Table of Contents
- About This Guide
- Objectives
- Audience
- Using the Indexes
- Documentation Conventions
- Related Juniper Networks Documentation
- Documentation Feedback
- Requesting Support
- JUNOS Software Overview
- Routing Engine Software Components
- Routing Protocol Process
- IPv4 Routing Protocols
- IPv6 Routing Protocols
- Routing and Forwarding Tables
- Routing Policy
- VPNs
- Interface Process
- Chassis Process
- SNMP and MIB II Processes
- Management Process
- Routing Engine Kernel
- Software Installation Overview
- User Interfaces
- Ports for External Devices
- Software Configuration Overview
- Methods of Configuring the Software
- Configuring the Software
- Activating a Configuration
- Using Software Monitoring Tools
- Router Security
- JUNOS Default Settings
- Router Access
- User Authentication
- Specifying Plain-Text Passwords
- Routing Protocol Security Features
- Firewall Filters
- Auditing for Security
- FIPS 140-2 Security Compliance
- Supported Software Standards
- Supported Internet RFCs and Drafts
- Asynchronous Transfer Mode (ATM)
- BGP
- Challenge Handshake Authentication Protocol (CHAP)
- Dynamic Host Configuration Protocol (DHCP)
- Firewall Filters
- Frame Relay
- Generalized MPLS (GMPLS)
- Generalized Routing Encapsulation (GRE) and IP-IP Encapsulation
- Integrated Local Management Interface (ILMI)
- IP Multicast
- IPSec and IKE
- IPv6
- IS-IS
- LDP
- Link Management Protocol (LMP )
- Layer 2 Tunneling Protocol (L2TP)
- MIBs
- MPLS
- Network Address Translation (NAT)
- OSPF
- Point-to-Point Protocol (PPP)
- RIP
- RSVP
- Secure Sockets Layer (SSL)
- TCP/IPv4
- Voice Services
- VPNs
- Supported ISO Standards
- IS-IS
- Supported SDH and SONET Standards
- Other Supported Standards
- ATM
- Ethernet
- Frame Relay
- Serial
- T3
- Product Architecture
- Hardware Overview
- Product Architecture
- Packet Forwarding Engine
- Routing Engine
- Complete Configuration Mode Commands and Statements for M-series and T-series Platforms
- Complete Configuration Mode Commands
- Complete Configuration Statement Hierarchy
- [edit access] Hierarchy Level
- [edit accounting-options] Hierarchy Level
- [edit applications] Hierarchy Level
- [edit chassis] Hierarchy Level
- [edit class-of-service] Hierarchy Level
- [edit firewall] Hierarchy Level
- [edit forwarding-options] Hierarchy Level
- [edit groups] Hierarchy Level
- [edit interfaces] Hierarchy Level
- [edit logical-routers] Hierarchy Level
- [edit policy-options] Hierarchy Level
- [edit protocols] Hierarchy Level
- [edit routing-instances] Hierarchy Level
- [edit routing-options] Hierarchy Level
- [edit security] Hierarchy Level
- [edit services] hierarchy level
- [edit snmp] Hierarchy Level
- [edit system] Hierarchy Level
- Complete Configuration Mode Commands and Statements for J-series Services Routers
- Complete Configuration Mode Commands
- Complete Configuration Statement Hierarchy
- [edit access] Hierarchy Level
- [edit accounting-options] Hierarchy Level
- [edit applications] Hierarchy Level
- [edit chassis] Hierarchy Level
- [edit class-of-service] Hierarchy Level
- [edit firewall] Hierarchy Level
- [edit forwarding-options] Hierarchy Level
- [edit groups] Hierarchy Level
- [edit interfaces] Hierarchy Level
- [edit policy-options] Hierarchy Level
- [edit protocols] Hierarchy Level
- [edit routing-options] Hierarchy Level
- [edit security] Hierarchy Level
- [edit services] hierarchy level
- [edit snmp] Hierarchy Level
- [edit system] Hierarchy Level
- CLI Overview
- CLI Modes
- CLI Command Hierarchy
- Using the J-Web Graphical User Interface as an Alternative to the CLI
- Starting the J-Web Interface
- J-Web Sessions
- Commands and Configuration Statements for JUNOS-FIPS
- Reserved Names and Values
- CLI Operational Mode
- Using the CLI
- Getting Help About Commands
- Getting Help Based on a String in a Statement Name
- Displaying Tips About CLI Commands
- Using CLI Complete Commands
- Examples: Using CLI Command Completion
- CLI Messages
- Moving Around and Editing the Command Line
- How Output Appears on the Screen
- Displaying Output One Screen at a Time
- Filtering Command Output
- Setting the Current Date and Time
- Setting the Date and Time from NTP Servers
- Setting the Source Address to Contact the NTP Server
- Displaying CLI Command History
- Displaying CLI Word History
- Monitoring Who Uses the CLI
- Using the Comment Character #
- Example: Using Comments
- JUNOS-FIPS Commands
- Routing Matrix CLI Enhancements
- Routing Matrix Overview
- How the Routing Matrix Is Identified in the CLI
- Viewing the Routing Matrix as a Single Router
- CLI Options for Selecting Routing Matrix Components
- Examples of Routing Matrix Command Options
- Using FPC Numbers in Routing Matrix CLI Commands
- Using FPC Numbers in Operational Mode Chassis Commands
- Specifying FPC Numbers at the [edit chassis lcc number] Hierarchy Level
- Specifying FPC Numbers When Configuring Interfaces
- Operational Commands Issued on Routing Engines
- General Operational Tasks
- Upgrading Software on a Routing Matrix
- Managing Backup Routing Engines
- Halting and Rebooting Routing Matrix Components
- Bringing Routing Nodes Offline or Online
- Managing Files on Routing Engines
- Displaying Logs on Any Routing Engine
- Checking the Status of T640 Routing Nodes
- Configuring the Routing Matrix
- Additional Groups
- Controlling the CLI Environment
- Setting the Terminal Type
- Setting the Screen Length
- Setting the Screen Width
- Setting the CLI Prompt
- Setting the CLI Directory
- Setting the CLI Timestamp
- Setting the Idle Timeout
- Setting the CLI to Prompt after a Software Upgrade
- Setting Command Completion
- Displaying CLI Settings
- Example: Controlling the CLI Environment
- Configuring the Router with the CLI
- Configuration Statement Hierarchy
- How the Configuration Is Stored
- Entering Configuration Mode
- Using the Configure Command
- Using the Configure Exclusive Command
- Using the Configure Private Command
- Updating the Configure Private Configuration
- Configuration Mode Prompt
- Configuration Mode Banner
- Configuration Statements and Identifiers
- Getting Help About Configuration Mode Commands, Statements, and Identifiers
- Using Command Completion in Configuration Mode
- Examples: Using Command Completion in Configuration Mode
- Getting Help Based on a String in a Statement Name
- Example: Getting Help Based on a String in a Statement Name
- Creating and Modifying the Configuration
- Examples: Creating and Modifying the Configuration
- Moving Among Levels of the Hierarchy
- Moving Down to a Specific Level
- Moving Back Up to Your Previous Level
- Moving Up One Level
- Moving Directly to the Top of the Hierarchy
- Warning Messages When Moving Up
- Issuing Relative Configuration Commands
- Exiting Configuration Mode
- Displaying the Current Configuration
- Examples: Displaying the Current Configuration
- Displaying set Commands from the Configuration
- Example: Displaying set Commands from the Configuration
- Example: Displaying Required set Commands at the Current Hierarchy Level
- Example: Displaying set Commands with the Match Option
- Displaying Users Currently Editing the Configuration
- Removing a Statement from the Configuration
- Examples: Removing a Statement from the Configuration
- Using Regular Expressions to Remove Related Configuration Items
- Example: Deleting Interfaces from the Configuration
- Example: Deleting Routes from the Configuration
- Copying a Statement in the Configuration
- Example: Copying a Statement in the Configuration
- Renaming an Identifier
- Example: Renaming an Identifier
- Inserting a New Identifier
- Examples: Inserting a New Identifier
- Running an Operational Mode CLI Command from Configuration Mode
- Example: Running an Operational Mode CLI Command from Configuration Mode
- Displaying Configuration Mode Command History
- Verifying a Configuration
- Committing a Configuration
- Committing a Configuration and Exiting Configuration Mode
- Activating a Configuration but Requiring Confirmation
- Scheduling a Commit
- Monitoring the Commit Process
- Adding a Comment to Describe the Committed Configuration
- Synchronizing Routing Engines
- Example: Using Apply Groups re0 and re1
- Example: Setting Apply Groups re0 and re1
- Saving a Configuration to a File
- Loading a Configuration
- Examples: Load a Configuration from a File
- Returning to a Previously Committed Configuration
- Example: Returning to a Previously Committed Version of the Configuration
- Creating and Returning to a Rescue Configuration
- Configuration Mode Error Messages
- Deactivating and Reactivating Statements and Identifiers in a Configuration
- Examples: Deactivating and Reactivating Statements and Identifiers in a Configuration
- Adding Comments in a Configuration
- Examples: Including Comments in Configurations
- Having Multiple Users Configure the Software
- Example: Using the CLI to Configure the Router
- Shortcut
- Longer Configuration Example
- Additional Details About Specifying Statements and Identifiers
- Specifying Statements
- Performing CLI Type-Checking
- Summary of CLI Environment Commands
- set cli complete-on-space
- set cli directory
- set cli idle-timeout
- set cli prompt
- set cli restart-on-upgrade
- set cli screen-length
- set cli screen-width
- set cli terminal
- set cli timestamp
- set date
- set date ntp
- set date ntp source-address
- show cli
- show cli history
- Summary of CLI Configuration Mode Commands
- activate
- annotate
- commit
- copy
- deactivate
- delete
- edit
- exit
- help
- insert
- load
- quit
- rename
- rollback
- run
- save
- set
- show
- show | display inheritance defaults
- show | display set
- show | display set relative
- show groups junos-defaults
- status
- top
- up
- wildcard
- Summary of CLI Operational Mode Commands
- clear
- configure
- file
- file archive
- help
- monitor
- mtrace
- ping
- | (pipe)
- quit
- request
- request security certificate
- request security certificate (for CA Certificate)
- request security certificate (for Signed Certificate)
- restart
- restart (Routing Matrix)
- restart (J-series Services Routers)
- restart routing
- set
- show
- ssh
- start
- telnet
- test
- traceroute
- update
- Installation Overview
- JUNOS Software Distribution
- Software Release Names
- Package Names
- Storage Media
- Boot Devices
- Boot Sequence
- Installing JUNOS-FIPS
- Verifying PIC Combinations
- Configuring the Software Initially
- Reinstalling the Software Using the Install Media
- Preparing to Reinstall the JUNOS Software
- Reinstalling the JUNOS Software
- Reconfiguring the JUNOS Software
- Upgrading Software Packages
- Upgrading All Software Packages
- Upgrading Individual Software Packages
- Installing the J-Web Package
- Copying a Configuration to a PC Card or LS-120 Floppy Disk
- Reinstalling Software Using jinstall
- Upgrading to Release 7.x from Release 5.x
- System Management Overview
- Specifying IP Addresses, Network Masks, and Prefixes
- Specifying Filenames and URLs
- Directories on the Router
- Tracing and Logging Operations
- Configuring Protocol Authentication
- Configuring User Authentication
- System Management Configuration Statements
- Configuring Basic System Management
- Configuring the Router's Name and Addresses
- Configuring the Router's Name
- Mapping the Router's Name to IP Addresses
- Configuring an ISO System Identifier
- Example: Configuring a Router's Name, IP Address, and System ID
- Configuring the Router's Domain Name
- Example: Configuring the Router's Domain Name
- Configuring Which Domains to Search
- Example: Configuring Which Domains to Search
- Configuring a DNS Name Server
- Example: Configuring a DNS Name Server
- Configuring a Backup Router
- Example: Configuring a Backup Router Running IPv4
- Example: Configuring a Backup Router Running IPv6
- Configuring Flash Disk Mirroring
- Configuring the System Location
- Configuring the Root Password
- Example: Configuring the Root Password
- Compressing the Current Configuration File
- Configuring System Authentication
- Configuring RADIUS Authentication
- Configuring Juniper Networks-Specific RADIUS Attributes
- Configuring TACACS+ Authentication
- Configuring Juniper Networks-Specific TACACS+ Attributes
- Specifying a Source Address for RADIUS and TACACS+ Servers
- Configuring the Same Authentication Service for Multiple TACACS+ Servers
- Example: Configuring Multiple TACACS+ Servers
- Configuring Template Accounts for RADIUS and TACACS+ Authentication
- Using Remote Template Accounts
- Using Local User Template Accounts
- Using Local User Template Example
- Configuring the Authentication Order
- Example: Removing an Order Set from the Authentication Order
- Example: Inserting an Order Set in the Authentication Order
- Examples: Configuring System Authentication
- Using the Local User Fallback Mechanism
- Example: Inserting Password into the Authentication Order
- Example: Defaulting to Local User Password Authentication, TACACS +
- Example: Defaulting to Local User Password Authentication, RADIUS
- Example: Defaulting to Local User Password Authentication, TACACS + and RADIUS
- Configuring User Access
- Defining Login Classes
- Configuring Access Privilege Levels
- Example: Configuring Access Privilege Levels
- Denying or Allowing Individual Commands
- Specifying Operational Mode Commands
- Example 1: Defining Access Privileges to Individual Operational Mode Commands
- Example 2: Configuring Access Privileges to Individual Operational Mode Commands
- Specifying Configuration Mode Commands
- Example 3: Defining Access Privileges to Individual Configuration Mode Commands
- Example 4: Configuring Access Privileges to Individual Configuration Mode Commands
- Configuring the Timeout Value for Idle Login Sessions
- Configuring Tips
- Configuring User Accounts
- Example: Configuring User Accounts
- JUNOS-FIPS Crypto Officer and User Accounts
- Crypto Officer User Configuration
- FIPS User Configuration
- Configuring Time
- Setting the Time Zone
- Examples: Setting the Time Zone
- Configuring the Network Time Protocol
- Configuring the NTP Boot Server
- Specifying a Source Address for an NTP Server
- Configuring the NTP Time Server and Time Services
- Configuring the Router to Operate in Client Mode
- Example: Configuring Client Mode
- Configuring the Router to Operate in Symmetric Active Mode
- Configuring the Router to Operate in Broadcast Mode
- Configuring the Router to Operate in Server Mode
- Example: Configuring Server Mode
- Configuring NTP Authentication Keys
- Configuring the Router to Listen for Broadcast Messages
- Configuring the Router to Listen for Multicast Messages
- Configuring System Log Messages
- System Logging Configuration Statements
- Minimum System Logging Configuration
- Configuring System Logging for a Single-Chassis System
- Directing Messages to a Log File
- Directing Messages to a User Terminal
- Directing Messages to the Console
- Directing Messages to a Remote Machine or the Other Routing Engine
- Specifying an Alternate Source Address
- Changing the Alternate Facility Name for Remote Messages
- Examples: Assigning an Alternate Facility
- Adding a String to System Log Messages
- Example: Adding a String
- Configuring Log File Archiving
- Including Priority in System Log Messages
- Including the Year or Millisecond in Timestamps
- Using Regular Expressions to Refine the Set of Logged Messages
- Example: Using Regular Expressions
- Disabling Logging of a Facility
- Examples: Configuring System Logging
- Configuring System Logging for a Routing Matrix
- Configuring Message Forwarding in the Routing Matrix
- Messages Logged when Local and Forwarded Severity Level Are the Same
- Messages Logged when Local Severity Level Is Lower
- Messages Logged when Local Severity Level Is Higher
- Configuring Optional Features for Forwarded Messages
- Directing Messages to a Remote Destination from the Routing Matrix
- Configuring System Logging Differently on Each Platform
- Configuring Miscellaneous System Management Features
- Configuring Console and Auxiliary Port Properties
- Disabling the Sending of Redirect Messages on the Router
- Configuring the Source Address for Locally Generated TCP/IP Packets
- Configuring the Router or Interface to Act as a DHCP/BOOTP Relay Agent
- Configuring System Services
- Configuring a DHCP Server
- DHCP Overview
- Network Address Assignments (Allocating a New Address)
- Network Address Assignments (Reusing a Previously Assigned Address)
- Static and Dynamic Bindings
- Compatibility with Autoinstallation
- Conflict Detection and Resolution
- DHCP Statement Hierarchy and Inheritance
- Configuring Address Pools
- Configuring Manual (Static) Bindings
- Specifying DHCP Lease Times
- Configuring a Boot File and Boot Server
- Configuring a DHCP Server Identifier
- Configuring a Domain Name and Domain Search List
- Configuring Routers Available to the Client
- Creating User-Defined DHCP Options
- Example: Complete DHCP Server Configuration
- Example: Viewing DHCP Bindings
- Example: Viewing DHCP Address Pools
- Example: Viewing and Clearing DHCP Conflicts
- Configuring Finger Service
- Configuring FTP Service
- Configuring JUNOScript Clear-Text Service
- Configuring JUNOScript SSL Service
- Configuring SSH Service
- Configuring the Root Login
- Configuring the SSH Protocol Version
- Configuring telnet Service
- Configuring Console Access to PICs
- Configuring a System Login Message
- Configuring a System Login Announcement
- Configuring JUNOS Software Processes
- Disabling JUNOS Software Processes
- Configuring Failover to Backup Media if a Software Process Fails
- Configuring the Password on the Diagnostics Port
- Saving Core Files from JUNOS Processes
- Configuring a Router to Transfer its Configuration to an Archive Site
- Configuring the Transfer Interval
- Configuring Transfer on Commit
- Configuring Archive Sites
- Specifying the Number of Configurations Stored on the Flash Drive
- Configuring TACACS+ System Accounting
- Specifying Events
- Configuring TACACS+ Accounting
- Enabling the SDX Software
- Configuring the Path MTU Discovery
- Configuring Source Quench
- Configuring the Range of Port Addresses
- Configuring ARP Learning and Aging
- Configuring Passive ARP Learning for Backup VRRP Routers
- Adjusting the ARP Aging Timer
- Configuring System Alarms to Show Automatically
- Security Configuration Example
- Configuring System Information
- Configuring RADIUS
- Creating Login Classes
- Defining User Login Accounts
- Defining RADIUS Template Accounts
- Enabling Connection Services
- Configuring System Logging
- Configuring the Time Source
- Configuring Interfaces
- Configuring SNMP
- Configuring Protocol-Independent Routing Properties
- Configuring Routing Protocols
- Configuring BGP
- Configuring IS-IS
- Configuring Firewalls
- Example: Consolidated Security Configuration
- Summary of System Management Configuration Statements
- accounting
- allow-commands
- allow-configuration
- announcement
- archival
- archive
- archive-sites
- arp
- authentication
- authentication-key
- authentication-order
- auxiliary
- autoinstallation
- backup-router
- boot-file
- boot-server
- boot-server (DHCP)
- boot-server (NTP)
- broadcast
- broadcast-client
- class
- class (Assign a Class to an Individual User)
- class (Define Login Classes)
- client-identifier
- compress-configuration-files
- configuration
- configuration-servers
- connection-limit
- console
- console (Physical Port)
- console (System Logging)
- default-address-selection
- default-lease-time
- deny-commands
- deny-configuration
- destination
- dhcp
- diag-port-authentication
- domain-name
- domain-name (DHCP)
- domain-name (Router)
- domain-search
- dump-device
- events
- explicit-priority
- facility-override
- file
- files
- finger
- ftp
- full-name
- host
- host-name
- http
- https
- idle-timeout
- inet6-backup-router
- interfaces
- internet-options
- load-key-file
- local-certificate
- location
- log-prefix
- login
- login-alarms
- login-tip
- match
- max-configurations-on-flash
- maximum-lease-time
- message
- mirror-flash-on-disk
- multicast-client
- name-server
- no-compression-configuration-files
- no-redirects
- no-saved-core-context
- no-world-readable
- ntp
- path-mtu-discovery
- peer
- permissions
- pic-console-authentication
- pool
- port
- port (HTTP/HTTPS)
- port (RADIUS Server)
- port (SDX Server)
- port (TACACS+ Server)
- ports
- processes
- protocol-version
- radius-server
- rate-limit
- retry
- root-authentication
- root-login
- router
- routing-instance
- saved-core-context
- saved-core-files
- secret
- server
- server (Accounting)
- server (NTP)
- server-identifier
- servers
- service-deployment
- services
- single-connection
- size
- source-address
- source-address (NTP, RADIUS, System Logging, or TACACS+)
- source-address (SDX Software)
- source-port
- source-quench
- ssh
- static-binding
- static-host-mapping
- syslog
- system
- tacplus
- tacplus-options
- tacplus-server
- telnet
- time-format
- timeout
- time-zone
- transfer-interval
- transfer-on-commit
- trusted-key
- uid
- user
- user (Access)
- user (System Logging)
- web-management
- wins-server
- world-readable
- xnm-clear-text
- xnm-ssl
- Configuration Groups
- Overview
- Inheritance Model
- Configuration Groups Configuration Statements
- Configuration Groups Configuration Guidelines
- Creating a Configuration Group
- Applying a Configuration Group
- Example: Configuring and Applying Configuration Groups
- Example: Creating and Applying Configuration Groups on a TX Matrix Platform
- Disabling Inheritance of a Configuration Group
- Example: Disabling Inheritance on Interface s0-1/1/0
- Displaying Inherited Values
- Using Wildcards
- Example: Using Wildcards
- Examples: Configuration Groups
- Configuring Sets of Statements
- Configuring Interfaces
- Configuring a Consistent Management IP Address for TX Matrix Platforms
- Configuring Peer Entities
- Establishing Regional Configurations
- Selecting Wildcard Names
- Using JUNOS Default Groups
- Example: Referencing the Preset Statement from the JUNOS Defaults Group
- Example: Viewing Default Statements That Have Been Applied to the Configuration
- Summary of Configuration Group Statements
- apply-groups
- apply-groups-except
- groups
- Configuring Access
- Configuring the Point-to-Point Protocol
- Configuring the Challenge Handshake Authentication Protocol
- Example: PPP Challenge Handshake Authentication Protocol
- Example: CHAP Authentication with RADIUS
- Configuring the Authentication Order
- Tracing Access Processes
- Configuring the Layer 2 Tunneling Protocol
- Minimum L2TP Configuration
- Configuring the Address Pool
- Configuring the Group Profile
- Configuring L2TP for a Group Profile
- Configuring the PPP Attributes for a Group Profile
- Example: Group Profile Configuration
- Configuring the Profile
- Configuring the Authentication Order
- Configuring the Client
- Example: Configuring L2TP
- Configuring RADIUS Authentication for L2TP
- Example: RADIUS Authentication for L2TP
- Configuring the RADIUS Disconnect Server for L2TP
- Example: Configuring the RADIUS Disconnect Server
- Summary of Access Configuration Statements
- accounting-port
- address
- address-pool
- address-range
- authentication-order
- chap-secret
- client
- drop-timeout
- fragmentation-threshold
- framed-ip-address
- framed-pool
- group-profile
- group-profile (Group Profile)
- group-profile (Profile)
- idle-timeout
- interface-id
- keepalive
- l2tp
- l2tp (Group Profile)
- l2tp (Profile)
- lcp-renegotiation
- local-chap
- maximum-sessions-per-tunnel
- multilink
- pap-password
- port
- ppp
- ppp (Group Profile)
- ppp (Profile)
- ppp-authentication
- primary-dns
- primary-wins
- profile
- radius-disconnect
- radius-disconnect-port
- radius-server
- retry
- routing-instance
- secondary-dns
- secondary-wins
- secret
- shared-secret
- source-address
- timeout
- traceoptions
- user-group-profile
- Security Services Overview
- IPSec Overview
- Security Associations
- IKE
- IPSec Requirements for JUNOS-FIPS
- Security Services Configuration Guidelines
- Minimum Manual SA Configuration
- Minimum IKE Configuration
- Minimum Digital Certificates Configuration for IKE
- Configuring Security Associations
- Configuring the Description for an SA
- Configuring IPSec Mode
- Configuring Transport Mode
- Configuring Tunnel Mode
- Configuring Manual Security Associations
- Configuring the Processing Direction
- Configuring the Protocol for a Manual SA
- Configuring the Security Parameter Index
- Configuring the Auxiliary Security Parameter Index
- Configuring the Authentication Algorithm and Key
- Configuring the Encryption Algorithm and Key
- Configuring Dynamic Security Associations
- Configuring an IKE Proposal (Dynamic SAs Only)
- Configuring the Authentication Algorithm for an IKE Proposal
- Configuring the Authentication Method for an IKE Proposal
- Configuring the Description for an IKE Proposal
- Configuring the Diffie-Hellman Group for an IKE Proposal
- Configuring the Encryption Algorithm for an IKE Proposal
- Configuring the Lifetime for an IKE SA
- Example: Configuring an IKE Proposal
- Configuring an IKE Policy for Preshared Keys
- Configuring the Description for an IKE Policy
- Configuring the Mode for an IKE Policy
- Configuring the Preshared Key for an IKE Policy
- Associating Proposals with an IKE Policy
- Example: Configuring an IKE Policy
- Configuring an IPSec Proposal
- Configuring the Authentication Algorithm for an IPSec Proposal
- Configuring the Description for an IPSec Proposal
- Configuring the Encryption Algorithm for an IPSec Proposal
- Configuring the Lifetime for an IPSec SA
- Configuring the Protocol for a Dynamic IPSec SA
- Configuring the IPSec Policy
- Configuring Perfect Forward Secrecy
- Example: IPSec Policy Configuration
- Configuring Digital Certificates
- Overview
- Obtaining a Certificate from a Certificate Authority
- Example: Obtaining a Certificate from a Certificate Authority
- Generating a Private and Public Key
- Example: Generating a Key Pair
- Configuring Digital Certificates
- Configuring the Certificate Authority Properties
- Configuring the Cache Size
- Configuring the Negative Cache
- Configuring the Number of Enrollment Retries
- Configuring the Maximum Number of Peer Certificates
- Configuring the Path Length for the Certificate Hierarchy
- Configuring an IKE Policy for Digital Certificates
- Configuring the Type of Encoding Your CA Supports
- Configuring the Identity to Define the Remote Certificate Name
- Specifying the Certificate Filename
- Specifying the Private and Public Key File
- Obtaining a Signed Certificate from the CA
- Example: Obtaining a Signed Certificate
- Configuring Trace Options
- Configuring the ES PIC
- Example: Configuring the ES PIC
- Configuring Traffic
- Traffic Overview
- Example: Configuring Outbound Traffic Filter
- Example: Applying Outbound Traffic Filter
- Example: Configuring Inbound Traffic Filter for Policy Check
- Example: Applying Inbound Traffic Filter to ES PIC for Policy Check
- Configuring an ES Tunnel Interface for a Layer 3 VPN
- Using JUNOScript SSL Service
- Configuring the JUNOScript SSL Service
- Loading the SSL Certificate from a File or URL
- Configuring Internal IPSec for JUNOS-FIPS
- Configuring the SA Direction
- Configuring the IPSec SPI
- Configuring the IPSec Key
- Example: Configuring Internal IPSec
- Summary of Security Services Configuration Statements
- algorithm
- authentication
- authentication-algorithm
- authentication-algorithm (IKE)
- authentication-algorithm (IPSec)
- authentication-method
- auxiliary-spi
- ca-name
- cache-size
- cache-timeout-negative
- certificates
- certification-authority
- crl
- description
- dh-group
- direction
- direction (JUNOS)
- direction (JUNOS-FIPS)
- dynamic
- encoding
- encryption
- encryption (JUNOS)
- encryption (JUNOS-FIPS)
- encryption-algorithm
- enrollment-retry
- enrollment-url
- file
- identity
- ike
- internal
- ipsec
- key
- ldap-url
- lifetime-seconds
- local
- local-certificate
- local-key-pair
- manual
- manual (JUNOS)
- manual (JUNOS-FIPS)
- maximum-certificates
- mode
- mode (IKE)
- mode (IPSec)
- path-length
- perfect-forward-secrecy
- policy
- policy (IKE)
- policy (IPSec)
- pre-shared-key
- proposal
- proposal (IKE)
- proposal (IPSec)
- proposals
- protocol
- protocol (JUNOS)
- protocol (JUNOS-FIPS)
- security-association
- security-association (JUNOS)
- security-association (JUNOS-FIPS)
- spi
- spi (JUNOS)
- spi (JUNOS-FIPS)
- traceoptions
- Router Chassis Configuration Guidelines
- Minimum Chassis Configuration
- Configuring Aggregated Devices
- Configuring ATM Cell-Relay Accumulation Mode on an ATM1 PIC
- Configuring Conditions That Trigger Alarms
- Chassis Conditions That Trigger Alarms
- Backup Routing Engine Alarms
- Silencing External Devices
- Configuring SONET/SDH Framing
- Configuring Sparse DLCI Mode
- Configuring Channelized PIC Operation
- Concatenated and Nonconcatenated Mode
- Configuring Channelized DS3-to-DS0 Naming
- Configuring Eight Queues on IQ Interfaces
- Configuring Channelized E1 Naming
- Configuring Channelized STM1 Interface Virtual Tributary Mapping
- Configuring ATM2 Intelligent Queuing Layer 2 Circuit Transport Mode
- Enabling ILMI for Cell Relay
- Configuring the Drop Policy for Traffic with Source-Route Constraints
- Configuring Packet Scheduling
- Configuring the Link Services PICs
- Multiclass Extension to MLPPP (RFC 2686)
- Configuring the Idle Cell Format
- Configuring an MTU Path Check for a Routing Instance
- Enabling MTU Check for a Routing Instance
- Assigning an IP Address to an Interface in the Routing Instance
- Configuring Redundancy
- Configuring Routing Engine Redundancy
- Copying a Configuration File from One Routing Engine to the Other
- Loading a Package from the Other Routing Engine
- Changing to the Backup Routing Engine if It Detects Loss of KeepAlive Signal
- Changing to the Backup Routing Engine if It Detects a Hard Disk Error on the Master Routing Engine
- Changing to the Backup Routing Engine Without Interruption to Packet Forwarding (Graceful Switchover)
- Default Routing Engine Redundancy Behavior
- Configuring SFM Redundancy
- Configuring an SFM to Stay Offline
- Configuring SSB Redundancy
- Running Different JUNOS Software Releases on the Routing Engines on a TX Matrix Platform
- Configuring a Routing Engine to Reboot (or Failover) on Hard Disk Errors
- TX Matrix Platform and T640 Routing Node Configuration Guidelines
- Routing Matrix Overview
- Running Different JUNOS Software Releases
- Software Upgrades and Reinstallation
- Rebooting Process
- Committing Configurations
- Configuring a T640 Routing Node Within a Routing Matrix
- Chassis and Interface Names
- Configuring the Online Expected Alarm
- Creating Configuration Groups
- Configuring System Log Messages
- Summary of Router Chassis Configuration Statements
- aggregated-devices
- alarm
- atm-cell-relay-accumulation
- atm-l2circuit-mode
- ce1
- channel-group
- chassis
- ct3
- device-count
- e1
- ethernet
- fpc
- fpc (M320, T320, T640 Routing Platforms)
- fpc (TX Matrix Platform)
- framing
- graceful-switchover
- idle-cell-format
- keepalive-time
- lcc
- max-queues-per-interface
- mlfr-uni-nni-bundles
- no-concatenate
- offline
- on-disk-failure
- online-expected
- on-loss-of-keepalives
- packet-scheduling
- pic
- pic (M-series and T-series Routing Platforms)
- pic (TX Matrix Platform)
- port
- redundancy
- routing-engine
- routing-engine (Redundancy)
- routing-engine (Reboot on Disk Failure)
- sfm
- sfm (Offline)
- sfm (Redundancy)
- sonet
- source-route
- sparse-dlcis
- ssb
- t1
- timeslots
- vrf-mtu-check
- vtmapping
- Index
- Index of Statements and Commands