System Management Configuration Statements
This topic lists all the configuration statements that you can include at the [edit system] hierarchy level to configure system management features:
system {
radius {
server {
server-address {
accounting-port port-number;
retry number;
secret password;
source-address address;
timeout seconds;
}
}
}
tacplus {
}
}
events [ login change-log interactive-commands ];
}
archival {
configuration {
archive-sites {
ftp://<username>:<password>@<host>:<port>/<url-path>;
ftp://<username>:<password>@<host>:<port>/<url-path>;
}
transfer-interval interval;
transfer-on-commit;
}
}
arp {
aging-timer minutes;
gratuitous-arp-delay;
gratuitous-arp-on-ifup;
interfaces;
passive-learning;
purging;
}
authentication-order [ authentication-methods ];
backup-router address <destination destination-address>;
commit {
delta-export;
fast-synchronize;
persist-groups-inheritance ;
server;
synchronize
}
synchronize;
diag-port-authentication (encrypted-password “password”
| plain-text-password);
domain-name domain-name;
domain-search [ domain-list ];
fips {
level level;
}
host-name hostname;
inet6-backup-router address <destination destination-address>;
tcp-mss mss-value;
(gre-path-mtu-discovery | no-gre-path-mtu-discovery);
icmpv4-rate-limit bucket-size bucket-size packet-rate packet-rate;
icmpv6-rate-limit bucket-size bucket-size packet-rate packet-rate;
(ipip-path-mtu-discovery | no-ipip-path-mtu-discovery);
(ipv6-path-mtu-discovery | no-ipv6-path-mtu-discovery);
ipv6-path-mtu-discovery-timeout;
no-tcp-rfc1323-paws;
no-tcp-rfc1323;
(path-mtu-discovery | no-path-mtu-discovery);
source-port upper-limit <upper-limit>;
(source-quench | no-source-quench);
tcp-drop-synfin-set;
}
location {
altitude feet;
building name;
country-code code;
floor number;
hcoord horizontal-coordinate;
lata service-area;
latitude degrees;
longitude degrees;
npa-nxx number;
postal-code postal-code;
rack number;
vcoord vertical-coordinate;
}
login {
announcement text;
class class-name {
allow-hidden-commands;
no-hidden-commands {
except [“regular expression or command
1” “regular expression or command 2” ...];
}
access-end hh:mm;
access-start hh:mm;
allow-commands “regular-expression”;
allow-commands-regexps [ “regular expression
1” “regular expression 2 ” ... ];
( allow-configuration | allow-configuration-regexps) “regular expression 1” “regular
expression 2”;
allow-sources [ allow-sources ...
];
allow-times [ allow-times ... ];
allowed-days (days-of-the-week);
cli {
prompt prompt;
}
configuration-breadcrumbs;
confirm-commands [“regular expression or
command 1” “regular expression or command 2” ...] {
confirmation-message;
}
deny-commands “regular-expression”;
deny-commands-regexps [ “regular expression
1” “regular expression 2 ” ... ];
( deny-configuration | deny-configuration-regexps )
“regular expression 1” “regular expression 2 ”;
deny-sources [ deny-sources ... ];
deny-times [ deny-times ... ];
idle-timeout;
logical-system logical-system-name;
login-alarms;
login-script filename;
login-tip;
no-scp-server;
no-sftp-server;
permissions [ permissions ];
satellite all;
security-role (audit-administrator | crypto-administrator
| ids-administrator | security-administrator);
tenant tenant-system-name;
}
message text;
password {
change-type (set-transitions | character-set);
format (md5 | sha1 | des);
maximum-length length;
minimum-changes number;
minimum-length length;
}
backoff-threshold number;
backoff-factor seconds;
minimum-time seconds;
tries-before-disconnect number;
}
user username {
class class-name;
cli {
prompt prompt;
}
full-namefull-name;
uid uid-value;
authentication {
encrypted-password “encrypted-password”;
ssh-ecdsa name {
from from;
}
ssh-ed25519 name {
from from;
}
ssh-rsa name {
from from;
}
}
}
}
ntp {
authentication-keykey-number type type value password;
boot-server address;
broadcast <address> <key key-number> <version value> <ttl value>;
broadcast-client;
multicast-client <address>;
peer address <key key-number> <version value> <prefer>;
source-address source-address;
server address <key key-number> <version value> <prefer>;
trusted-key [ key-numbers ];
}
ports {
pic-console-authentication {
encrypted-password encrypted-password;
plain-text-password;
}
process--name (enable | disable) failover
(alternate-media | other-routing-engine);
timeout seconds;
}
}
radius-server server-address {
accounting-port port-number;
port port-number;
retry number;
secret password;
source-address source-address;
timeout seconds;
}
password-protocol mschap-v2;
}
attributes {
nas-ip-address ip-address;
}
password-protocol mschap-v2;
}
(encrypted-password “password” | plain-text-password);
ssh-rsa “public-key”;
ssh-dsa “public-key”;
}
(saved-core-context | no-saved-core-context);
saved-core-files saved-core-files;
scripts {
commit {
file <filename> <files number> <size size> <world-readable |
no-world-readable>;
flag flag;
no-remote-trace;
}
op {
refresh-from url;
file <filename> <files number> <size size> <world-readable |
no-world-readable>;
flag flag;
no-remote-trace;
}
}
}
services {
rest {
https {
addresses [ addresses ];
cipher-list [cipher-1 cipher-2 cipher-3 ... ];
port port-number;
server-certificate local-certificate-identifier;
}
}
ssh {
root-login (allow | deny | deny-password);
protocol-version [v1 v2];
connection-limit limit;
rate-limit limit;
}
http {
interfaces [ interface-names ];
port port;
}
https {
interfaces [ interface-names ];
local-certificate name;
port port;
}
}
}
syslog {
archive <files number> <size size> <world-readable | no-world-readable>;
file filename {
facility severity;
archive <archive-sites {ftp-url <password password>}> <files number> <size size> <start-time "YYYY-MM-DD.hh:mm"> <transfer-interval minutes> <world-readable | no-world-readable>;
match "regular-expression";
match-strings string-name;
}
host (hostname | other-routing-engine | scc-master)
{
facility severity;
facility-override facility;
log-prefix string;
match "regular-expression";
match-strings string-name;
source-address source-address;
}
source-address source-address;
time-format (year | millisecond | year millisecond);
}
service-name service-name;
(no-cmd-attribute-value | exclude-cmd-attribute);
}
time-zone (GMThour-offset | time-zone);
}
}