Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
[edit services] Hierarchy Level
To configure services, include the following statements at the [edit services] hierarchy level of the configuration:
 | Note: For the complete [edit services] hierarchy, see the Junos Hierarchy and RFC Reference. This listing includes only the statements documented in this manual; additional statements are documented in the Junos Subscriber Access Configuration Guide. |
aacl {rule rule-name {match-direction (input | output | input-output);term term-name {from {application-group-any;application-groups [ application-group-names ];applications [ application-names ];destination-address address <any-unicast>;destination-address-range low minimum-value high maximum-value;destination-prefix-list list-name;source-address address <any-unicast>;source-address-range low minimum-value high maximum-value;source-prefix-list list-name;}then {(accept | discard);count (application | application-group | application-group-any
| none);forwarding-class class-name;policer policer-name;}}}rule-set rule-set-name {[ rule rule-names ];}}adaptive-services-pics {traceoptions {file filename <files number> <size size> <world-readable
| no-world-readable> <match regex>;flag flag;no-remote-trace;}}application-identification {application application-name {disable;idle-timeout seconds;index number;session-timeout seconds;type type;type-of-service service-type;port-mapping {port-range {tcp (port | range);udp (port | range);}disable;}}application-group group-name {disable;application-groups {name [application-group-name];}applications {name [application-name];}index number;}application-system-cache-timeout seconds;max-checked-bytes bytes;min-checked-bytes bytes;no-application-identification;no-application-system-cache;no-clear-application-system-cache;no-signature-based;profile profile-name {[ rule-set rule-set-name ];}rule rule-name {disable;address address-name {destination {ip address</prefix-length>;port-range {tcp [ ports-and-port-ranges ];udp [ ports-and-port-ranges ];}}source {ip address</prefix-length>;port-range {tcp [ ports-and-port-ranges ];udp [ ports-and-port-ranges ];}}order number;}application application-name;}rule-set rule-set-name {rule application-rule-name;}traceoptions {file filename <files number> <match regex> <size size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}border-signaling-gateway {gateway gateway-name {admission-control admission-control-profile {dialogs {maximum-concurrent number;committed-attempts-rate dialogs-per-second;committed-burst-size number-of-dialogs;}transactions {maximum-concurrent number;committed-attempts-rate transactions-per-second;committed-burst-size number-of-transactions;}}embedded-spdf {service-class service-class-name {term term-name {from {media-type (any-media | audio | video);}then {committed-burst-size bytes;committed-information-rate bytes-per-second;dscp (alias | do-not-change | dscp-value);reject;}}}}service-point service-point-name {service-interface interface-name.unit-number;service-point-type service-point-type;service-policies {new-call-usage-input-policies [policy-and-policy-set-names];new-call-usage-output-policies [policy-and-policy-set-names];new-transaction-input-policies [policy-and-policy-set-names];new-transaction-output-policies[policy-and-policy-set-names];}transport-details <port port-number> <ip-address ip-address> <tcp> <udp>;}sip {message-manipulation-rules {manipulation-rule rule-name {actions {sip-header header-field-name {field-value {modify-regular-expression regular-expression with field-value;add field-value;add-missing field-value;add-overwrite field-value;remove-regular-expression regular-expression;remove-all;reject-regular-expression regular-expression;}}request-uri request-uri
{field-value {modify-regular-expression regular-expression with field-value;}}}}}new-call-usage-policy policy-name {term term-name {from {contact [ contact-fields ];method {method-invite;}request-uri [ uri-fields ];source-address [ ip-addresses ];}then {media-policy {data-inactivity-detection {inactivity-duration seconds;}no-anchoring;service-class service-class-name;}trace;}}new-call-usage-policy-set policy-set-name {policy-name [ policy-names ];}new-transaction-policy policy-name {term term-name {from {contact {registration-state [ registered | not-registered ];regular-expression [ regular-expression ];uri-hiding [ hidden-uri | not-hidden-uri ];}method {method-invite;method-message;method-options;method-publish;method-refer;method-register;method-subscribe;}request-uri {registration-state [ registered | not-registered ];regular-expression [ regular-expression ];uri-hiding [ hidden-uri | not-hidden-uri ];}source-address [ ip-addresses ];}then {(accept | reject);admission-control admission-control-profile;message-manipulation {forward-manipulation {manipulation-rule-name;}reverse-manipulation {manipulation-rule-name;}}on-3xx-response{recursion-limit number;}}route {egress-service-point service-point-name;next-hop (request-uri
| address ipv4-address | <port port-number> <transport-protocol (udp | tcp)>);server-cluster cluster-name;}signaling-realm signaling-realm;trace;}}}new-transaction-policy-set policy-set-name {policy-name [ policy-names ];}routing-destinations {availability-check-profiles {profile-name;keepalive-interval {available-server seconds;unavailable-server seconds;}keepalive-method sip-options;keepalive-strategy (do-not-send <blackout-period seconds> | send-always < failures-before-unavailable number> < successes-before-available number | send-when-unavailable < successes-before-available number);transaction-timeout seconds;}clusters [cluster-name;server server-name {priority priority-level;weight weight-level;}}default-availability-check-profile profile-name;}servers {server-name {address ip4-address <port port-number> <transport (udp | tcp)>;admission-control profile-name;availability-check-profile profile-name;service-point service-point-name;}timers {inactive-callseconds;timer-c seconds;}}traceoptions {file {filename filename;files number;match regex;size size;}flag {datastore {data trace-level;db trace-level;handle trace-level;minimum trace-level;}framework {action trace-level;event trace-level;executor trace-level;freezer trace-level;minimum trace-level;memory-pool trace-level;}minimum trace-level;sbc-utils {common trace-level;configuration trace-level;device-monitor trace-level;ipc trace-level;memory-management trace-level;message trace-level;minimum trace-level;user-interface trace-level;}session-trace trace-level;signaling {b2b trace-level;b2b-wrapper trace-level;minimum trace-level;policy trace-level;sip-stack-wrapper trace-level;topology-hiding trace-level;ua trace-level;}sip-stack {dev-logging;event-tracing;ips-tracing;pd-log-detail (full | summary);pd-log-level (audit | exception | problem);per-tracing;verbose-logging;}}}}}cos {application-profile profile-name {sip-text {dscp (alias | bits);forwarding-class class-name;}sip-video {dscp (alias | bits);forwarding-class class-name;}sip-voice {dscp (alias | bits);forwarding-class class-name;}}rule rule-name {match-direction (input | output | input-output);term term-name {from {application-sets set-name;applications [ application-names ];destination-address address;destination-prefix-list list-name <except>;source-address address;source-prefix-list list-name <except>;}then {application-profile profile-name;dscp (alias | bits);forwarding-class class-name;(reflexive | reverse) {application-profile profile-name;dscp (alias | bits);forwarding-class class-name;syslog;}syslog;}}}rule-set rule-set-name {rule rule-name;}}dynamic-flow-capture {capture-group client-name {content-destination identifier {address address;hard-limit bandwidth;hard-limit-target bandwidth;soft-limit bandwidth;soft-limit-clear bandwidth;ttl hops;}control-source identifier {allowed-destinations [ destination ];minimum-priority value;no-syslog;notification-targets address port port-number;service-port port-number;shared-key value;source-addresses [ address ];}duplicates-dropped-periodicity seconds;input-packet-rate-threshold rate;interfaces interface-name;max-duplicates number;pic-memory-threshold percentage percentage;}g-max-duplicates number;g-duplicates-dropped-periodicity seconds;}flow-collector {analyzer-address address;analyzer-id name;destinations {ftp:url {password "password";}file-specification {variant variant-number {data-format format;name-format format;transfer {record-level number;timeout seconds;}}}interface-map {collector interface-name;file-specification variant-number;interface-name {collector interface-name;file-specification variant-number;}}retry number;retry-delay seconds;transfer-log-archive {archive-sites {ftp:url {password "password";username username;}}filename-prefix prefix;maximum-age minutes;}}flow-monitoring {version9 {template template-name {flow-active-timeout seconds;flow-inactive-timeout seconds;ipv4-template;ipv6-template;mpls-template {label-position [ positions ];}mpls-ipv4-template {label-position [ positions ];}option-refresh-rate packets packets seconds seconds;template-refresh-rate packets packets seconds seconds;}}}flow-tap {interface interface-name;}ids {rule rule-name {match-direction (input | output | input-output);term term-name {from {application-sets set-name;applications [ application-names ];destination-address (address | any-unicast) <except>;destination-address-range low minimum-value high maximum-value<except>;destination-prefix-list list-name <except>;source-address (address | any-unicast) <except>;source-address-range low minimum-value high maximum-value <except>;source-prefix-list list-name <except>;}then {aggregation {destination-prefix prefix-number | destination-prefix-ipv6 prefix-number;source-prefix prefix-number | source-prefix-ipv6 prefix-number;}(force-entry | ignore-entry);logging {syslog;threshold rate;}session-limit {by-destination {hold-time seconds;maximum number;packets number;rate number;}by-pair {maximum number;packets number;rate number;}by-source {hold-time seconds;maximum number;packets number;rate number;}}syn-cookie {mss value;threshold rate;}}}}rule-set rule-set-name {rule rule-name;}}ipsec-vpn {clear-ike-sas-on-pic-restart;clear-ipsec-sas-on-pic-restart;ike {proposal proposal-name {authentication-algorithm (md5 | sha1 | sha-256);authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);description description;dh-group (group1 | group2 | group5);encryption-algorithm algorithm;lifetime-seconds seconds;}policy policy-name {description description;local-certificate identifier;local-id (ipv4_addr ipv4-address | ipv6-addr ipv6-address | key-id identifier);mode (aggressive | main);pre-shared-key (ascii-text key | hexadecimal key);proposals [ proposal-names ];remote-id {ipv4_addr [ values ];ipv6_addr [ values ];key_id [ values ];}}}ipsec {proposal proposal-name {authentication-algorithm (hmac-md5-96 | hmac-sha1-96);description description;encryption-algorithm algorithm;lifetime-seconds seconds;protocol (ah | esp | bundle);}policy policy-name {description description;perfect-forward-secrecy {keys (group1 | group2);}proposals [ proposal-names ];}}rule rule-name {match-direction (input | output);term term-name {from {destination-address address;ipsec-inside-interface interface-name;source-address address;}then {anti-replay-window-size bits;backup-remote-gateway address;clear-dont-fragment-bit;dynamic {ike-policy policy-name;ipsec-policy policy-name;}initiate-dead-peer-detection;manual {direction (inbound | outbound | bidirectional) {authentication {algorithm (hmac-md5-96 | hmac-sha1-96);key (ascii-text key | hexadecimal key );}auxiliary-spi spi-value;encryption {algorithm algorithm;key (ascii-text key | hexadecimal key );}protocol (ah | bundle | esp);spi spi-value;}}no-anti-replay;remote-gateway address;syslog;tunnel-mtu bytes;}}}rule-set rule-set-name {rule rule-name;}no-ipsec-tunnel-in-traceroute;traceoptions {file {files number;size bytes;}flag flag;level level;}}l2tp {tunnel-group name {hello-interval seconds;hide-avps;l2tp-access-profile profile-name;local-gateway address address;maximum-send-window packets;ppp-access-profile profile-name;receive-window packets;retransmit-interval seconds;service-interface interface-name;syslog {host hostname {services severity-level;facility-override facility-name;log-prefix prefix-value;}}tunnel-timeout seconds;}traceoptions {debug-level level;filter {protocol name;}flag flag;interfaces interface-name {debug-level level;flag flag;}}}logging {traceoptions {file filename <files number> <size size> <world-readable
| no-world-readable> <match regex>;flag flag;}}nat {ipv6-multicast-interfaces (all | interface-name) {disable;}pool nat-pool-name {address ip-prefix</prefix-length>;address-range low minimum-value high maximum-value;pgcp {hint [ hint-strings ];ports-per-session ports;remotely-controlled;transport;}port (automatic | range low minimum-value high maximum-value) {random-allocation;}}rule rule-name {match-direction (input | output);term term-name {from {application-sets set-name;applications [ application-names ];destination-address (address | any-unicast) <except>;destination-address-range low minimum-value high maximum-value <except>;destination-prefix-list list-name <except>;source-address (address | any-unicast) <except>;source-address-range low minimum-value high maximum-value <except>;source-prefix-list list-name <except>;}then {syslog;translated {destination-pool nat-pool-name;destination-prefix destination-prefix;overload-pool overload-pool-name;overload-prefix overload-prefix;source-pool nat-pool-name;source-prefix source-prefix;translation-type {destination (dynamic | static);source (dynamic | static);}}}}}rule-set rule-set-name {rule rule-name;}}pgcp {gateway gateway-name {cleanup-timeout seconds;gateway-address gateway-address;fast-update-filters {maximum-terms number-of-terms;maximum-fuf-percentage percentage;}gateway-controller gateway-controller-name {controller-address ip-address;controller-port port-number;interim-ah-scheme {algorithm algorithm;}}gateway-port gateway-port;graceful-restart {maximum-synchronization-mismatches number-of-mismatches; seconds;}data-inactivity-detection {inactivity-delay seconds;latch-deadlock-delay seconds;send-notification-on-delay;inactivity-duration seconds;stop-detection-on-drop;report-service-change {service-change-type (forced-906) | forced-910);}}h248-properties {application-data-inactivity-detection {ip-flow-stop-detection (regulated-notify | immediate-notify);}base-root {mg-provisional-response-timer-value {default milliseconds;maximum milliseconds;minimum milliseconds;}mgc-originated-pending-limit {default number-of-messages;maximum number-of-messages;minimum number-of-messages;}normal-mg-execution-time {default milliseconds;maximum milliseconds;minimum milliseconds;}normal-mgc-execution-time {default milliseconds;maximum milliseconds;minimum milliseconds;}}diffserv {dscp {default (dscp-value | alias | do-not-change);}}event-timestamp-notification {request-timestamp (requested | suppressed | autonomous);{hanging-termination-detection {timerx seconds;}notification-behavior {notification-regulation default (once | 0 - 100);}segmentation {mg-segmentation-timer {default milliseconds;maximum milliseconds;minimum milliseconds;}mgc-segmentation-timer {default milliseconds;maximum milliseconds;minimum milliseconds;}mg-maximum-pdu-size {default bytes;maximum bytes;minimum bytes;}mgc-maximum-pdu-size {default bytes;maximum bytes;minimum bytes;}}traffic-management {max-burst-size {default bytes-per-second;maximum bytes-per-second;minimum bytes-per-second;rtcp {(fixed-value bytes-per-second | percentage percentage);}}peak-data-rate {default bytes-per-second;maximum bytes-per-second;minimum bytes-per-second;rtcp {(fixed-value bytes-per-second | percentage percentage);}}sustained-data-rate {default bytes-per-second;maximum bytes-per-second;minimum bytes-per-second;rtcp {(fixed-value bytes-per-second | percentage percentage);}rtcp-include;}}inactivity-timer {inactivity-timeout {detect;maximum-inactivity-time {default 10-millisecond-units;maximum 10-millisecond-units;minimum 10-millisecond-units;}}}}h248-options {audit-observed-events-returns;encoding {no-dscp-bit-mirroring;}service-change {context-indications {state-loss (forced-910 | forced-915 | none);}control-association-indications {disconnect {controller-failure (failover-909 | restart-902);reconnect (disconnected-900 | restart-902);}down {administrative (forced-905 | forced-908 | none);failure (forced-904 | forced-908 | none);graceful (graceful-905 | none);}up {cancel-graceful (none | restart-918);failover-cold (failover-920 | restart-901);failover-warm (failover-919 | restart-902);}}virtual-interface-indications {virtual-interface-down {administrative (forced-905 | forced-906 | none);failure (forced-904 | forced-906 | none);graceful (graceful-905 | none);link-loss (forced-906 | none);}use-wildcard-response;virtual-interface-up {cancel-graceful (none | restart-918);warm (none | restart-900);}}}}h248-timers {initial-average-ack-delay milliseconds;maximum-net-propagation-delay milliseconds;maximum-waiting-delay milliseconds;tmax-retransmission-delay milliseconds;}max-concurrent-calls number-of-calls;monitor {media {rtcp;rtp;}}service-state (in-service | out-of-service-forced | out-of-service-graceful);session-mirroring {delivery-function delivery-function-name {destination-address destination-address;destination-port destination-port;network-operator-id network-operator-id;source-address source-address;source-port source-port;}disable-session-mirroring;}}nat-pool nat-pool-name;rule rule-name {gateway gateway-name;nat-pool nat-pool-name;}rule-set rule-set-name {rule rule-name;}traceoptions {file <filename filename> <files number> <match regex> <size size> <world-readable | no-world-readable>; flag {bgf-core {common trace-level;default trace-level;firewall trace-level;gate-logic trace-level;pic-broker trace-level;policy trace-level;statistics trace-level;}default trace-level;h248-stack {control-association trace-level;default trace-level;messages;media-gateway trace-level;}sbc-utils {common trace-level;configuration trace-level;default trace-level;device-monitor trace-level;ipc trace-level;memory-management trace-level;messaging trace-level;user-interface trace-level;}}}virtual-interface interface-number {nat-pool nat-pool-name;interface interface-identifier;routing-instance instance-name {service-interface interface-name.unit-number;}service-state (in-service | out-of-service-forced | out-of-service-graceful);}session-mirroring {delivery-function delivery-function-name {destination-address destination-address;destination-port destination-port;network-operator-id network-operator-id;source-address source-address;source-port source-port;}disable-session-mirroring;}}ptsp {forward-rule rule-name {term precedence {from {application-groups [ application-group-name ];applications [ application-name ];local-address address <except>;local-address-range low low-value high high-value <except >;local-prefix-list prefix-list-name <except >;}then {forwarding-instance forwarding-instance unit-number unit-number;}}}rule rule-name {count-type (application
| rule);demux (destination-address
| source-address);forward-rule forward-rule-name;match-direction (input | input-output | output);term precedence {from {application-group-any;application-groups [ application-group-name ];applications [ application-name ];local-port-range low low-value high high-value;local-ports [ value-list ];protocol protocol-number;remote-address address <except>;remote-address-range low low-value high high-value <except>;remote-port-range low low-value high high-value;remote-ports [ value-list ];remote-prefix-list prefix-list-name <except>;}then {(accept | discard);count (application | application-group | application-group-any
| rule | none);forwarding-class forwarding-class;police policer-name;}}}rule-set rule-set-name {rule rule-name;}}rpm {bgp {data-fill data;data-size size;destination-port port;history-size size;logical-system logical-system-name <routing-instances routing-instance-name>;probe-count count;probe-interval seconds;probe-type type;routing-instances instance-name;test-interval interval;}probe owner {test test-name {data-fill data;data-size size;destination-interface interface-name;destination-port port;dscp-code-point dscp-bits;hardware-timestamp;history-size size;moving-average-size number;one-way-hardware-timestamp;probe-count count;probe-interval seconds;probe-type type;routing-instance instance-name;source-address address;target (url | address);test-interval interval;thresholds thresholds;traps traps;}}probe-limit limit;probe-server {tcp {destination-interface interface-name;port number;}udp {destination-interface interface-name;port number;}}twamp {server {authentication-mode (authenticated | encrypted | none);client-list list-name {address address;}inactivity-timeout seconds;maximum-connections count;maximum-connections-per-client count;maximum-sessions count;maximum-sessions-per-connection count;port number;}}}service-set service-set-name {aacl-rules rule-name;policy-decision-statistics-profile profile-name;(ids-rules rule-names | ids-rule-sets rule-set-name);(ipsec-vpn-rules rule-names | ipsec-vpn-rule-sets rule-set-name);(nat-rules rule-names | nat-rule-sets rule-set-name);(pgcp-rules rule-names | pgcp-rule-sets rule-set-name);(ptsp-rules rule-names | ptsp-rule-sets rule-set-name); (stateful-firewall-rules rule-names | stateful-firewall-rule-sets rule-set-name);allow-multicast;extension-service service-name {provider-specific rules;}interface-service {service-interface interface-name;}ipsec-vpn-options {anti-replay-window-size bits;clear-dont-fragment-bit;ike-access-profile profile-name;local-gateway address;no-anti-replay;passive-mode-tunneling;trusted-ca [ ca-profile-names ];tunnel-mtu bytes;}max-flows number;next-hop-service {inside-service-interface interface-name.unit-number;outside-service-interface interface-name.unit-number;service-interface-pool name;}service-order {forward-flow [ service-name1 service-name2 ];reverse-flow [ service-name1 service-name2 ];}syslog {host hostname {services severity-level;facility-override facility-name;log-prefix prefix-value;}}}stateful-firewall {rule rule-name {match-direction (input | output | input-output);term term-name {from {application-sets set-name;applications [ application-names ];destination-address (address | any-unicast) <except>;destination-address-range low minimum-value high maximum-value <except>;destination-prefix-list list-name <except>;source-address (address | any-unicast) <except>;source-address-range low minimum-value high maximum-value<except>;source-prefix-list list-name <except>;}then {(accept | discard | reject);allow-ip-options [ values ];syslog;}}}rule-set rule-set-name {rule rule-name;}}}
