|
Techpubs Home
Report an Error
Short Contents
Entire manual as PDF [6664 KB]
|
 |
- Chapter:
About This Guide
[PDF 56 KB]
- Objectives
- Audience
- Document Organization
- Part Organization
- Using the Indexes
- Documentation Conventions
- General Conventions
- Conventions for Software Commands and Statements
- List of Technical Publications
- Documentation Feedback
- How to Request Support
- Chapter:
Product Architecture
[PDF 34 KB]
- Hardware Overview
- Product Architecture
- Packet Forwarding Engine
- Packet Flow through an M-series Router
- Packet Flow through a T-series Router
- Routing Engine
- Chapter:
JUNOS Software Overview
[PDF 189 KB]
- Routing Engine Software Components
- Routing Protocol Process
- IPv4 Routing Protocols
- IPv6 Routing Protocols
- Routing and Forwarding Tables
- Routing Policy
- VPNs
- Interface Process
- Chassis Process
- SNMP and MIB II Processes
- Management Process
- Routing Engine Kernel
- Software Installation Overview
- Tools for Accessing and Controlling the Software
- Software Configuration Overview
- Methods of Configuring the Software
- Configure the Software
- Activate a Configuration
- Software Monitoring Tools
- Router Security
- JUNOS Default Settings
- Router Access
- User Authentication
- Plain-Text Passwords
- Routing Protocol Security Features
- Firewall Filters
- Auditing for Security
- Supported Software Standards
- Supported Internet RFCs and Drafts
- ATM
- BGP
- CHAP
- Firewall Filters
- Frame Relay
- GMPLS
- GRE and IP-IP Encapsulation
- ILMI
- IP Multicast
- IPSec and IKE
- IPv6
- IS-IS
- LDP
- LMP
- LT2P
- MIBs
- MPLS
- NAT
- OSPF
- PPP
- RIP
- RSVP
- SSL
- TCP/IP v4
- Voice Services
- VPNs
- Supported ISO Standards
- IS-IS
- Supported SDH and SONET Standards
- Other Supported Standards
- ATM
- Ethernet
- Frame Relay
- Serial
- T3
- Chapter:
Complete Configuration Mode Commands and Statements
[PDF 497 KB]
- Complete Configuration Mode Commands
- Complete Configuration Statement Hierarchy
- [edit access] Hierarchy Level
- [edit accounting-options] Hierarchy Level
- [edit applications] Hierarchy Level
- [edit chassis] Hierarchy Level
- [edit class-of-service] Hierarchy Level
- [edit coffee] Hierarchy Level
- [edit firewall] Hierarchy Level
- [edit forwarding-options] Hierarchy Level
- [edit groups] Hierarchy Level
- [edit interfaces] Hierarchy Level
- [edit logical-routers] Hierarchy Level
- [edit policy-options] Hierarchy Level
- [edit protocols] Hierarchy Level
- [edit routing-instances] Hierarchy Level
- [edit routing-options] Hierarchy Level
- [edit security] Hierarchy Level
- [edit services] hierarchy level
- [edit snmp] Hierarchy Level
- [edit system] Hierarchy Level
- Chapter:
Command-Line Interface Overview
[PDF 21 KB]
- CLI Modes
- CLI Command Hierarchy
- Chapter:
Command-Line Interface Operational Mode
[PDF 164 KB]
- Use the CLI
- Get Help about Commands
- Examples: Get Help about Commands
- Get Help Based on a String in a Statement Name
- Display Tips about CLI Commands
- Have the CLI Complete Commands
- Examples: Use CLI Command Completion
- CLI Messages
- Move Around and Edit the Command Line
- How Output Appears on the Screen
- Display Output One Screen at a Time
- Filter Command Output
- Display set Commands from the Configuration
- Example: Display Set Commands from the Configuration
- Example: Display Set Commands with the Match Option
- Set the Current Date and Time
- Set the Date and Time from NTP Servers
- Set the Source Address to Contact the NTP Server
- Display CLI Command History
- Monitor Who Uses the CLI
- Chapter:
Control the CLI Environment
[PDF 32 KB]
- Set the Terminal Type
- Set the Screen Length
- Set the Screen Width
- Set the CLI Prompt
- Set the Idle Timeout
- Set the CLI to Prompt after a Software Upgrade
- Set Command Completion
- Display CLI Settings
- Example: Control the CLI Environment
- Chapter:
Configure the Router with the CLI
[PDF 408 KB]
- Configuration Statement Hierarchy
- How the Configuration Is Stored
- Enter Configuration Mode
- Use the Configure Command
- Use the Configure Exclusive Command
- Use the Configure Private Command
- Update the Configure Private Configuration
- Configuration Mode Prompt
- Configuration Mode Banner
- Configuration Statements and Identifiers
- Get Help about Configuration Mode Commands, Statements, and Identifiers
- Use Command Completion in Configuration Mode
- Examples: Use Command Completion in Configuration Mode
- Get Help Based on a String in a Statement Name
- Example: Get Help Based on a String in a Statement Name
- Create and Modify the Configuration
- Examples: Create and Modify the Configuration
- Move among Levels of the Hierarchy
- Move Down to a Specific Level
- Move Back Up to Your Previous Level
- Move Up One Level
- Move Directly to the Top of the Hierarchy
- Warning Messages When Moving Up
- Issue Relative Configuration Commands
- Exit Configuration Mode
- Display the Current Configuration
- Examples: Display the Current Configuration
- Display Users Currently Editing the Configuration
- Remove a Statement from the Configuration
- Examples: Remove a Statement from the Configuration
- Use Regular Expressions to Remove Related Configuration Items
- Example: Delete Interfaces from the Configuration
- Example: Delete Routes from the Configuration
- Copy a Statement in the Configuration
- Example: Copy a Statement in the Configuration
- Rename an Identifier
- Example: Rename an Identifier
- Insert a New Identifier
- Examples: Insert a New Identifier
- Run an Operational Mode CLI Command from Configuration Mode
- Example: Run an Operational Mode CLI Command from Configuration Mode
- Display Configuration Mode Command History
- Verify a Configuration
- Commit a Configuration
- Commit a Configuration and Exit Configuration Mode
- Activate a Configuration but Require Confirmation
- Schedule a Commit
- Monitor the Commit Process
- Add a Comment to Describe the Committed Configuration
- Synchronize Routing Engines
- Example: Apply Groups Re0 and Re1
- Example: Set Apply Groups Re0 and Re1
- Save a Configuration to a File
- Load a Configuration
- Examples: Load a Configuration from a File
- Return to a Previously Committed Configuration
- Example: Return to a Previously Committed Version of the Configuration
- Return to the Rescue Configuration
- Configuration Mode Error Messages
- Deactivate and Reactivate Statements and Identifiers in a Configuration
- Examples: Deactivate and Reactivate Statements and Identifiers in a Configuration
- Add Comments in a Configuration
- Examples: Include Comments in Configurations
- Have Multiple Users Configure the Software
- Example: Use the CLI to Configure the Router
- Shortcut
- Longer Configuration Example
- Additional Details about Specifying Statements and Identifiers
- How to Specify Statements
- How the CLI Performs Type-Checking
- Chapter:
Configuration Groups
[PDF 138 KB]
- Overview
- Inheritance Model
- Configuration Groups Configuration Statements
- Configuration Groups Configuration Guidelines
- Create a Configuration Group
- Apply a Configuration Group
- Example: Configure and Apply Configuration Groups
- Disable Inheritance of a Configuration Group
- Example: Disable Inheritance on Interface s0-1/1/0
- Display Inherited Values
- Use Wildcards
- Example: Use Wildcards
- Examples: Configuration Groups
- Configure Sets of Statements
- Configure Interfaces
- Configure Peer Entities
- Establish Regional Configurations
- Select Wildcard Names
- Summary of Configuration Group Statements
- apply-groups
- apply-groups-except
- groups
- Chapter:
Summary of CLI Environment Commands
[PDF 51 KB]
- set cli complete-on-space
- set cli idle-timeout
- set cli prompt
- set cli restart-on-upgrade
- set cli screen-length
- set cli screen-width
- set cli terminal
- set date
- set date ntp
- set date ntp source-address
- show cli
- show cli history
- Chapter:
Summary of CLI Configuration Mode Commands
[PDF 98 KB]
- activate
- annotate
- commit
- copy
- deactivate
- delete
- edit
- exit
- help
- insert
- load
- quit
- rename
- rollback
- run
- save
- set
- show
- status
- top
- up
- wildcard
- Chapter:
Summary of CLI Operational Mode Commands
[PDF 55 KB]
- clear
- configure
- file
- help
- monitor
- ping
- | (pipe)
- quit
- request
- restart
- set
- show
- ssh
- start
- telnet
- test
- traceroute
- update
- Chapter:
Installation Overview
[PDF 41 KB]
- JUNOS Software Distribution
- Software Release Names
- Package Names
- Storage Media
- Boot Devices
- Boot Sequence
- Chapter:
Configure the Software Initially
[PDF 28 KB]
- Chapter:
Reinstall the Software Using the Install Media
[PDF 33 KB]
- Prepare to Reinstall the JUNOS Software
- Reinstall the JUNOS Software
- Reconfigure the JUNOS Software
- Chapter:
Upgrade Software Packages
[PDF 49 KB]
- Upgrade All Software Packages
- Upgrade Individual Software Packages
- Copy a Configuration to a PC Card or LS-120MB Floppy Disk
- Chapter:
Reinstall Software Using jinstall
[PDF 32 KB]
- Chapter:
Upgrade to Release 6.0 or Downgrade from Release 6.0
[PDF 42 KB]
- Upgrade to Release 6.0
- Downgrade from Release 6.0
- Chapter:
System Management Overview
[PDF 39 KB]
- Specify IP Addresses, Network Masks, and Prefixes
- Specify Filenames and URLs
- Directories on the Router
- Tracing and Logging Operations
- Protocol Authentication
- User Authentication
- Chapter:
System Management Configuration Statements
[PDF 46 KB]
- Chapter:
Configure Basic System Management
[PDF 71 KB]
- Configure the Router's Name and Addresses
- Configure the Router's Name
- Map the Router's Name to IP Addresses
- Configure an ISO System Identifier
- Example: Configure a Router's Name, IP Address, and System ID
- Configure the Router's Domain Name
- Example: Configure the Router's Domain Name
- Configure Which Domains to Search
- Example: Configure Which Domains to Search
- Configure a DNS Name Server
- Example: Configure a DNS Name Server
- Configure a Backup Router
- Example: Configure a Backup Router
- Configure Flash Disk Mirroring
- Configure the System Location
- Configure the Root Password
- Example: Configure the Root Password
- Compress the Current Configuration File
- Chapter:
Configure System Authentication
[PDF 94 KB]
- Configure RADIUS Authentication
- Configure Juniper Networks-Specific RADIUS Attributes
- Configure TACACS+ Authentication
- Configure Juniper Networks-Specific TACACS+ Attributes
- Specify a Source Address for RADIUS and TACACS+ Servers
- Configure Template Accounts for RADIUS and TACACS+ Authentication
- Remote Template Accounts
- Local User Template Accounts
- Local User Template Example
- Configure the Authentication Order
- Example: Remove an Order Set from the Authentication Order
- Example: Insert an Order Set in the Authentication Order
- Examples: Configure System Authentication
- Local User Fallback Mechanism
- Example: Insert Password in to the Authentication Order
- Example: Default to Local User Password Authentication, TACACS +
- Example: Default to Local User Password Authentication, RADIUS
- Example: Default to Local User Password Authentication, TACACS + and RADIUS
- Chapter:
Configure User Access
[PDF 111 KB]
- Define Login Classes
- Configure Access Privilege Levels
- Example: Configure Access Privilege Levels
- Deny or Allow Individual Commands
- Operational Mode Commands
- Example 1: Define Access Privileges to Individual Operational Mode Commands
- Example 2: Define Access Privileges to Individual Operational Mode Commands
- Configuration Mode Commands
- Example 3: Define Access Privileges to Individual Configuration Mode Commands
- Example 4: Configure Access Privileges to Individual Configuration Mode Commands
- Configure the Timeout Value for Idle Login Sessions
- Disable Tip
- Configure User Accounts
- Example: Configure User Accounts
- Chapter:
Configure Time
[PDF 70 KB]
- Set the Time Zone
- Examples: Set the Time Zone
- Configure the Network Time Protocol
- Configure the NTP Boot Server
- Specify a Source Address for an NTP Server
- Configure the NTP Time Server and Time Services
- Configure the Router to Operate in Client Mode
- Example: Client Mode
- Configure the Router to Operate in Symmetric Active Mode
- Configure the Router to Operate in Broadcast Mode
- Configure the Router to Operate in Server Mode
- Example: Server Mode
- Configure NTP Authentication Keys
- Configure the Router to Listen for Broadcast Messages
- Configure the Router to Listen for Multicast Messages
- Chapter:
Configure System Log Messages
[PDF 118 KB]
- System Logging Configuration Statements
- Minimum System Logging Configuration
- Configure System Logging
- Direct Messages to a Log File
- Direct Messages to a User Terminal
- Direct Messages to the Console
- Direct Messages to a Remote Machine or the Other Routing Engine
- Specify an Alternate Source Address
- Change the Alternate Facility Assigned to Remote Messages
- Examples: Assign an Alternate Facility
- Add a String to System Log Messages
- Example: Add a String
- Configure Archiving of Log Files
- Include Priority in System Log Messages
- Include the Year or Millisecond in Timestamps
- Disable Logging of a Facility
- Examples: Configure System Logging
- Chapter:
Configure Miscellaneous System Management Features
[PDF 89 KB]
- Configure Console and Auxiliary Port Properties
- Disable the Sending of Redirect Messages on the Router
- Configure the Source Address for Locally Generated TCP/IP Packets
- Configure the Router or Interface to Act as a DHCP/BOOTP Relay Agent
- Configure System Services
- Configure Finger Service
- Configure FTP Service
- Configure rlogin Service
- Configure ssh Service
- Configure the Root Login
- Configure the ssh Protocol Version
- Configure telnet Service
- Configure a System Login Message
- Configure JUNOS Software Processes
- Disable JUNOS Software Processes
- Configure Failover to Backup Media if a Software Process Fails
- Configure the Password on the Diagnostics Port
- Core Dump Files
- Configure a Router to Transfer its Configuration to an Archive Site
- Configure the Transfer Interval
- Configure Transfer on Commit
- Configure Archive Sites
- TACACS+ System Accounting
- Specify Events
- Configure TACACS+ Accounting
- Chapter:
Security Configuration Example
[PDF 189 KB]
- Configure System Information
- Configure RADIUS
- Create Login Classes
- Define User Login Accounts
- Define RADIUS Template Accounts
- Enable Connection Services
- Configure System Logging
- Configure the Time Source
- Configure Interfaces
- Configure SNMP
- Configure Protocol-Independent Routing Properties
- Configure Routing Protocols
- Configure BGP
- Configure IS-IS
- Configure Firewalls
- Example: Consolidated Security Configuration
- Chapter:
Summary of System Management Configuration Statements
[PDF 299 KB]
- allow-commands
- allow-configuration
- archive-sites
- authentication
- authentication-key
- authentication-order
- auxiliary
- backup-router
- boot-server
- broadcast
- broadcast-client
- class
- class (Assign a Class to an Individual User)
- class (Define Login Classes)
- compress-configuration-files
- configuration
- console
- default-address-selection
- deny-commands
- deny-configuration
- destination
- diag-port-authentication
- domain-name
- domain-search
- events
- full-name
- host-name
- idle-timeout
- load-key-file
- location
- login
- message
- mirror-flash-on-disk
- multicast-client
- name-server
- no-redirects
- no-saved-core-context
- no-tip
- ntp
- peer
- permissions
- port
- port (RADIUS Server)
- port (TACACS+ Server)
- ports
- processes
- protocol-version
- radius-server
- retry
- root-authentication
- root-login
- secret
- server
- server (Accounting)
- server (NTP)
- services
- single-connection
- source-address
- static-host-mapping
- syslog
- system
- tacplus
- tacplus-server
- timeout
- time-format
- time-zone
- transfer-interval
- transfer-on-commit
- trusted-key
- uid
- user
- Chapter:
Configure Access
[PDF 225 KB]
- Configure the Point-to-Point Protocol
- Configure the Challenge Handshake Authentication Protocol
- Example: PPP Challenge Handshake Authentication Protocol
- Configure the Authentication Order
- Trace Access Processes
- Configure the Layer 2 Tunneling Protocol
- Minimum L2TP Configuration
- Configure the Address Pool
- Configure the Group Profile
- Configure the Layer 2 Tunneling Protocol for a Group Profile
- Configure the PPP Attributes for a Group Profile
- Example: Group Profile Configuration
- Configure the Profile
- Configure the Authentication Order
- Configure the Client
- Example: Define the Default Tunnel Client
- Example: Define the User Group Profile
- Example: PPP CHAP
- Example: PAP
- Example: User Group Profile
- Example: Profile Configuration
- Example: L2TP Configuration
- Configure RADIUS Authentication for L2TP
- Example: RADIUS Athentication
- Configure the RADIUS Disconnect Server for L2TP
- Example: RADIUS Disconnect Server
- Chapter:
Summary of Access Configuration Statements
[PDF 135 KB]
- accounting-port
- address
- address-pool
- address-range
- authentication-order
- client
- client-address
- framed-ip-address
- framed-pool
- group-profile
- idle-timeout
- interface-id
- keepalive
- lcp-renegotiation
- local-chap
- l2tp
- l2TP (group profile)
- l2TP (profile)
- maximum-sessions-per-tunnel
- pap-password
- port
- ppp
- ppp ( group profile)
- ppp (profile)
- ppp-authentication
- primary-dns
- primary-wins
- profile
- radius-disconnect
- radius-disconnect-port
- radius-server
- retry
- secondary-dns
- secondary-wins
- secret
- shared-secret
- timeout
- traceoptions
- user-group-profile
- Chapter:
Security Services Overview
[PDF 19 KB]
- IPSec Overview
- Security Associations
- IKE
- Chapter:
Security Services Configuration Guidelines
[PDF 301 KB]
- Minimum Manual SA Configuration
- Minimum IKE Configuration
- Minimum Digital Certificates Configuration for IKE
- Configure Security Associations
- Configure IPSec Mode
- Transport Mode
- Tunnel Mode
- Configure Manual Security Associations
- Configure Direction
- Configure the Protocol
- Configure a Security Parameter Index
- Configure the Auxiliary Security Parameter Index
- Configure Authentication
- Configure Encryption
- Configure Dynamic Security Associations
- Configure an IKE Proposal (Dynamic SAs Only)
- Configure an IKE Authentication Algorithm
- Configure an IKE Authentication Method
- Configure an IKE Diffie-Hellman Group
- Configure an IKE Encryption Algorithm
- Configure an IKE Lifetime
- Example: Configure an IKE Proposal
- Configure an IKE Policy for Preshared Keys
- Configure the IKE Policy Mode
- Configure the IKE Policy Proposal
- Configure the IKE Policy Preshared Key
- Configure the IKE Policy Description
- Example: Configure an IKE Policy
- Configure an IPSec Proposal
- Configure an Authentication Algorithm
- Configure the Encryption Algorithm
- Configure the IPSec Lifetime
- Configure the Protocol for the Dynamic SA
- Configure the IPSec Policy
- Configure Perfect Forward Secrecy
- Example: IPSec Policy Configuration
- Digital Certificates Guidelines
- Obtain a Certificate from a Certification Authority
- Example: Obtain a Public Certificate from a Certification Authority
- Generate a Private and Public Key
- Configure Digital Certificates
- Configure the Certificate Authority Properties
- Configure the Cache Size
- Configure the Negative Cache
- Configure the Number of Enrollment Retries
- Configure the Maximum Number of Peer Certificates
- Configure the Path Length for the Certificate Hierarchy
- Configure an IKE Policy for Digital Certificates
- Configure the Type of Encoding Your CA Supports
- Configure the Identity to Define the Remote Certificate Name
- Specify the Certificate Filename
- Specify the Private and Public Key File
- Obtain a Publicly-Signed Router Digital Certificate
- Example: Obtain a Publicly-Signed Router Digital Certificate
- Configure Trace Options
- Configure the ES PIC
- Example: ES PIC Configuration
- Configure Traffic
- Traffic Overview
- Example: Configure Outbound Traffic Filter
- Example: Apply Outbound Traffic Filter
- Example: Configure Inbound Traffic Filter for Policy Check
- Example: Apply Inbound Traffic Filter to ES PIC for Policy Check
- Configure an ES Tunnel Interface for a Layer 3 VPN
- JUNOScript XNM-SSL Service
- Configure JUNOScript XNM-SSL Service
- Load the SSL Certificate from a File or URL
- Chapter:
Summary of Security Services Configuration Statements
[PDF 178 KB]
- authentication
- auxiliary-spi
- authentication-algorithm
- authentication-algorithm (IKE)
- authentication-algorithm (IPSec)
- authentication-method
- ca-name
- cache-size
- cache-timeout-negative
- certificates
- certification-authority
- crl
- description
- dh-group
- direction
- dynamic
- encoding
- encryption
- encryption-algorithm
- enrollment-retry
- enrollment-url
- file
- ike
- identity
- ipsec
- ldap-url
- lifetime-seconds
- local
- local-certificate
- local-key-pair
- manual
- maximum-certificates
- mode
- mode (IKE)
- mode (IPSec)
- path-length
- perfect-forward-secrecy
- policy
- policy (IKE)
- policy (IPSec)
- pre-shared-key
- proposal
- proposal (IKE)
- proposal (IPSec)
- protocol
- protocol (Dynamic SA)
- protocol (Manual SA)
- security-association
- spi
- traceoptions
- Chapter:
Router Chassis Configuration Guidelines
[PDF 328 KB]
- Minimum Chassis Configuration
- Configure Aggregated Devices
- Configure ATM Cell-Relay Accumulation Mode On a ATM1 PIC
- Configure Conditions That Trigger Alarms
- Chassis Conditions That Trigger Alarms
- Silence External Devices
- Configure SONET/SDH Framing
- Configure Sparse DLCI Mode
- Configure Channelized PIC Operation
- Concatenated and Nonconcatenated Mode
- Channelized DS-3 to DS-0 Naming
- Configure Eight Queues on IQ Interfaces
- Channelized E1 Naming
- Channelized STM-1 Interface Virtual Tributary Mapping
- Configure ATM2 Intelligent Queuing Layer 2 Circuit Transport Mode
- Enable ILMI for Cell Relay
- Configure the Drop Policy for Traffic with Source-Route Constraints
- Configure Redundancy
- Configure Routing Engine Redundancy
- Copy a Configuration File from One Routing Engine to the Other
- Load a Package from the Other Routing Engine
- Change to the Backup Routing Engine if It Detects Loss of KeepAlive Signal
- Change to the Backup Routing Engine without Interruption to Packet Forwarding (Graceful Switchover)
- Default Routing Engine Redundancy Behavior
- Configure SFM Redundancy
- Configure SSB Redundancy
- Configure Packet Scheduling
- Configure the Link Services PICs
- Configure the Idle Cell Format
- Configure a MTU Path Check for a Routing Instance
- Enable MTU Check for a Routing Instance
- Assign an IP Address to an Interface in the Routing Instance
- Chapter:
Summary of Router Chassis Configuration Statements
[PDF 126 KB]
- aggregated-devices
- alarm
- atm-cell-relay-accumulation
- atm-l2circuit-mode
- ce1
- channel-group
- chassis
- ct3
- device-count
- e1
- ethernet
- failover on-loss-of-keepalives
- fpc
- framing
- graceful-switchover
- idle-cell-format
- keepalive-time
- max-queues-per-interface
- mlfr-uni-nni-bundles
- no-concatenate
- packet-scheduling
- pic
- port
- redundancy
- routing-engine
- sfm
- sonet
- source-route
- ssb
- sparse-dlcis
- t1
- timeslots
- vrf-mtu-check
- vtmapping
- Chapter:
Index
[]
- Chapter:
Index of Statements and Commands
[]
|
