VyOS Operations Quick Reference

# Enter configuration mode
configure

# Exit without saving
exit discard

# Commit and exit
commit
exit

# Preview changes before commit
compare

# Commit changes (apply immediately)
commit

# Commit with comment
commit comment "Added VLAN 50 for new project"

# Save to persistent storage
save

# Show commit history
show system commit

# Rollback to previous commit
rollback 1

# Rollback to specific revision
rollback 5

# All interfaces summary
show interfaces

# Specific interface details
show interfaces ethernet eth0

# Interface statistics
show interfaces counters

# Show VLANs
show interfaces ethernet eth0 vif

# Add VLAN (in configure mode)
set interfaces ethernet eth0 vif 50 address 10.50.50.1/24
set interfaces ethernet eth0 vif 50 description "PROJECT-50"

# Summary of all zones and rules
show firewall

# Specific zone rules
show firewall zone MGMT

# Rule hit counters
show firewall statistics

# Show zone members
show zone-policy zone MGMT

# Show zone traffic
show zone-policy zone MGMT counters

# Routing table
show ip route

# Specific route
show ip route 10.50.1.0/24

# BGP summary (if configured)
show bgp summary

# Source NAT rules
show nat source rules

# Destination NAT (port forwarding)
show nat destination rules

# NAT translations (active)
show nat translations

# DHCP server status
show dhcp server statistics

# Active leases
show dhcp server leases

# Pool status
show dhcp server leases pool MGMT

# In configure mode
set service dhcp-server shared-network-name MGMT subnet 10.50.1.0/24 static-mapping nas-01 ip-address 10.50.1.70
set service dhcp-server shared-network-name MGMT subnet 10.50.1.0/24 static-mapping nas-01 mac-address AA:BB:CC:DD:EE:FF

# Add Option 43 to DHCP pool (configure mode)
configure
set service dhcp-server shared-network-name DATA subnet 10.50.10.0/24 option vendor-option cisco suboption 241 hex-string '0a320128'
commit
save

# Verify configuration
show configuration commands | grep vendor-option

set service dhcp-server shared-network-name 'DATA' subnet '10.50.10.0/24' option vendor-option cisco suboption 241 hex-string '0a320128'

# DNS cache statistics
show dns forwarding statistics

# Configured name servers
show dns forwarding nameservers

# VRRP summary
show vrrp

# Detailed VRRP state
show vrrp detail

# VRRP statistics
show vrrp statistics

# Force failover to backup (on master)
# WARNING: Causes brief outage
sudo systemctl stop vrrp

# Restore master
sudo systemctl start vrrp

# CPU, memory, load
show system cpu
show system memory
show system uptime

# Disk usage
show system storage

# Live log (like tail -f)
monitor log

# Recent entries
show log

# Filter by component
show log | grep firewall
show log | grep dhcp

# Generate new API key
generate system api-key

# Show configured keys
show configuration commands | grep api

# Show interfaces via API
curl -k -X POST \
  -H "Content-Type: application/json" \
  -d '{"op":"showConfig","path":["interfaces"]}' \
  'https://vyos-01:8443/retrieve' \
  --user 'apiuser:APIKEY'

# Export running config
show configuration commands > /tmp/vyos-config-$(date +%Y%m%d).txt

# Copy to workstation
scp vyos-01:/tmp/vyos-config-*.txt ~/backups/

# If git tracking enabled in Phase 12
cd /config
git status
git log --oneline -5

# Ping with specific source
ping 8.8.8.8 source-address 10.50.1.1

# Traceroute
traceroute 8.8.8.8

# Show ARP table
show arp

# Capture on interface (like tcpdump)
monitor traffic interface eth0

# Filter by host
monitor traffic interface eth0 host 10.50.1.20

# Filter by port
monitor traffic interface eth0 port 443

# Check services
sudo systemctl status vyos-router
sudo systemctl status ssh
sudo systemctl status suricata