The Network Command Line Utility, or NCLU, is a command line interface for Cumulus Networks products, implemented in Cumulus Linux and VX 3.1 and later releases, with the goal of simplifying the networking configuration process for all users.
NCLU resides in the Linux user space, as seen below. It provides consistent access to networking commands directly via bash, thereby making configuration and troubleshooting simple and easy — no need to edit files or enter modes and sub-modes. In addition, NCLU does more than traditional command line interfaces by:
- Embedding help, examples and automatic command checking with suggestions in case you’ve entered a typo
- Running directly from and integrating with bash, while being interoperable with the regular way of accessing underlying configuration files and automation
- Automatically configuring dependent features so you don’t have to
The NCLU wrapper utility is called
net is capable of configuring L2 and L3 features of the networking stack, installing ACLs and VXLANs, rolling back and deleting snapshots, as well as providing monitoring and troubleshooting functionality for these features.
/etc/frr/frr.conf can both be configured with
net, in addition to running show and clear commands related to
ifupdown2 and FRRouting.
What's New and Different in NCLU in Version 3.3?
A number of commands have been added, updated, or removed from NCLU in the new release. Read more about what's changed.
If you upgraded Cumulus Linux from a version earlier than 3.2 instead of performing a full binary install, you need to install the
nclu package on your switch:
nclu package installs a new bash completion script, and displays the following message when it is manually installed:
NCLU uses the following workflow for staging and committing changes to Cumulus Linux:
net delcommands to stage/remove configuration changes.
net pendingcommand to review staged changes.
net abortto commit/delete staged changes.
net commit applies the changes to the relevant configuration files, such as
/etc/network/interfaces, then runs necessary follow on commands to enable the configuration, such as
Once you have a running configuration, you can review and update it using:
net show: A series of commands for viewing various parts of the network configuration, such as
net show configuration,
net show commit historyand
net show bgpto view the complete network configuration, a history of commits using NCLU and BGP status, respectively.
net clear: A way to clear
net showcounters, BGP and OSPF neighbor content, and more.
net rollback: Provides a mechanism to revert back to an earlier configuration.
net commit confirm: Requires the user to press Enter in order to commit changes via NCLU. If you run
net commit confirmbut do not press Enter within 10 seconds, the commit is automatically reverted and nothing changes.
net commit permanent: Retains the snapshot taken when committing the change. Otherwise, the snapshots created from NCLU commands are cleaned up periodically via a snapper cron job.
net commit delete: Deletes one or more snapshots created when committing changes with NCLU.
net del all: Deletes all configurations and stops the IEEE 802.1X service.
This command does not remove management VRF configurations, as NCLU does not interact with eth0 interfaces and management VRF at all.
Tab Completion, Verification and Inline Help
NCLU provides a number of features to assist users. In addition to tab completion and partial keyword commands identification, verification checks are set in place to ensure correct syntax is used. The examples below show the output for incorrect commands:
NCLU has a comprehensive help system built in to assist usage. In addition to the net man page, you can use
help to display available commands:
Multiple interfaces can be configured at once:
Adding ? (Question Mark) Ability to NCLU
While tab completion is enabled by default, you can also configure NCLU to use the ? (question mark character) to look at available commands. To enable this feature for the cumulus user, open the following file:
Uncomment the very last line in the
.inputrc file so that the file changes from this:
Save the file and reconnect to the switch. The ? (question mark) ability will work on all subsequent sessions on the switch.
When the question mark is typed, NCLU will autocomplete and show all available options, but the question mark won't actually appear on the terminal. This is normal, expected behavior.
The NCLU has a number of built in examples to guide users through basic configuration setup:
Adding More NCLU Users or Groups
If you've created custom users or groups on your Cumulus Linux switches, you can configure those users to be able to run NCLU commands.
To do so, edit the
/etc/netd.conf file, and add those users to the users_with_edit and users_with_show lines in the file, then save the file.
For example, if you want the user netoperator to be able to run both edit and show commands, add the user to the
groups_with_edit lines in the
Similarly, to configure a new user group to use NCLU, add that group to the
groups_with_show lines in the file.
Take care to which groups you want to give the
groups_with_edit permission. For example, you wouldn't want to give it to the tacacs group.
Restarting the netd Service
Whenever you modify
netd.conf, you must restart the
netd service for the changes to take effect:
Backing up the Configuration to a Single File
You can easily back up your NCLU configuration to a file by outputting the results of
net show configuration commands to a file, then retrieving the contents of the file using the
source command. You can then view the configuration at any time or copy it to other switches and use the
source command to apply that configuration to those switches.
For example, to copy out the configuration of a leaf switch called leaf01, you would run something like the following:
With the commands all stored in a single file, you can now copy this file to another ToR switch in your network called leaf01 and apply the configuration by running:
NCLU needs no initial configuration; it's ready to go in Cumulus Linux. However, if you need to modify its configuration, you must manually update the
/etc/netd.conf file. This file can be configured to allow different permission levels for users to edit configurations and run show commands. It also contains a blacklist that hides less frequently used terms from the tabbed autocomplete.
When true, displays the Linux command running in the background.
Sets the Linux users with root edit privileges.
Sets the Linux groups with root edit privileges.
|users_with_show||root, cumulus||Controls which users are allowed to run |
|groups_with_show||root, cumulus||Controls which groups are allowed to run |
address-purge, bond-ad-actor-sys-prio, bond-ad-actor-system, bond-mode, bond-num-grat-arp, bond-num-unsol-na, bond-use-carrier, bond-xmit-hash-policy, bridge-bridgeprio, bridge-fd, bridge-hashel, bridge-hashmax, bridge-hello, bridge-maxage, bridge-maxwait, bridge-mclmc, bridge-mclmi, bridge-mcmi, bridge-mcqi, bridge-mcqpi, bridge-mcqri, bridge-mcrouter, bridge-mcsqc, bridge-mcsqi, bridge-pathcosts, bridge-port-pvids, bridge-port-vids, bridge-portprios, bridge-stp, bridge-waitport, broadcast, hwaddress, link-type, mstpctl-ageing, mstpctl-fdelay, mstpctl-forcevers, mstpctl-hello, mstpctl-maxage, mstpctl-maxhops, mstpctl-portp2p, mstpctl-portpathcost, mstpctl-portrestrrole, mstpctl-portrestrtcn, mstpctl-treeportcost, mstpctl-treeportprio, mstpctl-txholdcount, netmask, preferred-lifetime, scope, vxlan-ageing, vxlan-learning, up, down, bridge-ageing, bridge-gcint, bridge-mcqifaddr, bridge-mcqv4src
Hides corner case command options from tab complete, to simplify and streamline output.
Net Tab Complete Output
net provides an environment variable for setting where the
net output is directed. To only use
stdout, set the NCLU_TAB_STDOUT environment variable to true. The value is not case sensitive.