services (System Services)
Syntax
services {
dhcp { # DHCP is not supported on a DCF
dhcp_services;
}
dtcp-only
finger {
connection-limit limit;
rate-limit limit;
}
flow-tap-dtcp {
ssh {
connection-limit limit;
rate-limit limit;
}
}
ftp {
authentication-order [authentication-methods];
connection-limit limit;
rate-limit limit;
}
grpc {
request-response {
grpc {
ssl {
address ip-address;
local-certificate local-certificate;
port port;
}
max-connections max-connections;
}
}
notification {
port port;
max-connections max-connections;
allow-clients {
address ip-address;
}
}
traceoptions {
file <filename> <files number> <match regex> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
netconf {
flatten-commit-results;
hello-message {
yang-module-capabilities {
advertise-native-yang-modules;
advertise-custom-yang-modules;
advertise-standard-yang-modules;
}
}
netconf-monitoring {
netconf-state-schemas {
retrieve-custom-yang-modules;
retrieve-standard-yang-modules;
}
}
notification;
rfc-compliant;
ssh {
client-alive-count-max number;
client-alive-interval seconds;
connection-limit limit;
port port;
rate-limit limit;
}
tls {
client-identity client-id {
fingerprint fingerprint;
map-type (san-dirname-cn | specified);
username username;
}
default-client-identity {
map-type (san-dirname-cn | specified);
username username;
}
local-certificate local-certificate;
traceoptions {
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
}
traceoptions {
file <filename> <files number> <match regular-expression> <size size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
on-demand;
}
yang-compliant;
yang-modules {
device-specific;
emit-extensions;
}
}
outbound-https {
client client-id {
address {
port port;
trusted-cert trusted-cert;
}
device-id device-id;
reconnect-strategy (in-order | sticky);
secret password;
waittime seconds;
}
}
service-deployment {
servers address {
port-number port-number;
}
source-address address;
}
ssh {
authentication-order [method 1 method2...];
authorized-keys-command authorized-keys-command;
authorized-keys-command-user authorized-keys-command-user;
ciphers [ cipher-1 cipher-2 cipher-3 ...];
client-alive-count-max number;
client-alive-interval seconds;
connection-limit limit;
fingerprint-hash (md5 | sha2-256);
hostkey-algorithm (algorithm | no-algorithm);
key-exchange [algorithm1 algorithm2...];
log-key-changes log-key-changes;
macs [algorithm1 algorithm2...];
max-pre-authentication-packets number;
max-sessions-per-connection number;
no-challenge-response;
no-password-authentication;
no-passwords;
no-public-keys;
allow-tcp-forwarding;
port port-number;
protocol-version [v2];
rate-limit number;
rekey {
data-limit bytes;
time-limit minutes;
}
root-login (allow | deny | deny-password);
sftp-server;
}
tcp-forwarding;
resource-monitor {
free-fw-memory-watermark number;
free-heap-memory-watermark number;
free-nh-memory-watermark number;
high-threshold number;
no-logging;
no-throttle;
resource-category jtree {
resource-category jtree (continguous-pages | free-dwords | free-pages) {
low-watermark number;
high-watermark number;
}
}
subscribers-limit {
(any | dhcp | l2tp | pppoe) {
{
limit limit;
}
{
limit limit;
}
fpc slot-number {
limit limit;
pic number {
limit limit;
port number {
limit limit;
}
}
}
}
}
traceoptions {
file filename <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
subscriber-management {
enable (Enhanced Subscriber Management);
enforce-strict-scale-limit-license;
gres-route-flush-delay;
}
overrides {
event {
catastrophic-failure {
reboot (master | standby);
}
}
interfaces {
family (inet | inet6) {
layer2-liveness-detection;
}
}
no-unsolicited-ra;
ra-initial-interval-max seconds;
ra-initial-interval-min seconds;
shmlog {
disable;
file filename <files maximum-no-files> <size maximum-file-size>;
filtering enable;
log-name {
all;
logname {
<brief | detail | extensive | none | terse>;
<file-logging |no-file-logging>;
}
}
log-type (debug | info | notice);
|
}
redundancy {
interface name {
local-inet-address v4-address;
local-inet6-address v6-address;
shared-key string;
virtual-inet-address virtual-v4-address;
virtual-inet6-address virtual-v6-address;
}
no-advertise-routes-on-backup;
protocol {
pseudo-wire;
vrrp;
}
}
traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
}
}
telnet {
authentication-order [authentication-methods];
connection-limit limit;
rate-limit limit;
}
web-management {
http {
interfaces [ names ];
port port;
}
https {
interfaces [ names ];
local-certificate name;
port port;
}
session {
idle-timeout [ minutes ];
session-limit [ limit ];
}
}
xnm-ssl {
connection-limit limit;
local-certificate name;
rate-limit limit;
ssl-renegotiation;
}
}
Hierarchieebene
[edit system]
Beschreibung
Konfigurieren Sie den Router oder Switch so, dass Benutzer auf Remote-Systemen über den DHCP-Server, DTCP über SSH, Finger, ausgehendes HTTPS, rlogin, SSH, Telnet, Webmanagement, Junos XML-Protokoll SSL und Netzwerk-Dienstprogramme auf den lokalen Router zugreifen können, oder aktivieren Sie Junos OS, um mit der Session and Resource Control (SRC)-Software zu arbeiten. Aktivieren Sie auch die Konfiguration von Anwendungen von Drittanbietern, die mit dem Juniper Extension Toolkit (JET) entwickelt wurden, um auf Junos OS zu laufen.
Ab Junos OS Version 22.2R1 haben wir die SSH TCP-Weiterleitungsfunktion standardmäßig deaktiviert, um die Sicherheit zu erhöhen. Um die SSH TCP-Weiterleitungsfunktion zu aktivieren, können Sie die allow-tcp-forwarding Anweisung auf der [edit system services ssh] Hierarchieebene konfigurieren. Darüber hinaus haben wir die Anweisungen und no-tcp-forwarding die tcp-forwarding Anweisungen auf der [edit system services ssh] Hierarchieebene abgeschrieben.
Die übrigen Aussagen werden gesondert erklärt. Suchen Sie im CLI-Explorer nach einer Anweisung, oder klicken Sie im Abschnitt Syntax auf eine verknüpfte Anweisung, um details zu erhalten.
Erforderliche Berechtigungsebene
System: Um diese Anweisung in der Konfiguration anzuzeigen.
Systemsteuerung: Um diese Anweisung der Konfiguration hinzuzufügen.
Versionsinformationen
Erklärung, die vor Junos OS Version 7.4 eingeführt wurde.
extension-service Option hinzugefügt in Junos OS Version 16.1 für MX80, MX104, MX240, MX480, MX960, MX2010, MX2020, vMX-Serie.
grpc Option hinzugefügt in Junos OS Version 16.2 für MX80, MX104, MX240, MX480, MX960, MX2010, MX2020, vMX-Serie.
allow-tcp-forwarding Option hinzugefügt in Junos OS Version 22.2R1.