JUNOS 9.4 System Basics Configuration Guide

JUNOS 9.4 System Basics Configuration Guide

DVD Home
Techpubs Home
Report an Error

Collapse TOC

List of Figures
List of Tables

Index
Index of Statements and Commands

Entire manual as PDF

About This Guide

Objectives

Audience

Supported Platforms

Using the Indexes

Using the Examples in This Manual

Documentation Conventions

List of Technical Publications

Documentation Feedback

Requesting Technical Support

Introduction to JUNOS Software

Product Architecture

Hardware Overview

Routing Process Architecture

Packet Forwarding Engine
Routing Engine

Configuration Architecture

JUNOS Software Components

Routing Engine Software

Routing Engine Kernel

Initialization Process

Management Process

Process Limits

Routing Protocol Process

IPv4 Routing Protocols
IPv6 Routing Protocols
Routing and Forwarding Tables
Routing Policy

VPNs

Interface Process

Chassis Process

SNMP and MIB II Processes

JUNOS Configuration Basics

Configuring the Software from External Devices

Methods for Configuring the JUNOS Software

JUNOS Command-Line Interface (CLI)
ASCII File
J-Web Package
JUNOScript API Software
NETCONF API Software
Configuration Commit Scripts

Configuring a Router for the First Time

Configuring the JUNOS Software the First Time on a Router with a Single Routing Engine
Configuring the JUNOS Software the First Time on a Router with Dual Routing Engines
JUNOS Software Default Settings That Protect the Router
Configuring Software Properties
Activating a Configuration
Managing Available Disk Space

Using Software Monitoring Tools

Router Security

Router Access
User Authentication
Specifying Plain-Text Passwords
Routing Protocol Security Features
Firewall Filters
Auditing for Security

System Management Overview

Specifying IP Addresses, Network Masks, and Prefixes
Specifying Filenames and URLs
Directories on the Router
Tracing and Logging Operations
Configuring Protocol Authentication
Configuring User Authentication

System Management Configuration Statements

Configuring Basic System Management

Configuring the Router’s Name and Addresses

Configuring the Router’s Name
Mapping the Router’s Name to IP Addresses
Configuring an ISO System Identifier
Example: Configuring a Router’s Name, IP Address, and System ID

Configuring the Router’s Domain Name

Example: Configuring the Router’s Domain Name

Configuring Which Domains to Search

Example: Configuring Which Domains to Search

Configuring a DNS Name Server

Example: Configuring a DNS Name Server

Configuring a Backup Router

Example: Configuring a Backup Router Running IPv4
Example: Configuring a Backup Router Running IPv6

Configuring Flash Disk Mirroring

Configuring the System Location

Configuring the Root Password

Example: Configuring the Root Password
Example: Configuring SSH Authentication for Root Logins

Configuring Special Requirements for Plain-Text Passwords

Example: Configuring Special Requirements for Plain-Text Passwords

Configuring Multiple Routing Engines to Synchronize Configurations Automatically

Compressing the Current Configuration File

Configuring User Access

Defining Login Classes

Configuring Access Privilege Levels

Example: Configuring Access Privilege Levels

Denying or Allowing Individual Commands

Specifying Operational Mode Commands

Example 1: Defining Access Privileges to Individual Operational Mode Commands
Example 2: Configuring Access Privileges to Individual Operational Mode Commands

Specifying Configuration Mode Commands

Example 3: Defining Access Privileges to Individual Configuration Mode Commands
Example 4: Configuring Access Privileges to Individual Configuration Mode Commands

Configuring the Timeout Value for Idle Login Sessions

Configuring Tips

Configuring User Accounts

Example: Configuring User Accounts

Limiting the Number of Login Attempts for SSH and Telnet Sessions

Example: Limiting the Number of Login Attempts for SSH and Telnet Sessions

JUNOS-FIPS Crypto Officer and User Accounts

Crypto Officer User Configuration
FIPS User Configuration

Configuring System Authentication

Configuring RADIUS Authentication

Configuring Juniper Networks Vendor-Specific RADIUS Attributes
Configuring MS-CHAPv2 for Password-Change Support
Example: Configuring MS-CHAPv2 on the Router

Configuring TACACS+ Authentication

Configuring Juniper Networks Vendor-Specific TACACS+ Attributes

Specifying a Source Address for RADIUS and TACACS+ Servers

Configuring the Same Authentication Service for Multiple TACACS+ Servers

Example: Configuring Multiple TACACS+ Servers

Configuring Template Accounts for RADIUS and TACACS+ Authentication

Using Remote Template Accounts

Using Local User Template Accounts

Example: Using the Local User Template

Using Regular Expressions to Allow or Deny Access to Commands

Configuring the Authentication Order

Using RADIUS or TACACS+ Authentication
Using Local Password Authentication
Order of Authentication Attempts
Example: Removing an Order Set from the Authentication Order
Example: Inserting an Order Set in the Authentication Order

Examples: Configuring System Authentication

Recovering the Root Password

Configuring Time

Setting the Time Zone

Examples: Setting the Time Zone

Configuring the Network Time Protocol

Configuring the NTP Boot Server

Specifying a Source Address for an NTP Server

Configuring the NTP Time Server and Time Services

Configuring the Router to Operate in Client Mode

Example: Configuring Client Mode

Configuring the Router to Operate in Symmetric Active Mode

Configuring the Router to Operate in Broadcast Mode

Configuring the Router to Operate in Server Mode

Example: Configuring Server Mode

Configuring NTP Authentication Keys

Configuring the Router to Listen for Broadcast Messages

Configuring the Router to Listen for Multicast Messages

Setting a Custom Time Zone

Usage Guidelines for Setting a Custom Time Zone

How to Import and Install Time Zone Files

Configuring System Log Messages

System Logging Configuration Statements

Minimum and Default System Logging Configuration

Minimum System Logging Configuration
Default System Log Settings

Configuring System Logging for a Single-Chassis System

Specifying the Facility and Severity of Messages to Include in the Log

Directing Messages to a Log File

Logging Messages in Structured-Data Format

Directing Messages to a User Terminal

Directing Messages to the Console

Directing Messages to a Remote Machine or the Other Routing Engine

Specifying an Alternative Source Address for System Log Messages

Changing the Alternative Facility Name for Remote Messages

Examples: Assigning an Alternative Facility

Adding a Text String to System Log Messages

Example: Adding a String

Specifying Log File Size, Number, and Archiving Properties

Including Priority Information in System Log Messages

Including the Year or Millisecond in Timestamps

Using Regular Expressions to Refine the Set of Logged Messages

Example: Using Regular Expressions

Disabling Logging of a Facility

Examples: Configuring System Logging

Configuring System Logging for a Routing Matrix

Configuring Message Forwarding in the Routing Matrix

Messages Logged When Local and Forwarded Severity Levels Are the Same
Messages Logged When Local Severity Level Is Lower
Messages Logged When Local Severity Level Is Higher

Configuring Optional Features for Forwarded Messages

Including Priority Information in Forwarded Messages
Adding a Text String to Forwarded Messages
Using Regular Expressions to Refine the Set of Forwarded Messages

Directing Messages to a Remote Destination from the Routing Matrix

Configuring System Logging Differently on Each Platform

Configuring Miscellaneous System Management Features

Configuring Console and Auxiliary Port Properties

Disabling the Sending of Redirect Messages on the Router

Configuring the Source Address for Locally Generated TCP/IP Packets

Configuring the Router or Interface to Act as a DHCP/BOOTP Relay Agent

Disabling the Response to Multicast Ping Packets

Disabling the Reporting of IP Address and Timestamps in Ping Responses

Configuring System Services

Configuring clear-text or SSL Service for JUNOScript Client Applications

Configuring clear-text Service for JUNOScript Client Applications
Configuring SSL Service for JUNOScript Client Applications

Configuring a DHCP Server

DHCP Overview

Network Address Assignments (Allocating a New Address)
Network Address Assignments (Reusing a Previously Assigned Address)
Static and Dynamic Bindings
Compatibility with Autoinstallation
Conflict Detection and Resolution
DHCP Statement Hierarchy and Inheritance

Configuring Address Pools

Configuring Manual (Static) Bindings

Specifying DHCP Lease Times

Configuring a Boot File and Boot Server

Configuring a DHCP Server Identifier

Configuring a Domain Name and Domain Search List

Configuring Routers Available to the Client

Creating User-Defined DHCP

Example: Complete DHCP Server Configuration

Example: Viewing DHCP Bindings

Example: Viewing DHCP Address Pools

Example: Viewing and Clearing DHCP Conflicts

Tracing DHCP Processes

Configuring the DHCP Processes Log Filename
Configuring the Number and Size of DHCP Processes Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Line to Be Logged
Configuring the Trace Operations

Configuring the Extended DHCP Local Server

Interaction Among the DHCP Client, Extended DHCP Local Server, and Address-Assignment Pools

Using Address Assignment Pools

Configuring How the Extended DHCP Local Server Determines Which Address-Assignment Pool to Use

Matching Client IP Address to Address-Assignment Pool
Matching Option 82 Information to Named Address Ranges

Using Default Options

Using External AAA Authentication Services

Grouping Interfaces with Common DHCP Configurations
Configuring Passwords for Usernames
Creating Unique Usernames
Example: Configuring a Unique Username
Providing Client Configuration Information

Tracing Extended DHCP Local Server Operations

Configuring the Extended DHCP Local Server Processes Log Filename
Configuring the Number and Size of Extended DHCP Local Server Processes Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Line to Be Logged
Configuring Trace Option Flags

Example: Minimum Extended DHCP Local Server Configuration

Example: Extended DHCP Local Server Configuration with Optional Pool Matching

Verifying and Managing DHCP Local Server Configuration

Configuring DTCP-over-SSH Service for the Flow-Tap Application

Configuring Finger Service

Configuring FTP Service

Configuring SSH Service

Configuring the Root Login
Configuring the SSH Protocol Version

Configuring Outbound SSH Service

Understanding the Client
Identifying the Device to the Client
Sending the Router’s Public SSH Key
Using the Standard SSH Sequence
Configuring Keepalive Messages
Configuring the reconnect-strategy Statement
Configuring the services Statement
Configuring Outbound SSH Clients

Configuring Telnet Service

Configuring Console Access to PICs

Configuring a System Login Message

Configuring a System Login Announcement

Configuring JUNOS Software Processes

Disabling JUNOS Software Processes
Configuring Failover to Backup Media if a Software Process Fails

Configuring the Password on the Diagnostics Port

Viewing Core Files from JUNOS Processes

Saving Core Files from JUNOS Processes

Configuring Logical System Administrators

Configuring a Router to Transfer Its Configuration to an Archive Site

Configuring the Transfer Interval
Configuring Transfer on a Commit Operation
Configuring Archive Sites for Configuration Files

Specifying the Number of Configurations Stored on the CompactFlash Card

Configuring RADIUS System Accounting

Specifying Events
Configuring RADIUS Accounting
Example: Configuring RADIUS Accounting

Configuring TACACS+ System Accounting

Specifying Events
Configuring TACACS+ Accounting
Configuring TACACS+ Accounting on a TX Matrix Platform

Enabling the SRC Software

Configuring the ICMP4 Rate Limit

Configuring the ICMPv6 Rate Limit

Configuring IP-IP Path MTU Discovery

Configuring TCP MSS for Session Negotiation

Configuring IPv6 Path MTU Discovery

Configuring IPv6 Duplicate Address Detection Transmits

Configuring Acceptance of IPv6 Packets with Zero Hop-Limit

Configuring GRE Path MTU Discovery

Configuring Path MTU Discovery

Configuring Source Quench

Configuring the Router to Drop Packets with the SYN and FIN Bits Set

Configuring No TCP RFC 1323 Extensions

Configuring No TCP RFC 1323 PAWS Extension

Configuring the Range of Port Addresses

Configuring ARP Learning and Aging

Configuring Passive ARP Learning for Backup VRRP Routers
Adjusting the ARP Aging Timer

Configuring System Alarms to Appear Automatically

Security Configuration Example

Configuring System Information

Configuring RADIUS
Creating Login Classes
Defining User Login Accounts
Defining RADIUS Template Accounts
Enabling Connection Services
Configuring System Logging
Configuring the Time Source

Configuring Interfaces

Configuring SNMP

Configuring Protocol-Independent Routing Properties

Reserved IRI IP Addresses

Sample Output

Configuring Routing Protocols

Configuring BGP
Configuring IS-IS

Configuring Firewalls

Example: Consolidated Security Configuration

Summary of System Management Configuration Statements

accounting

accounting-port

allow-commands

allow-configuration

archive (All System Log Files)
archive (Individual System Log File)

archive-sites

archive-sites (Configuration)
archive-sites (System Log)

arp

authentication

authentication (Login)
authentication (Subscriber Access Management)

authentication-key

authentication-order

boot-server (DHCP)
boot-server (NTP)

class (Assign a Class to an Individual User)
class (Define Login Classes)

client-identifier

commit

commit synchronize

compress-configuration-files

configuration

configuration-servers

connection-limit

console

console (Physical Port)
console (System Logging)

default-address-selection

default-lease-time

delimiter

deny-commands

deny-configuration

destination

destination-override

dhcp

dhcp-local-server

diag-port-authentication

domain-name

domain-name (DHCP)
domain-name (Subscriber Access Management)
domain-name (Router)

domain-search

dump-device

events

explicit-priority

facility-override

file

file (Commit Scripts)
file (System Logging)

gre-path-mtu-discovery

icmpv4-rate-limit

icmpv6-rate-limit

idle-timeout

inet6-backup-router

interface

interface (ARP Aging Timer)
interface (DHCP Local Server)

interfaces

internet-options

ip-address-first

ipip-path-mtu-discovery

ipv6-duplicate-addr-detection-transmits

ipv6-path-mtu-discovery

ipv6-path-mtu-discovery-timeout

ipv6-reject-zero-hop-limit

limits

load-key-file

local-certificate

location

log-prefix

logical-system-name

max-configurations-on-flash

maximum-lease-time

mirror-flash-on-disk

multicast-client

name-server

no-compress-configuration-files

no-gre-path-mtu-discovery

no-ipip-path-mtu-discovery

no-ipv6-reject-zero-hop-limit

no-multicast-echo

no-path-mtu-discovery

no-ping-record-route

no-ping-time-stamp

no-redirects

no-remote-trace

no-saved-core-context

no-source-quench

no-tcp-rfc1323

no-tcp-rfc1323-paws

no-world-readable

ntp

option-60

option-82

option-82 (Extended DHCP Local Server)
option-82 (Subscriber Access Management)

password (Login)
password (Subscriber Access Management)

path-mtu-discovery

peer

permissions

pic-console-authentication

pool

pool-match-order

port

port (HTTP/HTTPS)
port (RADIUS Server)
port (SRC Server)
port (TACACS+ Server)

root-authentication

root-login

router

routing-instance-name

saved-core-context

server (NTP)
server (RADIUS Accounting)
server (TACACS+ Accounting)

server-identifier

servers

service-deployment

services

session

single-connection

size

source

source-address

source-address (NTP, RADIUS, System Logging, or TACACS+)
source-address (SRC Software)

static-host-mapping

tcp-drop-synfin-set

traceoptions (Address-Assignment Pool)
traceoptions (Commit Scripts)
traceoptions (DHCP Server on J-series Services Routers)
traceoptions (Extended DHCP Local Server)

tracing

transfer-interval

transfer-interval (Configuration)
transfer-interval (System Log)

transfer-on-commit

trusted-key

uid

user

user (Access)
user (System Logging)

Configuring Access

Configuring the Point-to-Point Protocol

Example: PPP Challenge Handshake Authentication Protocol
Example: CHAP Authentication with RADIUS
Configuring the Authentication Order

Tracing Access Processes

Configuring the Access Processes Log Filename
Configuring the Number and Size of Access Processes Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Trace Operations

Configuring the Layer 2 Tunneling Protocol

Minimum L2TP Configuration

Configuring the Address Pool

Configuring the Group Profile

Configuring L2TP for a Group Profile
Configuring the PPP Attributes for a Group Profile
Example: Group Profile Configuration

Configuring the Profile

Configuring the Authentication Order

Configuring the Accounting Order

Configuring the Client

Example: Defining the Default Tunnel Client
Example: Defining the User Group Profile
Configuring the CHAP Secret
Example: Configuring PPP CHAP
Referencing the Group Profile
Configuring L2TP Properties for a Profile
Example: PPP MP for L2TP
Example: L2TP Multilink PPP Support on Shared Interfaces
Configuring the Password Authentication Protocol Password for an L2TP Profile
Example: Configuring PAP for an L2TP Profile
Configuring the PPP Properties for a Profile
Applying a Configured PPP Group Profile to a Tunnel
Example: Applying a User Group Profile on the M7i or M10i Router
Example: Configuring the Profile

Example: Configuring L2TP

Configuring RADIUS Authentication for L2TP

Configuring RADIUS Attributes for L2TP
Example: RADIUS Authentication for L2TP

Configuring the RADIUS Disconnect Server for L2TP

Example: Configuring the RADIUS Disconnect Server

Configuring RADIUS Authentication for an L2TP Profile

Example: RADIUS Authentication for an L2TP Profile

Configuring an Internet Key Exchange (IKE) Access Profile

Managing Subscriber Access

AAA Service Framework Overview

Using RADIUS Authentication and Accounting for Subscriber Access Management

Configuring How the Router Interacts with RADIUS Servers

Configuring Authentication and Accounting Parameters

Specifying the Authentication and Accounting Methods
Configuring How Accounting Statistics Are Collected

Configuring RADIUS Parameters

Specifying the RADIUS Authentication and Accounting Servers to Use for Subscriber Access Management
Configuring Options for RADIUS Servers
Configuring How RADIUS Attributes Are Used

Example: Configuring RADIUS-Based Subscriber Authentication and Accounting

RADIUS Attributes and Juniper Networks VSAs Supported by the AAA Service Framework

RADIUS IETF Attributes Supported by the AAA Service Framework
Juniper Networks VSAs Supported by the AAA Service Framework

Attaching Access Profiles

Verifying and Managing Subscriber Access Information

Configuring Address-Assignment Pools

License Requirements
Configuring the Pool Name and Network Address
Configuring a Named Address Range for Dynamic Address Assignment
Configuring Static Address Assignment
Configuring DHCP Client-Specific Attributes
Example: Configuring an Address-Assignment Pool

Tracing Address-Assignment Pool Processes

Configuring the Address-Assignment Pool Trace Log Filename
Configuring the Number and Size of Address-Assignment Pool Processes Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Trace

Summary of Access Configuration Statements

accounting

accounting-order

accounting-port

accounting-server

accounting-session-id-format

accounting-stop-on-access-deny

accounting-stop-on-failure

address

address-assignment

address-pool

address-range

allowed-proxy-pair

attributes

authentication-order

authentication-server

encapsulation-overhead

ethernet-port-type-virtual

exclude

fragmentation-threshold

framed-ip-address

framed-pool

grace-period

group-profile

group-profile (Group Profile)
group-profile (Profile)

initiate-dead-peer-detection

interface-description-format

l2tp (Group Profile)
l2tp (Profile)

lcp-renegotiation

local-chap

maximum-lease-time

maximum-sessions-per-tunnel

multilink

name-server

nas-identifier

nas-port-extended-format

netbios-node-type

override-nas-information

ppp (Group Profile)
ppp (Profile)

ppp-authentication

radius-disconnect

radius-disconnect-port

user-group-profile

vlan-nas-port-stacked-format

wins-server

Security Services Overview

IPSec Overview
Security Associations
IKE
IPSec Requirements for JUNOS-FIPS

Security Services Configuration Guidelines

Configuring IPSec (ES PIC)

Minimum Manual SA Configuration

Minimum IKE Configuration

Minimum Digital Certificates Configuration for IKE (ES PIC)

Configuring Security Associations

Configuring the Description for an SA

Configuring IPSec Mode

Configuring Transport Mode
Configuring Tunnel Mode

Configuring Manual Security Associations

Configuring the Processing Direction

Example: Configuring Inbound and Outbound Processing
Example: Configuring Bidirectional Processing

Configuring the Protocol for a Manual SA

Configuring the Security Parameter Index

Configuring the Auxiliary Security Parameter Index

Configuring the Authentication Algorithm and Key

Configuring the Encryption Algorithm and Key

Configuring Dynamic Security Associations

Configuring an IKE Proposal (Dynamic SAs Only)

Configuring the Authentication Algorithm for an IKE Proposal
Configuring the Authentication Method for an IKE Proposal
Configuring the Description for an IKE Proposal
Configuring the Diffie-Hellman Group for an IKE Proposal
Configuring the Encryption Algorithm for an IKE Proposal
Configuring the Lifetime for an IKE SA
Example: Configuring an IKE Proposal

Configuring an IKE Policy for Preshared Keys

Configuring the Description for an IKE Policy
Configuring the Mode for an IKE Policy
Configuring the Preshared Key for an IKE Policy
Associating Proposals with an IKE Policy
Example: Configuring an IKE Policy

Configuring an IPSec Proposal (ES PIC)

Configuring the Authentication Algorithm for an IPSec Proposal
Configuring the Description for an IPSec Proposal
Configuring the Encryption Algorithm for an IPSec Proposal
Configuring the Lifetime for an IPSec SA
Configuring the Protocol for a Dynamic IPSec SA

Configuring the IPSec Policy (ES PIC)

Configuring Perfect Forward Secrecy
Example: IPSec Policy Configuration

Using Digital Certificates (ES PIC)

Digital Certificates Overview

Obtaining a Certificate from a Certificate Authority (ES PIC)

Requesting a CA Digital Certificate

Example: Requesting a CA Digital Certificate

Generating a Private and Public Key

Example: Generating a Key Pair

Configuring Digital Certificates (ES PIC)

Configuring the Certificate Authority Properties

Specifying the Certificate Authority Name
Configuring the Certificate Revocation List
Configuring the Type of Encoding Your CA Supports
Specifying an Enrollment URL
Specifying a File to Read the Digital Certificate
Specifying an LDAP URL

Configuring the Cache Size

Configuring the Negative Cache

Configuring the Number of Enrollment Retries

Configuring the Maximum Number of Peer Certificates

Configuring the Path Length for the Certificate Hierarchy

Configuring an IKE Policy for Digital Certificates (ES PIC)

Configuring the Type of Encoding Your CA Supports
Configuring the Identity to Define the Remote Certificate Name
Specifying the Certificate Filename
Specifying the Private and Public Key File

Obtaining a Signed Certificate from the CA (ES PIC)

Example: Obtaining a Signed Certificate

Configuring the ES PIC

Example: Configuring the ES PIC

Configuring Traffic

Example: Configuring an Outbound Traffic Filter
Example: Applying an Outbound Traffic Filter
Example: Configuring an Inbound Traffic Filter for Policy Check
Example: Applying an Inbound Traffic Filter to ES PIC for Policy Check

Configuring an ES Tunnel Interface for a Layer 3 VPN

Configuring Digital Certificates for Adaptive Services Interfaces

Configuring the Certificate Authority Properties

Specifying the CA Profile Name
Specifying an Enrollment URL
Specifying the Enrollment Properties

Configuring the Certificate Revocation List

Specifying an LDAP URL
Configuring the Interval Between CRL Updates
Overriding Certificate Verification if CRL Download Fails

Managing Digital Certificates

Requesting a CA Digital Certificate

Example: Requesting a CA Digital Certificate

Generating a Public/Private Key Pair

Example: Generating a Key Pair

Generating and Enrolling a Local Digital Certificate

Example: Generating a Local Certificate Manually

Configuring the Auto-Reenrollment Properties

Specify the Certificate ID
Specify the CA Profile
Specify the Challenge Password
Specify the Reenroll Trigger Time
Specify the Regenerate Key Pair
Specify the Validity Period

Configuring Trace

Authentication Key Update Mechanism

Configuring Authentication Key Updates
Configuring BGP and LDP for Authentication Key Updates

Configuring SSH Host Keys for Secure Copy

Configuring SSH Known Hosts

Configuring Support for SCP File Transfer

Updating SSH Host Key Information

Retrieving Host Key Information Manually
Importing Host Key Information from a File

Importing SSL Certificates for JUNOScript Support

Configuring Internal IPSec for JUNOS-FIPS

Configuring the SA Direction
Configuring the IPSec SPI
Configuring the IPSec Key
Example: Configuring Internal IPSec

Summary of Security Services Configuration Statements

algorithm

authentication

authentication-algorithm

authentication-algorithm (IKE)
authentication-algorithm (IPSec)

authentication-key-chains

authentication-method

auto-re-enrollment

cache-timeout-negative

certificate-id

certificates

certification-authority

challenge-password

crl

crl (Encryption Interface on M-series and T-series Routing Platforms Only)
crl (Adaptive Services Interfaces Only)

description

dh-group

direction

direction (JUNOS Software)
direction (JUNOS-FIPS Software)

dynamic

encoding

encryption

encryption (JUNOS Software)
encryption (JUNOS-FIPS Software)

encryption-algorithm

local-certificate

local-key-pair

manual

manual (JUNOS Software)
manual (JUNOS-FIPS Software)

maximum-certificates

mode

mode (IKE)
mode (IPSec)

path-length

perfect-forward-secrecy

pki

policy

policy (IKE)
policy (IPSec)

pre-shared-key

proposal

proposal (IKE)
proposal (IPSec)

proposals

protocol

protocol (JUNOS Software)
protocol (JUNOS-FIPS Software)

re-enroll-trigger-time

re-generate-keypair

security-association

security-association (JUNOS Software)
security-association (JUNOS-FIPS Software)

spi

spi (JUNOS Software)
spi (JUNOS-FIPS Software)

SDK Applications Overview

SDK Applications Configuration Guidelines

Enabling the SDK Service Process and SDK Application Deployment

Example: extensions Statement

Configuring the MultiServices PIC

Example: extension-provider Statement

Configuring SDK Service Sets

Service Order

Example: Service Set Configuration
Example: Service Order Configuration

Interface and Next-Hop Service Sets

Example: Interface Service Set
Example: Next-Hop Service Set

Limitations and Constraints for SDK Services Sets

Configuring Traffic Sampling for SDK Applications

Enabling Sampling on a MultiServices PIC
Example: Traffic Sampling on a MultiServices PIC
Limitations and Constraints

Tracing Process Monitoring Operations

Tracing System Resource Cleanup Operations

Using Configuration Mode Commands with SDK Applications

Displaying Additional Information About Installed SDK Application Packages

Example: show jnx-example | display detail Command

Displaying and Deleting the Configuration for SDK Applications

Using the extension show Command to Match Package Names
Using the extension show Command to Display a Specific Package’s Configuration
Using the extension delete Command

Summary of SDK Configuration Mode Commands

extension package-name (show | delete)
show | display detail

Summary of SDK Configuration Statements

extension-provider

extension-service

traceoptions (Process Monitor)
traceoptions (Resource Cleanup)

Summary of SDK Operational Commands

show chassis pic
show extension-provider system connections
show extension-provider system packages
show extension-provider system processes
show extension-provider system uptime
show extension-provider system virtual-memory
show system processes
show system processes health
show system processes providers
show system resource-cleanup processes
show version

Router Chassis Configuration Guidelines

Minimum Chassis Configuration

Configuring a Flexible PIC Concentrator to Stay Offline

Configuring an SFM to Stay Offline

Configuring Aggregated Devices

Configuring Virtual Links for Aggregated Devices
Configuring LACP Link Protection at the Chassis Level
Enabling LACP Link Protection
Configuring System Priority

Configuring ATM Cell-Relay Accumulation Mode on an ATM1 PIC

Configuring Port Mirroring Instances on MX-series Routers

Configuring Port Mirroring Instances at the DPC Level on MX-series Routers
Configuring Port Mirroring Instances at the PIC Level on MX-series Routers
Precedence of Port-Mirroring Instances at Different Levels of the Chassis

Configuring 12-Port T1/E1 Circuit Emulation PICs

Configuring Conditions That Trigger Alarms

Chassis Conditions That Trigger Alarms

Backup Routing Engine Alarms

Silencing External Devices

Disabling Physical Operation of the Craft Interface

Configuring Service Packages on Adaptive Services Interfaces

Configuring Next-Generation SONET Phase I PICs

Configuring SONET/SDH Framing

Configuring an External Synchronization Interface

Configuring Sparse DLCI Mode

Configuring Channelized PIC Operation

Concatenated and Nonconcatenated Mode

Configuring Channelized DS3-to-DS0 Naming

Configuring Eight Queues on IQ Interfaces

Configuring Channelized E1 Naming

Configuring Channelized STM1 Interface Virtual Tributary Mapping

Configuring ATM2 Intelligent Queuing Layer 2 Circuit Transport Mode

Enabling ILMI for Cell Relay

Configuring Tunnel Interfaces on MX-Series Ethernet Services Routers

Example: Configuring Tunnel Interfaces on a Gigabit Ethernet 40-Port DPC
Example: Configuring Tunnel Interfaces on a 10-Gigabit Ethernet 4-Port DPC

Configuring Packet Scheduling

Configuring the Link Services PICs

Multiclass Extension to MLPPP (RFC 2686)

Configuring the Idle Cell Format

Configuring an MTU Path Check for a Routing Instance

Enabling MTU Check for a Routing Instance
Assigning an IP Address to an Interface in the Routing Instance

Configuring Redundancy

Configuring FPC to FEB Connectivity on M120 Routers

Example: Configuring FPC to FEB Connectivity on the M120 Router

Configuring a Routing Engine to Reboot or Halt on Hard Disk Errors

Configuring the CONFIG Button

Configuring Larger Delay Buffers

Configuring an Entry-Level M320 Router

Configuring the uPIM Mode on J-series Routers

Setting J-Series PIMs Offline
Disabling Power Management on the J-series Chassis

Configuring the IP and Ethernet Services Mode in MX-series Routers

Restrictions on JUNOS Features for MX-series Routers

Configuring J-series Services Router Switching Interfaces

Example: Configuring J-series Services Router Switching Interfaces

TX Matrix Platform and T640 Routing Node Configuration Guidelines

Routing Matrix Overview

Running Different JUNOS Software Releases

Software Upgrades and Reinstallation

Rebooting Process

Committing Configurations

Configuring a T640 Routing Node Within a Routing Matrix

Chassis and Interface Names

Upgrading Switch Interface Boards

Downgrading Switch Interface Boards

Configuring the Online Expected Alarm

Creating Configuration Groups

Configuring System Log Messages

Summary of Router Chassis Configuration Statements

adaptive-services

aggregate-ports

aggregated-devices

alarm

atm-cell-relay-accumulation

atm-l2circuit-mode

disk-failure-action

e1

ethernet

fabric upgrade-mode

fpc

fpc (M320, T320, T640 Routing Platforms)
fpc (MX-Series Ethernet Services Routers)
fpc (TX Matrix Platform)

fpc-feb-connectivity

max-queues-per-interface

mlfr-uni-nni-bundles

packet-scheduling

pem

pic

pic (M-series and T-series Routing Platforms)
pic (TX Matrix Platform)

port

power

q-pic-large-buffer

red-buffer-occupancy

Index
Index of Statements and Commands