Page 1: User Guide
J-series™ Services Router User Guide Release 7.0 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 408-745-2000 www.juniper.net Part Number: 530-011657-01, Revision 1...
Page 2 GigaScreen are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The following are trademarks of Juniper Networks, Inc.: ERX, ESP, E-series, Instant Virtual Extranet, Internet Processor, J2300, J4300, J6300, J-Protect, J-series, J-Web, JUNOS, JUNOScope, JUNOScript, JUNOSe, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320, M-series, MMD, NetScreen-5GT,...
Page 3 Software. Any such support shall be governed by a separate, written agreement. To the maximum extent permitted by law, Juniper shall not be liable for any liability for lost profits, loss of data or costs or procurement of substitute goods or services, or for any special, indirect, or consequential damages arising out of this Agreement, the Software, or any Juniper or Juniper-supplied software.
Page 4 Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.
Page 5: Table Of Contents
Abbreviated Table of Contents About This Guide Part 1 J-series Overview Chapter 1 Introducing the J-series Services Router Chapter 2 System Overview Part 2 Installing the J-series Services Router Chapter 3 Installing and Connecting a Services Router Chapter 4 Establishing Basic Connectivity Chapter 5 Managing J-series Licenses.
Page 6 J-series™ Services Router User Guide Chapter 11 Configuring SNMP for Network Management Part 5 Configuring Routing Protocols Chapter 12 Routing Overview Chapter 13 Configuring Static Routes. . Chapter 14 Configuring a RIP Network.. Chapter 15 Configuring an OSPF Network Chapter 16 Configuring BGP Sessions Part 6 Configuring Routing Policy, Firewall Filters, and Class of...
Page 7 Abbreviated Table of Contents Part 9 Upgrading the Services Router Chapter 24 Performing Software Upgrades and Reboots.. Chapter 25 Replacing and Troubleshooting Hardware Components Part 10 J-series Requirements and Specifications Chapter 26 Preparing for Router Installation Chapter 27 Network Cable Specifications and Connector Pinouts Chapter 28 Safety and Regulatory Compliance Information.
Page 8 J-series™ Services Router User Guide viii Abbreviated Table of Contents...
Page 9 J2300 Services Router Hardware Features ......... .7 J2300 Chassis ..............7 J2300 Routing Engine ..
Page 10 Unpacking the J-series Services Router .......... . 36 Installing the J2300 Services Router..........37 Installing the J2300 Services Router on a Desk.
Page 11 Table of Contents After Initial Configuration ..........51 Management Access ............51 Before You Begin.
Page 12 J-series™ Services Router User Guide Verifying Interface Configuration ..........104 Verifying the Link State of All Interfaces ........104 Verifying Interface Properties ..
Page 13 Table of Contents Loading a Previous Configuration File........145 Setting a Rescue Configuration ..........145 Using the CLI Configuration Editor .
Page 14 J-series™ Services Router User Guide Defining Login Classes...........186 Creating User Accounts ..........188 Setting Up Template Accounts .
Page 15 Table of Contents Before You Begin..............243 Configuring SNMP with Quick Configuration........243 Configuring SNMP with a Configuration Editor .
Page 16 J-series™ Services Router User Guide Chapter 13 Configuring Static Routes. . Static Routing Overview............285 Static Route Preferences..
Page 17 Table of Contents Configuring Stub and Not-So-Stubby Areas ....... .. 319 Tuning an OSPF Network for Efficient Operation ....... 321 Controlling Route Selection in the Forwarding Table .
Page 18 J-series™ Services Router User Guide Stateless Firewall Filter Match Conditions, Actions, and Action Modifiers...............363 Class-of-Service Overview.
Page 19 Table of Contents Configuring a Policer for a Firewall Filter ........429 Configuring and Applying a Firewall Filter for a Multifield Classifier ..430 Assigning Forwarding Classes to Output Queues.
Page 20 Before You Begin..............502 Downloading Software Upgrades from Juniper Networks ......502 Installing Software Upgrades with J-Web Quick Configuration .
Page 21 Installing a DRAM Module ..........531 Replacing a Power Supply Cord in a J2300 or J4300 Router ....532 Replacing Power System Components in a J6300 Router .
Page 22 J-series™ Services Router User Guide X.21 DCE Cable Pinout ............559 RJ-45 Connector Pinouts for the Routing Engine (Ethernet) Port ....559 DB-9 Connector Pinouts for the Console Port .
Page 23 Table of Contents Part 11 Customer Support and Product Return Chapter 29 Contacting Customer Support and Returning Hardware Locating Component Serial Numbers ..........603 PIM Serial Number Label .
Page 24 J-series™ Services Router User Guide xxiv Table of Contents...
Page 25: About This Guide
Objectives on page xxv Audience on page xxvi How to Use This Guide on page xxvi Document Conventions on page xxvii Related Juniper Networks Documentation on page xxviii Documentation Feedback on page xxx Requesting Support on page xxx Objectives This guide contains instructions for installing, configuring, and managing a Services Router.
Page 26 This guide provides complete instructions for using the J-Web interface, but it is not a comprehensive resource for using the JUNOS CLI. For CLI information, see “Related Juniper Networks Documentation” on page xxviii. Audience This guide is designed for anyone who installs, configures, and maintains a J-series Services Router or prepares a site for Services Router installation.
Page 27 About This Guide Table 2: Location of Instructions in a Chapter Configuration or Management Method Location of Instructions in a Chapter J-Web Quick Configuration pages (where applicable) In a table, before configuration editor instructions. J-Web configuration editor pages Together in a task table—after Quick Configuration instructions (where applicable).
Page 28 In the configuration editor hierarchy, selections. select Protocols>Ospf. Related Juniper Networks Documentation Although this guide provides instructions for configuring and managing a J-series Services Router with the JUNOS CLI, it is not a comprehensive JUNOS software resource. For complete documentation of the statements and commands described in this guide, see the JUNOS software manuals listed in Table 5.
Page 29 “Configuring Class of Service with DiffServ” on page 427 JUNOS Network Interfaces and Class of Service Configuration Guide Part 7, “Managing Multicast Transmissions” JUNOS Multicast Protocols Configuration Guide “Multicast Overview” on page 461 “Configuring a Multicast Network” on page 471 xxix Related Juniper Networks Documentation...
Page 30 Documentation Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to techpubs-comments@juniper.net, or fill out the documentation feedback form at . If you are using e-mail, be http://www.juniper.net/techpubs/docbug/docbugreport.html...
Page 31: J-Series Overview
Part 1 J-series Overview Introducing the J-series Services Router on page 3 System Overview on page 7 J-series Overview...
Page 32: Part 1 J-Series Overview
J-series Overview...
Page 33: Introducing The J-Series Services Router
For details, see “J-series User Interface Overview” on page 109. Table 6: J-series Models Model Description Bandwidth J2300 Services Router Remote or branch office customer Up to 4 Mbps premises equipment (CPE). 20,000 to 50,000 packets per second Smaller chassis (1 U) with a...
Page 34: J-Series Software Features And Licenses
J-series™ Services Router User Guide Model Description Bandwidth J4300 Services Router Regional office CPE. Up to 16 Mbps Larger chassis (2 U) with a nonredundant 50,000 to 80,000 pps AC power supply, 256 MB to 512 MB of memory, and a Universal Serial Bus (USB) port for external storage.
Page 35 Introducing the J-series Services Router Feature Category J-series Feature Separate License Intermediate System-to-Intermediate System (IS-IS) Multicast: Internet Group Management Protocol version 3 (IGMPv3) Protocol Independent Multicast (PIM) Distance Vector Multicast Routing Protocol (DVMRP) Single-source multicast Static addresses IP Address Management Ethernet: Encapsulation Media access control (MAC) encapsulation...
Page 36 J-series™ Services Router User Guide Feature Category J-series Feature Separate License J-Web browser interface—for Services Router configuration and management JUNOScript XML application programming interface (API) JUNOS command-line interface (CLI)—for Services Router configuration and management through the console, telnet, or SSH Simple Network Management Protocol version 1 (SNMPv1) and SNMPv2 Traffic Analysis J-Flow flow monitoring and accounting...
Page 37: System Overview
J2300 Cooling System on page 15 J2300 Chassis The J2300 Services Router chassis is a rigid sheet metal structure that houses all the other router components (see Figure 1, Figure 2, and Figure 3). The chassis can be installed in many types of racks or cabinets, on a wall, or on a desk. For information about acceptable rack types, see “Rack Requirements”...
Page 38 The router is connected to earth ground through the AC power cord. The router must be connected to earth ground during normal operation. For additional safety information, see “Safety and Regulatory Compliance Information” on page 563. Figure 1: Front of J2300 Chassis Mounting Physical bracket...
Page 39: Chapter 2 System Overview
System Overview Figure 3: J2300 Hardware Components Front Processor Physical Interface Module Power supply (PIM) DRAM Rear Primary compact Routing Engine flash drive Table 8 summarizes the physical specifications for the router chassis. Table 8: J2300 Physical Specifications Description Value Chassis dimensions 1.75 in.
Page 40: J2300 Routing Engine
NOTE: For specific information about Routing Engine components (for example, the amount of DRAM installed), issue the command. show chassis routing-engine J2300 Boot Devices The J2300 Services Router can boot from two devices: Primary compact flash disk USB drive J2300 Services Router Hardware Features...
Page 41: J2300 Boot Sequence
J2300 Front Panel The front panel of the Services Router (Figure 4) allows you to view router status LEDs, access the console port, and perform simple control functions. Figure 4: Front Panel of J2300 Services Router ALARM LED Configuration LED...
Page 42: Power Button And Power On Led
15 seconds, all CONFIG configurations on the router (including the rescue configuration and backup configurations) are deleted, and the factory configuration is loaded and committed. Table 10 describes the configuration LED. J2300 Services Router Hardware Features...
Page 43: Console Port
NOTE: For a list of supported USB drives, see the J-series release notes at http://www.juniper.net J2300 Physical Interface Module (PIM) The fixed Physical Interface Modules (PIM) in a J2300 Services Router provide the physical connection to various network media types, receiving incoming packets from the network and transmitting outgoing packets to the network.
Page 44: J2300 Lan Ports
Table 12 describes the LAN port LEDs. Table 12: LAN Port LEDs Function Color State Description Link Green On steadily Port is online. Activity Green Blinking Port is receiving data. Port might be on, but is not receiving data. J2300 Services Router Hardware Features...
Page 45: J2300 Power System
System Overview J2300 Power System The J2300 Services Router uses AC power. The autosensing power supply (see Figure 2) distributes the different output voltages to the router components according to their voltage requirements. The power supply is fixed in the chassis, and is not field-replaceable. It has a single AC appliance inlet that requires a dedicated AC power feed.
Page 46: J4300 And J6300 Services Router Hardware Features
J-series™ Services Router User Guide Figure 5: Airflow Through the J2300 Chassis Front Rear The Routing Engine monitors the temperature of the router components. If the ambient maximum temperature specification is exceeded and the router cannot be adequately cooled, the Routing Engine shuts down the hardware components.
Page 47: J4300 And J6300 Chassis
System Overview J4300 and J6300 Cooling System on page 27 J4300 and J6300 Chassis The J4300 and J6300 Services Router chassis is a rigid sheet metal structure that houses all the other router components (see Figure 6, Figure 7, Figure 8, and Figure 9).
Page 48 J-series™ Services Router User Guide Figure 6: Front of J4300 and J6300 Chassis Physical Interface Blank Mounting Module (PIM) PIM panel bracket Mounting bracket ST AT US PO RT ST AT US PO RT AL AR M CO NF PO W ER Removable LAN ports compact flash...
Page 49 System Overview Figure 8: Rear of J6300 Chassis Power supply ejector tabs Protective earthing terminal Primary compact Power supply flash drive fan exhaust AC power appliance inlets J4300 and J6300 Services Router Hardware Features...
Page 50 J-series™ Services Router User Guide Figure 9: J4300 and J6300 Hardware Components Rear Primary compact Processor flash drive DRAM Power supply Routing Engine Midplane Removable Physical compact Interface flash drive Module (PIM) Front Table 13 summarizes the physical specifications for the router chassis. J4300 and J6300 Services Router Hardware Features...
Page 51: Midplane
System Overview Table 13: J4300 and J6300 Physical Specifications Description Value Chassis dimensions 3.50 in. (8.9 cm) high 17.00 in. (43.2 cm) wide—19 in. (48.3 cm) wide with mounting brackets attached 19.00 in. (48.3 cm) deep—plus 0.5 in. (1.27 cm) of hardware that protrudes from the chassis front Router weight J4300 router minimum configuration (no PIMs): 18 lb (8.2 kg)
Page 52: J4300 And J6300 Boot Devices
J-series™ Services Router User Guide replacing the compact flash drive, see “Removing and Installing the Primary Compact Flash Disk” on page 523. PCI bus—Provides the interface to the PIMs. EPROM—Stores the serial number of the Routing Engine. NOTE: For specific information about Routing Engine components (for example, the amount of DRAM installed), issue the command.
Page 53: Alarm Led
J4300 and J6300 Removable Compact Flash Drive on page 25 ALARM LED LED on J4300 and J6300 Services Routers functions identically to the ALARM LED on the J2300 Services Router. See “ALARM LED” on page 11. ALARM Power Button and POWER ON LED The power button and...
Page 54: Console Port
J-series™ Services Router User Guide Console Port The console port on J4300 and J6300 Services Routers functions identically to the console port on the J2300 Services Router. See “Console Port” on page 13. J4300 and J6300 USB Port The slot labeled...
Page 55: J4300 And J6300 Removable Compact Flash Drive
System Overview J4300 and J6300 Removable Compact Flash Drive The slot labeled on the front panel of the Services Router COMPACT FLASH (see Figure 10) is a removable compact flash drive that accepts a type I or II compact flash disk, as defined in the CompactFlash Specification published by the CompactFlash Association.
Page 56: J4300 Power System
J-series™ Services Router User Guide Figure 11: PIM PIMs are removable and insertable when the router is powered off. You can install a PIM into one of the six slots in the router chassis. If a slot is not occupied by a PIM, a PIM blank panel must be installed to shield the empty slot and to allow cooling air to circulate properly through the router.
Page 57: J4300 And J6300 Cooling System
System Overview Each power supply has an LED located on the power supply faceplate. Table 16 describes the J6300 power supply LED. Table 16: J6300 Power Supply LED State Description No power flowing to the power supply. Green Power supply is working correctly. Power supply is starting up, or has failed.
Page 58: Software Overview
J-series™ Services Router User Guide Figure 12: Airflow Through the J4300 and J6300 Chassis Rear Front The Routing Engine monitors the temperature of the router components. If the ambient maximum temperature specification is exceeded and the router cannot be adequately cooled, the Routing Engine shuts down the hardware components. Software Overview Each J-series Services Router runs the JUNOS Internet software on its general-purpose processors.
Page 59: Routing Engine And Packet Forwarding Engine
For information about Routing Engine hardware, see “J2300 Routing Engine” on page 10 and “J4300 and J6300 Routing Engine” on page 21. Kernel and Microkernel...
Page 60: Management Process
J-series™ Services Router User Guide Management Process on page 30 Chassis Process on page 30 Routing Protocols Process on page 30 Interface Process on page 31 Forwarding Process on page 31 Management Process The JUNOS management process (mgd) manages the Services Router system as follows: Provides communication between the other processes and an interface to the configuration database...
Page 61: Interface Process
System Overview Interface Process The JUNOS interface process (ifd) supplies the programs that configure and monitor network interfaces by defining physical characteristics such as link encapsulation, hold times, and keepalive timers. Forwarding Process The JUNOS forwarding process ( ) is responsible for most of the packet fwdd transmission through a Services Router.
Page 62 J-series™ Services Router User Guide Software Overview...
Page 63: Installing The J-Series Services Router
Part 2 Installing the J-series Services Router Installing and Connecting a Services Router on page 35 Establishing Basic Connectivity on page 47 Managing J-series Licenses on page 69 Configuring Network Interfaces on page 79 Installing the J-series Services Router...
Page 64: Installing The J-Series Services Router
Installing the J-series Services Router...
Page 65: Installing And Connecting A Services Router
Before You Begin on page 35 Unpacking the J-series Services Router on page 36 Installing the J2300 Services Router on page 37 Installing the J4300 or J6300 Services Router on page 40 Connecting Interface Cables to the Services Router on page 42...
Page 66: Unpacking The J-Series Services Router
(provided) Mounting brackets and screws (provided) Number 2 Phillips screwdriver Number 2 Phillips screwdriver Four (J2300) or eight (J4300 and J6300) mounting screws Four wall screws or four appropriate for your rack mounting screws and anchors capable of supporting the full weight of the chassis, up to 12 lb (5.4 kg)
Page 67: Installing The J2300 Services Router
Installing the J2300 Services Router You can install the J2300 Services Router on a desk, on a wall, or in a rack. The J2300 Services Router includes mounting brackets that support either wall or rack mounting, and rubber feet for desk and wall mounting.
Page 68: Installing The J2300 Services Router On A Wall
Rubber feet Installing the J2300 Services Router on a Wall You can install the J2300 Services Router on a wall. The router is shipped with mounting brackets and rubber feet in the accessory box. The rubber feet help stabilize the router on the wall and enhance airflow.
Page 69: Installing The J2300 Services Router Into A Rack
Verify that the mounting screws on one side are aligned with the mounting screws on the opposite side and that the router is level. Figure 14: Attaching Mounting Brackets to Install a J2300 Services Router on a Wall Installing the J2300 Services Router into a Rack You can front-mount the J2300 Services Router in a rack.
Page 70: Installing The J4300 Or J6300 Services Router
Verify that the mounting screws on one side of the rack are aligned with the mounting screws on the opposite side and that the router is level. Figure 15: Attaching Mounting Brackets to Install a J2300 Services Router in a Rack Installing the J4300 or J6300 Services Router You can front-mount the J4300 Services Router or J6300 Services Router in a rack.
Page 71 Installing and Connecting a Services Router Have one person grasp the sides of the router, lift the router, and position it in the rack. Align the bottom hole in each mounting bracket with a hole in each rack rail as shown in Figure 16, making sure the chassis is level.
Page 72: Connecting Interface Cables To The Services Router
The grounding cable must be 14 AWG single-strand wire cable, and must be able to handle the following amperage: J2300 router—up to 4 A J4300 router and J6300 router—up to 6 A The grounding lug must be a ring-type, vinyl-insulated TV14–10R lug, or equivalent, to accommodate the 14 AWG cable.
Page 73: Connecting Power To The Services Router
Installing and Connecting a Services Router Connecting Power to the Services Router J2300 and J4300 Services Routers have a single fixed power supply. The J6300 Services Router has one or two field-replaceable power supplies. For more information about the J-series power specifications, see “Power Guidelines, Requirements, and Specifications”...
Page 74: Powering A Services Router On And Off
J-series™ Services Router User Guide Figure 17: Connecting Power to the J2300 Services Router To ground Washer Grounding lug Figure 18: Connecting Power to the J4300 Services Router To ground Washer Grounding lug Figure 19: Connecting Power to the J6300 Services Router...
Page 75 Installing and Connecting a Services Router To power off a Services Router, do one of the following: Press and release the power button. The router begins gracefully shutting down the operating system and then powers itself off. Press the power button and hold it for more than 5 seconds. The router immediately powers itself off without shutting down the operating system.
Page 76 J-series™ Services Router User Guide Powering a Services Router On and Off...
Page 77: Establishing Basic Connectivity
Chapter 4 Establishing Basic Connectivity The JUNOS software is preinstalled on the Services Router. When the router is powered on, it is ready to be configured. If the router does not have a configuration from the factory or your service provider, you must configure the software to establish basic connectivity.
Page 78: Basic Connectivity Overview
J-series™ Services Router User Guide Table 19: Basic Connectivity Terms Term Definition domain name Name that identifies the network or subnetwork a router belongs to. Dynamic Host Configuration Protocol (DHCP) Protocol for assigning dynamic IP addresses to devices on a network. gateway Packets destined for IP addresses not identified in the routing table are sent to the default gateway.
Page 79: Router Identification
Establishing Basic Connectivity Router Identification The domain name defines the network or subnetwork that the Services Router belongs to. The hostname refers to the specific machine, while the domain name is shared among all the devices in a given network. Together the hostname and domain name identify the router in the network.
Page 80: Default Gateway
J-series™ Services Router User Guide If you plan to include your router in several domains, you can add these domains to the configuration so that they are included in a DNS search. When DNS searches are requested, the domain suffixes are appended to the hostnames. Default Gateway A default gateway is a static route that is used to direct packets addressed to networks not explicitly listed in the router’s routing table.
Page 81: Chapter 4 Establishing Basic Connectivity
Establishing Basic Connectivity Before Initial Configuration Before initial configuration, when the factory default configuration is active: The Services Router attempts to perform autoinstallation by obtaining a router configuration through all its connected interfaces, including . The fe-0/0/0 Services Router acts as a DHCP client out the interface.
Page 82 J-series™ Services Router User Guide SSH, SSL, or telnet). Information sent in clear-text is not encrypted and therefore can be intercepted. For more information about the JUNOScript application programming interface (API), see the JUNOScript API Guide SSH also allows you to connect to the router and access the CLI to execute commands from a remote system.
Page 83: Before You Begin
Establishing Basic Connectivity Before You Begin Before you begin initial configuration, complete the following tasks: Install the Services Router in its permanent location, as described in “Installing and Connecting a Services Router” on page 35. Gather the following information: Hostname for the router on the network Domain that the router belongs to on the network Password for the root user Time zone where the router is located...
Page 84: Connecting To The J-Web Interface
J-series™ Services Router User Guide Before you configure the router, gather the information described in “Before You Begin” on page 53. To configure the router with J-Web Quick Configuration, perform the following procedures: Connecting to the J-Web Interface on page 54 Configuring Basic Settings with Quick Configuration on page 55 Connecting to the J-Web Interface When the Services Router is powered on for the first time, if no configuration is...
Page 85: Configuring Basic Settings With Quick Configuration
Establishing Basic Connectivity Figure 20: Connecting to the Fast Ethernet Port on the J2300 Services Router Ethernet port Ethernet port RJ-45 cable Figure 21: Connecting to the Fast Ethernet Port on the J4300 or J6300 Services Router Ethernet port ST AT US...
Page 86 J-series™ Services Router User Guide Enter information into the fields described in Table 20 on the Set Up Quick Configuration page. Click one of the following buttons: To apply the configuration and stay in the Set Up Quick Configuration page, click Apply. To apply the configuration and return to the Quick Configuration page, click OK.
Page 87 Establishing Basic Connectivity Field Function Your Action NTP Servers Specify an NTP server that the router To add an IP address, type it in the box can reach to synchronize the system to the left of the Add button, then click time.
Page 88: Configuring The Services Router With A Configuration Editor
J-series™ Services Router User Guide Field Function Your Action fe-0/0/0 Address Defines the IP address and prefix Type a 32-bit IP address and prefix length of fe-0/0/0. The interface length, in dotted decimal notation. fe-0/0/0 is typically used as the If you change the fe-0/0/0 NOTE: management interface for accessing the...
Page 89 Establishing Basic Connectivity NOTE: The Ethernet rollover cable and RJ-45 to DB-9 serial port adapter are provided in the router’s accessory box. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device (see Figure 22 and Figure 23). Connect the other end of the Ethernet rollover cable to the console port on the router (see Figure 22 and Figure 23).
Page 90: Configuring Basic Settings With A Configuration Editor
J-series™ Services Router User Guide Figure 22: Connecting to the Console Port on the J2300 Services Router Serial port Adapter Console port RJ-45 rollover cable Figure 23: Connecting to the Console Port on the J4300 or J6300 Services Router Serial port...
Page 91 Establishing Basic Connectivity In a typical network, the Services Router has the basic settings listed in Table 21. Determine the values to set on the Services Router in your network. Table 21: Sample Settings on a Services Router Services Router Property Value routera Services Router hostname...
Page 92 J-series™ Services Router User Guide Table 22: Configuring Basic Settings Task J-Web Interface Configuration CLI Configuration Editor Editor Navigate to the System level in the In the configuration From the top of the configuration configuration hierarchy. editor hierarchy, select hierarchy, enter edit system. Configuration>View and Edit>...
Page 93 Establishing Basic Connectivity Task J-Web Interface Configuration CLI Configuration Editor Editor Define the NTP server that NTP requests In the Nested configuration section, Set the address of the NTP server. For can be sent to. next to Ntp, click Configure or example: Edit.
Page 94 J-series™ Services Router User Guide Task J-Web Interface Configuration CLI Configuration Editor Editor Define the IP address for lo0.0. In the configuration editor Exit the system level of the hierarchy, next to Interfaces, click hierarchy: Configure or Edit. exit In the Interface table, locate the lo0 From the top of the configuration row and click Unit.
Page 95: Configuring Autoinstallation
Establishing Basic Connectivity Configuring Autoinstallation This section contains the following topics: Autoinstallation Overview on page 65 Autoinstallation Requirements for End Users on page 66 Autoinstallation Requirements for Service Providers on page 66 Enabling Autoinstallation with the CLI on page 66 Autoinstallation Overview You can download a configuration file automatically from an FTP, Hypertext Transfer Protocol (HTTP), or Trivial File Transfer Protocol (TFTP) server.
Page 96: Autoinstallation Requirements For End Users
J-series™ Services Router User Guide Autoinstallation Requirements for End Users When enabling autoinstallation as an end user, ensure that you have performed the following tasks: Installed the Services Router Powered on the Services Router Connected an interface on the Services Router to a network that has access to a DHCP server, a DHCP Relay Agent, and a TFTP server (if you want to use TFTP) Both DHCP and TFTP can reside on the same server.
Page 97: Verifying Basic Connectivity
Establishing Basic Connectivity Specify the URL or FTP site of the configuration file that you want to automatically install on the Services Router: user@host# set configuration-servers url If the destination URL is not specified, but DHCP is configured correctly, autoinstallation still works properly. Specify the interface that the Services Router will use to send out and receive requests, and specify the IP address procurement protocol—...
Page 98 J-series™ Services Router User Guide ntp { server 10.148.2.21; interfaces { fe-0/0/0 { unit 0 { family inet { address 192.168.1.1/24; lo0 { unit 0 { family inet { address 172.16.1.24/32; The output shows the configuration of basic connectivity. Verify that the values What It Means displayed are correct for your Services Router.
Page 99: Managing J-Series Licenses
The presence on the router of the appropriate software license keys (passwords) determines the features and ports you can configure and use. For information about how to purchase J-series software licenses, contact your Juniper Networks sales representative. This chapter contains the following topics: J-series License Overview on page 69...
Page 100: Port Licenses
License Name Stateful Firewall Filters and NAT Stateful firewall and Network Address Translation (NAT) on J2300 Services Router Software License for Stateful Firewall the J2300 platform—all configuration statements within the [edit services stateful-firewall] hierarchy. Stateful firewall and NAT on the J4300 platform—all...
Page 101: License Key Components
Managing J-series Licenses Licensed Port License Name Additional port on a E1 PIM. J-series Services Router Software License for One Additional E1 Port Serial Additional port on a serial PIM. J-series Services Router Software License for One Additional Serial Port Fast Ethernet Additional port on a Fast Ethernet PIM.
Page 102 J-series™ Services Router User Guide Deleting Licenses with the J-Web User Interface on page 74 Displaying License Keys with the J-Web Interface on page 74 Downloading Licenses with the J-Web Interface on page 74 Figure 24 shows the J-Web Licenses page. Figure 24: Licenses Page The Licenses page displays a summary of licensed features that are configured on the Services Router and a list of the licenses that are installed on the router.
Page 103: Chapter 5 Managing J-Series Licenses
Managing J-series Licenses Table 25: Summary of License Management Fields Field Name Definition Feature Summary Feature Name of the licensed feature or port: J-series licenses listed in Table 23 and Table 24 All features—All-inclusive licenses Licenses Used Number of licenses currently being used on the router. Usage is determined by the configuration on the router.
Page 104: Deleting Licenses With The J-Web User Interface
J-series™ Services Router User Guide Go on to “Verifying J-series License Management” on page 76. Deleting Licenses with the J-Web User Interface To delete one or more license keys from a Services Router with the J-Web license manager: In the J-Web interface, select Manage>Licenses. Select the check box of the license or licenses you want to delete.
Page 105: Managing J-Series Licenses With The Cli
Managing J-series Licenses Managing J-series Licenses with the CLI To manage the J-series licenses with the CLI, perform the following tasks. Adding New Licenses with the CLI on page 75 Deleting a License with the CLI on page 75 Saving License Keys with the CLI on page 76 Adding New Licenses with the CLI To add a new license key to the Services Router with the CLI: Enter operational mode in the CLI.
Page 106: Saving License Keys With The Cli
J-series™ Services Router User Guide Saving License Keys with the CLI To save the licenses installed on the Services Router to a file with the CLI: Enter operational mode in the CLI. To save the installed license keys to a file or URL, enter the following command: request system license save filename | url For example, the following command saves the installed license keys to a file named...
Page 107: Displaying License Usage
Managing J-series Licenses Features: if-t1-4 - Four additional T1 ports License identifier: li41597793 State: valid License version: 2 Valid for device: jp47859620 Features: ipsec-vpn - IPSec VPN tunnelling The output shows a list of the licenses installed on the Services Router. Verify the What It Means following information: Each license is present.
Page 108: Displaying Installed License Keys
J-series™ Services Router User Guide shows that stateful firewall, J-Flow, and BGP route reflection are configured. Additionally, three T1 interfaces and six serial interfaces are configured. If free port licenses are being used, the number of free licenses being used is listed in parentheses next to the number of used licenses.
Page 109: Configuring Network Interfaces
Chapter 6 Configuring Network Interfaces Each Services Router can support types of interfaces suited to different functions. The router uses network interfaces to transmit and receive network traffic. For network interfaces to operate, you must configure properties such as logical interfaces, the encapsulation type, and certain settings specific to the interface type.
Page 110 J-series™ Services Router User Guide Term Definition checksum See frame checksum sequence . channel service unit (CSU) Unit that connects a digital telephone line to a multiplexer or other signal service. Cisco HDLC Cisco High-level Data Link Control protocol. Proprietary Cisco encapsulation for transmitting LAN protocols over a WAN.
Page 111 Configuring Network Interfaces Term Definition High-level Data Link Control International Telecommunication Union (ITU) standard for a bit-oriented data link layer protocol on which most other bit-oriented protocols are based. hostname Name assigned to the Services Router during initial configuration. logical interface Virtual interface that you create on a physical interface to identify its connection.
Page 112: Interfaces Overview
J-series™ Services Router User Guide Interfaces Overview This section contains the following topics: Network Interface Types on page 82 Interfaces and Interface Naming on page 82 Network Interface Types J-series Services Routers support the following network interface types: E1, Fast Ethernet, serial, T1, and T3. T3 interfaces, which are also known as DS3 interfaces, are supported on J6300 Services Routers only.
Page 113: Chapter 6 Configuring Network Interfaces
(also known as DS3) WAN interface. tap—This interface is internally generated and not configurable. Number of the Flexible On a J2300 router, always 0. PIM concentrator (FPC) On a J4300 or J6300 router, a value from 0 through 6. on which the physical interface is located.
Page 114: Before You Begin
Connectivity” on page 47. If you do not already have a basic understanding of physical and logical interfaces and Juniper Networks interface conventions, read “Interfaces Overview” on page 82. Although not a requirement, you might also want to plan how you are going to use the various network interfaces before you start configuring them.
Page 115 Configuring Network Interfaces Figure 25: Quick Configuration Interfaces Page To configure a network interface with Quick Configuration: In the J-Web user interface, select Configuration>Quick Configuration>Interfaces. You can select Interfaces in the list under Router Configuration or from the left pane. A list of the network interfaces present on the Services Router is displayed, as shown in Figure 25.
Page 116: Configuring An E1 Interface With Quick Configuration
J-series™ Services Router User Guide Configuring a T3 Interface with Quick Configuration on page 95 Configuring a Serial Interface with Quick Configuration on page 98 Configuring an E1 Interface with Quick Configuration To configure properties on an E1 interface: From the Quick Configuration page, as shown in Figure 25, select the E1 interface you want to configure.
Page 117 Configuring Network Interfaces Enter information into the Quick Configuration page, as described in Table 28. Click one of the following buttons: To apply the configuration and stay in the Quick Configuration page, click Apply. To apply the configuration and return to the main configuration page, click OK.
Page 118 J-series™ Services Router User Guide Field Function Your Action Enable CHAP Enables or disables CHAP authentication To enable CHAP, select the on an E1 interface with PPP check box. encapsulation only. To disable CHAP, clear the check box. CHAP Local Identity (available if CHAP is enabled) Use System Host Name Specifies that the E1 interface use the To enable, select the check box...
Page 119: Configuring A Fast Ethernet Interface With Quick Configuration
Configuring Network Interfaces Field Function Your Action Timeslots Specifies the number of time slots Type numeric values from 2 through allocated to a fractional E1 interface. By 32. Separate discontinuous entries with default, an E1 interface uses all the time commas, and use hyphens to indicate slots.
Page 120 J-series™ Services Router User Guide Figure 27: Fast Ethernet Interfaces Quick Configuration Page Enter information into the Quick Configuration page, as described in Table 29. Click one of the following buttons: To apply the configuration and stay in the Quick Configuration page, click Apply.
Page 121: Configuring A T1 Interface With Quick Configuration
Configuring Network Interfaces Table 29: Fast Ethernet Quick Configuration Summary Field Function Your Action Logical Interfaces Add logical interfaces Defines one or more logical units Click Add. that you connect to this physical Fast Ethernet interface. You must define at least one logical unit for a Fast Ethernet interface.
Page 122 J-series™ Services Router User Guide Figure 28: T1 Interfaces Quick Configuration Page Enter information into the Quick Configuration page, as described in Table 30. Click one of the following buttons: To apply the configuration and stay in the Quick Configuration page, click Apply.
Page 123 Configuring Network Interfaces Table 30: T1 Quick Configuration Summary Field Function Your Action Logical Interfaces Add logical interfaces Defines one or more logical units Click Add. that you connect to this physical T1 interface. You must define at least one logical unit for a T1 interface. You can define multiple units if the encapsulation type is Frame Relay.
Page 124 J-series™ Services Router User Guide Field Function Your Action T1 Options Specifies the maximum transmission Type a value between 256 and 9192 unit size for the T1 interface. bytes. The default MTU for T1 interfaces is 1504. Clocking Specifies the transmit clock source for From the drop-down list, select one of the T1 line.
Page 125: Configuring A T3 Interface With Quick Configuration
Configuring Network Interfaces Field Function Your Action Frame Checksum Specifies the number of bits in the frame Select 16 or 32. The default value is 16. checksum. A 32–bit checksum provides more reliable packet verification, but is not supported by some older equipment.
Page 126 J-series™ Services Router User Guide Figure 29: T3 Interfaces Quick Configuration Page Enter information into the Quick Configuration page, as described in Table 31. Click one of the following buttons: To apply the configuration and stay in the Quick Configuration page, click Apply.
Page 127 Configuring Network Interfaces Table 31: T3 Quick Configuration Summary Field Function Your Action Logical Interfaces Add logical interfaces Defines one or more logical units Click Add. that you connect to this physical T3 interface. You must define at least one logical unit for a T3 interface. You can define multiple units if the encapsulation type is Frame Relay.
Page 128: Configuring A Serial Interface With Quick Configuration
J-series™ Services Router User Guide Field Function Your Action T3 Options Specifies the maximum transmission Type a value between 256 and 9192 unit size for the T3 interface. bytes. The default MTU for T3 interfaces is 4474. Clocking Specifies the transmit clock source for From the drop-down list, select one of the T3 line.
Page 129 Configuring Network Interfaces Figure 30: Serial Interfaces Quick Configuration Page Enter information into the Quick Configuration page, as described in Table 32. Click one of the following buttons: To apply the configuration and stay in the Quick Configuration page, click Apply. To apply the configuration and return to the main configuration page, click OK.
Page 130 J-series™ Services Router User Guide Table 32: Serial Quick Configuration Summary Field Function Your Action Logical Interfaces Add logical interfaces Defines one or more logical units that Click Add. you connect to this physical serial interface. You must define at least one logical unit for a serial interface.
Page 131 Configuring Network Interfaces Field Function Your Action Serial Options Specifies the maximum transmission Type a value between 256 and 9192 unit size for a serial interface. bytes. The default MTU for serial interfaces is 1504. Clocking Mode Specifies the clock source to determine From the drop-down list, select one of the timing on serial interfaces.
Page 132: Configuring Network Interfaces With A Configuration Editor
J-series™ Services Router User Guide Configuring Network Interfaces with a Configuration Editor To enable the interfaces installed on your Services Router to work properly, you must configure their properties. You can perform basic interface configuration using the J-Web Configuration Page, as described in “Configuring Network Interfaces with Quick Configuration”...
Page 133: Deleting A Network Interface With A Configuration Editor
Configuring Network Interfaces Task J-Web Configuration Editor CLI Configuration Editor Create the basic configuration for the Under Interface Name in the Enter values for physical interface new interface. table, click the name of the new properties as needed. Examples include interface.
Page 134: Verifying Interface Configuration
J-series™ Services Router User Guide Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 34. Table 34: Deleting an Interface Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the In the configuration From the top of the configuration...
Page 135: Verifying Interface Properties
Configuring Network Interfaces For each interface on the Services Router: Action In the J-Web interface, select Diagnose>Ping Host. In the Remote Host box, type the address of the interface for which you want to verify the link state. Click Start. Output appears on a separate page. Sample Output PING 10.10.10.10 : 56 data bytes 64 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=0.382 ms...
Page 136 J-series™ Services Router User Guide 2 assured-forw 3 network-cont Active alarms : None Active defects : None The output shows a summary of interface information. Verify the following What It Means information: The physical interface is . If the interface is shown as , do Enabled Disabled...
Page 137: Using The J-Series User Interfaces
Part 3 Using the J-series User Interfaces J-series User Interface Overview on page 109 Using J-series Configuration Tools on page 127 Using the J-series User Interfaces...
Page 138: Using The J-Series User Interfaces
Using the J-series User Interfaces...
Page 139: J-Series User Interface Overview
Chapter 7 J-series User Interface Overview You can use two user interfaces to monitor, configure, troubleshoot, and manage the Services Router—the J-Web interface and the JUNOS command-line interface (CLI). This chapter contains the following topics: User Interface Overview on page 109 Before You Begin on page 112 Using the J-Web Interface on page 112 Using the Command-Line Interface on page 117...
Page 140: Cli Overview
J-series™ Services Router User Guide example, to display a summary of routing table entries, click Monitor in the task bar, then click Routing in the side pane. The routes are displayed in the main pane. For more information about the J-Web interface, see “Using the J-Web Interface”...
Page 141: J-Series User Interface Overview
J-series User Interface Overview Table 35: Services Router Configuration Interfaces Services Description Capabilities Recommendations Router Interface J-Web Quick Web browser pages for setting up the Configure basic router services: Use for basic Configuration Services Router quickly and easily without configuration. Setup configuring each statement individually.
Page 142: Before You Begin
J-series™ Services Router User Guide Before You Begin Before you start the user interface, you must perform the initial Services Router configuration described in “Establishing Basic Connectivity” on page 47. After the initial configuration, you use your username and password, and the hostname or IP address of the router, to start the user interface.
Page 143: J-Web Layout
J-series User Interface Overview J-Web Layout Each page of the J-Web interface is divided into the following panes shown in Figure 31 and Figure 32: Top pane—Displays identifying information and links. Main pane—Location where you monitor, configure, diagnose, and manage the Services Router by entering information in text boxes, making selections, and clicking buttons.
Page 144 J-series™ Services Router User Guide Figure 31: J-Web Layout Using the J-Web Interface...
Page 145 J-series User Interface Overview Figure 32: J-Web Layout—Configuration Editor Table 36: Summary of J-Web Elements J-Web Interface Element Description Top Pane Juniper Networks logo www.juniper.net Link to in a new browser window. Using the J-Web Interface...
Page 146 J-series™ Services Router User Guide J-Web Interface Element Description hostname – model Hostname and model of the Services Router. Logged in as: username Username you used to log in to the Services Router. Help Link to context-sensitive help information. About Displays information about the J-Web Interface, such as the version number.
Page 147: J-Web Sessions
J-series User Interface Overview J-Web Sessions You establish a J-Web session with the Services Router through an HTTP- or HTTPS-enabled Web browser. The HTTPS protocol, which uses 128-bit encryption, is available only in domestic versions of the JUNOS software. To use HTTPS, you must have installed the certificate provided by the Services Router.
Page 148: Starting The Cli
J-series™ Services Router User Guide Figure 33: CLI Command Hierarchy Example show isis ospf route system ......brief exact protocol table terse To execute a command, you enter the full command name, starting at the top level of the hierarchy.
Page 149: Cli Operational Mode
J-series User Interface Overview Start the CLI. user# cli user@host> The presence of the angle bracket (>) prompt indicates the CLI has started. By default, the prompt is preceded by a string that contains your username and the hostname of the Services Router. To exit the CLI and return to the UNIX shell, enter the command.
Page 150: Cli Configuration Mode
J-series™ Services Router User Guide At the top level of operational mode are a number of broad groups of CLI commands that are used to perform the following functions: Control the CLI environment. Monitor and troubleshoot the router. Connect to other systems. Manage files and software images.
Page 151: Cli Basics
J-series User Interface Overview rename Rename a statement rollback Roll back to previous committed configuration Run an operational-mode command save Save configuration to ASCII file Set a parameter show Show a parameter status Show users currently editing configuration Exit to top level of configuration Exit one level of configuration wildcard Wildcard operations...
Page 152: Command Completion
J-series™ Services Router User Guide Table 37: CLI Editing Keystrokes Task Category Action Keyboard Sequence Move the cursor. Move the cursor back one character. Ctrl-b Move the cursor back one word. Esc b Move the cursor forward one character. Ctrl-f Move the cursor forward one word.
Page 153: Online Help
J-series User Interface Overview You can also use command completion on filenames and usernames. To display all possible values, type one or more characters followed immediately by a question mark. To complete these partial entries, press Tab only. Pressing Spacebar does not work. Online Help The CLI provides context-sensitive help at every level of the command hierarchy.
Page 154: Configuring The Cli Environment
J-series™ Services Router User Guide Configuring the CLI Environment You can configure the CLI environment for your current login session. Your settings are not retained when you exit the CLI. To display the current CLI settings, enter the command: show cli user@host>...
Page 155 J-series User Interface Overview Environment Feature CLI Command Default Setting Options Your session never times Minutes of idle time set cli idle-time minutes To enable the out unless your login class timeout feature, specifies a timeout. replace timeout with a value between 1 and 100,000.
Page 156 J-series™ Services Router User Guide Using the Command-Line Interface...
Page 157: Using J-Series Configuration Tools
Chapter 8 Using J-series Configuration Tools Use J-series configuration tools to configure all services on a J-series Services Router, including system parameters, routing protocols, interfaces, network management, and user access. This chapter contains the following topics: Configuration Tools Terms on page 127 Configuration Tools Overview on page 128 Before You Begin on page 130 Using J-Web Quick Configuration on page 131...
Page 158: Configuration Tools Overview
0 (the current operational version), and the oldest saved configuration is version 49. You can roll back the configuration to any saved version. Version 0 is stored in the file , and the last three juniper.conf committed configurations are stored in the files juniper.conf.1.gz juniper.conf.2.gz .
Page 159: Using J-Series Configuration Tools
Using J-series Configuration Tools remaining 46 previous versions of committed configurations—files juniper.conf.4.gz through —are stored in the directory. juniper.conf.49.gz /var/db/config J-Web Configuration Options You access the J-Web interface configuration tools by selecting Configuration in the task bar. Table 40 describes the J-Web configuration options.
Page 160: Filtering Configuration Command Output
J-series™ Services Router User Guide Command Function load Load a configuration from an ASCII configuration file or from terminal input. rollback Return to a previously committed configuration. save Save the configuration to an ASCII file. Modifying the Configuration and Its Statements activate Activate a previously deactivated statement or identifier.
Page 161: Using J-Web Quick Configuration
Using J-series Configuration Tools Using J-Web Quick Configuration Use J-Web Quick Configuration to quickly and easily configure the Services Router for basic operation. To access Quick Configuration, select Configuration>Quick Configuration. You can select a Quick Configuration option from either the side pane or the main pane (see Figure 34). To configure the Services Router using Quick Configuration, see the configuration sections in this manual.
Page 162: Using The J-Web Configuration Editor
J-series™ Services Router User Guide Table 42: J-Web Quick Configuration Buttons Button Function Adds statements or identifiers to the configuration. Delete Deletes statements or identifiers from the configuration. Commits your entries into the configuration, and returns you one level up in the configuration hierarchy. Cancel Clears the entries you have not yet applied to the configuration, and returns you one level up in the configuration hierarchy.
Page 163 Using J-series Configuration Tools Figure 35: Edit Configuration Page (Clickable) To expand or hide the hierarchy of all the statements in the side pane, click Expand all or Hide all. To expand or hide an individual statement in the hierarchy, click the expand ( ) or collapse ( ) icon to the left of the statement.
Page 164 J-series™ Services Router User Guide To include or edit statements in the candidate configuration, click one of the links described in Table 43 in the main pane. Then specify configuration information by typing into a field, selecting a value from a list, or clicking a check box (toggle). Table 43: J-Web Edit Clickable Configuration Links Link Function...
Page 165: Discarding Parts Of A Candidate Configuration
Using J-series Configuration Tools Table 45: J-Web Edit Clickable Configuration Buttons Button Function Applies edits to the candidate configuration, and returns you one level up in the configuration hierarchy. Cancel Clears the entries you have not yet applied to the candidate configuration, and returns you one level up in the configuration hierarchy.
Page 166: Committing A Clickable Configuration
J-series™ Services Router User Guide The updated candidate configuration does not take effect on the Services Router until you commit it. Committing a Clickable Configuration When you finish making changes to a candidate configuration with the J-Web configuration editor’s clickable interface, you must commit the changes to use them in the current operational software running on the Services Router.
Page 167: Editing And Committing The Configuration Text
Using J-series Configuration Tools Figure 36: View Configuration Text Page Editing and Committing the Configuration Text To edit the entire configuration in text format: CAUTION: We recommend that you use this method to edit and commit the configuration only if you have experience editing configurations through the CLI. Select Configuration>View and Edit>Edit Configuration Text.
Page 168: Uploading A Configuration File
J-series™ Services Router User Guide You can edit the candidate configuration using standard text editor operations—insert lines (by using the Enter key), delete lines, and modify, copy, and paste text. Click OK to load and commit the configuration. The Services Router checks the configuration for the correct syntax before committing it.
Page 169: Managing Configuration Files With The J-Web Interface
Using J-series Configuration Tools Select Configuration>View and Edit>Upload Configuration File. The main pane displays the File to Upload box (see Figure 38). Specify the name of the file to upload using one of the following methods: Type the absolute path and filename in the File to Upload box. Click Browse to navigate to the file.
Page 170: Configuration Database And History Overview
J-series™ Services Router User Guide Comparing Configuration Files on page 142 Downloading a Configuration File on page 144 Loading a Previous Configuration File on page 145 Setting a Rescue Configuration on page 145 Configuration Database and History Overview When you commit a configuration, the Services Router saves the current operational version and the previous 49 versions of committed configurations.
Page 171 Using J-series Configuration Tools Table 46: J-Web Configuration Database Information Summary Field Description User Name Name of user editing the configuration. Start Time Time of day the user logged in to the Services Router. Idle Time Elapsed time since the user issued a configuration command from the CLI. Terminal Terminal on which the user is logged in.
Page 172: Displaying Users Editing The Configuration
J-series™ Services Router User Guide Field Description Log Message Method used to edit the configuration: Imported via paste—Configuration was edited and loaded with the Configuration>View and Edit>Edit Configuration Text option. For more information, see “Editing and Committing the Configuration Text” on page 137. Imported upload [ filename ]—Configuration was uploaded with the Configuration>View and Edit>Upload Configuration File option.
Page 173 Using J-series Configuration Tools Click two of the check boxes to the left of the configuration versions you want to compare. Click Compare. The main pane displays the differences between the two configuration files at each hierarchy level as follows (see Figure 40): Lines that have changed are highlighted side by side in green.
Page 174: Downloading A Configuration File
J-series™ Services Router User Guide Figure 40: J-Web Configuration File Comparison Results Downloading a Configuration File To download a configuration file from the Services Router to your local system: Select Configuration>History. A list of the current and previous 49 configurations is displayed as Configuration History in the main pane (see Figure 39).
Page 175: Loading A Previous Configuration File
Using J-series Configuration Tools Select the options your Web browser provides that allow you to save the configuration file to a target directory on your local system. The file is saved as an ASCII file. Loading a Previous Configuration File To download a configuration file from the Services Router to your local system: To load (roll back) and commit a previous configuration file stored on the Services Router:...
Page 176: Using The Cli Configuration Editor
J-series™ Services Router User Guide To view, set, or delete the rescue configuration, select Configuration>Rescue. On the Rescue page, you can perform the following tasks: View the current rescue configuration—Click View rescue configuration. Set the current running configuration as the rescue configuration—Click Set rescue configuration.
Page 177 Using J-series Configuration Tools For each user, the CLI displays the username, terminal, process identifier, login date and time, and hierarchy level being edited. You can specify the terminal and process identifier in the command. request system logout To exit configuration mode and return to operational mode: For the top level, enter the following command: user@host# exit From any level, enter the following command:...
Page 178: Navigating The Configuration Hierarchy
J-series™ Services Router User Guide Navigating the Configuration Hierarchy When you first enter configuration mode, you are at the top level of the configuration command hierarchy, which is indicated by the banner. [edit] To move down through an existing configuration command hierarchy, or to create a hierarchy and move down to that level, use the command, edit...
Page 179: Modifying The Configuration
Using J-series Configuration Tools To move directly to the top level of the hierarchy, enter the command. For example: [edit protocols ospf area 0.0.0.0] user@host# top [edit] user@host# To display the configuration, enter the command: show show < statement-path > The configuration at the current hierarchy level, or at the level specified by , is displayed.
Page 180: Adding Or Modifying A Statement Or Identifier
J-series™ Services Router User Guide Adding or Modifying a Statement or Identifier To add or modify statements in a configuration, use the command: set < statement-path > statement < identifier > Replace with the path to the statement from the current hierarchy statement-path level, and with the statement itself.
Page 181: Copying A Statement
Using J-series Configuration Tools Copying a Statement To make a copy of an existing statement in the configuration, use the command: copy copy existing-statement to new-statement The existing statement and all its subordinate statements are copied and added to the configuration. After you enter the command, the configuration copy might not be valid.
Page 182: Inserting An Identifier
J-series™ Services Router User Guide In the example provided in “Copying a Statement” on page 151, to rename the IP address of unit from 10.14.1.1/24 10.14.2.1/24 enter the command as follows: rename user@host# rename interfaces fe-0/0/0 unit 1 family inet address 10.14.1.1/24 to address 10.14.2.1/24 Inserting an Identifier To insert an identifier into a specific location within the configuration,...
Page 183: Deactivating A Statement Or Identifier
Using J-series Configuration Tools [edit] user@host# show firewall family inet { filter filter1 { term term1 { from { address { 192.168.0.0/16; then { reject; term term2 { from { destination-port ssh; then accept; term term3 { then { reject; Deactivating a Statement or Identifier You can deactivate a statement or identifier so that it does not take effect when you enter the...
Page 184: Committing A Configuration With The Cli
J-series™ Services Router User Guide [edit interfaces] user@host# show inactive: fe–0/0/0 { unit 0 { family inet { address 10.14.1.1/24; Committing a Configuration with the CLI To save candidate configuration changes to the configuration database and activate the configuration on the Services Router, enter the command from any commit hierarchy level:...
Page 185: Committing A Configuration And Exiting Configuration Mode
Using J-series Configuration Tools configuration check succeeds If the configuration contains syntax errors, a message indicates the location of the error. Committing a Configuration and Exiting Configuration Mode To save candidate configuration changes, activate the configuration on the Services Router, and exit configuration mode, enter the command: commit and-quit [edit]...
Page 186: Loading A Previous Configuration File
J-series™ Services Router User Guide Replace with or the time at which the configuration is to be reboot string committed, in one of the following formats: <: >—Hours, minutes, and seconds (optional), in 24-hour format. For example, is 8:30 PM. 20:30 <: >—Year, month, date, hours, minutes, and seconds...
Page 187: Entering Operational Mode Commands During Configuration
Using J-series Configuration Tools user@host# commit To display previous configurations, including the rollback number, date, time, name of the user who committed changes, and commit method, use the command: rollback ? user@host# rollback ? Possible completions: <[Enter]> Execute this command 2004-05-27 14:50:05 PDT by root via junoscript 2004-05-27 14:00:14 PDT by root via cli 2004-05-27 13:16:19 PDT by snmpset via snmp...
Page 188: Managing Configuration Files With The Cli
J-series™ Services Router User Guide Managing Configuration Files with the CLI This section contains the following topics: Loading a New Configuration File on page 158 Saving a Configuration File on page 160 Loading a New Configuration File You can create a configuration file, copy the file to the Services Router, and then load the file into the CLI.
Page 189 Using J-series Configuration Tools Option Function replace Replaces portions of the configuration based on the replace: tags in the incoming configuration. The Services Router searches for the replace: tags, deletes the existing statements of the same name (if any), and replaces them with the incoming configuration. If no statement of the same name exists in the configuration, the replace operation adds it to the configuration.
Page 190: Saving A Configuration File
J-series™ Services Router User Guide Figure 42: Loading a Configuration with the Replace Operation Current configuration: File contents: New contents: interfaces { interfaces { interfaces { Io0 { replace: Io0 { unit 0 { t1-3/0/0 { unit 0 { load replace family inet { unit 0 { family inet {...
Page 191: Managing The Services Router
Part 4 Managing the Services Router Managing Users and Operations on page 163 Monitoring and Diagnosing a Services Router on page 197 Configuring SNMP for Network Management on page 241 Managing the Services Router...
Page 192: Part 4 Managing The Services Router
Managing the Services Router...
Page 193: Managing Users And Operations
Chapter 9 Managing Users and Operations You can use either J-Web Quick Configuration or a configuration editor to manage system functions, including RADIUS and TACACS+ servers, user login accounts, routine file operations, and system log messages. This chapter contains the following topics. For more information about system management, see the JUNOS System Basics Configuration Guide.
Page 194: System Management Overview
J-series™ Services Router User Guide System Management Overview This section contains the following topics: System Authentication on page 164 User Accounts on page 164 Login Classes on page 165 Template Accounts on page 167 System Log Files on page 168 System Authentication The JUNOS software supports three methods of user authentication: local password authentication, Remote Authentication Dial-In User Service (RADIUS), and...
Page 195: Chapter 9 Managing Users And Operations
Managing Users and Operations must be unique within the router. If you do not assign a UID to a username, the software assigns one when you commit the configuration, preferring the lowest available number. User’s access privilege—You can create login classes with specific permission bits or use one of the default classes listed in Table 52.
Page 196 J-series™ Services Router User Guide Table 51: Permission Bits for Login Classes Permission Bit Access admin Can view user account information in configuration mode and with the show configuration command. admin-control Can view user accounts and configure them (at the [edit system login] hierarchy level). access Can view the access configuration in configuration mode and with the show configuration operational mode command.
Page 197: Denying Or Allowing Individual Commands
If a user is authenticated, the server returns the local username to the router, which then determines whether a local username is specified for that login name ( for TACACS+, for RADIUS). If local-username Juniper-Local-User System Management Overview...
Page 198: System Log Files
J-series™ Services Router User Guide so, the router selects the appropriate local user template locally configured on the router. If a local user template does not exist for the authenticated user, the router defaults to the template. remote For more information, see “Setting Up Template Accounts” on page 189. System Log Files The JUNOS software generates system log messages (also called syslog messages) to record events that occur on the Services Router, including the following:...
Page 199: Managing Users And Files With The J-Web Interface
Managing Users and Operations Managing Users and Files with the J-Web Interface This section contains the following topics: Managing Users with Quick Configuration on page 169 Managing Files with the J-Web Interface on page 177 Managing Users with Quick Configuration This section contains the following topics: Adding a RADIUS Server for Authentication on page 169 Adding a TACACS+ Server for Authentication on page 171...
Page 200 J-series™ Services Router User Guide Figure 44: Users Quick Configuration Page for RADIUS Servers To configure a RADIUS server with Quick Configuration: In the J-Web interface, select Configuration>Quick Configuration>Users. Under RADIUS servers, click Add to configure a RADIUS server. Enter information into the Users Quick Configuration page for RADIUS servers, as described in Table 53.
Page 201: Adding A Tacacs+ Server For Authentication
Managing Users and Operations Table 53: Users Quick Configuration for RADIUS Servers Summary Field Function Your Action RADIUS Server RADIUS Server Address (required) Identifies the IP address of the RADIUS Type the RADIUS server’s 32-bit IP server. address, in dotted decimal notation. RADIUS Server Secret (required) The secret (password) of the RADIUS Type the secret (password) of the...
Page 202 J-series™ Services Router User Guide Figure 45: Users Quick Configuration Page for TACACS+ Servers To configure a TACACS+ server with Quick Configuration: In the J-Web interface, select Configuration>Quick Configuration>Users. Under TACACS+ servers, click Add to configure a TACACS+ server. Enter information into the Users Quick Configuration page for TACACS+ servers, as described in Table 54.
Page 203: Configuring System Authentication
Managing Users and Operations Table 54: Users Quick Configuration for TACACS+ Servers Summary Field Function Your Action TACACS+ Server TACACS+ Server Address (required) Identifies the IP address of the TACACS+ Type the TACACS+ server’s 32-bit IP server. address, in dotted decimal notation. TACACS+ Server Secret (required) The secret (password) of the TACACS+ Type the secret (password) of the...
Page 204 J-series™ Services Router User Guide Figure 46: Users Quick Configuration Page To configure system authentication with Quick Configuration: In the J-Web interface, select Configuration>Quick Configuration>Users. Under Authentication Servers, select the check box next to each authentication method the router must use when users log in: RADIUS TACACS+ Local Password...
Page 205: Adding New Users
Managing Users and Operations Click one of the following buttons on the Users Quick Configuration page: To apply the configuration and stay in the Users Quick Configuration page, click Apply. To apply the configuration and return to the Quick Configuration page, click OK.
Page 206 J-series™ Services Router User Guide To configure users with Quick Configuration: In the J-Web interface, select Configuration>Quick Configuration>Users. Under Users, click Add to add a new user. Enter information into the Add a User Quick Configuration page, as described in Table 55. Click one of the following buttons on the Add a User Quick Configuration page: To apply the configuration and return to the Users Quick Configuration page, click OK.
Page 207: Managing Files With The J-Web Interface
Managing Users and Operations Field Function Your Action Login Password (required) The login password for this user. Type the login password for this user. The login password must meet the following criteria: The password must be at least 6 characters long. You can include most character classes in a password (alphabetic, numeric, and...
Page 208 J-series™ Services Router User Guide Figure 48: Clean Up Files Page To rotate and delete files with the J-Web interface: In the J-Web interface, select Manage>Files. In the Clean Up Files section, click Clean Up Files. The router rotates log files and identifies the files that can be safely deleted.
Page 209: Downloading Files
Managing Users and Operations To cancel your entries and return to the list of files in the directory, click Cancel. Downloading Files You can use the J-Web interface to download a copy of an individual file from the Services Router. When you download a file, it is not deleted from the file system. Figure 49 shows the J-Web page from which you can download log files.
Page 210: Deleting Files
J-series™ Services Router User Guide In the J-Web interface, select Manage>Files. In the Download and Delete Files section, click one of the following file types: Log Files—Lists the log files located in the directory on the /cf/var/log router. Temporary Files—Lists the temporary files located in the /cf/var/tmp directory on the router.
Page 211 Managing Users and Operations Figure 50: Confirm File Delete Page To rotate and delete files with the J-Web interface: In the J-Web interface, select Manage>Files. In the Download and Delete Files section, click one of the following file types: Log Files—Lists the log files located in the directory on the /cf/var/log router.
Page 212: Managing Users And Files With A Configuration Editor
J-series™ Services Router User Guide Click one of the following buttons on the confirmation page: To delete the files and return to the Files page, click OK. To cancel your entries and return to the list of files in the directory, click Cancel.
Page 213: Setting Up Tacacs+ Authentication
Managing Users and Operations To specify a system authentication order, see “Configuring Authentication Order” on page 185. To configure a remote user template account, see “Creating a Remote Template Account” on page 189. To configure local user template accounts, see “Creating a Local Template Account”...
Page 214 J-series™ Services Router User Guide To configure TACACS+ authentication: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 57. If you are finished configuring the network, commit the configuration. To completely set up TACACS+ authentication, you must create user template accounts and specify a system authentication order.
Page 215: Configuring Authentication Order
Managing Users and Operations Configuring Authentication Order The procedure provided in this section configures the Services Router to attempt user authentication with the local password first, then with the RADIUS server, and finally with the TACACS+ server. To configure authentication order: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 216: Controlling User Access
J-series™ Services Router User Guide Controlling User Access This section contains the following topics: Defining Login Classes on page 186 Creating User Accounts on page 188 Defining Login Classes You can define any number of login classes. You then apply one login class to an individual user account, as described in “Creating User Accounts”...
Page 217 Managing Users and Operations Task J-Web Configuration Editor CLI Configuration Editor Create a login class named Next to Class, click Add new entry. Set the name of the login class and the operator-and-boot with the ability ability to use the request system reboot Type the name of the login class: to reboot the router.
Page 218: Creating User Accounts
J-series™ Services Router User Guide Creating User Accounts User accounts provide one way for users to access the Services Router. (Users can access the router without accounts if you configured RADIUS or TACACS+ servers, as described in “Setting Up RADIUS Authentication” on page 182 and “Setting Up TACACS+ Authentication”...
Page 219: Setting Up Template Accounts
Managing Users and Operations Setting Up Template Accounts You can create template accounts that are shared by a set of users when you are using RADIUS or TACACS+ authentication. When a user is authenticated by a template account, the CLI username is the login name, and the privileges, file ownership, and effective user ID are inherited from the template account.
Page 220: Creating A Local Template Account
J-series™ Services Router User Guide Table 61: Creating a Remote Template Account Task J-Web Configuration Editor CLI Configuration Editor Navigate to the System Login level in In the configuration editor hierarchy, From the top of the configuration the configuration hierarchy. select System>Login.
Page 221: Using System Logs
Managing Users and Operations Table 62: Creating a Local Template Account Task J-Web Configuration Editor CLI Configuration Editor Navigate to the System Login level in In the configuration editor hierarchy, From the top of the configuration the configuration hierarchy. select System>Login. hierarchy enter edit system login Create a user named admin who...
Page 222: Sending System Log Messages To A File
J-series™ Services Router User Guide Table 64: System Logging Severity Levels Severity Level (from Highest to Lowest Severity) Description emergency Panic or other conditions that cause the system to become unusable. alert Conditions that must be corrected immediately, such as a corrupted system database.
Page 223: Sending System Log Messages To A User Terminal
Managing Users and Operations Table 65: Sending Messages to a File Task J-Web Configuration Editor CLI Configuration Editor Navigate to the System Syslog level in In the configuration editor hierarchy, From the top of the configuration the configuration hierarchy. select System>Syslog. hierarchy enter edit system syslog Create a file named security, and send...
Page 224: Archiving System Logs
J-series™ Services Router User Guide Table 66: Sending Messages to a User Terminal Task J-Web Configuration Editor CLI Configuration Editor Navigate to the System Syslog level in In the configuration editor hierarchy, From the top of the configuration the configuration hierarchy. select System>Syslog.
Page 225: Using The Telnet Command
Managing Users and Operations Using the telnet Command on page 195 Using the ssh Command on page 195 Using the telnet Command You can use the CLI command to open a telnet session to a remote device: telnet user@host> telnet host <8bit> <bypass-routing> <inet> <interface interface-name >...
Page 226 J-series™ Services Router User Guide Table 68: CLI ssh Command Options Option Description bypass-routing Bypass the routing tables and open an SSH connection only to hosts on directly attached interfaces. If the host is not on a directly attached interface, an error message is returned.
Page 227: Monitoring And Diagnosing A Services Router
Chapter 10 Monitoring and Diagnosing a Services Router J-series Services Routers support a suite of J-Web tools and CLI operational mode commands for monitoring and managing system health and performance. Monitoring tools and commands display the current state of the router. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.
Page 228: Monitoring And Diagnostic Tools Overview
J-series™ Services Router User Guide Term Definition Internet Control Message TCP/IP protocol used to send error and information messages. Protocol (ICMP) routing instance Collection of routing tables, interfaces, and routing protocol interfaces. The set of interfaces belongs to the routing tables, and the routing protocol parameters control the information in the routing tables.
Page 229: Chapter 10 Monitoring And Diagnosing A Services Router
Monitoring and Diagnosing a Services Router tables, routing policy filters, and the chassis. Use the CLI command to clear clear statistics and protocol database information. Table 70 describes the function of each J-Web Monitor option and lists the corresponding CLI commands.
Page 230: J-Web Diagnostic Tools Overview
J-series™ Services Router User Guide Monitor Option Function Corresponding CLI Commands Firewall Displays firewall and intrusion Stateful firewall information detection service (IDS) information show services stateful-firewall through the following options: conversations Stateful Firewall—Displays show services stateful-firewall flows the stateful firewall configuration.
Page 231: Cli Diagnostic Commands Overview
Monitoring and Diagnosing a Services Router Option Function Licenses Displays a summary of the licenses needed and used for each feature that requires a license. Allows you to add licenses. For details, see “Managing J-series Licenses with the J-Web Interface” on page 71. Reboot Allows you to reboot the Services Router at a specified time.
Page 232: Filtering Command Output
J-series™ Services Router User Guide Command Function ping Determines the reachability of a remote network host. For details, see “Using the ping Command” on page 226. test Tests the configuration and application of policy filters and AS path regular expressions. traceroute Traces the route to a remote network host.
Page 233: Before You Begin
Monitoring and Diagnosing a Services Router address 127.0.0.1/32; For a complete list of the filters, type a command, followed by the pipe, followed by a question mark (?): user@host> show configuration | ? Possible completions: compare Compare configuration changes with prior version count Count occurrences display...
Page 234: Monitoring System Properties
J-series™ Services Router User Guide Monitoring Routing Information on page 210 Monitoring Firewalls on page 214 Monitoring IPSec Tunnels on page 216 Monitoring NAT Pools on page 217 Monitoring System Properties The system properties include everything from the name and IP address of the Services Router to the resource usage on the Routing Engine.
Page 235 Monitoring and Diagnosing a Services Router Field Values Additional Information Current Current system time, in Coordinated Universal Time Time (UTC). System Date and time when the router was last booted and Booted how long it has been running. Time Protocol Date and time when the routing protocols were last Started started and how long they have been running.
Page 236: Monitoring The Chassis
J-series™ Services Router User Guide Field Values Additional Information Memory Percentage of the installed RAM that is being used Usage by the process. CPU Usage Total CPU Sum of CPU usages by all processes, expressed as a Used percentage of total CPU available. Process ID Process identifier.
Page 237 Monitoring and Diagnosing a Services Router on the router. To view these chassis properties, select Monitor>Chassis in the J-Web interface, or enter the following CLI commands: show show chassis alarms show chassis environment show chassis hardware Table 74 summarizes key output fields in chassis displays. Table 74: Summary of Key Chassis Output Fields Field Values...
Page 238: Monitoring The Interfaces
J-series™ Services Router User Guide Field Values Additional Information Part Part number of the chassis component. Number Serial Serial number of the chassis component. The serial Use this serial number when you need to contact Number number of the backplane is also the serial number of customer support about the router chassis.
Page 239 Monitoring and Diagnosing a Services Router Field Values Additional Information Description Configured description for the interface. Interface: interface-name State Link state of the interface: Up or Down. The operational state is the physical state of the interface. If the interface is physically operational, even if it is not configured, the operational state is Up.
Page 240: Monitoring Routing Information
J-series™ Services Router User Guide Monitoring Routing Information Routing information is divided into multiple parts: To view the (IPv4) routing table in the J-Web interface, select inet.0 Monitor>Routing>Route Information, or enter the following CLI commands: show route terse show route detail To view BGP routing information, select Monitor>Routing>BGP Information, or enter the following CLI commands: show bgp summary...
Page 241 Monitoring and Diagnosing a Services Router Field Values Additional Information n routes Number of routes in the routing table: active—Number of routes that are active. holddown—Number of routes that are in hold-down state (neither advertised nor updated) before being declared inactive. hidden—Number of routes not used because of routing policies configured on the Services Router.
Page 242 J-series™ Services Router User Guide Field Values Additional Information Down Number of unavailable BGP peers. Peers Peer Address of each BGP peer. InPkt Number of packets received from the peer, OutPkt Number of packets sent to the peer. Flaps Number of times a BGP session has changed state A high number of flaps might indicate a problem with from Down to Up.
Page 243 Monitoring and Diagnosing a Services Router Field Values Additional Information Export Names of any export policies configured on the peer. Import Names of any import policies configured on the peer. Number of Number of times the BGP sessions has changed state A high number of flaps might indicate a problem with flaps from Down to Up.
Page 244: Monitoring Firewalls
J-series™ Services Router User Guide Field Values Additional Information Rip info Information about RIP on the specified interface, including UDP port number, hold-down interval (during which routes are neither advertised nor updated), and timeout interval. Logical Name of the logical interface on which RIP is interface configured.
Page 245 Monitoring and Diagnosing a Services Router Alternatively, enter the following CLI commands: show show services stateful-firewall conversations show services stateful-firewall flows To view intrusion detection service (IDS) information, select Monitor>Firewall>IDS Information. Click one of the following criteria to order the display accordingly: Bytes (received bytes) Packets (received packets) Flows...
Page 246: Monitoring Ipsec Tunnels
J-series™ Services Router User Guide Table 78: Summary of Key Firewall and IDS Output Fields Field Values Stateful Firewall Protocol Protocol used for the specified stateful firewall flow. Source IP Source prefix of the stateful firewall flow. Source Port Source port number of stateful firewall flow. Destination IP Destination prefix of the stateful firewall flow.
Page 247: Monitoring Nat Pools
Monitoring and Diagnosing a Services Router Table 79: Summary of Key IPSec Output Fields Field Values IPSec Tunnels Service Set Name of the service set for which the IPSec tunnel is defined. Rule Name of the rule set applied to the IPSec tunnel. Term Name of the IPSec term applied to the IPSec tunnel.
Page 248: Using J-Web Diagnostic Tools
J-series™ Services Router User Guide Field Values Pool Address End Upper address in the NAT pool address range. Port High Upper port in the NAT pool port range. Port Low Lower port in the NAT pool port range. Ports In Use Number of ports allocated in this NAT pool.
Page 249 Monitoring and Diagnosing a Services Router Figure 51: Ping Host Page Table 81: J-Web Ping Host Summary Field Function Your Action Remote Host Identifies the host to ping. Type the hostname or IP address of the host to ping. Advanced Options Don’t Resolve Determines whether to display hostnames of the To suppress the display of the hop...
Page 250 J-series™ Services Router User Guide Field Function Your Action Packet Size Specifies the size of the ping request packet. Type the size, in bytes, of the packet. The size can be from 0 through 65468. The router adds 8 bytes of ICMP header to the size.
Page 251 Monitoring and Diagnosing a Services Router Figure 52: Ping Host Results Page Table 82: J-Web Ping Host Results Summary Field Description bytes bytes from ip-address bytes —Size of ping response packet, which is equal to the value you entered in the Packet Size box, plus 8. ip-address —IP address of destination host that sent the ping response packet.
Page 252: Using The J-Web Traceroute Tool
J-series™ Services Router User Guide Field Description number packets received number —Number of ping responses received from host. percentage packet loss percentage —Number of ping responses divided by the number of ping requests, specified as a percentage. round-trip min/avg/max/stddev = min-time —Minimum round-trip time (see time= time field in this table).
Page 253 Monitoring and Diagnosing a Services Router Select Diagnose>Traceroute. Next to Advanced options, click the expand icon (see Figure 53). Enter information into the Traceroute page, as described in Table 83. field is the only required field. Remote Host Click Start. The results of the traceroute operation are displayed in the main pane.
Page 254 J-series™ Services Router User Guide Figure 53: Traceroute Page Table 83: Traceroute Summary Field Function Your Action Remote Host Identifies the destination host of the traceroute. Type the hostname or IP address of the destination host. Advanced Options Don’t Resolve Determines whether hostnames of the hops along To suppress the display of the hop Addresses...
Page 255 Monitoring and Diagnosing a Services Router Field Function Your Action Source Address Specifies the source address of the outgoing Type the source IP address. traceroute packets. Bypass Routing Determines whether traceroute packets are routed To bypass the routing table and send the by means of the routing table.
Page 256: Using Cli Diagnostic Commands
J-series™ Services Router User Guide If the Services Router does not display the complete path to the destination host, one of the following might apply: The host is not operational. There are network connectivity problems between the Services Router and the host.
Page 257 Monitoring and Diagnosing a Services Router Enter the command with the following syntax. Table 85 describes ping command options. ping user@host> ping host <interface source-interface > <bypass-routing> <count number > <do-not-fragment> <inet> <interval seconds > <loose-source [ hosts ]> <no-resolve> <pattern string > <rapid> <record-route>...
Page 258: Using The Traceroute Command
J-series™ Services Router User Guide Option Description verbose Displays detailed output. wait seconds Sets the maximum time to wait after sending the last ping request packet. detail Displays the interface on which the ping response was received. Following is sample output from a command: ping user@host>...
Page 259: Using The Monitor Interface Command
Monitoring and Diagnosing a Services Router Table 86: CLI traceroute Command Options Option Description host Sends traceroute packets to the hostname or IP address you specify. interface source-interface Sends the traceroute packets on the interface you specify. If you do not include this option, traceroute packets are sent on all interfaces.
Page 260 J-series™ Services Router User Guide The real-time statistics are updated every second. The Current delta Delta columns display the amount the statistics counters have changed since the command was entered or since you cleared the delta counters. monitor interface Table 87 and Table 88 list the keys you use to control the display using the options.
Page 261: Using The Monitor Traffic Command
Monitoring and Diagnosing a Services Router Input errors: Input drops: Input framing errors: Carrier transitions: Output errors: Output drops: NOTE: The output fields displayed when you enter the monitor interface interface-name command are determined by the interface you specify. user@host> monitor interface traffic Interface Link Input packets...
Page 262 J-series™ Services Router User Guide Option Description matching expression Displays packet headers that match an expression. Table 90 through Table 92 list match conditions, logical operators, and arithmetic, binary, and relational operators you can use in the expression. no-domain-names Suppresses the display of the domain name portion of the hostname.
Page 263 Monitoring and Diagnosing a Services Router Replace with any protocol in Table 90. Replace with the byte protocol byte-offset offset, from the beginning of the packet header, to use for the comparison. The optional parameter represents the number of bytes examined in size the packet header—1, 2, or 4 bytes.
Page 264 J-series™ Services Router User Guide Match Condition Description Matches IP packets with the specified address or protocol type. The arguments icmp, ip protocol [ address | (\icmp | igrp | tcp, and udp are also independent match conditions, so they must be preceded with a \tcp | \udp)] backslash (\) when used in the ip protocol match condition.
Page 265: Using The Monitor File Command
Monitoring and Diagnosing a Services Router Operator Description A match occurs if the first expression is equal to the second. A match occurs if the first expression is not equal to the second. Following is sample output from the command: monitor traffic user@host>...
Page 266: Using The Mtrace From-Source Command
J-series™ Services Router User Guide Using the mtrace from-source Command To display information about a multicast path from a source to a receiver, enter the command with the following syntax. Table 93 mtrace from-source describes the command options. mtrace from-source user@host>...
Page 267 ( ip-address ) protocol ttl Table 94 summarizes the output fields of the display. NOTE: The packet statistics gathered from Juniper Networks routers and routing nodes are always displayed as Table 94: CLI mtrace from-source Command Display Summary...
Page 268: Using The Mtrace Monitor Command
J-series™ Services Router User Guide Field Description Receiver IP address receiving the multicast packets. Query Source IP address of the host sending the query packets. Using the mtrace monitor Command To monitor and display multicast trace operations, enter the command: mtrace monitor user@host>...
Page 269 Monitoring and Diagnosing a Services Router Field Description via group address address —Group address being traced. mxhop= number number —Maximum hop setting. Using CLI Diagnostic Commands...
Page 270 J-series™ Services Router User Guide Using CLI Diagnostic Commands...
Page 271: Configuring Snmp For Network Management
Chapter 11 Configuring SNMP for Network Management The Simple Network Management Protocol (SNMP) is a client/server standard that helps you diagnose and monitor network health and statistics. You can use either J-Web Quick Configuration or a configuration editor to configure SNMP.
Page 272: Smi, Mibs, And Oids
J-series™ Services Router User Guide SNMP managers, also known as network management systems (NMSs), occupy central points in the network and they actively query and collect messages from SNMP agents in the network. SNMP agents are individual processes running on network nodes that gather information for a particular node and transfer the information to SNMP managers as queries are processed.
Page 273: Chapter 11 Configuring Snmp For Network Management
Configuring SNMP for Network Management Additionally, communities allow you to specify one or more addresses or address prefixes to which you want to either allow or deny access. By specifying a list of clients, you can control exactly which SNMP managers have access to a particular agent.
Page 274 J-series™ Services Router User Guide Figure 54: Quick Configuration Page for SNMP To configure SNMP features with Quick Configuration: In the J-Web user interface, select Configuration>Quick Configuration>SNMP. Enter information into the Quick Configuration page for SNMP, as described in Table 96. From the SNMP Quick Configuration page, click one of the following buttons: To apply the configuration and stay on the Quick Configuration page for SNMP, click Apply.
Page 275 Configuring SNMP for Network Management To apply the configuration and return to the Quick Configuration SNMP page, click OK. To cancel your entries and return to the Quick Configuration for SNMP page, click Cancel. To check the configuration, see “Verifying the SNMP Configuration” on page 251.
Page 276 J-series™ Services Router User Guide Field Function Your Action Categories Specifies which trap categories To generate traps for are added to the trap group being authentication failures, configured. select Authentication. To generate traps for chassis and environment notifications, select Chassis. To generate traps for configuration changes, select Configuration.
Page 277: Configuring Snmp With A Configuration Editor
Configuring SNMP for Network Management Configuring SNMP with a Configuration Editor To configure SNMP on a Services Router, you must perform the following tasks marked (Required): (Required) “Defining System Identification Information” on page 247 (Required) “Configuring SNMP Agents and Communities” on page 248 (Required) “Managing SNMP Trap Groups”...
Page 278: Configuring Snmp Agents And Communities
J-series™ Services Router User Guide Table 98: Configuring Basic System Identification Task J-Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Snmp. hierarchy, enter edit snmp Configure the system contact...
Page 279: Managing Snmp Trap Groups
Configuring SNMP for Network Management Table 99: Configuring SNMP Agents and Communities Task J-Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Snmp. hierarchy, enter edit snmp Create and name a community.
Page 280: Controlling Access To Mibs
J-series™ Services Router User Guide Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. To configure SNMP trap groups, perform the configuration tasks described in Table 100. If you are finished configuring the network, commit the configuration. To check the configuration, see “Verifying the SNMP Configuration”...
Page 281: Verifying The Snmp Configuration
Configuring SNMP for Network Management If you are finished configuring the network, commit the configuration. To check the configuration, see “Verifying the SNMP Configuration” on page 251. Table 101: Configuring SNMP Views Task J-Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy.
Page 282: Verifying Snmp Agent Configuration
J-series™ Services Router User Guide Verifying SNMP Agent Configuration Verify that SNMP is running and that requests and traps are being properly Purpose transmitted. From the CLI, enter the command. Action show snmp statistics Sample Output user@host> show snmp statistics SNMP statistics: Input: Packets: 246213, Bad versions: 12, Bad community names: 12,...
Page 283: Configuring Routing Protocols
Part 5 Configuring Routing Protocols Routing Overview on page 255 Configuring Static Routes on page 285 Configuring a RIP Network on page 297 Configuring an OSPF Network on page 309 Configuring BGP Sessions on page 331 Configuring Routing Protocols...
Page 284: Part 5 Configuring Routing Protocols
Configuring Routing Protocols...
Page 285: Routing Overview
Chapter 12 Routing Overview At its most fundamental level, routing is the process of delivering a message across a network or networks. This task is divided into two primary components: the exchange of routing information to accurately forward packets from source to destination and the packet-forwarding process.
Page 286 J-series™ Services Router User Guide Term Definition AS path In BGP, the list of autonomous system (ASs) that a packet must traverse to reach a given set of destinations within a single AS. autonomous system (AS) Network or collection of routers under a single administrative authority. backbone area In OSPF, the central area in an autonomous system (AS) to which all other areas are connected by area border routers (ABRs).
Page 287 Routing Overview Term Definition handshake Process of exchanging signaling information between two communications devices to establish the method and transmission speed of a connection. hello packet In OSPF, a packet sent periodically by a router to first establish and then maintain network adjacency, and to discover neighbor routers.
Page 288 J-series™ Services Router User Guide Term Definition path-vector protocol Protocol that uses the path between autonomous systems (ASs) to select the best route, rather than the shortest distance or the characteristics of the route (link state). BGP is a path-vector protocol.
Page 289: Chapter 12 Routing Overview
Routing Overview Term Definition topology database Map of connections between the nodes in a network. The topology database is stored in each node. triggered update In a network that uses RIP, a routing update that is automatically sent whenever routing information changes.
Page 290: Autonomous Systems
J-series™ Services Router User Guide (destination prefix). Subnetworks have routing gateways and share routing information in exactly the same way as large networks. Autonomous Systems A large network or collection of routers under a single administrative authority is termed an autonomous system (AS). Autonomous systems are identified by a unique numeric identifier that is assigned by the Internet Assigned Numbers Authority (IANA).
Page 291: Forwarding Tables
Routing Overview Figure 55: Simple Network Topology Boise Detroit San Francisco New Yor k Denver Cleveland Houston Phoenix Miami This simple network provides multiple ways to get from host San Francisco to host Miami. The packet can follow the path through Denver and Cleveland. Alternatively, the packet can be routed through Phoenix and directly to Miami.
Page 292: Dynamic And Static Routing
J-series™ Services Router User Guide appropriately. Although it considers the entire path, the router at any individual hop along the way is responsible only for transmitting the packet to the next hop in the path. If the Phoenix router is managing its traffic in a particular way, it might send the packet through Houston on its route to Miami.
Page 293: Route Advertisements
Routing Overview Route Advertisements The routing table and forwarding table contain the routes for the routers within a network. These routes are learned through the exchange of route advertisements. Route advertisements are exchanged according to the particular protocol being employed within the network. Generally, a router transmits hello packets out each of its interfaces.
Page 294 J-series™ Services Router User Guide Figure 58: Route Aggregation AS 10 AS 3 170.16.124.17 172.16/16 170.16.124/24 172.16/16 AS 17 Figure 58 shows three different ASs. Each AS contains multiple subnetworks with thousands of host addresses. To allow traffic to be sent from any host to any host, the routing tables for each host must include a route for each destination.
Page 295: Rip Overview
Routing Overview destined for a host within the AS is forwarded to the gateway router, which is then responsible for forwarding the packet to the appropriate host. Similarly, in this example, the gateway router is responsible for maintaining 2 16 routes within the AS (in addition to any external routes).
Page 296: Maximizing Hop Count
J-series™ Services Router User Guide Figure 59: Distance-Vector Protocol Routing information Route table A Route table B In Figure 59, routers A and B have RIP enabled on adjacent interfaces. Router A has known RIP neighbors routers C, D, and E, which are 1, 2, and 3 hops away, respectively.
Page 297: Rip Packets
Routing Overview RIP Packets Routing information is exchanged in a RIP network by RIP request and RIP response packets. A router that has just booted can broadcast a RIP request on all RIP-enabled interfaces. Any routers running RIP on those links receive the request and respond by sending a RIP response packet immediately to the router.
Page 298: Limitations Of Unidirectional Connectivity
J-series™ Services Router User Guide In Figure 60, router A advertises routes to routers C, D, and E to router B. In this example, router A can reach router C in 2 hops. When router A advertises the route to router B, B imports it as a route to router C through router A in 3 hops.
Page 299: Ospf Overview
Routing Overview Figure 62: Limitations of Unidirectional Connectivity In Figure 62, routers A and D flood their routing table information to router B. Because the path to router E has the fewest hops when routed through router A, that route is imported into router B’s forwarding table. However, suppose that router A can transmit traffic but is not receiving traffic from router B due to an unavailable link or invalid routing policy.
Page 300: Link-State Advertisements
J-series™ Services Router User Guide NOTE: The J-series services gateway supports both OSPF version 2 and OSPF version 3. In this guide, the term OSPF refers to both versions of the protocol. Link-State Advertisements OSPF creates a topology map by flooding link-state advertisements (LSAs) across OSPF-enabled links.
Page 301: Path Cost Metrics
Routing Overview In LANs, the election of the designated router takes place when the OSPF network is initially established. When the first OSPF links are active, the router with the highest router identifier (defined by the configuration value or router-id the loopback address) is elected designated router.
Page 302: Role Of The Backbone Area
J-series™ Services Router User Guide Figure 64: Multiarea OSPF Topology Area 1 Area 2 Area 0 Area border routers are responsible for sharing topology information between areas. They summarize the link-state records of each area and advertise destination address summaries to neighboring areas. The advertisements contain the ID of the area in which each destination lies, so that packets are routed to the appropriate area border router.
Page 303: Stub Areas And Not-So-Stubby Areas
Routing Overview Figure 65: OSPF Topology with a Virtual Link Virtual link Area 0.0.0.0 Area 0.0.0.3 Area 0.0.0.2 In the topology shown in Figure 65, a virtual link is established between area 0.0.0.3 and the backbone area through area . All outbound traffic destined for 0.0.0.2 other areas is routed through area to the backbone area and then to the...
Page 304: Bgp Overview
J-series™ Services Router User Guide Figure 66: OSPF AS Network with Stub Areas and NSSAs Area 0.0.0.0 Static customer routes 192.112.67.14 192.112.67.29 Area 0.0.0.3 Area 0.0.0:4 To control the advertisement of external routes into an area, OSPF uses stub areas. By designating an area border router interface to the area as a stub interface, you suppress external route advertisements through the area border router.
Page 305: Point-To-Point Connections
Routing Overview way packets are routed between BGP neighbors. Because BGP uses the packet path to determine route selection, it is considered a path-vector protocol. This overview includes the following topics: Point-to-Point Connections on page 275 BGP Messages for Session Establishment on page 276 BGP Messages for Session Maintenance on page 276 IBGP and EBGP on page 276 Route Selection on page 277...
Page 306: Bgp Messages For Session Establishment
J-series™ Services Router User Guide BGP Messages for Session Establishment When the routers on either end of a BGP session first boot, the session between them is in the state. The BGP session remains idle until a start event is Idle detected.
Page 307: Route Selection
Routing Overview Peer ASs establish links through an external peer BGP session. As a result, all route advertisement between the external peers takes place by means of the EBGP mode of information exchange. To propagate the routes through the AS and advertise them to internal peers, BGP uses IBGP. To advertise the routes to a different peer AS, BGP again uses EBGP.
Page 308: Local Preference
J-series™ Services Router User Guide for its forwarding table. The secondary criteria include whether the route was learned through an EBGP or IBGP, the IGP route metric, and the router ID. Local Preference The local preference is typically used to direct all outbound AS traffic to a certain peer.
Page 309: As Path
Routing Overview NOTE: In contrast to almost every other metric associated with dynamic routing protocols, the local preference gives higher precedence to the larger value. AS Path Routes advertised by BGP maintain a list of the ASs through which the route travels. This information is stored in the route advertisement as the AS path, and it is one of the primary criteria that a local router uses to evaluate BGP routes for inclusion in its forwarding table.
Page 310: Multiple Exit Discriminator
J-series™ Services Router User Guide Multiple Exit Discriminator Because the AS path rather than the number of hops between hosts is the primary criterion for BGP route selection, an AS with multiple connections to a neighbor AS can have multiple equivalent AS paths. When the routing table contains two routes to the same host in a neighboring AS, a multiple exit discriminator (MED) metric assigned to each route can determine which to include in the forwarding table.
Page 311: Route Reflectors-For Added Hierarchy
Routing Overview Confederations—for Subdivision on page 283 Route Reflectors—for Added Hierarchy To use route reflection in an AS, you designate one or more routers as a route reflector—typically, one per point of presence (POP) . Route reflectors have the special BGP ability to readvertise routes learned from an internal peer to other internal peers.
Page 312 J-series™ Services Router User Guide Figure 72: Basic Route Reflection (Multiple Clusters) RR 2 RR 1 RR 3 RR 4 Figure 72 shows route reflectors RR1, RR2, RR3, and RR4 as fully meshed internal peers. When a router advertises a route to reflector RR1, RR1 readvertises the route to the other route reflectors, which, in turn, readvertise the route to the remaining routers within the AS.
Page 313: Confederations-For Subdivision
Routing Overview Figure 73: Hierarchical Route Reflection (Clusters of Clusters) Cluster 6 RR 1 Cluster 127 Cluster 19 Cluster 45 RR 3 RR 2 RR 4 Figure 73 shows RR2, RR3, and RR4 as the route reflectors for clusters 127, 19, and 45, respectively.
Page 314 J-series™ Services Router User Guide Figure 74: BGP Confederations AS 3 Sub-AS 64517 Sub-AS 64550 IBGP IBGP EBGP Sub-AS 65300 Sub-AS 65410 Figure 74 shows AS 3 divided into four sub-ASs, 64517, 64550, 65300, and 65410, which are linked through EBGP sessions. Because the confederations are connected by EBGP, they do not need to be fully meshed.
Page 315: Configuring Static Routes
Chapter 13 Configuring Static Routes Static routes are routes that you explicitly enter into the routing table as permanent additions. Traffic through static routes is always routed the same way. You can use either J-Web Quick Configuration or a configuration editor to configure static routes.
Page 316: Qualified Next Hops
J-series™ Services Router User Guide Qualified Next Hops In general, the default properties assigned to a static route apply to all the next-hop addresses configured for the static route. If, however, you want to configure two possible next-hop addresses for a particular route and have them treated differently, you can define one as a qualified next hop.
Page 317: Configuring Static Routes
Configuring Static Routes Readvertisement Prevention Static routes are eligible for readvertisement by other routing protocols by default. In a stub area where you might not want to readvertise these static routes under any circumstances, you can flag the static routes as no-readvertise Forced Rejection of Passive Route Traffic Generally, only active routes are included in the routing and forwarding tables.
Page 318: Configuring Static Routes With Quick Configuration
J-series™ Services Router User Guide Configuring Static Routes with Quick Configuration J-Web Quick Configuration allows you to configure static routes. Figure 75 shows the Quick Configuration Routing page for static routing. Figure 75: Quick Configuration Routing Page for Static Routing To configure static routes with Quick Configuration: In the J-Web user interface, select Configuration>Routing>Static Routing.
Page 319 Configuring Static Routes To apply the configuration and stay on the Quick Configuration Routing page for static routing, click Apply. To apply the configuration and return to the Quick Configuration Routing page, click OK. To cancel your entries and return to the Quick Configuration Routing page, click Cancel.
Page 320: Configuring Static Routes With A Configuration Editor
J-series™ Services Router User Guide Configuring Static Routes with a Configuration Editor To configure static routes on the Services Router, you must perform the following tasks marked (Required) . (Required) “Configuring a Basic Set of Static Routes” on page 290 (Optional)“Controlling Static Route Selection”...
Page 321: Controlling Static Route Selection
Configuring Static Routes If you are finished configuring static routes, commit the configuration. Go on to one of the following procedures: To manually control static route selection, see “Controlling Static Route Selection” on page 291. To determine how static routes are imported into the routing and forwarding tables, see “Controlling Static Routes in the Routing and Forwarding Tables”...
Page 322 J-series™ Services Router User Guide Figure 77: Controlling Static Routes in the Routing and Forwarding Tables 10.10.10.10 10.10.10.7 OC 3 OC 12 192.168.47.5 192.168.47.6 Customer network In this example, the static route has two possible next hops. 192.168.47.5/32 Because of the links between those next-hop hosts, host is the 10.10.10.7 preferred path.
Page 323: Controlling Static Routes In The Routing And Forwarding Tables
Configuring Static Routes Table 105: Controlling Static Route Selection Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Static level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Protocols>Static. hierarchy, enter edit routing-options static Add the static route 192.168.47.5/32, In the Route field, click Add new...
Page 324: Defining Default Behavior For All Static Routes
J-series™ Services Router User Guide To define default properties for static routes, see “Defining Default Behavior for All Static Routes” on page 294. To check the configuration, see “Verifying the Static Route Configuration” on page 295. Table 106: Controlling Static Routes in the Routing and Forwarding Tables Task J-Web Configuration Editor CLI Configuration Editor...
Page 325: Verifying The Static Route Configuration
Configuring Static Routes Table 107: Defining Static Route Defaults Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Defaults level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Protocols>Static, and then click hierarchy, enter Configure next to Defaults.
Page 326 J-series™ Services Router User Guide * 192.168.220.13/32 Local * 192.168.220.17/32 Reject * 192.168.220.21/32 Reject * 192.168.220.24/30 >at-1/0/0.0 * 192.168.220.25/32 Local * 192.168.220.28/30 >at-1/0/1.0 * 192.168.220.29/32 Local * 224.0.0.9/32 R 100 MultiRecv The output shows a list of the routes that are currently in the routing table.
Page 327: Configuring A Rip Network
Chapter 14 Configuring a RIP Network The Routing Information Protocol (RIP) is an interior gateway protocol that routes packets within a single autonomous system (AS). To use RIP, you must understand the basic components of a RIP network and configure the J-series Services Router to act as a node in the network.
Page 328: Authentication
J-series™ Services Router User Guide host. By increasing or decreasing these metrics—and thus the cost—of links throughout the network, you can control packet transmission across the network. Authentication RIPv2 provides authentication support so that RIP links can require authentication keys (passwords) before they become active. These authentication keys can be specified in either plain-text or MD5 form.
Page 329: Configuring A Rip Network
Configuring a RIP Network Figure 78: Quick Configuration Routing Page for RIP To configure a RIP network with Quick Configuration: In the J-Web user interface, select Configuration>Routing>RIP Routing. Enter information into the Quick Configuration page for RIP, as described in Table 108. From the main RIP routing Quick Configuration page, click one of the following buttons: To apply the configuration and stay on the Quick Configuration Routing...
Page 330 J-series™ Services Router User Guide Table 108: RIP Routing Quick Configuration Summary Field Function Your Action Enable RIP Enables or disables RIP. To enable RIP, select the check box. To disable RIP, clear the check box. Advertise Default Route Advertises the default route using RIPv2. To advertise the default route using RIPv2, select the check box.
Page 331: Configuring A Rip Network With A Configuration Editor
Configuring a RIP Network Configuring a RIP Network with a Configuration Editor To configure the Services Router as a node in a RIP network, you must perform the following task marked (Required) . (Required) “Configuring a Basic RIP Network” on page 301 (Optional) “Controlling Traffic in a RIP Network”...
Page 332: Controlling Traffic In A Rip Network
J-series™ Services Router User Guide After you add the appropriate interfaces to the RIP group, RIP begins sending routing information. No additional configuration is required to enable RIP traffic on the network. Go on to one of the following procedures: To control RIP traffic on the network, see “Controlling Traffic in a RIP Network”...
Page 333: Controlling Traffic With The Incoming Metric
Configuring a RIP Network Controlling Traffic with the Incoming Metric Depending on the RIP network topology and the links between nodes in the network, you might want to control traffic flow through the network to maximize flow across higher-bandwidth links. Figure 80 shows a network with alternate routes between routers A and D.
Page 334: Controlling Traffic With The Outgoing Metric
J-series™ Services Router User Guide Table 110: Modifying the Incoming Metric Task J-Web Configuration Editor CLI Configuration Editor In the configuration hierarchy, navigate In the configuration editor From the top of the configuration to the level of an interface in the alpha1 hierarchy, select Protocols>Rip, hierarchy, enter RIP group.
Page 335: Enabling Authentication For Rip Exchanges
Configuring a RIP Network link. As a result, the incoming metric is not sufficient to control traffic flow. To force traffic through router B, you can increase the outgoing metric on router C to make the route through C less preferable. To modify the outgoing metric on router C and force traffic through router D: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 336: Enabling Authentication With Plain-Text Passwords
J-series™ Services Router User Guide Enabling Authentication with Plain-Text Passwords To configure authentication that requires a plain-text password to be included in the transmitted packet, enable simple authentication by performing these steps on all RIP Services Routers in the area: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 337: Verifying The Rip Configuration
Configuring a RIP Network Table 113: Configuring MD5 RIP Authentication Task J-Web Configuration Editor CLI Configuration Editor Navigate to Rip level in the configuration In the configuration editor hierarchy, From the top of the configuration hierarchy. select Protocols>Rip. hierarchy, enter edit protocols rip Set the authentication type to MD5.
Page 338: Verifying Reachability Of All Hosts In The Rip Network
J-series™ Services Router User Guide point-to-point link, this state generally means that either the end point is not configured for RIP or the link is unavailable. Verifying Reachability of All Hosts in the RIP Network By using the traceroute tool on each loopback address in the network, verify that all Purpose hosts in the RIP network are reachable from each Services Router.
Page 339: Configuring An Ospf Network
Chapter 15 Configuring an OSPF Network The Open Shortest Path First protocol (OSPF) is an interior gateway protocol (IGP) that routes packets within a single autonomous system (AS). To use OSPF, you must understand the basic components of an OSPF network and configure the J-series Services Router to act as a node in the network.
Page 340: Ospf Areas
J-series™ Services Router User Guide one or more interfaces, you must configure one or more interfaces on the Services Router within an OSPF area. Once the interfaces are configured, OSPF link-state advertisements (LSAs) are transmitted on all OSPF-enabled interfaces, and the network topology is shared throughout the network. OSPF Areas OSPF is enabled on a per-interface basis.
Page 341: Configuring An Ospf Network
Configuring an OSPF Network Figure 82: Quick Configuration Routing Page for OSPF To configure a single-area OSPF network with Quick Configuration: In the J-Web user interface, select Configuration>Routing>OSPF Routing. Enter information into the Quick Configuration Routing page for OSPF, as described in Table 114. Click one of the following buttons: To apply the configuration and stay on the Quick Configuration Routing page for OSPF, click Apply.
Page 342 J-series™ Services Router User Guide To cancel your entries and return to the Quick Configuration Routing page, click Cancel. To check the configuration, see “Verifying an OSPF Configuration” on page 325. Table 114: OSPF Routing Quick Configuration Summary Field Function Your Action Router Identification Router Identifier (required)
Page 343 Configuring an OSPF Network Field Function Your Action Area Type Designates the type of OSPF area. From the drop-down list, select the type of OSPF area you are creating: regular—A regular OSPF area, including the backbone area stub—A stub area nssa—A not-so-stubby area (NSSA) Designates one or more Services Router...
Page 344: Configuring An Ospf Network With A Configuration Editor
J-series™ Services Router User Guide Configuring an OSPF Network with a Configuration Editor To configure the Services Router as a node in an OSPF network, you must perform the following tasks marked (Required) . (Required) “Configuring the Router Identifier” on page 314Configuring the Router Identifier on page 9 (Required) “Configuring a Single-Area OSPF Network”...
Page 345: Configuring A Single-Area Ospf Network
Configuring an OSPF Network Configuring a Single-Area OSPF Network To use OSPF on the Services Router, you must configure at least one OSPF area, like the one shown in Figure 83. Figure 83: Typical Single-Area OSPF Network Topology Area 0 To configure a single-area OSPF network with a backbone area, like the one in Figure 83, perform these steps on each Services Router in the network: Navigate to the top of the configuration hierarchy in either the J-Web or CLI...
Page 346: Configuring A Multiarea Ospf Network
J-series™ Services Router User Guide Table 116: Configuring a Single-Area OSPF Network Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Ospf level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Protocols>Ospf. hierarchy, enter edit protocols ospf Create the backbone area with area ID...
Page 347: Creating The Backbone Area
Configuring an OSPF Network backbone area. To link each additional area to the backbone area, you must configure one of the Services Routers as an area border router (ABR). “Creating the Backbone Area” on page 317 “Creating Additional OSPF Areas” on page 317 “Configuring Area Border Routers”...
Page 348: Configuring Area Border Routers
J-series™ Services Router User Guide Configuring Area Border Routers A Services Router operating as an area border router (ABR) has interfaces enabled for OSPF in the backbone area and in the area you are linking to the backbone. For example, Services Router B acts as the ABR in Figure 84 and has interfaces in both the backbone area and area 0.0.0.3 Navigate to the top of the configuration hierarchy in either the J-Web or the CLI...
Page 349: Configuring Stub And Not-So-Stubby Areas
Configuring an OSPF Network Task J-Web Configuration Editor CLI Configuration Editor Create the additional area with a unique In the Area box, click Add new Set the area ID to 0.0.0.2 and add area ID, in dotted decimal format. entry. an interface.
Page 350 J-series™ Services Router User Guide To configure stub areas and NSSAs in an OSPF network like the one shown in Figure 85: Create the area and enable OSPF on the interfaces within that area. For instructions, see “Creating Additional OSPF Areas” on page 317. Configure an area border router to bridge the areas.
Page 351: Tuning An Ospf Network For Efficient Operation
Configuring an OSPF Network Task J-Web Configuration Editor CLI Configuration Editor Navigate to the 0.0.0.9 level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Protocols>Ospf>Area>0.0.0.9. hierarchy, enter edit protocols ospf area 0.0.0.9 Configure each Services Router in In the Stub option list, select Nssa Set the nssa attribute:...
Page 352: Controlling The Cost Of Individual Network Segments
J-series™ Services Router User Guide Table 120: Controlling Route Selection in the Forwarding Table by Setting Preferences Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Ospf level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy.
Page 353: Enabling Authentication For Ospf Exchanges
Configuring an OSPF Network Table 121: Controlling the Cost of Individual Network Segments by Modifying the Metric Task J-Web Configuration Editor CLI Configuration Editor Navigate to the fe-0/0/0.0 level in the In the configuration From the top of the configuration configuration hierarchy.
Page 354: Controlling Designated Router Election
J-series™ Services Router User Guide Table 122: Enabling OSPF Authentication Task J-Web Configuration Editor CLI Configuration Editor Navigate to the 0.0.0.0 level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Protocols>Ospf>Area id hierarchy, enter 0.0.0.0.
Page 355: Verifying An Ospf Configuration
Configuring an OSPF Network To change the priority of a Services Router to control designated router election: Navigate to the top of the configuration hierarchy in either the J-Web or the CLI configuration editor. Perform the configuration tasks described in Table 123. Table 123: Controlling Designated Router Election Task J-Web Configuration Editor...
Page 356: Verifying Ospf Neighbors
J-series™ Services Router User Guide at-5/1/0.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 ge-2/3/0.0 0.0.0.0 192.168.4.16 192.168.4.15 lo0.0 0.0.0.0 192.168.4.16 0.0.0.0 so-0/0/0.0 Down 0.0.0.0 0.0.0.0 0.0.0.0 so-6/0/1.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 so-6/0/2.0 Down 0.0.0.0 0.0.0.0 0.0.0.0 so-6/0/3.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 The output shows a list of the Services Router interfaces that are configured for What It Means OSPF.
Page 357: Verifying The Number Of Ospf Routes
Configuring an OSPF Network The output shows a list of the Services Router’s OSPF neighbors and their What It Means addresses, interfaces, states, router IDs, priorities, and number of seconds allowed for inactivity (“dead” time). Verify the following information: Each interface that is immediately adjacent to the Services Router is listed. The Services Router’s own loopback address and the loopback addresses of any routers with which the Services Router has an immediate adjacency are listed.
Page 358: Verifying Reachability Of All Hosts In An Ospf Network
J-series™ Services Router User Guide In this topology, OSPF is being run on all interfaces. Each segment in the network is identified by an address with a prefix, with interfaces on either end of the segment being identified by unique IP addresses. From the CLI, enter the command.
Page 359 Configuring an OSPF Network Click Start. Output appears on a separate page. Sample Output 1 172.17.40.254 (172.17.40.254) 0.362 ms 0.284 ms 0.251 ms 2 routera-fxp0.englab.mycompany.net (192.168.71.246) 0.251 ms 0.235 ms 0.200 ms Each numbered row in the output indicates a router (“hop”) in the path to the host. What It Means The three time increments indicate the round-trip time (RTT) between the Services Router and the hop, for each traceroute packet.
Page 360 J-series™ Services Router User Guide Verifying an OSPF Configuration...
Page 361: Configuring Bgp Sessions
Chapter 16 Configuring BGP Sessions Connections between peering networks are typically made through an exterior gateway protocol, most commonly the Border Gateway Protocol (BGP). You can use either J-Web Quick Configuration or a configuration editor to configure BGP sessions. This chapter contains the following topics. For more information about BGP, see the JUNOS Routing Protocols Configuration Guide.
Page 362: Service
J-series™ Services Router User Guide The type of the BGP peering session depends on whether the peer is outside or inside the host’s autonomous system (AS): Peering sessions established with hosts outside the local AS are external sessions . Traffic that passes along such links uses external BGP (EBGP) as its protocol.
Page 363: Chapter 16 Configuring Bgp Sessions
Configuring BGP Sessions Configuring a BGP Network with Quick Configuration J-Web Quick Configuration allows you to create BGP peering sessions. Figure 87 shows the Quick Configuration Routing page for BGP. Figure 87: Quick Configuration Routing Page for BGP To configure a BGP peering session with Quick Configuration: In the J-Web user interface, select Configuration>Routing>BGP Routing.
Page 364: Service
J-series™ Services Router User Guide To apply the configuration and return to the Quick Configuration Routing page, click OK. To cancel your entries and return to the Quick Configuration Routing page, click Cancel. To check the configuration, see “Verifying a BGP Configuration” on page 344. Table 124: BGP Routing Quick Configuration Summary Field Function...
Page 365: Configuring Bgp Networks With A Configuration Editor
Configuring BGP Sessions Configuring BGP Networks with a Configuration Editor To configure the Services Router as a node in a BGP network, you must perform the following tasks marked (Required) . (Required) “Configuring a Point-to-Point Peering Session” on page 335 (Required) “Configuring BGP Within a Network”...
Page 366: Service
J-series™ Services Router User Guide Figure 88: Typical Network with BGP Peering Sessions 10.10.10.10 AS 22 AS 17 10.10.10.11 10.10.10.12 10.21.7.2 AS 79 To configure the BGP peering sessions shown in Figure 88: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 367 Configuring BGP Sessions Table 125: Configuring BGP Peering Sessions Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Routing-options level In the configuration editor hierarchy, From the top of the configuration in the configuration hierarchy. select Routing-options. hierarchy, enter edit routing-options Set the network’s AS number to 17.
Page 368: Service
J-series™ Services Router User Guide Configuring BGP Within a Network To configure BGP sessions between peering networks, you must configure point-to-point sessions between the external peers of the networks. Additionally, you must configure BGP internally to provide a means by which BGP route advertisements can be forwarded throughout the network.
Page 369: Service
Configuring BGP Sessions To check the configuration, see “Verifying a BGP Configuration” on page 344. Table 126: Configuring IBGP Peering Sessions Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Bgp level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy.
Page 370: Service
J-series™ Services Router User Guide Figure 90 shows an IBGP network with a Services Router at IP address 192.168.40.4 acting as a route reflector. In the sample network, each router in cluster 2.3.4.5 an internal client relationship to the route reflector. To configure the cluster: On the Services Router, create an internal group, configure an internal peer (neighbor) relationship to every other router in the cluster, and assign a cluster identifier.
Page 371: Service
Configuring BGP Sessions To check the configuration, see “Verifying a BGP Configuration” on page 344. Table 127: Configuring a Route Reflector Task J-Web Configuration Editor CLI Configuration Editor On the Services Router that you are In the configuration editor hierarchy, From the top of the configuration using as a route reflector, navigate to the select Protocols>Bgp.
Page 372: Service
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor On the other routers in the cluster, On a client Services Router in the On a client Services Router in the create the BGP group cluster-peers, and cluster: cluster: add the internal IP address of the route In the configuration editor...
Page 373 Configuring BGP Sessions Figure 91: Typical Network Using BGP Confederations Sub-AS 64512 Sub-AS 64513 EBGP AS 17 To configure the BGP confederations shown in Figure 91: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 374: Service
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Add the sub-ASs as members of the In the Members field, click Add Add members to the confederation: confederation. Every sub-AS within the new entry. set 17 members 64512 64513 AS must be added as a confederation In the Value box, enter the member.
Page 375: Service
Configuring BGP Sessions Local Address: 10.255.245.13 Holdtime: 90 Preference: 170 Flags for NLRI inet-vpn-unicast: AggregateLabel Flags for NLRI inet-labeled-unicast: AggregateLabel Number of flaps: 0 Peer ID: 10.255.245.12 Local ID: 10.255.245.13 Active Holdtime: 90 Keepalive Interval: 30 NLRI advertised by peer: inet-vpn-unicast inet-labeled-unicast NLRI for this session: inet-vpn-unicast inet-labeled-unicast Peer supports Refresh capability (2) Restart time configured on the peer: 300...
Page 376: Verifying Bgp Summary Information
J-series™ Services Router User Guide Sample Output user@host> show bgp group Group Type: Internal AS: 10045 Local AS: 10045 Name: pe-to-asbr2 Flags: Export Eval Export: [ match-all ] Total peers: 1 Established: 1 4.4.4.4+179 bgp.l3vpn.0: 1/1/0 vpn-green.inet.0: 1/1/0 Groups: 1 Peers: 1 External: 0 Internal: 1...
Page 377: Service
Configuring BGP Sessions The output shows a summary of BGP session information. Verify the following What It Means information: , the total number of configured groups is shown. Groups , the total number of BGP peers is shown. Peers , the total number of unestablished peers is 0. If this value is not Down Peers zero, one or more peering sessions are not yet established.
Page 378: Service
J-series™ Services Router User Guide Verifying a BGP Configuration...
Page 379: Configuring Routing Policy, Firewall Filters, And Class Of Service
Part 6 Configuring Routing Policy, Firewall Filters, and Class of Service Policy, Firewall Filter, and Class-of-Service Overview on page 351 Configuring Routing Policies on page 375 Configuring Firewall Filters and NAT on page 389 Configuring Class of Service with DiffServ on page 427 Configuring Routing Policy, Firewall Filters, and Class of Service...
Page 380: Configuring Routing Policy, Firewall Filters, And Class Of Service
Configuring Routing Policy, Firewall Filters, and Class of Service...
Page 381: Policy, Firewall Filter, And Class-Of-Service Overview
Chapter 17 Policy, Firewall Filter, and Class-of-Service Overview Several mechanisms can help you control the way routing information and data packets are handled by a router—routing policy, firewall filters, and class-of-service (CoS) rules. Routing policies control how information is imported to and exported from the routing tables, acting exclusively at the Routing Engine level.
Page 382 J-series™ Services Router User Guide Table 129: Policy, Firewall Filter, and CoS Terms Term Definition assured forwarding (AF) CoS packet forwarding class that provides a group of values you can define and includes four subclasses, AF1, AF2, AF3, and AF4, each with three drop probabilities, low, medium, and high. behavior aggregate (BA) Feature that can be used to determine the forwarding treatment for each packet.
Page 383: Chapter 17 Policy, Firewall Filter, And Class-Of-Service Overview
Policy, Firewall Filter, and Class-of-Service Overview Term Definition rule Guide that the Services Router follows when applying services. A rule consists of a match direction and one or more terms. service set Collection of services. Examples of services include stateful firewall filters and network address translation (NAT).
Page 384: Routing Policy Terms
J-series™ Services Router User Guide This section contains the following topics: “Routing Policy Terms” on page 354 “Routing Policy Match Conditions” on page 354 “Routing Policy Actions” on page 356 “Default and Final Actions” on page 358 Routing Policy Terms A term is a named structure in which match conditions and actions are defined.
Page 385 Policy, Firewall Filter, and Class-of-Service Overview Match Condition Description area area-id Matches a route learned from the specified OSPF area during the exporting of OSPF routes into other protocols. as-path name Name of an AS path regular expression. BGP routes whose AS path matches the regular expression are processed.
Page 386: Routing Policy Actions
J-series™ Services Router User Guide Match Condition Description prefix-list name Named list of IP addresses configured at the Policy-options level in the configuration hierarchy. This match condition can be used on import policies only. protocol protocol Name of the protocol from which the route was learned or to which the route is being advertised.
Page 387 Policy, Firewall Filter, and Class-of-Service Overview Table 131: Summary of Key Routing Policy Actions Action Description Flow Control Actions These actions control the flow of routing information into and out of the routing table. accept Accepts the route and propagates it. After a route is accepted, no other terms in the routing policy and no other routing policies are evaluated.
Page 388: Default And Final Actions
J-series™ Services Router User Guide Action Description metric metric Sets the metric. You can specify up to four metric values, starting with metric (for the first metric value) and continuing with metric2, metric3, and metric4. metric2 metric For BGP routes, metric corresponds to the MED, and metric2 corresponds to the IGP metric3 metric metric if the BGP next hop loops through another router.
Page 389: Stateful And Stateless Firewall Filters
Policy, Firewall Filter, and Class-of-Service Overview This section contains the following topics: Stateful and Stateless Firewall Filters on page 359 Process for Configuring a Stateful Firewall Filter and NAT on page 359 Summary of Stateful Firewall Filter and NAT Match Conditions and Actions on page 360 Planning a Stateless Firewall Filter on page 362 Stateless Firewall Filter Match Conditions, Actions, and Action Modifiers on...
Page 390: Summary Of Stateful Firewall Filter And Nat Match Conditions And Actions
J-series™ Services Router User Guide NOTE: If a packet does not match any terms in a stateful firewall filter rule, the packet is discarded. To define the match condition in the term that allows application traffic to flow from the trusted network to the untrusted network, we recommend you specify the JUNOS default group as the application set.
Page 391 Policy, Firewall Filter, and Class-of-Service Overview For more information about configuring applications and application sets for stateful firewall filters, see the JUNOS Services Interfaces Configuration Guide. Table 133: Stateful Firewall Filter Actions Actions Description accept Accept the packet and send it to its destination. allow-ip-options [ values ] If the IP Option header of the packet contains a value that matches one of the specified values, accept the packet.
Page 392: Planning A Stateless Firewall Filter
J-series™ Services Router User Guide Planning a Stateless Firewall Filter Before creating a stateless firewall filter and applying it to an interface, determine what you want the firewall filter to accomplish and how to use its match conditions and actions to achieve your goal. Also, make sure you understand how packets are matched and the default action of the resulting firewall filter.
Page 393: Stateless Firewall Filter Match Conditions, Actions, And Action
Policy, Firewall Filter, and Class-of-Service Overview Stateless Firewall Filter Match Conditions, Actions, and Action Modifiers Table 135 lists the match conditions you can specify in stateless firewall filter terms. Some of the numeric range and bit-field match conditions allow you to specify a text synonym.
Page 394 J-series™ Services Router User Guide Match Condition Description esp-spi spi-value IPSec encapsulating security payload (ESP) security parameter index (SPI) value. Match on this specific SPI value. You can specify the ESP SPI value in either hexadecimal, binary, or decimal form. forwarding-class class Forwarding class.
Page 395 Policy, Firewall Filter, and Class-of-Service Overview Match Condition Description destination-prefix-list prefix-list IP destination prefix list field. You cannot specify the destination-prefix-list and prefix-list match conditions in the same term. prefix-list prefix-list IP source or destination prefix list field. You cannot specify both the prefix-list and the destination-prefix-list or source-prefix-list match conditions in the same term.
Page 396: Modifiers
J-series™ Services Router User Guide Table 137 lists the actions and action modifiers you can specify in stateless firewall filter terms. Table 137: Stateless Firewall Filter Actions and Action Modifiers Action or Action Description Modifier accept Accepts a packet. This is the default if the packet matches. However, we strongly recommend that you always explicitly configure an action in the then statement.
Page 397: Benefits Of Diffserv Cos
Policy, Firewall Filter, and Class-of-Service Overview This section contains the following topics. For more information about CoS and DiffServ, see the JUNOS Network Interfaces and Class of Service Configuration Guide. Benefits of DiffServ CoS on page 367 DSCPs and Forwarding Service Classes on page 367 JUNOS CoS Functions on page 369 How Forwarding Classes and Schedulers Work on page 370 Benefits of DiffServ CoS...
Page 398 J-series™ Services Router User Guide Table 138: Default Forwarding Service Class-to-DSCP Mapping DiffServ IP DSCP Forwarding Service Class and Use Service Class Alias 101110 Expedited forwarding—The Services Router delivers assured bandwidth, low loss, low delay, and low delay variation (jitter) end-to-end for packets in this service class.
Page 399: Junos Cos Functions
Policy, Firewall Filter, and Class-of-Service Overview JUNOS CoS Functions Although the DiffServ CoS specifications define the position and length of the DSCP in the packet header, the DiffServ implementation is vendor specific. DiffServ CoS functions in JUNOS software are implemented by a series of components that you configure individually or in combination to define particular service offerings.
Page 400: How Forwarding Classes And Schedulers Work
DSCPs that have not been added to the classifier), the packet is assigned by default to the class associated with queue 0. Table 140 shows the four forwarding classes and queues that Juniper Networks classifiers assign to packets based on the DSCP values in arriving packet headers.
Page 401: Default Scheduler Settings
Policy, Firewall Filter, and Class-of-Service Overview Table 140: Default Forwarding Class Queue Assignments Forwarding Class Forwarding Queue best-effort queue 0 expedited-forwarding queue 1 assured-forwarding queue 2 network-control queue 3 Default Scheduler Settings Each forwarding class has an associated scheduler priority. Only two forwarding classes, (queue 0 and queue 3), are best-effort...
Page 402: Default Behavior Aggregate (Ba) Classifiers
J-series™ Services Router User Guide Default Behavior Aggregate (BA) Classifiers Table 141 shows the forwarding class and packet loss priority (PLP) that are assigned by default to each well-known DSCP. Although several DSCPs map to the ) and ) classes, by default no expedited-forwarding assured-forwarding resources are assigned to these forwarding classes.
Page 403: Dscp Rewrites
Policy, Firewall Filter, and Class-of-Service Overview DSCP Rewrites Typically, a router rewrites the DSCPs in outgoing packets once, when packets enter the DiffServ portion of the network, either because the packets do not arrive from the customer with the proper DSCP bit set or because the service provider wants to verify the that customer has set the DSCP properly.
Page 404 J-series™ Services Router User Guide DSCP Alias DSCP Bits Forwarding Class Queue 100000 best-effort 101000 best-effort nc1/cs6 110000 network-control nc2/cs7 111000 network-control — other best-effort Class-of-Service Overview...
Page 405: Configuring Routing Policies
Chapter 18 Configuring Routing Policies Use routing policies as filters to control the information from routing protocols that a Services Router imports into its routing table and the information that the router exports (advertises) to its neighbors. To create a routing policy, you configure criteria against which routes are compared, and the action that is performed if the criteria are met.
Page 406: Before You Begin
J-series™ Services Router User Guide Before You Begin Before you begin configuring a routing policy, complete the following tasks: If you do not already have a basic understanding of routing policies, read “Routing Policy Overview” on page 353. Determine what you want to accomplish with the policy, and thoroughly understand how to achieve your goal using the various match conditions and actions.
Page 407: Configuring The Policy Name
Configuring Routing Policies Configuring the Policy Name Each routing policy is identified by a policy name. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in double quotation marks. Each routing policy name must be unique within a configuration.
Page 408: Rejecting Known Invalid Routes
J-series™ Services Router User Guide To remove useless routes, see “Rejecting Known Invalid Routes” on page 378. To advertise additional routes, see “Injecting OSPF Routes into the BGP Routing Table” on page 380. To create a forwarding class, see “Grouping Source and Destination Prefixes in a Forwarding Class”...
Page 409 Configuring Routing Policies Match Type Match If ... orlonger The route shares the same most-significant bits (described by prefix-length ), and prefix-length is equal to or greater than the route’s prefix length. prefix-length-range prefix-length2 - prefix-length3 The route shares the same most-significant bits (described by prefix-length ), and the route’s prefix length falls between prefix-length2 and prefix-length3 , inclusive.
Page 410: Injecting Ospf Routes Into The Bgp Routing Table
J-series™ Services Router User Guide Table 146: Creating a Policy to Reject Known Invalid Routes Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Term level in the In the J-Web configuration editor From the top of the CLI configuration configuration hierarchy.
Page 411 Configuring Routing Policies To redistribute OSPF routes from area 1 only into BGP and not advertise routes learned by BGP: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 147. If you are finished configuring the policy , commit the configuration.
Page 412: Grouping Source And Destination Prefixes In A Forwarding Class
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Set the default option to reject other In the configuration Changes in the CLI are applied OSPF routes. editor hierarchy, select automatically when you execute the set Policy options>Policy command.
Page 413: Configuring Policy To Prepend The As Path
Configuring Routing Policies Table 148: Creating a Policy to Group Source and Destination Prefixes in a Forwarding Class Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Term level in the In the J-Web configuration editor From the top of the CLI configuration configuration hierarchy.
Page 414 J-series™ Services Router User Guide For example, from AS 1, there are two equal paths (through AS 2 and AS 3) to reach AS 4. You might want packets from certain sources to use the path through AS 2. Therefore, you must make the path through AS 3 look less preferable so that BGP chooses the path through AS 2.
Page 415: Configuring Damping Parameters
Configuring Routing Policies Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Protocols>BGP> level In the J-Web configuration editor From the top of the CLI configuration in the configuration hierarchy. hierarchy, select Protocols>BGP>. hierarchy, enter edit protocols bgp Apply the policy as an import policy for In the Import box, click Add new Apply the policy: all BGP routes.
Page 416 J-series™ Services Router User Guide Table 150: Creating a Policy to Accept and Apply Damping on Routes Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Term level in the In the J-Web configuration editor From the top of the CLI configuration configuration hierarchy.
Page 417 Configuring Routing Policies Task J-Web Configuration Editor CLI Configuration Editor Create a damping parameter group. In the Damping box, click Add new Create and configure the damping entry. parameter groups: In the Damping object name box, edit damping group1 half-life 30 enter the name of the damping suppress 3000 reuse 750 max-suppress parameter group.
Page 418 J-series™ Services Router User Guide Configuring a Routing Policy with a Configuration Editor...
Page 419: Before You Begin
Chapter 19 Configuring Firewall Filters and NAT A stateful firewall filter inspects traffic flowing between a trusted network and an untrusted network. Contrasted with a stateless firewall filter that inspects packets in isolation, a stateful firewall filter provides an extra layer of security by using state information derived from past communications and other applications to make dynamic control decisions.
Page 420: Configuring A Stateful Firewall Filter With Quick Configuration
J-series™ Services Router User Guide Unlike a stateful firewall filter, you can configure a stateless firewall filter before configuring the interfaces on which they are applied. Configuring a Stateful Firewall Filter with Quick Configuration You can use the Firewall/NAT Quick Configuration pages to configure a stateful firewall filter and NAT.
Page 421: Configuring Firewall Filters And Nat
Configuring Firewall Filters and NAT Figure 94: Firewall/NAT Quick Configuration Application Page To configure a stateful firewall filter and NAT with Quick Configuration: In the J-Web interface, select Configuration>Firewall/NAT. Enter information into the Firewall/NAT Quick Configuration pages, as described in Table 151. Click one of the following buttons on the Firewall/NAT Quick Configuration main page: To apply the configuration and stay in the Firewall/NAT Quick...
Page 422 J-series™ Services Router User Guide To cancel your entries and return to the Quick Configuration page, click Cancel. Go on to one of the following procedures: To display the configuration, see “Displaying Firewall Filter Configurations” on page 415. To verify a stateful firewall filter, see “Verifying Firewall Filter Configuration”...
Page 423: Configuring Firewall Filters And Nat
Configuring Firewall Filters and NAT Field Function Your Action Add or delete applications that are allowed Click Add to move to the Firewall/NAT Quick to operate from the untrusted network to the Configuration application page. When you trusted network. have finished entering information into this page, click OK to save it.
Page 424 J-series™ Services Router User Guide NOTE: If a packet does not match any terms in a stateful firewall filter rule, the packet is discarded. Define an address pool and port pool for NAT. Define NAT input and output rules. Define a service set that includes the rules in the filter and NAT and the virtual services interface.
Page 425 Configuring Firewall Filters and NAT Navigate to the top of the configuration hierarchy in either the J-Web interface or the CLI configuration editor. Perform the configuration tasks described in Table 153. To apply the stateful firewall filter and NAT to the interface, perform the configuration tasks described in Table 154.
Page 426 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Define accept-all-term for On the Rule to-wan-rule page, next to Set the term name and the action: to-wan-rule. Term, click Add new entry. set rule to-wan-rule term accept-all-term then In the Term name box, type accept accept-all-term.
Page 427 Configuring Firewall Filters and NAT Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Nat level In the configuration editor hierarchy, From the top of the configuration hierarchy, in the configuration select Services. enter edit services nat. hierarchy. Next to NAT, click Configure. Define the public-pool Next to Pool, click Add new entry.
Page 428 J-series™ Services Router User Guide Table 154: Applying a Stateful Firewall Filter and NAT to an Interface Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Services In the configuration editor hierarchy, From the top of the configuration hierarchy, level in the configuration select Services.
Page 429: Configuring A Stateless Firewall Filter With A Configuration Editor
Configuring Firewall Filters and NAT Task J-Web Configuration Editor CLI Configuration Editor Configure the sp–0/0/0 In the configuration editor hierarchy, From the top of the configuration hierarchy, service interface. select interfaces. configure the interface: Next to Interface, click Add new entry. set interfaces sp-0/0/0 unit 0 family inet In the Interface name box, type sp-0/0/0.
Page 430: Stateless Firewall Filter Strategies
J-series™ Services Router User Guide Configuring a Routing Engine Firewall Filter to Handle Fragments on page 409 Applying a Stateless Firewall Filter to an Interface on page 414 Stateless Firewall Filter Strategies For best results, use the following sections to plan the purpose and contents of a stateless firewall filter before starting configuration.
Page 431 Configuring Firewall Filters and NAT SSH and BGP protocol packets from specified trusted sources. Table 155 lists the terms that are configured in this sample filter. Table 155: Sample Stateless Firewall Filter protect-RE Terms to Allow Packets from Trusted Sources Term Purpose ssh-term...
Page 432 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Define protect-RE and Next to Filter, click Add new entry. Set the term name and define the match ssh-term, and define the conditions: In the Filter name box, type protect-RE. protocol, destination port, set family inet filter protect-RE term ssh-term and source address match...
Page 433 Configuring Firewall Filters and NAT Task J-Web Configuration Editor CLI Configuration Editor Define bgp-term, and On the Filter protect-RE page, next to Set the term name and define the match define the protocol, Term, click Add New Entry. conditions: destination port, and In the Rule name box, type bgp-term.
Page 434: Configuring A Routing Engine Firewall Filter To Protect Against Tcp And Icmp Floods
J-series™ Services Router User Guide Configuring a Routing Engine Firewall Filter to Protect Against TCP and ICMP Floods The procedure in this section creates a sample stateless firewall filter, protect-RE that limits certain TCP and ICMP traffic destined for the Routing Engine. A router without this kind of protection is vulnerable to TCP and ICMP flood attacks—also known as denial-of-service (DoS) attacks.
Page 435 Configuring Firewall Filters and NAT Table 157: Sample Stateless Firewall Filter protect-RE Terms to Protect Against Floods Term Purpose Policer tcp-connection-term Polices the following types of TCP packets tcp-connection-policer—Limits the traffic rate and with a source address of 192.168.122.0/24 burst size of these TCP packets to 500,000 bps and or 10.2.1.0/24: 15,000 bytes.
Page 436 J-series™ Services Router User Guide Table 158: Configuring Policers for TCP and ICMP Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Firewall In the configuration editor hierarchy, select From the top of the configuration hierarchy, level in the configuration Firewall.
Page 437 Configuring Firewall Filters and NAT Task J-Web Configuration Editor CLI Configuration Editor Define icmp-policer and On the Firewall page, next to Policer, click Set the policer name and its rate limits: set its rate limits. Add new entry. set policer icmp-policer filter-specific You can use the following In the Policer name box, type icmp-policer.
Page 438 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Firewall In the configuration editor hierarchy, select From the top of the configuration hierarchy, level in the configuration Firewall. enter edit firewall. hierarchy. Define protect-RE and Next to Filter, click Add new entry.
Page 439: Configuring A Routing Engine Firewall Filter To Handle Fragments
Configuring Firewall Filters and NAT Task J-Web Configuration Editor CLI Configuration Editor Define the ICMP type In the Icmp type choice drop-down list, Set the ICMP type match conditions: match conditions. select Icmp type. set family inet filter protect-RE term icmp-term Next to Icmp type, click Add new entry.
Page 440 J-series™ Services Router User Guide Table 160: Sample Stateless Firewall Filter fragment-RE Terms Term Purpose small-offset-term Discards IP packets with a fragment offset of 1 through 5, and adds a record to the system logging facility. not-fragmented-term Accepts unfragmented TCP packets with a source address of 10.2.1.0/24 and a destination port that specifies the BGP protocol.
Page 441 Configuring Firewall Filters and NAT Table 161: Configuring a Fragments Firewall Filter for the Routing Engine Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Firewall In the configuration editor hierarchy, select From the top of the configuration hierarchy, level in the configuration Firewall.
Page 442 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Define On the Filter fragment-RE page, next to Set the term name and define match not-fragmented-term, Term, click Add New Entry. conditions: and define the fragment, In the Term name box, type set family inet filter fragment-RE protocol, destination port, not-fragmented-term.
Page 443 Configuring Firewall Filters and NAT Task J-Web Configuration Editor CLI Configuration Editor Define first-fragment-term, On the Filter fragment-RE page, next to Set the term name and define match and define the fragment, Term, click Add New Entry. conditions: protocol, destination port, In the Rule name box, type set family inet filter fragment-RE and source address match...
Page 444: Applying A Stateless Firewall Filter To An Interface
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Define fragment-term and On the Filter fragment-RE page, next to Set the term name and define match define the fragment match Term, click Add New Entry. conditions: condition. In the Rule name box, type fragment-term.
Page 445: Verifying Firewall Filter Configuration
Configuring Firewall Filters and NAT To view the configuration of the Routing Engine interface, enter the command. For example: show interfaces lo0 user@host# show interfaces lo0 unit 0 { family inet { filter { input protect-RE; address 127.0.0.1/32; Verifying Firewall Filter Configuration To verify a firewall filter configuration, perform these tasks: Displaying Firewall Filter Configurations on page 415 Verifying a Stateful Firewall Filter on page 420...
Page 446 J-series™ Services Router User Guide The sample output in this section displays the following firewall filters (in order): Stateful firewall filter and NAT configured in “Configuring a Stateful Firewall Filter with a Configuration Editor” on page 393 Stateless filter configured in “Configuring a Routing Engine Firewall protect-RE Filter for Services and Protocols from Trusted Sources”...
Page 447 Configuring Firewall Filters and NAT address-range low 10.148.2.1 high 10.148.2.32; port automatic; rule nat-to-wan-rule { match-direction output; term private-public-term { then { translated { source-pool public-pool; translation-type source dynamic; service-set wan-service-set { stateful-firewall-rules to-wan-rule; stateful-firewall-rules from-wan-rule; nat-rules nat-to-wan-rule; interface-service { service-interface sp-0/0/0;...
Page 448 J-series™ Services Router User Guide [edit] user@host# show firewall firewall { policer tcp-connection-policer { filter-specific; if-exceeding { bandwidth-limit 500k; burst-size-limit 15k; then discard; policer icmp-policer { filter-specific; if-exceeding { bandwidth-limit 1m; burst-size-limit 15k; then discard; family inet { filter protect-RE { term tcp-connection-term { from { source-prefix-list {...
Page 449 Configuring Firewall Filters and NAT [edit] user@host# show firewall firewall { family inet { filter fragment-RE { term small-offset-term { from { fragment-offset 1-5; then { syslog; discard; term not-fragmented-term { from { source-address { 10.2.1.0/24; fragment-offset 0; fragment-flags 0x0; protocol tcp;...
Page 450: Verifying A Stateful Firewall Filter
J-series™ Services Router User Guide Verify that the terms are listed in the order in which you want the packets to be tested. You can move terms within a firewall filter by using the CLI command. insert For more information, see “Inserting an Identifier” on page 152. Verifying a Stateful Firewall Filter Verify the firewall filter configured in “Configuring a Stateful Firewall Filter with a Purpose...
Page 451: Displaying Firewall Filter Logs
Configuring Firewall Filters and NAT user@untrusted-nw-trusted-host> ping trusted-nw-trusted-host PING trusted-nw-trusted-host-fe-000.acme.net (112.148.2.3): 56 data bytes 64 bytes from 10.148.2.3: icmp_seq=0 ttl=253 time=18.248 ms 64 bytes from 10.148.2.3: icmp_seq=1 ttl=253 time=10.906 ms 64 bytes from 10.148.2.3: icmp_seq=2 ttl=253 time=12.845 ms Verify the following information: What It Means A ping request from host returns a ping response from...
Page 452: Displaying Firewall Filter Statistics
J-series™ Services Router User Guide Each record of the output contains information about the logged packet. Verify the What It Means following information: Under , the time of day the packet was filtered is shown. Time output is always Filter Under , the configured action of the term matches the action taken on Action...
Page 453: Verifying A Services, Protocols, And Trusted Sources Firewall Filter
Configuring Firewall Filters and NAT Verify the following information: What It Means Next to , the name of the firewall filter is correct. Filter Under Counters Under , the names of any counters configured in the firewall filter Name are correct. Under , the number of bytes that match the filter term containing Bytes...
Page 454: Verifying A Tcp And Icmp Flood Firewall Filter
J-series™ Services Router User Guide user@host> show route summary Router ID: 192.168.249.71 inet.0: 34 destinations, 34 routes (33 active, 0 holddown, 1 hidden) Direct: 10 routes, 9 active Local: 9 routes, 9 active BGP: 10 routes, 10 active Static: 5 routes, 5 active Verify the following information: What It Means...
Page 455: Verifying A Firewall Filter That Handles Fragments
Configuring Firewall Filters and NAT user@host> user@host> ping 192.168.249.71 PING host-fe-000.acme.net (192.168.249.71): 56 data bytes 64 bytes from 192.168.249.71: icmp_seq=0 ttl=253 time=11.946 ms 64 bytes from 192.168.249.71: icmp_seq=1 ttl=253 time=19.474 ms 64 bytes from 192.168.249.71: icmp_seq=2 ttl=253 time=14.639 ms user@host> ping 192.168.249.71 size 20000 PING host-fe-000.acme.net (192.168.249.71): 20000 data bytes --- host-fe-000.acme.net ping statistics --- 12 packets transmitted, 0 packets received, 100% packet loss...
Page 456 J-series™ Services Router User Guide Sample Output user@host> show route summary Router ID: 192.168.249.71 inet.0: 34 destinations, 34 routes (33 active, 0 holddown, 1 hidden) Direct: 10 routes, 9 active Local: 9 routes, 9 active BGP: 10 routes, 10 active Static: 5 routes, 5 active...
Page 457: Configuring Class Of Service With Diffserv
Chapter 20 Configuring Class of Service with DiffServ You configure class of service (CoS) with Differentiated Services (DiffServ) when you need to override the default packet forwarding behavior of a Services Router—especially in the three areas identified in Table 163. Table 163: Reasons to Configure Class of Service (Cos) with DiffServ Default Behavior to Override with CoS CoS Configuration Area...
Page 458: Before You Begin
J-series™ Services Router User Guide Before You Begin Before you begin configuring a Services Router for CoS with DiffServ, complete the following tasks: If you do not already have a basic understanding of CoS and DiffServ, read “Policy, Firewall Filter, and Class-of-Service Overview” on page 351. Determine whether the Services Router needs to support different traffic streams, such as voice or video.
Page 459: Configuring A Policer For A Firewall Filter
Configuring Class of Service with DiffServ For information about using the J-Web and CLI configuration editors, see “Using J-series Configuration Tools” on page 127. Configuring a Policer for a Firewall Filter You configure a policer to detect packets that exceed the limits established for DiffServ expedited forwarding.
Page 460: Configuring And Applying A Firewall Filter For A Multifield Classifier
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Enter the burst limit and bandwidth for Click Configure next to If the policer. exceeding. set if-exceeding burst-limit-size 2k In the Burst size limit box, type a set if-exceeding bandwidth-percent 10 limit for the burst size allowed—for example, 2k.
Page 461 Configuring Class of Service with DiffServ Rule (Term) Purpose Contents expedited-forwarding Detects packets destined for Match condition: destination address 192.168.66.77, assigns them to 192.168.66.77 an expedited forwarding class, and Forwarding class: ef-class subjects them to the EF policer configured in “Configuring a Policer for Policer: ef-policer a Firewall Filter”...
Page 462 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Create the match condition for the Click Configure next to From. assured forwarding traffic class. Click Add new entrynext to set from destination-address 192.168.44.55 Destination address. In the Address box, type the destination address for assured forwarding traffic in dotted decimal notation—for example,...
Page 463 Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Create and name the term for the Click Add new entry next to Term. network control traffic class. In the Rule name box, type a name edit term network-control for the network control term—for example, network-control.
Page 464: Assigning Forwarding Classes To Output Queues
J-series™ Services Router User Guide Assigning Forwarding Classes to Output Queues You must assign the forwarding classes established by the mf-classifier multifield classifier to output queues. This example assigns output queues as shown in Table 167. Table 167: Sample Output Queue Assignments for mf-classifier Forwarding Queues mf-classifier Forwarding Class For Traffic Type Output Queue...
Page 465: Configuring And Applying Rewrite Rules
Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Assign expedited forwarding traffic to Click Add new entry next to Queue. queue 1. In the Queue num box, type 1. set forwarding-classes queue 1 ef-class In the Class name box, type the previously configured name of the expedited forwarding...
Page 466 J-series™ Services Router User Guide mf-classifier Forwarding Class For CoS Traffic Type rewrite-dscps Rewrite Rules ef-class Expedited forwarding traffic Low-priority code point: 101110 High-priority code point: 101111 af-class Low-priority code point: 001010 Assured forwarding traffic High-priority code point: 001100 nc-class Network control traffic Low-priority code point: 110000 High-priority code point: 110001...
Page 467 Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Configure best-effort forwarding class Click Add new entry next to rewrite rules. Forwarding class. set forwarding-class be-class loss-priority low code points 000000 In the Class name box, type the name of the previously set forwarding-class be-class configured best-effort forwarding...
Page 468 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Configure expedited forwarding class Click Add new entry next to rewrite rules. Forwarding class. set forwarding-class ef-class loss-priority low code points 101110 In the Class name box, type the name of the previously set forwarding-class ef-class configured expedited forwarding...
Page 469 Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Configure assured forwarding class Click Add new entry next to rewrite rules. Forwarding class. set forwarding-class af-class loss-priority low code points 001010 In the Class name box, type the name of the previously set forwarding-class af-class configured assured forwarding...
Page 470: Configuring And Applying Behavior Aggregate Classifiers
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Configure network control class rewrite Click Add new entry next to rules. Forwarding class. set forwarding-class nc-class loss-priority low code points 110000 In the Class name box, type the name of the previously configured set forwarding-class nc-class network control forwarding...
Page 471 Configuring Class of Service with DiffServ Table 171: Sample ba-classifier Loss Priority Assignments mf-classifier Forwarding Class For CoS Traffic Type ba-classifier Assignments be-class Best-effort traffic High-priority code point: 000001 ef-class Expedited forwarding traffic High-priority code point: 101111 af-class Assured forwarding traffic High-priority code point: 001100 nc-class Network control traffic...
Page 472 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Configure a best-effort forwarding class Click Add new entry next to classifier. Forwarding class. set forwarding-class be-class loss-priority high code points 000001 In the Class name box, type the name of the previously configured best-effort forwarding class—be-class.
Page 473: Control
Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Configure a network control class Click Add new entry next to classifier. Forwarding class. set forwarding-class nc-class loss-priority high code points 110001 In the Class name box, type the name of the previously configured network control forwarding class—nc-class.
Page 474 J-series™ Services Router User Guide Table 173: Sample RED Drop Profiles Drop Profile Drop Probability Queue Fill Level af-normal—For non-PLP (normal) Between 0 (never dropped) and Between 95 and 100 percent assured forwarding traffic 100 percent (always dropped) af-with-plp—For PLP (aggressive packet Between 95 and 100 percent (always Between 80 and 95 percent dropping) assured forwarding traffic...
Page 475 Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Configure the lower drop probability for Click Add new entry next to Drop normal, non-PLP traffic. profiles. edit drop-profiles af-normal interpolate In the Profile name box, type set drop-probability 0 the name of the drop profile—for example, af-normal.
Page 476: Configuring Schedulers
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Configure the higher drop probability Click Add new entry next to Drop for PLP traffic. profiles. edit drop-profiles af-with-PLP interpolate In the Profile name box, type set drop-probability 95 the name of the drop profile—for example, af-with-plp.
Page 477 Configuring Class of Service with DiffServ Assigned Allocated Portion Bandwidth Scheduler For CoS Traffic Type Assigned Priority of Queue Buffer (Transmit Rate) af-scheduler Assured forwarding High 45 percent 45 percent traffic 5 percent 5 percent nc-scheduler Network control traffic To configure schedulers for the Services Router: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 478 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Configure a best-effort scheduler Click Configure next to Transmit transmit rate. rate. set transmit-rate percent 10 From the Transmit rate choice list, select the basis for the transmit rate method—for example, percent.
Page 479 Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Configure an assured forwarding In the Priority box, type high. scheduler priority and buffer size. Click Configure next to Buffer size. set priority high set buffer-size percent 45 From the Buffer size choice list, select the basis for the buffer allocation method—for example,...
Page 480: Configuring And Applying Scheduler Maps
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Configure a network control scheduler. Click Add new entry next to Schedulers. edit schedulers nc-scheduler In the Scheduler name box, type the name of the network control scheduler—for example, nc-scheduler.
Page 481 Configuring Class of Service with DiffServ Table 177: Sample diffserv-cos-map Scheduler Mapping mf-classifier Forwarding Class For CoS Traffic Type diffserv-cos-map Scheduler be-class Best-effort traffic be-scheduler ef-class Expedited forwarding traffic ef-scheduler af-class Assured forwarding traffic af-scheduler nc-class Network control traffic nc-scheduler To configure and apply scheduler maps for the Services Router: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 482 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Enter Configure an expedited forwarding Click Add new entry next to class and scheduler. Forwarding class. set forwarding-class ef-class scheduler ef-scheduler In the Class name box, type the name of the previously configured expedited forwarding class—ef-class.
Page 483: Configuring And Applying Virtual Channels
Configuring Class of Service with DiffServ Configuring and Applying Virtual Channels You configure a virtual channel to set up queuing, packet scheduling, and accounting rules to be applied to one or more logical interfaces. You then must apply the virtual channel to a particular logical interface. The following example shows how to create the virtual channels branch1–vc , and...
Page 484 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Define the virtual channel group Click Add new entry next to Virtual Enter wan-vc-group to include the four channel groups. set virtual-channel-groups virtual channels, and assign each In the Group name box, type wan-vc-group branch1–vc virtual channel the scheduler map the name of the virtual channel...
Page 485 Configuring Class of Service with DiffServ Task J-Web Configuration Editor CLI Configuration Editor Enter Apply the virtual channel group to the Click Add new entry next to logical interface t3–1/0/0.0. Interfaces. set interfaces t3–1/0/0 unit 0 virtual-channel-group wan-vc-group In the Interface name box, type the name of the interface—t3–1/0/0.
Page 486 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Create the firewall filter choose-vc to Navigate to the top of the From the top of the configuration select the traffic that is transmitted on a configuration hierarchy and select hierarchy, enter particular virtual channel.
Page 487: Verifying A Diffserv Configuration
Configuring Class of Service with DiffServ Verifying a DiffServ Configuration To verify a DiffServ configuration, perform the following task. Verifying Multicast Session Announcements Verify that the Services Router is listening to the appropriate groups for multicast Purpose Session Announcement Protocol (SAP) session announcements. From the CLI, enter the command.
Page 488 J-series™ Services Router User Guide Verifying a DiffServ Configuration...
Page 489: Managing Multicast Transmissions
Part 7 Managing Multicast Transmissions Multicast Overview on page 461 Configuring a Multicast Network on page 471 Managing Multicast Transmissions...
Page 490: Managing Multicast Transmissions
Managing Multicast Transmissions...
Page 491: Multicast Overview
Chapter 21 Multicast Overview Multicast traffic lies between the extremes of unicast (one source, one destination) and broadcast (one source, all destinations). Multicast is a “one source, many destinations” method of traffic distribution, meaning that the destinations needing to receive the information from a particular source receive the traffic stream. IP network destinations (clients) do not often communicate directly with sources (servers), so the routers between source and destination must be able to determine the topology of the network from the unicast or multicast perspective to avoid...
Page 492 J-series™ Services Router User Guide Table 180: Multicast Terms Term Definition administrative scoping Multicast routing strategy that limits the routers and interfaces used to forward a multicast packet by reserving a range of multicast addresses. any-source multicast (ASM) Auto-RP Cisco multicast routing protocol that allows sparse-mode routing protocols to find rendezvous points (RPs) within a routing domain.
Page 493: Multicast Architecture
Multicast Overview Term Definition multicast routing protocol Protocol that distributes traffic from a particular source to only the destinations needing to receive it. Typical multicast routing protocols are the Distance Vector Multicast Routing Protocol (DVMRP) and Protocol Independent Multicast (PIM). Multicast Source Discovery Protocol (MSDP) Multicast routing protocol that connects multicast routing domains and allows them to find rendezvous points (RPs).
Page 494: Upstream And Downstream Interfaces
J-series™ Services Router User Guide use a multicast routing protocol to build a distribution tree that connects receivers (also called listeners ) to sources. Multicast architecture includes the following topics: Upstream and Downstream Interfaces on page 464 Subnetwork Leaves and Branches on page 464 Multicast IP Address Ranges on page 465 Notation for Multicast Forwarding States on page 465 Upstream and Downstream Interfaces...
Page 495: Multicast Overview
Multicast Overview Figure 95: Multicast Elements in an IP Network Multicast Multicast Multicast Multicast Source Source Root Host Host (Group A) (Group B) Distribution Tree(s) Downstream Multicast Multicast router router Upstream Prune Join Multicast router Multicast Multicast router router Join Multicast Multicast Multicast...
Page 496: Dense And Sparse Routing Modes
J-series™ Services Router User Guide Dense and Sparse Routing Modes To keep packet replication to a minimum, multicast routing protocols use the two primary modes shown in Table 181. CAUTION: A common multicast guideline is not to run dense mode on a WAN under any circumstances .
Page 497: Shortest-Path Tree For Loop Prevention
Multicast Overview If the outgoing interface found in the unicast routing table is the same interface that the multicast packet was received on, the packet passes the RPF check. Multicast packets that fail the RPF check are dropped, because the incoming interface is not on the shortest path back to the source.
Page 498 J-series™ Services Router User Guide Table 182: Multicast Protocol Building Blocks Multicast Protocol Description Uses DVMRP Dense-mode-only protocol that uses Not appropriate for large-scale Internet the flood-and-prune or implicit join use. method to deliver traffic everywhere and then determine where the uninterested receivers are.
Page 499 Multicast Overview Multicast Protocol Description Uses IGMPv3 Defined in RFC 3376, Internet Group Used with PIM SSM to create a Management Protocol, Version 3. Among shortest-path tree between receiver other features, IGMPv3 optimizes and source. support for a single source of content for a multicast group, or source-specific multicast (SSM).
Page 500 J-series™ Services Router User Guide Multicast Protocol Building Blocks...
Page 501: Configuring A Multicast Network
Chapter 22 Configuring a Multicast Network You configure a router network to support multicast applications with a related family of protocols. To use multicast, you must understand the basic components of a multicast network and their relationships, and then configure the J-series Services Router to act as a node in the network.
Page 502: Before You Begin
J-series™ Services Router User Guide Before You Begin Before you begin configuring a multicast network, complete the following tasks: If you do not already have a basic understanding of multicast, read “Multicast Overview” on page 461. Determine whether the Services Router is directly attached to any multicast sources.
Page 503: Configuring A Multicast Network
Configuring a Multicast Network For more information on SAP and SDP, see the JUNOS Multicast Protocols Configuration Guide. The Services Router listens for session announcements on one or more addresses and ports. By default, the router listens to address and port 224.2.127.254:9875 To configure SAP and SDP for the Services Router: Navigate to the top of the configuration hierarchy in either the J-Web or CLI...
Page 504: Configuring The Pim Static Rp
J-series™ Services Router User Guide by hosts on their subnet. One host running IGMPv1 forces the Services Router to use that version and lose features important to other hosts. To explicitly configure the IGMP version, perform these steps on each Services Router in the network: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 505 Configuring a Multicast Network all multicast sources. The rendezvous point (RP) router is the root of this shared tree and receives the multicast traffic from the source. To receive multicast traffic from the groups served by the RP, the Services Router must determine the IP address of the RP for the source.
Page 506: Configuring A Pim Rpf Routing Table
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Rp level in the In the configuration editor hierarchy, From the top of the configuration configuration hierarchy. select Protocols>Pim>Rp. hierarchy, enter edit protocols pim rp Configure the IP address of the RP.
Page 507 Configuring a Multicast Network Task J-Web Configuration Editor CLI Configuration Editor Configure a name for the RPF routing In the Ribgroup name box, type Type the name for the RPF routing table group, and use inet.2 for its export a name for the RPF routing table and set the export routing table to routing table.
Page 508: Verifying A Multicast Configuration
J-series™ Services Router User Guide Verifying a Multicast Configuration To verify a multicast configuration, perform these tasks: “Verifying SAP and SDP Addresses and Ports” on page 478 “Verifying the IGMP Version” on page 478 “Verifying the PIM Mode and Interface Configuration” on page 479 “Verifying the PIM RP Configuration”...
Page 509: Verifying The Pim Mode And Interface Configuration
Configuring a Multicast Network IGMP Query Interval: 125.0 IGMP Query Response Interval: 10.0 IGMP Last Member Query Interval: 1.0 IGMP Robustness Count: 2 Derived Parameters: IGMP Membership Timeout: 260.0 IGMP Other Querier Present Timeout: 255.0 The output shows a list of the Services Router interfaces that are configured for What It Means IGMP.
Page 510: Verifying The Rpf Routing Table Configuration
J-series™ Services Router User Guide Sample Output user@host> show pim rps Instance: PIM.master Address family INET RP address Type Holdtime Timeout Active groups Group prefixes 192.168.14.27 static None 2 224.0.0.0/4 The output shows a list of the RP addresses that are configured for PIM. At least one What It Means RP must be configured.
Page 511: Part 8 Managing Packet Security
Part 8 Managing Packet Security Configuring IPSec for Secure Packet Exchange on page 483 Managing Packet Security...
Page 512 Managing Packet Security...
Page 513: Configuring Ipsec For Secure Packet Exchange
Chapter 23 Configuring IPSec for Secure Packet Exchange IPSec Tunnel Overview on page 483 Before You Begin on page 484 Configuring an IPSec Tunnel with Quick Configuration on page 484 Configuring an IPSec Tunnel with a Configuration Editor on page 486 Verifying the IPSec Tunnel Configuration on page 496 IPSec Tunnel Overview An IPSec tunnel allows access to a private network through a secure tunnel.
Page 514: Securing Incomingtraffic
J-series™ Services Router User Guide Securing IncomingTraffic Incoming (ingress) traffic across the tunnel must be secured to ensure that the IPSec tunnel is protected. Typically, you secure incoming traffic by configuring a stateful firewall filter that acts on the incoming flow through the tunnel. By filtering all traffic that does not match the remote gateway address, you ensure that only traffic sent by the tunnel endpoint reaches destinations through the IPSec tunnel.
Page 515: Configuring Ipsec For Secure Packet Exchange
Configuring IPSec for Secure Packet Exchange Figure 96: Quick Configuration Page for IPSec Tunnels To configure an IPSec tunnel with Quick Configuration: In the J-Web user interface, select Configuration>IPSec Tunnels. Enter information into the Quick Configuration page for IPSec Tunnels, as described in Table 187.
Page 516: Configuring An Ipsec Tunnel With A Configuration Editor
J-series™ Services Router User Guide To check the configuration, see “Verifying the IPSec Tunnel Configuration” on page 496. Table 187: IPSec Tunnels Quick Configuration Summary Field Function Your Action Tunnel Information Local Tunnel Endpoint (required) Externally routable IP address that is Type the IPSec tunnel’s local endpoint the local endpoint of the IPSec tunnel 32-bit IP address, in dotted decimal...
Page 517: Configuring Ipsec Services Interfaces
Configuring IPSec for Secure Packet Exchange Configuring IPSec Services Interfaces To configure an IPSec tunnel, you must configure the following services interfaces: Inside services interface —Logical interface used to apply the service sets that define the behavior of the IPSec tunnel for outbound traffic (traffic whose next hop is inside the IPSec tunnel).
Page 518: Configuring Ipsec Service Sets
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Configure the inside services interface In the Interface field, click Add Configure the services interface as for the IPSec tunnel. new entry. an inside-service interface: On the J-series Services Router, In the Interface name field, type set sp-0/0/0 unit 1001 the services interface is always...
Page 519 Configuring IPSec for Secure Packet Exchange Finally, you apply the entire service set. To configure IPSec service sets: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 189. If you are finished configuring the network, commit the configuration.
Page 520 J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Configure the local gateway for the In the Ipsec vpn options field, click Set the local gateway address for the IPSec service set. Configure. service set: In the Local gateway box, type set service-set service-set-name the IP address of the local tunnel ipsec-vpn-options local-gateway 1.1.1.1...
Page 521 Configuring IPSec for Secure Packet Exchange Task J-Web Configuration Editor CLI Configuration Editor Configure an security association with a From the top of the From the top of the configuration static IKE key. configuration hierarchy, select hierarchy, enter Services>Ipsec-vpn>Ike. The IKE key is a preshared key and must edit services ipsec-vpn ike be configured exactly the same way at In the Policy field, click Add new...
Page 522: Configuring An Ipsec Stateful Firewall Filter
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Configure the IPSec rule so that it acts From the top of the From the top of the configuration on input traffic. configuration hierarchy, click hierarchy, enter Services>Ipsec-vpn>Rule> edit services ipsec-vpn rule rule-name .
Page 523 Configuring IPSec for Secure Packet Exchange Table 190: Configuring an IPSec Stateful Firewall Filter Task J-Web Configuration Editor CLI Configuration Editor Create the stateful firewall rule and From the top of the configuration From the top of the configuration apply it to inbound traffic. hierarchy, click Services>Stateful hierarchy, enter firewall.
Page 524: Configuring A Nat Pool
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Configure the firewall term to accept Click OK to return to the Term Set the match action to accept: only desired traffic. name page, and click Then. set term term-name then accept In the Designation field, select Accept from the drop-down menu, select the Yes box.
Page 525 Configuring IPSec for Secure Packet Exchange Table 191: Configuring a NAT Pool for IPSec Task J-Web Configuration Editor CLI Configuration Editor Configure the NAT pool from which From the top of the configuration From the top of the configuration the addresses for network address hierarchy, click Services>Nat.
Page 526: Verifying The Ipsec Tunnel Configuration
J-series™ Services Router User Guide Task J-Web Configuration Editor CLI Configuration Editor Configure the router so that all outgoing From the top of the configuration From the top of the configuration traffic is matched against the IP address hierarchy, click Services>Nat. hierarchy, enter of the local tunnel endpoint.
Page 527: Verifying Ipsec Tunnel Statistics
Configuring IPSec for Secure Packet Exchange Verifying IPSec Tunnel Statistics Verify that traffic is being sent through the configured IPSec tunnel. Purpose From the CLI, enter the command. Action show services ipsec-vpn ipsec statistics Sample Output user@host> show services ipsec-vpn ipsec statistics PIC: sp-0/0/0, Service set: service-set-1 Local gateway: 1.1.1.1, Remote gateway: 2.2.2.2, Tunnel index: 1 ESP Statistics:...
Page 528 J-series™ Services Router User Guide Verifying the IPSec Tunnel Configuration...
Page 529: Upgrading The Services Router
Part 9 Upgrading the Services Router Performing Software Upgrades and Reboots on page 501 Replacing and Troubleshooting Hardware Components on page 517 Upgrading the Services Router...
Page 530 Upgrading the Services Router...
Page 531: Performing Software Upgrades And Reboots
JUNOS software, see the JUNOS System Basics Configuration Guide. Upgrade Overview on page 502 Before You Begin on page 502 Downloading Software Upgrades from Juniper Networks on page 502 Installing Software Upgrades with J-Web Quick Configuration on page 503 Installing Software Upgrades with the CLI on page 506...
Page 532: Upgrade Overview
Downloading Software Upgrades from Juniper Networks Follow these steps to download software upgrades from Juniper Networks: Using a Web browser, follow the links to the download URL on the Juniper Networks Web page. Choose either Canada and U.S. Version or Worldwide Version: https://www.juniper.net/support/csc/swdist-domestic/...
Page 533: Performing Software Upgrades And Reboots
Performing Software Upgrades and Reboots https://www.juniper.net/support/csc/swdist-ww/ Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives. Using either the J-Web interface or the CLI, choose the software package for your application.
Page 534 To install software upgrades from a remote server: Download the software package as described in “Downloading Software Upgrades from Juniper Networks” on page 502. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
Page 535: Installing Software Upgrades By Uploading Files
Performing Software Upgrades and Reboots Table 192: Install Remote Quick Configuration Summary Field Function Your Action Package Location (required) Specify the FTP or HTTP server on Type the full address of the software which the software package resides. package location on the FTP or HTTP server.
Page 536: Installing Software Upgrades With The Cli
To install software upgrades by uploading files: Download the software package as described in “Downloading Software Upgrades from Juniper Networks” on page 502. In the J-Web interface, select Manage>Software>Upload Package. Enter information into the fields described in Table 193 into the Upload Package Quick Configuration page.
Page 537: Downgrading The Software With The J-Web Interface
Performing Software Upgrades and Reboots Reboot the system ? [yes,no] (no) yes Shutdown NOW! All the software is activated when you issue the reboot command. The router then reboots from the primary boot device on which you just installed the software. When the reboot is complete, the router displays the login prompt.
Page 538: Configuring Boot Devices
J-series™ Services Router User Guide To downgrade to an earlier version of software, follow the procedure for upgrading, using the software bundle labeled for the appropriate release. junos-jseries Configuring Boot Devices You can configure boot devices to replace the primary boot device on your Services Router, or to act as a backup boot device.
Page 539: Copying Software Images To Boot Devices With Unix
Performing Software Upgrades and Reboots Option Description config-size size Specifies the size of the config partition, in megabytes. The default value is 10 percent of physical memory on the boot medium. The config partition is mounted on /config. The configuration files are stored in this partition.
Page 540: Copying Software Images To Boot Devices With Cygwin
J-series™ Services Router User Guide Connect the removable medium—compact flash drive or USB—to the UNIX computer. Determine the device address of the drive that the removable medium was mounted on. Copy the software package to the removable medium by entering the following command: dd if= filename of=/dev/r device address bs=64k NOTE: The copy process can take several minutes.
Page 541: Configuring A Boot Device To Receive Software Failure Memory Snapshots
Performing Software Upgrades and Reboots 523, “Removing and Installing the Removable Compact Flash Disk” on page 525, or “Removing and Installing the USB Drive” on page 527. Configuring a Boot Device to Receive Software Failure Memory Snapshots You can use the CLI command to specify the medium set system dump device to use for the Services Router to store system software failure memory...
Page 542: Rebooting Or Halting A Services Router With The J-Web Interface
J-series™ Services Router User Guide Rebooting or Halting a Services Router with the J-Web Interface You can use the J-Web interface to schedule a reboot or halt the Services Router. Figure 99 shows the Reboot page for the router. Figure 99: Reboot Page To reboot or halt the router with the J-Web interface: In the J-Web interface, select Manage>Reboot.
Page 543 Performing Software Upgrades and Reboots Reboot in number of minutes—Reboots the router in the number of minutes from now that you specify. Reboot when the system time is hour : minute —Reboots the router at the absolute time that you specify, on the current day. You must select a 2-digit hour in 24-hour format, and a 2-digit minute.
Page 544: Rebooting The Services Router With The Cli
J-series™ Services Router User Guide Rebooting the Services Router with the CLI You can use the CLI command to schedule a request system reboot reboot of the Services Router: user@host> request system reboot <at time > <in minutes > <media type > <message “text”...
Page 545 Performing Software Upgrades and Reboots NOTE: If you cannot connect to the router through the port, shut down the CONSOLE router by pressing and holding the power button on the front panel until the POWER LED turns off. Once the router has shut down, you can power on the router by pressing the power button again.
Page 546 J-series™ Services Router User Guide Halting the Services Router with the CLI...
Page 547: Replacing And Troubleshooting Hardware Components
Removing and Installing the USB Drive on page 527 Removing and Installing DRAM Modules on page 529 Replacing a Power Supply Cord in a J2300 or J4300 Router on page 532 Replacing Power System Components in a J6300 Router on page 533...
Page 548: Tools And Parts Required
J-series™ Services Router User Guide Tools and Parts Required To replace hardware components, you need the tools and parts listed in Table 198. Table 198: Tools and Parts Required Tool or Part Components Electrostatic bag or antistatic mat Electrostatic discharge (ESD) grounding wrist strap Phillips (+) screwdriver, number 2 DRAM...
Page 549: Replacing And Troubleshooting Hardware Components
Replacing and Troubleshooting Hardware Components Removing a PIM The PIMs are installed in the front of the Services Router. A PIM weighs less than 1 lb (0.5 kg). To remove a PIM (see Figure 100): Place an electrostatic bag or antistatic mat on a flat, stable surface to receive the PIM.
Page 550: Installing A Pim
J-series™ Services Router User Guide Figure 100: Removing a PIM ST AT US PO RT AL AR M C O N FI ST AT US PO W ER PO RT Captive screws Installing a PIM To install a PIM (see Figure 101): Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the Services Router is disconnected from earth ground.
Page 551: Replacing Pim Cables
Replacing and Troubleshooting Hardware Components Secure the cable so that it is not supporting its own weight as it hangs to the floor. Place excess cable out of the way in a neatly coiled loop. Use fasteners to maintain the shape of cable loops. Press and release the power button to power on the router.
Page 552: Removing A Pim Cable
J-series™ Services Router User Guide Removing a PIM Cable To remove a PIM cable: If you are removing all cables connected to the PIM, issue the following CLI command to take the PIM offline: user@host> request chassis pic fpc-slot fpc-slot pic-slot pim-slot offline For example, to take the PIM in slot 4 offline, enter the following command: user@host>...
Page 553: Removing And Installing The Primary Compact Flash Disk
Replacing and Troubleshooting Hardware Components For example, to bring the PIM in slot 4 online, enter the following command: user@host> request chassis pic fpc-slot 4 pic-slot 0 online For more information about the command, see the JUNOS Protocols, Class of Service, and System Basics Command Reference.
Page 554: Installing The Primary Compact Flash Disk
J-series™ Services Router User Guide Gently grasp the compact flash disk, and slide it out of the connector. Place the compact flash disk on the antistatic mat or in the electrostatic bag (see Figure 102). Figure 102: Removing the Primary Compact Flash Disk Installing the Primary Compact Flash Disk To install the primary compact flash disk (see Figure 103): NOTE: If you plan to boot the Services Router from the primary compact flash disk,...
Page 555: Removing And Installing The Removable Compact Flash Disk
Replacing and Troubleshooting Hardware Components Tighten the thumbscrew that secures the compact flash drive cover to the rear of the chassis. Install the power cord into the power supply. Press and release the power button to power on the router. Verify that the LED lights steadily after you press the power button.
Page 556 J-series™ Services Router User Guide The removable compact flash drive is located in a slot on the front panel of the Services Router. To remove the removable compact flash disk (see Figure 104): Place an electrostatic bag or antistatic mat on a flat, stable surface. Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the router is disconnected from earth ground.
Page 557: Installing The Removable Compact Flash Disk
Replacing and Troubleshooting Hardware Components Figure 104: Removing the Removable Compact Flash Disk Installing the Removable Compact Flash Disk To install the removable compact flash disk, follow this procedure (see Figure 105): Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the router is disconnected from earth ground.
Page 558: Removing The Usb Drive
For information about configuring the USB drive, see “Configuring Boot Devices” on page 508. NOTE: For a list of supported USB drives, see the J-series release notes at http://www.juniper.net To remove and install a USB drive, perform the following procedures: “Removing the USB Drive” on page 528 “Installing the USB Drive”...
Page 559: Installing The Usb Drive
To install the USB drive: NOTE: For a list of supported USB drives, see the J-series release notes at http://www.juniper.net Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the router is disconnected from earth ground.
Page 560 J-series™ Services Router User Guide The DRAM modules are located on the top of the Routing Engine. To remove a DRAM module: Place an electrostatic bag or antistatic mat on a flat, stable surface. Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the router is disconnected from earth ground.
Page 561: Installing A Dram Module
Replacing and Troubleshooting Hardware Components Figure 106: Removing a DRAM Module from the Routing Engine Chassis rear Installing a DRAM Module To install a DRAM module onto the Routing Engine (see Figure 107): Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the router is disconnected from earth ground.
Page 562: Replacing A Power Supply Cord In A J2300 Or J4300 Router
Figure 107: Installing a DRAM Module Chassis rear Replacing a Power Supply Cord in a J2300 or J4300 Router To replace the power cord for an AC power supply: Locate a replacement power cord with the type of plug appropriate for your geographical location (see “AC Power, Connection, and Power Cord...
Page 563: Replacing Power System Components In A J6300 Router
Replacing and Troubleshooting Hardware Components Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the router is disconnected from earth ground. For more information about ESD, see “Preventing Electrostatic Discharge Damage”...
Page 564: Removing A Power Supply In A J6300 Router
J-series™ Services Router User Guide Removing a Power Supply in a J6300 Router The power supplies are located at the right rear of the chassis. A power supply weighs 2.4 lb (1.1 kg). CAUTION: Do not leave a power supply slot empty for more than a short time while the Services Router is operational.
Page 565: Installing A Power Supply In A J6300 Router
Replacing and Troubleshooting Hardware Components Installing a Power Supply in a J6300 Router To install a power supply in a J6300 Services Router (see Figure 109): Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to the ESD point on the chassis, or to an outside ESD point if the router is disconnected from earth ground.
Page 566: Replacing A Power Supply Cord In A J6300 Router
This section provides an overview of the resources you can use to troubleshoot hardware problems on the Services Router: Chassis Alarm Conditions on page 536 Contacting the Juniper Networks Technical Assistance Center on page 538 Chassis Alarm Conditions When the Routing Engine detects an alarm condition, it lights the yellow (amber) ALARM LED on the front panel as appropriate.
Page 567 JTAC. USB drive. (See “Contacting the Juniper Networks Technical Typically, the router boots Assistance Center” on page from the primary compact 538.) flash disk. If you configured your router to boot from an alternative boot device, ignore this alarm condition.
Page 568: Contacting The Juniper Networks Technical Assistance Center
JTAC, see “Contacting the Juniper Networks Technical Assistance Center” on page 538. Contacting the Juniper Networks Technical Assistance Center If you need assistance while troubleshooting a Services Router, open a support case using the Case Manager link at , or call 1-888-314-JTAC http://www.juniper.net/support/...
Page 569: Safety And Regulatory Compliance
Part 10 J-series Requirements and Specifications Preparing for Router Installation on page 541 Network Cable Specifications and Connector Pinouts on page 551 Safety and Regulatory Compliance Information on page 563 J-series Requirements and Specifications...
Page 570 J-series Requirements and Specifications...
Page 571: Preparing For Router Installation
Chapter 26 Preparing for Router Installation This chapter describes how to prepare for installation of a J-series Services Router. It discusses the following topics: General Site Guidelines on page 541 Desktop and Wall Mounting Requirements on page 542 Rack Requirements on page 542 Router Environmental Tolerances on page 543 Fire Safety Requirements on page 544 Power Guidelines, Requirements, and Specifications on page 545...
Page 572: Desktop And Wall Mounting Requirements
If you are mounting the J2300 router on a wall, use wall screws or wall anchors capable of supporting the full weight of the chassis, up to 12 lb (5.4 kg). If possible, install the wall anchors into wall studs, which provide added support for the chassis.
Page 573: Chapter 26 Preparing For Router Installation
If a front-mount rack is used, we recommend supporting the back of the router with a shelf or other structure. The J2300 chassis height of 1.75 in. (4.4 cm) equals 1 U. The J4300 and J6300 chassis height of 3.5 in. (8.9 cm) equals 2 U. Each U is a standard rack unit defined in Cabinets, Racks, Panels, and Associated Equipment (document number EIA-310-D) published by the Electronics Industry Association.
Page 574: Fire Safety Requirements
In addition, establish procedures to protect your equipment in the event of a fire emergency. Juniper Networks products must be installed in an environment suitable for electronic equipment. We recommend that fire suppression...
Page 575: Power Guidelines, Requirements, And Specifications
NOTE: To keep warranties effective, do not use a dry chemical fire extinguisher to control a fire at or near a Juniper Networks router. If a dry chemical fire extinguisher is used, the unit is no longer eligible for coverage under a service agreement.
Page 576: Radio Frequency Interference
Router Power Requirements Table 201 lists the power system electrical specifications for the J2300 Services Router. Table 201: Power System Electrical Specifications for the J2300 Services Router Item Specification Operating range: 100 to 240 VAC AC input voltage...
Page 577: Ac Power, Connection, And Power Cord Specifications
Preparing for Router Installation Table 202: Power System Electrical Specifications for the J4300 Services Router Item Specification AC input voltage Operating range: 100 to 240 VAC AC input line frequency 47 to 63 Hz AC system current rating 6 to 3 A Table 203 lists the power system electrical specifications for the J6300 Services Router.
Page 578: Network Cable Specifications
NOTE: Power cords and cables must not block access to router components or drape where people might trip on them. For information about the AC power supply, see “J2300 Power System” on page 15, “J4300 Power System” on page 26, or “J6300 Power System” on page 26.
Page 579 Preparing for Router Installation Table 205: Site Preparation Checklist Item or Task Performed By Date Notes Verify that environmental factors such as temperature and humidity do not exceed router tolerances. Measure the distances between external power sources and the router installation site. Select the type of rack.
Page 580 J-series™ Services Router User Guide Site Preparation Checklist...
Page 581: Network Cable Specifications And Connector Pinouts
Chapter 27 Network Cable Specifications and Connector Pinouts The network interfaces supported on the router accept different kinds of network cable. Serial PIM Cable Specifications on page 551 RJ-45 Connector Pinouts for the Routing Engine (Ethernet) Port on page 559 DB-9 Connector Pinouts for the Console Port on page 559 E1 and T1 RJ-48 Cable Pinouts on page 560 Serial PIM Cable Specifications...
Page 582: Rs-232 Dte Cable Pinout
J-series™ Services Router User Guide End-to-End Name Connector Connector Hardware Conductors Pinouts V.35 DCE M/34 female Standard (Normally Table 214 included with M/34 connector shell) X.21 DTE DB-15 male M3 threaded jackscrews Table 215 X.21 DCE DB-15 female M3 threaded jacknuts Table 216 RS-232 DTE Cable Pinout Table 207: RS-232 DTE Cable Pinout...
Page 583: Chapter 27 Network Cable Specifications And Connector Pinouts
Network Cable Specifications and Connector Pinouts LFH-60 Pin DB-25 Pin LFH-60 Pairing Description – Clear to Send – Data Set Ready – Signal Ground – Data Carrier Detect – Transmit Clock – Receive Clock – Local Loopback – Data Terminal Ready –...
Page 584: Rs-422/449 (Eia-449) Dce Cable Pinout
J-series™ Services Router User Guide LFH-60 Pin DC-37 (DB-37) Pin LFH-60 Pairing Description Data Mode (B) Terminal Ready (B) Receiver Ready (B) Terminal Timing (B) – Send Common – – – 26 to 25 – – – 18 to 17 RS-422/449 (EIA-449) DCE Cable Pinout Table 210: RS-422/449 (EIA-449) DCE Cable Pinout LFH-60 Pin...
Page 585: Eia-530A Dte Cable Pinout
Network Cable Specifications and Connector Pinouts LFH-60 Pin DC-37 (DB-37) Pin LFH-60 Pairing Description Terminal Timing (B) – Send Common – – – 26 to 25 EIA-530A DTE Cable Pinout Table 211: EIA-530A DTE Cable Pinout LFH-60 Pin DB-25 Pin LFH-60 Pairing Description –...
Page 586: Eia-530A Dce Cable Pinout
J-series™ Services Router User Guide EIA-530A DCE Cable Pinout Table 212: EIA-530A DCE Cable Pinout LFH-60 Pin DB-25 Pin LFH-60 Pairing Description – Shield Ground Transmit Data (A) Receive Data (A) Request to Send (A) Clear to Send (A) – Data Set Ready (A) –...
Page 587: V.35 Dce Cable Pinout
Network Cable Specifications and Connector Pinouts LFH-60 Pin M/34 Pin LFH-60 Pairing Description – Request to Send – Clear to Send – Data Set Ready – Received Line Signal Detector – Data Terminal Ready – Test Mode Transmit Data (A) Receive Data (A) Transmit Data (B) Receive Data (B)
Page 588: X.21 Dte Cable Pinout
J-series™ Services Router User Guide LFH-60 Pin M/34 Pin LFH-60 Pairing Description Receive Data (B) Terminal Timing (A) Receive Timing (A) Terminal Timing (B) Receive Timing (B) Transmit Timing (A) Transmit Timing (B) 22 to 21 – – – – –...
Page 589: X.21 Dce Cable Pinout
Network Cable Specifications and Connector Pinouts X.21 DCE Cable Pinout Table 216: X.21 DCE Cable Pinout LFH-60 Pin DB-15 Pin LFH-60 Pairing Description – Shield Ground Transmit Data (A) Control (A) Receive (A) Indicate (A) Signal Element Timing (A) – Signal Ground Transmit Data (B) Control (B)
Page 590: E1 And T1 Rj-48 Cable Pinouts
J-series™ Services Router User Guide Table 218: DB-9 Connector Pinout Signal Direction Description <– Carrier Detect <– Receive Data –> Transmit Data –> Data Terminal Ready — Ground Signal Ground <– Data Set Ready –> Request To Send <– Clear To Send <–...
Page 591 Network Cable Specifications and Connector Pinouts Table 220: RJ-48 Connector to RJ-48 Connector (Crossover) Pinout RJ-48 Pin (on T1/E1 RJ-48 Pin PIM) (Data numbering (Data numbering form) form) Signal RX/Ring/– <––>TX/Ring/– RX/Tip/+ <––>TX/Tip/+ TX/Ring/– <––>RX/Ring/– TX/Tip/+ <––>RX/Tip/+ Shield/Return/Ground Shield/Return/Ground No connect No connect No connect No connect...
Page 592 J-series™ Services Router User Guide Table 222: RJ-48 Connector to DB-15 Connector (Crossover) Pinout RJ-48 Pin (on T1/E1 DB-15 Pin PIM) (Data numbering (Data numbering form) form) Signal RX/Ring/– <––>TX/Ring/– RX/Tip/+ <––>TX/Tip/+ TX/Ring/– <––>RX/Ring/– TX/Tip/+ <––>RX/Tip/+ Shield/Return/Ground Shield/Return/Ground No connect No connect No connect No connect...
Page 593: Safety And Regulatory Compliance Information
Chapter 28 Safety and Regulatory Compliance Information To install and use the Services Router safely, follow proper safety procedures. This chapter discusses the following safety and regulatory compliance information: Definition of Safety Warning Levels on page 563 Safety Guidelines and Warnings on page 565 Agency Approvals on page 597 Compliance Statements for EMC Requirements on page 598 Definition of Safety Warning Levels...
Page 594 J-series™ Services Router User Guide WARNING: Waarschuwing Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico’s en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen.
Page 595: Chapter 28 Safety And Regulatory Compliance Information
Safety and Regulatory Compliance Information WARNING: Aviso Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos físicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. WARNING: ¡Atención! Este símbolo de aviso significa peligro.
Page 596 J-series™ Services Router User Guide potentially hazardous situations in your working environment, so be alert and exercise good judgment at all times. Perform only the procedures explicitly described in this manual. Make sure that only authorized service personnel perform other system services. Keep the area around the chassis clear and free from dust before, during, and after installation.
Page 597: Qualified Personnel Warning
Safety and Regulatory Compliance Information Qualified Personnel Warning WARNING: Only trained and qualified personnel should install or replace the Services Router. Waarschuwing Installatie en reparaties mogen uitsluitend door getraind en bevoegd personeel uitgevoerd worden. Varoitus Ainoastaan koulutettu ja pätevä henkilökunta saa asentaa tai vaihtaa tämän laitteen.
Page 598: Electrical Safety Guidelines And Warnings
ESD strap is attached to one of the electrostatic discharge points on the chassis, which are shown in Figure 1 and Figure 2 for the J2300 chassis and in Figure 6 and Figure 7 for the J4300 chassis and J6300 chassis.
Page 599: General Electrical Safety Guidelines
Safety and Regulatory Compliance Information General Electrical Safety Guidelines Install the Services Router in compliance with the following local, national, or international electrical codes: United States—National Fire Protection Association (NFPA 70), United States National Electrical Code. Canada—Canadian Electrical Code, Part 1, CSA C22.1. Other countries—International Electromechanical Commission (IEC) 60364, Part 1 through Part 7.
Page 600: Grounded Equipment Warning
J-series™ Services Router User Guide circumvent this safety feature. Equipment grounding should comply with local and national electrical codes. You must provide an external circuit breaker rated minimum 15 A in the building installation. The power cord serves as the main disconnecting device. The socket outlet must be near the router and be easily accessible.
Page 601: Warning Statement For Norway And Sweden
Safety and Regulatory Compliance Information WARNING: Avvertenza Questa apparecchiatura deve essere collegata a massa. Accertarsi che il dispositivo host sia collegato alla massa di terra durante il normale utilizzo. Advarsel Dette utstyret skal jordes. Forviss deg om vertsterminalen er jordet ved normalt bruk.
Page 602: Multiple Power Supplies Disconnection Warning
J-series™ Services Router User Guide Multiple Power Supplies Disconnection Warning WARNING: The J6300 Services Router has more than one power supply connection. All connections must be removed completely to remove power from the unit completely. WARNING: Waarschuwing Deze J6300 eenheid heeft meer dan één stroomtoevoerverbinding;...
Page 603: Power Disconnection Warning
Safety and Regulatory Compliance Information WARNING: Aviso Este J6300 dispositivo possui mais do que uma conexão de fonte de alimentação de energia; para poder remover a fonte de alimentação de energia, deverão ser desconectadas todas as conexões existentes. WARNING: ¡Atención! Esta J6300 unidad tiene más de una conexión de suministros de alimentación;...
Page 604: Tn Power Warning
J-series™ Services Router User Guide WARNING: Warnung Bevor Sie an einem Chassis oder in der Nähe von Netzgeräten arbeiten, ziehen Sie bei Wechselstromeinheiten das Netzkabel ab bzw. WARNING: Avvertenza Prima di lavorare su un telaio o intorno ad alimentatori, scollegare il cavo di alimentazione sulle unità CA. WARNING: Advarsel Før det utføres arbeid på...
Page 605 Safety and Regulatory Compliance Information WARNING: Waarschuwing Het apparaat is ontworpen om te functioneren met TN energiesystemen. WARNING: Varoitus Koje on suunniteltu toimimaan TN-sähkövoimajärjestelmien yhteydessä. WARNING: Attention Ce dispositif a été conçu pour fonctionner avec des systèmes d’alimentation TN. WARNING: Warnung Das Gerät ist für die Verwendung mit TN-Stromsystemen ausgelegt.
Page 606: Telecommunication Line Cord Warning
J-series™ Services Router User Guide WARNING: Varning! Enheten är konstruerad för användning tillsammans med elkraftssystem av TN-typ. Telecommunication Line Cord Warning WARNING: To reduce the risk of fire, use only No. 26 AWG or larger UL-listed or CSA-certified telecommunication line cord. WARNING: Waarschuwing Om brandgevaar te reduceren, dient slechts telecommunicatielijnsnoer nr.
Page 607: Installation Safety Guidelines And Warnings
The weight of a fully configured chassis is approximately 12 lbs (5.4 kg) for a J2300 Services Router, 21 lbs (9.5 kg) for a J4300 Services Router, and 24 lb (10.9 kg) for a J6300 Services Router. Observe the following guidelines for lifting and moving a Services Router: Before moving the Services Router, read the guidelines in “Preparing for Router...
Page 608: Installation Instructions Warning
J-series™ Services Router User Guide Installation Instructions Warning WARNING: Read the installation instructions before you connect the router to a power source. Waarschuwing Raadpleeg de installatie-aanwijzingen voordat u het systeem met de voeding verbindt. Varoitus Lue asennusohjeet ennen järjestelmän yhdistämistä virtalähteeseen. Attention Avant de brancher le système sur la source d’alimentation, consulter les directives d’installation.
Page 609 De onderstaande richtlijnen worden verstrekt om uw veiligheid te verzekeren: De Juniper Networks router moet in een stellage worden geïnstalleerd die aan een bouwsel is verankerd. Dit toestel dient onderaan in het rek gemonteerd te worden als het toestel het enige in het rek is.
Page 610 Les directives ci-dessous sont destinées à assurer la protection du personnel: Le rack sur lequel est monté le Juniper Networks router doit être fixé à la structure du bâtiment. Si cette unité constitue la seule unité montée en casier, elle doit être placée dans le bas.
Page 611 Le seguenti direttive vengono fornite per garantire la sicurezza personale: Il Juniper Networks router deve essere installato in un telaio, il quale deve essere fissato alla struttura dell’edificio. Questa unità deve venire montata sul fondo del supporto, se si tratta dell’unica unità...
Page 612 Vær nøye med at systemet er stabilt. Følgende retningslinjer er gitt for å verne om sikkerheten: Juniper Networks router må installeres i et stativ som er forankret til bygningsstrukturen. Denne enheten bør monteres nederst i kabinettet hvis dette er den eneste enheten i kabinettet.
Page 613: Ramp Warning
Para garantizar su seguridad, proceda según las siguientes instrucciones: El Juniper Networks router debe instalarse en un bastidor fijado a la estructura del edificio. Colocar el equipo en la parte inferior del bastidor, cuando sea la única unidad en el mismo.
Page 614: Laser And Led Safety Guidelines And Warnings
J-series™ Services Router User Guide Warnung Keine Rampen mit einer Neigung von mehr als 10 Grad verwenden. WARNING: Avvertenza Non usare una rampa con pendenza superiore a 10 gradi. Advarsel Bruk aldri en rampe som heller mer enn 10 grader. Aviso Não utilize uma rampa com uma inclinação superior a 10 graus.
Page 615: Class 1 Laser Product Warning
Safety and Regulatory Compliance Information Class 1 Laser Product Warning WARNING: Class 1 laser product. Waarschuwing Klasse-1 laser produkt. Varoitus Luokan 1 lasertuote. Attention Produit laser de classe I. Warnung Laserprodukt der Klasse 1. WARNING: Avvertenza Prodotto laser di Classe 1. Advarsel Laserprodukt av klasse 1.
Page 616: Laser Beam Warning
J-series™ Services Router User Guide ¡Atención! Aviso sobre producto LED de Clase 1. Varning! Lysdiodprodukt av klass 1. Laser Beam Warning WARNING: Do not stare into the laser beam or view it directly with optical instruments. WARNING: Waarschuwing Niet in de straal staren of hem rechtstreeks bekijken met optische instrumenten.
Page 617: Radiation From Open Port Apertures Warning
Safety and Regulatory Compliance Information WARNING: Aviso Não olhe fixamente para o raio, nem olhe para ele directamente com instrumentos ópticos. WARNING: ¡Atención! No mirar fijamente el haz ni observarlo directamente con instrumentos ópticos. WARNING: Varning! Rikta inte blicken in mot strålen och titta inte direkt på den genom optiska instrument.
Page 618: Maintenance And Operational Safety Guidelines And Warnings
J-series™ Services Router User Guide WARNING: Warnung Aus der Port-Öffnung können unsichtbare Strahlen emittieren, wenn kein Glasfaserkabel angeschlossen ist. Vermeiden Sie es, sich den Strahlungen auszusetzen, und starren Sie nicht in die Öffnungen! WARNING: Avvertenza Quando i cavi in fibra non sono inseriti, radiazioni invisibili possono essere emesse attraverso l’apertura della porta.
Page 619: Battery Handling Warning
Safety and Regulatory Compliance Information Battery Handling Warning WARNING: Replacing the battery incorrectly might result in an explosion. Replace the battery only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer’s instructions.
Page 620: Jewelry Removal Warning
J-series™ Services Router User Guide WARNING: Avvertenza Pericolo di esplosione se la batteria non è installata correttamente. Sostituire solo con una di tipo uguale o equivalente, consigliata dal produttore. Eliminare le batterie usate secondo le istruzioni del produttore. WARNING: Aviso Existe perigo de explosão se a bateria for substituída incorrectamente.
Page 621 Safety and Regulatory Compliance Information WARNING: Varoitus Ennen kuin työskentelet voimavirtajohtoihin kytkettyjen laitteiden parissa, ota pois kaikki korut (sormukset, kaulakorut ja kellot mukaan lukien). Metalliesineet kuumenevat, kun ne ovat yhteydessä sähkövirran ja maan kanssa, ja ne voivat aiheuttaa vakavia palovammoja tai hitsata metalliesineet kiinni liitäntänapoihin.
Page 622: Lightning Activity Warning
J-series™ Services Router User Guide a ligação à terra, podendo causar queimaduras graves ou ficarem soldados aos terminais. WARNING: ¡Atención! Antes de operar sobre equipos conectados a líneas de alimentación, quitarse las joyas (incluidos anillos, collares y relojes). Los objetos de metal se calientan cuando se conectan a la alimentación y a tierra, lo que puede ocasionar quemaduras graves o que los objetos metálicos queden soldados a los bornes.
Page 623: Operating Temperature Warning
Safety and Regulatory Compliance Information WARNING: Warnung Arbeiten Sie nicht am System und schließen Sie keine Kabel an bzw. trennen Sie keine ab, wenn es gewittert. WARNING: Avvertenza Non lavorare sul sistema o collegare oppure scollegare i cavi durante un temporale con fulmini. WARNING: Advarsel Utfør aldri arbeid på...
Page 624 15,2 cm tilaa. WARNING: Attention Pour éviter toute surchauffe des routeurs de la gamme Juniper Networks router, ne l’utilisez pas dans une zone où la température ambiante est supérieure à 40 C. Pour permettre un flot d’air constant, dégagez un espace d’au moins 15,2 cm autour des ouvertures de ventilations.
Page 625: Product Disposal Warning
40 C. Para evitar a restrição à circulação de ar, deixe pelo menos um espaço de 15,2 cm à volta das aberturas de ventilação. WARNING: ¡Atención! Para impedir que un encaminador de la serie Juniper Networks router se recaliente, no lo haga funcionar en un área en la que se supere la temperatura ambiente máxima recomendada de 40 C.
Page 626 J-series™ Services Router User Guide WARNING: Attention La mise au rebut définitive de ce produit doit être effectuée conformément à toutes les lois et réglementations en vigueur. WARNING: Warnung Dieses Produkt muß den geltenden Gesetzen und Vorschriften entsprechend entsorgt werden. WARNING: Avvertenza L’eliminazione finale di questo prodotto deve essere eseguita osservando le normative italiane vigenti in materia WARNING: Advarsel Endelig disponering av dette produktet må...
Page 627: Agency Approvals
Safety and Regulatory Compliance Information Agency Approvals The Services Router complies with the following standards: Safety CAN/CSA-22.2 No. 60950–1–03–UL 60950–1 Safety of Information Technology Equipment EN 60950–1 Safety of Information Technology Equipment EN 60825-1 Safety of Laser Products - Part 1: Equipment Classification, Requirements and User’s Guide AS/NZS 3548 Class B (Australia/New Zealand) EN 55022 Class B Emissions (Europe)
Page 628: Compliance Statements For Emc Requirements
J-series™ Services Router User Guide Compliance Statements for EMC Requirements Canada This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operational, and safety requirements.
Page 629: Taiwan
Safety and Regulatory Compliance Information The preceding translates as follows: This is a Class B product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this product is used near a radio or television receiver in a domestic environment, it may cause radio interference.
Page 630: Fcc Part 68 Statement
J-series™ Services Router User Guide encouraged to try and correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and the receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Page 631: Customer Support And Product Return
Part 11 Customer Support and Product Return Contacting Customer Support and Returning Hardware on page 603 Customer Support and Product Return...
Page 632 Customer Support and Product Return...
Page 633: Contacting Customer Support And Returning Hardware
Contacting Customer Support and Returning Hardware This chapter describes how to return the Services Router or individual components to Juniper Networks for repair or replacement. It contains the following topics: Locating Component Serial Numbers on page 603 Contacting Customer Support on page 605...
Page 634 J-series™ Services Router User Guide Figure 112: J2300 Serial Number ID Label Serial number ID label Figure 113: J4300 Serial Number ID Label Serial number ID label Locating Component Serial Numbers...
Page 635: Pim Serial Number Label
AC power supply. Contacting Customer Support After you have located the serial numbers of the components you need to return, contact Juniper Networks Technical Assistance Center (JTAC) in one of the following ways. Contacting Customer Support...
Page 636: Information You Might Need To Supply To Jtac
This number is used to track the returned material at the factory and to return repaired or new components to the customer as needed. NOTE: Do not return any component to Juniper Networks unless you have first obtained an RMA number. Juniper Networks reserves the right to refuse shipments that do not have an RMA.
Page 637: Packing A Router Or Component For Shipment
To pack the router for shipment, follow this procedure: Retrieve the shipping carton and packing materials in which the router was originally shipped. If you do not have these materials, contact your Juniper Networks representative about approved packaging materials. Packing a Router or Component for Shipment...
Page 638 Disconnect power from the router. For instructions, see “Replacing a Power Supply Cord in a J2300 or J4300 Router” on page 532 or “Replacing a Power Supply Cord in a J6300 Router” on page 536. Remove the cables that connect to all external devices. For instructions, see “Removing a PIM Cable”...
Page 639: Packing Components For Shipment
Contacting Customer Support and Returning Hardware Packing Components for Shipment To pack and ship individual components, follow these guidelines: When you return components, make sure they are adequately protected with packing materials and packed so that the pieces are prevented from moving around inside the carton.
Page 640 J-series™ Services Router User Guide Packing a Router or Component for Shipment...
Page 641 Part 12 Indexes Indexes...
Page 642 Indexes...
Page 643: Index
J2300 ........
Page 644 J-series™ Services Router User Guide J4300 and J6300 ........28 assured forwarding .
Page 645 Index See also ASs (autonomous systems), AS creating (configuration editor) ....342 number description ........283, 332 AS path.
Page 646 J2300 ........
Page 647 J2300 ........
Page 648 J-series™ Services Router User Guide summaries ......... 141 downgrading (J-Web) .
Page 649 J2300 ........
Page 650 See also DSCPs desk installation (J2300 only) ......37 configuration tasks ....... . 428 clearance requirement .
Page 651 Index function ..........49 MTU .
Page 652 J2300 ........
Page 653 J2300 front panel ........11...
Page 654 ......... . 205 wall (J2300 only)........38 setting for a CLI session .
Page 655: Ipsec Tunnels
........79 J2300 network management......241 boot devices .
Page 656 ......... . . 11 Juniper Networks Technical Assistance Center See JTAC hardware .
Page 657: License Keys
Index serial ports ......... . .71 labels, serial number .
Page 658 PIMs ..........518 messages See BGP messages; keepalive messages; power cord, replacing (J2300 or J4300) ..532 system log messages power system (J6300) .
Page 659 J2300 rack installation.......40 dense mode........466 J4300 and J6300 rack installation.
Page 660 J-series™ Services Router User Guide applying to an interface (configuration editor) . . . 398 sample BGP peer network......336 configuration editor .
Page 661 Index OK button supported versions ....... . 270 J-Web configuration editor ......135 three-way handshake .
Page 662 J2300 LAN........
Page 663: Quick Configuration
J2300 ........
Page 664 J2300 ........
Page 665 Index returning hardware ........603 RMA (Return Materials Authorization) .
Page 666 RIP traffic with the incoming metric . . 303 J2300 functions and components ....10 controlling RIP traffic with the outgoing metric . . 304 J4300 functions and components .
Page 667 Index verifying OSPF routes ......327 schedulers RP (rendezvous point) assigning resources ....... . 447 static.
Page 668: Service Classes
J-series™ Services Router User Guide logical interfaces ........100 routing policy overview.
Page 669 J2300 ........
Page 670 J2300 hardware........
Page 671 Index static RP router ......... 474 file cleanup (J-Web) .
Page 672 J-series™ Services Router User Guide framing..........98 terms logical interfaces .
Page 673 J2300 USB port ........13...
Page 674: Virtual Channels
V.35 DTE cable pinouts ....... . . 556 wall installation (J2300 only) ......38 ventilation requirement .
Page 675 Index signaling limitations ....... 545 X.21 DTE cable pinouts....... . . 558 suppressing electromagnetic interference (EMI) .

This manual is also suitable for:

J2350 J2320 J4300 J6300 J6350 J4350

Juniper J2300 User Manual

About this Guide

J-Series Overview

Part 1 J-Series Overview

Chapter 1 Introducing the J-Series Services Router

System Overview

Chapter 2 System Overview

Installing the J-Series Services Router

Chapter 3 Installing and Connecting a Services Router

Establishing Basic Connectivity

Chapter 4 Establishing Basic Connectivity

Managing J-Series Licenses

Chapter 5 Managing J-Series Licenses

Chapter 6 Configuring Network Interfaces

Using the J-Series User Interfaces

Chapter 7 J-Series User Interface Overview

J-Series User Interface Overview

Chapter 8 Using J-Series Configuration Tools

Using J-Series Configuration Tools

Managing the Services Router

Part 4 Managing the Services Router

Managing Users and Operations

Chapter 9 Managing Users and Operations

Monitoring and Diagnosing a Services Router

Chapter 10 Monitoring and Diagnosing a Services Router

Configuring SNMP for Network Management

Chapter 11 Configuring SNMP for Network Management

Quick Links

User Guide

Troubleshooting

Related Manuals for Juniper J2300

Summary of Contents for Juniper J2300