Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
System Configuration Statement Hierarchy
To configure system properties, use the configuration statements in the system configuration hierarchy. Statement descriptions that are exclusive to the J Series and SRX Series devices running Junos OS are described in this chapter. The statements that are not described in this chapter are common to a variety of devices running Junos OS and are described in the Junos System Basics Configuration Guide and the Junos Network Interfaces Configuration Guide.
system {accounting {destination {radius {server { server-address {accounting-port port-number
;retry
number ;secret
password
;source-address address
;timeout
seconds ;}}}tacplus {server
server-address
{port
port-number ;secret
password ;single-connection;timeout
seconds ;}}}events [login change-log
interactive-commands];traceoptions {file
filename <files number > <size maximum-file-size ><world-readable | no-world-readable>;flag
flag ;}}archival {configuration {archive-sites {ftp://< username >:< password >@< host >:<
port >/< url-path >; scp: // < username >:<
password >@<
host >:<
port >/<
url-path >;
}transfer-interval interval
;transfer-on-commit;}}arp {aging-timer minutes;passive-learning;}authentication-order [ authentication-methods ];autoinstallation {configuration-servers url {password password ;}interfaces interface-name {bootp;rarp;slarp;}}backup-router address <destination destination-address>; building name;commit synchronize;(compress-configuration-files
| no-compression-configuration-files);default-address-selection;diag-port-authentication
(encrypted-password "password" | plain-text-password);domain-name domain-name ;domain-search [ domain-list ];dump-device {boot-device;compact-flash;removable-compact-flash;usb;}encrypt-configuration-files;host-name hostname;inet6-backup-router address <destination destination-address
>;internet-options address <destination destination-address
>;internet-options {(gre-path-mtu-discovery
| no-gre-path-mtu-discovery);icmpv4-rate-limit {bucket-size seconds ;packet-rate packet-rate ;}icmpv6-rate-limit {bucket-size seconds ;packet-rate packet-rate ;}(ipip-path-mtu-discovery
| no-ipip-path-mtu-discovery);no-tcp-rfc1323;no-tcp-rfc1323-paws;(path-mtu-discovery | no-path-mtu-discovery);source-quench;source-port upper-limit
< upper-limit
>;(source-quench | no-source-quench);tcp-drop-synfin-set;}location {altitude feet ;building name ;country-code code ;floor
number ;hcoord
horizontal-coordinate ;lata
service-area ;latitude degrees ;longitude degrees ;npa-nxx
number ;postal-code postal-code ; rack number ; vcoord
vertical-coordinate ;}login {announcement text ;class
class-name {allow-commands " regular-expression
";allow-configuration " regular-expression
";deny-commands " regular-expression
";deny-configuration " regular-expression
";idle-timeout minutes ;login-alarms;login-tip;permissions [ permissions ];}message
text ;password {change-type (set-transitions
| character-set);format (md5 | sha1 | des);maximum-length length; minimum-changes number;minimum-length length;}user
username
{ authentication {(encrypted-password “password”" | plain-text-password);ssh-dsa " public-key ";ssh-rsa " public-key ";}class
class-name ;full-name complete-name ;uid
uid-value ;}retry-options {backoff-threshold number ;backoff-factor seconds ;minimum-time seconds ;tries-before-disconnect number ;}}max-configurations-on-flash number ;mirror-flash-on-disk; name-server ip-address ;no-compress-configuration-files;no-multicast-echo;no-redirects;no-saved-core-context;ntp {authentication-key key-number type type
value password ;boot-server (NTP) address ;broadcast < address > <key key-number > <version value > <ttl value >;broadcast-client;multicast-client < address >;peer
address <key key-number > <version value > <prefer>;server
address <key key-number > <version value > <prefer>;source-address source-address ;trusted-key [ key-numbers ];}pic-console-authentication
{encrypted-password encrypted-password
;plain-text-password;}ports {auxiliary {disable;insecure;type
terminal-type ;}console {disable;insecure;log-out-on-disconnect;type
terminal-type ;}}processes { audit-process;bootp; chassis-control (enable
| disable) failover failover-option; class-of-service (enable
| disable) failover failover-option; craft-control (enable |
disable) failover failover-option; dfc-daemon; dhcp (enable | disable) failover failover-option; dialer-services;disk-monitoring (enable
| disable) failover failover-option;ecc-error-logging (enable
| disable) failover failover-option; event-processing (enable | disable) failover failover-option;firewall (enable | disable) failover failover-option;
firewall-authentication-service
(enable | disable); forwarding; general-authentication-service
{ (enable | disable);
traceoptions
{ file filename { files number; match regular-expression; size maximum-file-size; <world-readable
| no-world-readable>; } flag flag;
}}ilmi;inet-process (enable | disable)
failover failover-option; init;interface-control (enable
| disable) failover failover-option;isdn-signaling;kernel-replication (enable
| disable) failover failover-option; l2ald-service;l2tp-service (enable | disable) failover failover-option;
lacp;link-management (enable
| disable) failover failover-option; logical-system-mux;mib-process (enable | disable) failover failover-option;
named; network-security
(enable | disable); ntp (enable | disable) failover
failover-option;periodic-packet-services;pfe;pgm (enable | disable) failover failover-option;
pic-services-logging (enable
| disable) failover failover-option; ppp;pppoe (enable | disable) failover failover-option;
redundancy-device (enable
| disable) failover failover-option; remote-operations (enable
| disable) failover failover-option; routing (enable | disable)
failover failover-option;sampling (enable | disable) failover failover-option;
service-deployment (enable
| disable) failover failover-option; snmp (enable | disable) failover failover-option;
sonet-aps; usb-control (enable | disable) failover failover-option; vrrp;watchdog (enable | disable)
failover failover-option; wan-acceleration
{ (enable | disable);
traceoptions
{ file filename { files number; match regular-expression; size maximum-file-size; <world-readable
| no-world-readable>; } flag flag; }}web-management (enable |
disable) failover failover-option; }radius-options {attributes {nas-ip-address nas-ip-address ;}}radius-server server-address {accounting-port number ;port
number ;retry
number ;secret
password ;source-address source-address ;timeout
seconds ;}root-authentication {(encrypted-password " password " | plain-text-password);ssh-dsa " public-key ";ssh-rsa " public-key ";}(saved-core-context | no-saved-core-context);saved-core-files
number;scripts {commit {allow-transients;file
filename .xsl
{optional;refresh;refresh-from url ;source
url ;}refresh;refresh-from url ;traceoptions { file filename <files number > <size maximum-file-size > <world-readable | no-world-readable>; flag flag ; }}load-scripts-from-flash;op {file
filename .xsl
{arguments name { description cli-help-text
;}command
filename-alias ;description cli-help-text
;refresh;refresh-from url ;source
url ;}refresh;refresh-from url ;traceoptions {file
filename <files number
> <size maximum-file-size >;flag
flag ;}}}services {dhcp {boot-file filename ;boot-server ( address | hostname
);domain-name domain-name ;domain-search [ domain-list ];default-lease-time seconds;maximum-lease-time seconds;name-server { address ;}option { [ ( id-number option-type
option-value) | ( id-number
array option-type option-values
) ];}pool { subnet-address
( address/netmask ) { address-range {high
address; low
address; }exclude-address { address
;}} propagate-settings propagate-settings; } propagate-settings propagate-settings; router { address ;}static-binding MAC-address {fixed-address { address ;}host
hostname ; client-identifier (ascii
client-id | hexadecimal client-id)
;} server-identifier address ; wins-server { address;}}dns {dnssec {disable;dlv {domain-name domain-name {trusted-anchor trusted-anchor;}}secure-domains [domain-name];trusted-keys {key key;load-key-file {dns-keys;}}}forwarders ip-address;max-cache-ttl;max-ncache-ttl;traceoptions {category {category-type;}file;}}finger {<connection-limit limit >;<rate-limit limit >;}ftp {<connection-limit limit >;<rate-limit limit >;}netconf {ssh {<connection-limit number>
;<rate-limit number >;}}outbound-ssh {application-id application-id
{device-id device-id ;ip-address {port
port-number ;retry
number ;timeout
value ;}keep-alive number ;reconnect-strategy (in-order
| sticky);secret
secret ;services {netconf;}}traceoptions {file
filename {<files number> ;<match regular-expression
>;<size maximum-file-size
>;<world-readable | no-world-readable>;}flag
flag ;}}service-deployment { local-certificate certificate-name
;servers
server-address {port-number port-number ;} source-address source-address
;traceoptions {flag
flag ;}}ssh {<connection-limit limit >;protocol-version [v1 v2];<rate-limit limit >;root-login (allow | deny
| deny-password);}telnet {<connection-limit limit >;<rate-limit limit >;}web-management {http {interface [ interface-name
s];port
port ;}https {interface [ interface-names
];local-certificate name
; pki-local-certificate name;port
port ; system-generated-certificate;
} session { idle-timeout [
minutes ]; session-limit [
session-limit
]; }}xnm-clear-text {connection-limit limit ;rate-limit limit ;}xnm-ssl {connection-limit limit ;local-certificate name ;rate-limit limit ;}} static-host-mapping hostname { alias [ alias ]; inet [ address ]; inet6 [address]; sysid system-identifier ; }syslog {archive {archive-sites url;<files number >;<size maximum-file-size
>;<world-readable | no-world-readable>;}console { facility severity
;}file
filename { facility severity
;explicit-priority;match "
regular-expression ";archive {files
number ;size
maximum-file-size ; start-time; transfer-interval;<world-readable | no-world-readable>;}}host (
hostname | other-routing-engine
| scc-master) {any;authorization;change-log;conflict-log;daemon;dfc;external;firewall;ftp;interactive-commands;kernel;pfe;user;explicit-priority;facility-override facility
;log-prefix string ;match "
regular-expression ";}source-address source-address {archive;console;file;host;time-format;user;} time-format (year | millisecond | year millisecond);user (
username | *) {match < regular-expression
>;}}tacplus-options service-name service-name ;tacplus-server server-address {port port-number;secret
password ;single-connection;source-address source-address ;timeout
seconds ;}time-zone (GMT hour-offset | time-zone );}
