNS DNS Commands 108 clear dns forwarding cache Removes all entries in the DNS forwarding cache. Syntax clear dns forwarding cache Command Mode Operational mode. Parameters None. Default None. Usage Guidelines Use this command to remove all entries in the DNS forwarding cache. IP Services Rel VC5 v. 03 Vyatta Slide 126: Chapter 4: DNS DNS Commands 109 service dns dynamic interface <interface> Enables support for DDNS on an interface. Syntax set service dns dynamic interface interface delete service dns dynamic interface interface show service dns dynamic interface interface Command Mode Configuration mode. Configuration Statement service { dns { dynamic { interface text { } } } } Parameters interface Multi-node. The interface to support DDNS. You can have more than one interface supporting DDNS, by creating multiple interface configuration nodes. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 127: Chapter 4: DNS DNS Commands 110 Usage Guidelines Use this command to specify which interfaces will support dynamic DNS (DDNS). Use the set form of this command to enable DDNS on an interface. Use the delete form of this command to disable DDNS on an interface and remove all its dynamic DNS configuration. Use the show form of this command to view DDNS configuration. IP Services Rel VC5 v. 03 Vyatta Slide 128: Chapter 4: DNS DNS Commands 111 service dns dynamic interface <interface> service <service> Specifies a DDNS service provider. Syntax set service dns dynamic interface interface service service delete service dns dynamic interface interface service service show service dns dynamic interface interface service service Command Mode Configuration mode. Configuration Statement service { dns { dynamic { interface text { service text {} } } } } Parameters interface service Multi-node. The interface supporting DDNS. Multi-node. The name of a DDNS service provider. Supported values are as follows: dnspark, dslreports, dyndns, easydns, namecheap, sitelutions, and zoneedit. You can specify more than one DDNS provider per interface by creating multiple service configuration nodes. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 129: Chapter 4: DNS DNS Commands 112 Usage Guidelines Use this command to specify the organizations providing the dynamic DNS (DDNS) service to the Vyatta system. Use the set form of this command to specify the DDNS service provider. Use the delete form of this command to remove a DDNS service provider from the configuration. Use the show form of this command to view the DDNS service provider information. IP Services Rel VC5 v. 03 Vyatta Slide 130: Chapter 4: DNS DNS Commands 113 service dns dynamic interface <interface> service <service> host-name <hostname> Specifies the host name to update the DNS record for with DDNS service provider. Syntax set service dns dynamic interface interface service service host-name hostname delete service dns dynamic interface interface service service host-name hostname show service dns dynamic interface interface service service host-name Command Mode Configuration mode. Configuration Statement service { dns { dynamic { interface text { service text { host-name text } } } } } Parameters interface service Multi-node. The interface supporting DDNS. Multi-node. The name of a DDNS service provider. Supported values are as follows: dnspark, dslreports, dyndns, easydns, namecheap, sitelutions, and zoneedit. The host name to update DNS record for at the Dynamic DNS provider. hostname IP Services Rel VC5 v. 03 Vyatta Slide 131: Chapter 4: DNS DNS Commands 114 Default None. Usage Guidelines Use this command to specify the host name to update DNS record for at the Dynamic DNS provider. Use the set form of this command to specify the host name. Use the delete form of this command to remove the host name from the configuration. Use the show form of this command to view host name configuration. IP Services Rel VC5 v. 03 Vyatta Slide 132: Chapter 4: DNS DNS Commands 115 service dns dynamic interface <interface> service <service> login <service-login> Specifies the login ID to use to log on to a DDNS service provider. Syntax set service dns dynamic interface interface service service login service-login delete service dns dynamic interface interface service service login show service dns dynamic interface interface service service login Command Mode Configuration mode. Configuration Statement service { dns { dynamic { interface text { service text { login text } } } } } Parameters interface service Multi-node. The interface supporting DDNS. Multi-node. The name of a DDNS service provider. Supported values are as follows: dnspark, dslreports, dyndns, easydns, namecheap, sitelutions, and zoneedit. The login ID for the system to use when logging on to the DDNS service provider’s system. login IP Services Rel VC5 v. 03 Vyatta Slide 133: Chapter 4: DNS DNS Commands 116 Default None. Usage Guidelines Use this command to specify the login ID the system should use when it logs on to the system of a dynamic DNS (DDNS) service provider. Use the set form of this command to specify the login ID for a DDNS service provider. Use the delete form of this command to remove the login ID for a DDNS service provider. Use the show form of this command to view DDNS service provider login ID configuration. IP Services Rel VC5 v. 03 Vyatta Slide 134: Chapter 4: DNS DNS Commands 117 service dns dynamic interface <interface> service <service> password <service-password> Specifies the password to use to log on to a DDNS service provider. Syntax set service dns dynamic interface interface service service password service-password delete service dns dynamic interface interface service service password show service dns dynamic interface interface service service password Command Mode Configuration mode. Configuration Statement service { dns { dynamic { interface text { service text { password text } } } } } Parameters interface service Multi-node. The interface supporting DDNS. Multi-node. The name of a DDNS service provider. Supported values are as follows: dnspark, dslreports, dyndns, easydns, namecheap, sitelutions, and zoneedit. The password for the system to use when logging on to the DDNS service provider’s system. password IP Services Rel VC5 v. 03 Vyatta Slide 135: Chapter 4: DNS DNS Commands 118 Default None. Usage Guidelines Use this command to specify the password the system should use when it logs on to the system of a dynamic DNS (DDNS) service provider. Use the set form of this command to specify the password for a DDNS service provider. Use the delete form of this command to remove the password for a DDNS service provider. Use the show form of this command to view DDNS service provider password configuration. IP Services Rel VC5 v. 03 Vyatta Slide 136: Chapter 4: DNS DNS Commands 119 service dns forwarding cache-size <size> Specifies the size of the DNS forwarding service cache. Syntax set service dns forwarding cache-size size delete service dns forwarding cache-size show service dns forwarding cache-size Command Mode Configuration mode. Configuration Statement service { dns { forwarding { cache-size u32 } } } Parameters size Optional. The maximum number of DNS entries to be held in the DNS forwarding cache. The range is 0 to 10000, where 0 means an unlimited number of entries are stored. The default is 150. Default A maximum of 150 DNS entries are stored in the DNS forwarding cache. IP Services Rel VC5 v. 03 Vyatta Slide 137: Chapter 4: DNS DNS Commands 120 Usage Guidelines Use this command to specify the DNS forwarding service cache size. Use the set form of this command to set the DNS forwarding service cache size. Use the delete form of this command to restore the DNS forwarding service cache size to the default. Use the show form of this command to view DNS forwarding service cache size configuration. IP Services Rel VC5 v. 03 Vyatta Slide 138: Chapter 4: DNS DNS Commands 121 service dns forwarding dhcp <interface> Specifies an interface on which DHCP updates to name server information will be received. Syntax set service dns forwarding dhcp interface delete service dns forwarding dhcp interface show service dns forwarding dhcp interface Command Mode Configuration mode. Configuration Statement service { dns { forwarding { dhcp text } } } Parameters interface Multi-node. An interface that is to receive name server information updates from a DHCP server. Default The system forwards DNS requests to all configured name servers and all name servers specified through DHCP. IP Services Rel VC5 v. 03 Vyatta Slide 139: Chapter 4: DNS DNS Commands 122 Usage Guidelines Use this command to specify an interface that is to act as a DHCP client and receive updates to DNS name server information. The Vyatta system will use this information to forward DNS requests from its local clients to the name server. In order to be configured to listen for updates to name server information, the interface must be configured to obtain its own IP address through DHCP; that is, it must be configured as a DHCP client. For information about configuring the IP address of a physical interface, see the Vyatta Interfaces Reference Guide. By default, the DNS forwarding service creates a pool of name servers to which it forwards DNS requests; this comprises any name servers statically configured for the system (using the system name-server), and those of which it is notified through DHCP. This command is used to override the default behavior: when an interface is specified using this command, the system will attend to DHCP name server information updates arriving on the specified interface. This command can be combined with service dns forwarding name-server <ipv4> and/or service dns forwarding system to provide a larger pool of candidate name servers. Use the set form of this command to specify an interface to be used as the source for DHCP name server updates. Use the delete form of this command to restore the default method of receiving name server updates. Use the show form of this command to view DNS forwarding DHCP update configuration. IP Services Rel VC5 v. 03 Vyatta Slide 140: Chapter 4: DNS DNS Commands 123 service dns forwarding listen-on <interface> Specifies an interface on which to listen for DNS requests. Syntax set service dns forwarding listen-on interface delete service dns forwarding listen-on interface show service dns forwarding listen-on interface Command Mode Configuration mode. Configuration Statement service { dns { forwarding { listen-on text {} } } } Parameters interface Mandatory. Multi-node. The interface on which to listen for client-side DNS requests. You can specify more than one interface to receive client-side DNS requests, by creating multiple listen-on configuration nodes. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 141: Chapter 4: DNS DNS Commands 124 Usage Guidelines Use this command to specify interfaces on which to listen for client DNS requests. Only queries received on interfaces specified with this command will receive DNS answers. At least one interface must be specified for DNS forwarding to operate. Use the set form of this command to specify an interface on which to listen for DNS requests. Use the delete form of this command to stop an interface from listening for DNS requests. Use the show form of this command to view DNS request listening configuration. IP Services Rel VC5 v. 03 Vyatta Slide 142: Chapter 4: DNS DNS Commands 125 service dns forwarding name-server <ipv4> Specifies a name server to forward DNS requests to. Syntax set service dns forwarding name-server ipv4 delete service dns forwarding name-server ipv4 show service dns forwarding name-server ipv4 Command Mode Configuration mode. Configuration Statement service { dns { forwarding { name-server ipv4 } } } Parameters ipv4 Optional. Multi-node. The IPv4 address of a name server to which to forward DNS requests. You can forward DNS requests to more than one name server by creating multiple name-server configuration nodes. Default None. IP Services Rel VC5 v. 03 Vyatta Slide 143: Chapter 4: DNS DNS Commands 126 Usage Guidelines Use this command to specify a name server to which client DNS requests should be forwarded. Use of this command is optional. By default, the DNS forwarding service creates a default pool of name servers comprised of those statically configured specified using the system name-server command plus those of which it was notified using DHCP. This command is used to override the defaults: when this command is issued, the system forwards DNS requests to the specified name server(s). This command can be combined with service dns forwarding dhcp <interface> and/or service dns forwarding system to provide a larger pool of candidate name servers. Use the set form of this command to specify a name server to forward DNS requests to. Use the delete form of this command to remove a name server from the list of name servers to forward DNS requests to. If the last specified server is removed, the default forwarding behavior is restored. Use the show form of this command to see which name servers DNS requests will be forwarded to. IP Services Rel VC5 v. 03 Vyatta Slide 144: Chapter 4: DNS DNS Commands 127 service dns forwarding system Specifies DNS forwarding to system configured name servers. Syntax set service dns forwarding system delete service dns forwarding system show service dns forwarding Command Mode Configuration mode. Configuration Statement service { dns { forwarding { system } } } Parameters None Default None. Usage Guidelines Use this command to direct the system to forward DNS requests to name servers statically configured using the system name-server command. By default, the DNS forwarding service forwards DNS requests to a pool of name servers comprised of the statically configured name servers plus those of which it was notified using DHCP. This command is used to override the defaults: when this command is issued, DNS requests are forwarded to statically configured name servers. This command can be combined with service dns forwarding dhcp <interface> and/or service dns forwarding name-server <ipv4> to provide a larger pool of candidate name servers. IP Services Rel VC5 v. 03 Vyatta Slide 145: Chapter 4: DNS DNS Commands 128 Use the set form of this command to specify the system-set name servers to forward DNS requests to. Use the delete form of this command to restore the default DNS forwarding behavior. Use the show form of this command to view DNS forwarding configuration. IP Services Rel VC5 v. 03 Vyatta Slide 146: Chapter 4: DNS DNS Commands 129 show dns dynamic status Displays update status for all hosts configured for dynamic DNS updates. Syntax show dns dynamic status Command Mode Operational mode. Parameters None Usage Guidelines Use this command to display the update status for all host names configured to be updated by dynamic DNS (DDNS). Examples Example 4-5 shows sample output of show dns dynamic status. Example 4-5 Displaying information for hosts configured for DDNS vyatta@R1> show dns dynamic status show dns dynamic status interface : eth2 ip address : 1.2.3.4 host-name : test1.getmyip.com last update : Thu Sep 11 19:30:43 2008 update-status: good interface : ip address : host-name : last update : update-status: eth2 1.2.3.5 test2.getmyip.com Thu Sep 11 19:30:43 2008 good IP Services Rel VC5 v. 03 Vyatta Slide 147: Chapter 4: DNS DNS Commands 130 interface : ip address : host-name : last update : update-status: vyatta@R1> eth3 1.3.4.5 test4 Thu Sep 11 19:34:16 2008 good IP Services Rel VC5 v. 03 Vyatta Slide 148: Chapter 4: DNS DNS Commands 131 show dns forwarding nameservers Displays name servers being used for DNS forwarding. Syntax show dns forwarding nameservers Command Mode Operational mode. Parameters None Usage Guidelines Use this command to display the name servers that are currently being used for DNS forwarding as well as those that are available but are not being used for DNS forwarding. Examples Example 4-6 shows sample output of show dns forwarding nameservers. Example 4-6 Displaying DNS forwarding name server information vyatta@R1> show dns forwarding nameservers ----------------------------------------------Nameservers configured for DNS forwarding ----------------------------------------------10.0.0.30 available via 'system' ----------------------------------------------Nameservers NOT configured for DNS forwarding ----------------------------------------------10.0.0.31 available via 'dhcp eth3' vyatta@R1> IP Services Rel VC5 v. 03 Vyatta Slide 149: Chapter 4: DNS DNS Commands 132 show dns forwarding statistics Displays counters related to DNS forwarding. Syntax show dns forwarding statistics Command Mode Operational mode. Parameters None Usage Guidelines Use this command to display statistics related to DNS forwarding. The statistics restart each time there is a change in name servers from any source (dhcp, system, or statically configured), a change in static host mapping (using the system static-host-mapping command), or a change made to the DNS forwarding configuration. Examples Example 4-7 shows sample output of show dns forwarding statistics. Example 4-7 Displaying DNS forwarding statistics vyatta@R1> show dns forwarding statistics ---------------Cache statistics ---------------Cache size: 150 Queries forwarded: 5 Queries answered locally: 2 Total DNS entries inserted into cache: 23 DNS entries removed from cache before expiry: 0 --------------------Nameserver statistics --------------------Server: 10.0.0.30 IP Services Rel VC5 v. 03 Vyatta Slide 150: Chapter 4: DNS DNS Commands 133 Queries sent: 5 Queries retried or failed: 0 vyatta@R1> IP Services Rel VC5 v. 03 Vyatta