[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Table of Contents
-
About This Guide
-
-
Objectives
-
Audience
-
Supported Platforms
-
Using the Indexes
-
Using the Examples in This Manual
-
Documentation Conventions
-
-
List of Technical Publications
-
Documentation Feedback
-
Requesting
Technical Support
-
Overview
-
-
Introduction to JUNOS Software
-
-
Product Architecture
-
-
Hardware Overview
-
Routing Process Architecture
-
-
Packet Forwarding Engine
-
Routing
Engine
-
Configuration Architecture
-
JUNOS Software Components
-
Routing Engine Software
-
-
Routing Engine Kernel
-
Initialization Process
-
Management Process
-
Process Limits
-
Routing Protocol Process
-
-
IPv4 Routing
Protocols
-
IPv6 Routing Protocols
-
Routing and Forwarding Tables
-
Routing
Policy
-
VPNs
-
Interface Process
-
Chassis Process
-
SNMP and MIB II Processes
-
JUNOS Configuration Basics
-
-
Configuring the Software from External Devices
-
Methods for Configuring the JUNOS Software
-
-
JUNOS Command-Line Interface (CLI)
-
ASCII File
-
J-Web Package
-
JUNOScript API Software
-
NETCONF API Software
-
Configuration Commit Scripts
-
Configuring a Router for the First Time
-
-
Configuring the JUNOS Software the First Time on a Router with
a Single Routing Engine
-
Configuring the JUNOS Software the First Time on a Router with
Dual Routing Engines
-
JUNOS Software Default Settings That Protect the Router
-
Configuring Software Properties
-
Activating a Configuration
-
Managing Available Disk Space
-
Using Software Monitoring Tools
-
Router Security
-
-
Router Access
-
User Authentication
-
Specifying Plain-Text Passwords
-
Routing Protocol Security Features
-
Firewall Filters
-
Auditing for Security
-
System Management
-
-
System Management Overview
-
-
Specifying IP Addresses, Network Masks, and Prefixes
-
Specifying Filenames and URLs
-
Directories on the Router
-
Tracing and Logging Operations
-
Configuring Protocol Authentication
-
Configuring User Authentication
-
System Management Configuration Statements
-
Configuring Basic System Management
-
-
Configuring the Router’s Name and Addresses
-
-
Configuring the Router’s Name
-
Mapping the Router’s Name to IP Addresses
-
Configuring an ISO System Identifier
-
Example: Configuring a Router’s Name, IP Address, and
System ID
-
Configuring the Router’s Domain Name
-
-
Example: Configuring the Router’s Domain Name
-
Configuring Which Domains to Search
-
-
Example: Configuring Which Domains to Search
-
Configuring a DNS Name Server
-
-
Example: Configuring a DNS Name Server
-
Configuring a Backup Router
-
-
Example: Configuring a Backup Router Running IPv4
-
Example: Configuring a Backup Router Running IPv6
-
Configuring Flash Disk Mirroring
-
Configuring the System Location
-
Configuring the Root Password
-
-
Example: Configuring the Root Password
-
Example: Configuring SSH Authentication for Root Logins
-
Configuring Special Requirements for Plain-Text Passwords
-
-
Example: Configuring Special Requirements for Plain-Text Passwords
-
Configuring Multiple Routing Engines to Synchronize Configurations
Automatically
-
Compressing the Current Configuration File
-
Configuring User Access
-
-
Defining Login Classes
-
-
Configuring Access Privilege Levels
-
-
Example: Configuring
Access Privilege Levels
-
Denying or Allowing Individual Commands
-
-
Specifying
Operational Mode Commands
-
-
Example 1: Defining Access
Privileges to Individual Operational Mode Commands
-
Example 2: Configuring
Access Privileges to Individual Operational Mode Commands
-
Specifying Configuration Mode Commands
-
-
Example 3: Defining Access Privileges
to Individual Configuration Mode Commands
-
Example 4: Configuring
Access Privileges to Individual Configuration Mode Commands
-
Configuring the Timeout Value for Idle Login Sessions
-
Configuring Tips
-
Configuring User Accounts
-
-
Example: Configuring User Accounts
-
Limiting the Number of Login Attempts for SSH and Telnet Sessions
-
-
Example: Limiting the Number of Login Attempts for SSH and
Telnet Sessions
-
JUNOS-FIPS Crypto Officer and User Accounts
-
-
Crypto Officer User Configuration
-
FIPS User Configuration
-
Configuring System Authentication
-
-
Configuring RADIUS Authentication
-
-
Configuring
Juniper Networks Vendor-Specific RADIUS Attributes
-
Configuring MS-CHAPv2 for Password-Change Support
-
Example: Configuring MS-CHAPv2 on the Router
-
Configuring TACACS+ Authentication
-
-
Configuring
Juniper Networks Vendor-Specific TACACS+ Attributes
-
Specifying a Source Address for RADIUS and TACACS+ Servers
-
Configuring the Same Authentication Service for Multiple TACACS+
Servers
-
-
Example: Configuring Multiple TACACS+ Servers
-
Configuring Template Accounts for RADIUS and TACACS+ Authentication
-
-
Using Remote Template Accounts
-
Using Local User Template Accounts
-
-
Example: Using the Local
User Template
-
Using Regular Expressions to Allow
or Deny Access to Commands
-
Configuring the Authentication Order
-
-
Using RADIUS or TACACS+ Authentication
-
Using Local Password Authentication
-
Order of Authentication Attempts
-
Example: Removing an Order Set from the Authentication Order
-
Example: Inserting an Order Set in the Authentication Order
-
Examples: Configuring System Authentication
-
Recovering the Root Password
-
Configuring Time
-
-
Setting the Time Zone
-
-
Examples: Setting the Time Zone
-
Configuring the Network Time Protocol
-
-
Configuring the NTP Boot Server
-
Specifying a Source Address for an NTP Server
-
Configuring the NTP Time Server and Time Services
-
-
Configuring
the Router to Operate in Client Mode
-
-
Example: Configuring Client Mode
-
Configuring the Router to Operate in Symmetric
Active Mode
-
Configuring the Router to Operate in Broadcast Mode
-
Configuring
the Router to Operate in Server Mode
-
-
Example: Configuring Server Mode
-
Configuring NTP Authentication Keys
-
Configuring the Router to Listen for Broadcast Messages
-
Configuring the Router to Listen for Multicast Messages
-
Setting a Custom Time Zone
-
-
Usage Guidelines for Setting a Custom Time Zone
-
-
How to Import and Install Time Zone Files
-
Configuring System Log Messages
-
-
System Logging Configuration Statements
-
Minimum and Default System Logging Configuration
-
-
Minimum System Logging Configuration
-
Default System Log Settings
-
Configuring System Logging for a Single-Chassis System
-
-
Specifying the Facility and Severity of Messages to Include
in the Log
-
Directing Messages to a Log File
-
-
Logging Messages
in Structured-Data Format
-
Directing Messages to a User Terminal
-
Directing Messages to the Console
-
Directing Messages to a Remote Machine or the Other Routing
Engine
-
-
Specifying
an Alternative Source Address for System Log Messages
-
Changing
the Alternative Facility Name for Remote Messages
-
-
Examples: Assigning an Alternative
Facility
-
Adding a Text String to System Log Messages
-
-
Example: Adding a String
-
Specifying Log File Size, Number, and Archiving Properties
-
Including Priority Information in System Log Messages
-
Including the Year or Millisecond in Timestamps
-
Using Regular Expressions to Refine the Set of Logged Messages
-
-
Example: Using Regular Expressions
-
Disabling Logging of a Facility
-
Examples: Configuring System Logging
-
Configuring System Logging for a Routing Matrix
-
-
Configuring Message Forwarding in the Routing Matrix
-
-
Messages Logged
When Local and Forwarded Severity Levels Are the Same
-
Messages
Logged When Local Severity Level Is Lower
-
Messages
Logged When Local Severity Level Is Higher
-
Configuring Optional Features for Forwarded Messages
-
-
Including Priority Information in Forwarded Messages
-
Adding a Text String to Forwarded
Messages
-
Using Regular Expressions to Refine the
Set of Forwarded Messages
-
Directing Messages to a Remote Destination from the Routing
Matrix
-
Configuring System Logging Differently on Each Platform
-
Configuring Miscellaneous System Management Features
-
-
Configuring Console and Auxiliary Port Properties
-
Disabling the Sending of Redirect Messages on the Router
-
Configuring the Source Address for Locally Generated TCP/IP
Packets
-
Configuring the Router or Interface to Act as a DHCP/BOOTP
Relay Agent
-
Disabling the Response to Multicast Ping Packets
-
Disabling the Reporting of IP Address and Timestamps in Ping
Responses
-
Configuring System Services
-
-
Configuring clear-text or SSL Service for JUNOScript Client
Applications
-
-
Configuring
clear-text Service for JUNOScript Client Applications
-
Configuring
SSL Service for JUNOScript Client Applications
-
Configuring a DHCP Server
-
-
DHCP Overview
-
-
Network Address
Assignments (Allocating a New Address)
-
Network Address Assignments (Reusing a Previously Assigned
Address)
-
Static and Dynamic
Bindings
-
Compatibility with Autoinstallation
-
Conflict Detection and
Resolution
-
DHCP Statement Hierarchy
and Inheritance
-
Configuring Address Pools
-
Configuring
Manual (Static) Bindings
-
Specifying DHCP Lease Times
-
Configuring a Boot File and Boot Server
-
Configuring a DHCP Server Identifier
-
Configuring a Domain Name and Domain Search List
-
Configuring
Routers Available to the Client
-
Creating User-Defined DHCP
-
Example:
Complete DHCP Server Configuration
-
Example:
Viewing DHCP Bindings
-
Example: Viewing DHCP
Address Pools
-
Example: Viewing and
Clearing DHCP Conflicts
-
Tracing
DHCP Processes
-
-
Configuring
the DHCP Processes Log Filename
-
Configuring the Number and Size of DHCP Processes Log Files
-
Configuring
Access to the Log File
-
Configuring a Regular Expression for Line to Be Logged
-
Configuring the Trace Operations
-
Configuring the Extended DHCP Local Server
-
-
Interaction Among the DHCP Client, Extended DHCP Local
Server, and Address-Assignment Pools
-
Using Address Assignment Pools
-
Configuring How the Extended DHCP Local
Server Determines Which Address-Assignment Pool to Use
-
-
Matching Client IP Address to Address-Assignment Pool
-
Matching Option 82 Information to Named
Address Ranges
-
Using Default Options
-
Using External
AAA Authentication Services
-
-
Grouping Interfaces with Common DHCP Configurations
-
Configuring Passwords for Usernames
-
Creating Unique Usernames
-
Example: Configuring a Unique
Username
-
Providing Client Configuration
Information
-
Tracing Extended
DHCP Local Server Operations
-
-
Configuring the Extended DHCP Local Server
Processes Log Filename
-
Configuring the Number and Size
of Extended DHCP Local Server Processes Log Files
-
Configuring Access to the Log File
-
Configuring a Regular Expression
for Line to Be Logged
-
Configuring Trace Option Flags
-
Example: Minimum Extended
DHCP Local Server Configuration
-
Example: Extended DHCP Local Server Configuration
with Optional Pool Matching
-
Verifying and Managing DHCP Local
Server Configuration
-
Configuring DTCP-over-SSH Service for the Flow-Tap Application
-
Configuring Finger Service
-
Configuring FTP Service
-
Configuring SSH Service
-
-
Configuring
the Root Login
-
Configuring
the SSH Protocol Version
-
Configuring Outbound SSH Service
-
-
Understanding the Client
-
Identifying the Device to the Client
-
Sending the Router’s Public SSH Key
-
Using the Standard SSH Sequence
-
Configuring Keepalive Messages
-
Configuring the reconnect-strategy Statement
-
Configuring the services Statement
-
Configuring Outbound SSH Clients
-
Configuring Telnet Service
-
Configuring Console Access to PICs
-
Configuring a System Login Message
-
Configuring a System Login Announcement
-
Configuring JUNOS Software Processes
-
-
Disabling JUNOS Software Processes
-
Configuring Failover to Backup Media if a Software Process
Fails
-
Configuring the Password on the Diagnostics Port
-
Viewing Core Files from JUNOS Processes
-
Saving Core Files from JUNOS Processes
-
Configuring
Logical System Administrators
-
Configuring a Router to Transfer Its Configuration to an Archive
Site
-
-
Configuring the Transfer Interval
-
Configuring Transfer on a Commit Operation
-
Configuring Archive Sites for Configuration Files
-
Specifying the Number of Configurations Stored on the CompactFlash
Card
-
Configuring RADIUS System Accounting
-
-
Specifying Events
-
Configuring RADIUS Accounting
-
Example: Configuring RADIUS Accounting
-
Configuring TACACS+ System Accounting
-
-
Specifying Events
-
Configuring TACACS+ Accounting
-
Configuring TACACS+ Accounting on a TX Matrix Platform
-
Enabling the SRC Software
-
Configuring the ICMP4 Rate Limit
-
Configuring the ICMPv6 Rate Limit
-
Configuring IP-IP Path MTU Discovery
-
Configuring
TCP MSS for Session Negotiation
-
Configuring IPv6 Path MTU Discovery
-
Configuring IPv6 Duplicate Address Detection Transmits
-
Configuring Acceptance of IPv6 Packets with Zero Hop-Limit
-
Configuring GRE Path MTU Discovery
-
Configuring Path MTU Discovery
-
Configuring Source Quench
-
Configuring the Router to Drop Packets with the SYN and FIN
Bits Set
-
Configuring No TCP RFC 1323 Extensions
-
Configuring No TCP RFC 1323 PAWS Extension
-
Configuring the Range of Port Addresses
-
Configuring ARP Learning and Aging
-
-
Configuring Passive ARP Learning for Backup VRRP Routers
-
Adjusting the ARP Aging Timer
-
Configuring System Alarms to Appear Automatically
-
Security Configuration Example
-
-
Configuring System Information
-
-
Configuring RADIUS
-
Creating Login Classes
-
Defining User Login Accounts
-
Defining RADIUS Template Accounts
-
Enabling Connection Services
-
Configuring System Logging
-
Configuring the Time Source
-
Configuring Interfaces
-
Configuring SNMP
-
Configuring Protocol-Independent Routing Properties
-
-
Reserved IRI IP Addresses
-
-
Sample Output
-
Configuring Routing Protocols
-
-
Configuring BGP
-
Configuring IS-IS
-
Configuring Firewalls
-
Example: Consolidated Security Configuration
-
Summary of System Management Configuration Statements
-
-
accounting
-
accounting-port
-
allow-commands
-
allow-configuration
-
allow-transients
-
announcement
-
archival
-
archive
-
-
archive (All System Log Files)
-
archive (Individual System Log File)
-
archive-sites
-
-
archive-sites (Configuration)
-
archive-sites (System Log)
-
arp
-
authentication
-
-
authentication (Login)
-
authentication (Subscriber Access Management)
-
authentication-key
-
authentication-order
-
autoinstallation
-
auxiliary
-
backup-router
-
boot-file
-
boot-server
-
-
boot-server (DHCP)
-
boot-server (NTP)
-
broadcast
-
broadcast-client
-
bucket-size
-
change-type
-
circuit-type
-
class
-
-
class (Assign a Class to an Individual User)
-
class (Define Login Classes)
-
client-identifier
-
commit
-
commit synchronize
-
compress-configuration-files
-
configuration
-
configuration-servers
-
connection-limit
-
console
-
-
console (Physical Port)
-
console (System Logging)
-
default-address-selection
-
default-lease-time
-
delimiter
-
deny-commands
-
deny-configuration
-
destination
-
destination-override
-
dhcp
-
dhcp-local-server
-
diag-port-authentication
-
domain-name
-
-
domain-name (DHCP)
-
domain-name (Subscriber Access Management)
-
domain-name (Router)
-
domain-search
-
dump-device
-
events
-
explicit-priority
-
facility-override
-
file
-
-
file (Commit Scripts)
-
file (System Logging)
-
files
-
finger
-
flow-tap-dtcp
-
format
-
ftp
-
full-name
-
gre-path-mtu-discovery
-
group
-
host
-
host-name
-
http
-
https
-
icmpv4-rate-limit
-
icmpv6-rate-limit
-
idle-timeout
-
inet6-backup-router
-
interface
-
-
interface (ARP Aging Timer)
-
interface (DHCP Local Server)
-
interfaces
-
internet-options
-
ip-address-first
-
ipip-path-mtu-discovery
-
ipv6-duplicate-addr-detection-transmits
-
ipv6-path-mtu-discovery
-
ipv6-path-mtu-discovery-timeout
-
ipv6-reject-zero-hop-limit
-
limits
-
load-key-file
-
local-certificate
-
location
-
log-prefix
-
logical-system-name
-
login
-
login-alarms
-
login-tip
-
mac-address
-
match
-
max-configurations-on-flash
-
maximum-lease-time
-
maximum-length
-
message
-
minimum-changes
-
minimum-length
-
mirror-flash-on-disk
-
multicast-client
-
name-server
-
no-compress-configuration-files
-
no-gre-path-mtu-discovery
-
no-ipip-path-mtu-discovery
-
no-ipv6-reject-zero-hop-limit
-
no-multicast-echo
-
no-path-mtu-discovery
-
no-ping-record-route
-
no-ping-time-stamp
-
no-redirects
-
no-remote-trace
-
no-saved-core-context
-
no-source-quench
-
no-tcp-rfc1323
-
no-tcp-rfc1323-paws
-
no-world-readable
-
ntp
-
option-60
-
option-82
-
-
option-82 (Extended DHCP Local Server)
-
option-82 (Subscriber Access Management)
-
optional
-
outbound-ssh
-
packet-rate
-
password
-
-
password (Login)
-
password (Subscriber Access Management)
-
path-mtu-discovery
-
peer
-
permissions
-
pic-console-authentication
-
pool
-
pool-match-order
-
port
-
-
port (HTTP/HTTPS)
-
port (RADIUS Server)
-
port (SRC Server)
-
port (TACACS+ Server)
-
ports
-
processes
-
protocol-version
-
radius
-
radius-options
-
radius-server
-
rate-limit
-
refresh
-
refresh-from
-
retry
-
retry-options
-
root-authentication
-
root-login
-
router
-
routing-instance-name
-
saved-core-context
-
saved-core-files
-
scripts
-
secret
-
server
-
-
server (NTP)
-
server (RADIUS Accounting)
-
server (TACACS+ Accounting)
-
server-identifier
-
servers
-
service-deployment
-
services
-
session
-
single-connection
-
size
-
source
-
source-address
-
-
source-address (NTP, RADIUS, System Logging, or TACACS+)
-
source-address (SRC Software)
-
source-port
-
source-quench
-
ssh
-
start-time
-
static-binding
-
static-host-mapping
-
structured-data
-
syslog
-
system
-
tacplus
-
tacplus-options
-
tacplus-server
-
tcp-drop-synfin-set
-
tcp-mss
-
telnet
-
time-format
-
timeout
-
time-zone
-
traceoptions
-
-
traceoptions (Address-Assignment Pool)
-
traceoptions (Commit Scripts)
-
traceoptions (DHCP Server on J-series Services Routers)
-
traceoptions (Extended DHCP Local Server)
-
tracing
-
transfer-interval
-
-
transfer-interval (Configuration)
-
transfer-interval (System Log)
-
transfer-on-commit
-
trusted-key
-
uid
-
user
-
-
user (Access)
-
user (System Logging)
-
username-include
-
user-prefix
-
web-management
-
wins-server
-
world-readable
-
xnm-clear-text
-
xnm-ssl
-
Access
-
-
Configuring Access
-
-
Configuring the Point-to-Point Protocol
-
-
Example: PPP Challenge Handshake Authentication Protocol
-
Example: CHAP Authentication with RADIUS
-
Configuring the Authentication Order
-
Tracing Access Processes
-
-
Configuring the Access Processes Log Filename
-
Configuring the Number and Size of Access Processes Log Files
-
Configuring Access to the Log File
-
Configuring a Regular Expression for Lines to Be Logged
-
Configuring the Trace Operations
-
Configuring the Layer 2 Tunneling Protocol
-
-
Minimum L2TP Configuration
-
Configuring the Address Pool
-
Configuring the Group Profile
-
-
Configuring
L2TP for a Group Profile
-
Configuring
the PPP Attributes for a Group Profile
-
Example:
Group Profile Configuration
-
Configuring the Profile
-
-
Configuring
the Authentication Order
-
Configuring
the Accounting Order
-
Configuring
the Client
-
-
Example: Defining
the Default Tunnel Client
-
Example:
Defining the User Group Profile
-
Configuring
the CHAP Secret
-
Example:
Configuring PPP CHAP
-
Referencing the Group Profile
-
Configuring
L2TP Properties for a Profile
-
Example: PPP MP for L2TP
-
Example: L2TP Multilink PPP Support on Shared Interfaces
-
Configuring the Password Authentication Protocol Password for
an L2TP Profile
-
Example:
Configuring PAP for an L2TP Profile
-
Configuring the PPP Properties for a Profile
-
Applying
a Configured PPP Group Profile to a Tunnel
-
Example:
Applying a User Group Profile on the M7i or M10i Router
-
Example: Configuring the Profile
-
Example: Configuring L2TP
-
Configuring RADIUS Authentication for L2TP
-
-
Configuring
RADIUS Attributes for L2TP
-
Example:
RADIUS Authentication for L2TP
-
Configuring the RADIUS Disconnect Server for L2TP
-
-
Example: Configuring the RADIUS Disconnect
Server
-
Configuring RADIUS Authentication for an L2TP Profile
-
-
Example: RADIUS Authentication
for an L2TP Profile
-
Configuring an Internet Key Exchange (IKE) Access Profile
-
Managing Subscriber Access
-
-
AAA Service Framework Overview
-
Using RADIUS Authentication and Accounting for Subscriber Access
Management
-
-
Configuring How the Router Interacts with RADIUS Servers
-
Configuring Authentication and Accounting Parameters
-
-
Specifying the Authentication and Accounting Methods
-
Configuring How Accounting Statistics
Are Collected
-
Configuring RADIUS Parameters
-
-
Specifying the RADIUS Authentication and Accounting
Servers to Use for Subscriber Access Management
-
Configuring Options for RADIUS
Servers
-
Configuring How RADIUS Attributes Are Used
-
Example: Configuring RADIUS-Based Subscriber Authentication
and Accounting
-
RADIUS Attributes and Juniper Networks VSAs Supported by the
AAA Service Framework
-
-
RADIUS IETF Attributes Supported by the AAA Service
Framework
-
Juniper Networks VSAs Supported by the AAA
Service Framework
-
Attaching Access Profiles
-
Verifying and Managing Subscriber Access Information
-
Configuring Address-Assignment Pools
-
-
License Requirements
-
Configuring the Pool Name and Network Address
-
Configuring a Named Address Range for Dynamic Address Assignment
-
Configuring Static Address Assignment
-
Configuring DHCP Client-Specific Attributes
-
Example: Configuring an Address-Assignment Pool
-
Tracing Address-Assignment Pool Processes
-
-
Configuring the Address-Assignment Pool Trace Log Filename
-
Configuring the Number and Size of Address-Assignment Pool
Processes Log Files
-
Configuring Access to the Log File
-
Configuring a Regular Expression for Lines to Be Logged
-
Configuring the Trace
-
Summary of Access Configuration Statements
-
-
accounting
-
accounting-order
-
accounting-port
-
accounting-server
-
accounting-session-id-format
-
accounting-stop-on-access-deny
-
accounting-stop-on-failure
-
address
-
address-assignment
-
address-pool
-
address-range
-
allowed-proxy-pair
-
attributes
-
authentication-order
-
authentication-server
-
boot-file
-
boot-server
-
cell-overhead
-
chap-secret
-
circuit-id
-
client
-
dhcp-attributes
-
domain-name
-
drop-timeout
-
encapsulation-overhead
-
ethernet-port-type-virtual
-
exclude
-
fragmentation-threshold
-
framed-ip-address
-
framed-pool
-
grace-period
-
group-profile
-
-
group-profile (Group Profile)
-
group-profile (Profile)
-
hardware-address
-
host
-
idle-timeout
-
ignore
-
ike
-
ike-policy
-
immediate-update
-
initiate-dead-peer-detection
-
interface-description-format
-
interface-id
-
ip-address
-
keepalive
-
l2tp
-
-
l2tp (Group Profile)
-
l2tp (Profile)
-
lcp-renegotiation
-
local-chap
-
maximum-lease-time
-
maximum-sessions-per-tunnel
-
multilink
-
name-server
-
nas-identifier
-
nas-port-extended-format
-
netbios-node-type
-
network
-
option
-
options
-
option-82
-
option-match
-
order
-
override-nas-information
-
pap-password
-
pool
-
port
-
ppp
-
-
ppp (Group Profile)
-
ppp (Profile)
-
ppp-authentication
-
ppp-profile
-
pre-shared-key
-
primary-dns
-
primary-wins
-
profile
-
radius
-
radius-disconnect
-
radius-disconnect-port
-
radius-server
-
range
-
remote-id
-
retry
-
revert-interval
-
router
-
routing-instance
-
secondary-dns
-
secondary-wins
-
secret
-
shared-secret
-
source-address
-
statistics
-
tftp-server
-
timeout
-
traceoptions
-
update-interval
-
user-group-profile
-
vlan-nas-port-stacked-format
-
wins-server
-
Security Services
-
-
Security Services Overview
-
-
IPSec Overview
-
Security Associations
-
IKE
-
IPSec Requirements for JUNOS-FIPS
-
Security Services Configuration Guidelines
-
-
Configuring IPSec (ES PIC)
-
-
Minimum Manual SA Configuration
-
Minimum IKE Configuration
-
Minimum Digital Certificates Configuration for IKE (ES PIC)
-
Configuring Security Associations
-
-
Configuring
the Description for an SA
-
Configuring IPSec Mode
-
-
Configuring
Transport Mode
-
Configuring
Tunnel Mode
-
Configuring Manual Security Associations
-
-
Configuring
the Processing Direction
-
-
Example: Configuring
Inbound and Outbound Processing
-
Example: Configuring Bidirectional Processing
-
Configuring the Protocol for a Manual SA
-
Configuring the Security Parameter Index
-
Configuring the Auxiliary Security Parameter Index
-
Configuring the Authentication Algorithm and Key
-
Configuring the Encryption Algorithm and Key
-
Configuring Dynamic Security Associations
-
Configuring an IKE Proposal (Dynamic SAs Only)
-
-
Configuring
the Authentication Algorithm for an IKE Proposal
-
Configuring the Authentication Method for an IKE Proposal
-
Configuring the Description for an IKE Proposal
-
Configuring the Diffie-Hellman Group for an IKE Proposal
-
Configuring
the Encryption Algorithm for an IKE Proposal
-
Configuring the Lifetime for an IKE SA
-
Example: Configuring an IKE Proposal
-
Configuring an IKE Policy for Preshared Keys
-
-
Configuring
the Description for an IKE Policy
-
Configuring the Mode for an IKE Policy
-
Configuring the Preshared Key for an IKE Policy
-
Associating Proposals with an IKE Policy
-
Example:
Configuring an IKE Policy
-
Configuring an IPSec Proposal (ES PIC)
-
-
Configuring
the Authentication Algorithm for an IPSec Proposal
-
Configuring the Description for an IPSec Proposal
-
Configuring the Encryption Algorithm for an IPSec Proposal
-
Configuring the Lifetime for an IPSec SA
-
Configuring
the Protocol for a Dynamic IPSec SA
-
Configuring the IPSec Policy (ES PIC)
-
-
Configuring
Perfect Forward Secrecy
-
Example:
IPSec Policy Configuration
-
Using Digital Certificates (ES PIC)
-
-
Digital Certificates Overview
-
Obtaining a Certificate from a Certificate Authority (ES PIC)
-
-
Requesting
a CA Digital Certificate
-
-
Example:
Requesting a CA Digital Certificate
-
Generating a Private and Public Key
-
-
Example: Generating a Key Pair
-
Configuring Digital Certificates (ES PIC)
-
-
Configuring
the Certificate Authority Properties
-
-
Specifying
the Certificate Authority Name
-
Configuring
the Certificate Revocation List
-
Configuring the Type of Encoding Your CA Supports
-
Specifying an Enrollment URL
-
Specifying
a File to Read the Digital Certificate
-
Specifying an LDAP URL
-
Configuring the Cache Size
-
Configuring
the Negative Cache
-
Configuring
the Number of Enrollment Retries
-
Configuring
the Maximum Number of Peer Certificates
-
Configuring
the Path Length for the Certificate Hierarchy
-
Configuring an IKE Policy for Digital Certificates (ES PIC)
-
-
Configuring
the Type of Encoding Your CA Supports
-
Configuring the Identity to Define the Remote Certificate Name
-
Specifying
the Certificate Filename
-
Specifying
the Private and Public Key File
-
Obtaining a Signed Certificate from the CA (ES PIC)
-
-
Example: Obtaining
a Signed Certificate
-
Configuring the ES PIC
-
-
Example: Configuring the ES PIC
-
Configuring Traffic
-
-
Example: Configuring an Outbound Traffic Filter
-
Example: Applying an Outbound Traffic Filter
-
Example: Configuring an Inbound Traffic Filter for Policy Check
-
Example: Applying an Inbound Traffic Filter to ES PIC for Policy
Check
-
Configuring an ES Tunnel Interface for a Layer 3 VPN
-
Configuring Digital Certificates for Adaptive Services Interfaces
-
-
Configuring the Certificate Authority Properties
-
-
Specifying
the CA Profile Name
-
Specifying an Enrollment URL
-
Specifying
the Enrollment Properties
-
Configuring the Certificate Revocation List
-
-
Specifying
an LDAP URL
-
Configuring
the Interval Between CRL Updates
-
Overriding
Certificate Verification if CRL Download Fails
-
Managing Digital Certificates
-
-
Requesting
a CA Digital Certificate
-
-
Example: Requesting
a CA Digital Certificate
-
Generating a Public/Private Key Pair
-
-
Example: Generating
a Key Pair
-
Generating and Enrolling a Local Digital Certificate
-
-
Example: Generating a Local Certificate
Manually
-
Configuring the Auto-Reenrollment Properties
-
-
Specify the Certificate ID
-
Specify the CA Profile
-
Specify the Challenge Password
-
Specify the Reenroll Trigger Time
-
Specify the Regenerate Key Pair
-
Specify the Validity Period
-
Configuring Trace
-
Authentication Key Update Mechanism
-
-
Configuring Authentication Key Updates
-
Configuring BGP and LDP for Authentication Key Updates
-
Configuring SSH Host Keys for Secure Copy
-
-
Configuring SSH Known Hosts
-
Configuring Support for SCP File Transfer
-
Updating SSH Host Key Information
-
-
Retrieving Host Key Information Manually
-
Importing Host Key Information
from a File
-
Importing SSL Certificates for JUNOScript Support
-
Configuring Internal IPSec for JUNOS-FIPS
-
-
Configuring the SA Direction
-
Configuring the IPSec SPI
-
Configuring the IPSec Key
-
Example: Configuring Internal IPSec
-
Summary of Security Services Configuration Statements
-
-
algorithm
-
authentication
-
authentication-algorithm
-
-
authentication-algorithm (IKE)
-
authentication-algorithm (IPSec)
-
authentication-key-chains
-
authentication-method
-
auto-re-enrollment
-
auxiliary-spi
-
ca-identity
-
ca-name
-
ca-profile
-
cache-size
-
cache-timeout-negative
-
certificate-id
-
certificates
-
certification-authority
-
challenge-password
-
crl
-
-
crl (Encryption Interface on M-series and T-series Routing
Platforms Only)
-
crl (Adaptive Services Interfaces Only)
-
description
-
dh-group
-
direction
-
-
direction (JUNOS Software)
-
direction (JUNOS-FIPS Software)
-
dynamic
-
encoding
-
encryption
-
-
encryption (JUNOS Software)
-
encryption (JUNOS-FIPS Software)
-
encryption-algorithm
-
enrollment
-
enrollment-retry
-
enrollment-url
-
file
-
identity
-
ike
-
internal
-
ipsec
-
key
-
ldap-url
-
lifetime-seconds
-
local
-
local-certificate
-
local-key-pair
-
manual
-
-
manual (JUNOS Software)
-
manual (JUNOS-FIPS Software)
-
maximum-certificates
-
mode
-
-
mode (IKE)
-
mode (IPSec)
-
path-length
-
perfect-forward-secrecy
-
pki
-
policy
-
-
policy (IKE)
-
policy (IPSec)
-
pre-shared-key
-
proposal
-
-
proposal (IKE)
-
proposal (IPSec)
-
proposals
-
protocol
-
-
protocol (JUNOS Software)
-
protocol (JUNOS-FIPS Software)
-
re-enroll-trigger-time
-
re-generate-keypair
-
refresh-interval
-
retry
-
retry-interval
-
revocation-check
-
security-association
-
-
security-association (JUNOS Software)
-
security-association (JUNOS-FIPS Software)
-
spi
-
-
spi (JUNOS Software)
-
spi (JUNOS-FIPS Software)
-
ssh-known-hosts
-
traceoptions
-
url
-
validity-period
-
JUNOS Software Development Kit
-
-
SDK Applications Overview
-
SDK Applications Configuration Guidelines
-
-
Enabling the SDK Service Process and SDK Application Deployment
-
-
Example: extensions Statement
-
Configuring the MultiServices PIC
-
-
Example: extension-provider Statement
-
Configuring SDK Service Sets
-
-
Service Order
-
-
Example:
Service Set Configuration
-
Example: Service Order Configuration
-
Interface and Next-Hop Service Sets
-
-
Example: Interface Service Set
-
Example: Next-Hop Service Set
-
Limitations and Constraints for SDK Services Sets
-
Configuring Traffic Sampling for SDK Applications
-
-
Enabling Sampling on a MultiServices PIC
-
Example: Traffic Sampling on a MultiServices PIC
-
Limitations and Constraints
-
Tracing Process Monitoring Operations
-
Tracing System Resource Cleanup Operations
-
Using Configuration Mode Commands with SDK Applications
-
-
Displaying Additional Information About Installed SDK Application
Packages
-
-
Example: show jnx-example | display detail Command
-
Displaying and Deleting the Configuration for SDK Applications
-
-
Using the extension show Command to Match Package Names
-
Using the extension show Command to Display a Specific Package’s
Configuration
-
Using the extension delete Command
-
Summary of SDK Configuration Mode Commands
-
-
extension package-name (show | delete)
-
show | display detail
-
Summary of SDK Configuration Statements
-
-
extension-provider
-
extension-service
-
extensions
-
process-monitor
-
resource-cleanup
-
service-order
-
syslog
-
traceoptions
-
-
traceoptions (Process Monitor)
-
traceoptions (Resource Cleanup)
-
Summary of SDK Operational Commands
-
-
show chassis pic
-
show extension-provider system connections
-
show extension-provider system packages
-
show extension-provider system processes
-
show extension-provider system uptime
-
show extension-provider system virtual-memory
-
show system processes
-
show system processes health
-
show system processes providers
-
show system resource-cleanup processes
-
show version
-
Router Chassis
-
-
Router Chassis Configuration Guidelines
-
-
Minimum Chassis Configuration
-
Configuring a Flexible PIC Concentrator to Stay Offline
-
Configuring an SFM to Stay Offline
-
Configuring Aggregated Devices
-
-
Configuring Virtual Links for Aggregated Devices
-
Configuring LACP Link Protection at the Chassis Level
-
Enabling LACP Link Protection
-
Configuring System Priority
-
Configuring ATM Cell-Relay Accumulation Mode on an ATM1 PIC
-
Configuring Port Mirroring Instances
on MX-series Routers
-
-
Configuring Port Mirroring Instances at the DPC Level on MX-series
Routers
-
Configuring Port Mirroring Instances at the PIC Level on MX-series
Routers
-
Precedence of Port-Mirroring Instances at Different Levels
of the Chassis
-
Configuring 12-Port T1/E1 Circuit Emulation
PICs
-
Configuring Conditions That Trigger Alarms
-
-
Chassis Conditions That Trigger Alarms
-
-
Backup Routing Engine Alarms
-
Silencing External Devices
-
Disabling Physical Operation of the Craft Interface
-
Configuring Service Packages on Adaptive Services Interfaces
-
Configuring Next-Generation SONET Phase I PICs
-
Configuring SONET/SDH Framing
-
Configuring an External Synchronization Interface
-
Configuring Sparse DLCI Mode
-
Configuring Channelized PIC Operation
-
-
Concatenated and Nonconcatenated Mode
-
Configuring Channelized DS3-to-DS0 Naming
-
Configuring Eight Queues on IQ Interfaces
-
Configuring Channelized E1 Naming
-
Configuring Channelized STM1 Interface Virtual Tributary Mapping
-
Configuring ATM2 Intelligent Queuing Layer 2 Circuit Transport
Mode
-
Enabling ILMI for Cell Relay
-
Configuring Tunnel Interfaces on MX-Series Ethernet Services
Routers
-
-
Example: Configuring Tunnel Interfaces on a Gigabit Ethernet
40-Port DPC
-
Example: Configuring Tunnel Interfaces on a 10-Gigabit Ethernet
4-Port DPC
-
Configuring Packet Scheduling
-
Configuring the Link Services PICs
-
-
Multiclass Extension to MLPPP (RFC 2686)
-
Configuring the Idle Cell Format
-
Configuring an MTU Path Check for a Routing Instance
-
-
Enabling MTU Check for a Routing Instance
-
Assigning an IP Address to an Interface in the Routing Instance
-
Configuring Redundancy
-
Configuring FPC to FEB Connectivity on M120 Routers
-
-
Example: Configuring FPC to FEB Connectivity on the M120 Router
-
Configuring a Routing Engine to Reboot or Halt on Hard Disk
Errors
-
Configuring the CONFIG Button
-
Configuring Larger Delay Buffers
-
Configuring an Entry-Level M320 Router
-
Configuring the uPIM Mode on J-series Routers
-
-
Setting J-Series PIMs Offline
-
Disabling Power Management on the J-series Chassis
-
Configuring the IP and Ethernet Services Mode in MX-series
Routers
-
Restrictions on JUNOS Features for MX-series Routers
-
Configuring J-series Services Router Switching Interfaces
-
-
Example: Configuring J-series Services Router Switching Interfaces
-
TX Matrix Platform and T640 Routing Node Configuration Guidelines
-
-
Routing Matrix Overview
-
Running Different JUNOS Software Releases
-
Software Upgrades and Reinstallation
-
Rebooting Process
-
Committing Configurations
-
Configuring a T640 Routing Node Within a Routing Matrix
-
Chassis and Interface Names
-
Upgrading Switch Interface Boards
-
-
Downgrading Switch Interface Boards
-
Configuring the Online Expected Alarm
-
Creating Configuration Groups
-
Configuring System Log Messages
-
Summary of Router Chassis Configuration Statements
-
-
adaptive-services
-
aggregate-ports
-
aggregated-devices
-
alarm
-
atm-cell-relay-accumulation
-
atm-l2circuit-mode
-
bandwidth
-
ce1
-
channel-group
-
chassis
-
config-button
-
craft-lockout
-
ct3
-
device-count
-
disk-failure-action
-
e1
-
ethernet
-
fabric upgrade-mode
-
fpc
-
-
fpc (M320, T320, T640 Routing Platforms)
-
fpc (MX-Series Ethernet Services Routers)
-
fpc (TX Matrix Platform)
-
fpc-feb-connectivity
-
framing
-
idle-cell-format
-
lacp
-
lcc
-
link-protection
-
max-queues-per-interface
-
mlfr-uni-nni-bundles
-
network-services
-
no-concatenate
-
non-revertive
-
offline
-
on-disk-failure
-
online-expected
-
packet-scheduling
-
pem
-
pic
-
-
pic (M-series and T-series Routing Platforms)
-
pic (TX Matrix Platform)
-
port
-
power
-
q-pic-large-buffer
-
red-buffer-occupancy
-
routing-engine
-
sfm
-
service-package
-
sib
-
sonet
-
sparse-dlcis
-
synchronization
-
system-priority
-
t1
-
timeslots
-
traffic-manager
-
tunnel-services
-
vrf-mtu-check
-
vtmapping
-
Index
-
-
Index
-
Index of Statements and Commands
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
