services (System Services)
構文
services { bbe-stats-service { } database-replication { traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } dhcp { boot-file boot-file; boot-server boot-server; default-lease-time(infinite | length); domain-name domain-name; domain-search name; maximum-lease-time(infinite | length); name-server name; next-server next-server; option name { array { (byte [ byte ... ] | flag(false | off | on | true) | integer [ integer ... ] | ip-address [ ip-address ... ] | short [ short ... ] | string string | unsigned-integer [ unsigned-integer ... ] | unsigned-short [ unsigned-short ... ]); } byte byte; byte-stream byte-stream; flag(false | off | on | true); integer integer; ip-address ip-address; short short; string string; unsigned-integer unsigned-integer; unsigned-short unsigned-short; } pool name { address-rangehigh highlow low; boot-file boot-file; boot-server boot-server; default-lease-time(infinite | length); domain-name domain-name; domain-search name; exclude-address name; maximum-lease-time(infinite | length); name-server name; next-server next-server; option name { array { (byte [ byte ... ] | flag(false | off | on | true) | integer [ integer ... ] | ip-address [ ip-address ... ] | short [ short ... ] | string string | unsigned-integer [ unsigned-integer ... ] | unsigned-short [ unsigned-short ... ]); } byte byte; byte-stream byte-stream; flag(false | off | on | true); integer integer; ip-address ip-address; short short; string string; unsigned-integer unsigned-integer; unsigned-short unsigned-short; } router name; server-identifier server-identifier; sip-server { address name; name name; } wins-server name; } router name; server-identifier server-identifier; sip-server { address name; name name; } static-binding name { boot-file boot-file; boot-server boot-server; client-identifier(ascii ascii | hexadecimal hexadecimal); domain-name domain-name; domain-search name; fixed-address name; host-name host-name; name-server name; next-server next-server; option name { array { (byte [ byte ... ] | flag(false | off | on | true) | integer [ integer ... ] | ip-address [ ip-address ... ] | short [ short ... ] | string string | unsigned-integer [ unsigned-integer ... ] | unsigned-short [ unsigned-short ... ]); } byte byte; byte-stream byte-stream; flag(false | off | on | true); integer integer; ip-address ip-address; short short; string string; unsigned-integer unsigned-integer; unsigned-short unsigned-short; } router name; server-identifier server-identifier; sip-server { address name; name name; } wins-server name; } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; level(all | error | info | notice | verbose | warning); no-remote-trace; } wins-server name; } dhcp-local-server { (requested-ip-interface-match | requested-ip-network-match requested-ip-network-match); access-profile access-profile; active-leasequery { idle-timeout seconds; peer-address name; timeout seconds; topology-discover; } allow-active-leasequery { idle-timeout seconds; timeout seconds; } allow-bulk-leasequery { max-connections max-connections; max-empty-replies seconds; restricted-requestor; timeout seconds; } allow-leasequery { restricted-requestor; } authentication { password password; username-include { circuit-type; client-id<exclude-headers><use-automatic-ascii-hex-encoding>; delimiter delimiter; domain-name domain-name; interface-description(device | logical); interface-name; logical-system-name; mac-address; option-60; option-82<circuit-id><remote-id>; routing-instance-name; user-prefix user-prefix; vlan-tags; } } dhcpv6 { (requested-ip-interface-match | requested-ip-network-match requested-ip-network-match); access-profile access-profile; active-leasequery { idle-timeout seconds; peer-address name; timeout seconds; topology-discover; } allow-active-leasequery { idle-timeout seconds; timeout seconds; } allow-bulk-leasequery { max-connections max-connections; max-empty-replies seconds; restricted-requestor; timeout seconds; } allow-leasequery { restricted-requestor; } authentication { password password; username-include { circuit-type; client-id<exclude-headers><use-automatic-ascii-hex-encoding>; delimiter delimiter; domain-name domain-name; interface-description(device | logical); interface-name; logical-system-name; mac-address; relay-agent-interface-id; relay-agent-remote-id { ( ); } relay-agent-subscriber-id; routing-instance-name; user-prefix user-prefix; vlan-tags; } } duplicate-clientsincoming-interface; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); dynamic-server { group name { interface name { overrides { delegated-pool delegated-pool; ia-na-pool ia-na-pool; interface-client-limit interface-client-limit; process-inform { pool pool; } rapid-commit; } } neighbor-discovery-router-advertisement neighbor-discovery-router-advertisement; overrides { delegated-pool delegated-pool; ia-na-pool ia-na-pool; interface-client-limit interface-client-limit; process-inform { pool pool; } rapid-commit; } } overrides { delegated-pool delegated-pool; ia-na-pool ia-na-pool; interface-client-limit interface-client-limit; process-inform { pool pool; } rapid-commit; } } forward-snooped-clients(all-interfaces | configured-interfaces | non-configured-interfaces); group name { access-profile access-profile; authentication { password password; username-include { circuit-type; client-id<exclude-headers><use-automatic-ascii-hex-encoding>; delimiter delimiter; domain-name domain-name; interface-description(device | logical); interface-name; logical-system-name; mac-address; relay-agent-interface-id; relay-agent-remote-id { ( ); } relay-agent-subscriber-id; routing-instance-name; user-prefix user-prefix; vlan-tags; } } dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); interface name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); exclude; overrides { always-add-option-dns-server; always-process-option-request-option; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-negotiation-matchincoming-interface; delay-advertise { based-on { option-15 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-16 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-18 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-37 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; trace; upto upto; } interface-tag name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); overrides { always-add-option-dns-server; always-process-option-request-option; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-negotiation-matchincoming-interface; delay-advertise { based-on { option-15 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-16 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-18 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-37 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } overrides { always-add-option-dns-server; always-process-option-request-option; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-negotiation-matchincoming-interface; delay-advertise { based-on { option-15 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-16 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-18 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-37 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } reauthenticate<lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; strict; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression<access><access-internal>; service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } no-snoop; overrides { always-add-option-dns-server; always-process-option-request-option; asymmetric-lease-time seconds; asymmetric-prefix-lease-time seconds; client-negotiation-matchincoming-interface; delay-advertise { based-on { option-15 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-16 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-18 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-37 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } persistent-storageautomatic; reauthenticate<lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; strict; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression<access><access-internal>; server-duid-type { duid_ll; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } dual-stack-group name { access-profile access-profile; authentication { password password; username-include { circuit-type; client-id<exclude-headers><use-automatic-ascii-hex-encoding>; delimiter delimiter; domain-name domain-name; interface-description(device | logical); interface-name; logical-system-name; mac-address; relay-agent-interface-id; relay-agent-remote-id; routing-instance-name; user-prefix user-prefix; vlan-tags; } } classification-key { circuit-id; mac-address; remote-id; } dual-stack-interface-client-limit dual-stack-interface-client-limit; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } on-demand-address-allocation; protocol-master(inet | inet6); reauthenticate<lease-renewal><remote-id-mismatch>; service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } duplicate-clients-in-subnet(incoming-interface | option-82); dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); forward-snooped-clients(all-interfaces | configured-interfaces | non-configured-interfaces); group name { access-profile access-profile; authentication { password password; username-include { circuit-type; client-id<exclude-headers><use-automatic-ascii-hex-encoding>; delimiter delimiter; domain-name domain-name; interface-description(device | logical); interface-name; logical-system-name; mac-address; option-60; option-82<circuit-id><remote-id>; routing-instance-name; user-prefix user-prefix; vlan-tags; } } dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); interface name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); exclude; overrides { allow-no-end-option; asymmetric-lease-time seconds; bootp-support; client-discover-match(incoming-interface | option60-and-option82); delay-offer { based-on { option-60 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-77 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-82 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; trace; upto upto; } interface-tag name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); overrides { allow-no-end-option; asymmetric-lease-time seconds; bootp-support; client-discover-match(incoming-interface | option60-and-option82); delay-offer { based-on { option-60 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-77 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-82 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } overrides { allow-no-end-option; asymmetric-lease-time seconds; bootp-support; client-discover-match(incoming-interface | option60-and-option82); delay-offer { based-on { option-60 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-77 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-82 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } reauthenticate<actual-data-rate-change<actual-data-rate-downstream<threshold threshold>><actual-data-rate-upstream<threshold threshold>>><lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression { (access-internal | destination); } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } no-snoop; overrides { allow-no-end-option; asymmetric-lease-time seconds; bootp-support; client-discover-match(incoming-interface | option60-and-option82); delay-offer { based-on { option-60 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-77 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-82 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } persistent-storageautomatic; pool-match-order name; reauthenticate<actual-data-rate-change<actual-data-rate-downstream<threshold threshold>><actual-data-rate-upstream<threshold threshold>>><lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression { (access-internal | destination); } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } dns { dnssec { disable; dlv domain { trusted-anchor; } secure-domains name; trusted-keys { key name; } } forwarders name; max-cache-ttl seconds; max-ncache-ttl seconds; traceoptions { category name; debug-level debug-level; file< filename><files files><size size><(world-readable | no-world-readable)>; no-remote-trace; } } dtcp-only; extension-service { notification { allow-clients { address [ address ... ]; } broker-socket-send-buffer-size broker-socket-send-buffer-size; max-connections max-connections; port port; } remote-telemetry-service { host host; password password; port port; user user; } request-response { grpc { ssl { address address; hot-reloading; local-certificate [ local-certificate ... ]; mutual-authentication { certificate-authority certificate-authority; client-certificate-request(no-certificate | request-certificate | request-certificate-and-verify | require-certificate | require-certificate-and-verify); } port port; use-pki; } max-connections max-connections; routing-instance routing-instance; } } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; levelerror; no-remote-trace; } } finger { connection-limit connections; rate-limit connections per minute; } flow-tap-dtcp { ssh { connection-limit connections; rate-limit connections per minute; } } ftp { authentication-order(one-time-password | otp-md4 | password | radius | tacplus); connection-limit connections; rate-limit connections per minute; } grpc-tunnel { servers { retry-interval seconds; server name { address address; credentials { tls { ca-profiles [ ca-profiles ... ]; certificate-id certificate-id; } } port port; routing-instance routing-instance; source-address source-address; targets(gnmi-gnoi | netconf-ssh | ssh); } } target-string-option { custom-string custom-string; delimiter delimiter; pattern(custom | hostname | model | vendor | version); } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; level(all | error | info | notice | verbose | warning); no-remote-trace; } } jeb { max-seed-size max-seed-size; port port; rbg(default-rng | hmac-drbg | jrbc); tls { cert-bundle cert-bundle; certificate certificate; key key; } } netconf { flatten-commit-results; hello-message { yang-module-capabilities { advertise-custom-yang-modules; advertise-native-yang-modules; advertise-standard-yang-modules; } } netconf-monitoring { netconf-state-schemas { retrieve-custom-yang-modules; retrieve-standard-yang-modules; } } notification { interleave; } rfc-compliant; ssh { client-alive-count-max client-alive-count-max; client-alive-interval seconds; connection-limit connections; port port; rate-limit connections per minute; } tls { client-identity name { fingerprint fingerprint; map-type(san-dirname-cn | specified); username username; } default-client-identity { map-type(san-dirname-cn | specified); username username; } local-certificate local-certificate; traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; level(all | error | info | notice | verbose | warning); no-remote-trace; } } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; on-demand; } unified { unhide; } yang-compliant; yang-modules { device-specific; emit-anyxml-in-rpc-output; emit-extensions; emit-family-ns-and-module-name; } } netproxy; outbound-https { client name { device-id device-id; reconnect-strategy(in-order | sticky); secret secret; servers name { port port; trusted-cert trusted-cert; } waittime waittime; } } resource-monitor { free-fw-memory-watermark percentage; free-heap-memory-watermark percentage; free-nh-memory-watermark percentage; high-cos-queue-threshold percentage; high-threshold percentage; no-load-throttle; no-logging; no-throttle; no-usage-update; resource-categoryjtree { resource-type(contiguous-pages | free-dwords | free-pages) { high-watermark high-watermark; low-watermark low-watermark; } } subscribers-limit { client-type(any | dhcp | l2tp | pppoe) { chassis { limit limit; } fpc name { limit limit; pic name { limit limit; port name { limit limit; } } } } } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } rest { control { allowed-sources [ allowed-sources ... ]; connection-limit connection-limit; } enable-explorer; http { addresses [ addresses ... ]; port port; } https { addresses [ addresses ... ]; ca-chain ca-chain; cipher-list(dhe-rsa-with-3des-ede-cbc-sha | dhe-rsa-with-aes-128-cbc-sha | dhe-rsa-with-aes-128-cbc-sha256 | dhe-rsa-with-aes-128-gcm-sha256 | dhe-rsa-with-aes-256-cbc-sha | dhe-rsa-with-aes-256-cbc-sha256 | dhe-rsa-with-aes-256-gcm-sha384 | ecdhe-rsa-with-3des-ede-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha256 | ecdhe-rsa-with-aes-128-gcm-sha256 | ecdhe-rsa-with-aes-256-cbc-sha | ecdhe-rsa-with-aes-256-cbc-sha384 | ecdhe-rsa-with-aes-256-gcm-sha384 | ecdhe-rsa-with-rc4-128-sha | rsa-with-3des-ede-cbc-sha | rsa-with-aes-128-cbc-sha | rsa-with-aes-128-cbc-sha256 | rsa-with-aes-128-gcm-sha256 | rsa-with-aes-256-cbc-sha | rsa-with-aes-256-cbc-sha256 | rsa-with-aes-256-gcm-sha384 | rsa-with-rc4-128-md5 | rsa-with-rc4-128-sha | tls-aes-128-gcm-sha256 | tls-aes-256-gcm-sha384); mutual-authentication { certificate-authority certificate-authority; } port port; server-certificate server-certificate; } https-5g { addresses [ addresses ... ]; mutual-authentication { certificate-authority certificate-authority; } port port; server-certificate server-certificate; } routing-instance routing-instance; traceoptions { flag(all | juise | lighttpd); } } reverse { ssh { port port; } telnet { port port; } } ssh { access-disable-external; allow-tcp-forwarding; authentication-order(one-time-password | otp-md4 | password | radius | tacplus); authorized-keys-command authorized-keys-command; authorized-keys-command-user authorized-keys-command-user; authorized-principals [ authorized-principals ... ]; authorized-principals-command authorized-principals-command; authorized-principals-file authorized-principals-file; cert-based-auth { host-certificate host-certificate; trusted-user-ca-keys name; } ciphers(3des-cbc | aes128-cbc | aes128-ctr | aes128-gcm@openssh.com | aes192-cbc | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm@openssh.com | chacha20-poly1305@openssh.com); client-alive-count-max client-alive-count-max; client-alive-interval seconds; connection-limit connections; fingerprint-hash(md5 | sha2-256); host-certificate-file host-certificate-file; hostkey-algorithm-list { ecdsa-sha2-nistp256; ecdsa-sha2-nistp384; ecdsa-sha2-nistp521; ed25519; rsa; } key-exchange(curve25519-sha256 | dh-group14-sha1 | dh-group1-sha1 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | group-exchange-sha1 | group-exchange-sha2); log-key-changes; macs(hmac-md5 | hmac-md5-96 | hmac-md5-96-etm@openssh.com | hmac-md5-etm@openssh.com | hmac-sha1 | hmac-sha1-96 | hmac-sha1-96-etm@openssh.com | hmac-sha1-etm@openssh.com | hmac-sha2-256 | hmac-sha2-256-etm@openssh.com | hmac-sha2-512 | hmac-sha2-512-etm@openssh.com | umac-128@openssh.com | umac-128-etm@openssh.com | umac-64@openssh.com | umac-64-etm@openssh.com); max-pre-authentication-packets max-pre-authentication-packets; max-sessions-per-connection max-sessions-per-connection; no-challenge-response; no-password-authentication; no-passwords; no-public-keys; port port; protocol-versionv2; rate-limit connections per minute; rekey { data-limit bytes; time-limit minutes; } root-login(allow | deny | deny-password); sftp-server; trusted-user-ca-key-file trusted-user-ca-key-file; } static-subscribers { access-profile< access-profile-name>; authentication { password password; username-include { delimiter delimiter; domain-name domain-name; interface; logical-system-name; routing-instance-name; user-prefix user-prefix; vlan-tags; } } auto-login; baseline-stats; dynamic-profile { aggregate-clients(merge | replace); dynamic-profile-name; } group name { access-profile< access-profile-name>; authentication { password password; username-include { delimiter delimiter; domain-name domain-name; interface; logical-system-name; routing-instance-name; user-prefix user-prefix; vlan-tags; } } auto-login; dynamic-profile { aggregate-clients(merge | replace); dynamic-profile-name; } interface name { exclude; upto upto; } service-profile< service-profile-name>; } interface name { subscriber-ip-address address; subscriber-ipv6-address address; } service-profile< service-profile-name>; } subscriber-management { enable { } enforce-strict-scale-limit-license; gres-route-flush-delay; interfaces name { auto-configure { agent-circuit-identifier { dynamic-profile dynamic-profile; } line-identity { dynamic-profile dynamic-profile; includes { accept-no-ids; circuit-id; remote-id; } } remove-when-no-subscribers; stacked-vlan-ranges { access-profile access-profile-name; authentication { packet-types; password password; username-include { circuit-type; delimiter delimiter; domain-name domain-name; interface-name; mac-address; option-18; option-37; option-82<circuit-id><remote-id>; radius-realm radius-realm; user-prefix user-prefix; vlan-tags; } } dynamic-profile name { accept; access-profile ap-name; ranges name; } override { outer-tag name { dynamic-profile dynamic-profile; inner-tag inner-tag; } } } vlan-ranges { access-profile access-profile-name; authentication { packet-types; password password; username-include { circuit-type; delimiter delimiter; domain-name domain-name; interface-name; mac-address; option-18; option-37; option-82<circuit-id><remote-id>; radius-realm radius-realm; user-prefix user-prefix; vlan-tags; } } dynamic-profile name { (accept | accept-out-of-band); access-profile ap-name; ranges name; } override { tag name { dynamic-profile dynamic-profile; } } } } interface-tag interface-tag; unit name { pppoe-underlying-options { access-concentrator access-concentrator; direct-connect; duplicate-protection; dynamic-profile dynamic-profile; max-sessions max-sessions; max-sessions-vsa-ignore; service-name-table service-name-table; short-cycle-protection { filteraci; lockout-time-max seconds; lockout-time-min seconds; } } } } location location; maintain-subscriber { interface-delete; } mode { control-plane { control-plane-name control-plane-name; cp-id cp-id; instance name { user-plane user-plane; } load-balancing { group name { user-plane name { port name { max-weight max-weight; } preferred; } } } pfcp { enable-tracing; heartbeat-interval seconds; retransmission-timer seconds; retries retries; } security-profiles name { ca-cert-file-name ca-cert-file-name; cert-file-name cert-file-name; key-file-name key-file-name; } transport { inet inet; inet6 inet6; inet-tcp inet-tcp; port port; security-profile security-profile; } user-plane name { (inet inet | inet6 inet6); netconf { password password; port port; user-name user-name; } partition partition; service-set name { captive-portal-content-delivery-profile captive-portal-content-delivery-profile; interface-service { service-interface service-interface; } service-set-options { routing-engine-services; } } statistics-reporting-interval minutes; v6-delegated-partition v6-delegated-partition; v6-na-partition v6-na-partition; v6-ra-partition v6-ra-partition; } } user-plane { capabilities { function-features { exclude-lac; exclude-lcp-keepalive-offload; exclude-lns; } } control-plane { control-plane-name control-plane-name; transport { (inet inet | inet6 inet6); inet-tcp inet-tcp; port port; } } pfcp { enable-tracing; heartbeat-interval seconds; retransmission-timer seconds; retries retries; } security-profiles name { ca-cert-file-name ca-cert-file-name; cert-file-name cert-file-name; key-file-name key-file-name; } selection-function { cluster name; service-group name; } transport { (inet inet | inet6 inet6); security-profile security-profile; } user-plane-name user-plane-name; } } overrides { event { catastrophic-failure { reboot { routing-engine-specifiers; } } } force-show-arp-resolve; interfaces { family { inet { ipoe-dynamic-arp-enable; layer2-liveness-detection; receive-gratuitous-arp; } inet6 { layer2-liveness-detection; } } } no-unsolicited-ra; shmlog { disable; file filename<files files><size size>; filtering { enable; } log-name name { } log-type(debug | info | notice) { } } work-management { } } redundancy { group name { interface name { standby-mode(hot-standby | service-activation-on-failover); } } interface name { local-inet6-address local-inet6-address; local-inet-address local-inet-address; shared-key shared-key; virtual-inet6-address virtual-inet6-address; virtual-inet-address virtual-inet-address; } no-advertise-routes-on-backup; protocol { pseudo-wire; vrrp; } re-authenticate-on-failover; } static-framed-route; subscriber-group name { control-plane-managed-mode { preferred-user-plane-name preferred-user-plane-name; redundancy-interface name { logical-ports logical-ports; } } user-plane-managed-mode { redundancy-interface name { logical-ports logical-ports; } } virtual-mac virtual-mac; } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } subscriber-management-helper { traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } telnet { authentication-order(one-time-password | otp-md4 | password | radius | tacplus); connection-limit connections; rate-limit connections per minute; } tftp-server { connection-limit connections; rate-limit connections per minute; } web-management<controlmax-threads max-threads><https(local-certificate local-certificate | pki-local-certificate pki-local-certificate | system-generated-certificate)<interface [ interface ... ]><port port> namemtlsca-profile ca-profile nameport portpki-local-certificate pki-local-certificate><management-url management-url><session<idle-timeout minutes><session-limit session-limit>><traceoptions<file< filename><files files><match match><size size><(world-readable | no-world-readable)>> name<level(all | error | info | notice | verbose | warning)><no-remote-trace>> ; xnm-clear-text { connection-limit connections; rate-limit connections per minute; } xnm-ssl { connection-limit connections; local-certificate local-certificate; rate-limit connections per minute; (ssl-renegotiation | no-ssl-renegotiation); } }
services { dhcp { # DHCP is not supported on a DCF dhcp_services; } dtcp-only finger { connection-limit limit; rate-limit limit; } flow-tap-dtcp { ssh { connection-limit limit; rate-limit limit; } } ftp { authentication-order [authentication-methods]; connection-limit limit; rate-limit limit; } grpc { request-response { grpc { ssl { address ip-address; local-certificate local-certificate; port port; } max-connections max-connections; } } notification { port port; max-connections max-connections; allow-clients { address ip-address; } } traceoptions { file <filename> <files number> <match regex> <size size> <world-readable | no-world-readable>; flag flag; no-remote-trace; } } netconf { flatten-commit-results; hello-message { yang-module-capabilities { advertise-native-yang-modules; advertise-custom-yang-modules; advertise-standard-yang-modules; } } netconf-monitoring { netconf-state-schemas { retrieve-custom-yang-modules; retrieve-standard-yang-modules; } } notification { interleave; } rfc-compliant; ssh { client-alive-count-max number; client-alive-interval seconds; connection-limit limit; port port; rate-limit limit; } tls { client-identity client-id { fingerprint fingerprint; map-type (san-dirname-cn | specified); username username; } default-client-identity { map-type (san-dirname-cn | specified); username username; } local-certificate local-certificate; traceoptions { file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>; flag name; level (all | error | info | notice | verbose | warning); no-remote-trace; } } traceoptions { file <filename> <files number> <match regular-expression> <size size> <world-readable | no-world-readable>; flag flag; no-remote-trace; on-demand; } yang-compliant; yang-modules { device-specific; emit-extensions; } } outbound-https { client client-id { address { port port; trusted-cert trusted-cert; } device-id device-id; reconnect-strategy (in-order | sticky); secret password; waittime seconds; } } service-deployment { servers address { port-number port-number; } source-address address; } ssh { authentication-order [method 1 method2...]; authorized-keys-command authorized-keys-command; authorized-keys-command-user authorized-keys-command-user; ciphers [ cipher-1 cipher-2 cipher-3 ...]; client-alive-count-max number; client-alive-interval seconds; connection-limit limit; fingerprint-hash (md5 | sha2-256); hostkey-algorithm (algorithm | no-algorithm); key-exchange [algorithm1 algorithm2...]; log-key-changes log-key-changes; macs [algorithm1 algorithm2...]; max-pre-authentication-packets number; max-sessions-per-connection number; no-challenge-response; no-password-authentication; no-passwords; no-public-keys; allow-tcp-forwarding; port port-number; protocol-version [v2]; rate-limit number; rekey { data-limit bytes; time-limit minutes; } root-login (allow | deny | deny-password); sftp-server; } tcp-forwarding; resource-monitor { free-fw-memory-watermark number; free-heap-memory-watermark number; free-nh-memory-watermark number; high-threshold number; no-logging; no-throttle; resource-category jtree { resource-category jtree (continguous-pages | free-dwords | free-pages) { low-watermark number; high-watermark number; } } subscribers-limit { (any | dhcp | l2tp | pppoe) { { limit limit; } { limit limit; } fpc slot-number { limit limit; pic number { limit limit; port number { limit limit; } } } } } traceoptions { file filename <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>; flag flag; no-remote-trace; } } subscriber-management { enable (Enhanced Subscriber Management); enforce-strict-scale-limit-license; gres-route-flush-delay; } overrides { event { catastrophic-failure { reboot (master | standby); } } interfaces { family (inet | inet6) { layer2-liveness-detection; } } no-unsolicited-ra; ra-initial-interval-max seconds; ra-initial-interval-min seconds; shmlog { disable; file filename <files maximum-no-files> <size maximum-file-size>; filtering enable; log-name { all; logname { <brief | detail | extensive | none | terse>; <file-logging |no-file-logging>; } } log-type (debug | info | notice); | } redundancy { interface name { local-inet-address v4-address; local-inet6-address v6-address; shared-key string; virtual-inet-address virtual-v4-address; virtual-inet6-address virtual-v6-address; } no-advertise-routes-on-backup; protocol { pseudo-wire; vrrp; } } traceoptions { file filename <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>; flag flag; } } telnet { authentication-order [authentication-methods]; connection-limit limit; rate-limit limit; } web-management { http { interfaces [ names ]; port port; } https { interfaces [ names ]; local-certificate name; port port; } session { idle-timeout [ minutes ]; session-limit [ limit ]; } } xnm-ssl { connection-limit limit; local-certificate name; rate-limit limit; ssl-renegotiation; } }
階層レベル
[edit system]
説明
リモートシステムのユーザーがDHCPサーバー、SSH経由のDTCP、finger、アウトバウンドHTTPS、rlogin、SSH、telnet、Web管理、Junos XMLプロトコルSSL、ネットワークユーティリティを介してローカルルーターまたはスイッチにアクセスできるようにルーターまたはスイッチを構成するか、Junos OSがセッションおよびリソース制御(SRC)ソフトウェアと連携できるようにします。また、JET(Juniper Extension Toolkit)を使用して開発されたサードパーティ製アプリケーションを、Junos OS上で動作するように設定できるようにします。
Junos OSリリース22.2R1以降、セキュリティを強化するため、SSH TCP転送機能はデフォルトで無効になっています。SSH TCP転送機能を有効にするには、[]階層レベルでステートメントallow-tcp-forwarding
を設定しますedit system services ssh
。さらに、[] 階層レベルの および no-tcp-forwarding
ステートメントはedit system services ssh
非推奨になりましたtcp-forwarding
。
システム services webapi
オプションの オプションは、SRXシリーズ デバイスでのみ使用できます。詳細については、「関連情報」セクションを参照してください。
残りのステートメントについては、個別に説明します。 詳細については、CLI エクスプローラー でステートメントを検索するか、「構文」セクションでリンクされたステートメントをクリックしてください。
必要な権限レベル
system:設定でこのステートメントを表示します。
システム制御—このステートメントを設定に追加します。
リリース情報
Junos OSリリース7.4より前に導入されたステートメント。
extension-service
MX80、MX104、MX240、MX480、MX960、MX2010、MX2020、vMXシリーズ用のJunos OSリリース16.1で追加されたオプション。
grpc
MX80、MX104、MX240、MX480、MX960、MX2010、MX2020、vMXシリーズ用のJunos OSリリース16.2で追加されたオプション。
allow-tcp-forwarding
Junos OSリリース22.2R1で追加された オプション。