Table of Contents
- About this Manual
- Objectives
- Audience
- Document Organization
- Part Organization
- Using the Indexes
- Documentation Conventions
- General Conventions
- Conventions for Software Commands and Statements
- List of Technical Publications
- Documentation Feedback
- How to Request Support
- Product Architecture
- Hardware Overview
- Product Architecture
- Packet Forwarding Engine
- Packet Flow through an M-Series Router
- Packet Flow through a T-series Router
- Routing Engine
- JUNOS Software Overview
- Routing Engine Software Components
- Routing Protocol Process
- IPv4 Routing Protocols
- IPv6 Routing Protocols
- Routing and Forwarding Tables
- Routing Policy
- VPNs
- Interface Process
- Chassis Process
- SNMP and MIB II Processes
- Management Process
- Routing Engine Kernel
- Software Installation Overview
- Tools for Accessing and Controlling the Software
- Software Configuration Overview
- Methods of Configuring the Software
- Configuring the Software
- Activating a Configuration
- Software Monitoring Tools
- Router Security
- JUNOS Default Settings
- Router Access
- User Authentication
- Routing Protocol Security Features
- Firewall Filters
- Auditing for Security
- Supported Software Standards
- Supported Internet RFCs and Drafts
- ATM
- BGP
- CHAP
- Frame Relay
- GMPLS
- GRE and IP-IP Encapsulation
- IP Multicast
- IPSec and IKE
- IPv6
- IS-IS
- LDP
- MIBs
- MPLS
- OSPF
- PPP
- RIP
- RSVP
- SSL
- TCP/IP v4
- VPNs
- Supported ISO Standards
- IS-IS
- Supported SDH and SONET Standards
- Other Supported Standards
- ATM
- Ethernet
- Frame Relay
- T3
- Complete Configuration Mode Commands and Statements
- Complete Configuration Mode Commands
- Complete Configuration Statement Hierarchy
- [edit access] Hierarchy Level
- [edit accounting-options] Hierarchy Level
- [edit chassis] Hierarchy Level
- [edit class-of-service] Hierarchy Level
- [edit firewall] Hierarchy Level
- [edit forwarding-options] Hierarchy Level
- [edit groups] Hierarchy Level
- [edit interfaces] Hierarchy Level
- [edit policy-options] Hierarchy Level
- [edit protocols] Hierarchy Level
- [edit routing-instances] Hierarchy Level
- [edit routing-options] Hierarchy Level
- [edit security] Hierarchy Level
- [edit snmp] Hierarchy Level
- [edit system] Hierarchy Level
- Installation Overview
- JUNOS Software Distribution
- Software Release Names
- Package Names
- Storage Media
- Boot Devices
- Boot Sequence
- Configure the Software Initially
- Reinstall the Software Using the Install Media
- Prepare to Reinstall the JUNOS Software
- Reinstall the JUNOS Software
- Reconfigure the JUNOS Software
- Upgrade Software Packages
- Upgrade All Software Packages
- Upgrade Individual Software Packages
- Copy a Configuration to a PC Card or LS-120MB Floppy Disk
- Reinstall Software using jinstall
- Command-Line Interface Overview
- CLI Modes
- CLI Command Hierarchy
- Command-Line Interface Operational Mode
- Use the CLI
- Get Help About Commands
- Examples: Get Help About Commands
- Have the CLI Complete Commands
- Examples: Use CLI Command Completion
- CLI Messages
- Move around and Edit the Command Line
- How Output Appears on the Screen
- Display Output One Screen at a Time
- Filter Command Output
- Place Command Output in a File
- Search for a String in the Output
- Compare Configuration Changes with a Prior Version
- Count the Number of Lines in the Output
- Display All Output at Once
- Retain the Output after the Last Screen
- Display Additional Information about the Configuration
- Filter Command Output Multiple Times
- Set the Current Date and Time
- Set Date and Time from NTP Servers
- Display CLI Command History
- Monitor Who Uses the CLI
- Control the CLI Environment
- Set the Terminal Type
- Set the Screen Length
- Set the Screen Width
- Set the CLI Prompt
- Set the Idle Timeout
- Set CLI to Prompt after a Software Upgrade
- Set Command Completion
- Display CLI Settings
- Example: Control the CLI Environment
- Configure the Router with the CLI
- Configuration Statement Hierarchy
- How the Configuration Is Stored
- Enter Configuration Mode
- Using the Configure Command
- Using the Configure Exclusive Command
- Using the Configure Private Command
- Update the Configure Private Configuration
- Configuration Mode Prompt
- Configuration Mode Banner
- Configuration Statements and Identifiers
- Get Help about Configuration Mode Commands, Statements, and Identifiers
- Use Command Completion in Configuration Mode
- Examples: Use Command Completion in Configuration Mode
- Get Help Based on a String in a Statement Name
- Example: Get Help Based on a String Contained in a Statement Name
- Create and Modify the Configuration
- Examples: Create and Modify the Configuration
- Move among Levels of the Hierarchy
- Move Down to a Specific Level
- Move Back Up to Your Previous Level
- Move Up One Level
- Move Directly to the Top of the Hierarchy
- Warning Messages When Moving Up
- Issue Relative Configuration Commands
- Exit Configuration Mode
- Display the Current Configuration
- Examples: Display the Current Configuration
- Display Users Currently Editing the Configuration
- Remove a Statement from the Configuration
- Examples: Remove a Statement from the Configuration
- Copy a Statement in the Configuration
- Example: Copy a Statement in the Configuration
- Rename an Identifier
- Example: Rename an Identifier
- Insert a New Identifier
- Examples: Insert a New Identifier
- Run an Operational Mode CLI Command from Configuration Mode
- Example: Run an Operational Mode CLI Command from Configuration Mode
- Display Configuration Mode Command History
- Verify a Configuration
- Commit a Configuration
- Commit a Configuration and Exit Configuration Mode
- Activate a Configuration but Require Confirmation
- Schedule a Commit
- Synchronize Routing Engines
- Example: Apply Groups Re0 and Re1
- Example: Set Apply Groups Re0 and Re1
- Save a Configuration to a File
- Load a Configuration
- Examples: Load a Configuration from a File
- Return to a Previously Committed Configuration
- Example: Return to a Previously Committed Version of the Configuration
- Configuration Mode Error Messages
- Deactivate and Reactivate Statements and Identifiers in a Configuration
- Examples: Deactivate and Reactivate Statements and Identifiers in a Configuration
- Add Comments in a Configuration
- Examples: Include Comments in Configurations
- Have Multiple Users Configure the Software
- Example: Using the CLI to Configure the Router
- Shortcut
- Longer Configuration Example
- Additional Details about Specifying Statements and Identifiers
- How to Specify Statements
- How the CLI Performs Type-Checking
- Configuration Groups
- Overview
- Inheritance Model
- Configuration Groups Configuration Statements
- Configuration Groups Configuration Guidelines
- Create a Configuration Group
- Apply a Configuration Group
- Example: Configure and Apply Configuration Groups
- Display Inherited Values
- Use Wildcards
- Example: Use Wildcards
- Examples: Configuration Groups
- Configure Sets of Statements
- Configure Interfaces
- Configure Peer Entities
- Establish Regional Configurations
- Select Wildcard Names
- Summary of Configuration Group Statements
- apply-groups
- groups
- Summary of CLI Environment Commands
- set cli complete-on-space
- set cli idle-timeout
- set cli prompt
- set cli restart-on-upgrade
- set cli screen-length
- set cli screen-width
- set cli terminal
- set date
- set date ntp
- show cli
- show cli history
- Summary of CLI Configuration Mode Commands
- activate
- annotate
- commit
- copy
- deactivate
- delete
- edit
- exit
- help
- insert
- load
- quit
- rename
- rollback
- run
- save
- set
- show
- status
- top
- up
- Summary of CLI Operational Mode Commands
- clear
- configure
- file
- monitor
- ping
- update
- | (pipe)
- quit
- request
- restart
- set
- show
- ssh
- start
- telnet
- test
- traceroute
- System Management Overview
- How to Specify IP Addresses, Network Masks, and Prefixes
- How to Specify Filenames and URLs
- Directories on the Router
- Tracing and Logging Operations
- Protocol Authentication
- User Authentication
- System Management Configuration Statements
- Configure Basic System Management
- Configure the Router's Name and Addresses
- Configure the Router's Name
- Map the Router's Name to IP Addresses
- Configure an ISO Sysid
- Example: Configure a Router's Name, IP Address, and Sysid
- Configure the Router's Domain Name
- Example: Configure the Router's Domain Name
- Configure Which Domains to Search
- Example: Configure Which Domains to Search
- Configure a DNS Name Server
- Example: Configure a DNS Name Server
- Configure a Backup Router
- Example: Configure a Backup Router
- Configure Flash Disk Mirroring
- Configure the System Location
- Configure the Root Password
- Example: Configure the Root Password
- Compress the Current Configuration File
- Configure System Authentication
- Configure RADIUS Authentication
- Configure Juniper Networks-Specific RADIUS Attributes
- Configure TACACS+ Authentication
- Configure Juniper Networks-Specific TACACS+ Attributes
- Configure Template Accounts for RADIUS and TACACS+ Authentication
- Remote Template Accounts
- Local User Template Accounts
- Local User Template Example:
- Configure the Authentication Order
- Example: Remove an Ordered Set from the Authentication Order
- Example: Insert an Order Set in the Authentication Order
- Examples: Configure System Authentication
- Local User Fallback Mechanism
- Example: Insert Password into the Authentication Order
- Example: Default to Local User Password Authentication, TACACS +
- Example: Default to Local User Password Authentication, RADIUS
- Example: Default to Local User Password Authentication, TACACS + and RADIUS
- Configure User Access
- Define Login Classes
- Configure Access Privilege Levels
- Example: Configure Access Privilege Levels
- Deny or Allow Individual Commands
- Operational Mode Commands
- Example 1: Define Access Privileges to Individual Operational Mode Commands
- Example 2: Define Access Privileges to Individual Operational Mode Commands
- Configuration Mode Commands
- Example 3: Define Access Privileges to Individual Configuration Mode Commands
- Example 4: Configure Access Privileges to Individual Configuration Mode Commands
- Configure the Timeout Value for Idle Login Sessions
- Configure User Accounts
- Example: Configure User Accounts
- Configure Time
- Set the Time Zone
- Examples: Set the Time Zone
- Configure the Network Time Protocol
- Configure the NTP Boot Server
- Configure the NTP Time Server and Time Services
- Configure the Router to Operate in Client Mode
- Configure the Router to Operate in Symmetric Active Mode
- Configure the Router to Operate in Broadcast Mode
- Configure NTP Authentication Keys
- Configure the Router to Listen for Broadcast Messages
- Configure the Router to Listen for Multicast Messages
- System Log Messages Overview
- System Logging Configuration Guidelines
- Minimum System Logging Configuration
- Configure System Logging
- Direct Messages to a Log File
- Direct Messages to a User Terminal
- Direct Messages to the Console
- Archive System Logs
- Direct Messages to a Remote Machine
- Assign an Alternate Facility
- Examples: Assign an Alternate Facility
- Prepend a Prefix
- Example: Prepend a Prefix
- Examples: Configure System Logging
- Configure Miscellaneous System Management Features
- Configure Console and Auxiliary Port Properties
- Disable the Sending of Redirect Messages on the Router
- Configure the Source Address for Locally Generated TCP/IP Packets
- Configure the Router or Interface to Act as a DHCP/BOOTP Relay Agent
- Configure System Services
- Configure Finger Service
- Configure FTP Service
- Configure rlogin Service
- Configure ssh Service
- Configure Root Login
- Configure ssh Protocol Version
- Configure telnet Service
- Configure a System Login Message
- Configure JUNOS Software Processes
- Disable JUNOS Software Processes
- Configure Failover to Backup Media if a Software Process Fails
- Configure a Password on the Diagnostics Port
- Core Dump Files
- Configure a Router to Transfer its Configuration to an Archive Site
- Configure the Transfer Interval
- Configure Transfer on Commit
- Configure Archive Sites
- TACACS+ System Accounting
- Specify Events
- Configure TACACS+ Accounting
- Summary of System Management Configuration Statements
- allow-commands
- allow-configuration
- archive-sites
- authentication
- authentication-key
- authentication-order
- auxiliary
- backup-router
- boot-server
- broadcast
- broadcast-client
- class
- compress-configuration-files
- configuration
- console
- default-address-selection
- deny-commands
- deny-configuration
- destination
- diag-port-authentication
- domain-name
- domain-search
- events
- full-name
- host-name
- idle-timeout
- load-key-file
- location
- login
- message
- mirror-flash-on-disk
- multicast-client
- name-server
- no-redirects
- no-saved-core-context
- ntp
- peer
- permissions
- port
- port (RADIUS server)
- port (TACACS+ server)
- ports
- processes
- protocol-version
- radius-server
- retry
- root-authentication
- root-login
- secret
- server
- server (Accounting)
- server (NTP)
- services
- single-connection
- static-host-mapping
- syslog
- system
- tacplus
- tacplus-server
- timeout
- time-zone
- transfer-interval
- transfer-on-commit
- trusted-key
- uid
- user
- Access Configuration Guidelines
- Configure Challenge Handshake Authentication Protocol
- Example: PPP Challenge Handshake Authentication Protocol
- Configure the Authentication Order
- Trace Access Processes
- Summary of Access Configuration Statements
- authentication-order
- client
- profile
- traceoptions
- Security Services Overview
- IPSec Overview
- Security Associations
- IKE
- Security Services Configuration Guidelines
- Minimum IPSec Configuration
- Minimum Manual SA Configuration
- Minimum Dynamic SA Configuration
- Configure Security Associations
- Configure IPSec Mode
- Transport Mode
- Tunnel Mode
- Configure Manual Security Associations
- Configure Direction
- Configure the Protocol
- Configure a Security Parameter Index (SPI)
- Configure the Auxiliary Security Parameter Index
- Configure Authentication
- Configure Encryption
- Configure Dynamic Security Associations
- Configure Digital Certificates
- Configure the Cache Size
- Configure the Negative Cache
- Configure the Certificate Authority Properties
- Specify the Certificate Authority Name
- Configure the Certificate Revocation List
- Specify a Enrollment URL
- Specify a File to Read the Digital Certificate
- Specify a LDAP URL
- Configure the Enrollment Retry
- Configure the Maximum Number of Peer Certificates
- Configure the Path Length
- Configure Global IKE Properties for Digital Certificates
- Configure IKE Specific-Properties for Digital Certificates
- Configure the Digital Certificate for an IKE Policy
- Configure a Unique Local Certificate for Each Peer
- Configure a Local Certificate Shared Across Multiple IKE Sessions
- Request a Certificate from a Certificate Authority
- Generate a Private and Public Key
- Obtain a Public Certificate from a Certificate Authority
- Obtain a CA Public Signed Certificate
- Configure an IKE Proposal (Dynamic SAs Only)
- Configure an IKE Authentication Algorithm
- Configure an IKE Authentication Method
- Configure an IKE Diffie-Hellman Group
- Configure an IKE Encryption Algorithm
- Configure an IKE Lifetime
- Example: Configure an IKE Proposal
- Configure an IKE Policy
- Configure IKE Policy Mode
- Configure IKE Policy Proposal
- Configure IKE Policy Preshared Key
- Example: Configure an IKE Policy
- Configure an IPSec Proposal
- Configure an Authentication Algorithm
- Configure an Encryption Algorithm
- Configure IPSec Lifetime
- Configure the Protocol for the Dynamic SA
- Configure an IPSec Policy
- Configure Perfect Forward Secrecy
- Example: IPSec Policy Configuration
- Configure Trace Options
- Configure the ES PIC
- Example: ES PIC Configuration
- Configure Traffic
- Traffic Overview
- Example: Configure Outbound Traffic Filter
- Example: Apply Outbound Traffic Filter
- Example: Configure Inbound Traffic Filter for Policy Check
- Example: Apply Inbound Traffic Filter to ES PIC for Policy Check
- Configure an ES Tunnel Interface for a Layer 3 VPN
- JUNOScript XNM-SSL Service
- Configure JUNOScript XNM-SSL Service
- Load the SSL Certificate from A File or URL
- Summary of Security Services Configuration Statements
- authentication
- auxiliary-spi
- authentication-algorithm
- authentication-algorithm (IKE)
- authentication-algorithm (IPSec)
- authentication-method
- ca-name
- cache-size
- cache-timeout-negative
- certificates
- certification-authority
- crl
- dh-group
- direction
- dynamic
- encryption
- encryption-algorithm
- enrollment-retry
- enrollment-url
- file
- ike
- identity
- ipsec
- ldap-url
- lifetime-seconds
- local
- local-certificate
- local-key-pair
- manual
- maximum-certficates
- mode
- mode (IPSec)
- mode (IKE)
- path-length
- perfect-forward-secrecy
- policy
- policy (IPSec)
- policy (IKE)
- policy-source
- pre-shared-key
- proposal
- proposal (IKE)
- proposal (IPSec)
- protocol
- protocol (manual SA)
- protocol (dynamic SA)
- security-association
- spi
- traceoptions
- Router Chassis Configuration Guidelines
- Minimum Chassis Configuration
- Configure Aggregated Devices
- Configure ATM Cell-Relay Accumulation Mode
- Configure Conditions That Trigger Alarms
- Chassis Conditions That Trigger Alarms
- Silence External Devices
- Configure SONET/SDH Framing
- Configure Sparse DLCIS Mode
- Configure Channelized PIC Operation
- Concatenated and Nonconcatenated Mode
- Channelized DS-3 to DS-0 Naming
- Channelized E1 Naming
- Channelized STM-1 Interface Virtual Tributary Mapping
- Configure Layer 2 Circuit Cell-Relay or AAL5 Transport Mode
- Configure the Drop Policy for Traffic with Source-Route Constraints
- Configure Redundancy
- Configure Routing Engine Redundancy
- Copy a Configuration File from One Routing Engine to the Other
- Load a Package from the Other Routing Engine
- Change over to the Backup Routing Engine
- Default Routing Engine Redundancy Behavior
- Configure SFM Redundancy
- Configure SSB Redundancy
- Configure Packet Scheduling
- Configure the Link Services PICs
- Summary of Router Chassis Configuration Statements
- aggregated-devices
- alarm
- atm-cell-relay-accumulation
- atm-l2circuit-mode
- ce1
- channel-group
- chassis
- ct3
- device-count
- e1
- ethernet
- failover on-loss-of-keepalives
- fpc
- framing
- keepalive-time
- mlfr-uni-nni-bundles
- no-concatenate
- packet-scheduling
- pic
- port
- redundancy
- routing-engine
- sfm
- sonet
- source-route
- ssb
- sparse-dlcis
- t1
- timeslots
- vtmapping
- Glossary
- Index
- Index of Statements and Commands