Virtual Tunnel Interface Commands
clear interfaces vti counters
Clears statistics counters for virtual tunnel interfaces.
Clears counters for all virtual tunnel interfaces.
- vtix
- Clears statistics for the specified virtual tunnel interface.
Operational mode
Use this command to clear counters on virtual tunnel interfaces.
interfaces vti <vtix>
Defines a virtual tunnel interface.
- vtix
- Multi-node. The identifier for the virtual tunnel interface you are defining; for example vti0.
You can define multiple virtual tunnel interfaces by creating multiple vti configuration nodes.
Configuration mode
interfaces {
vti vtix {
}
}Use this command to define a virtual tunnel interface.
Use the set form of this command to create a virtual tunnel interface.
Use the delete form of this command to remove a virtual tunnel interface.
Use the show form of this command to view virtual tunnel interface configuration.
interfaces vti <vtix> address <ip-address>
Sets an IP address and network prefix for a virtual tunnel interface.
- vtix
- The identifier of the virtual tunnel interface. The identifiers range from vti0 through vti x, where x is a positive integer.
- ipv4
- Defines an IPv4 address on this interface. The format is ip-address / prefix (for example, 192.168.1.77/24).
You can define multiple IP addresses for a single virtual tunnel interface, by creating multiple address configuration nodes.
- ipv6
- Defines an IPv6 address on this interface. The format is ipv6-address / prefix (for example, 2001:db8::/64).
You can define multiple IPv6 addresses for a single virtual tunnel interface, by creating multiple address configuration nodes.
Configuration mode
interfaces {
vti vtix {
address ipv4
}
}interfaces {
vti vtix {
address ipv6
}
}Use this command to set the IP address and network prefix for a virtual tunnel interface.
Use the set form of this command to set the IP address and network prefix. You can set more than one IP address for the interface by creating multiple address configuration nodes.
Use the delete form of this command to remove IP address configuration.
Use the show form of this command to view IP address configuration.
interfaces vti <vtix> description <description>
Specifies a description for a virtual tunnel interface.
- vtix
- The identifier of the virtual tunnel interface. The identifiers range from vti0 through vti x, where x is a positive integer.
- description
- A mnemonic name or description for the virtual tunnel interface.
Configuration mode
interfaces {
vti vtix {
description description
}
}Use this command to set a description for a virtual tunnel interface.
Use the set form of this command to specify the description.
Use the delete form of this command to remove the description.
Use the show form of this command to view description configuration.
interfaces vti <vtix> disable
Disables a virtual tunnel interface without discarding configuration.
- vtix
- The identifier of the virtual tunnel interface. The identifier ranges from vti0 through vti x, where x is a positive integer.
Configuration mode
interfaces {
vti vtix {
disable
}
}Use this command to disable a virtual tunnel interface without discarding configuration.
Use the set form of this command to disable the interface.
Use the delete form of this command to enable the interface.
Use the show form of this command to view virtual tunnel interface configuration.
interfaces vti <vtix> firewall <state>
Applies a firewall instance, or rule set, to an interface.
- interface
- A type of interface. For detailed keywords and arguments, refer to Supported Interface Types.
- in firewall-name
- Applies a firewall rule set to inbound traffic on the specified interface.
- l2
- Applies a firewall rule set to bridge traffic.
- out firewall-name
- Applies a firewall rule set to outbound traffic on the specified interface.
Configuration mode
interfaces interface {
vto vtix firewall {
in firewall-name
l2 name
out firewall-name
}
}Use this command to apply an IPv6 firewall instance, or rule set, to an interface.
A firewall has no effect on traffic traversing the system or destined to the system until a firewall rule set has been applied to an interface or a virtual interface by using this command.
To use the firewall feature, you must define a firewall rule set as a named firewall instance by using the security firewall name command. You then apply the firewall instance to interfaces, virtual interfaces, or both by using this command. After the instance is applied, the instance acts as a packet filter.
The firewall instance filters packets in one of the following ways, depending on what you specify when you apply it.
- in—If you apply the rule set as in, the firewall filters packets entering the interface.
- out—If you apply the rule set as out, the firewall filters packets leaving the interface.
For each interface, you can apply up to three firewall instances: one firewall in instance, one firewall out instance, and one firewall local instance.
Make sure the firewall instance you apply to an interface is already defined, or you may experience unintended results. If you apply a firewall instance that does not exist to an interface, the implicit firewall rule of allow all is applied.
Use the set form of this command to apply an IPv6 firewall instance, or rule set, to an interface.
Use the delete form of this command to delete an IPv6 firewall instance, or rule set, from an interface.
Use the show form of this command to display the configuration of an IPv6 firewall instance, or rule set, for an interface.
interfaces vti <vtix> mtu <mtu>
Sets the MTU for a virtual tunnel interface.
If this value is not set, the default MTU of 1500 is used.
- vtix
- The identifier of the virtual tunnel interface. The identifiers range from vti0 through vti x, where x is a positive integer.
- mtu
- Sets the MTU, in octets, for the interface. The numbers range from 68 through 9000.
Configuration mode
interfaces {
vti vtix {
mtu mtu
}
}Use this command to set the maximum transmission unit (MTU) for an virtual tunnel interface.
During forwarding, IPv4 packets larger than the MTU are fragmented unless the “Don't Fragment” (DF) bit is set in the IP header. In that case, the packets are dropped and an ICMP “fragmentation needed” message is returned to the sender.
Use the set form of this command to specify the MTU.
Use the delete form of this command to remove MTU value and restore the default behavior.
Use the show form of this command to view MTU configuration.
monitor interfaces vti <vtix> traffic
Displays (captures) traffic on a virtual tunnel interface.
- vtix
- The identifier of an virtual tunnel interface. The identifiers range from vti0 through vtix, where x is a non-negative integer.
- detail
- Provides detailed information about the monitored VRRP traffic.
- filter-name
- Applies the specific PCAP (packet capture) filter to traffic.
- unlimited
- Monitors an unlimited amount of traffic.
- filename
- Saves the monitored traffic to the specified file.
Operational mode
Use this command to capture traffic on a virtual tunnel interface. Type <Ctrl>+c to stop the output.
The following example shows captured data on interface vti0.
vyatta@vyatta:~$ monitor interfaces vti vti0 traffic
Capturing traffic on vti0 ...
4.568357 192.168.1.254 -> 238.255.255.251 SSDP NOTIFY * HTTP/1.1
4.568372 192.168.1.254 -> 238.255.255.251 SSDP NOTIFY * HTTP/1.1
...show interfaces vti
Displays information and statistics about Virtual Tunnel interfaces.
Information is displayed for all Virtual Tunnel interfaces.
- vtix
- Displays information for the specified Virtual Tunnel interface. The identifiers range from vti0 through vtix, where x is a positive integer.
Operational mode
Use this command to view operational status of Virtual Tunnel interfaces.
The following example shows information for all Virtual Tunnel interfaces.
vyatta@vyatta:~$ show interfaces vti
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
vti2 100.0.0.1/24 u/uThe following example shows information for interface vti2.
vyatta@vyatta:~$ show interfaces vti vti2
vti2: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ipip 12.0.0.1 peer 12.0.0.2
inet 100.0.0.1/24 scope global vti2
RX: bytes packets errors dropped overrun mcast
84 1 0 0 0 0
TX: bytes packets errors dropped carrier collisions
84 1 0 0 0 0show interfaces vti detail
Displays detailed information about Virtual Tunnel interfaces.
Operational mode
Use this command to view detailed statistics and configuration information about Virtual Tunnel interfaces.
The following example shows the first screen of output for show interfaces vti detail.
vyatta@vyatta:~$ show interfaces vti detail
vti2: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ipip 12.0.0.1 peer 12.0.0.2
inet 100.0.0.1/24 scope global vti2
RX: bytes packets errors dropped overrun mcast
84 1 0 0 0 0
TX: bytes packets errors dropped carrier collisions
84 1 0 0 0 0show interfaces vti <vtix> brief
Displays a brief status for an Virtual Tunnel interface.
- vtix
- The identifier of an Virtual Tunnel interface. The identifiers range from vti0 through vtix, where x is a positive integer.
Operational mode
Use this command to view the status of a virtual tunnel interface.
The following example shows brief status for interface vti2.
vyatta@vyatta:~$ show interfaces vti vti2 brief
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
vti2 100.0.0.1/24 u/u