VyOS ultra basic quick start guide

VyOS Quick Start

This article is intended to provide very basic configuration to get us started with VyOS.

Our VyOS is installed in vSphere, specs below:

 

After VyOS is installed needs to be configured.
It comes pretty blank so everything needs to be configured from scratch.
This includes:
  • User creation
  • Remote access via ssh
  • Basic firewall settings to allow remote access via ssh and respond to icmp echo requests 
  • Interface configuration
Before we begin we need to understand how VyOS works at a very fundamental level and learn few commands first.
Vyos has two modes:
  1. Operational mode
  2. Configuration mode 
Operational mode is the one where you usually display things and use show commands, similar to IOS. Operational mode is indicated by the $ at command prompt. Note, to descend back to operational mode from configuration mode use the exit command:

Configuration mode is the one where you usually configure the router. All commands following this post are configuration commands executed in configuration mode. Configuration mode is indicated by the # at command prompt. Note, to ascend into configuration mode from operational mode use the configure command:

Last but not least, all changes made into configuration mode will need to a) be committed in order to become active and saved into NVRAM in order to be kept after reboot. Commands are commit and save:


Lets get down to business and touch on each bullet point individually.

User creation

Unlike IOS, in VyOS once user is created access is granted locally and remotely as well. User role needs be assigned however:

set system login user xtron authentication plaintext-password 'yourpasshere'
set system login user xtron full-name 'Admin Account'
set system login user xtron level 'admin'







Remote access via ssh

set service ssh port '22'


Firewall configuration

With VyOS we need to explicitly allow incoming request via the firewall to accept ssh login request and to respond to icmp echo requests.

set service ssh port '22'
set firewall all-ping 'enable'
set firewall state-policy established action 'accept'
set firewall state-policy related action 'accept'


Interface configuration

Here we configure three router interfaces as per the the virtual network adapters illustrated on the screenshot above

set interfaces ethernet eth0 address '172.18.0.254/24'
set interfaces ethernet eth0 description 'DATACENTER'

set interfaces ethernet eth1 address '172.18.1.254/24'
set interfaces ethernet eth1 description 'DMZ'

set interfaces ethernet eth2 address '10.7.42.1/24'
set interfaces ethernet eth2 description 'SERVERS'


Default gateway

If your VyOS is the WAN/Internet facing device, and/or requires Internet access but is not directly linked with other routers to obtain its routing table via various routing protocols than most likely your router will need to know of its default gateway to reach the outside world.

set system gateway-address '172.18.0.1'


There are numerous show commands letting you explore the configurations made. Use <TAB> key after show to see all possibilities.



Comments

Post a Comment

Feel free to engage in conversation.
New problems are solved by new thinking.

Most Popular

KVM on CentOS: Hyperconverged nested oVirt Cluter with Gluster vSAN

Image
KVM on Centos for Nested hyperconverged oVirt cluster. WARNING: This is not step by step guide and omits much of the self-explanatory steps such as individual installation instructions and basic configuration instructions. What is used? One host with 64GB RAM, ~2TB Storage (128SSD & 2000SSHD) and i5 CPU, Centos7 : KVM, QEMU, oVirt v4.1.2 oVirtHost v4.1.2 Gluster 3.10 A wicked mind From a high level perspective the infrastructure looks like this: The Physical host is installed onto the SSD disk The Nested hosts are installed onto the SSHD Datastore The final result is: ----Physical KVM           |-----------------------Virtual oVirt           |-----------------------Nested KVM/oVirtNode-1--------------Guest VMs           |-----------------------Nested KVM/oVirtNode-2--------------Guest VMs   ...
Read more

Creating oVirt ISO domain: Glusterised

Image
oVirt ISO Storage Domain In oVirt, since version 4 there is a new version type introduced " POSIX Compliant File System Storage". This means that now you can use standard linux file structure such ext4 to map storage to the cluster. This sounds like a vSphere now.  Remember how you can have combination of vSAN Datastore and Local Datastore available to ESXi? Does this means that we can now create partition on oVirt Node (KVM) an mount this as storage domain to the cluster? - Not so quick. oVirt is made for High Availability and builds on that concept. All hosts in the cluster MUST be able to see the storage domain. Even if you manage to add a local storage domain to oVirt, lets say ISO Storage Domain which makes perfect sense, you'll most likely end-up with orphaned cluster. All hosts unable to see the new storage domain will be kicked out of the Cluster. Now, since we've seen that POSIX Compliant File System Storage does not really make much sense ...
Read more

ESXi 6.5 on KVM

Image
ESXi on KVM with Nested support. Installing ESXi on KVM is fairly easy task. Maybe because it belongs there? :) There are only few important things that have to be done right, rest is next next deploy. In this article we used ESXi 6.5 image. At the time of writing that is the latest and greatest ESXi version available. It comes with the WebClient naturally. In fact the WebClient has been officially around since 6.2 (optionally available since 5.5 & 6.0). Let me tell you however, it is still full of bugs. I am a Linux user, hence I couldn't test IE (all MS must die! :) but having a go with Epiphany, Firefox and Chromium  can confirm that Firefox works better than the rest most of the time. Chrome/Chromium often gets into "unexpected error - reload?" which most of the time cannot be even solved bu thrashing cache and history but requires more extreme measures such as deleting preferences or even reinstalling the browser. It is a lame provided the vmware corp...
Read more

oVirt: Creating a VM

Image
Simple guide for creating a VM using oVIRT In this step by step guide we will create a VM using oVirt and highlight the differences between oVirt and vCenter as necessary to help admins migrate vSphere skills to oVirt with ease Here is discussed the whole process from transferring files to running a VM for the first time. On each step we elaborate below: STEP1: Downloading and uploading your ISO. First we make a decision on what VM we want to install. In this scenario we will grab Server 2012 as we already have license for one. Once the ISO is downloaded from Microsoft or elsewhere we need to upload the ISO to oVirt. This is plain file transfer between two machines, feel free to use SFTP, SCP, FTP as suitable. In our scenario SCP is used as the transfer is between to Linux client and SCP is built in CLI package to move files across.- - Check we have the ISO in our Documents directory - Upload the file to the ovirt server in then ISOs directory - Login to the...
Read more

Installing .NET 3.5 on Windows Server 2012 / 2012R2

Image
.NET 3.5 on Windows Server 2012 with or without source ISO   When working on Windows Server where you do not have full control can be very tricky to install .NET 3.5 framework. This is especially the case when you are setting up a system for a customer on a cloud hosted server for example. You get your server from your cloud provider and you get credentials to login and thats all. No control over virtual environment.  Why would you need .NET 3.5 framework? - There are tons of applications that still use and are built on .NET 3.5 still and yes all those applications are current releases. Now, lets get down to business. You have two options to enable/install .NET 3.5 on server 2012 / 2012 R2 using few fairly simple steps. Both of this options are discussed below in its own separate section. Install .NET 3.5 framework on Server 2012 with INTERNET access In this scenario your server has Internet access. You do not have access to the source ISO o...
Read more

MSTeams: Powershell for Linux

Image
MSTeams Powershell for Linux  Not long ago, MS have released powershell package for Linux which means we, Linux users, can now natively manage MS services from our terminal. That's great news as now we don't separate Windows VMs or RDP Servers just for this reason. This article will describe the setup for ZorinOS (Ubuntu-based distribution) but setup should be similar across all supported distros, namely Debian, Alpine and RedHat. Here is a link from current powershell releases Here we donwload .deb package   Installation is like every other package:  sudo dpkg -i powershell_7.3.4-1.deb_amd64.deb Once installed we need to start powershell using the command  pwsh  Next we need to import MicrosoftTeams module using the command Install-Module -Name MicrosoftTeams  We can now use MSTeams commands to check or configure our Teams tenant, for example   Get-CsOnlinePSTNGateway Identity : connect.XXXXXXX InboundTeamsNumberTranslatio...
Read more

MSTeams User Direct routing number

Image
Associating MSTeams User with Direct routing number There are two ways of adding the Phone Number of your users in Teams. Using powershell is how the details were being added at the beginning   Set-CsPhoneNumberAssignment -Identity useremail@domain.au -PhoneNumber +61386794560 -PhoneNumberType DirectRouting   Now this action can be performed in the teams admin console under Users, Manage Users, Account Tab of the User    
Read more

Contact me by email

Name

Email *

Message *