netopeer2-cli - Man Page

Display list of commands. --(h)elp option is also accepted by all commands to show detailed information about the command.

Connect to a NETCONF server.

connect [--help] [--host hostname] [--port num]
   [--ssh] [--login username]
   --tls  [--cert cert_path [--key key_path]] [--trusted trusted_CA_store.pem]

--h(o)st hostname

Specifies the hostname of the NETCONF server to connect to. If not specified, 'localhost' is used.

--(p)ort num

Port to connect to the NETCONF server on. By default, port 830 for SSH or 6513 for TLS transport is used.

--(s)sh

Use NETCONF over SSH transport. This is the default, when both SSH and TLS are enabled.

--(l)ogin username

Specify the SSH username to connect with. By default, the current system user is used.

--(t)ls

Use NETCONF over TLS transport.

--(c)ert cert_path

Use a specific certificate for TLS handshake. cert_path specifies path to the client certificate in CRT format. If the --key option is not specified, cert_path is expected to contain also the private key for the client certificate, in PEM format.

--(k)ey key_path

Specifies path to the private key for the client certificate in KEY format. If not specified, cert_path is expected to contain also the private key for the client certificate, in PEM format.

--t(r)usted trusted_CA_store.pem

Specifies path to a trusted CA certificate bundle in PEM format to be used exclusively for server verification for this connection instead of the default CA directory.

Listen for a NETCONF Call Home.

listen [--help] [--timeout sec] [--host hostname] [--port num]
   [--ssh] [--login username]
   --tls  [--cert cert_path [--key key_path]] [--trusted trusted_CA_store.pem]

--t(i)meout sec

Specifies the time for how long the CLI will listen for the Call Home connection. By default, 60 (a minute) is used.

--h(o)st hostname

Specifies the hostname (interface) to listen on. By default, ::0 is used.

other options

The rest of the options have similar meaning as in connect.

Disconnect from a NETCONF server.

Perform NETCONF <commit> operation. For more details see RFC 6241 section 8.3.4.1.

commit [--help] [--confirmed] [--confirm-timeout sec] [--persist new-commit-id] [--persist-id commit-id]

--(c)onfirmed

Make the <commit> a confirmed commit. See RFC 6421 section 8.4.

--confirm-(t)imeout sec

Specify the confirmed commit timeout. Can be used only with --confirmed.

--(p)ersist new-commit-id

Make the commit a persistent commit. new-commit-id is the identificator of the commit.

--persist-(i)d commit-id

Confirm a persistent commit with the commit-id identificator.

Cancel a pending confirmed commit.

cancel-commit [--help] [--persist-id commit-id]

--persist-(i)d commit-id

Cancel a specific commit-id pending confirmed commit.

Perform NETCONF <copy-config> operation. For more details see RFC 6241 section 7.3.

copy-config [--help] --target running|startup|candidate|url:url (--source running|startup|candidate|url:url | --src-config [file]) [--defaults report-all|report-all-tagged|trim|explicit]

--(t)arget running|startup|candidate|url:url

Specifies the target of the <copy-config> operation. Either a datastore or a specific URL can be specified.

--(s)ource running|startup|candidate|url:url

Specifies the source of the <copy-config> operation. Either a datastore or a specific URL can be specified.

--src-(c)onfig [file]

Specifies the source of the <copy-config> operation. If a file with the configuration is not specified, the configuration is read from the standard input.

--(d)efaults report-all|report-all-tagged|trim|explicit

Use :with-defaults capability with the specified retrieval mode. For more details see RFC 6243 section 3.

Perform NETCONF <delete-config> operation. For more details see RFC 6241 section 7.4.

delete-config [--help] --target startup|url:url

--(t)arget startup|url:url

Specifies the target of the <delete-config> operation. Either the startup datastore or a specific URL can be specified.

Perform NETCONF <discard-changes> operation. It reverts the candidate configuration to the current running configuration. For more details see RFC 6241 section 8.3.4.2.

Perform NETCONF <edit-config> operation. For more details see RFC 6241 section 7.2.

edit-config [--help] --target running|candidate (--config [file] | --url url) [--defop merge|replace|none] [--test set|test-only|test-then-set] [--error stop|continue|rollback]

--(t)arget running|candidate

Specifies the target of the <edit-config> operation.

--(c)onfig [file]

Specifies the content of the <edit-config> operation. If a file with the configuration is not specified, the configuration is read from the standard input.

--(u)rl ur

Specifies the content of the <edit-config> operation. It is retrieved from that specific URL.

--def(o)p merge|replace|none

Specifies default operation for applying configuration data.

merge

Merge configuration data at the corresponding level. This is the default value.

replace

Edit configuration data completely replaces the configuration in the target datastore.

none

The target datastore is unaffected by the edit configuration data, unless and until the edit configuration data contains the operation attribute to request a different operation.

--t(e)st set|test-only|test-then-set

Perform validation of the modified configuration data. This option is available only if the server supports :validate:1.1 capability (see RFC 6241 section 8.6).

set

Do not perform validation test.

test-only

Do not apply the modified data, only perform the validation test.

test-then-set

Perform a validation test before attempting to apply modified configuration data. This is the default value.

--e(r)ror stop|continue|rollback

Set reaction to an error.

stop

Abort the operation on first error. This is the default value.

continue

Continue to process configuration data on error. The error is recorded and negative response is returned.

rollback

Stop the operation processing on error and restore the configuration to its complete state at the start of this operation. This action is available only if the server supports :rollback-on-error capability (see RFC 6241 section 8.5).

Perform NETCONF <get> operation. Retrieves both status as well as configuration data from the current running datastore. For more details see RFC 6241 section 7.7.

get [--help] [--filter-subtree [file] | --filter-xpath XPath] [--defaults report-all|report-all-tagged|trim|explicit] [--out file]

--filter-(s)ubtree [file]

Specifies if the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specififes is the request will contain an XPath filter. XPath is the expression used for filtering.

--(d)efaults report-all|report-all-tagged|trim|explicit

Use :with-defaults capability with specified retrieval mode. For more details see RFC 6243 section 3.

--(o)ut file

Print the result of the command into a file rather than to the standard output.

Perform NETCONF <get-config> operation. Retrieves only configuration data from the specified source. For more details see RFC 6241 section 7.1.

get-config [--help] --source running|startup|candidate [--filter-subtree [file] | --filter-xpath XPath] [--defaults report-all|report-all-tagged|trim|explicit] [--out file]

--(s)ource running|startup|candidate

Specifies the source of the <get-config> operation.

--filter-(s)ubtree [file]

Specifies if the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specififes is the request will contain an XPath filter. XPath is the expression used for filtering.

--(d)efaults report-all|report-all-tagged|trim|explicit

Use :with-defaults capability with specified retrieval mode. For more details see RFC 6243 section 3.

--(o)ut file

Print the result of the command into a file rather than to the standard output.

Perform NETCONF <get-schema> operation that retrieves specified data model used by the server. This operation is available only if the server implements the YANG Module for NETCONF Monitoring. The list of available schemas can be retrieved from /netconf-state/schemas subtree via the <get> operation. For more details see RFC 6022 sections 3.1 and 4.

get-schema [--help] --model identifier [--version version] [--format format] [--out file]

--(m)odel identifier

Identifier for the schema list entry.

--(v)ersion version

Version of the requested schema.

--(f)ormat format

The data modeling language (format) of the requested schema. Default value is yang.

--(o)ut file

Print the result of the command into a file rather than to the standard output.

Perform NETCONF <kill-session> operation to terminate specified NETCONF session. To terminate the current session, use the disconnect command. For more details see RFC 6241 section 7.9.

kill-session [--help] --sid sesion-ID

--(s)id session-ID

Session identifier of the NETCONF session to be terminated.

Perform the NETCONF <lock> operation to lock the entire configuration datastore of a server. For more details see RFC 6241 section 7.5.

lock [--help] --target running|startup|candidate

--(t)arget running|startup|candidate

Target datastore to lock..

Perform the NETCONF <unlock> operation to release a configuration lock, previously obtained with the <lock> operation. For more details see RFC 6241 section 7.6.

lock [--help] --target running|startup|candidate

--(t)arget running|startup|candidate

Target datastore to unlock.

Perform the NETCONF <validate> operation to validate configuration data. For more details see RFC 6241 section 8.6.4.1.

validate [--help] (--source running|startup|candidate|url:url | --src-config [file])

--(s)ource running|startup|candidate|url:url

Specifies the source of the <validate> operation. Either a datastore or a specific URL can be specified.

--src-(c)onfig [file]

Specifies the source of the <validate> operation. If a file with the configuration is not specified, the configuration is read from the standard input.

Perform NETCONF Event Notifications <create-subscription> operation. For more details see RFC 5277 section 2.1.1.

subscribe [--help] [--filter-subtree [file] | --filter-xpath XPath] [--begin time] [--end time] [--stream stream] [--out file]

--filter-(s)ubtree [file]

Specifies if the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specififes is the request will contain an XPath filter. XPath is the expression used for filtering.

--(b)egin time

Start to replay event notifications from past (future time is not valid). If the start time is not specified, replay feature is not activated and only new event notifications are received. Format of the time parameter is described below.

--(e)nd time

Specifies when the event replay stops. Format of the time parameter is as follows:

+time

Current time plus the given number of seconds.

time

Absolute time as number of seconds since 1970-01-01.

-time

Current time minus the given number of seconds.

--s(t)ream stream

Specifies which event stream is of the interest. If not specified, default NETCONF stream is received. The list of available streams can be retrieved from /netconf/streams subtree via the <get> operation.

--(o)ut file

Print the received notifications into a file rather than to the standard output.

Manage client and trusted Certificate Authority certificates that are used for TLS verification stored in ~/.netopeer2-cli/client.* and ~/.netopeer2-cli/certs respectively.

This command is available with TLS support.

cert [--help] [display] [add cert_path] [remove cert_name] [displayown] [replaceown (cert_path.pem | cert_path.crt key_path.key)]

display

Displays all the recognized certificates in ~/.netopeer2-cli/certs. First the file name and serial number, then subject, issuer and validity are shown for each certificate.

add cert_path

Adds the cert_path certificate to the trusted CA dir ~/.netopeer2-cli/certs and recalculates hashes of all the certificates.

remove cert_name

Removes the cert_name certificate from the trusted CA dir ~/.netopeer2-cli/certs and recalculates hashes of all the certificates. cert_name is the certificate file name, as displayed in the cert display command output.

displayown

Shows information about the status of the default client certificates and displays information about any relevant found client certificates ~/.netopeer2-cli/client.crt and ~/.netopeer2-cli/client.pem.

replaceown cert_path [key_path]

Replaces the default client certificates with the PEM certificate in cert_path or the CRT certificate cert_path and private key key_path. All previous client certificates are deleted.

Manage Certificate Revocation List certificates that are stored in the ~/.netopeer2-cli/crl directory.

This command is available only with TLS support.

crl [--help] [display] [add crl_path] [remove crl_name]

display

Displays all the recognized CRLs in ~/.netopeer2-cli/crl. First the file name, then issuer, last and next update dates are shown for each CRL followed by the serial numbers and revocation dates of all the revocated certificates.

add crl_path

Adds the crl_path CRL to the ~/.netopeer2-cli/crl dir and recalculates hashes of all the CRLs.

remove crl_name

Removes the cert_name CRL from the ~/.netopeer2-cli/crl dir and recalculates hashes of all the CRLs. crl_name is the CRL file name, as displayed in the crl display command output.

Manage SSH authentication options - authentication preferences and private keys.

This command is available with SSH support.

auth (--help | pref [(publickey | interactive | password) preference] | keys [add private_key_path] [remove key_index])

pref

Print the current authentication method preferences or change a specific method preference.

preference

The new preference of the authentication method. Negative values disable the authentication method.

keys

Manage keys used for authentication.

path_to_the_key

If specified, add or remove the keys. If not, show the current keys.

Manage the external editor used for modifying raw input data.

editor [--help] [path/name_of_the_editor]

path/name_of_the_editor

The full path or just the name of the editor to be used.

Print information about the current NETCONF session.

Send your own content in an RPC envelope.

user-rpc [--help] [--content file] [--out file]

--(c)ontent file

Specifies a file containing NETCONF RPC operation in XML format. Only the NETCONF <rpc> envelope is added to the file content and then it is sent to a server. If the file is omitted, the RPC content is read from the standard input.

--(o)ut file

Print the command result into a file rather than to the standard output.

Set the directory, which will be used when searching for modules. Modules are always needed to be able to work with the same data as a NETCONF server. They are searched locally (in this directory) only if the server does not support the <get-schema> NETCONF operation. If it does, all the modules (except ietf-netconf-monitoring, which includes the definition of the <get-schema> RPC itself) are downloaded from the server.

searchpath model-dir-path

Set the format for all the output data. XML is the default.

outputformat (xml | xml_noformat | json)

Print the CLI version.

Set CLI verbosity. Only errors are printed by default.

verb (error/0 | warning/1 | verbose/2 | debug/3)

Quit the program.