Technical Documentation

[edit system] Hierarchy Level

system {accounting {destination {radius {server {server-address {accounting-port port-number;retry number;port port-number;secret password;source-address address;timeout seconds;}}}tacplus {server {server-address {port port-number;secret password;single-connection;timeout seconds;}}}}events [ change-log interactive-commands login ];}archival {configuration {archive-sites {ftp://<username>:<password>@<host>:<port>/<url-path>;}transfer-interval interval;transfer-on-commit;}}arp {aging-timer {minutes;interface logical-interface-name;}passive-learning;}authentication-order [ authentication-methods ];auto-configuration {traceoptions {file <filename> <files number> <match regular-expression <size size> <world-readable | no-world-readable>;flag flag;level level;no-remote-trace;}}autoinstallation {configuration-servers {server-url <password password>;}interfaces {interface-name {bootp;rarp;}}}backup-router address <destination [ destination-addresses ]>;commit synchronize;(compress-configuration-files | no-compress-configuration-files);default-address-selection;diag-port-authentication (encrypted-password "password" | plain-text-password);domain-name domain-name;domain-search [ domain-list ];dump-device (boot-device | compact-flash | removable-compact-flash | usb);encrypt-configuration-files;extensions {provider {provider-id;}}host-name hostname;inet6-backup-router ipv6-address <destination address>;internet-options {(gre-path-mtu-discovery | no-gre-path-mtu-discovery);icmpv4-rate-limit {bucket-size number;packet-rate rate;}icmpv6-rate-limit {bucket-size number;packet-rate rate;}(ipip-path-mtu-discovery | no-ipip-path-mtu-discovery);(ipv6-path-mtu-discovery | no-ipv6-path-mtu-discovery);ipv6-path-mtu-discovery-timeout;no-tcp-rfc1323;no-tcp-rfc1323-paws;(path-mtu-discovery | no-path-mtu-discovery);source-port upper-limit upper-limit;source-quench;tcp-drop-synfin-set;}location {altitude feet;building name;country-code code;floor number;hcoord horizontal-coordinate;lata service-area;latitude degrees;longitude degrees;npa-nxx number;postal-code postal-code;rack number;vcoord vertical-coordinate;}login {announcement “text”;class class-name {access-end "hh<:mm:<ss>>";access-start "hh<:mm:<ss>>";allow-commands "regular-expression";allow-configuration "regular-expression";allowed-days [ sunday monday tuesday wednesday thursday friday saturday ];deny-commands "regular-expression";deny-configuration "regular-expression";idle-timeout minutes;logical-system logical-system-name;login-alarms;login-script script-name;login-tip;permissions [ permissions ];}message “text”;password {change-type (character-sets | set-transitions);format (des | md5 | sha1);maximum-length length;minimum-changes number;minimum-length length;}retry-options {backoff-factor number;backoff-threshold number;minimum-time number;tries-before-disconnect number;}user username {authentication {(encrypted-password "password" | plain-text-password);load-key-file filename;ssh-dsa "public-key" <from hostname>;ssh-rsa "public-key" <from hostname>;}class class-name;full-name "complete-name";uid uid-value;}}max-configurations-on-flash number;mirror-flash-on-disk;name-server {address;}no-multicast-echo;no-redirects;no-ping-record-route;no-ping-time-stamp;ntp {authentication-key key-number type md5 value password;boot-server address;broadcast <address> <key key-number> <version value> <ttl value>;broadcast-client;multicast-client <address>;peer address <key key-number> <version value> <prefer>;server address <key key-number> <version value> <prefer>;trusted-key [ key-numbers ];}packet-triggered-subscribers-partition {partition-name;}pic-console-authentication {(encrypted-password encrypted-password | plain-text-password);}ports {auxiliary {disable;insecure;type (ansi | small-xterm | vt100 | xterm);}console {disable;insecure;log-out-on-disconnect;type (ansi | small-xterm | vt100 | xterm);}}processes {... the following statement represents the syntax for most processes on EX Series and MX Series routers; processes with different syntax follow ...process-name <disable> <command pathname> <failover (alternate-media | other-routing-engine)>;... the following statement represents the syntax for most processes on M Series and T Series routers; processes with different syntax follow ...process-name <disable> <command pathname>;(cfm | send) disable;(chassis-control | ntp | routing) <disable> <failover alternate-media>;(dhcp | ethernet-switching | kernel-replication | l2-learning | lacp | multicast-snooping) <disable> <command pathname>;     #nondefault syntax for process on EX-series routers(diameter-service | general-authentication-service) {disable;traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}(process-monitor | resource-cleanup) {disable;traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;level severity;no-remote-trace;}}sbc-configuration-process {disable;failover alternate-media;traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}watchdog <enable | disable> <timeout seconds>;}radius-options {attributes {nas-ip-address address;}}radius-server {server-address {accounting-port port-number;port port-number;retry number;secret password;source-address source-address;timeout seconds;}}root-authentication {(encrypted-password "password" | plain-text-password);load-key-file filename;ssh-dsa "public-key" <from hostname>;ssh-rsa "public-key" <from hostname>;}(saved-core-context | no-saved-core-context);saved-core-files saved-core-files;scripts {commit {allow-transients;file filename.xsl {optional;refresh;refresh-from url;source url;}refresh;refresh-from url;traceoptions {file <filename> <files number> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}op {file filename.xsl {arguments {argument-name <description description>;}command filename-alias;description description;refresh;refresh-from url;source url;}refresh;refresh-from url;traceoptions {file <filename> <files number> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}}services {... the services subhierarchy appears after the main [edit system] hierarchy ...}static-host-mapping {hostname {alias [ aliases ];inet [ addresses ];inet6 [ addresses ];sysid system-identifier;}}syslog {archive {files number;size maximum-file-size;(world-readable | no-world-readable);}console {facility severity;}file filename {facility severity;explicit-priority;match "regular-expression";archive {files number;size maximum-file-size;(world-readable | no-world-readable);}}host (hostname | other-routing-engine | scc-master) {facility severity;explicit-priority;facility-override facility;log-prefix string;match "regular-expression";}source-address source-address;time-format (year | millisecond | year millisecond);user (username | *) {facility severity;match "regular-expression";}}tacplus-options {(exclude-cmd-attribute | no-cmd-attribute-value);service-name service-name;}tacplus-server {server-address {port port-number;secret password;single-connection;source-address address;timeout seconds;}}time-zone (GMT | GMT+hour-offset | GMT-hour-offset | zone-name);}  system {services {database-replication {traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}dhcp {... the dhcp subhierarchy appears after the main [edit system services] hierarchy ...}dhcp-local-server {... the dhcp-local-server subhierarchy appears after the main [edit system services] hierarchy ...}dns {dnssec {disable;dlv {domain domain-name trusted-anchor trusted-anchor;}secure-domains {domain-name;}trusted-keys {key text-string;load-key-file pathname;}}forwarders {ip-address;}max-cache-ttl seconds;max-ncache-ttl seconds;traceoptions {category category-name;debug-level number;file <filename> <files number> <size maximum-file-size> <world-readable | no-world-readable>;no-remote-trace;}}dns-proxy {cache {hostname inet address;}interface {interface-name;}server-select list-identifier {domain-name domain-name;name-server {address;}}traceoptions {file filename <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;}}dynamic-dns {client hostname {agent agent-name;interface interface-name;password password;server (ddo | dyndns);username server-username;}}finger {connection-limit limit;rate-limit limit;}flow-tap-dtcp {ssh {connection-limit limit;rate-limit limit;}}ftp {connection-limit limit;rate-limit limit;}local-policy-decision-function {statistics {aacl-statistics-profile profile-name {aacl-fields {address;all-fields;application;application-group;input-bytes;input-interface;input-packets;mask;output-bytes;output-packets;subscriber-name;timestamp;vrf-name;}file filename;record-mode (interim-active-only | interim-full);report-interval minutes;}file filename {archive-sites {url;}files number;size bytes;transfer-interval minutes;}record-type (data | interim);}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}netconf {ssh {connection-limit limit;rate-limit limit;}}outbound-ssh {application-id application-id {address {port port-number;retry number;timeout seconds;}device-id device-id;keep-alive {retry number;timeout seconds;}reconnect-strategy (in-order | sticky);secret secret;services netconf;}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}packet-triggered-subscribers {partition partition-name {destination-host hostname;destination-realm realm;diameter-instance instance-name;}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}service-deployment {local-certificate certificate-name;servers {server-address {port port-number;security-options (ssl3 | tls);user username;}}source-address address;traceoptions {flag flag;}}static-subscribers {access-profile profile-name;authentication {password password-string;username-include {domain-name domain-name;interface;logical-system-name;routing-instance-name;user-prefix user-prefix-string;}}dynamic-profile profile-name {aggregate-clients (merge | replace);}group group-name {access-profile profile-name;authentication {password password-string;username-include {domain-name domain-name;interface;logical-system-name;routing-instance-name;user-prefix user-prefix-string;}}dynamic-profile profile-name {aggregate-clients (merge | replace);}interface interface-name <exclude> <upto upto-interface-name>;}traceoptions {file filename <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>;flag flag;level (all | error | info | notice | verbose | warning);no-remote-trace;}}ssh {connection-limit limit;protocol-version [ v1 v2 ];rate-limit limit;root-login (allow | deny | deny-password);}telnet {connection-limit limit;rate-limit limit;}web-management {control {max-threads number;}http {interface [ interface-names ];port port-number;}https {interface [ interface-names ];(local-certificate certificate-name | pki-local-certificate certificate-name | system-generated-certificate);port port-number;}session {idle-timeout minutes;session-limit number;}}xnm-clear-text {connection-limit limit;rate-limit limit;}xnm-ssl {connection-limit limit;local-certificate certificate-name;rate-limit limit;}}  services {dhcp {boot-file filename;boot-server hostname;default-lease-time (seconds | infinite);domain-name domain-name;domain-search {domain-suffix;}maximum-lease-time (seconds | infinite);name-server {address;}next-server address;option option-index (array type-name [ type-values ] | byte 8-bit-value | flag (false | off | on | true) | integer signed-32-bit-value | ip-address address | short signed-16-bit-value | string text-string | unsigned-integer 32-bit-value | unsigned-short 16-bit-value);pool ip-prefix/prefix-length {... the pool subhierarchy appears after the main [edit system services dhcp] hierarchy ...}propagate-settings interface-name;router {address;}server-identifier identifier;static-binding {... the static-binding subhierarchy appears after the main [edit system services dhcp] hierarchy ...}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;level severity;no-remote-trace;}wins-server {address;}}  dhcp {pool ip-prefix/prefix-length {address-range low address high address;boot-file filename;boot-server hostname;default-lease-time (seconds | infinite);domain-name domain-name;domain-search {domain-suffix;}exclude-address {ipv4-address;}maximum-lease-time (seconds | infinite);name-server {address;}next-server address;option option-index (array type-name  type-values ] | byte 8-bit-value | flag (false | off | on | true) | integer signed-32-bit-value | ip-address address | short signed-16-bit-value | string text-string | unsigned-integer 32-bit-value | unsigned-short 16-bit-value);propagate-settings interface-name;router {address;}server-identifier identifier;wins-server {address;}}}  dhcp {static-binding mac-address {boot-file filename;boot-server hostname;client-identifier (ascii ascii-text | hexadecimal hexadecimal-value);domain-name domain-name;domain-search {domain-suffix;}fixed-address {ipv4-address;}host-name hostname;name-server {address;}next-server address;option option-index (array type-name  type-values ] | byte 8-bit-value | flag (false | off | on | true) | integer signed-32-bit-value | ip-address address | short signed-16-bit-value | string text-string | unsigned-integer 32-bit-value | unsigned-short 16-bit-value);router {address;}server-identifier identifier;wins-server {address;}}}}  services {dhcp-local-server {authentication {password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name;logical-system-name;mac-address;option-60;option-82 <circuit-id> <remote-id>;routing-instance-name;user-prefix prefix-string;}}dhcpv6 {... the dhcpv6 subhierarchy appears after the main [edit system services dhcp-local-server] hierarchy ...}duplicate-clients-on-interface;dynamic-profile profile-name <aggregate-clients (merge | replace) | use-primary primary-profile-name>;group group-name {authentication {... same statements as at the [edit system services dhcp-local-server authentication] hierarchy level ...}dynamic-profile profile-name <aggregate-clients <merge | replace> | use-primary primary-profile-name>;interface interface-name {exclude;overrides {client-discover-match <option60-and-option82>;interface-client-limit number;no-arp;}upto upto-interface-name;}overrides {... same statements as at the [edit system services dhcp-local-server overrides] hierarchy level ...}reconfigure {... same statements as at the [edit system services dhcp-local-server reconfigure] hierarchy level ...}}overrides {client-discover-match <option60-and-option82>;interface-client-limit number;no-arp;}pool-match-order {external-authority;ip-address-first;option-82;}reconfigure {attempts attempt-count;clear-on-abort;timeout timeout-value;token token-value;trigger {radius-disconnect;}}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}  dhcp-local-server {dhcpv6 {authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;logical-system-name;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;}}dynamic-profile profile-name <aggregate-clients <merge | replace> | use-primary primary-profile-name>;group group-name {... same statements as at the [edit system services dhcp-local-server dhcpv6] hierarchy level PLUS ...interface interface-name {exclude;overrides {interface-client-limit number;}upto upto-interface-name;}}overrides {interface-client-limit number;}}}}}

Published: 2010-04-28