Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections

VRF support

VRF support for RADIUS authentication

An overview of VRF support for RADIUS authentication and configuration examples.

RADIUS must run on a single routing instance. If you configure a RADIUS server without specifying the routing instance, the RADIUS server starts in the default routing instance. If you specify a nondefault routing instance, you must verify that all servers configured for AAA with the RADIUS server are accessible by way of the same routing instance.

The following examples show excerpts of RADIUS configurations that use these values:
  • routing instance = BLUE
  • radius-server-address = 42.42.42.42
  • secret-code = secured
  • port-no = 1820
  • timeout = 2
The following example shows how to configure RADIUS for the default routing instance.
vyatta@R1# set system login radius-server 42.42.42.42
vyatta@R1# set system login radius-server 42.42.42.42 secret secured
vyatta@R1# set system login radius-server 42.42.42.42 port 1820
vyatta@R1# set system login radius-server 42.42.42.42 timeout 2
vyatta@R1# commit
vyatta@R1# run show configuration 
system {
        login {
                radius-server 42.42.42.42 {
                        secret secured
                        port 1820
                        timeout 2
                }
        }
}

The following example shows the same configuration sequence for the BLUE routing instance.

vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 secret secured
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 port 1820
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 timeout 2
vyatta@R1# commit
vyatta@R1# run show configuration 
vyatta@R1# routing {
        routing-instance BLUE {
                system {
                        login {
                                radius-server 42.42.42.42 {
                                        secret secured
                                        port 1820
                                        timeout 2
                                }
                        }
                }
        }
}

For more information about RADIUS and configuring RADIUS, see Ciena Vyatta Network OS Basic System Configuration Guide.

VRF support for file transfer client connections

The vRouter uses FTP that contains several commands. If the network configuration supports VRF, the syntax for each command includes optional VRF parameters. The optional VRF parameters specify the non-default VRF that is used when running the command.

FTPs used in commands that support non-default VRFs must access servers on non-default VRFs. Therefore, commands that support non-default VRF also must also be aware of the VRF parameter that is used in the configuration.

For example, a customer may have vRouter images stored on a server in the non-default VRF; so, the add system image command must be able to download from that server. The add system image command sytax consists of the routing instance parameter that specifies the non-default VRF that is used. The command follows:

vyatta@R1# add system image { iso-filename | [routing-instance <ri-name>] iso-URL [ username username password password ] }
An example of a routing instance follows:
vyatta@R1# add system image routing-instance red http://1.2.3.4/images/vrouter.iso

Command support for VRF routing instances

Use the guidelines in this section to determine correct syntax when adding VRF routing instances to commands. For more information about VRF, refer to . This guide includes an overview of VRF, VRF configuration examples, information about VRF-specific features, and a list of commands that support VRF routing instances.

Adding a VRF routing instance to a Configuration mode command

For most Configuration mode commands, specify the VRF routing instance at the beginning of a command. Add the appropriate VRF keywords and variable to follow the initial action (set, show, or delete) and before the other keywords and variables in the command.

Configuration mode example: syslog

The following command configures the syslog logging level for the specified syslog host. The command does not include a VRF routing instance, so the command applies to the default routing instance.

vyatta@R1# set system syslog host 10.10.10.1 facility all level debug
vyatta@R1# show system syslog
syslog {
    host 10.10.10.1 {
            facility all {
                    level debug
            }
    }
}

The following example shows the same command with the VRF routing instance (GREEN) added. Notice that routing routing-instance GREEN has been inserted between the basic action (set in the example) and the rest of the command. Most Configuration mode commands follow this convention.

vyatta@R1# set routing routing-instance GREEN system syslog host 10.10.10.1 facility all level debug
vyatta@R1# show routing 
routing {
     routing-instance GREEN {
             system {
                     syslog {
                            host 11.12.13.2:514 {
                                     facility all {
                                             level debug
                                     }
                             }
                     }
             }
     }
}

Configuration mode example: SNMP

Some features, such as SNMP, are not available on a per-routing instance basis but can be bound to a specific routing instance. For these features, the command syntax is an exception to the convention of specifying the routing instance at the beginning of Configuration mode commands.

The following example shows how to configure the SNMPv1 or SNMPv2c community and context for the RED and BLUE routing instances. The first two commands specify the RED routing instance as the context for community A and BLUE routing instance as the context for community B. The subsequent commands complete the configuration.

For more information about configuring SNMP, refer to Ciena Vyatta Network OS Remote Management Configuration Guide.

vyatta@R1# set service snmp community commA context RED
vyatta@R1# set service snmp community commB context BLUE
vyatta@R1# set service snmp view all oid 1
vyatta@R1# set service snmp community commA view all
vyatta@R1# set service snmp community commB view all
vyatta@R1# show service snmp community 
 community commA {
        context RED
        view all
 }
 community commB {
        context BLUE
        view all
 }
[edit]
vyatta@vyatta#

Adding a VRF routing instance to an Operational mode command

The syntax for adding a VRF routing instance to an Operational mode command varies according to the type of command parameters:

  • If the command does not have optional parameters, specify the routing instance at the end of the command.
  • If the command has optional parameters, specify the routing instance after the required parameters and before the optional parameters.

Operational mode examples without optional parameters

The following command displays dynamic DNS information for the default routing instance.

vyatta@vyatta:~$ show dns dynamic status

The following command displays the same information for the specified routing instance (GREEN). The command does not have any optional parameters, so the routing instance is specified at the end of the command.

vyatta@vyatta:~$ show dns dynamic status routing-instance GREEN

Operational mode example with optional parameters

The following command obtains multicast path information for the specified host (10.33.2.5). A routing instance is not specified, so the command applies to the default routing instance.

vyatta@vyatta:~$ mtrace 10.33.2.5 detail

The following command obtains multicast path information for the specified host (10.33.2.5) and routing instance (GREEN). Notice that the routing instance is specified before the optional detail keyword.

vyatta@vyatta:~$ mtrace 10.33.2.5 routing-instance GREEN detail

Operational mode example output: SNMP

The following SNMP show commands display output for routing instances.

vyatta@vyatta:~$ show snmp routing-instance 
Routing Instance SNMP Agent is Listening on for Incoming Requests:
Routing-Instance            RDID
-----------------           ----
RED                         5

vyatta@vyatta:~$ show snmp community-mapping
SNMPv1/v2c Community/Context Mapping:
Community                   Context
---------                   -------
commA                       'RED'
commB                       'BLUE'
deva                        'default'


vyatta@vyatta:~$ show snmp trap-target 
SNMPv1/v2c Trap-targets:
Trap-target                   Port   Routing-Instance Community
-----------                   ----   ---------------- ---------
1.1.1.1                              'RED'           'test'


vyatta@vyatta:~$ show snmp v3 trap-target
SNMPv3 Trap-targets:
Trap-target                   Port   Protocol Auth Priv Type   EngineID              Routing-Instance User
-----------                   ----   -------- ---- ---- ----   --------              ---------------- ----
2.2.2.2                       '162'  'udp'    'md5      'infor                       'BLUE'           'test'