[Contents] [Prev] [Next] [Index] [Report an Error]

System Management Configuration Statements

To configure system management, you can include the following statements in the configuration:

system {
accounting {
events [ login change-log interactive-commands ];
destination {
radius {
server {
server-address {
accounting-port port-number;
retry number;
secret password;
source-address address;
timeout seconds;
}
}
}
tacplus {
server {
server-address {
port port-number;
secret password;
single-connection;
timeout seconds;
}
}
}
}
}
archival {
configuration {
archive-sites {
ftp://<username>:<password>@<host>:<port>/<url-path>;
ftp://<username>:<password>@<host>:<port>/<url-path>;
}
transfer-interval interval;
transfer-on-commit;
}
}
arp {
passive-learning;
aging-timer minutes;
}
authentication-order [ authentication-methods ];
backup-router address <destination destination-address>;
commit synchronize;
(compress-configuration-files | no-compress-configuration-files);
default-address-selection;
dump-device (compact-flash | remove-compact | usb);
diag-port-authentication (encrypted-password “password” | plain-text-password);
domain-name domain-name;
domain-search [ domain-list ];
host-name hostname;
inet6-backup-router address <destination destination-address>;
internet-options {
tcp-mss mss-value;
(gre-path-mtu-discovery | no-gre-path-mtu-discovery);
icmpv4-rate-limit {
bucket-size bucket-size;
packet-rate packet-rate;
}
icmpv6-rate-limit {
bucket-size bucket-size;
packet-rate packet-rate;
}
(ipip-path-mtu-discovery | no-ipip-path-mtu-discovery);
(ipv6-path-mtu-discovery | no-ipv6-path-mtu-discovery);
ipv6-path-mtu-discovery-timeout;
no-tcp-rfc1323;
no-tcp-rfc1323-paws;
(path-mtu-discovery | no-path-mtu-discovery);
source-port upper-limit <upper-limit>;
(source-quench | no-source-quench);
tcp-drop-synfin-set;
}
location {
altitude feet;
building name;
country-code code;
floor number;
hcoord horizontal-coordinate;
lata service-area;
latitude degrees;
longitude degrees;
npa-nxx number;
postal-code postal-code;
rack number;
vcoord vertical-coordinate;
}
login {
announcement text;
class class-name {
allow-commandsregular-expression”;
allow-configurationregular-expression”;
deny-commandsregular-expression”;
deny-configurationregular-expression”;
idle-timeout minutes;
login-tip;
permissions [ permissions ];
}
message text;
password (Login) {
change-type (set-transitions | character-set);
format (md5 | sha1 | des);
maximum-length length;
minimum-changes number;
minimum-length length;
}
retry-options {
backoff-threshold number;
backoff-factor seconds;
minimum-time seconds;
tries-before-disconnect number;
}
user username {
full-name complete-name;
uid uid-value;
class class-name;
authentication {
(encrypted-password “password” | plain-text-password);
ssh-rsa “public-key”;
ssh-dsa “public-key”;
}
}
}
login-tip number;
mirror-flash-on-disk;
name-server {
address;
}
no-multicast-echo;
no-redirects;
ntp {
authentication-key key-number type type value password;
boot-server (NTP) address;
broadcast <address> <key key-number> <version value> <ttl value>;
broadcast-client;
multicast-client <address>;
peer address <key key-number> <version value> <prefer>;
source-address source-address;
server address <key key-number> <version value> <prefer>;
trusted-key [ key-numbers ];
}
ports {
auxiliary {
type terminal-type;
}
pic-console-authentication {
encrypted-password encrypted-password;
plain-text-password;
console {
insecure;
log-out-on-disconnect;
type terminal-type;
disable;
}
}
processes {
process--name (enable | disable) failover (alternate-media | other-routing-engine);
timeout seconds;
}
}
radius-server server-address {
port port-number;
retry number;
secret password;
source-address source-address;
timeout seconds;
}
radius-options {
password-protocol mschap-v2;
}
attributes {
nas-ip-address ip-address;
root-authentication {
(encrypted-password “password” | plain-text-password);
ssh-rsa “public-key”;
ssh-dsa “public-key”;
}
(saved-core-context | no-saved-core-context);
saved-core-files saved-core-files;
scripts {
commit {
allow-transients;
file filename.xsl {
optional;
refresh;
refresh-from url;
source url;
}
traceoptions {
file filename <files number> <size size> <match regular-expression>;
flag flag;
}
}
services {
finger {
<connection-limit limit>;
<rate-limit limit>;
}
flow-tap-dtcp {
ssh {
<connection-limit limit>;
<rate-limit limit>;
}
}
ftp {
<connection-limit limit>;
<rate-limit limit>;
}
service-deployment {
servers server-address {
port port-number;
}
source-address source-address;
}
ssh {
root-login (allow | deny | deny-password);
protocol-version [v1 v2];
<connection-limit limit>;
<rate-limit limit>;
}
telnet {
<connection-limit limit>;
<rate-limit limit>;
}
web-management {
http {
interfaces [ interface-names ];
port port;
}
https {
interfaces [ interface-names ];
local-certificate name;
port port;
}
limits {
active-child-process [ process-limit ];
}
session {
idle-timeout [ minutes ];
session-limit [ session-limit ];
}
}
xnm-clear-text {
<connection-limit limit>;
<rate-limit limit>;
}
xnm-ssl {
<connection-limit limit>;
local-certificate name;
<rate-limit limit>;
}
}
static-host-mapping {
hostname {
alias [ alias ];
inet [ address ];
sysid system-identifier;
}
}
syslog {
archive {
files number;
size size;
(world-readable | no-world-readable);
}
console {
facility severity;
}
file filename {
facility severity;
explicit-priority;
match "regular-expression";
structured-data;
archive {
files number;
size size;
(world-readable | no-world-readable);
}
}
host (hostname | other-routing-engine | scc-master) {
facility severity;
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
}
source-address source-address;
time-format (year | millisecond | year millisecond);
user (username | *) {
facility severity;
match "regular-expression";
}
}
tacplus-options {
service-name service-name;
(no-cmd-attribute-value | exclude-cmd-attribute);
}
tacplus-server server-address {
secret password;
single-connection;
source-address source-address;
timeout seconds;
}
time-zone (GMThour-offset | time-zone);
}
tracing{
destination-override {
syslog host ;
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.