[Contents] [Prev] [Next] [Index] [Report an Error]

[edit services] Hierarchy Level

services {
adaptive-services-pics {
traceoptions {
file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
border-signaling-gateway {
gateway gateway-name {
embedded-spdf {
service-class service-class-name {
term term-name {
from {
media-type (any | audio | video);
}
then {
committed-burst-size bytes;
committed-information-rate bytes-per-second;
dscp (alias | do-not-change | dscp-value);
reject;
}
}
}
}
service-interface name;
service-point service-point-name {
service-point-type service-point-type;
port-number {
ip-address ip-address;
transport-protocol (tcp | udp);
}
service-interface name.number;
service-policies {
new-call-usage-policies [ policy-and-policy-set-names ];
new-transaction-policies [ policy-and-policy-set-names ];
}
}
sip {
new-call-usage-policy policy-name {
term term-name {
from {
contact [ contact-fields ];
method {
method-invite;
}
request-uri [ uri-fields ];
source-address [ ip-addresses ];
}
then {
(accept | reject);
media-policy service-class-name;
trace;
}
}
}
new-call-usage-policy-set policy-set-name {
policy-name [ policy-names ];
}
new-transaction-policy policy-name {
term term-name {
from {
contact [ contact-fields ];
method {
method-invite;
method-message;
method-options;
method-publish;
method-refer;
method-register;
method-subscribe;
}
request-uri [ uri-fields ];
source-address [ ip-addresses ];
}
then {
(accept | reject);
route {
egress-service-point service-point-name;
next-hop (request-uri | address ipv4-address <port port-number> <transport-protocol (tcp | udp)>);
}
trace;
}
}
}
new-transaction-policy-set policy-set-name {
policy-name [ policy-names ];
}
timers {
maximum-call-duration seconds;
timer-c seconds;
}
}
traceoptions {
file {
filename filename;
files number-of-files;
match regular-expression;
size maximum-trace-file-size;
}
flag {
datastore {
data flag-modifier;
db flag-modifier;
handle flag-modifier;
minimum flag-modifier;
}
framework {
action flag-modifier;
event flag-modifier;
executor flag-modifier;
freezer flag-modifier;
minimum flag-modifier;
memory-pool flag-modifier;
}
minimum flag-modifier;
sbc-utils {
common flag-modifier;
configuration flag-modifier;
device-monitor flag-modifier;
ipc flag-modifier;
memory-management flag-modifier;
message flag-modifier;
minimum flag-modifier;
user-interface flag-modifier;
}
session-trace flag-modifier;
signaling {
b2b flag-modifier;
b2b-wrapper flag-modifier;
minimum flag-modifier;
policy flag-modifier;
sip-stack-wrapper flag-modifier;
topology-hiding flag-modifier;
ua flag-modifier;
}
sip-stack {
dev-logging;
event-tracing;
ips-tracing;
pd-log-detail (full | summary);
pd-log-level (audit | exception | problem);
per-tracing;
verbose-logging;
}
}
}
}
}
cos {
application-profile profile-name {
sip-text {
dscp (alias | bits);
forwarding-class class-name;
}
sip-video {
dscp (alias | bits);
forwarding-class class-name;
}
sip-voice {
dscp (alias | bits);
forwarding-class class-name;
}
}
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address address <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
application-profile profile-name;
dscp (alias | bits);
forwarding-class class-name;
syslog;
(reflexive | reverse) {
application-profile profile-name;
dscp (alias | bits);
forwarding-class class-name;
syslog;
}
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
dynamic-flow-capture {
capture-group client-name {
content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
control-source identifier {
allowed-destinations [ destinations ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ addresses ];
}
duplicates-dropped-periodicity seconds;
max-duplicates number;
input-packet-rate-threshold rate;
interfaces interface-name;
pic-memory-threshold percentage percentage;
}
g-duplicates-dropped-periodicity seconds;
g-max-duplicates number;
}
flow-collector {
analyzer-address address;
analyzer-id name;
destinations {
ftp:url {
password "password";
}
}
file-specification {
variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
}
interface-map {
collector interface-name;
file-specification variant-number;
interface-name {
file-specification variant-number;
collector interface-name;
}
}
retry number;
retry-delay seconds;
transfer-log-archive {
archive-sites {
ftp:url {
password “password”;
username username;
}
}
filename-prefix prefix;
maximum-age minutes;
}
}
flow-monitoring {
version9 {
template template-name {
flow-active-timeout seconds;
flow-inactive-timeout seconds;
ipv4-template;
mpls-template {
label-position [ positions ];
}
mpls-ipv4-template {
label-position [ positions ];
}
option-refresh-rate packets;
template-refresh-rate packets;
}
}
}
flow-tap {
interface interface-name;
}
ids {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address address <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
aggregation {
destination-prefix prefix-value;
destination-prefix-ipv6 prefix-value;
source-prefix prefix-value;
source-prefix-ipv6 prefix-value;
}
}
(force-entry | ignore entry);
logging {
syslog;
threshold rate;
}
session-limit {
by-destination {
hold-time seconds;
maximum number;
packets number;
rate number;
}
by-pair {
maximum number;
packets number;
rate number;
}
by-source {
hold-time seconds;
maximum number;
packets number;
rate number;
}
}
syn-cookie {
mss value;
threshold rate;
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
ipsec-vpn {
clear-ike-sas-on-pic-restart;
clear-ipsec-sas-on-pic-restart;
establish-tunnels (immediately | on-traffic);
ike {
policy policy-name {
description description;
local-certificate certificate-identifier;
local-id (fqdn domain-name | ipv4_addr ipv4-address | ipv6-addr ipv6-address | key-id identifier);
mode (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposals [ proposal-names ];
remote-id {
(any-remote-id | one or more of the following four statements);
fqdn [ domain-names ];
ipv4_addr [ ipv4-addresses ];
ipv6-addr [ ipv6-addresses ];
key-id [ identifiers ];
}
}
proposal proposal-name {
authentication-algorithm (md5 | sha1 | sha256);
authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);
description description;
dh-group (group1 | group2);
encryption-algorithm algorithm;
lifetime-seconds seconds;
}
}
ipsec {
proposal proposal-name {
authentication-algorithm (hmac-md5-96 | hmac-sha1-96);
description description;
encryption-algorithm algorithm;
lifetime-seconds seconds;
protocol (ah | esp | bundle);
}
policy policy-name {
description description;
perfect-forward-secrecy {
keys (group1 | group2);
}
proposals [ proposal-names ];
}
}
rule rule-name {
match-direction (input | output);
term term-name {
from {
destination-address address;
ipsec-inside-interface interface-name;
source-address address;
}
then {
backup-remote-gateway address;
clear-don't-fragment-bit;
dynamic {
ike-policy policy-name;
ipsec-policy policy-name;
}
initiate-dead-peer-detection;
no-anti-replay;
remote-gateway address;
syslog;
tunnel-mtu bytes;
manual {
direction (inbound | outbound | bidirectional) {
authentication {
algorithm (hmac-md5-96 | hmac-sha1-96);
key (ascii-text key | hexadecimal key);
}
}
auxiliary-spi spi-value;
encryption {
algorithm algorithm;
key (ascii-text key | hexadecimal key);
}
protocol (ah | bundle | esp);
spi spi-value;
}
}
}
}
}
rule-set rule-set-name {
rule rule-name;
}
traceoptions {
file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
l2tp {
tunnel-group group-name {
hello-interval seconds;
hide-avps;
l2tp-access-profile profile-name;
local-gateway address address;
maximum-send-window packets;
ppp-access-profile profile-name;
receive-window packets;
retransmit-interval seconds;
service-interface interface-name;
syslog {
host hostname {
facility-override facility-name;
log-prefix prefix-number;
services severity-level;
}
}
tunnel-timeout seconds;
}
traceoptions {
debug-level level;
filter {
protocol name;
user-name username;
}
flag flag;
interfaces interface-name {
debug-level severity;
flag flag;
}
}
}
logging {
traceoptions {
file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
}
mobile-ip {
authenticate {
order (aaa | local);
}
dynamic-home-assignment {
home-agent {
nai (name@domain.com | @domain.com) {
home-agent ip-address;
}
}
}
home-agent {
enable-service interface-name;
}
virtual-network {
home-agent-address ip-address {
registration-lifetime seconds;
revocation-required;
timestamp-tolerance seconds;
}
}
}
peer {
(ip-address address | nai user@domain) {
spi hexadecimal-value {
algorithm (hmac-md5 | md5);
entity-type (host | mobility-agent);
key (hex | ascii) string;
replay-method (none | timestamp seconds);
}
}
}
traceoptions {
file <filename> <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
}
nat {
pool nat-pool-name {
address ip-prefix</prefix-length>;
address-range low minimum-value high maximum-value;
pgcp {
hint [ hint-strings ];
ports-per-session ports;
remotely-controlled;
transport [ rtp-avp tcp udp ];
}
port (automatic <auto> | range low minimum-value high maximum-value) <random-allocation>;
}
rule rule-name {
match-direction (input | output);
term term-name {
nat-type (full-cone | symmetric)
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
no-translation;
translated {
destination-pool nat-pool-name;
destination-prefix destination-prefix;
overload-pool overload-pool-name;
overload-prefix overload-prefix;
source-pool nat-pool-name;
source-prefix source-prefix;
translation-type (destination type | source type);
}
syslog;
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
pgcp {
gateway gateway-name {
... gateway-configuration ...
}
media-service media-service-name {
nat-pool nat-pool-name;
}
rule rule-name {
gateway gateway-name;
media-service [ service-names ];
}
rule-set rule-set-name {
rule rule-name;
}
session-mirroring {
delivery-function function-name {
destination-address destination-address;
destination-port destination-port;
network-operator-id network-operator-id;
source-address source-address;
source-port source-port;
}
disable-session-mirroring;
}
traceoptions {
file <filename> <files number> <match regular-expression> <microsecond-stamp> <size maximum-file-size> <world-readable | no-world-readable>;
flag flag;
no-remote-trace;
}
virtual-interface interface-number {
interface interface-identifier;
media-service [ service-names ];
routing-instance instance-name {
service-interface name.number;
}
service-state (in-service | out-of-service-forced | out-of-service-graceful);
}
gateway gateway-name {
cleanup-timeout seconds;
data-inactivity-detection {
inactivity-delay;
inactivity-duration seconds;
latch-deadlock-delay seconds;
report-service-change {
service-change-type (forced-906) | forced-910);
}
send-notification-on-delay;
stop-detection-on-drop;
}
fast-update-filters {
maximum-terms number-of-terms;
maximum-fuf-percentage percentage;
}
gateway-address gateway-address;
gateway-controller gateway-controller-name {
(local-controller | remote-controller);
controller-address ip-address;
controller-port port-number;
interim-ah-scheme {
algorithm algorithm;
}
}
gateway-port gateway-port;
graceful-restart {
maximum-synchronization-mismatches number-of-mismatches;
maximum-synchronization-time seconds;
}
h248-options {
... h248-options-configuration ...
}
h248-properties {
... h248-properties-configuration ...
}
h248-timers {
initial-average-ack-delay milliseconds;
maximum-net-propagation-delay milliseconds;
maximum-waiting-delay milliseconds;
tmax-retransmission-delay milliseconds;
}
max-concurrent-calls number;
monitor {
media {
rtcp;
rtp;
}
}
service-state (in-service | out-of-service-forced | out-of-service-graceful);
session-mirroring {
delivery-function [ function-names ];
disable-session-mirroring;
}
h248-options {
audit-observed-events-returns-history;
encoding {
no-dscp-bit-mirroring;
}
service-change {
context-indications {
state-loss (forced-910 | forced-915 | none);
}
control-association-indications {
disconnect {
controller-failure (failover-909 | restart-902);
reconnect (disconnected-900 | restart-902);
}
down {
administrative (forced-905 | forced-908 | none);
failure (forced-904 | forced-908 | none);
graceful (graceful-905 | none);
}
up {
cancel-graceful (none | restart-918);
failover-cold (failover-920 | restart-901);
failover-warm (failover-919 | restart-902);
}
}
virtual-interface-indications {
virtual-interface-down {
administrative (forced-905 | forced-906 | none);
failure (forced-904 | forced-906 | none);
graceful (graceful-905 | none);
link-loss (forced-906 | none);
}
virtual-interface-up {
cancel-graceful (none | restart-918);
warm (none | restart-900);
}
}
}
wildcard-response-service-change;
}
h248-properties {
base-root {
mg-originated-pending-limit default number;
mg-provisional-response-timer-value default milliseconds;
mgc-originated-pending-limit default number;
mgc-provisional-response-timer-value default milliseconds;
normal-mg-execution-time default milliseconds;
normal-mgc-execution-time default milliseconds;
}
diffserv {
dscp default (dscp-value | alias | do-not-change);
}
event-timestamp-notification {
request-timestamp (requested | suppressed | autonomous);
}
hanging-termination-detection {
timerx seconds;
}
notification-behavior {
notification-regulation default (once | percentage);
}
segmentation {
mg-maximum-pdu-size default bytes;
mg-segmentation-timer default milliseconds;
mgc-maximum-pdu-size default bytes;
mgc-segmentation-timer default milliseconds;
}
traffic-management {
max-burst-size {
default bps;
rtcp {
(fixed-value bytes | percentage percentage);
}
}
peak-data-rate {
default bps;
rtcp {
(fixed-value bytes | percentage percentage);
}
}
sustained-data-rate {
default bps;
rtcp {
(fixed-value bytes | percentage percentage);
}
}
}
}
}
}
radius-flow-tap {
forwarding-class class-name;
interfaces interface-name;
source-ipv4-address ipv4-address;
)
rpm {
bgp {
data-fill data;
data-size size;
destination-port port;
history-size size;
logical-system logical-system-name <routing-instances routing-instance-name>;
moving-average-size number-of-samples;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instances {
routing-instance-name;
}
test-interval seconds;
}
probe owner {
test test-name {
data-fill data;
data-size size;
destination-interface output-interface-name;
destination-port port;
dscp-code-points dscp-bits;
hardware-timestamp;
history-size size;
moving-average-size number-of-samples;
one-way-hardware-timestamp;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instance routing-instance-name;
source-address address;
target (address address | url url);
test-interval seconds;
thresholds {
egress-time microseconds;
ingress-time microseconds;
jitter-egress microseconds;
jitter-ingress microseconds;
jitter-rtt microseconds;
rtt microseconds;
std-dev-egress microseconds;
std-dev-ingress microseconds;
std-dev-rtt microseconds;
successive-loss count;
total-loss count;
}
traps [ trap-names ];
}
}
probe-limit number;
probe-server {
probe-server {
tcp {
destination-interface interface-name;
port port-number;
udp {
destination-interface interface-name;
port port-number;
}
}
}
service-set service-set-name {
allow-multicast;
(cos-rules rule-name | cos-rule-sets rule-set-name);
extension-service service-name {
provider-specific-rules;
}
(ids-rules rule-names | ids-rule-sets rule-set-name);
interface-service {
service-interface interface-name;
}
(ipsec-vpn-rules rule-names | ipsec-vpn-rule-sets rule-set-name);
ipsec-vpn-options {
ike-access-profile profile-name;
local-gateway address;
}
max-flows number;
(nat-rules rule-names | nat-rule-sets rule-set-name);
next-hop-service {
inside-service-interface name.number;
outside-service-interface name.number;
}
(pgcp-rules rule-names | pgcp-rule-sets rule-set-name);
service-order {
forward-flow [ service-names ];
reverse-flow [ service-names ];
}
(stateful-firewall-rules rule-names | stateful-firewall-rule-sets rule-set-name);
syslog {
host hostname {
facility-override facility-name;
log-prefix prefix-number;
services priority-level;
}
}
}
stateful-firewall {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
(accept | discard | reject);
allow-ip-options [ values ];
syslog;
}
}
}
rule-set rule-set-name {
rule rule-name;
}
}
unified-access-control {
infranet-controller hostname {
address ip-address;
ca-profile ca-profile;
interface interface-name;
port port-number;
password password;
server-certificate-subject subject;
}
interval seconds;
test-only-mode (false | true);
timeout seconds;
timeout-action (close | no-change | open);
traceoptions {
flag flag;
}
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.