PCLI

Owned by Jean-luc KRIKER
Last updated: Dec 20, 2020
15 min read


show config

show config ?

show config running / candidate

show config running Authority . . . 

show config running verbose 


validate

commit


show config running flat

show config running flat
admin@node1.nycconductor1# show config running flat 


config authority name          CompanyX



config authority router nycconductor1 name  nycconductor1

config authority router nycconductor1 node node1 name  node1

config authority tenant _internal_ name         _internal_
config authority tenant _internal_ description  "Auto generated tenant for internal services"
config authority tenant _internal_ generated    true

config authority service webserver name     webserver
config authority service webserver scope    public
config authority service webserver address  172.16.128.2/32
verbose

show config running verbose flat

verbose 
admin@node1.nycconductor1# show config running verbose flat 
^[[47;1R

config authority name                           CompanyX
config authority rekey-interval                 never
config authority dynamic-hostname               interface-{interface-id}.{router-name}.{authority-name}

config authority remote-login enabled  true
config authority auto-install                   true

config authority router nycconductor1 name                                nycconductor1
config authority router nycconductor1 inter-node-security                 internal
config authority router nycconductor1 reverse-flow-enforcement            none

config authority router nycconductor1 bfd state                     enabled
config authority router nycconductor1 bfd desired-tx-interval       1000
config authority router nycconductor1 bfd required-min-rx-interval  500
config authority router nycconductor1 bfd authentication-type       sha256
config authority router nycconductor1 bfd multiplier                3
config authority router nycconductor1 bfd link-test-interval        10
config authority router nycconductor1 bfd link-test-length          10
config authority router nycconductor1 bfd dscp                      0

config authority router nycconductor1 udp-transform mode                    auto-detect
config authority router nycconductor1 udp-transform detect-interval         300
config authority router nycconductor1 udp-transform nat-keep-alive-mode     disabled
config authority router nycconductor1 udp-transform nat-keep-alive-timeout  30

config authority router nycconductor1 path-mtu-discovery enabled   false
config authority router nycconductor1 path-mtu-discovery interval  600

config authority router nycconductor1 entitlement id             trial
config authority router nycconductor1 entitlement max-bandwidth  0
config authority router nycconductor1 dhcp-server-generated-address-pool  169.254.130.0/24

config authority router nycconductor1 system log-level         info
config authority router nycconductor1 system inactivity-timer  900

config authority router nycconductor1 system syslog severity  info
config authority router nycconductor1 system syslog facility  local0

config authority router nycconductor1 system metrics sample-period  5


config authority router nycconductor1 system audit traffic enabled  false

config authority router nycconductor1 system audit administration enabled  true

config authority router nycconductor1 system audit system enabled  true


config authority router nycconductor1 system software-update repository source-type  internet-only
config authority router nycconductor1 system software-update max-bandwidth  unlimited

config authority router nycconductor1 system remote-login enabled  use-authority-setting


config authority router nycconductor1 system local-login netconf session-limit         4
config authority router nycconductor1 system local-login netconf session-limit-action  issue-warning


config authority router nycconductor1 system services snmp-server enabled  false
config authority router nycconductor1 system services snmp-server version  v2c
config authority router nycconductor1 system services snmp-server port     161

config authority router nycconductor1 system services webserver enabled  true
config authority router nycconductor1 system services webserver port     443

config authority router nycconductor1 node node1 name                        node1
config authority router nycconductor1 node node1 enabled                     true
config authority router nycconductor1 node node1 role                        conductor
config authority router nycconductor1 node node1 asset-validation-enabled    true
config authority router nycconductor1 node node1 usage-reporter-enabled      true
config authority router nycconductor1 node node1 forwarding-core-mode        automatic
config authority router nycconductor1 node node1 power-saver                 false
config authority router nycconductor1 node node1 clean-before-install        true
config authority router nycconductor1 node node1 clean-after-failed-install  true


config authority router nycconductor1 node node1 ssh-keepalive inter-node interval      1
config authority router nycconductor1 node node1 ssh-keepalive inter-node max-attempts  9

config authority router nycconductor1 node node1 ssh-keepalive inter-router interval      5
config authority router nycconductor1 node node1 ssh-keepalive inter-router max-attempts  4

config authority router nycconductor1 node node1 ssh-keepalive inter-node-server interval      1
config authority router nycconductor1 node node1 ssh-keepalive inter-node-server max-attempts  9

config authority router nycconductor1 node node1 ssh-keepalive inter-conductor-router-server interval      5
config authority router nycconductor1 node node1 ssh-keepalive inter-conductor-router-server max-attempts  4

config authority router nycconductor1 node node1 reachability-detection arp-refresh-interval      1200
config authority router nycconductor1 node node1 reachability-detection gateway-refresh-interval  5
config authority router nycconductor1 node node1 reachability-detection expired-refresh-interval  500
config authority router nycconductor1 node node1 reachability-detection expired-refresh-count     10

config authority router nycconductor1 management-service-generation service-route-type  paths-as-next-hop
config authority router nycconductor1 management-service-generation proxy               false

config authority tenant _internal_ name         _internal_
config authority tenant _internal_ description  "Auto generated tenant for internal services"
config authority tenant _internal_ generated    true

config authority security internal name                 internal
config authority security internal description          "inter-node security"
config authority security internal hmac-cipher          sha256-128
config authority security internal hmac-key             (removed)
config authority security internal encryption-cipher    aes-cbc-256
config authority security internal encryption-key       (removed)
config authority security internal encryption-iv        (removed)
config authority security internal encrypt              true
config authority security internal hmac-mode            time-based
config authority security internal adaptive-encryption  true

config authority management-service-generation service-route-type  paths-as-next-hop

config authority service webserver name                  webserver
config authority service webserver enabled               true
config authority service webserver scope                 public
config authority service webserver tap-multiplexing      false
config authority service webserver address               172.16.128.2/32
config authority service webserver share-service-routes  true
config authority service webserver source-nat            network-interface
config authority service webserver application-type      generic
config authority service webserver fqdn-resolution-type  v4

config authority service-class Standard name            Standard
config authority service-class Standard dscp            0
config authority service-class Standard traffic-class   low
config authority service-class Standard rate-limit      false
config authority service-class Standard max-flow-rate   0
config authority service-class Standard max-flow-burst  0

config authority service-class NetworkControl name            NetworkControl
config authority service-class NetworkControl dscp            48
config authority service-class NetworkControl traffic-class   medium
config authority service-class NetworkControl rate-limit      false
config authority service-class NetworkControl max-flow-rate   0
config authority service-class NetworkControl max-flow-burst  0

config authority service-class Telephony name            Telephony
config authority service-class Telephony dscp            46
config authority service-class Telephony traffic-class   high
config authority service-class Telephony rate-limit      false
config authority service-class Telephony max-flow-rate   0
config authority service-class Telephony max-flow-burst  0

config authority service-class Signalling name            Signalling
config authority service-class Signalling dscp            40
config authority service-class Signalling traffic-class   medium
config authority service-class Signalling rate-limit      false
config authority service-class Signalling max-flow-rate   0
config authority service-class Signalling max-flow-burst  0

config authority service-class MultimediaConferencing name            MultimediaConferencing
config authority service-class MultimediaConferencing dscp            34
config authority service-class MultimediaConferencing traffic-class   medium
config authority service-class MultimediaConferencing rate-limit      false
config authority service-class MultimediaConferencing max-flow-rate   0
config authority service-class MultimediaConferencing max-flow-burst  0

config authority service-class RealTimeInteractive name            RealTimeInteractive
config authority service-class RealTimeInteractive dscp            32
config authority service-class RealTimeInteractive traffic-class   medium
config authority service-class RealTimeInteractive rate-limit      false
config authority service-class RealTimeInteractive max-flow-rate   0
config authority service-class RealTimeInteractive max-flow-burst  0

config authority service-class MultimediaStreaming name            MultimediaStreaming
config authority service-class MultimediaStreaming dscp            26
config authority service-class MultimediaStreaming traffic-class   medium
config authority service-class MultimediaStreaming rate-limit      false
config authority service-class MultimediaStreaming max-flow-rate   0
config authority service-class MultimediaStreaming max-flow-burst  0

config authority service-class BroadcastVideo name            BroadcastVideo
config authority service-class BroadcastVideo dscp            24
config authority service-class BroadcastVideo traffic-class   medium
config authority service-class BroadcastVideo rate-limit      false
config authority service-class BroadcastVideo max-flow-rate   0
config authority service-class BroadcastVideo max-flow-burst  0

config authority service-class LowLatencyData name            LowLatencyData
config authority service-class LowLatencyData dscp            18
config authority service-class LowLatencyData traffic-class   medium
config authority service-class LowLatencyData rate-limit      false
config authority service-class LowLatencyData max-flow-rate   0
config authority service-class LowLatencyData max-flow-burst  0

config authority service-class OAM name            OAM
config authority service-class OAM dscp            16
config authority service-class OAM traffic-class   medium
config authority service-class OAM rate-limit      false
config authority service-class OAM max-flow-rate   0
config authority service-class OAM max-flow-burst  0

config authority service-class HighThroughputData name            HighThroughputData
config authority service-class HighThroughputData dscp            10
config authority service-class HighThroughputData traffic-class   best-effort
config authority service-class HighThroughputData rate-limit      false
config authority service-class HighThroughputData max-flow-rate   0
config authority service-class HighThroughputData max-flow-burst  0

config authority service-class LowPriorityData name            LowPriorityData
config authority service-class LowPriorityData dscp            8
config authority service-class LowPriorityData traffic-class   best-effort
config authority service-class LowPriorityData rate-limit      false
config authority service-class LowPriorityData max-flow-rate   0
config authority service-class LowPriorityData max-flow-burst  0

config authority session-type HTTP name           HTTP
config authority session-type HTTP service-class  Standard
config authority session-type HTTP timeout        1900000

config authority session-type HTTP transport udp protocol    udp

config authority session-type HTTP transport udp port-range 80 start-port  80

config authority session-type HTTP transport udp port-range 8080 start-port  8080

config authority session-type HTTP transport tcp protocol    tcp

config authority session-type HTTP transport tcp port-range 80 start-port  80

config authority session-type HTTP transport tcp port-range 8080 start-port  8080

config authority session-type HTTPS name           HTTPS
config authority session-type HTTPS service-class  Standard
config authority session-type HTTPS timeout        1900000

config authority session-type HTTPS transport udp protocol    udp

config authority session-type HTTPS transport udp port-range 443 start-port  443

config authority session-type HTTPS transport tcp protocol    tcp

config authority session-type HTTPS transport tcp port-range 443 start-port  443

config authority session-type FTP name           FTP
config authority session-type FTP service-class  HighThroughputData
config authority session-type FTP timeout        1900000

config authority session-type FTP transport udp protocol    udp

config authority session-type FTP transport udp port-range 20 start-port  20
config authority session-type FTP transport udp port-range 20 end-port    21

config authority session-type FTP transport tcp protocol    tcp

config authority session-type FTP transport tcp port-range 20 start-port  20
config authority session-type FTP transport tcp port-range 20 end-port    21

config authority session-type SSH name           SSH
config authority session-type SSH service-class  OAM
config authority session-type SSH timeout        1900000

config authority session-type SSH transport udp protocol    udp

config authority session-type SSH transport udp port-range 22 start-port  22

config authority session-type SSH transport tcp protocol    tcp

config authority session-type SSH transport tcp port-range 22 start-port  22

config authority session-type Telnet name           Telnet
config authority session-type Telnet service-class  OAM
config authority session-type Telnet timeout        1900000

config authority session-type Telnet transport udp protocol    udp

config authority session-type Telnet transport udp port-range 23 start-port  23

config authority session-type Telnet transport tcp protocol    tcp

config authority session-type Telnet transport tcp port-range 23 start-port  23

config authority session-type SMTP name           SMTP
config authority session-type SMTP service-class  HighThroughputData
config authority session-type SMTP timeout        10000

config authority session-type SMTP transport udp protocol    udp

config authority session-type SMTP transport udp port-range 25 start-port  25

config authority session-type SMTP transport tcp protocol    tcp

config authority session-type SMTP transport tcp port-range 25 start-port  25

config authority session-type DNS name           DNS
config authority session-type DNS service-class  NetworkControl
config authority session-type DNS timeout        5000

config authority session-type DNS transport udp protocol    udp

config authority session-type DNS transport udp port-range 53 start-port  53

config authority session-type DNS transport tcp protocol    tcp

config authority session-type DNS transport tcp port-range 53 start-port  53

config authority session-type RTP name           RTP
config authority session-type RTP service-class  MultimediaStreaming
config authority session-type RTP timeout        180000

config authority session-type RTP transport udp protocol    udp

config authority session-type RTP transport udp port-range 5004 start-port  5004
config authority session-type RTP transport udp port-range 5004 end-port    5005

config authority session-type SIP name           SIP
config authority session-type SIP service-class  Telephony
config authority session-type SIP timeout        3600000

config authority session-type SIP transport udp protocol    udp

config authority session-type SIP transport udp port-range 5060 start-port  5060

config authority session-type SIP transport tcp protocol    tcp

config authority session-type SIP transport tcp port-range 5060 start-port  5060

config authority session-type SIPS name           SIPS
config authority session-type SIPS service-class  Telephony
config authority session-type SIPS timeout        3600000

config authority session-type SIPS transport tcp protocol    tcp

config authority session-type SIPS transport tcp port-range 5061 start-port  5061

config authority session-type TFTP name           TFTP
config authority session-type TFTP service-class  HighThroughputData
config authority session-type TFTP timeout        1900000

config authority session-type TFTP transport udp protocol    udp

config authority session-type TFTP transport udp port-range 69 start-port  69

config authority session-type TFTP transport tcp protocol    tcp

config authority session-type TFTP transport tcp port-range 69 start-port  69

config authority session-type SFTP name           SFTP
config authority session-type SFTP service-class  HighThroughputData
config authority session-type SFTP timeout        1900000

config authority session-type SFTP transport udp protocol    udp

config authority session-type SFTP transport udp port-range 115 start-port  115
config authority session-type SFTP transport udp port-range 115 end-port    115

config authority session-type SFTP transport tcp protocol    tcp

config authority session-type SFTP transport tcp port-range 115 start-port  115
config authority session-type SFTP transport tcp port-range 115 end-port    115

config authority session-type POP3 name           POP3
config authority session-type POP3 service-class  HighThroughputData
config authority session-type POP3 timeout        10000

config authority session-type POP3 transport udp protocol    udp

config authority session-type POP3 transport udp port-range 110 start-port  110

config authority session-type POP3 transport udp port-range 995 start-port  995

config authority session-type POP3 transport tcp protocol    tcp

config authority session-type POP3 transport tcp port-range 110 start-port  110

config authority session-type POP3 transport tcp port-range 995 start-port  995

config authority session-type SNMP name           SNMP
config authority session-type SNMP service-class  OAM
config authority session-type SNMP timeout        10000

config authority session-type SNMP transport udp protocol    udp

config authority session-type SNMP transport udp port-range 161 start-port  161
config authority session-type SNMP transport udp port-range 161 end-port    162

config authority session-type SNMP transport tcp protocol    tcp

config authority session-type SNMP transport tcp port-range 161 start-port  161
config authority session-type SNMP transport tcp port-range 161 end-port    162

config authority session-type BGP name           BGP
config authority session-type BGP service-class  NetworkControl
config authority session-type BGP timeout        1900000

config authority session-type BGP transport udp protocol    udp

config authority session-type BGP transport udp port-range 179 start-port  179

config authority session-type BGP transport tcp protocol    tcp

config authority session-type BGP transport tcp port-range 179 start-port  179

config authority session-type IPSEC name           IPSEC
config authority session-type IPSEC service-class  Standard
config authority session-type IPSEC timeout        1900000

config authority session-type IPSEC transport udp protocol    udp

config authority session-type IPSEC transport udp port-range 1293 start-port  1293

config authority session-type IPSEC transport tcp protocol    tcp

config authority session-type IPSEC transport tcp port-range 1293 start-port  1293

config authority session-type IPSEC-NAT name           IPSEC-NAT
config authority session-type IPSEC-NAT service-class  Standard
config authority session-type IPSEC-NAT timeout        1900000

config authority session-type IPSEC-NAT transport udp protocol    udp

config authority session-type IPSEC-NAT transport udp port-range 4500 start-port  4500

config authority session-type IPSEC-NAT transport tcp protocol    tcp

config authority session-type IPSEC-NAT transport tcp port-range 4500 start-port  4500

admin@node1.nycconductor1#
export config

export config running 20201220-testBackup

export config
admin@node1.nycconductor1# export config running 20201220-testBackup
Successfully exported configuration:
/etc/128technology/config-exports/20201220-testBackup.gz
admin@node1.nycconductor1#

show config exports


show export
admin@node1.nycconductor1# show config exports 
Sun 2020-12-20 08:29:51 UTC

======================== ===================== ================= ===================
 Name                     Date Modified         Compressed Size   Uncompressed Size
                                                        (Bytes)             (Bytes)
======================== ===================== ================= ===================
 20201220-testBackup.gz   2020-12-20 08:27:34              1373               14473

Completed in 0.11 seconds
admin@node1.nycconductor1#

delete config exported  xxxxx.gz

Web GUI

Export


Import
PCLI

import config <backup name>

VALIDATE

COMMIT

web GUI
Compare
PCLIcompare config running candidate


Restore#rollabck

restore config running