Table of Contents

About the Documentation
E Series and JunosE Documentation and Release Notes
Audience
E Series and JunosE Text and Syntax Conventions
Obtaining Documentation
Documentation Feedback
Requesting Technical Support
Chapters
Planning Your Network
Platform Considerations
Interface Specifiers
Edge Applications Overview
Private Line Aggregation
xDSL Session Termination
Layered Approach
Line Modules, I/O Modules, and IOAs
Interfaces
Subinterfaces
interface Command
General Configuration Tasks
Configuring Virtual Routers
Configuring IPsec
Configuring Physical Layer Interfaces
Line Module Features
Configurable HDLC Parameters
Configuring Channelized T3 Interfaces
Configuring T3 and E3 Interfaces
Configuring OCx/STMx and OC48 Interfaces
Configuring Channelized OCx/STMx Line Interfaces
Configuring Ethernet Interfaces
Configuring IPsec Service Interfaces
Configuring Tunnel Service Interfaces
Configuring Data Link-Layer Interfaces
Configuring IP/Frame Relay
Configuring IP/ATM
Configuring IP/PPP
Configuring IP/HDLC
Configuring IP/Ethernet
Configuring IP Tunnels, Shared IP Interfaces, and Subscriber Interfaces
Configuring IP Tunnels
Configuring Shared Interfaces and Subscriber Interfaces
Configuring Routing Protocols
Configuring VRRP
Configuring Routing Policy
Configuring QoS
Configuring Policy Management
Configuring Remote Access
Command-Line Interface
Overview
Command Modes
Command-Line Prompts
Keywords and Parameters
Keywords
Parameters
Keywords and Parameters Together
Using CLI Commands
Abbreviated Commands
The ? Key
Backspace or Delete
Enter
Tab
Arrow Keys
The no Version
run and do Commands
show Commands
Redirection of show Command Output
Regular Expressions
Metacharacters
Using Metacharacters as Literal Tokens
The - -More- - Prompt
Responding to Prompts
CLI Status Indicators
Levels of Access
User Level
Privileged Level
Initialization Sequence
Platform Considerations
Accessing the CLI
Logging In
Privileged-Level Access
Defining CLI Levels of Privilege
Accessing the Privileged Exec Level
Moving from Privileged Exec to User Exec Mode
Logging Out
CLI Command Privileges
CLI Privilege Groups
Examples Using Privilege Group Membership
CLI Command Exceptions
CLI Keyword Mapping
Setting Privileges for Ambiguous Commands
Setting Privilege Levels for no or default Versions
Setting Privilege Levels for Multiple Commands
Setting Privilege Levels for All Commands in a Mode
Setting Privilege Levels for a Group of Commands
Using the Order of Precedence
Superseding Privilege Levels with the all Keyword
Removing the all Keyword
Setting Default Line Privilege
Viewing CLI Privilege Information
Viewing the Current User Privilege Level
Viewing Privilege Levels for All Connected Users
Viewing Privilege Levels for Changed CLI Commands
Using Help
? (Question Mark Key)
help Command
Partial-keyword <Tab>
Using Command-Line Editing
Basic Editing
Command-Line Editing Keys
Command History Keys
Pagination Keys
Accessing Command Modes
Exec Modes
Password Protection
Global Configuration Mode
Executing a Script File
AAA Profile Configuration Mode
Address Family Configuration Mode
ATM VC Configuration Mode
ATM VC Class Configuration Mode
Classifier Group Configuration Mode
Color Mark Profile Configuration Mode
Control Plane Configuration Mode
Controller Configuration Mode
DHCP Local Pool Configuration Mode
Domain Map Configuration Mode
Domain Map Tunnel Configuration Mode
DoS Protection Group Configuration Mode
Drop Profile Configuration Mode
Explicit Path Configuration Mode
Flow Cache Configuration Mode
Interface Configuration Mode
IP NAT Pool Configuration Mode
IP PIM Data MDT Configuration Mode
IP Service Profile Configuration Mode
IPsec CA Identity Configuration Mode
IPsec Identity Configuration Mode
IPsec IKE Policy Configuration Mode
IPsec Manual Key Configuration Mode
IPsec Peer Public Key Configuration Mode
IPsec Transport Profile Configuration Mode
IPsec Tunnel Profile Configuration Mode
IP Tunnel Destination Profile Mode
IPv6 Local Pool Configuration Mode
L2 Transport Load-Balancing-Circuit Configuration Mode
L2TP Destination Profile Configuration Mode
L2TP Destination Profile Host Configuration Mode
L2TP Tunnel Switch Profile Configuration Mode
Layer 2 Control Configuration Mode
Layer 2 Control Neighbor Configuration Mode
LDP Configuration Mode
Line Configuration Mode
Local IPsec Transport Profile Configuration
Local User Configuration Mode
Map Class Configuration Mode
Map List Configuration Mode
Parent Group Configuration Mode
Policy List Configuration Mode
Policy List Parent Group Configuration Mode
Policy Parameter Configuration Mode
PPPoE Service Name Table Configuration Mode
Profile Configuration Mode
QoS Interface Set Configuration Mode
QoS Interface Superset Configuration Mode
QoS Parameter Definition Configuration Mode
QoS Profile Configuration Mode
QoS Shared Shaper Control Configuration
Queue Profile Configuration Mode
RADIUS Configuration Mode
RADIUS Relay Configuration Mode
Rate Limit Profile Configuration Mode
Redundancy Configuration Mode
Remote Neighbor Configuration Mode
Route Map Configuration Mode
Router Configuration Mode
RSVP Configuration Mode
RTR Configuration Mode
Scheduler Profile Configuration Mode
Service Session Profile Configuration Mode
SNMP Event Manager Configuration Mode
Statistics Profile Configuration Mode
Subinterface Configuration Mode
Subscriber Policy Configuration Mode
Traffic Class Configuration Mode
Traffic Class Group Configuration Mode
Tunnel Group Configuration Mode
Tunnel Group Tunnel Configuration Mode
Tunnel Profile Configuration Mode
Tunnel Server Configuration Mode
VRF Configuration Mode
VR Group Configuration Mode
Installing JunosE Software
Overview
Identifying the Software Release File
Platform Considerations
Installing Software When a Firewall Exists
Task 1: Obtain the Required Information
Task 2: Divert Network Traffic to Another Router
Task 3: Access Privileged Exec Mode
Task 4: Configure IP on an Interface
Task 5: Copy the Release Files to the Network Host
Task 6: Configure Access to the Network Host
Task 7: Enable the FTP Server on the Router
Task 8: Identify the Files to Transfer
Task 9: Transfer Files to the User Space
Task 10: Install Files on the System Space
Task 11: Save the Current Configuration
Task 12: Reboot the System
Installing Software When a Firewall Does Not Exist
Installing Software in Normal Operational Mode
Task 1: Obtain the Required Information
Task 2: Divert Network Traffic to Another Router
Task 3: Access Privileged Exec Mode
Task 4: Configure IP on an Interface
Task 5: Configure Access to the Network Host
Task 6: Copy the Release Files to the Network Host
Task 7: Copy the Software Release File to the Router
Task 8: Save the Current Configuration
Task 9: Reboot the System
Installing Software in Boot Mode
Task 1: Obtain the Required Information
Task 2: Divert Network Traffic to Another System
Task 3: Access the Boot Mode
Task 4: Assign an IP Address
Task 5: Configure Access to the Network Host
Task 6: Resetting the SRP Module
Task 7: Copy the Release Files to the Network Host
Task 8: Copy the Software Release File to the Router
Task 9: Reboot the System
Copying Release Files from One Router to Another
Upgrading Systems That Are Operating with Two SRP Modules
Upgrading JunosE Software
Upgrading Software Remotely Through Telnet or FTP
Upgrading Software from an NVS Card
Upgrading a System That Contains One SRP Module
Upgrading a System That Contains Two SRP Modules
Downgrading JunosE Software
Configuring SNMP
SNMP Overview
Terminology
SNMP Features Supported
SNMP Client
SNMP Server
SNMP MIBs
Standard SNMP MIBs
Juniper Networks E Series Enterprise MIBs
Accessing Supported SNMP MIBs
SNMP Versions
Security Features
Management Features
Virtual Routers
Creating an SNMP Proxy
Disabling and Reenabling an SNMP Proxy
Communicating with the SNMP Engine
SNMP Attributes
SNMP Operations
SNMP PDU Types
SNMP Platform Considerations
SNMP References
Before You Configure SNMP
Configuring an SNMP Server
Enabling an SNMP Server
SNMP Community Table Overview
Community Name
Privilege Levels
IP Access List
Configuring an Authorized SNMP Server Community
Configuring SNMPv3 Users
Configuring the SNMP Server Dynamic Groups and Views
Configuring the SNMP Server Contact Person and Location
Configuring the SNMP Server Maximum Packet Size
Configuring Memory Warning Parameters
Configuring the SNMP Server Encoding Scheme of the ifDescr and ifName Objects
Managing Interface Sublayers
Interface Instances Compressing Overview
Removing Interface Sublayers from the ifTable, ifStackTable, and ipAddrTable
Excluding Interfaces from the ifTable, ifStackTable, and ipAddrTable
Setting Up an Interface Numbering Method in the IfTable to Use Contiguous Integers
SNMP Trap Overview
IP Hosts
Trap Categories
Trap Severity Levels
Enabling and Configuring the Trap Severity Level on a Global Basis
Enabling and Configuring the Trap Severity Level on a Per-Category Basis
Configuring an SNMP Trap Host
Configuring the Source Address for All SNMP Traps by Using the Interface IP Address
Enabling SNMP Link-Status Traps on an IP Interface
Enabling the Processing of SNMP Link Status Information About an Interface
Configuring OSPF or OSPFv3 Trap Settings
Specifying an Egress Point for SNMP Traps
Configuring the SNMP Trap Egress Rate for an SNMP Host
Configuring the SNMP Trap Notification Logs
Recovering the Lost SNMP Traps
SNMP Server Event Manager Overview
Event MIB Purpose
Event MIB Structure
Trigger Table
Objects Table
Event Table
Configuring the SNMP Server Event Manager
Defining Boolean Test Values for the Trigger
Defining Existence Test Values for the Trigger
Defining Threshold Test Values for the Trigger
Launching the SNMP Server Event Manager Mode
Configuring the MIB Sampling Frequency
Configuring the Limit for Total Triggers Allowed by the Virtual Router
Specifying the MIB Object to be Sampled for the Trigger
Creating an Event and Accessing Event Configuration Mode
Creating a Trigger and Accessing Trigger Configuration Mode
Enabling an Event or Trigger Configuration
Configuring the Virtual Router SNMP Agent on Which MIB Objects Are to Be Polled
Configuring Delta Sampling for the Trigger
Configuring a Trap Notification for an Event
Performing an SNMP Set Operation
Configuring a Security Access Level for the SNMP Agent
Bulk Statistics Data Collection Overview
Interface Strings
Understanding Counter Discontinuity
Configuring Collectors and Receivers
Deleting All Bulk Statistics Configuration from the Router
Bulk Statistics Management Schema Overview
If-Stats Schema Objects
IGMP Schema Objects
Policy Schema Objects
QoS Schema Objects
Configuring a Schema for Collecting Bulk Statistics
Creating a Schema for Collecting Bulk Statistics
Configuring a Schema for Retrieving Statistics from ifStack Table Counters
Configuring a Schema for Retrieving Statistics from ifTable or ifXTable Counters
Configuring a Schema for Retrieving IGMP Statistics
Configuring a Schema for Retrieving Policy Statistics
Configuring a Schema for Retrieving QoS Statistics
Configuring a Schema for Retrieving System Statistics
Mapping the Bulk Statistics Output to MIB Files and CLI Configurations for the Bulk Statistics Schema
Configuring Interface Numbering Mode on Bulk Statistics
Bulk Statistics Formatter Overview
Usage of Special Characters in Remote Filenames
Guidelines
Configuring the End of Line Format
Virtual Routers SNMP Management Overview
Setting a Baseline for SNMP Statistics
Monitoring SNMP
Monitoring the Configuration of SNMP Interface Tables
Monitoring SNMP Management Events
Viewing Information About an SNMP MIB Agent
Monitoring Information About a Statistical SNMP Event
Monitoring the Bulk Statistics Collection Configuration
Monitoring the Bulks Statistics Data Collection Configuration
Monitoring the Bulk Statistics Collector File Description
Monitoring the Bulk Statistics Collector Transfer Interval
Monitoring the Bulk Statistics Collector Maximum File Size
Monitoring the Bulk Statistics Collector Transfer Mode Details
Monitoring the Bulk Statistics Interface Type Configuration
Monitoring the Bulk Statistics Receiver Remote Files Configuration
Displaying the Bulk Statistics Counter Details
Monitoring the Bulk Statistics Trap Configuration
Monitoring the Bulk Statistics Virtual Router Group Configuration
Monitoring Data on the Bulk Statistics Schema
Monitoring the Communication Status Between the SNMP Agent and the SNMP Manager
Monitoring Information About SNMP Groups
Monitoring Information About SNMP Communities
Viewing a List of Available SNMP Groups
Monitoring the SNMP Notification Log Configuration
Monitoring the SNMP Trap and Trap Destination Details
Viewing SNMP Trap Statistics
Monitoring Information About SNMP Users
Monitoring Information About SNMP Views
Managing the System
System Management Overview
System Management Platform Considerations
Naming the System
Configuring the Switch Fabric Bandwidth
Configuring System Timing
Navigating the CLI
Configuring vty Lines
Clearing vty and Console Lines
Configuration Output Organization
Configuration Output Format Overview
Defining the Configuration Output Format
Configuration Output Customization Overview
Configuring an Interface Tag Group
Managing System Configuration Files
Calculating and Validating CRC in Configuration Files
Detecting Corrupt Configuration Files on the SRPs
Automatically Recovering Corrupt Configuration Files
Autoconfiguration Script for the System Overview
Overview of Saving the Current System Configuration
Saving the Current System Configuration
Using the Desktop Tool for Viewing the Uncompressed Text Configuration
Installation Prerequisites for the Desktop Tool
Requirements for Microsoft Windows Systems
Requirements for Sun Solaris Systems
Requirements for Linux Systems
Usage Notes for the Perl Script
Customizing the User Interface
Setting the Console Speed
Configuring the Display Terminal
Specifying the Character Set
Configuring Login Conditions
Setting Time Limits for User Login
Setting Time Limits for User Input
Configuring CLI Messages
Sending Messages to the Terminals
Memory Management Overview
File Management
File Management Overview
FTP Commands for Managing the User Space from a Network Host
File Commands and FTP Servers Overview
Renaming Local Files
Deleting Files in Nonvolatile Storage
Transferring Files
File Transfer Overview
File Transfer Protocols References
Overview of Copying and Redirecting Files
Types of Files Transferred Using the copy Command
Transferring Files Between the System Space and a Network Host
Copying a File
Adding or Modifying an Entry in the Host Table
Determining the Encrypted Values for Usernames and Passwords
Configuring the Source Interface for FTP Packets
Example: Copying a File Using the copy Command
Redirecting the Output of a Command to a Remote File
File Transfer Using TFTP Overview
FTP Server
FTP Server Configuration Overview
Features
FTP Passive Mode
Before You Enable the FTP Server
Enabling the FTP Server
Example: Enabling FTP Lines
Using SFTP for Transfer of Files
Configuring the SFTP Client
Example: Copying Partial Releases
NFS Client
NFS Client Overview
NFS Client References
NFS Client Prerequisites
Configuring a Virtual Router as an NFS Client
Configuring a Loopback Interface
Configuring the Embedded Telnet Client
Domain Name Service
DNS Overview
DNS References
Assigning Name Servers to the System
Configuring One Name Resolver for Multiple Virtual Routers
Troubleshooting the System Using Core Dump Files
Core Dump Files Overview
Creating Core Dump Files
Enabling the Core Dump from Boot Mode
Enabling the Core Dump from Global Configuration Mode
Managing the Core Dump Files
Enabling and Disabling the Core Dump Monitor
Configuring the Core Dump Monitor Interval
Accessing the Core Dump Files
Capturing and Writing Core Dumps
Tracking IP Prefix Reachability
Gathering Information for Customer Support
Managing the Resource Threshold Monitor
Monitoring the System
Setting the Baseline for the Most Recent Delta Count Statistics
Monitoring System Timing Settings
Monitoring vty Lines
Monitoring the Current Configuration of the System in Auto Commit Mode
Monitoring the Current Configuration of the System in Manual Commit Mode
Displaying the Background Monitoring Time of the SRP
Monitoring Console Sessions
Monitoring the Parameters of the Current Console Session
Monitoring the Parameters of the Future and Current Console Sessions
Monitoring Files
Monitoring the List of Files Residing in Nonvolatile Storage
Displaying the Contents of the File Residing in Nonvolatile Storage
Monitoring the FTP Server
Monitoring the Information about the FTP Server
Monitoring User Information of the vty Lines
Monitoring the Subsystems in the Software Release or Release File
Monitoring the NFS Client
Monitoring a List of Configured Network Servers
Monitoring the Interface Used to Exchange Messages with the NFS Server
Monitoring the Name Servers on the System
Monitoring the Core Dump
Monitoring the Parameters of the Core Dump Operation
Displaying the Status and Configuration Information of the Core Dump Monitor
Monitoring the IP Prefix Reachability Tracking Details
Monitoring Tracking Details for the Specified IP Prefix Object
Monitoring One-line Summary Details for all Tracked IP Prefix Objects
Monitoring Gathered Technical Support Information
Monitoring Resource Threshold Information
Monitoring the Physical Environment of the Router
Monitoring the Multicast-to-Unicast Ratio for the Router Switch Fabric
Monitoring Memory Management Protection Information
Monitoring CPU Usage
Monitoring Memory-Related Resources Used by the System Processes
Monitoring the History of System and Module Resets
Monitoring the Armed and Running Releases in the Router
Managing Modules
Overview
Platform Considerations
ERX7xx Models, ERX14xx Models, and the ERX310 Broadband Services Router
Line Modules and I/O Modules
SRP Modules
E120 and E320 Broadband Services Routers
Line Modules and IOAs
SRP Modules and SFMs
Disabling and Reenabling Line Modules, SRP Modules, and SFMs
Disabling and Reenabling IOAs
Removing an SRP Module
Replacing Line Modules on ERX Routers, the E120 Router, and the E320 Router
Replacing a Line Module by Erasing the Slot Configuration
Replacing a Line Module Without Erasing the Slot Configuration
Replacing IOAs on the E120 Router and the E320 Router
Replacing SRP Modules and SFMs
Software Compatibility
Line Modules
I/O Modules and IOAs
Configuring Performance Rate of Line Modules on ERX7xx Models and the ERX1410 Router
Choosing a Combination of Line Modules
Slot Groups
SRP Modules Bandwidth
Line Modules Bandwidth and Switch Usage
Allowed Combinations for Line Rate Performance
Specifying the Type of Performance
Monitoring Bandwidth Oversubscription
Troubleshooting Bandwidth Oversubscription
Managing Flash Cards on SRP Modules
Flash Features
Flash Features on the E120 Router and the E320 Router
Installing and Removing Flash Cards
Synchronizing Flash Cards
Synchronizing Flash Cards of Different Capacities
Disabling Autosynchronization
Validating and Recovering Redundant SRP File Integrity
Reformatting the Primary Flash Card
Copying the Image on the Primary SRP Module
Scanning Flash Cards
Monitoring Flash Cards
Updating the Router with JunosE Hotfix Files
Hotfix Compatibility and Dependency
Removing Hotfixes
Hotfixes and Backup Settings
Hotfixes and Standby SRP Modules
Hotfixes and Line Modules
Monitoring Hotfixes
Example: Using and Monitoring Hotfixes
Managing the Ethernet Port on the SRP Module
Monitoring Statistics
Monitoring the Ethernet Configuration for the SRP Module
Enabling Warm Restart Diagnostics on Modules
Enabling Warm Restart Diagnostics
Enabling Diagnostics
Ignoring Diagnostic Test Failures
Detecting and Logging Transit Traffic Packet Drops in the Forwarding Plane
Sub-Reasons Supported for Detecting and Logging Forwarding Plane Packet Drops
Monitoring Modules
Displaying the Forwarding Plane Packet Drop Monitoring Configuration Details
Passwords and Security
Passwords and Security Overview
Passwords and Security Platform Considerations
Setting Basic and Enable Password Parameters
Creating Encrypted Passwords
Creating Secrets
Encrypting Passwords in the Configuration File
Setting and Erasing Passwords
Privilege Levels Overview
Accessing Privilege Levels
Erasing Enable Passwords
Setting a Console Password
Erasing the Console Password
Monitoring Passwords
Vty Line Authentication and Authorization Overview
Configuring Simple Vty Line Authentication
Configuring AAA Authentication and AAA Authorization for Vty Lines
Setting Virtual Terminal Access Lists
Secure System Administration with SSH Overview
Transport
User Authentication
Connection
Key Management
User Key Management
Host Key Management
Performance
Security Concerns
Configuring SSH
Configuring Encryption
Configuring User Authentication
Configuring Message Authentication
Enabling and Disabling SSH
Terminating an SSH Session
Monitoring the Current Status of the SSH Server
Restricting User Access Overview
Restricting Access to Commands with RADIUS
Per-User Enable Authentication
Restricting Access to Virtual Routers
VSA Configuration Examples
Commands Available to Users
Understanding DoS Protection
Suspicious Control Flow Detection
Suspicious Control Flow Monitoring
Configurable Options
Display Options
Traps and Logs
DoS Protection Groups
Group Parameters
Attaching Groups
Protocol Mapping
DoS Protection Group Commands
DoS Protection Group Configuration Example
Monitoring DoS Protection Groups
Monitoring Suspicious Control Flow Statistics
Monitoring Suspicious Flows
Monitoring Suspicious Flow Information
Monitoring Suspicious Control Flow Protocol
Writing CLI Macros
Platform Considerations
Writing Macros
Environment Commands
Capturing Output of Commands
Adding Regular Expression Matching to Macros
Extracting a Substring Based on Regular Expression Matching
Adding Global Variables for Availability to the onError Macro
Unique IDs for Macros
Accurate Use of Error Status When Accessed Outside of onError Macro
Variables
Literals
Operators
Assignment
Increment and Decrement
String Operations
Extraction Operations
Arithmetic Operations
Relational Operations
Logical Operations
Miscellaneous Operations
Conditional Execution
If Constructs
While Constructs
Passing Parameters in Macros
Generating Macro Output
Invoking Other Macros
Detecting and Recording Macro Errors
Detectable Macro Errors
Logging Macro Results
Viewing Macro Errors
onError Macro Examples
Detecting Invalid Command Formats
Detecting Invalid Commands
Detecting Missing Macros
Running Macros
Scheduling Macros
Practical Examples
Configuring Frame Relay
Configuring ATM Interfaces
Booting the System
Platform Considerations
Configuring Your System for Booting
Booting the GE-2 Line Module
Rebooting Your System
Rebooting When a Command Takes a Prolonged Time to Execute
Configuration Caching
Operations in Boot Mode
Displaying Boot Information
Output Filtering
Configuring the System Clock
Overview
NTP
System Operation as an NTP Client
Synchronization
Preliminary Synchronization
Frequency Calibration
Progressive Synchronization
System Operation as an NTP Server
Platform Considerations
References
Setting the System Clock Manually
Before You Configure NTP
Choosing NTP Servers
NTP Configuration Tasks
Enabling NTP Services
NTP Client Configuration
Directing Responses from NTP Servers
Refusing Broadcasts from NTP Servers
NTP Server Configuration
Configuration Examples
Monitoring NTP
Configuring Virtual Routers
Overview
Default Virtual Router
Virtual Router Instances
Routing Protocols
VPNs and VRFs
VPNs
VRFs
Platform Considerations
References
Configuring Virtual Routers
Monitoring Virtual Routers
Reference Material
Abbreviations and Acronyms
References
RFCs
Draft RFCs
Other Software Standards
Hardware Standards
Index
Index