Table of Contents
- About This Guide
- JUNOS Documentation and Release Notes
- Objectives
- Audience
- Supported Platforms
- Using the Indexes
- Using the Examples in This Manual
- Documentation Conventions
- Documentation Feedback
- Requesting
Technical Support
- Overview
- Introduction to Junos OS
- Junos OS Overview
- Junos OS Architecture Overview
- Product Architecture
- Routing Process Architecture
- Packet Forwarding Engine
- Routing Engine
- Router Hardware Components
- Junos OS Commit Model for Router Configuration
- Junos OS Routing Engine Components and Processes
- Routing Engine Kernel
- Initialization Process
- Management Process
- Process Limits
- Routing Protocol Process
- Interface Process
- Chassis Process
- SNMP and MIB II Processes
- Junos OS Support for IPv4 Routing Protocols
- Junos OS Support for IPv6 Routing Protocols
- Junos OS Routing and Forwarding Tables
- Routing Policy Overview
- Junos OS Support for VPNs
- Junos Configuration Basics
- Junos OS Configuration Basics
- Junos OS Configuration from External Devices
- Methods for Configuring the Junos OS
- Junos OS command-line interface (CLI)
- ASCII File
- J-Web Package
- Junos XML management protocol Software
- NETCONF XML management protocol Software
- Configuration Commit Scripts
- Configuring a Router for the First Time
- Initial Router Configuration Using the Junos OS
- Configuring the Junos OS the First Time on a Router with a
Single Routing Engine
- Configuring the Junos OS the First Time on a Router with Dual
Routing Engines
- Junos OS Default Settings for Router Security
- Junos OS Configuration Using the CLI
- Activation of the Junos OS Candidate Configuration
- Disk Space Management for Junos OS Installation
- Junos OS Tools for Monitoring the Router
- Junos OS Features for Router Security
- Methods of Remote Access for Router Management
- Junos OS Supported Protocols and Methods for User Authentication
- Junos OS Plain-Text Password Requirements
- Junos OS Support for Routing Protocol Security Features and
IPsec
- Junos OS Support for Firewall Filters
- Junos OS Auditing Support for Security
- System Management
- System Management Overview
- Format for Specifying IP Addresses, Network Masks, and Prefixes
in Junos Configuration Statements
- Format for Specifying Filenames and URLs in Junos OS CLI Commands
- Default Directories for Junos OS File Storage on the Router
- Directories on the Logical System
- Junos OS Tracing and Logging Operations
- Junos OS Authentication Methods for Routing Protocols
- Junos OS User Authentication Methods
- System Management Configuration Statements
- System Management Configuration Statements
- Configuring Basic System Management
- Configuring Basic Router or Switch Properties
- Configuring the Hostname of the Router or Switch
- Mapping the Name of the Router to IP Addresses
- Configuring an ISO System Identifier for the Router
- Example: Configuring the Name of the Router, IP Address, and
System ID
- Configuring the Domain Name for the Router or Switch
- Example: Configuring the Domain Name for the Router or Switch
- Configuring the Domains to Search When a Router or Switch Is
Included in Multiple Domains
- Configuring a DNS Name Server for Resolving a Hostname into
Addresses
- Configuring a Backup Router
- Configuring a Backup Router Running IPv4
- Configuring a Backup Router Running IPv6
- Configuring Automatic Mirroring of the CompactFlash Card on
the Hard Disk Drive
- Configuring the Physical Location of the Router or Switch
- Configuring the Root Password
- Example: Configuring the Root Password
- Example: Configuring a Plain-Text Password for Root Logins
- Example: Configuring SSH Authentication for Root Logins
- Special Requirements for Junos OS Plain-Text Passwords
- Changing the Requirements for Junos OS Plain-Text Passwords
- Example: Changing the Requirements for Junos OS Plain-Text
Passwords
- Configuring Multiple Routing Engines to Synchronize Committed
Configurations Automatically
- Compressing the Current Configuration File
- Configuring User Access
- Junos OS Login Classes Overview
- Defining Junos OS Login Classes
- Junos OS User Accounts Overview
- Configuring Junos OS User Accounts
- Example: Configuring User Accounts
- Limiting the Number of User Login Attempts for SSH and Telnet
Sessions
- Example: Limiting the Number of Login Attempts for SSH and
Telnet Sessions
- Configuring Time-Based User Access
- Examples: Configuring Time-Based User Access
- Junos-FIPS Crypto Officer and User Accounts Overview
- Crypto Officer User Configuration
- FIPS User Configuration
- Junos OS Access Privilege Levels Overview
- Junos OS Login Class Permission Flags
- Allowing or Denying Individual Commands for Junos OS Login
Classes
- Configuring Access Privilege Levels
- Example: Configuring Access Privilege Levels
- Specifying Access Privileges for Junos OS Operational Mode
Commands
- Regular Expressions for Allowing and Denying Junos OS Operational
Mode Commands
- Example: Configuring Access Privileges for Operational Mode
Commands
- Specifying Access Privileges for Junos OS Configuration Mode
Hierarchies
- Regular Expressions for Allowing and Denying Junos OS Configuration
Mode Hierarchies
- Example: Defining Access Privileges for Configuration Mode
Hierarchies
- Configuring the Timeout Value for Idle Login Sessions
- Configuring CLI Tips
- Configuring System Authentication
- Configuring RADIUS Authentication
- Configuring RADIUS Server Details
- Configuring MS-CHAPv2 for Password-Change Support
- Specifying a Source Address for the Junos OS to Access External
RADIUS Servers
- Juniper Networks Vendor-Specific RADIUS Attributes
- Configuring TACACS+ Authentication
- Configuring TACACS+ Server Details
- Specifying a Source Address for the Junos OS to Access External
TACACS+ Servers
- Configuring the Same Authentication Service for Multiple TACACS+
Servers
- Configuring Juniper Networks Vendor-Specific TACACS+ Attributes
- Juniper Networks Vendor-Specific TACACS+ Attributes
- Overview of Template Accounts for RADIUS and TACACS+ Authentication
- Configuring Remote Template Accounts for User Authentication
- Configuring Local User Template Accounts for User Authentication
- Using Regular Expressions on a TACACS+ or RADIUS Server to
Allow or Deny Access to Commands
- Junos OS Authentication Order for RADIUS, TACACS+, and Password
Authentication
- Using RADIUS or TACACS+ Authentication
- Using Local Password Authentication
- Order of Authentication Attempts
- Configuring the Junos OS Authentication Order for RADIUS, TACACS+,
and Local Password Authentication
- Example: Configuring System Authentication for RADIUS, TACACS+,
and Password Authentication
- Recovering the Root Password
- Configuring Time
- Modifying the Default Time Zone for a Router or Switch Running
Junos OS
- NTP Overview
- Synchronizing and Coordinating Time Distribution Using NTP
- Configuring NTP
- Configuring the NTP Boot Server
- Specifying a Source Address for an NTP Server
- NTP Time Server and Time Services Overview
- Configuring the NTP Time Server and Time Services
- Configuring the Router or Switch to Operate in Client Mode
- Configuring the Router or Switch to Operate in Symmetric Active
Mode
- Configuring the Router or Switch to Operate in Broadcast Mode
- Configuring the Router or Switch to Operate in Server Mode
- Configuring NTP Authentication Keys
- Configuring the Router or Switch to Listen for Broadcast Messages
Using NTP
- Configuring the Router or Switch to Listen for Multicast Messages
Using NTP
- Setting a Custom Time Zone on Routers or Switches Running Junos
OS
- Importing and Installing Time Zone Files
- Configuring a Custom Time Zone
- Configuring System Log Messages
- Junos OS System Log Configuration Overview
- Junos OS System Log Configuration Statements
- Junos OS Minimum and Default System Logging Configuration
- Junos OS Minimum System Logging Configuration
- Junos OS Default System Log Settings
- Junos OS Platform-Specific Default System Log Messages
- Single-Chassis System Logging Configuration
- Single-Chassis System Logging Configuration Overview
- Specifying the Facility and Severity of Messages to Include
in the Log
- Junos System Logging Facilities and Message Severity Levels
- Directing System Log Messages to a Log File
- Logging Messages in Structured-Data Format
- Directing System Log Messages to a User Terminal
- Directing System Log Messages to the Console
- System Logging on a Remote Machine or the Other Routing Engine
- Directing System Log Messages to a Remote Machine or the Other
Routing Engine
- Specifying an Alternative Source Address for System Log Messages
- Changing the Alternative Facility Name for Remote System Log
Messages
- System Log Default Facilities for Messages Directed to a Remote
Destination
- Junos System Log Alternate Facilities for Remote Logging
- Examples: Assigning an Alternative Facility
- Adding a Text String to System Log Messages
- Specifying Log File Size, Number, and Archiving Properties
- Including Priority Information in System Log Messages
- System Log Facility Codes and Numerical Codes Reported in Priority
Information
- Including the Year or Millisecond in Timestamps
- Using Regular Expressions to Refine the Set of Logged Messages
- Junos System Log Regular Expression Operators for the match
Statement
- Disabling the System Logging of a Facility
- Examples: Configuring System Logging
- System Logging Configuration for a TX Matrix Router
- Configuring System Logging for a TX Matrix Router
- Configuring Message Forwarding to the TX Matrix Router
- Impact of Different Local and Forwarded Severity Levels on
System Log Messages on a TX Matrix Router
- Messages Logged When the Local and Forwarded Severity Levels
Are the Same
- Messages Logged When the Local Severity Level Is Lower
- Messages Logged When the Local Severity Level Is Higher
- Configuring Optional Features for Forwarded Messages on a TX
Matrix Router
- Including Priority Information in Forwarded Messages
- Adding a Text String to Forwarded Messages
- Using Regular Expressions to Refine the Set of Forwarded Messages
- Directing Messages to a Remote Destination from the Routing
Matrix Based on the TX Matrix Router
- Configuring System Logging Differently on Each T640 Router
in a Routing Matrix
- System Logging Configuration for a TX Matrix Plus Router
- Configuring System Logging for a TX Matrix Plus Router
- Configuring Message Forwarding to the TX Matrix Plus Router
- Impact of Different Local and Forwarded Severity Levels on
System Log Messages on a TX Matrix Plus Router
- Messages Logged When the Local and Forwarded Severity Levels
Are the Same
- Messages Logged When the Local Severity Level Is Lower
- Messages Logged When the Local Severity Level Is Higher
- Configuring Optional Features for Forwarded Messages on a TX
Matrix Plus Router
- Including Priority Information in Forwarded Messages
- Adding a Text String to Forwarded Messages
- Using Regular Expressions to Refine the Set of Forwarded Messages
- Directing Messages to a Remote Destination from the Routing
Matrix Based on a TX Matrix Plus Router
- Configuring System Logging Differently on Each T1600 Router
in a Routing Matrix
- Configuring System Services
- System Services Overview
- Configuring clear-text or SSL Service for Junos XML protocol
Client Applications
- Configuring clear-text Service for Junos XML protocol Client
Applications
- Configuring SSL Service for Junos XML protocol Client Applications
- Configuring the Router, Switch, or Interface to Act as a DHCP
Server on J Series Services Routers and EX Series Ethernet Switches
- DHCP Access Service Overview
- Network Address Assignments (Allocating a New Address)
- Network Address Assignments (Reusing a Previously Assigned
Address)
- Static and Dynamic Bindings
- Compatibility with Autoinstallation
- Conflict Detection and Resolution
- DHCP Statement Hierarchy and Inheritance
- Configuring Address Pools for DHCP Dynamic Bindings
- Configuring Manual (Static) DHCP Bindings Between a Fixed IP
Address and a Client MAC Address
- Specifying DHCP Lease Times for IP Address Assignments
- Configuring a DHCP Boot File and DHCP Boot Server
- Configuring the Next DHCP Sever to Contact After a Boot Client
Establishes Initial Communication
- Configuring a Static IP Address as DHCP Server Identifier
- Configuring a Domain Name and Domain Search List for a DHCP
Server Host
- Configuring Routers Available to the DHCP Client
- Creating User-Defined DHCP Options Not Included in the Default
Junos Implementation of the DHCP Server
- Example: Complete DHCP Server Configuration
- Example: Viewing DHCP Bindings
- Example: Viewing DHCP Address Pools
- Example: Viewing and Clearing DHCP Conflicts
- Configuring Tracing Operations for DHCP Processes
- Configuring the DHCP Processes Log Filename
- Configuring the Number and Size of DHCP Processes Log Files
- Configuring Access to the DHCP Log File
- Configuring a Regular Expression for Refining the Output of
DHCP Logged Events
- Configuring DHCP Trace Operation Events
- DHCP Processes Tracing Flags
- Configuring the Router as an Extended DHCP Local Server
- Interaction Among the DHCP Client, Extended DHCP Local Server,
and Address-Assignment Pools
- Extended DHCP Local Server and Address-Assignment Pools
- Methods Used by the Extended DHCP Local Server to Determine
Which Address-Assignment Pool to Use
- Matching the Client IP Address to the Address-Assignment Pool
- Matching Option 82 Information to Named Address Ranges
- Default Options Provided by the Extended DHCP Server for the
DHCP Client
- Using External AAA Authentication Services to Authenticate
DHCP Clients
- Configuring Authentication Support for an Extended DHCP Application
- Grouping Interfaces with Common DHCP Configurations
- Configuring Passwords for Usernames the DHCP Application Presents
to the External AAA Authentication Service
- Creating Unique Usernames the Extended DHCP Application Passes
to the External AAA Authentication Service
- Client Configuration Information Exchanged Between the External
Authentication Server, DHCP Application, and DHCP Client
- Tracing Extended DHCP Local Server Operations
- Configuring the Filename of the Extended DHCP Local Server
Processes Log
- Configuring the Number and Size of Extended DHCP Local Server
Processes Log Files
- Configuring Access to the Log File
- Configuring a Regular Expression for Lines to Be Logged
- Configuring Trace Option Flags
- Example: Configuring the Minimum Extended DHCP Local Server
Configuration
- Example: Extended DHCP Local Server Configuration with Optional
Pool Matching
- Verifying and Managing the DHCP Server Configuration
- Configuring DTCP-over-SSH Service for the Flow-Tap Application
- Configuring Finger Service for Remote Access to the Router
- Configuring FTP Service for Remote Access to the Router or
Switch
- Configuring SSH Service for Remote Access to the Router or
Switch
- Configuring the Root Login Through SSH
- Configuring the SSH Protocol Version
- Configuring Outbound SSH Service
- Configuring the Device Identifier for Outbound SSH Connections
- Sending the Public SSH Host Key to the Outbound SSH Client
- Configuring Keepalive Messages for Outbound SSH Connections
- Configuring a New Outbound SSH Connection
- Configuring the Outbound SSH Client to Accept NETCONF as an
Available Service
- Configuring Outbound SSH Clients
- Configuring NETCONF-Over-SSH Connections on a Specified TCP
Port
- Configuring Telnet Service for Remote Access to a Router
- Configuring Miscellaneous System Management Features
- Configuring the Junos OS to Set Console and Auxiliary Port
Properties
- Configuring the Junos OS to Disable Protocol Redirect Messages
on the Router or Switch
- Configuring the Junos OS to Select a Fixed Source Address for
Locally Generated TCP/IP Packets
- Configuring the Junos OS to Make the Router or Interface Act
as a DHCP or BOOTP Relay Agent
- Configuring the Junos OS to Disable the Routing Engine Response
to Multicast Ping Packets
- Configuring the Junos OS to Disable the Reporting of IP Address
and Timestamps in Ping Responses
- Configuring Password Authentication for Console Access to PICs
- Configuring the Junos OS to Display a System Login Message
- Configuring the Junos OS to Display a System Login Announcement
- Disabling Junos OS Processes
- Configuring Failover to Backup Media if a Junos OS Process
Fails
- Configuring Password Authentication for the Diagnostics Port
- Viewing Core Files from Junos OS Processes
- Saving Core Files from Junos OS Processes
- Using Junos OS to Configure Logical System Administrators
- Using Junos OS to Configure a Router or Switch to Transfer
Its Configuration to an Archive Site
- Configuring the Router or Switch to Transfer Its Currently
Active Configuration to an Archive
- Configuring the Transfer Interval for Periodic Transfer of
the Active Configuration to an Archive Site
- Configuring Transfer of the Current Active Configuration When
a Configuration Is Committed
- Configuring Archive Sites for Transfer of Active Configuration
Files
- Using Junos OS to Specify the Number of Configurations Stored
on the CompactFlash Card
- Configuring RADIUS System Accounting
- Configuring Auditing of User Events on a RADIUS Server
- Specifying RADIUS Server Accounting and Auditing Events
- Configuring RADIUS Server Accounting
- Example: Configuring RADIUS System Accounting
- Configuring TACACS+ System Accounting
- Specifying TACACS+ Auditing and Accounting Events
- Configuring TACACS+ Server Accounting
- Configuring TACACS+ Accounting on a TX Matrix Router
- Configuring the Junos OS to Work with SRC Software
- Configuring the Junos OS ICMPv4 Rate Limit for ICMPv4 Routing
Engine Messages
- Configuring the Junos OS ICMPv6 Rate Limit for ICMPv6 Routing
Engine Messages
- Configuring the Junos OS for IP-IP Path MTU Discovery on IP-IP
Tunnel Connections
- Configuring TCP MSS for Session Negotiation
- Configuring TCP MSS on T Series and M Series Routers
- Configuring TCP MSS on J Series Services Routers
- Configuring the Junos OS for IPv6 Path MTU Discovery
- Configuring the Junos OS for IPv6 Duplicate Address Detection
Attempts
- Configuring the Junos OS for Acceptance of IPv6 Packets with
a Zero Hop Limit
- Configuring the Junos OS for Path MTU Discovery on Outgoing
GRE Tunnel Connections
- Configuring the Junos OS for Path MTU Discovery on Outgoing
TCP Connections
- Configuring the Junos OS to Ignore ICMP Source Quench Messages
- Configuring the Junos OS to Enable the Router or Switch to
Drop Packets with the SYN and FIN Bits Set
- Configuring the Junos OS to Disable TCP RFC 1323 Extensions
- Configuring the Junos OS to Disable the TCP RFC 1323 PAWS Extension
- Configuring the Junos OS to Extend the Default Port Address
Range
- Configuring the Junos OS ARP Learning and Aging Options for
Mapping IPv4 Network Addresses to MAC Addresses
- Configuring Passive ARP Learning for Backup VRRP Routers
- Adjusting the ARP Aging Timer
- Disabling MAC Address Learning of Neighbors Through ARP or
Neighbor Discovery for IPv4 and IPv6 Traffic for Logical Interfaces
- Using Junos OS to Configure System Alarms to Appear Automatically
on J Series Routers and EX Series Ethernet Switches
- System Alarms on J Series Routers
- Security Configuration Example
- Example: Configuring a Router Name and Domain Name
- Example: Configuring RADIUS Authentication
- Example: Creating Login Classes
- Example: Defining User Login Accounts
- Example: Defining RADIUS Template Accounts
- Example: Enabling SSH Connection Services
- Example: Configuring System Logging
- Example: Configuring NTP as a Single Time Source for Router
Clock Synchronization
- Example: Configuring ATM, SONET, Loopback, and Out-of-Band
Management Interfaces
- Example: Configuring SNMPv3
- Examples: Configuring Protocol-Independent Routing Properties
- Example: Configuring the Router ID and Autonomous System Number
for BGP
- Example: Configuring Martian Addresses
- Example: Viewing Reserved IRI IP Addresses
- Example: Configuring the BGP and IS-IS Routing Protocols
- Configuring BGP
- Configuring IS-IS
- Configuring Firewall Policies and Filters
- Example: Configuring Firewall Filters
- Example: Configuring Firewall Policies
- Example: Consolidated Security Configuration
- Summary of System Management Configuration Statements
- accounting
- access-end
- access-start
- accounting-port
- allow-commands
- allow-configuration
- allowed-days
- announcement
- archival
- archive (All System Log Files)
- archive (Individual System Log File)
- archive-sites (Configuration File)
- arp
- authentication (DHCP Local Server)
- authentication (Login)
- authentication-key
- authentication-order
- autoinstallation
- auxiliary
- backup-router
- boot-file
- boot-server (DHCP)
- boot-server (NTP)
- broadcast
- broadcast-client
- change-type
- circuit-type
- class (Assigning a Class to an Individual User)
- class (Defining Login Classes)
- client-identifier
- commit synchronize
- compress-configuration-files
- configuration
- configuration-servers
- connection-limit
- console (Physical Port)
- console (System Logging)
- default-address-selection
- default-lease-time
- delimiter (DHCP Local Server)
- deny-commands
- deny-configuration
- destination
- destination-override
- dhcp
- dhcpv6
- dhcp-local-server
- diag-port-authentication
- domain-name (DHCP)
- domain-name
- domain-name (DHCP Local Server)
- domain-search
- dump-device
- events
- explicit-priority
- facility-override
- file (System Logging)
- files
- finger
- flow-tap-dtcp
- format
- ftp
- full-name
- gre-path-mtu-discovery
- group (DHCP Local Server)
- host
- host-name
- http
- https
- icmpv4-rate-limit
- icmpv6-rate-limit
- idle-timeout
- inet6-backup-router
- interface (ARP Aging Timer)
- interface (DHCP Local Server)
- interfaces
- internet-options
- ip-address-first
- ipip-path-mtu-discovery
- ipv6-duplicate-addr-detection-transmits
- ipv6-path-mtu-discovery
- ipv6-path-mtu-discovery-timeout
- ipv6-reject-zero-hop-limit
- load-key-file
- local-certificate
- location
- log-prefix
- logical-system-name (DHCP Local Server)
- login
- login-alarms
- login-tip
- mac-address (DHCP Local Server)
- match
- max-configurations-on-flash
- maximum-lease-time
- maximum-length
- message
- minimum-changes
- minimum-length
- mirror-flash-on-disk
- multicast-client
- name-server
- next-server
- no-compress-configuration-files
- no-gre-path-mtu-discovery
- no-ipip-path-mtu-discovery
- no-ipv6-reject-zero-hop-limit
- no-multicast-echo
- no-path-mtu-discovery
- no-ping-record-route
- no-ping-time-stamp
- no-redirects
- no-remote-trace
- no-saved-core-context
- no-source-quench
- no-tcp-rfc1323
- no-tcp-rfc1323-paws
- ntp
- option-60 (DHCP Local Server)
- option-82 (DHCP Local Server Authentication)
- option-82 (DHCP Local Server Pool Matching)
- outbound-ssh
- password (DHCP Local Server)
- password (Login)
- path-mtu-discovery
- peer
- permissions
- pic-console-authentication
- pool
- pool-match-order
- port (HTTP/HTTPS)
- port (NETCONF Server)
- port (RADIUS Server)
- port (SRC Server)
- port (TACACS+ Server)
- ports
- processes
- protocol-version
- radius
- radius-options
- radius-server
- rate-limit
- retry
- retry-options
- root-authentication
- root-login
- router
- routing-instance-name (DHCP Local Server)
- saved-core-context
- saved-core-files
- secret
- server (NTP)
- server (RADIUS Accounting)
- server (TACACS+ Accounting)
- server-identifier
- servers
- service-deployment
- services
- session
- single-connection
- size
- source-address (NTP, RADIUS, System Logging, or TACACS+)
- source-address (SRC Software)
- source-port
- source-quench
- ssh
- static-binding
- static-host-mapping
- structured-data
- syslog
- system
- tacplus
- tacplus-options
- tacplus-server
- tcp-drop-synfin-set
- tcp-mss
- telnet
- time-format
- timeout
- time-zone
- traceoptions (Address-Assignment Pool)
- traceoptions (DHCP Local Server)
- traceoptions (DHCP Server)
- traceoptions (SBC Configuration Process)
- tracing
- transfer-interval (Configuration)
- transfer-on-commit
- trusted-key
- uid
- use-imported-time-zones
- user (Access)
- user (System Logging)
- username-include (DHCP Local Server)
- user-prefix (DHCP Local Server)
- web-management
- wins-server
- world-readable
- xnm-clear-text
- xnm-ssl
- Access
- Configuring Access
- Access Configuration Statements
- Configuring the PPP Authentication Protocol
- Example: Configuring PPP CHAP
- Example: Configuring CHAP Authentication with RADIUS
- Configuring L2TP for Enabling PPP Tunneling Within a Network
- Defining the Minimum L2TP Configuration
- Configuring the Address Pool for L2TP Network Server IP Address
Allocation
- Configuring the Group Profile for Defining L2TP Attributes
- Configuring L2TP for a Group Profile
- Configuring the PPP Attributes for a Group Profile
- Example: Group Profile Configuration
- Configuring Access Profiles for L2TP or PPP Parameters
- Configuring the Access Profile
- Configuring the L2TP Properties for a Profile
- Configuring the PPP Properties for a Profile
- Configuring the Authentication Order
- Configuring the Accounting Order
- Configuring the L2TP Client
- Example: Defining the Default Tunnel Client
- Example: Defining the User Group Profile
- Configuring the CHAP Secret for an L2TP Profile
- Example: Configuring L2TP PPP CHAP
- Referencing the Group Profile from the L2TP Profile
- Configuring L2TP Properties for a Client-Specific Profile
- Example: PPP MP for L2TP
- Example: L2TP Multilink PPP Support on Shared Interfaces
- Configuring the PAP Password for an L2TP Profile
- Example: Configuring PAP for an L2TP Profile
- Configuring PPP Properties for a Client-Specific Profile
- Applying a Configured PPP Group Profile to a Tunnel
- Example: Applying a User Group Profile on the M7i or M10i Router
- Example: Configuring the Access Profile
- Example: Configuring L2TP
- Configuring RADIUS Authentication for L2TP
- RADIUS Attributes for L2TP
- Example: Configuring RADIUS Authentication for L2TP
- Configuring the RADIUS Disconnect Server for L2TP
- Configuring RADIUS Authentication for an L2TP Client and Profile
- Example: Configuring RADIUS Authentication for an L2TP Profile
- Configuring an IKE Access Profile
- Subscriber Access Management
- Subscriber Access Management Overview
- AAA Service Framework Overview
- RADIUS Authentication and Accounting for Subscriber Access
Management Overview
- Configuring Router or Switch Interaction with RADIUS Servers
- Configuring Authentication and Accounting Parameters for Subscriber
Access
- Specifying the Authentication and Accounting Methods for Subscriber
Access
- Configuring How Accounting Statistics Are Collected for Subscriber
Access
- Configuring RADIUS Server Parameters for Subscriber Access
- Specifying RADIUS Authentication and Accounting Servers for
Subscriber Access
- Configuring RADIUS Server Options for Subscriber Access
- Configuring How RADIUS Attributes Are Used for Subscriber Access
- Example: Configuring RADIUS-Based Subscriber Authentication
and Accounting
- RADIUS IETF Attributes Supported by the AAA Service Framework
- Juniper Networks VSAs Supported by the AAA Service Framework
- Attaching Access Profiles
- Verifying and Managing Subscriber AAA Information
- Address-Assignment Pools Overview
- Address-Assignment Pools Licensing Requirements
- Configuring Address-Assignment Pools
- Configuring an Address-Assignment Pool Name and Addresses
- Configuring a Named Address Range for Dynamic Address Assignment
- Configuring Static Address Assignment
- Configuring DHCP Client-Specific Attributes
- DHCP Attributes for Address-Assignment Pools
- Tracing Address-Assignment Pool Processes
- Configuring the Address-Assignment Pool Trace Log Filename
- Configuring the Number and Size of Address-Assignment Pool
Processes Log Files
- Configuring Access to the Log File
- Configuring a Regular Expression for Lines to Be Logged
- Configuring the Trace Operation
- Example: Configuring an Address-Assignment Pool
- Summary of Access Configuration Statements
- accounting (Access Profile)
- accounting-order
- accounting-port
- accounting-server
- accounting-session-id-format
- accounting-stop-on-access-deny
- accounting-stop-on-failure
- address
- address-assignment (Address-Assignment Pools)
- address-pool
- address-range
- allowed-proxy-pair
- attributes
- authentication-order
- authentication-server
- boot-file
- boot-server
- cell-overhead
- chap-secret
- circuit-id (Address-Assignment Pools)
- circuit-type (DHCP Local Server)
- client
- client-authentication-algorithm
- dhcp-attributes (Address-Assignment Pools)
- domain-name (Address-Assignment Pools)
- drop-timeout
- encapsulation-overhead
- ethernet-port-type-virtual
- exclude
- fragmentation-threshold
- framed-ip-address
- framed-pool
- grace-period
- group-profile (Associating with Client)
- group-profile (Group Profile)
- hardware-address
- host (Address-Assignment Pools)
- idle-timeout
- ignore
- ike
- ike-policy
- immediate-update
- initiate-dead-peer-detection
- interface-description-format
- interface-id
- ip-address
- keepalive
- l2tp (Group Profile)
- l2tp (Profile)
- lcp-renegotiation
- local-chap
- maximum-lease-time
- maximum-sessions-per-tunnel
- multilink
- name-server
- nas-identifier
- nas-port-extended-format
- netbios-node-type
- network
- option
- option-82 (Address-Assignment Pools)
- option-match
- options
- order
- pap-password
- pool (Address-Assignment Pools)
- port
- ppp (Group Profile)
- ppp (Profile)
- ppp-authentication
- ppp-profile
- pre-shared-key
- primary-dns
- primary-wins
- profile
- radius (Access Profile)
- radius-disconnect
- radius-disconnect-port
- radius-server
- range (Address-Assignment Pools)
- remote-id
- retry
- revert-interval
- router (Address-Assignment Pools)
- routing-instance
- secondary-dns
- secondary-wins
- secret
- shared-secret
- source-address
- statistics
- tftp-server
- timeout (RADIUS)
- update-interval
- user-group-profile
- vlan-nas-port-stacked-format
- wins-server
- Security Services
- Security Services Overview
- IPsec Overview
- Security Associations Overview
- IKE Key Management Protocol Overview
- IPsec Requirements for Junos-FIPS
- Security Services Configuration Guidelines
- Security Services Configuration Statements
- Configuring IPsec for an ES PIC
- IPsec Configuration for an ES PIC Overview
- Configuring Minimum Manual Security Associations for IPsec
on an ES PIC
- Configuring Minimum IKE Requirements for IPsec on an ES PIC
- Configuring Minimum Digital Certificate Requirements for IKE
on an ES PIC
- Configuring Security Associations for IPsec on an ES PIC
- Configuring the Description for an SA
- Configuring IPsec Transport Mode
- Configuring IPsec Tunnel Mode
- Configuring Manual IPsec Security Associations for an ES PIC
- Configuring the Processing Direction
- Configuring the Protocol for a Manual SA
- Configuring the Security Parameter Index
- Configuring the Auxiliary Security Parameter Index
- Configuring the Authentication Algorithm and Key
- Configuring the Encryption Algorithm and Key
- Configuring Dynamic IPsec Security Associations
- Enabling Dynamic IPsec Security Associations
- Configuring an IKE Proposal for Dynamic SAs
- Configuring the Authentication Algorithm for an IKE Proposal
- Configuring the Authentication Method for an IKE Proposal
- Configuring the Description for an IKE Proposal
- Configuring the Diffie-Hellman Group for an IKE Proposal
- Configuring the Encryption Algorithm for an IKE Proposal
- Configuring the Lifetime for an IKE SA
- Example: Configuring an IKE Proposal
- Configuring an IKE Policy for Preshared Keys
- Configuring the Description for an IKE Policy
- Configuring the Mode for an IKE Policy
- Configuring the Preshared Key for an IKE Policy
- Associating Proposals with an IKE Policy
- Example: Configuring an IKE Policy
- Configuring an IPsec Proposal for an ES PIC
- Configuring the Authentication Algorithm for an IPsec Proposal
- Configuring the Description for an IPsec Proposal
- Configuring the Encryption Algorithm for an IPsec Proposal
- Configuring the Lifetime for an IPsec SA
- Configuring the Protocol for a Dynamic IPsec SA
- Configuring the IPsec Policy for an ES PIC
- Configuring Perfect Forward Secrecy
- Example: Configuring an IPsec Policy
- Using Digital Certificates for ES and AS PICs
- Digital Certificates Overview
- Configuration Statements for Configuring Digital Certificates
for an ES PIC
- Obtaining a Certificate from a Certificate Authority for an
ES PIC
- Requesting a CA Digital Certificate for an ES PIC on an M Series
or T Series Router
- Example: Requesting a CA Digital Certificate
- Generating a Private and Public Key Pair for Digital Certificates
for an ES PIC
- Configuring Digital Certificates for an ES PIC
- Configuring the Certificate Authority Properties for an ES
PIC
- Specifying the Certificate Authority Name
- Configuring the Certificate Revocation List
- Configuring the Type of Encoding Your CA Supports
- Specifying an Enrollment URL
- Specifying a File to Read the Digital Certificate
- Specifying an LDAP URL
- Configuring the Cache Size
- Configuring the Negative Cache
- Configuring the Number of Enrollment Retries
- Configuring the Maximum Number of Peer Certificates
- Configuring the Path Length for the Certificate Hierarchy
- Configuring an IKE Policy for Digital Certificates for an ES
PIC
- Configuring the Type of Encoding Your CA Supports
- Configuring the Identity to Define the Remote Certificate Name
- Specifying the Certificate Filename
- Specifying the Private and Public Key File
- Obtaining a Signed Certificate from the CA for an ES PIC
- Associating the Configured Security Association with a Logical
Interface
- Configuring Digital Certificates for Adaptive Services Interfaces
- Configuring the Certificate Authority Properties
- Specifying the CA Profile Name
- Specifying an Enrollment URL
- Specifying the Enrollment Properties
- Configuring the Certificate Revocation List
- Specifying an LDAP URL
- Configuring the Interval Between CRL Updates
- Overriding Certificate Verification if CRL Download Fails
- Managing Digital Certificates
- Requesting a CA Digital Certificate for AS and MultiServices
PICs installed on M Series and T Series Routers
- Generating a Public/Private Key Pair
- Generating and Enrolling a Local Digital Certificate
- Configuring the Auto-Reenrollment Properties for Automatic
Renewal of the Router Certificate from the CA
- Specify the Certificate ID
- Specify the CA Profile
- Specify the Challenge Password
- Specify the Reenroll Trigger Time
- Specify the Regenerate Key Pair
- Specify the Validity Period
- Configuring IPsec Tunnel Traffic
- IPsec Tunnel Traffic Configuration Overview
- Example: Configuring an Outbound Traffic Filter
- Example: Applying an Outbound Traffic Filter
- Example: Configuring an Inbound Traffic Filter for a Policy
Check
- Example: Applying an Inbound Traffic Filter to an ES PIC for
a Policy Check
- ES Tunnel Interface Configuration for a Layer 3 VPN
- Configuring Tracing Operations for Security Services
- Configuring Tracing Operations for IPsec Events for Adaptive
Services PICs
- Configuring the Authentication Key Update Mechanism for BGP
and LDP Routing Protocols
- Configuring Authentication Key Updates
- Configuring BGP and LDP for Authentication Key Updates
- Configuring SSH Host Keys for Secure Copying of Data
- Configuring SSH Known Hosts
- Configuring Support for SCP File Transfer
- Updating SSH Host Key Information
- Retrieving Host Key Information Manually
- Importing Host Key Information from a File
- Importing SSL Certificates for Junos XML Protocol Support
- Configuring Internal IPsec for Junos-FIPS
- Configuring the SA Direction
- Configuring the IPsec SPI
- Configuring the IPsec Key
- Example: Configuring Internal IPsec
- Summary of Security Services Configuration Statements
- algorithm
- authentication
- authentication-algorithm (IKE)
- authentication-algorithm (IPsec)
- authentication-key-chains
- authentication-method
- auto-re-enrollment
- auxiliary-spi
- ca-identity
- ca-name
- ca-profile
- cache-size
- cache-timeout-negative
- certificate-id
- certificates
- certification-authority
- challenge-password
- crl (Encryption Interface)
- crl (Adaptive Services Interface)
- description
- dh-group
- direction (Junos OS)
- direction (Junos-FIPS Software)
- dynamic
- encoding
- encryption (Junos OS)
- encryption (Junos-FIPS Software)
- encryption-algorithm
- enrollment
- enrollment-retry
- enrollment-url
- file
- identity
- ike
- internal
- ipsec
- key
- ldap-url
- lifetime-seconds
- local
- local-certificate
- local-key-pair
- manual (Junos OS)
- manual (Junos-FIPS Software)
- maximum-certificates
- mode (IKE)
- mode (IPsec)
- path-length
- perfect-forward-secrecy
- pki
- policy (IKE)
- policy (IPsec)
- pre-shared-key
- proposal (IKE)
- proposal (IPsec)
- proposals
- protocol (Junos OS)
- protocol (Junos-FIPS Software)
- re-enroll-trigger-time
- re-generate-keypair
- refresh-interval
- retry
- retry-interval
- revocation-check
- security-association (Junos OS)
- security-association (Junos-FIPS Software)
- spi (Junos OS)
- spi (Junos-FIPS Software)
- ssh-known-hosts
- traceoptions
- url
- validity-period
- Router Chassis
- Router Chassis Configuration Guidelines
- Router Chassis Configuration Statements
- Configuring the Junos OS to Make a Flexible PIC Concentrator
Stay Offline
- Configuring the Junos OS to Make an SFM Stay Offline
- Configuring the Junos OS to Resynchronize FPC Sequence Numbers
with Active FPCs when an FPC Comes Online
- Configuring the Junos OS for Supporting Aggregated Devices
- Configuring Virtual Links for Aggregated Devices
- Configuring LACP Link Protection at the Chassis Level
- Enabling LACP Link Protection
- Configuring System Priority
- Configuring the Junos OS to Use ATM Cell-Relay Accumulation
Mode on an ATM1 PIC
- Configuring Port-Mirroring Instances
- Port-Mirroring Instances Overview
- Configuring Port-Mirroring Instances on MX Series Ethernet
Services Routers
- Configuring Port-Mirroring Instances at the DPC Level
- Configuring Port-Mirroring Instances at the PIC Level
- Configuring Port-Mirroring Instances on M320 Routers
- Configuring Port-Mirroring Instances on M120 Routers
- Configuring PIC-Level Symmetrical Hashing for Load Balancing
on 802.3ad LAGs for MX Series Routers
- Examples: Configuring PIC-Level Symmetrical Hashing for Load
Balancing on 802.3ad LAGs on MX Series Routers
- Configuring Symmetrical Hashing for family multiservice on
Both Routers
- Configuring Symmetrical Hashing for family inet on Both Routers
- Configuring Symmetrical Hashing for family inet and family
multiservice on the Two Routers
- Configuring ECMP Next Hops for RSVP and LDP LSPs for Load Balancing
- 16-Port 10-Gigabit Ethernet MPC on MX Series Routers (16x10GE
3D MPC) Overview
- Configuring the Number of Active Ports on a 16-Port 10-Gigabit
Ethernet MPC on MX Series Routers
- Configuring Tunnel Interfaces on an MX Series Router with a
16x10GE 3D MPC
- Configuring the Power-On Sequence for DPCs on MX Series Routers
with the Enhanced AC PEM
- Configuring the Junos OS to Determine the Conditions That Trigger
Alarms
- Configuring the Junos OS to Determine Conditions That Trigger
Alarms on Different Interface Types
- System-Wide Alarms and Alarms for Each Interface Type
- Chassis Conditions That Trigger Alarms
- Chassis Component Alarm Conditions on M5 and M10 Routers
- Chassis Component Alarm Conditions on M7i and M10i Routers
- Chassis Component Alarm Conditions on M20 Routers
- Chassis Component Alarm Conditions on M40 Routers
- Chassis Component Alarm Conditions on M40e and M160 Routers
- Chassis Component Alarm Conditions on M120 Routers
- Chassis Component Alarm Conditions on M320 Routers
- Chassis Component Alarm Conditions on MX Series Ethernet Services
Routers
- Chassis Component Alarm Conditions on TX Matrix and TX Matrix
Plus Routers
- Backup Routing Engine Alarms
- Silencing External Devices Connected to the Alarm Relay Contacts
- Configuring the Junos OS to Disable the Physical Operation
of the Craft Interface
- Configuring the Junos OS to Enable Service Packages on Adaptive
Services Interfaces
- Configuring the Junos OS to Support Layer 2 Services on MX
Series Ethernet Services Routers with MS-DPCs
- Configuring the Junos OS to Enable Session Offloading on MX
Series Ethernet Services Routers with MS-DPCs
- Configuring the Junos OS to Enable SONET/SDH Framing for SONET/SDH
PICs
- Configuring the Junos OS to Support an External Clock Synchronization
Interface for M Series and T Series Routers
- Configuring the Junos OS to Support the Sparse DLCI Mode on
Channelized STM1 or Channelized DS3 PICs
- Configuring the Junos OS to Enable a SONET PIC to Operate in
Channelized (Multiplexed) Mode
- Configuring Channelized DS3-to-DS0 Naming
- Configuring the Junos OS to Support Channelized DS3-to-DS0
Naming for Channel Groups and Time Slots
- Ranges for Channelized DS3-to-DS0 Configuration
- Configuring the Junos OS to Support Eight Queues on IQ Interfaces
for T Series and M320 Routers
- Configuring Channel Groups and Time Slots for a Channelized
E1 Interface
- Configuring the Junos OS to Support Channel Groups and Time
Slots for Channelized E1 PICs
- Ranges for Channelized E1 Interfaces Configuration
- Configuring the Junos OS to Support Channelized STM1 Interface
Virtual Tributary Mapping
- Configuring the Junos OS to Enable ATM2 Intelligent Queuing
Layer 2 Circuit Transport Mode
- Configuring the Junos OS to Support ILMI for Cell Relay Encapsulation
on an ATM2 IQ PIC
- Configuring the Junos OS to Support Tunnel Interfaces on MX
Series Ethernet Services Routers
- Example: Configuring Tunnel Interfaces on a Gigabit Ethernet
40-Port DPC
- Example: Configuring Tunnel Interfaces on a 10-Gigabit Ethernet
4-Port DPC
- Configuring the Junos OS to Enable an M160 Router to Operate
in Packet Scheduling Mode
- Configuring the Junos OS to Allocate More Memory for Routing
Tables
- Configuring the Link Services PIC for Multilink Protocol Support
- Configuring the Junos OS to Support the Link Services PIC
- Multiclass Extension for Multiple Classes of Service Using
MLPPP (RFC 2686)
- Configuring the Junos OS to Enable Idle Cell Format and Payload
Patterns for ATM Devices
- Configuring the Junos OS to Enable MTU Path Check for a Routing
Instance on M Series Routers
- Enabling MTU Check for a Routing Instance
- Assigning an IP Address to an Interface in the Routing Instance
- Configuring the Junos OS to Support Redundancy on Routers Having
Multiple Routing Engines or Switching Boards
- Configuring the Junos OS to Support FPC to FEB Connectivity
on M120 Routers
- Configuring the Junos OS to Enable a Routing Engine to Reboot
on Hard Disk Errors
- Configuring the Junos OS to Prevent the Resetting of the Factory
Default or Rescue Configuration During Current Configuration Failure
on J Series Routers
- Configuring Larger Delay Buffers to Prevent Congestion And
Packet Dropping
- Configuring the Junos OS to Enable Larger Delay Buffers for
T1, E1, and DS0 Interfaces Configured on Channelized IQ PICs
- Maximum Delay Buffer with q-pic-large-buffer Statement Enabled
- Configuring the Junos OS to Support Entry-Level Configuration
on an M320 Router with a Minimum Number of SIBs and PIMs
- Configuring the uPIM to Run in Switching or Routing Mode on
J Series Routers
- Configuring the Junos OS to Support the uPIM Mode on J Series
Routers
- Configuring the Junos OS to Set a PIM Offline on J Series Routers
- Configuring the Junos OS to Disable Power Management on the
J Series Chassis
- Configuring the IP and Ethernet Services Mode in MX Series
Routers
- Configuring the Junos OS to Run in the IP and Ethernet Services
Mode in MX Series Routers
- Restrictions on Junos Features for MX Series Routers
- Configuring J Series Services Router Switching Interfaces
- Example: Configuring J Series Services Router Switching Interfaces
- TX Matrix Router and T640 Router Configuration Guidelines
- TX Matrix Router and T640 Router Configuration Overview
- TX Matrix Router and T640 Router-Based Routing Matrix Overview
- Running Different Junos OS Releases on the TX Matrix Router
and T640 Routers
- TX Matrix Router Software Upgrades and Reinstallation
- TX Matrix Router Rebooting Process
- Committing Configurations on the TX Matrix Router
- TX Matrix and T640 Router Configuration Groups
- Routing Matrix System Log Messages
- Using the Junos OS to Configure a T640 Router Within a Routing
Matrix
- TX Matrix Router Chassis and Interface Names
- Configuring the Junos OS to Upgrade and Downgrade Switch Interface
Boards on a TX Matrix Router
- Configuring the Junos OS to Upgrade Switch Interface Boards
on a TX Matrix Router
- Configuring the Junos OS to Downgrade Switch Interface Boards
on a TX Matrix Router
- Configuring the Junos OS to Enable the TX Matrix Router to
Generate an Alarm If a T640 Router Stays Offline
- TX Matrix Plus Router and T1600 Router Configuration Guidelines
- TX Matrix Plus Router and T1600 Router Configuration Overview
- TX Matrix Plus Router and T1600 Router-Based Routing Matrix
Overview
- Running Different Junos OS Releases on the TX Matrix Plus Router
and T1600 Routers
- TX Matrix Plus Router Software Upgrades and Reinstallation
- TX Matrix Plus Router Rebooting Process
- TX Matrix Plus Router Routing Engine Rebooting Sequence
- TX Matrix Plus Router Management Ethernet Interfaces
- TX Matrix Plus Router Internal Ethernet Interfaces
- Routing Matrix-Based T1600 Router Internal Ethernet Interfaces
- Committing Configurations on the TX Matrix Plus Router
- Routing Matrix Configuration Groups
- Routing Matrix System Log Messages
- Using the Junos OS to Configure a T1600 Router Within a Routing
Matrix
- TX Matrix Plus Router Chassis and Interface Names
- Configuring the Junos OS to Enable the TX Matrix Plus Router
to Generate an Alarm If a T1600 Router Stays Offline
- Configuring the Junos OS to Upgrade the T1600 Router Chassis
to LCC0 of a TX Matrix Plus Routing Platform
- Preparing the Configuration File and Upgrading the Junos OS
on the T1600 Router and SFC
- Configuring the Junos OS for Upgrading SIBs on the T1600 Router
and Connecting It to the SFC
- Upgrading CBs and Routing Engines of the T1600 Router for Control
Plane Connectivity
- Changing the Management Ethernet Interface Name for the T1600
Router
- Transferring Control of the T1600 Router (LCC0) to the SFC
- Adding a New T1600 Router to the TX Matrix Plus Routing Platform
- Downgrading a T1600 Router from the LCC of a TX Matrix Routing
Platform to a Standalone T1600 Router
- Associating Sampling Instances for Active Flow Monitoring with
a Specific Packet Forwarding Engine
- Summary of Router Chassis Configuration Statements
- adaptive-services
- aggregate-ports
- aggregated-devices
- alarm
- atm-cell-relay-accumulation
- atm-l2circuit-mode
- bandwidth
- ce1
- channel-group
- chassis
- config-button
- craft-lockout
- ct3
- device-count
- disk-failure-action
- e1
- ethernet (Chassis)
- family
- fabric upgrade-mode
- fpc (M320, T320, T640 Routers)
- fpc (MX Series Ethernet Services Routers)
- fpc (TX Matrix and TX Matrix Plus Routers)
- fpc-feb-connectivity
- fpc-resync
- framing
- fru-poweron-sequence
- hash-key
- idle-cell-format
- inet
- lacp
- lcc
- linerate-mode
- link-protection
- maximum-ecmp
- max-queues-per-interface
- mlfr-uni-nni-bundles
- multiservice
- network-services
- no-concatenate
- non-revertive
- number-of-ports
- offline
- on-disk-failure
- online-expected
- packet-scheduling
- payload
- pem
- pic (M Series and T Series Routers)
- pic (TX Matrix and TX Matrix Plus Routers)
- port
- power
- q-pic-large-buffer
- red-buffer-occupancy
- route-memory-enhanced
- routing-engine
- sfm
- sampling-instance
- service-package
- session-offload
- sib
- sonet
- sparse-dlcis
- symmetric-hash
- synchronization
- system-priority
- t1
- traffic-manager
- tunnel-services
- vrf-mtu-check
- vtmapping
- Index
- Index
- Index of Statements and Commands
Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
