JUNOSe 9.1.x System Basics Configuration Guide
-
About This Guide
- Objectives
- Audience
- E-series Routers
- Documentation Conventions
- Related E-series and JUNOSe Documentation
- E-series and JUNOSe Documents
- JUNOSe Configuration Guides
- Obtaining Documentation
- Documentation Feedback
- Requesting Technical Support
- Self-Help Online Tools and Resources
- Opening a Case with JTAC
-
Planning Your Network
- Platform Considerations
- Interface Specifiers
- Edge Applications Overview
- Private Line Aggregation
- xDSL Session Termination
- Layered Approach
- Line Modules, I/O Modules, and IOAs
- Interfaces
- Subinterfaces
- interface Command
- General Configuration Tasks
- Configuring Virtual Routers
- Configuring IPSec
- Configuring Physical Layer Interfaces
- Line Module Features
- Configurable HDLC Parameters
- Configuring Channelized T3 Interfaces
- Configuring T3 and E3 Interfaces
- Configuring OCx/STMx and OC48 Interfaces
- Configuring Channelized OCx/STMx Line Interfaces
- Configuring Ethernet Interfaces
- Configuring IPSec-Service Interfaces
- Configuring Tunnel Service Interfaces
- Configuring Data Link-Layer Interfaces
- Configuring IP/Frame Relay
- Configuring IP/ATM
- Configuring IP/PPP
- Configuring IP/HDLC
- Configuring IP/Ethernet
- Configuring IP Tunnels, Shared IP Interfaces, and Subscriber Interfaces
- Configuring IP Tunnels
- Configuring Shared Interfaces and Subscriber Interfaces
- Configuring Routing Protocols
- Configuring VRRP
- Configuring Routing Policy
- Configuring QoS
- Configuring Policy Management
- Configuring Remote Access
-
Command-Line Interface
- Overview
- Command Modes
- Command-Line Prompts
- Keywords and Parameters
- Keywords
- Parameters
- Keywords and Parameters Together
- Using CLI Commands
- Abbreviated Commands
- The ? Key
- Backspace or Delete
- Enter
- Tab
- Arrow Keys
- The no Version
- run and do Commands
- show Commands
- Redirection of show Command Output
- Regular Expressions
- The - -More- - Prompt
- Responding to Prompts
- CLI Status Indicators
- Levels of Access
- User Level
- Privileged Level
- Initialization Sequence
- Platform Considerations
- Accessing the CLI
- Logging In
- Privileged-Level Access
- Defining CLI Levels of Privilege
- Accessing the Privileged Exec Level
- Moving from Privileged Exec to User Exec Mode
- Logging Out
- CLI Command Privileges
- CLI Privilege Groups
- Examples Using Privilege Group Membership
- CLI Command Exceptions
- CLI Keyword Mapping
- Setting Privileges for Ambiguous Commands
- Setting Privilege Levels for no or default Versions
- Setting Privilege Levels for Multiple Commands
- Setting Privilege Levels for All Commands in a Mode
- Setting Privilege Levels for a Group of Commands
- Using the Order of Precedence
- Superseding Privilege Levels with the all Keyword
- Removing the all Keyword
- Setting Default Line Privilege
- Viewing CLI Privilege Information
- Viewing the Current User Privilege Level
- Viewing Privilege Levels for All Connected Users
- Viewing Privilege Levels for Changed CLI Commands
- Using Help
- ? (Question Mark Key)
- help Command
- Partial-keyword <Tab>
- Using Command-Line Editing
- Basic Editing
- Command-Line Editing Keys
- Command History Keys
- Pagination Keys
- Accessing Command Modes
- Exec Modes
- Password Protection
- Global Configuration Mode
- Executing a Script File
- AAA Profile Configuration Mode
- Address Family Configuration Mode
- ATM VC Configuration Mode
- ATM VC Class Configuration Mode
- Classifier Group Configuration Mode
- Color Mark Profile Configuration Mode
- Control Plane Configuration Mode
- Controller Configuration Mode
- DHCP Local Pool Configuration Mode
- Domain Map Configuration Mode
- Domain Map Tunnel Configuration Mode
- DoS Protection Group Configuration Mode
- Drop Profile Configuration Mode
- Explicit Path Configuration Mode
- Flow Cache Configuration Mode
- Interface Configuration Mode
- IP NAT Pool Configuration Mode
- IP PIM Data MDT Configuration Mode
- IP Service Profile Configuration Mode
- IPSec CA Identity Configuration Mode
- IPSec Identity Configuration Mode
- IPSec IKE Policy Configuration Mode
- IPSec Manual Key Configuration Mode
- IPSec Peer Public Key Configuration Mode
- IPSec Transport Profile Configuration Mode
- IPSec Tunnel Profile Configuration Mode
- IP Tunnel Destination Profile Mode
- L2 Transport Load-Balancing-Circuit Configuration Mode
- L2TP Destination Profile Configuration Mode
- L2TP Destination Profile Host Configuration Mode
- L2TP Tunnel Switch Profile Configuration Mode
- Layer 2 Control Configuration Mode
- Layer 2 Control Neighbor Configuration Mode
- LDP Configuration Mode
- Line Configuration Mode
- Local IPSec Transport Profile Configuration
- Local User Configuration Mode
- Map Class Configuration Mode
- Map List Configuration Mode
- Parent Group Configuration Mode
- Policy List Configuration Mode
- Policy List Parent Group Configuration Mode
- Policy Parameter Configuration Mode
- PPPoE Service Name Table Configuration Mode
- Profile Configuration Mode
- QoS Parameter Definition Configuration Mode
- QoS Profile Configuration Mode
- QoS Shared Shaper Control Configuration
- Queue Profile Configuration Mode
- RADIUS Configuration Mode
- RADIUS Relay Configuration Mode
- Rate Limit Profile Configuration Mode
- Redundancy Configuration Mode
- Remote Neighbor Configuration Mode
- Route Map Configuration Mode
- Router Configuration Mode
- RSVP Configuration Mode
- RTR Configuration Mode
- Scheduler Profile Configuration Mode
- Service Session Profile Configuration Mode
- SNMP Event Manager Configuration Mode
- Statistics Profile Configuration Mode
- Subinterface Configuration Mode
- Subscriber Policy Configuration Mode
- Traffic Class Configuration Mode
- Traffic Class Group Configuration Mode
- Tunnel Group Configuration Mode
- Tunnel Group Tunnel Configuration Mode
- Tunnel Profile Configuration Mode
- Tunnel Server Configuration Mode
- VRF Configuration Mode
- VR Group Configuration Mode
-
Installing JUNOSe Software
- Overview
- Identifying the Software Release File
- Platform Considerations
- Installing Software When a Firewall Exists
- Task 1: Obtain the Required Information
- Task 2: Divert Network Traffic to Another Router
- Task 3: Access Privileged Exec Mode
- Task 4: Configure IP on an Interface
- Task 5: Copy the Release Files to the Network Host
- Task 6: Configure Access to the Network Host
- Task 7: Enable the FTP Server on the Router
- Task 8: Identify the Files to Transfer
- Task 9: Transfer Files to the User Space
- Task 10: Install Files on the System Space
- Task 11: Save the Current Configuration
- Task 12: Reboot the System
- Installing Software When a Firewall Does Not Exist
- Installing Software in Normal Operational Mode
- Task 1: Obtain the Required Information
- Task 2: Divert Network Traffic to Another Router
- Task 3: Access Privileged Exec Mode
- Task 4: Configure IP on an Interface
- Task 5: Configure Access to the Network Host
- Task 6: Copy the Release Files to the Network Host
- Task 7: Copy the Software Release File to the Router
- Task 8: Save the Current Configuration
- Task 9: Reboot the System
- Installing Software in Boot Mode
- Task 1: Obtain the Required Information
- Task 2: Divert Network Traffic to Another System
- Task 3: Access the Boot Mode
- Task 4: Assign an IP Address
- Task 5: Configure Access to the Network Host
- Task 6: Resetting the SRP Module
- Task 7: Copy the Release Files to the Network Host
- Task 8: Copy the Software Release File to the Router
- Task 9: Reboot the System
- Copying Release Files from One Router to Another
- Upgrading Systems That Are Operating with Two SRP Modules
- Upgrading from Release 5.1.1 or Lower-Numbered Releases
- Upgrading Software Remotely Through Telnet or FTP
- Upgrading Software from an NVS Card
- Upgrading a System That Contains One SRP Module
- Upgrading a System That Contains Two SRP Modules
- Downgrading JUNOSe Software
-
Configuring SNMP
- Overview
- Terminology
- SNMP Features Supported
- SNMP Client
- SNMP Server
- SNMP MIBs
- Standard SNMP MIBs
- Juniper Networks E-series Enterprise MIBs
- Accessing Supported SNMP MIBs
- SNMP Versions
- Security Features
- Management Features
- Virtual Routers
- Creating SNMP Proxy
- Disabling and Reenabling SNMP Proxy
- Communicating with the SNMP Engine
- SNMP Attributes
- SNMP Operations
- SNMP PDU Types
- Platform Considerations
- References
- Before You Configure SNMP
- SNMP Configuration Tasks
- Enabling SNMP
- Configuring SNMP v1/v2c Community
- Community Name
- Privilege Levels
- IP Access List
- Configuring SNMPv3 Users
- Configuring SNMP Dynamic Groups and Views
- Setting Server Parameters
- Configuring SNMP Packet Size
- Configuring Memory Warning
- Configuring Encoding Method
- Managing Interface Sublayers
- Compressing Interfaces
- Controlling Interface Numbering
- Monitoring Interface Tables
- Configuring Traps
- IP Hosts
- Trap Categories
- Trap Severity Levels
- Specifying an Egress Point for SNMP Traps
- Configuring Trap Queues
- Configuring Trap Notification Logs
- Recovering Lost Traps
- Configuring the SNMP Server Event Manager
- Event MIB Purpose
- Event MIB Structure
- Trigger Table
- Objects Table
- Event Table
- Configuration Tasks
- Defining a Boolean Test
- Defining an Existence Test
- Defining a Threshold Test
- Monitoring Events
- Collecting Bulk Statistics
- Interface Strings
- Understanding Counter Discontinuity
- Configuring Collectors and Receivers
- Deleting All Bulkstats Configurations
- Monitoring Collection Statistics
- Configuring Schemas
- igmp Objects
- if-stats Objects
- policy Objects
- Monitoring Schema Statistics
- Configuring Interface Numbering Mode
- Using the Bulk Statistics Formatter
- Setting Remote Filenames
- Guidelines
- Specifying End of Line Format
- Managing Virtual Routers
- Monitoring SNMP
- Establishing a Baseline
- Viewing SNMP Status
- Output Filtering
-
Managing the System
- Overview
- Platform Considerations
- Naming the System
- Configuring the Switch Fabric Bandwidth
- Configuring Timing
- Monitoring Timing
- Using the CLI
- Managing vty Lines
- Configuring vty Lines
- Monitoring vty Lines
- Clearing Lines
- Monitoring the Current Configuration
- Defining the Configuration Output Format
- Customizing the Configuration Output
- Configuring the System Automatically
- Saving the Current Configuration
- Customizing the User Interface
- Setting the Console Speed
- Configuring the Display Terminal
- Specifying the Character Set
- Configuring Login Conditions
- Setting Time Limits for User Login
- Setting Time Limits for User Input
- Configuring CLI Messages
- Monitoring the Console Settings
- Sending Messages
- Managing Memory
- Managing Files
- Managing the User Space from a Network Host
- File Commands and FTP Servers
- Renaming Files
- Deleting Files
- Monitoring Files
- Viewing Files
- Transferring Files
- References
- Copying and Redirecting Files
- Using the copy Command
- copy Command Examples
- Using TFTP to Transfer Files
- Configuring the FTP Server
- Features
- FTP Passive Mode
- Configuring Authentication
- Configuration Tasks
- Configuration Example
- Monitoring the FTP Server
- Copying Partial Releases
- Configuring the NFS Client
- References
- Prerequisites
- Configuration Tasks
- Monitoring the NFS Client
- Using a Loopback Interface
- Using the Telnet Client
- Configuring DNS
- References
- Assigning Name Servers
- Using One Name Resolver for Multiple Virtual Routers
- Monitoring DNS
- Troubleshooting the System
- Creating Core Dump Files
- Boot Mode
- Global Configuration Mode
- Managing Core Dump Files
- Enabling and Disabling the Core Dump Monitor
- Specifying the Core Dump Monitor Interval
- Viewing Core Dump Monitor Status
- Accessing the Core Dump File
- Capturing and Writing Core Dumps
- Understanding the Core Dump File
- Tracking IP Prefix Reachability
- Gathering Information for Customer Support
- Managing and Monitoring Resources
- Enabling and Disabling the Resource Threshold Monitor
- Viewing Resource Threshold Information
- Monitoring the System
-
Managing Modules
- Overview
- Platform Considerations
- ERX-7xx Models, ERX-14xx Models, and the ERX-310 Router
- Line Modules and I/O Modules
- SRP Modules
- E120 Router and E320 Router
- Line Modules and IOAs
- SRP Modules and SFMs
- Disabling and Reenabling Line Modules, SRP Modules, and SFMs
- Disabling and Reenabling IOAs
- Removing an SRP Module
- Replacing Line Modules on ERX Routers, the E120 Router, and the E320 Router
- Replacing a Line Module by Erasing the Slot Configuration
- Replacing a Line Module Without Erasing the Slot Configuration
- Replacing IOAs on the E120 Router and the E320 Router
- Replacing SRP Modules and SFMs
- Software Compatibility
- Line Modules
- I/O Modules and IOAs
- Configuring Performance Rate of Line Modules on ERX-7xx Models and the ERX-1410 Router
- Choosing a Combination of Line Modules
- Slot Groups
- SRP Modules Bandwidth
- Line Modules Bandwidth and Switch Usage
- Allowed Combinations for Line Rate Performance
- Specifying the Type of Performance
- Monitoring Bandwidth Oversubscription
- Troubleshooting Bandwidth Oversubscription
- Line Module Redundancy
- Module Requirements
- ERX-7xx Models and ERX-14xx Models
- E120 Router and E320 Router
- Automatic Switchover
- Limitations of Automatic Switchover
- Reversion after Switchover
- Configuring Line Module Redundancy
- Managing Line Module Redundancy
- SRP Module Redundancy
- SRP Module Behavior
- Specifying the Configuration for Redundant SRP Modules
- Installing a Redundant SRP Module
- Managing SRP Module Redundancy
- Switching to the Redundant SRP Module
- Upgrading Software on a Redundant SRP Module
- Monitoring the Status LEDs
- Monitoring Line Module and SRP Module Redundancy
- Managing Flash Cards on SRP Modules
- Flash Features
- Flash Features on the E120 Router and the E320 Router
- Installing and Removing Flash Cards
- Synchronizing Flash Cards
- Synchronizing Flash Cards of Different Capacities
- Disabling Autosynchronization
- Validating and Recovering Redundant SRP File Integrity
- Reformatting the Primary Flash Card
- Copying the Image on the Primary SRP Module
- Scanning Flash Cards
- Monitoring Flash Cards
- Updating the Router with JUNOSe Hotfix Files
- Hotfix Compatibility and Dependency
- Removing Hotfixes
- Hotfixes and Backup Settings
- Hotfixes and Standby SRP Modules
- Hotfixes and Line Modules
- Monitoring Hotfixes
- Example: Using and Monitoring Hotfixes
- Managing the Ethernet Port on the SRP Module
- Monitoring Statistics
- Monitoring the Ethernet Configuration for the SRP Module
- Enabling Warm Restart Diagnostics on Modules
- Enabling Warm Restart Diagnostics
- Monitoring Modules
-
Managing High Availability
- Understanding High Availability
- Platform Considerations
- Module Requirements
- Redundancy Modes of Operation
- File System Synchronization Mode
- High Availability Mode
- Understanding SRP State Behavior
- Disabled State
- Initializing State
- Active State
- Pending State
- Application Support
- Before Activating High Availability
- Activating High Availability
- Deactivating High Availability
- Upgrading Software
- Monitoring High Availability
- High Availability show Commands
- Clearing the Redundancy History
-
Configuring a Unified In-Service Software Upgrade
- Unified ISSU Overview
- Router Behavior During a Unified In-Service Software Upgrade
- Unified ISSU Platform Considerations
- Unified ISSU Terms That Describe SRP and Line Module Behavior
- Unified ISSU References
- Unified ISSU Phases Overview
- Unified ISSU Initialization Phase Overview
- Application Data Upgrade on the Standby SRP Module
- Line Module Arming
- SNMP Traps
- Unified ISSU Upgrade Phase Overview
- Exceptions During the Upgrade Phase
- Verification of Requirements
- Upgrade Setup
- Unified ISSU Service Restoration Phase Overview
- Application Support for Unified ISSU
- Unexpected Application-Specific Behavior During Unified ISSU
- AAA Authentication and Authorization Disabled
- ATM Affected Behaviors
- ILMI Sessions Not Maintained
- OAM CC Effects on VCC
- OAM VC Integrity Verification Cessation
- Port Data Rate Monitoring Cessation
- VC and VP Statistics Monitoring Halts Unified ISSU Progress
- DHCP Affected Behaviors
- DHCP Common Component Information Suspended
- DHCP External Server Prevents Unified ISSU Operation
- DHCP Relay and DHCP Relay Proxy Prevent Unified ISSU
- DHCP Packet Capture Halted on Line Modules
- DoS Protection State Freeze
- Ethernet Affected Behaviors
- ARP Packets Briefly Not Sent or Received
- Link Aggregation interruption
- Port Data Rate Monitoring Halted
- VLAN Statistics Monitoring Halts Unified ISSU Progress
- FTP Server File Transfers Halted
- IS-IS Effects on Graceful Restart and Network Stability
- Configuring Graceful Restart Before Unified ISSU Begins
- Configuring Graceful Restart When BGP And LDP are Configured
- Routing Around the Restarting Router to Minimize Network Instability
- L2TP Failover of Established Tunnels
- OSPF Effects on Graceful Restart, Timeouts, and Network Stability
- Configuring Graceful Restart Before Unified ISSU Begins
- Configuring Graceful Restart When BGP And LDP are Configured
- Configuring a Longer Dead Interval Than Normal
- Routing Around the Restarting Router to Minimize Network Instability
- PIM Suspended During Unified ISSU
- Subscriber Logins and Logouts Suspended During Unified ISSU
- Subscriber Statistics Accumulation or Deletion
- SONET/SDH Behavior During Unified ISSU
- TACACS+ Services Not Available
- Interruption in Traffic Forwarding for Layer 3 Routing and Signaling Protocols
- Recommended Routing Protocol Timer Settings
- Before You Begin a Unified In-Service Software Upgrade
- Hardware Requirements for Unified ISSU
- Software Requirements for Unified ISSU
- Upgrading Router Software with Unified ISSU
- Halting the Unified ISSU Process and Restoring the Original State of the Router
- Halting Unified ISSU During Initialization Phase
- Halting Unified ISSU During Upgrade Phase
- Monitoring a Unified In-Service Software Upgrade
-
Passwords and Security
- Overview
- Platform Considerations
- Setting Basic Password Parameters
- Creating Encrypted Passwords
- Creating Secrets
- Encrypting Passwords in Configuration File
- Commands and Guidelines
- Setting and Erasing Passwords
- Privilege Levels
- Accessing Privilege Levels
- Setting Enable Passwords
- Erasing Enable Passwords
- Setting a Console Password
- Erasing the Console Password
- Monitoring Passwords
- Vty Line Authentication and Authorization
- Configuring Simple Authentication
- Configuring AAA Authentication and AAA Authorization
- Virtual Terminal Access Lists
- Secure System Administration with SSH
- Transport
- User Authentication
- Connection
- Key Management
- User Key Management
- Host Key Management
- Performance
- Security Concerns
- Before You Configure SSH
- SSH Configuration Tasks
- Configuring Encryption
- Configuring User Authentication
- Configuring Message Authentication
- Enabling and Disabling SSH
- Displaying SSH Status
- Terminating an SSH Session
- Restricting User Access
- Restricting Access to Commands with RADIUS
- Per-User Enable Authentication
- Restricting Access to Virtual Routers
- VSA Configuration Examples
- Commands Available to Users
- Denial of Service (DoS) Protection
- Suspicious Control Flow Detection
- Suspicious Control Flow Monitoring
- Configurable Options
- Display Options
- Traps and Logs
- Suspicious Control Flow Commands
- Monitoring Suspicious Control Flow
- Denial-of-Service Protection Groups
- Group Parameters
- Attaching Groups
- Protocol Mapping
- DoS Protection Group Configuration Example
- DoS Protection Group Commands
- Monitoring DoS Protection Groups
-
Writing CLI Macros
- Platform Considerations
- Writing Macros
- Environment Commands
- Variables
- Literals
- Operators
- Assignment
- Increment and Decrement
- String Operations
- Extraction Operations
- Arithmetic Operations
- Relational Operations
- Logical Operations
- Miscellaneous Operations
- Conditional Execution
- If Constructs
- While Constructs
- Passing Parameters in Macros
- Generating Macro Output
- Invoking Other Macros
- Detecting and Recording Macro Errors
- Detectable Macro Errors
- Logging Macro Results
- Viewing Macro Errors
- onError Macro Examples
- Detecting Invalid Command Formats
- Detecting Invalid Commands
- Detecting Missing Macros
- Running Macros
- Practical Examples
- Configuring Frame Relay
- Configuring ATM Interfaces
-
Booting the System
- Platform Considerations
- Configuring Your System for Booting
- Booting the GE-2 Line Module
- Rebooting Your System
- Rebooting When a Command Takes a Prolonged Time to Execute
- Configuration Caching
- Operations in Boot Mode
- Displaying Boot Information
- Output Filtering
-
Configuring the System Clock
- Overview
- NTP
- System Operation as an NTP Client
- Synchronization
- System Operation as an NTP Server
- Platform Considerations
- References
- Setting the System Clock Manually
- Before You Configure NTP
- Choosing NTP Servers
- NTP Configuration Tasks
- Enabling NTP Services
- NTP Client Configuration
- Directing Responses from NTP Servers
- Refusing Broadcasts from NTP Servers
- NTP Server Configuration
- Configuration Examples
- Monitoring NTP
-
Configuring Virtual Routers
- Overview
- Default Virtual Router
- Virtual Router Instances
- Routing Protocols
- VPNs and VRFs
- VPNs
- VRFs
- Platform Considerations
- References
- Configuring Virtual Routers
- Monitoring Virtual Routers
-
Abbreviations and Acronyms
-
References
- RFCs
- Draft RFCs
- Other Software Standards
- Hardware Standards
-
Index