Page 1 JUNOSe Software for E Series Broadband Services Routers System Basics Configuration Guide Release 11.1.x Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 408-745-2000 www.juniper.net Published: 2010-03-31...
Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3 AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”)
Page 4 (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 http://www.gnu.org/licenses/gpl.html...
Page 5 agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein.
Page 7 Abbreviated Table of Contents About the Documentation xxvii Part 1 Chapters Chapter 1 Planning Your Network Chapter 2 Command-Line Interface Chapter 3 Installing JUNOSe Software Chapter 4 Configuring SNMP Chapter 5 Managing the System Chapter 6 Managing Modules Chapter 7 Passwords and Security Chapter 8 Writing CLI Macros...
Page 8 JUNOSe 11.1.x System Basics Configuration Guide viii...
Page 9: Table Of Contents
Table of Contents About the Documentation xxvii E Series and JUNOSe Documentation and Release Notes ......xxvii Audience ....................xxvii E Series and JUNOSe Text and Syntax Conventions ........xxvii Obtaining Documentation ................xxix Documentation Feedback ................xxix Requesting Technical Support ..............xxix Self-Help Online Tools and Resources ...........xxx Opening a Case with JTAC ..............xxx Part 1 Chapters...
Page 10 JUNOSe 11.1.x System Basics Configuration Guide Configuring Data Link-Layer Interfaces ............17 Configuring IP/Frame Relay ..............17 Configuring IP/ATM .................19 Configuring IP/PPP ..................20 Configuring IP/HDLC ................22 Configuring IP/Ethernet ................22 Configuring IP Tunnels, Shared IP Interfaces, and Subscriber Interfaces ..23 Configuring IP Tunnels ................23 Configuring Shared Interfaces and Subscriber Interfaces ......23 Configuring Routing Protocols ...............24 Configuring VRRP ..................25...
Page 11 Table of Contents Moving from Privileged Exec to User Exec Mode ........51 Logging Out ....................52 CLI Command Privileges ................52 CLI Privilege Groups ................52 Examples Using Privilege Group Membership .........53 CLI Command Exceptions ...............57 CLI Keyword Mapping ................58 Setting Privileges for Ambiguous Commands ..........58 Setting Privilege Levels for no or default Versions ........59 Setting Privilege Levels for Multiple Commands ........59 Setting Privilege Levels for All Commands in a Mode .......59...
Page 12 JUNOSe 11.1.x System Basics Configuration Guide IP PIM Data MDT Configuration Mode ............97 IP Service Profile Configuration Mode .............98 IPSec CA Identity Configuration Mode ............98 IPSec Identity Configuration Mode ............98 IPSec IKE Policy Configuration Mode ............99 IPSec Manual Key Configuration Mode ...........99 IPSec Peer Public Key Configuration Mode ...........100 IPSec Transport Profile Configuration Mode ..........100 IPSec Tunnel Profile Configuration Mode ..........100...
Page 13 Table of Contents Traffic Class Group Configuration Mode ..........121 Tunnel Group Configuration Mode ............121 Tunnel Group Tunnel Configuration Mode ..........121 Tunnel Profile Configuration Mode ............122 Tunnel Server Configuration Mode ............122 VRF Configuration Mode ...............123 VR Group Configuration Mode ..............123 Chapter 3 Installing JUNOSe Software Overview .....................125 Identifying the Software Release File ............126...
Page 14 SNMP Features Supported ..............149 SNMP Client ..................149 SNMP Server ..................150 SNMP MIBs ...................150 Standard SNMP MIBs ..............150 Juniper Networks E Series Enterprise MIBs ........150 Accessing Supported SNMP MIBs ...........150 SNMP Versions ..................150 Security Features ..................151 Management Features ................152 Virtual Routers ..................153 Creating SNMP Proxy ..............153...
Page 15 Table of Contents Trap Severity Levels ................169 Specifying an Egress Point for SNMP Traps ...........174 Configuring Trap Queues ..............174 Configuring Trap Notification Logs ............175 Recovering Lost Traps ................176 Configuring the SNMP Server Event Manager ..........177 Event MIB Purpose ................177 Event MIB Structure ................178 Trigger Table ..................178 Objects Table .................179 Event Table ..................179...
Page 16 JUNOSe 11.1.x System Basics Configuration Guide Using the CLI ....................255 Managing vty Lines ..................258 Configuring vty Lines ................259 Monitoring vty Lines ................260 Clearing Lines ....................261 Monitoring the Current Configuration ............261 Defining the Configuration Output Format ..........262 Customizing the Configuration Output ..........266 Detecting Corrupt File Configurations ...........271 Automatically Recovering Corrupt Configuration Files ......272 Configuring the System Automatically ............276...
Page 17 Table of Contents Configuring the NFS Client ................316 References ....................316 Prerequisites ..................316 Configuration Tasks ................316 Monitoring the NFS Client ..............317 Using a Loopback Interface .................318 Using the Telnet Client ................318 Configuring DNS ..................319 References ....................320 Assigning Name Servers ...............320 Using One Name Resolver for Multiple Virtual Routers ......322 Monitoring DNS ..................322 Troubleshooting the System ................323 Creating Core Dump Files ..............323...
Page 18 JUNOSe 11.1.x System Basics Configuration Guide Software Compatibility ................372 Line Modules ..................372 I/O Modules and IOAs ................372 Configuring Performance Rate of Line Modules on ERX7xx Models and the ERX1410 Router ...................373 Choosing a Combination of Line Modules ..........373 Slot Groups ..................373 SRP Modules Bandwidth ..............374 Line Modules Bandwidth and Switch Usage ........374 Allowed Combinations for Line Rate Performance ......375...
Page 19 Table of Contents Commands and Guidelines ..............419 Setting and Erasing Passwords ..............421 Privilege Levels ..................421 Accessing Privilege Levels ..............422 Setting Enable Passwords ..............422 Erasing Enable Passwords ..............422 Setting a Console Password ..............424 Erasing the Console Password ..............425 Monitoring Passwords ................426 Vty Line Authentication and Authorization ..........427 Configuring Simple Authentication ............427 Configuring AAA Authentication and AAA Authorization .......430...
Page 20 JUNOSe 11.1.x System Basics Configuration Guide Chapter 8 Writing CLI Macros Platform Considerations ................473 Writing Macros ....................473 Environment Commands ..............475 Capturing Output of Commands ............476 Adding Regular Expression Matching to Macros ........476 Extracting a Substring Based on Regular Expression Matching .....477 Adding Global Variables for Availability to the onError Macro ....477 Unique IDs for Macros ................478 Accurate Use of Error Status When Accessed Ourside of onError...
Page 21 Table of Contents Rebooting Your System ................514 Rebooting When a Command Takes a Prolonged Time to Execute ..516 Configuration Caching ................517 Operations in Boot Mode ................517 Displaying Boot Information ...............517 Output Filtering ..................520 Chapter 10 Configuring the System Clock Overview .....................521 NTP .......................521 System Operation as an NTP Client ............522 Synchronization ................523...
Page 22 JUNOSe 11.1.x System Basics Configuration Guide Part 2 Reference Material Appendix A Abbreviations and Acronyms Appendix B References RFCs ......................571 Draft RFCs ....................584 Other Software Standards ................587 Hardware Standards ..................590 Part 3 Index Index ......................595 xxii Table of Contents...
Page 23 List of Figures Part 1 Chapters Chapter 1 Planning Your Network Figure 1: Private Line Aggregation with the E Series Router ......5 Figure 2: B-RAS Application ................6 Figure 3: Network Configuration Using a Bottom-Up Approach .......7 Figure 4: E Series Router Support for Fractional T1/E1 Through T3/E3 Interfaces ....................11 Figure 5: Channelized T3 Interface Configuration Parameters .......13 Figure 6: T3 Interface Configuration Parameters ...........14...
Page 24 JUNOSe 11.1.x System Basics Configuration Guide xxiv List of Figures...
Page 25: List Of Tables
List of Tables About the Documentation xxvii Table 1: Notice Icons ................xxviii Table 2: Text and Syntax Conventions ............xxviii Part 1 Chapters Chapter 1 Planning Your Network Table 3: Common Access/Uplink Pairings ............5 Chapter 2 Command-Line Interface Table 4: Redirect Operators ................40 Table 5: Supported Regular Expression Metacharacters ........42 Table 6: Help Commands ................64 Table 7: Command-Line Editing Keys ............67...
Page 26 Passwords and Security Table 45: Commands Available at Different Privilege Levels .......421 Table 46: CLI User Access Levels ..............446 Table 47: Juniper Networks–Specific CLI Access VSA Descriptions ....447 Table 48: Juniper Networks–Specific Virtual Router Access VSA Descriptions ..................448 Table 49: Layer 2-Related Protocols ............462 Table 50: IP-Related Protocols ..............464...
Page 27: About The Documentation
If the information in the latest release notes differs from the information in the documentation, follow the JUNOSe Release Notes. To obtain the most current version of all Juniper Networks® technical documentation, see the product documentation page on the Juniper Networks website at http://www.juniper.net/techpubs/...
Page 28: Table 1: Notice Icons
JUNOSe 11.1.x System Basics Configuration Guide Table 1: Notice Icons Icon Meaning Description Informational note Indicates important features or instructions. Caution Indicates a situation that might result in loss of data or hardware damage. Warning Alerts you to the risk of personal injury or death. Laser warning Alerts you to the risk of personal injury from a laser.
Page 29: About The Documentation
CD-ROMs or DVD-ROMs, see the Offline Documentation page at http://www.juniper.net/techpubs/resources/cdrom.html Copies of the Management Information Bases (MIBs) for a particular software release are available for download in the software image bundle from the Juniper Networks Web site at http://www.juniper.net/...
Page 30: Self-Help Online Tools And Resources
7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/...
Page 31: Chapters
Part 1 Chapters Planning Your Network on page 3 Command-Line Interface on page 29 Installing JUNOSe Software on page 125 Configuring SNMP on page 147 Managing the System on page 251 Managing Modules on page 355 Passwords and Security on page 417 Writing CLI Macros on page 473 Booting the System on page 509 Configuring the System Clock on page 521...
Page 32 JUNOSe 11.1.x System Basics Configuration Guide Chapters...
Page 33: Planning Your Network
Planning Your Network This chapter describes planning steps that will make it easier to configure the physical interfaces, logical interfaces, and routing protocols for the Juniper Networks E Series Broadband Services Routers in: A new network that you are creating and implementing...
Page 34: Interface Specifiers
JUNOSe 11.1.x System Basics Configuration Guide See the E120 and E320 Module Guide for modules supported on the Juniper Networks E120 and E320 Broadband Services Routers. Interface Specifiers The configuration task examples in this chapter use the slot/port format to specify an interface.
Page 35: Xdsl Session Termination
Chapter 1: Planning Your Network Figure 1: Private Line Aggregation with the E Series Router The router supports a number of access and uplink methods; the most common pairings are listed in Table 3 on page 5. Table 3: Common Access/Uplink Pairings Access Uplink ATM, Fast Ethernet, Gigabit Ethernet, or POS...
Page 36: Layered Approach
JUNOSe 11.1.x System Basics Configuration Guide Figure 2: B-RAS Application The router then performs several functions: PPP session termination and authentication checking through PAP or CHAP Coordination with DHCP servers and local IP pools to assign IP addresses Connection to RADIUS servers or use of domain names to associate subscribers with user profile information Support for RADIUS accounting to gather detailed billing information Application of the user profile to the user traffic flow, which could include QoS,...
Page 37: Line Modules, I/O Modules, And Ioas
Chapter 1: Planning Your Network layered on top of physical (copper or optical) interfaces. The router supports a number of access protocols (PPP/POS, Frame Relay, ATM) that allow service providers to offer a number of access methods and line speeds to their subscribers. The router is optimized to handle IP connections regardless of the access protocol used.
Page 38: Interfaces
JUNOSe 11.1.x System Basics Configuration Guide POS line modules. Similarly, the term “ GE I/O modules” refers to both the GE Multimode I/O module and the GE Single Mode I/O module. For a complete list of the line modules and I/O modules available for ERX14xx models, ERX7xx models, and the ERX310 router, see ERX Module Guide, Table 1, Module Combinations.
Page 39: Interface Command
Chapter 1: Planning Your Network interface Command The interface command has the following format: interface interfaceType interfaceSpecifier Each interface type has an interface specifier associated with it. The interface specifier identifies the physical location of the interface on the router, such as the chassis slot and port number, and logical interface information, such as a T1 channel on a channelized T3 interface.
Page 40: Configuring Virtual Routers
JUNOSe 11.1.x System Basics Configuration Guide Configuring Virtual Routers Multiple distinct virtual routers are supported within a single router, which allows service providers to configure multiple, separate, secure routers within a single chassis. These routers are identified as virtual routers (VRs). Applications for this function include the creation of individual routers dedicated to wholesale customers, corporate virtual private network (VPN) users, or a specific traffic type.
Page 41: Line Module Features
Chapter 1: Planning Your Network GE-2 line module and GE-HDE line module support Gigabit Ethernet. OCx/STMx ATM line module supports OC3/STM1 ATM, OC12/STM4 ATM, and unchannelized T3. OCx/STMx POS line module supports OC3/STM1 POS and OC12/STM4 POS. OC48 line module supports OC48/STM16 POS. OC3/STM1 GE/FE line module supports OC3/STM1 ATM and Gigabit Ethernet.
Page 42: Configurable Hdlc Parameters
JUNOSe 11.1.x System Basics Configuration Guide DS1 framing type Both D4 framing mode and ESF framing mode DS3 loopback For line, payload, diagnostic, and DS1 loopbacks DS1 loopback For line, payload, and diagnostic loopbacks DS3/DS1 line status/alarm monitoring DS1 line coding type Both AMI line encoding and B8ZS line encoding Unique IP interface support For each PPP or Frame Relay PVC interface Configurable HDLC Parameters The following HDLC parameters are configurable:...
Page 43: Configuring T3 And E3 Interfaces
Chapter 1: Planning Your Network Figure 5: Channelized T3 Interface Configuration Parameters The following sample command sequence configures a serial interface for a CT3 12-F0 module. See JUNOSe Physical Layer Configuration Guide, for details. host1(config)#controller t3 0/1 host1(config-controll)#framing c-bit host1(config-controll)#clock source line host1(config-controll)#cablelength 220 host1(config-controll)#t1 2/1 host1(config-controll)#t1 2 framing esf...
Page 44: Configuring Ocx/Stmx And Oc48 Interfaces
JUNOSe 11.1.x System Basics Configuration Guide Figure 6: T3 Interface Configuration Parameters The following sample command sequence configures a serial interface for a T3 module. See JUNOSe Physical Layer Configuration Guide, for details. host1(config)#controller t3 0/1 host1(config-controll)#framing m23 host1(config-controll)#cablelength 300 host1(config-controll)#ds3-scramble host1(config-controll)#exit host1(config)#interface serial 0/1...
Page 45: Configuring Channelized Ocx/Stmx Line Interfaces
Chapter 1: Planning Your Network host1(config-if)#pos framing sdh host1(config-if)#mtu 1600 host1(config-if)#mru 1600 host1(config-if)#pos scramble-atm Configuring Channelized OCx/STMx Line Interfaces The cOCx/STMx modules are generally used for circuit aggregration on the router. These line modules support the following controllers over OC3/STM1 or OC12/STM4, depending on the I/O module used with the line module: Fractional T1/E1 over SONET/SDH virtual tributaries or T3 Unframed E1...
Page 46: Configuring Ethernet Interfaces
JUNOSe 11.1.x System Basics Configuration Guide Configuring Ethernet Interfaces Ethernet interfaces support IP, PPPoE, multinetting (multiple IP addresses), and VLANs (subinterfaces). Ethernet modules use the Address Resolution Protocol (ARP) to obtain MAC addresses for outgoing Ethernet frames and support quality of service (QoS) classification.
Page 47: Configuring Data Link-Layer Interfaces
Chapter 1: Planning Your Network in JUNOSe Broadband Access Configuration Guide. Static tunnels, in which the tunnel is assigned to a particular interface and specified in slot/port format, are described in JUNOSe IP Services Configuration Guide. For information about managing these types of tunnels on the router, see JUNOSe Physical Layer Configuration Guide.
Page 48: Figure 10: Structure Of Frame Relay Protocols
JUNOSe 11.1.x System Basics Configuration Guide Figure 10 on page 18 shows the structure of the Frame Relay protocols with the physical layer as the foundation. For Frame Relay, the physical layer can be channelized E1, E3, channelized T1, T3, or a fractional service, as supported by the different line module ports.
Page 49: Configuring Ip/Atm
Chapter 1: Planning Your Network Configuring IP/ATM The router supports IP over ATM PVCs on ATM line modules. This support allows service providers to receive traffic from subscribers who have CPE equipment, such as routers with ATM interfaces, to take in traffic from other network devices that use ATM, such as DSLAMs, and to connect to service providers with ATM backbone structures.
Page 50: Configuring Ip/Ppp
JUNOSe 11.1.x System Basics Configuration Guide provides a frame-oriented interface to the ATM layer. The integrated local management interface (ILMI) provides local management across the UNI. Figure 14: Structure of ATM Protocol Figure 15 on page 20 shows sample configuration parameters for a typical ATM interface configuration.
Page 51: Figure 16: Ip/Ppp Connections From The Cpe On An E Series Router
Chapter 1: Planning Your Network Figure 16: IP/PPP Connections from the CPE on an E Series Router As shown in Figure 17 on page 21, the PPP protocol can exist directly on top of the HDLC layer or on top of a layer 2 Frame Relay or ATM interface. In either case, IP rides on top of PPP, providing support for IP/PPP/ATM, IP/PPP/HDLC, and IP/PPP/Frame Relay.
Page 52: Configuring Ip/Hdlc
JUNOSe 11.1.x System Basics Configuration Guide Configuring IP/HDLC The E Series router supports IP over Cisco HDLC on many types of serial interfaces. Cisco HDLC monitors line status on a serial interface by exchanging keepalive request messages with peer network devices. It also allows routers to discover IP addresses of neighbors by exchanging Serial Link Address Resolution Protocol (SLARP) address request and address response messages with peer network devices.
Page 53: Configuring Ip Tunnels, Shared Ip Interfaces, And Subscriber Interfaces
Chapter 1: Planning Your Network Figure 20: Example of IP over Ethernet Stacking Configuration Steps Configuring IP Tunnels, Shared IP Interfaces, and Subscriber Interfaces The E Series router supports IP tunnels, shared IP interfaces, and subscriber interfaces. Configuring IP Tunnels IP tunnels provide a way of transporting datagrams between routers separated by networks that do not support all the protocols that those routers support.
Page 54: Configuring Routing Protocols
JUNOSe 11.1.x System Basics Configuration Guide Configuring Routing Protocols After you have set up the interfaces on which IP traffic flows, you can configure the following routing protocols: IP multicast protocols IP multicasting allows a device to send packets to a group of hosts, rather than to a list of individual hosts.
Page 55: Configuring Vrrp
Chapter 1: Planning Your Network Configuring VRRP The Virtual Router Redundancy Protocol (VRRP) can prevent loss of network connectivity to end hosts if the static default IP gateway fails. By implementing VRRP, you can designate a number of routers as “ backup” routers in case the default “ master”...
Page 56: Configuring Policy Management
JUNOSe 11.1.x System Basics Configuration Guide For information about configuring QoS, see JUNOSe Quality of Service Configuration Guide. Configuring Policy Management Policy management allows network service providers to implement packet forwarding and routing specifically tailored to their customer’s requirements. Using policy management, customers can implement policies that selectively cause packets to take different paths.
Page 57 Chapter 1: Planning Your Network Configuration Protocol (DHCP). This method is particularly convenient for broadband (cable and DSL) environments or environments that use bridged Ethernet over ATM, because network operators can support one central system rather than an individual PPPoE client on each subscriber’s computer. See JUNOSe Broadband Access Configuration Guide.
Page 58 JUNOSe 11.1.x System Basics Configuration Guide Configuring Remote Access...
Page 59: Command-Line Interface
Chapter 2 Command-Line Interface This chapter provides information about the E Series router command-line interface (CLI). This chapter contains the following sections: Overview on page 29 Platform Considerations on page 48 Accessing the CLI on page 48 CLI Command Privileges on page 52 Using Help on page 63 Using Command-Line Editing on page 67 Accessing Command Modes on page 69...
Page 60: Figure 21: Command Mode Architecture
JUNOSe 11.1.x System Basics Configuration Guide Figure 21 on page 30 illustrates the command mode architecture. Only some of the many configuration modes are shown. Command modes are discussed in greater detail in the section “Accessing Command Modes” on page 69 . See the JUNOSe Command Reference Guide to find related command modes for any command.
Page 61: Command-Line Prompts
Chapter 2: Command-Line Interface Command-Line Prompts Within the CLI, the command-line prompt identifies both the hostname and the command mode. The hostname is the name of your router; the command mode indicates your location within the CLI system. For example: Keywords and Parameters CLI commands are made up of two primary elements: keywords and parameters.
Page 62: Parameters
JUNOSe 11.1.x System Basics Configuration Guide Parameters Parameters are often required elements of a command; however, for some commands, parameters are not required. A parameter is most often a value that you specify after the keyword. There are different types of parameters, such as strings, integers, or IP addresses.
Page 63: Using Cli Commands
Chapter 2: Command-Line Interface NOTE: You can find detailed information about command syntax, with parameter values defined, in the JUNOSe Command Reference Guide. Using CLI Commands This section introduces some useful shortcuts and command-related highlights. These include: Abbreviated Commands on page 33 The ? Key on page 33 Backspace or Delete on page 34 Enter on page 34...
Page 64: Backspace Or Delete
JUNOSe 11.1.x System Basics Configuration Guide When you enter the ? character, all available choices are displayed. The router again displays the command you typed. You then have to type in only the choice you want and press Enter. A <cr> in the list of choices means that you can press Enter to execute the command.
Page 65: The No Version
CLI ignores all subsequent input on that line. To be compatible with some non-Juniper Networks implementations, the no versions of commands will accept the same options as the affirmative version of the commands. The CLI ignores the optional input if it has no effect on the command behavior.
Page 66 JUNOSe 11.1.x System Basics Configuration Guide The only commands that cannot be preceded by run or do are the configure command and those commands that are already available in all modes, such as sleep or exit. Example 1 host1(config)#run show config | begin interface interface null 0 interface fastEthernet 0/0 ip address 10.6.129.41 255.255.128.0...
Page 67: Show Commands
Chapter 2: Command-Line Interface show Commands You have access to a variety of show commands that display router and protocol information. You can filter the output of a show command by specifying | (the UNIX pipe symbol), one of the following keywords, and either a case-sensitive text string or a regular expression.
Page 68 JUNOSe 11.1.x System Basics Configuration Guide arp timeout 21600 interface ip s10 arp timeout 21600 interface atm 2/0 no shutdown atm sonet stm-1 loopback line atm uni-version 3.0 atm oam loopback-location 0xFFFFFFFF atm vc-per-vp 32768 atm vp-tunnel 1 10 load-interval 300 no atm snmp trap link-status no atm shutdown no atm aal5 snmp trap link-status...
Page 69 Chapter 2: Command-Line Interface bandwidth oversubscription ip domain-lookup ip name-server 10.2.0.3 ip domain-name 789df interface ip 0/0 interface ip 2/0 interface ip s10 ip address 10.13.5.61 255.255.255.0 no ip proxy-arp no ip directed-broadcast ip redirects ip route 0.0.0.0 0.0.0.0 10.13.5.1 ip debounce-time 0 ip source-route no ip ftp source-address...
Page 70: Redirection Of Show Command Output
JUNOSe 11.1.x System Basics Configuration Guide no aaa new-model no service ctrl-x-reboot no service password-encryption no baseline show-delta-counts clock timezone UTC 0 0 no exception dump exception protocol ftp anonymous null controller sonet 2/0 loopback network clock source line no shutdown path 0 overhead j1 msg hello path 0 overhead j1 exp-msg ftp-server enable...
Page 71: Regular Expressions
Chapter 2: Command-Line Interface Table 4: Redirect Operators (continued) Redirect Operator &> Redirects output to the specified file, overwriting the file if it already exists, and displays the output on the screen. The redirection is synchronized with the screen display; for example, if a --More-- prompt appears, the redirection halts until you take further action.
Page 72: Table 5: Supported Regular Expression Metacharacters
JUNOSe 11.1.x System Basics Configuration Guide Metacharacters Table 5 on page 42 describes the metacharacters supported for regular expression pattern-matching. Table 5: Supported Regular Expression Metacharacters Metacharacter Description Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ] matches any number except the ones specified within the brackets.
Page 73: The - -More- - Prompt
! Configuration script being generated on FRI AUG 04 2006 12:48:48 UTC ! Juniper Edge Routing Switch ERX-700 ! Version: 7.3.0 beta-1.6 [BuildId 5672] (July 11, 2006 11:58) ! Copyright (c) 1999-2006 Juniper Networks, Inc. All rights reserved. boot config running-configuration boot system erx_7-3-0.rel...
Page 74 ! Configuration script being generated on FRI AUG 04 2006 12:48:48 UTC ! Juniper Edge Routing Switch ERX-700 ! Version: 7.3.0 beta-1.6 [BuildId 5672] (July 11, 2006 11:58) ! Copyright (c) 1999-2006 Juniper Networks, Inc. All rights reserved. boot config running-configuration boot system erx_7-3-0.rel boot config running-configuration boot system 3-3.1.rel...
Page 75 ! Configuration script being generated on FRI AUG 04 2006 12:48:48 UTC ! Juniper Edge Routing Switch ERX-700 ! Version: 7.3.0 beta-1.6 [BuildId 5672] (July 11, 2006 11:58) ! Copyright (c) 1999-2006 Juniper Networks, Inc. All rights reserved. boot config running-configuration boot system erx_7-3-0.rel boot config running-configuration boot system 3-3.1.rel...
Page 76: Responding To Prompts
JUNOSe 11.1.x System Basics Configuration Guide exec-banner motd-banner timeout login response 30 data-character-bits 8 no login log engineering log verbosity low no log severity log verbosity low NameResolverLog log verbosity low aaaAtm1483Cfg log verbosity low aaaEngineGeneral log verbosity low aaaServerGeneral log verbosity low aaaUserAccess log verbosity low addressServerGeneral log verbosity low atm...
Page 77: Cli Status Indicators
Chapter 2: Command-Line Interface NOTE: The system’s CLI supports a powerful command-line editor, enabling you to easily correct, edit, and recall previously entered commands. For more information, see “Using Command-Line Editing” on page 67. For a description of the commands that you use to get around the CLI, see “Managing the System”...
Page 78: Levels Of Access
JUNOSe 11.1.x System Basics Configuration Guide Levels of Access The CLI has two levels of access: user and privileged. User Level User level allows you only to view a router’s status. This level restricts you to User Exec mode. Privileged Level Privileged level allows you to view a router configuration, change a configuration, and run debugging commands.
Page 79: Privileged-Level Access
Chapter 2: Command-Line Interface NOTE: The vty session factory default is 5. Use the line command to configure up to a maximum of 30 vtys. The configured vtys are shared among all types of connections; for example, if you configure 7 vtys, then no more than a total of 7 SSH plus FTP plus Telnet sessions can simultaneously exist on the router.
Page 80: Accessing The Privileged Exec Level
1 and 0 10 Allows you to execute all commands except support commands, which may be provided by Juniper Networks Customer Service, or the privilege command to assign privileges to commands 15 Allows you to execute support commands and assign privileges to commands For information about how to set individual command levels, see “CLI Command...
Page 81: Moving From Privileged Exec To User Exec Mode
Chapter 2: Command-Line Interface Set a password for this mode by using either the enable password or the enable secret command in Global Configuration mode. This protects the system from any unauthorized use. Once a password is set, anyone trying to use Privileged Exec mode will be asked to provide the password.
Page 82: Logging Out
JUNOSe 11.1.x System Basics Configuration Guide host1#disable host1> Example 2 host1#show privilege Privilege level is 10 host1#disable 5 host1#show privilege Privilege level is 5 There is no no version. See disable. Logging Out You can log out of the CLI from either the User Exec and Privileged Exec modes by entering the exit command.
Page 83: Examples Using Privilege Group Membership
Chapter 2: Command-Line Interface Privilege group 0 is not a member of any group and you cannot assign member groups to it, but it is reachable from every privilege group. Numbers in the range 0 15 identify the 16 privilege groups. Each of the 16 groups can have a name or an alias.
Page 84 JUNOSe 11.1.x System Basics Configuration Guide Privilege group 15 contains two groups: 14 and 10. The privilege groups 0, 1, 2, 4, 5, 6, 7, 8, 9, 10, and 14 are reachable from privilege group 15. A user at privilege 15 does not have access to commands in privilege groups 11, 12, or 13.
Page 85 Chapter 2: Command-Line Interface Example 7 host1(config)#privilege-group membership clear dailyAdmin host1(config)#privilege-group membership dailyAdmin add dailyTroll In Example 7, privilege group 10 alias dailyAdmin has one member: privilege group 6 alias dailyTroll. host1(config)#no privilege-group membership 9 Example 8 Example 8 reverts one privilege group membership to its default setting. Prior to the execution of this command, the following group memberships were in place: group member...
Page 86 JUNOSe 11.1.x System Basics Configuration Guide 0 1 2 3 basicUser 0 1 2 3 4 dailyTroll 0 1 2 3 4 5 weekendAdmin 0 14 dailyAdmin 0 1 2 3 4 5 6 0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5 6 10 superUser...
Page 87: Cli Command Exceptions
Chapter 2: Command-Line Interface NOTE: You must access the CLI at privilege level 15 to view or use this command. privilege privilege-group alias Use to give the privilege group name alias to the privilege group. Example host1(config-if)#privilege-group alias Use the no version to remove the privilege group alias. See privilege-group alias.
Page 88: Cli Keyword Mapping
JUNOSe 11.1.x System Basics Configuration Guide help privilege support CLI Keyword Mapping You cannot change the privilege level of keywords that are separated from the command string by a parameter in the command sequence. In other words, once the privilege algorithm reaches a parameter, the privilege algorithm that maps the commands to the desired privilege level stops and allows any keyword options that may follow in the command sequence.
Page 89: Setting Privilege Levels For No Or Default Versions
Chapter 2: Command-Line Interface When you enter an ambiguous command and an exact match of the command is found, partial matches are ignored and are not modified. For example, the traffic-class and traffic-class-group commands are available in Global Configuration mode. If you issue the privilege configure level 5 traffic-class command, an exact match is made to traffic-class, and traffic-class-group is not modified.
Page 90: Setting Privilege Levels For A Group Of Commands
JUNOSe 11.1.x System Basics Configuration Guide Setting Privilege Levels for a Group of Commands You can set the privilege level for a group of commands by using the beginning keyword in a command. For example, if you issue the privilege configure all level 5 snmp command, all commands in Global Configuration mode that begin with snmp become accessible to users who have CLI privileges at level 5 and higher.
Page 91: Superseding Privilege Levels With The All Keyword
Chapter 2: Command-Line Interface Superseding Privilege Levels with the all Keyword Issuing the all keyword supersedes privilege levels that were previously set without the all keyword. In the following example, the snmp-server-community command is set to level 7, and the snmp keyword is set to level 6. The privilege level of the snmp keyword does not override the snmp-server community setting, because both of these commands are set without the all keyword.
Page 92: Viewing Cli Privilege Information
JUNOSe 11.1.x System Basics Configuration Guide or on one or more vty lines host1(config)#line vty 0 12 host1(config-line)# NOTE: The latter command configures vty lines 0 to 12. Specify a starting privilege level for the line or lines. host1(config-line)#privilege level 5 The default privilege level for the specified line (or lines) changes.
Page 93: Viewing Privilege Levels For All Connected Users
Chapter 2: Command-Line Interface There is no no version. See show privilege. Viewing Privilege Levels for All Connected Users Use the show users detail command to view the privilege levels for all users currently connected to the router. See “Monitoring the FTP Server” on page 312 for information about the show users detail command.
Page 94: (Question Mark Key)
JUNOSe 11.1.x System Basics Configuration Guide or the lack of a space before the ? gives different results. Table 6 on page 64 describes the help system. Table 6: Help Commands Command Description Lists all keywords applicable to the current command mode help Displays a brief description of the help system (available in all command modes)
Page 95 Chapter 2: Command-Line Interface exception Configure core dump exclude-subsystem Exclude copying a subsystem from the release exit Exit from the current command mode ftp-server Configure FTP Server characteristics help Describe the interactive help system host Add/modify an entry to the host table hostname Set the host (system) name interface...
Page 96: Help Command
JUNOSe 11.1.x System Basics Configuration Guide multicast-routing Enable IP multicast forwarding name-server Configure DNS server Configure PIM Protocol prefix-list Configure a prefix list entry prefix-tree Configure a prefix tree entry route Define a static IP route router-id Configure the router-id to be used rpf-route Define a static IP route for mcast RPF check source-route...
Page 97: Using Command-Line Editing
Chapter 2: Command-Line Interface Tab, and your terminal beeps, then you have not typed enough characters to be unambiguous. host1(config)#int<Tab> host1(config)#interface Using Command-Line Editing This section provides information about the command-line editor. Basic Editing Here are a few basic command-line editing notes: Case Keywords are not case sensitive;...
Page 98: Command History Keys
JUNOSe 11.1.x System Basics Configuration Guide Table 7: Command-Line Editing Keys (continued) Key(s) Function Ctrl+o Toggles overwrite/insert mode Ctrl+q Resumes a Telnet or console session; use if the Telnet or console session appears frozen or unresponsive Ctrl+s Suspends a Telnet or console session Ctrl+t Transposes character to left of cursor with character located at cursor Ctrl+u...
Page 99: Pagination Keys
Chapter 2: Command-Line Interface Table 8: Command History Keys Function Up Arrow or Ctrl+p Recalls commands in history buffer, starting with most recent command. Repeat key sequence to recall successively older commands. Down Arrow or Returns to more recent commands in history buffer after recalling Ctrl+n commands with Up Arrow or Ctrl+p.
Page 100: Table 10: Command Mode Overview
JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview Mode Name Use of Mode Access to Mode Exit from Mode AAA Profile Configure new AAA From Global Use the exit command to Configuration profiles. Configuration mode, return to Global Configuration use aaa-profile mode.
Page 101 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Classifier Group Configure classifier To create a classifier Use the exit command twice to Configuration groups with policy group, from Policy List return to Global Configuration rules used for policy Configuration mode use...
Page 102 JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Domain Map Configure domain From Global Use the exit command once to Configuration maps. Configuration mode, return to Global Configuration use the aaa mode.
Page 103 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Flow Cache Configure parameters From Global Use the exit command once to Configuration for the aggregation Configuration Mode, return to Global Configuration cache.
Page 104 JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode IP Service Profile Create a service profile From Global Use the exit command once to Configuration to use in route maps Configuration mode, return to Global Configuration for subscriber...
Page 105 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode IPSec Peer Public Key Enter an ISAKMP/IKE From Global Use the exit command once to Configuration public key that a Configuration mode, return to Global Configuration remote peer uses for...
Page 106 JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode L2 Transport Configure Martini layer From Global Use the exit command once to Load-Balancing-Circuit 2 transport circuit Configuration mode, return to Global Configuration Configuration...
Page 107 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Layer 2 Control Neighbor Configure ANCP (L2C) From Layer 2 Use the exit command twice to Configuration neighbor parameters. Configuration mode, return to Global Configuration use the neighbor...
Page 108 JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Map Class Configuration Specify fragmentation From Global Use the exit command once to for a map class. Configuration mode, return to Global Configuration specify the map-class...
Page 109 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Policy Parameter Configure a policy From Global Use the exit command once to Configuration parameter. Configuration mode, return to Global Configuration use the mode.
Page 110 JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode QoS Interface Superet Configure QoS From Global Use the exit command once to Configuration interface supersets. Configuration mode, return to Global Configuration use the mode.
Page 111 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode RADIUS Configuration Configure Broadband From Global Use the exit command once to Remote Access Server Configuration mode, return to Global Configuration (B-RAS) parameters.
Page 112 JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Route Map Configuration Configure routing From Global Use the exit command once to tables and source and Configuration mode, return to Global Configuration destination...
Page 113 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Service Session Profile Configure attributes for From Global Use the exit command twice to Configuration Service Manager Configuration mode, return to Global Configuration service session profiles.
Page 114 JUNOSe 11.1.x System Basics Configuration Guide Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Subscriber Policy Configure a nondefault From Global Use the exit command once to Configuration subscriber policy for a Configuration mode, return to Global Configuration subscriber (client)
Page 115 Chapter 2: Command-Line Interface Table 10: Command Mode Overview (continued) Mode Name Use of Mode Access to Mode Exit from Mode Tunnel Profile Configure tunnel From Global Use the exit command once to Configuration profile parameters. Configuration mode, return to Global Configuration specify the mpls mode.
Page 116: Exec Modes
JUNOSe 11.1.x System Basics Configuration Guide NOTE: Within any configuration mode, the commands that are available to the user include the commands defined for that configuration mode and all commands defined for Global Configuration mode. See Figure 21 on page 30. For example, from Router Configuration mode, you could use the interface Global Configuration mode command without first explicitly going back to Global Configuration mode.
Page 117: Password Protection
Chapter 2: Command-Line Interface Set operating parameters. Gain access to Global Configuration mode. Password Protection If the system administrator has configured the system to have a password, the CLI prompts you to enter that password before you receive access to Privileged Exec mode.
Page 118: Global Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide redundancy Perform a redundancy action reload Halt and perform a cold restart rename Rename a local file send Send a message to specified lines show Display system information sleep Make the Command Interface pause for a specified duration Perform SRP operations synchronize...
Page 119: Aaa Profile Configuration Mode
Chapter 2: Command-Line Interface NOTE: The filename must end with an .scr extension, and the file must contain a series of valid CLI commands. The file can be a local file on the router or a remote file on a host system. Press y or Enter to confirm;...
Page 120: Atm Vc Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide host1(config)#router rip 100 host1(config-router)#address-family ? ipv4 Configure IPv4 address family ATM VC Configuration Mode In this mode, you can configure individual attributes for an ATM data PVC. These attributes include the service category, encapsulation method, Inverse Address Resolution Protocol (Inverse ARP), and F5 Operation, Administration, and Management (OAM) parameters.
Page 121: Classifier Group Configuration Mode
Chapter 2: Command-Line Interface host1(config)#vc-class atm premium-subscriber-class host1(config-vc-class)#? Configure the Constant Bit Rate (CBR) service class default Set a command to its default(s) Run an exec mode command (alias command run) encapsulation Configure the ATM encapsulation exit Exit from the current command mode help Describe the interactive help system inarp...
Page 122: Control Plane Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide From Rate Limit Profile Configuration mode, type the color-mark-profile command and specify a profileName, and then press Enter. host1(config-rate-limit-profile)# mpls color-mark-profile myprofile host1(config-color-mark-profile)#? default Set a command to its default(s) Run an exec mode command (alias command run) exit Exit from the current command mode green-mark...
Page 123: Dhcp Local Pool Configuration Mode
Chapter 2: Command-Line Interface DHCP Local Pool Configuration Mode In this mode, you can configure DHCP local pools. For example, you can specify a DNS or NetBIOS server. From Global Configuration mode, type the command ip dhcp-local pool and a poolName, and then press Enter.
Page 124: Domain Map Tunnel Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide Negate a command or set its default(s) override-user Configure the username and password values to use instead of the values from the remote client padn Configure pppoe active discovery network parameters for the domain name router-name Configure the virtual-router for the domain name Run an exec mode command (alias command do)
Page 125: Drop Profile Configuration Mode
Chapter 2: Command-Line Interface Negate a command or set its default(s) priority Specify the priority protocol Specify the protocol Run an exec mode command (alias command do) sleep Make the Command Interface pause for a specified duration Configure usagehost1(config-dos-protection-group)#? Drop Profile Configuration Mode In this mode, you can configure drop profiles for QoS.
Page 126: Flow Cache Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide Flow Cache Configuration Mode In this mode, you can configure parameters for the aggregation cache. From Global Configuration mode, type the ip flow-aggregation cache command and press Enter. host1(config)#ip flow-aggregation cache host1(config-flow-cache)#? cache Configure Flow Stats cache parameters default Set a command to its default(s) Run an exec mode command (alias command run)
Page 127: Ip Nat Pool Configuration Mode
Chapter 2: Command-Line Interface Some Interface Configuration commands can affect general interface parameters, such as bandwidth and clock rate. For interface-specific commands, such as commands for ATM interfaces, see the appropriate chapter in this documentation set. NOTE: Although it appears in the list of configurable interfaces, you cannot configure any values on a null interface.
Page 128: Ip Service Profile Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide IP Service Profile Configuration Mode In this mode, you can specify the information that the system uses in creating IP service profiles. From Global Configuration mode, type ip service-profile and the service profile name, and press Enter. host1(config)#ip service-profile radius host1(config-service-profile)#? default...
Page 129: Ipsec Ike Policy Configuration Mode
Chapter 2: Command-Line Interface host1(config)#ipsec identity host1(config-ipsec-identity)#? common-name Common Name country Country name default Set a command to its default(s) Run an exec mode command (alias command run) domain-name Domain name exit Exit from the current command mode help Describe the interactive help system Configure logging settings macro Run a CLI macro...
Page 130: Ipsec Peer Public Key Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide masked-key Enter a masked key (not for manual entry, show config generates) Negate a command or set its default(s) Run an exec mode command (alias command do) sleep Make the Command Interface pause for a specified duration IPSec Peer Public Key Configuration Mode In this mode, you can configure the ISAKMP/IKE public key that a remote peer uses for RSA authentication during the tunnel establishment phase without the need for...
Page 131: Ip Tunnel Destination Profile Mode
Chapter 2: Command-Line Interface From Global Configuration mode, type ipsec tunnel profile and the profileName, and press Enter. host1(config)#ipsec tunnel profile profile1 host1(config-ipsec-tunnel-profile)#? default Set a command to its default(s) Run an exec mode command (alias command run) domain-suffix Configure a domain suffix to be appended to users on this profile exit Exit from the current command mode...
Page 132: Ipv6 Local Pool Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide macro Run a CLI macro Negate a command or set its default(s) profile Assign a profile Run an exec mode command (alias command do) sleep Make the Command Interface pause for a specified duration tunnel Configure a tunnel parameter IPv6 Local Pool Configuration Mode...
Page 133: L2Tp Destination Profile Configuration Mode
Chapter 2: Command-Line Interface L2TP Destination Profile Configuration Mode In this mode, you can create the destination profile that defines the location of an L2TP Access Concentrator (LAC) and define the attributes used when an L2TP Network Server (LNS) communicates with an LAC. The destination is necessary to enable an LAC to connect to the LNS.
Page 134: Layer 2 Control Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide From Global Configuration mode, type the l2tp switch-profile command followed by an alphanumeric profile name of up to 64 characters, and press Enter. host1(config)#l2tp switch-profile concord host1(config-l2tp-tunnel-switch-profile)#? Configure AVP behavior default Set a command to its default(s) Run an exec mode command (alias command run) exit Exit from the current command mode...
Page 135: Ldp Configuration Mode
Chapter 2: Command-Line Interface LDP Configuration Mode In this mode, you can create and configure MPLS Label Distribution Protocol (LDP) profile parameters. From Global Configuation mode, type mpls ldp interface profile and the profileName, and press Enter. host1(config)#mpls ldp interface profile shell host1(config-ldp)#? default Set a command to its default(s)
Page 136: Local Ipsec Transport Profile Configuration
JUNOSe 11.1.x System Basics Configuration Guide NOTE: The privilege command is available in Line Configuration mode when the user is logged in at privilege level 15. For more information, see “Privileged-Level Access” on page 49 and “CLI Command Privileges” on page 52 . Local IPSec Transport Profile Configuration In this mode, you can configure preshared IKE keys for IPSec transport profiles.
Page 137: Map Class Configuration Mode
Chapter 2: Command-Line Interface Map Class Configuration Mode In this mode, you can specify Frame Relay End-to-End fragmentation and reassembly for a map class. Optionally, you can specify the maximum payload size of a fragment or specify fragmentation only or reassembly only. From Global Configuration mode, type the map-class frame-relay command and the mapClassName you want to configure, and press Enter.
Page 138: Policy List Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide help Describe the interactive help system Configure logging settings macro Run a CLI macro next-parent Specify the next parent group to call in hierarchy Negate a command or set its default(s) rate-limit-profile Specify a hierarchical rate limit profile Run an exec mode command (alias command do) sleep Make the Command Interface pause for a specified...
Page 139: Policy Parameter Configuration Mode
Chapter 2: Command-Line Interface host1(config)#policy-list grouppol1 host1(config-policy-list)#parent-group group1 host1(config-policy-list-parent-group)#? default Set a command to its default(s) Run an exec mode command (alias command run) exit Exit from the current command mode help Describe the interactive help system Configure logging settings macro Run a CLI macro Negate a command or set its default(s)
Page 140: Profile Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide service Configure service-name table entries sleep Make the Command Interface pause for a specified duration Profile Configuration Mode In this mode, you can configure a profile to subsequently configure dynamic IP interfaces. From Global Configuration mode, type the profile command followed by a profile name of up to 80 characters, and press Enter.
Page 141: Qos Parameter Definition Configuration Mode
Chapter 2: Command-Line Interface From Global Configuration mode, type the qos-interface-superset command followed by an interfaceSupersetName, and press Enter. host1(config)#qos-interface-superset voice host1(config-interface-set)#? default Set a command to its default(s) Run an exec mode command (alias command run) exit Exit from the current command mode help Describe the interactive help system Configure logging settings...
Page 142: Qos Shared Shaper Control Configuration
JUNOSe 11.1.x System Basics Configuration Guide atm-vc ATM-VC interface bridge Bridge interface default Set a command to its default(s) Run an exec mode command (alias command run) ethernet Ethernet interface exit Exit from the current command mode fr-vc Frame Relay subinterface help Describe the interactive help system IP interface...
Page 143: Radius Configuration Mode
Chapter 2: Command-Line Interface From Global Configuration mode, type the queue-profile command followed by a queueProfileName, and press Enter. host1(config)#queue-profile testabcd1234 host1(config-queue)#? buffer-weight Set drop threshold in proportion to this weight committed-length Set min and max constraints for committed threshold conformed-fraction Set conformed threshold as a percentage of committed conformed-length...
Page 144: Rate Limit Profile Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide From Global Configuration mode, type either the radius relay authentication server or radius relay accounting server command, and press Enter. host1(config)#radius authentication server radius authentication serverhost1(config-radius-relay)#? default Set a command to its default(s) Run an exec mode command (alias command run) exit Exit from the current command mode help...
Page 145: Redundancy Configuration Mode
Chapter 2: Command-Line Interface Run an exec mode command (alias command do) sleep Make the Command Interface pause for a specified duration Redundancy Configuration Mode In this mode, you can activate high availability (SRP switchover) by issuing the mode high-availability command. From Global Configuration mode, type the redundancy command and press Enter.
Page 146: Route Map Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide Route Map Configuration Mode In this mode, you can create and modify route maps. From Global Configuration mode, type the route-map command and the appropriate routeMapNumber, and press Enter. host1(config)#route-map unis889 host1(config-route-map)#? default Set a command to its default(s) Run an exec mode command (alias command run) exit Exit from the current command mode...
Page 147: Rsvp Configuration Mode
Chapter 2: Command-Line Interface redistribute Configure the redistribution of routing information from another protocol rib-out Configure rib-out storage for all BGP peers Run an exec mode command (alias command do) sleep Make the Command Interface pause for a specified duration synchronization Enable synchronization with the IGP table-map...
Page 148: Scheduler Profile Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide Run an exec mode command (alias command do) samples-of-history-kept Specify the maximum history samples sleep Make the Command Interface pause for a specified duration Specify the user defined tag timeout Specify the operation timeout Specify a value for the ToS byte type Specify the type of the entry...
Page 149: Snmp Event Manager Configuration Mode
Chapter 2: Command-Line Interface SNMP Event Manager Configuration Mode In this mode, you can configure certain SNMP triggers for events, what occurs when an event is triggered, resource limits for triggers, and some trap notification options. From Global Configuration mode, type the snmp-server management-event command and then press Enter.
Page 150: Subscriber Policy Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide Both ATM and Frame Relay provide permanent virtual circuits (PVCs) that can be grouped under separate subinterfaces configured on a single physical interface. Subinterfaces allow multiple encapsulations for a protocol on a single interface. From Interface Configuration mode, indicate a subinterface by typing the interface command and an interfaceSpecifier in slot/port.subinterface format, and then press Enter.
Page 151: Traffic Class Group Configuration Mode
Chapter 2: Command-Line Interface exit Exit from the current command mode fabric-strict-priority Allow packets in this class to be dequeued out of the fabric ahead of other traffic classes help Describe the interactive help system Configure logging settings macro Run a CLI macro Negate a command or set its default(s) Run an exec mode command (alias command do) sleep...
Page 152: Tunnel Profile Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide From Tunnel Group Configuration mode, type tunnel and the tag number (in the range 1–31) for the tunnel, and press Enter. host1(config-tunnel-group)#tunnel 1 host1(config-tunnel-group-tunnel)#? address Configure tunnel endpoint address client-name Configure the client hostname of the tunnel default Set a command to its default(s) Run an exec mode command (alias command run)
Page 153: Vrf Configuration Mode
Chapter 2: Command-Line Interface Run an exec mode command (alias command run) exit Exit from the current command mode help Describe the interactive help system Configure logging settings macro Run a CLI macro max-interfaces Configure maximum number of tunnel-server interfaces for dynamic server port Negate a command or set its default(s) Run an exec mode command (alias command do)
Page 154 JUNOSe 11.1.x System Basics Configuration Guide Run an exec mode command (alias command do) sleep Make the Command Interface pause for a specified duration support Enter Support mode Accessing Command Modes...
Page 155: Chapter 3 Installing Junose Software
(SRP) module. Each SRP module is shipped with an NVS card that contains a software release. Each SRP module is shipped with an NVS card that contains a software release. New software releases are available for download from the Juniper Networks website at . You can use http://www.juniper.net/customers/support the downloaded image bundle to create your own software CDs.
Page 156: Identifying The Software Release File
Module Guide for module specifications. Identifying the Software Release File You can find the software release file in the software image bundle that you can download from the Juniper Networks website at http://www.juniper.net/customers/support The .zip file that you download contains the software release file.
Page 157: Platform Considerations
Chapter 3: Installing JUNOSe Software Platform Considerations You can install JUNOSe software on all E Series routers. For information about the modules supported on E Series routers: See the ERX Module Guide for modules supported on ERX7xx models, ERX14xx models, and the ERX310 router. See the E120 and E320 Module Guide for modules supported on the E120 and E320 routers.
Page 158: Task 2: Divert Network Traffic To Another Router
JUNOSe 11.1.x System Basics Configuration Guide The password (if one is configured) that enables you to access Privileged Exec mode on the router The IP address of the network host The IP address of the router The IP address of the next hop to reach the destination network (for example, a gateway) The login name and password for the vty line The procedure for copying the release files to the network host...
Page 159: Task 5: Copy The Release Files To The Network Host
Press Ctrl+z to return to Privileged Exec mode. Task 5: Copy the Release Files to the Network Host If you downloaded the software from the Juniper Networks website as a .zip file, uncompress the files to a directory, and copy the release files to the network host.
Page 160: Task 7: Enable The Ftp Server On The Router
Juniper Networks website. The software release file contains a list of all the files associated with the release. You must transfer the software release file and all the files it contains to the user space.
Page 161: Task 9: Transfer Files To The User Space
Chapter 3: Installing JUNOSe Software Task 9: Transfer Files to the User Space To transfer the files for the release to the user space, use the FTP client software on the network host to connect to the FTP server on the router. Transfer the files to a subdirectory within the incoming directory.
Page 162: Installing Software When A Firewall Does Not Exist
JUNOSe 11.1.x System Basics Configuration Guide host1(config)#boot system erx_x-y-z.rel The following message appears when you issue this command: WARNING: We recommend that you copy the current running-configuration to a file prior to reloading a different release of software. Press Ctrl+z to return to Privileged Exec mode. Verify that the router is ready to boot with the new software release.
Page 163: Task 1: Obtain The Required Information
Chapter 3: Installing JUNOSe Software Table 13: Software Installation Procedure When a Firewall Does Not Exist Obtain the required information for the installation. For routers that are currently operating, divert network traffic to another router. Access the Privileged Exec CLI command mode. Configure IP on an interface.
Page 164: Task 5: Configure Access To The Network Host
JUNOSe 11.1.x System Basics Configuration Guide Determine the port number of the module. Determine whether the interface already has an IP address. On ERX7xx models, ERX14xx models, and the ERX310 router: host1#show ip interface fastEthernet 6/0 On the E120 and E320 routers: host1#show ip interface fastEthernet 6/0/0 NOTE: If an IP interface is not configured, an Invalid interface message appears.
Page 165: Task 6: Copy The Release Files To The Network Host
Task 6: Copy the Release Files to the Network Host If you downloaded the software from the Juniper Networks website as a .zip file, uncompress the files to a directory, and copy the release files to the network host.
Page 166: Task 8: Save The Current Configuration
JUNOSe 11.1.x System Basics Configuration Guide NOTE: The destination file must have a .rel extension. For example: host1#copy hostname:/cdrom/x-y-z/erx_x-y-z.rel erx_x-y-z.rel The software release is copied from the network host to the router. This process can take several minutes. Task 8: Save the Current Configuration To save the current configuration, use the copy running-configuration command: host1#copy running-configuration filename.cnf Task 9: Reboot the System...
Page 167: Installing Software In Boot Mode
Chapter 3: Installing JUNOSe Software The system reboots. The reboot might take longer than normal because line modules initialize with the old version of the software, acquire the new version from the SRP module, and reinitialize. When you observe the LEDs on the line modules, the line modules appear to boot twice.
Page 168: Task 4: Assign An Ip Address
Task 7: Copy the Release Files to the Network Host If you downloaded the software from the Juniper Networks website as a .zip file, uncompress the files to a directory, and copy the release files to the network host.
Page 169: Task 8: Copy The Software Release File To The Router
Chapter 3: Installing JUNOSe Software If you are accessing the release files from one of the software CDs that you created from the compressed image bundle that you downloaded from the website, you must mount the CD. The way you mount the CD on the network host depends on the type of network host you use, the operating system, and the way your network is configured.
Page 170: Copying Release Files From One Router To Another
JUNOSe 11.1.x System Basics Configuration Guide Copying Release Files from One Router to Another When you have copied the release files from a network host to one router, you can transfer files from that router to other routers on the network. This feature is useful when: The other routers are unreachable from the network host but have network connectivity to the router on which you installed the new software.
Page 171 Chapter 3: Installing JUNOSe Software To upgrade the software on a system that is operational and contains two SRP modules: Turn off autosynchronization. host1(config)#disable-autosync Copy the new release of the software to NVS of the primary SRP module. Be sure to specify the correct software release (.rel) filename for the router you are using, as described in “Identifying the Software Release File”...
Page 172: Upgrading From Release 5.1.1 Or Lower-Numbered Releases
JUNOSe 11.1.x System Basics Configuration Guide Wait for the redundant SRP module to boot, initialize, and reach the standby state. When the module is in standby state, the REDUNDANT LED is on and the ONLINE LED is off. The State field in the show version display indicates the module is in standby.
Page 173: Upgrading Software Remotely Through Telnet Or Ftp
Chapter 3: Installing JUNOSe Software “Upgrading Software Remotely Through Telnet or FTP” on page 143 “Upgrading Software from an NVS Card” on page 143 Upgrading Software Remotely Through Telnet or FTP Follow these steps to upgrade your system software remotely: Copy the new release to your system (using Telnet of FTP).
Page 174: Upgrading A System That Contains Two Srp Modules
JUNOSe 11.1.x System Basics Configuration Guide Upgrading a System That Contains Two SRP Modules In a system that contains two SRP modules, you can upgrade the software without powering off the system. To upgrade the software in a system that contains two SRP modules: Connect your antistatic wrist strap to the ESD grounding jack on your router.
Page 175 Chapter 3: Installing JUNOSe Software CAUTION: We do not recommend that you attempt to downgrade JUNOSe software without the assistance of a Juniper Technical Assistance Center representative. Contact the Juniper Technical Assistance Center to obtain help. Downgrading JUNOSe Software...
Page 176 JUNOSe 11.1.x System Basics Configuration Guide Downgrading JUNOSe Software...
Page 177: Chapter 4 Configuring Snmp
Chapter 4 Configuring SNMP This chapter provides information for configuring Simple Network Management Protocol (SNMP) on your E Series router. This chapter contains the following sections: Overview on page 147 Platform Considerations on page 156 References on page 157 Before You Configure SNMP on page 157 SNMP Configuration Tasks on page 158 Configuring Traps on page 167 Configuring the SNMP Server Event Manager on page 177...
Page 178: Terminology
JUNOSe 11.1.x System Basics Configuration Guide An SNMP server (agent) A Management Information Base (MIB) SNMP defines a client-server model in which a client (manager) obtains information from the server (agent) through two mechanisms: A request/response protocol by which the client configures and monitors the server.
Page 179: Snmp Features Supported
Chapter 4: Configuring SNMP Table 16: SNMP Terminology (continued) Term Meaning user SNMPv3 term; an individual who accesses the router view SNMPv3 term; defines the management information available to the user: read, write, or notification SNMP Features Supported This SNMP implementation provides the following: Standard SNMP MIB support for services and interfaces as defined by the Internet Engineering Task Force (IETF) A set of AS number version 1 notated enterprise MIBs for all management...
Page 180: Snmp Server
Accessing Supported SNMP MIBs For complete information about the SNMP MIBs supported by your router, see the software image bundle that is available for downloading from the Juniper Networks website. In the MIBs folder you will find information about all supported standard and Juniper Networks E Series Enterprise (proprietary) MIBs.
Page 181: Security Features
Chapter 4: Configuring SNMP SNMPv2c (Community-based SNMPv2, defined in RFC 1901 and RFC 3416) SNMPv3 (compliant with RFCs 3410–3418, STD 62) The server encodes SNMP responses using the same SNMP version received in the corresponding request and encodes traps using the SNMP version configured for the trap recipient.
Page 182: Management Features
JUNOSe 11.1.x System Basics Configuration Guide access list, if nonzero, is used to validate the IP address. If the access list number is zero, the IP address is accepted. A nonmatching community or an invalid IP address causes an SNMP authentication error. Each entry in the community table identifies: An SNMP community name An SNMP view name A user’s privilege level...
Page 183: Virtual Routers
Chapter 4: Configuring SNMP Table 17: Relationship Among Groups, Security Levels, and Views (continued) Notification/ Group Name Security Level Read View Write View Trap View private authentication user user user only Virtual Routers All SNMP-related CLI commands operate in the context of a virtual router, which means that you must configure users, traps, communities, and so on for each server.
Page 184: Disabling And Reenabling Snmp Proxy
JUNOSe 11.1.x System Basics Configuration Guide Disabling and Reenabling SNMP Proxy The ability to proxy SNMP from a virtual router (VR) is enabled by default whenever you create a virtual router agent. However, you can disable or reenable the proxy feature on each virtual router agent to address any network security issues.
Page 185: Snmp Attributes
Chapter 4: Configuring SNMP range 1–16777215, corresponding to the least significant 24 bits of the 32-bit router index (or router UID). You can obtain the contextName for a specific router through the Juniper-ROUTER-MIB from the juniRouterContextName object in the juniRouterTable, which is indexed by the 32-bit router index (juniRouterIndex). The following table shows examples of the E Series router SNMP engine objects that are associated with the default virtual router.
Page 186: Snmp Pdu Types
JUNOSe 11.1.x System Basics Configuration Guide Table 20: SNMP Operations SNMP Operation Definition Allows the client to retrieve an object instance from the server. GetNext Allows the client to retrieve the next object instance from a table or list within a server.
Page 187: References
Chapter 4: Configuring SNMP See the ERX Module Guide for modules supported on ERX7xx models, ERX14xx models, and the ERX310 router. See the E120 and E320 Module Guide for modules supported on the E120 router and the E320 router. References For more information about SNMP, consult the following resources: RFC 1157 A Simple Network Management Protocol (SNMP) (May 1990) RFC 1901 Introduction to Community-based SNMPv2 (January 1996)
Page 188: Snmp Configuration Tasks
JUNOSe 11.1.x System Basics Configuration Guide SNMP Configuration Tasks To configure the SNMP server: Enable the SNMP server. host1(config)#snmp-server Configure at least one authorized SNMP community (SNMPv1/v2c) or user (SNMPv3), which provides SNMP client access. host1(config)#snmp-server community boston view everything rw host1(config)#snmp-server user fred group private auth sha fred-password priv des password (Optional) Set the server parameters contact name and server location.
Page 189: Enabling Snmp
Chapter 4: Configuring SNMP Enabling SNMP To enable the SNMP server, use the following command. snmp-server Use to enable SNMP server operation. Example host1(config)#snmp-server Use the no version to disable the SNMP server operation. See snmp-server. Configuring SNMP v1/v2c Community For SNMPv1/v2c, access to an SNMP server by an SNMP client is governed by a proprietary SNMP community table that identifies those communities that have read-only, read-write, or administrative permission to the SNMP MIB stored on a...
Page 190: Ip Access List
JUNOSe 11.1.x System Basics Configuration Guide IP Access List The IP access list identifies those IP addresses of SNMP clients permitted to use a given SNMP community. snmp-server community Use to configure an authorized SNMP community for access to the SNMP MIBs and to associate SNMPv1/v2c communities with SNMP MIB views.
Page 191: Setting Server Parameters
Chapter 4: Configuring SNMP SNMP v3 configurations are allowed only at the maximum CLI privilege level (15). snmp-server group Use to dynamically configure server groups. You must access the CLI at privilege level 15 to view or use this command. Example host1(config-profile)#snmp-server group grp1authpriv usm priv read grp1read write grp1write notify grp1notify...
Page 192: Configuring Snmp Packet Size
JUNOSe 11.1.x System Basics Configuration Guide Configuring SNMP Packet Size The SNMP server must support a PDU with an upper limit of 484 bytes or greater. There is no need to coordinate the maximum packet size across the entire network. Many requests and responses tend to be smaller than the maximum value.
Page 193: Managing Interface Sublayers
Chapter 4: Configuring SNMP For example a PPP interface configured on top of an ATM interfaces is: PPP3/0.1 Proprietary method ATM3/0.1 Industry method snmp-server interfaces description-format Use to set the encoding scheme of the ifDescr and ifName objects. Include one of the following keywords: common Sets the encoding scheme to the conventional industry method and provides compatibility with software that uses the industry encoding...
Page 194 JUNOSe 11.1.x System Basics Configuration Guide To compress interfaces according to type, use the snmp-server interfaces compress command. To see the list of interfaces that you can remove, use the CLI help: host1(config)#snmp-server interfaces compress ? Atm Atm interface layer Atm1483 Atm1483 interface layer AtmAal5 AtmAal5 interface layer .
Page 195: Controlling Interface Numbering
Chapter 4: Configuring SNMP Subsequent use of the same command on any interface (in the following example, Atm) on the same router without the table-type keyword compresses the interface only in the ipNetToMedia table (not in interface or interface stack tables): host1(config)#snmp-server interfaces compress Atm Example 3 To compress interfaces based on the table types, interface-tables and interface-stack-tables, use the following CLI example.
Page 196: Monitoring Interface Tables
JUNOSe 11.1.x System Basics Configuration Guide total number of interfaces (ifNumber). More recent RFCs 1573, 2232, and 2863 removed these restrictions to accommodate interface sublayers. The E Series router implementation of SNMP derives index numbers in 32-bit values that are unique on a given router.
Page 197: Configuring Traps
Chapter 4: Configuring SNMP Use to display a list of interface types that are compressed in the interface tables and the interface numbering method configured on the router. Field descriptions Compressed(Removed) Interface Types List of interface types that are removed from the ifTable and ifStackTable Armed Interface Numbering Mode Interface numbering method configured on the router: RFC1213, RFC2863 maxIfIndex Maximum value that the system will allocate to the ifIndex...
Page 198: Trap Categories
JUNOSe 11.1.x System Basics Configuration Guide SNMP format (v1 or v2) of the notification (trap) PDU to use for that destination Types of traps enabled to be sent to that destination Trap filters configured for the destination The maximum number of entries in the SNMP trap host table in each virtual router is eight.
Page 199: Trap Severity Levels
Chapter 4: Configuring SNMP ping Ping operation traps in disman remops (remote operations) MIB radius RADIUS servers fail to respond to accounting and authentication requests traps, or servers return to active service traps routeTable Maximum route limit and warning threshold traps; when this trap is generated, the actual value of the exceeded warning threshold is displayed.
Page 200 JUNOSe 11.1.x System Basics Configuration Guide Trap filters work as follows: An event is posted to the SNMP agent. The system determines whether the corresponding trap category is globally enabled and whether the trap meets the minimum severity level for the trap category.
Page 201 Chapter 4: Configuring SNMP NOTE: This command does not modify the severity level set for specific hosts using the snmp-server host command. If you configure global severity levels for different categories in succession, the last global severity level you configure is applied to all categories. Example 1 Configuring the per-category severity level without changing the global severity level Configure the global severity level as critical for all enabled trap categories...
Page 202 JUNOSe 11.1.x System Basics Configuration Guide host1(config)#snmp-server enable traps bgp trapFilters notice Configure the per-category severity level as debug for the SONET trap category. This setting overrides the notice trap severity level that was applicable for the SONET trap category. host1(config)#snmp-server enable traps sonet per-category-trapFilters debug The global severity level is configured as notice for all enabled trap categories except SONET, whose severity level is set as debug.
Page 203 Chapter 4: Configuring SNMP Use the no version to remove the interface from the trap configuration. See snmp-server trap-source. snmp trap ip link-status Use to enable link-status traps on an IP interface. Example host1(config-if)#snmp trap ip link-status Use the no version to disable link-status traps on an IP interface. See snmp trap ip link-status.
Page 204: Specifying An Egress Point For Snmp Traps
JUNOSe 11.1.x System Basics Configuration Guide Specifying an Egress Point for SNMP Traps You can enable SNMP trap proxy, which allows you to specify a single SNMP agent as the egress point for SNMP traps from all other virtual routers. This feature removes the need to configure a network path from each virtual router to a single trap collector.
Page 205: Configuring Trap Notification Logs
Chapter 4: Configuring SNMP Configuring Trap Notification Logs SNMP uses the User Datagram Protocol (UDP) to send traps. Because UDP does not guarantee delivery or provide flow control, some traps can be lost in transit to a destination address. The Notification Log MIB provides flow control support for UDP datagrams.
Page 206: Recovering Lost Traps
JUNOSe 11.1.x System Basics Configuration Guide Use the no version to return to the default severity value (error) for the selected category. To return all logs to their default severity setting, include an * (asterisk) with the no version. See log severity. snmp-server notificationLog ageOut Use to set the ageout for traps in the notification log tables.
Page 207: Configuring The Snmp Server Event Manager
Chapter 4: Configuring SNMP The SNMP agent begins sending SNMP traps to the host before the line module is initialized. If the SNMP proxy virtual router is initialized after other virtual routers, traps generated by the other virtual routers and sent to the proxy router are lost. To recover SNMP traps that are lost during system startup, the SNMP agent pings the configured trap host to identify that there is a communication path between E Series router and host.
Page 208: Event Mib Structure
JUNOSe 11.1.x System Basics Configuration Guide allow devices to monitor themselves and other devices, and to take action under certain conditions. The Event MIB (RFC 2981) defines a method for creating trigger conditions, testing those conditions, and determining which action to take when a trigger meets those conditions.
Page 209: Objects Table
Chapter 4: Configuring SNMP NOTE: When determining discontinuity, the MIB object must be a time-based counter or number. When a polling interval expires and the event agent (router) needs to perform a delta calculation, it first checks the discontinuity MIB object for that trigger. If a discontinuity occurs, the agent does not perform the test for that trigger until the next polling interval.
Page 210 JUNOSe 11.1.x System Basics Configuration Guide NOTE: You must create a management event instance for each virtual router. (Optional) Specify the maximum number of trigger entries that you want the virtual router to support. host1(config-mgmtevent)#resource 275 Create an event for each trap notification (mteTriggerFailure, mteTriggerFalling, or mteTriggerRising) that you want to use by specifying an event owner and event name.
Page 211 Chapter 4: Configuring SNMP host1(config-mgmtevent-event)#enable host1(config-mgmtevent-event)#exit host1(config-mgmtevent)# NOTE: Once enabled, you cannot edit an event or trigger configuration. To change an enabled event or trigger, you must delete it and re-create it. Define the trigger that you want to use for an event by specifying a trigger owner and trigger name.
Page 212: Defining A Boolean Test
JUNOSe 11.1.x System Basics Configuration Guide Defining a Boolean Test You can configure a Boolean trigger to test whether the value of an integer object is equal, unequal, greater than, less than, less than or equal to, or greater than or equal to some defined value.
Page 213: Defining A Threshold Test
Chapter 4: Configuring SNMP host1(config-mgmtevent-trigger)#existence-test test-type changed Define the startup threshold condition absent or present that you want this trigger to use. host1(config-mgmtevent-trigger)#existence-test startup absent Specify the events that you want the existence-test trigger to use by entering an event owner name and event name. NOTE: You do not need to bind a failure event to a trigger.
Page 214 JUNOSe 11.1.x System Basics Configuration Guide Define the startup threshold condition that you predict the sample to initially follow falling, rising, risingorfalling. For example, if you are sampling a MIB value that you know will start from zero and rise, you would specify a rising startup condition.
Page 215 Chapter 4: Configuring SNMP Example 1 host1(config-mgmtevent-trigger)#agent context-name router1 wildcard Example 2 host1(config-mgmtevent-trigger)#agent context-name router1 wildcard limit 15 NOTE: SNMP server security defaults to no access. When using a separate virtual router, you must use the snmp-server security command and provide read or read-write access to other virtual routers.
Page 216 JUNOSe 11.1.x System Basics Configuration Guide (Optional) Use the discontinuity-id-type option to specify a discontinuity ID type (either timeStamp or timeTicks). The discontinuity ID type indicates the time value that you expect for a specific sample. Use the no version to turn off delta sampling and use absolute sampling (the default).
Page 217 Chapter 4: Configuring SNMP host1(config-mgmtevent-trigger)#existence-test startup present Example 3 Specifying an existence test type host1(config-mgmtevent-trigger)#existence-test test-type absent Use the no version to delete the existence-test values for this trigger or to remove either the startup condition or event binding. See existence-test. frequency Use to set the frequency (in seconds) at which you want MIB sampling to occur.
Page 218 JUNOSe 11.1.x System Basics Configuration Guide host1(config-mgmtevent)#sample value-id 1.3.6.1.2.1.60.1.2.1.1.7 Use the no version to remove the MIB object from the trigger. Removal returns the sample value-id to its default (0.0). See sample. Use to perform an SNMP set operation under certain event conditions. Example Sets the administrative status of interface 123 to down (2) host1(config-mgmtevent-event)#set context-name router1 host1(config-mgmtevent-event)#set id 1.3.6.1.2.1.2.2.1.7.123...
Page 219: Monitoring Events
Chapter 4: Configuring SNMP Example 2 Specifying a startup threshold condition host1(config-mgmtevent-trigger)#threshold-test startup rising Example 3 Binding an event to the threshold-test trigger host1(config-mgmtevent-trigger)#threshold-test event sysadmin failureTrigger Use the no version to delete the threshold-test values for this trigger or remove either the threshold startup condition or event binding.
Page 220 JUNOSe 11.1.x System Basics Configuration Guide show snmp management-event Use to view statistical SNMP event information for event table entries, router resources, and trigger table entries. Omit the events, resource, statistics, or triggers options to obtain a full output. Field descriptions Resource SampleMinimum Minimum number of samples to be taken SampleInstanceMaximum Maximum number of samples to be taken...
Page 221 Chapter 4: Configuring SNMP Comparison Comparison value for this trigger Value Object ID value to which this trigger compares Startup Whether or not this trigger performs a Boolean test on startup ObjectsOwner Owner of this object Objects Name of this object EventOwner Owner of this event Event Name of this event Existence...
Page 222 JUNOSe 11.1.x System Basics Configuration Guide Falling Falling threshold condition for this trigger DeltaRising Delta rising threshold condition for this trigger DeltaFalling Delta falling threshold condition for this trigger ObjectsOwner Not supported in this release Objects Not supported in this release RisingEventOwner Rising event owner value for this trigger RisingEvent Rising event name value for this trigger FallingEventOwner Falling event owner value for this trigger...
Page 223 Chapter 4: Configuring SNMP Value Value to which you are setting the object ID when the trigger fires ContextName Management context (for example, router1) from which to obtain mteTriggerValueID ContextNameWildcard Whether or not the context name is a wildcard Example host1#show snmp management-event Resource ---------------------------------------------------------------------------...
Page 224 JUNOSe 11.1.x System Basics Configuration Guide ------------------------ Existence Test: absent Startup: absent ObjectsOwner: unitTest Objects: test3 EventOwner: unitTest Event: eventTest3 ------------------------ Threshold Startup: falling Rising: 200 Falling: 100 DeltaRising: 0 DeltaFalling: 0 ObjectsOwner: Objects: RisingEventOwner: unitTest RisingEvent: eventTest2 FallingEventOwner: unitTest FallingEvent: eventTest3 DeltaRisingEventOwner: DeltaRisingEvent:...
Page 225: Collecting Bulk Statistics
Chapter 4: Configuring SNMP ContextName: router ContextNameWildcard: True See show snmp management-event. Collecting Bulk Statistics The router offers an efficient data collection and transfer facility for accounting applications. The E Series router SNMP MIBs extend the accounting data collection mechanism defined in the Accounting-Control-MIB (RFC 2513) to include support for connectionless networks.
Page 226: Interface Strings
JUNOSe 11.1.x System Basics Configuration Guide The maximum number of interfaces for each type of interface and line module can differ. Bulk statistics can collect these statistics when you configure the slots with their respective interfaces to the corresponding maximum values. For information about maximum values see JUNOSe Release Notes, Appendix A, System Maximums.
Page 227 Chapter 4: Configuring SNMP Table 23: Interface Strings (continued) Common Description Common Description Type of Interface Format-Mode Disabled Format-Mode Enabled ATM AAL5 interfaces AtmAal5 ATM 1483 interfaces Atm1483 Ft1 interfaces SERIAL HDLC interfaces HDLCIntf HDLC IpLoopback interfaces Loopback IpLoopback IpVirtual interfaces IpVirtual IpVirtual Frame Relay Sub interfaces...
Page 228: Understanding Counter Discontinuity
JUNOSe 11.1.x System Basics Configuration Guide Table 23: Interface Strings (continued) Common Description Common Description Type of Interface Format-Mode Disabled Format-Mode Enabled L2fSession interfaces L2fSession L2fSession L2fDestination interfaces L2fDestination L2fDestination IpSec Tunnel interfaces IpSecTunnel IpsecTunnel Sg interfaces SgInterface SgInterface MPLS L2 Shim interfaces MplsL2Shim MplsL2Shim MPLS VC Sub interfaces...
Page 229: Configuring Collectors And Receivers
Chapter 4: Configuring SNMP Configuring Collectors and Receivers To configure the router to collect statistics: Add names to the FTP host table for the primary and secondary (optional) receivers. See “Copying and Redirecting Files” on page 301 in “Managing the System” on page 251, for information about adding names to the host table.
Page 230 JUNOSe 11.1.x System Basics Configuration Guide host1(config)#bulkstats traps nearly-full (Optional) Collect bulk statistics per virtual router. host1(config)#bulkstats virtual-router-group collector 2 routerISP3 NOTE: The bulk statistics feature supports generating files on a per interface basis. bulkstats collector Use to assign the data collector. Example host1(config)#bulkstats collector 2 Use the no version to delete the collector.
Page 231 Chapter 4: Configuring SNMP bulkstats collector max-size Use to set the maximum size of the bulk statistics file for all collectors combined. Even when you configure more than one collector, the first maximum file size configured is the combined size of all collectors. The maximum file size that you can configure is 20971520 bytes.
Page 232 JUNOSe 11.1.x System Basics Configuration Guide Use the no version to set the system to retrieve bulk statistics periodically, the default situation. See bulkstats collector. bulkstats interfaces description-format common Use to set the encoding scheme of the ifDescr object that the bulk statistics application reports to the conventional industry method.
Page 233 Chapter 4: Configuring SNMP NOTE: You cannot collect statistics on the SRP Ethernet interface. Example 1 host1(config)#bulkstats interface-type ppp 3/1 collector 2 Example 2 host1(config)#bulkstats interface-type vlan 2/3:1 collector 1 Example 3 host1(config)#bulkstats interface-type mplsMajor 2/3:1 collector 1 Use the no version to delete the interface type from bulk statistics collection. Deletion of a particular interface type takes effect at the next collection interval.
Page 234: Deleting All Bulkstats Configurations
JUNOSe 11.1.x System Basics Configuration Guide Use the no version to disable the trap. See bulkstats traps. bulkstats virtual-router-group Use to collect interface statistics for each virtual router. A collector can have a maximum of 64 virtual routers associated with it. Routers are identified by their assigned name or router index.
Page 235 Chapter 4: Configuring SNMP Use to display the bulk statistics data collection configuration. Field descriptions AdminStatus Administrative status of the bulk statistics application OperStatus Operational status of the bulk statistics application, enabled or disabled Interface Description Setting Method used to encode the ifDescr object: common, proprietary, industry-common File Format End of the line format in bulkstats files, carriage return and line feed (CR+LF) or LF...
Page 236 JUNOSe 11.1.x System Basics Configuration Guide notReady Collector does not have enough configuration information to go active error Configuration or operational error Index Bulk statistics collector index number Primary-Receiver Index number of the primary receiver to which the system transfers data, if defined Second-Receiver Index of the secondary receiver to which the system transfers data Last Transfer Failure Last time that the collector attempted to retrieve...
Page 237 Chapter 4: Configuring SNMP CollectorIndex Index number of the collector to which the interface type applies State active Interface type is properly configured and currently active notInSvc Interface type has been decommissioned by a management client notReady Interface type does not have enough configuration information to go active error Configuration or operational error Receiver Information:...
Page 238 JUNOSe 11.1.x System Basics Configuration Guide Intervals PrimaryXfers PrimaryFails SecondaryXfers SecondaryFails --------- ------------ ------------ -------------- -------------- BulkStats Collector Information: Index CurrSize MaxSize Intrvl Mode XferMode State ----- -------- -------- ------ --------- -------- ------- 3670016 periodic manual inProg 3670016 periodic manual notReady Index Primary-Receiver...
Page 239 Chapter 4: Configuring SNMP show bulkstats collector description Use to display information about the collector’s file description. Field descriptions Index Index number of the bulk statistics collector FileDescription Descriptive information added to the bulk statistics file with the bulkstats collector description command Example host1#show bulkstats collector description Index...
Page 240 JUNOSe 11.1.x System Basics Configuration Guide See show bulkstats collector max-size. show bulkstats collector transfer-mode Use to display information about the bulk statistics transfer mode configuration. Field descriptions Index Index number of the bulk statistics collector Transfer-Mode: auto-xfer Server automatically transfers the bulk statistics files to a remote FTP server manual-xfer Server expects the user to transfer bulk statistics files on-file-full Server transfers the bulk statistics file when the file reaches...
Page 241 Chapter 4: Configuring SNMP Example host1#show bulkstats interface-type Interface Types: Index Type Collector State ----- ---------------------- --------- -------- active See show bulkstats interface-type. show bulkstats receiver Use to display information about the remote file configuration of the bulk statistics receiver. Field descriptions Index Index number of the receiver RemoteFileName Hostname, path, and filename of the remote FTP server...
Page 242 JUNOSe 11.1.x System Basics Configuration Guide show bulkstats statistics Use to display bulk statistics counters. Field descriptions AdminStatus Administrative status of the bulk statistics application OperStatus Operational status of the bulk statistics application HdwDetects Number of times the bulk statistics application detected a line module bulkstat collector’s presence HdwCollectorCreates Number of line module collectors created CollectorCreateReqs Number of times the bulk statistics application...
Page 243 Chapter 4: Configuring SNMP Index Bulk statistics collector index CurrSize Current size of the bulk statistics storage file in bytes CreateErrs Number of bulk statistics collector create errors Last Transfer Failure Last time that the collector attempted to retrieve statistics and was unsuccessful Interval Start Time Start of current interval or bulk collections.
Page 244 JUNOSe 11.1.x System Basics Configuration Guide MON JAN 24 2001 19:09:33 UTC MON JAN 24 2001 19:15:33 UTC Not started Dynamic Interface Collector statistics: CollectorIndex Slot# Received Transferred Dropped -------------- ----- ---------- ----------- ---------- See show bulkstats statistics. show bulkstats traps Use to display information about the bulk statistics traps configured to collect statistics.
Page 245: Understanding Schemas
Chapter 4: Configuring SNMP Collector Virtual-Routers --------- --------------- serviceProviderABC default See show bulkstats virtual-routers. Understanding Schemas You can set a management schema for bulk statistics. A schema is a group of attributes or counters that provide an efficient way to retrieve specific types of information about the router.
Page 246: Table 25: If-Stats Schema Objects
JUNOSe 11.1.x System Basics Configuration Guide Table 25: if-stats Schema Objects Object Definition Configure If-stats schema for all stats correlator Configure If-stats schema for correlator in-bcast-pkts Configure If-stats schema for in-bcast-pkts in-discards Configure If-stats schema for in-discards in-errors Configure If-stats schema for in-errors in-mcast-octets Configure If-stats schema for in-mcast-octets in-mcast-pkts...
Page 247: Igmp Schema Objects
Chapter 4: Configuring SNMP All the schema if-stats objects in Table 25 on page 216 apply to both layer 2 and layer 3 interfaces, except usdAcctngSpoofedPkts, which is specific to layer 3. Defining all interface types before you map a collector to the if-stats schema ensures that you display statistics for all configured interfaces in the first interval.
Page 248: Qos Schema Objects
JUNOSe 11.1.x System Basics Configuration Guide Table 27: Policy Schema Objects (continued) Object Definition red-packets Configure policy schema for red packets upper-green-bytes Configure policy schema for upper green bytes upper-green-packets Configure policy schema for upper green packets upper-red-bytes Configure policy schema for upper red bytes upper-red-packets Configure policy schema for upper red packets upper-yellow-bytes...
Page 249 Chapter 4: Configuring SNMP Table 28: QoS Schema Objects (continued) Object Definition forwarded-bytes Configure QoS schema to export the number of bytes forwarded from the queue forwarded-packets Configure QoS schema to export the number of forwarded packets from the queue forwarded-rate Configure QoS schema to export the average forwarded rate within the rate period specified on the statistics profile...
Page 250: Configuring Schemas
JUNOSe 11.1.x System Basics Configuration Guide Table 28: QoS Schema Objects (continued) Object Definition statistics-profile Configure QoS schema to export the statistics profile name weight Configure QoS schema to export the weight assigned to the queue yellow-dropped-bytes Configure QoS schema to export the number of bytes of yellow traffic that were dropped on the queue yellow-dropped-packets Configures QoS schema to export the number of yellow...
Page 251 Chapter 4: Configuring SNMP host1(config)#bulkstats interface-type atm1483 collector 11 Configure a receiver to receive the collected statistics. host1(config)#bulkstats receiver 11 remote-name qos.sts See “Configuring Collectors and Receivers” on page 199 for information about configuring collectors. bulkstats schema Use to create the schema for collecting bulk statistics. Example Creates schema with schema index 4 host1(config)#bulkstats schema 4 Use the no version to delete the specified schema.
Page 252 JUNOSe 11.1.x System Basics Configuration Guide Example 2 Configures the schema to retrieve final statistics that may have been lost during a higher create or delete frequency, for the specified interface host1(config)#bulkstats schema 5 subtree if-stats if-create-delete-time-stats interfaceType ? atm1483 Configure bulkstats for ATM 1483 sub-interfaces Configure bulkstats for IP interfaces mplsL2Shim...
Page 253: Mapping Bulkstats Output To Mib Flies And Cli Configurations For Bulk Statistics Schema
Chapter 4: Configuring SNMP Use the no version to delete the specified schema. See bulkstats schema subtree policy. bulkstats schema subtree qos Use to configure the bulk statistics schema to collect QoS statistics and configuration information on egress queues belonging to different interface types. To export egress queue statistics based on the queue attributes specified for the QoS schema, use the subtreelist keyword.
Page 254: Table 29: Mapping Bulkstats Output To Mib Flies And Cli Configurations For
JUNOSe 11.1.x System Basics Configuration Guide Table 29 on page 224 shows the mapping between the bulkstats output and the CLI and MIBs for policy schema. Table 29: Mapping Bulkstats Output to MIB Flies and CLI Configurations for Policy Schema Bulkstats Output Column Name MIB File...
Page 255 Chapter 4: Configuring SNMP Table 29: Mapping Bulkstats Output to MIB Flies and CLI Configurations for Policy Schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description ifHCInOctets RFC2863 ifHCInOctets in-octets The total number of octets received on the interface, including framing characters.
Page 256 JUNOSe 11.1.x System Basics Configuration Guide Table 29: Mapping Bulkstats Output to MIB Flies and CLI Configurations for Policy Schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description ifInErrors RFC1213 ifInErrors in-errors For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being...
Page 257 Chapter 4: Configuring SNMP Table 29: Mapping Bulkstats Output to MIB Flies and CLI Configurations for Policy Schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description ifHCOutOctets RFC2863 ifHCOutOctets out-octets The total number of octets transmitted out of the interface, including framing characters.
Page 258 JUNOSe 11.1.x System Basics Configuration Guide Table 29: Mapping Bulkstats Output to MIB Flies and CLI Configurations for Policy Schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description ifOutErrors RFC1213 ifOutErrors out-errors For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors.
Page 259 Chapter 4: Configuring SNMP Table 29: Mapping Bulkstats Output to MIB Flies and CLI Configurations for Policy Schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description ifHCInMulticastPkts RFC2863 ifHCInMulticastPkts in-mcast-pkts The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to a multicast address at this...
Page 260 JUNOSe 11.1.x System Basics Configuration Guide Table 29: Mapping Bulkstats Output to MIB Flies and CLI Configurations for Policy Schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description ifHCOutMulticastPkts RFC2863 ifHCOutMulticastPkts out-mcast-pkts The total number of packets that higher-level protocols requested be transmitted, and which were addressed...
Page 261: Table 30: Mapping Bulkstats Output To Mib Flies And Cli Configurations For Qos Schema
Chapter 4: Configuring SNMP Table 30: Mapping Bulkstats Output to MIB Flies and CLI Configurations for QoS schema Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description Configure QoS schema for all queue attributes ifDescr RFC1213 ifDescr –...
Page 262 JUNOSe 11.1.x System Basics Configuration Guide Table 30: Mapping Bulkstats Output to MIB Flies and CLI Configurations for QoS schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description QQueueProfile rsacctng rsAcctngQueueProfile queue-profile The queue profile name associated with the egress queue.
Page 263 Chapter 4: Configuring SNMP Table 30: Mapping Bulkstats Output to MIB Flies and CLI Configurations for QoS schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description QWeight rsacctng rsAcctngWeight weight The weight attribute of the queue.
Page 264 JUNOSe 11.1.x System Basics Configuration Guide Table 30: Mapping Bulkstats Output to MIB Flies and CLI Configurations for QoS schema (continued) Bulkstats Output Column Name MIB File MIB Object Name CLI Configuration Description QFwdedOctets rsacctng rsAcctngForwardedBytes forwarded-bytes The number of octets that were forwarded on the queue.
Page 265: Monitoring Schema Statistics
Chapter 4: Configuring SNMP Monitoring Schema Statistics You are able to display your configuration and monitor the data generated by schemas. show bulkstats schema Use to display data on the bulk statistics schema. Field descriptions Schema Information: Index Index number of the schema Subtree Type of bulk statistics schema configured on the collector: igmp, if-stack, if-stats, policy, QoS, or system CollectorIndex Bulk statistics collector index (same as the SNMP table...
Page 266: Configuring Interface Numbering Mode
JUNOSe 11.1.x System Basics Configuration Guide host1#show bulkstats schema Schema Information: Index Subtree CollectorIndex State ----- ----------------- -------------- -------- ifStats active system active Index Subtree List ----- -------------------------------------------------- ifOutErrors; ifLowerInterface; ifTimeOffset Example 3 Displays bulk statistics configuration information for a schema that is configured to collect QoS statistics for egress queue level attributes, filtering out queue-length and queue profile name attributes host1#show bulkstats schema...
Page 267: Using The Bulk Statistics Formatter
Chapter 4: Configuring SNMP In RFC 1213 mode, interface creations should not result in gaps in the ifIndex range. A gap that results from the deletion of an interface is acceptable because it is handled by older network management applications. The gaps are eliminated after the router is rebooted.
Page 268: Guidelines
JUNOSe 11.1.x System Basics Configuration Guide Guidelines The current capabilities and limitations of the bulk statistics formatter are: If you add %d or any numeric formatter for a string value (such as sysName), the attribute name will be used (for instance, sysName). The opposite is also true, except for sysUptime, which will use %s as a %u.
Page 269: Monitoring Snmp
Chapter 4: Configuring SNMP Monitoring SNMP To monitor the status of SNMP operations on your network, enter Privileged Exec mode. You can then establish a baseline and use the show commands to view statistics. Establishing a Baseline SNMP statistics are stored in system counters. The only way to reset the system counters is to reboot the router.
Page 270: Viewing Snmp Status
JUNOSe 11.1.x System Basics Configuration Guide 0 Unknown Context Report PDUs 0 Unsupported Security Level Report PDUs 0 Not in time Window Report PDUs 0 Unknown Username Report PDUs 0 Unknown Engine ID Report PDUs 0 Wrong Digest Report PDUs 0 Decryption Error Report PDUs There is no no version.
Page 271 Chapter 4: Configuring SNMP Unknown security models Number of SNMP PDUs with unrecognized security Unavailable contexts Number of SNMP proxy requests to unknown entities SNMP packets out Total number of SNMP packets sent by the router Too big errors Number of processed PDUs that resulted in SNMP PDUs too large to encode No such name errors Number of requests that resulted in noSuchName errors.
Page 272 JUNOSe 11.1.x System Basics Configuration Guide Wrong Digest Report PDUs Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value Decryption Error Report PDUs Number of packets received by the SNMP engine that were dropped because they could not be decrypted Example host1#show snmp...
Page 273 Chapter 4: Configuring SNMP Read Name of the view for read access Write Name of the view for write access Notify Name of the view for notification Storage SNMP storage type, volatile or nonvolatile Example host1#show snmp access Group Name Model Level Read...
Page 274 JUNOSe 11.1.x System Basics Configuration Guide groupName Name of the group securityModel SNMP security model v1 SNMPv1 v2c SNMPv2c usm SNMPv authenticationLevel Method for authentication and privacy none No authentication and no privacy auth Authentication only priv Authentication and privacy readView Name of the view for read access writeView Name of the view for write access notifyView Name of the view for notification...
Page 275 Chapter 4: Configuring SNMP Global Entry Limit Value : 500 No notification log name information is available See show snmp notificationLog. show snmp trap Use to display configuration information about SNMP traps and trap destinations. Field descriptions Enabled Categories Trap categories that are enabled on the router. SNMP authentication failure trap Enabled or disabled.
Page 276 JUNOSe 11.1.x System Basics Configuration Guide dropLastIn Most recent trap is dropped . Example host1# show snmp trap Enabled Categories: Bgp, Ospf, Sonet SNMP authentication failure trap is disabled Trap Source: FastEthernet 6/0, Trap Source Address:172.27.120.78 Trap Proxy: enabled Global Trap Severity Level: 7 - debug Trap Severity Level TrapCategories -------------------...
Page 277 Chapter 4: Configuring SNMP Trap(s) proxied Total number of traps proxied by the virtual router Address IP address of the host TrapsDiscarded Severity/Category Severity level and category of the discarded traps TrapsDiscrded bad encoding Traps discarded because of bad encoding TrapsDiscrded Queue Full Traps discarded because the queue was full TrapsDiscrded NoHostRespons Traps discarded because the host did not respond to pings sent to the host...
Page 278 JUNOSe 11.1.x System Basics Configuration Guide no No privacy protocol des DES encryption algorithm for privacy Group Name of the group to which the user belongs Example SNMPv3 display. host1#show snmp user User Auth Priv Group ------------------------ ---- ---- ------------------- josie admin nightfly...
Page 279: Output Filtering
Chapter 4: Configuring SNMP Output Filtering You can use the output filtering feature of the show commands to include or exclude lines of output based on a text string you specify. See “Command-Line Interface” on page 29, for details. Monitoring SNMP...
Page 280 JUNOSe 11.1.x System Basics Configuration Guide Monitoring SNMP...
Page 281: Managing The System
Chapter 5 Managing the System This chapter describes general tasks associated with managing the E Series router. This chapter contains the following sections: Overview on page 252 Platform Considerations on page 252 Naming the System on page 252 Configuring the Switch Fabric Bandwidth on page 253 Configuring Timing on page 253 Using the CLI on page 255 Managing vty Lines on page 258...
Page 282: Overview
JUNOSe 11.1.x System Basics Configuration Guide Overview Managing the E Series router involves a variety of tasks. This chapter covers those tasks associated with the router in general rather than specific networking protocols. Each section in the chapter covers a different topic; where appropriate, a section contains an overview of the topic, configuration tasks, and information about monitoring the associated settings.
Page 283: Configuring The Switch Fabric Bandwidth
See hostname. Configuring the Switch Fabric Bandwidth By default, the switch fabric for the Juniper Networks ERX1440, ERX310, E120, and E320 routers uses a bandwidth weighting ratio of 15:2 for multicast-to-unicast weighted round robin (WRR). In the absence of strict-priority traffic, and when both...
Page 284 JUNOSe 11.1.x System Basics Configuration Guide Use to disable the auto-upgrade feature of the system’s timing selector. The system starts out by setting the operational timing selector to the administratively configured selector. See the timing select command. Example host1(config)#timing disable-auto-upgrade Use the no version to restore the factory default, which is auto-upgrade enabled.
Page 285: Monitoring Timing
Chapter 5: Managing the System Example host1#timing source secondary sonet 3/0 There is no no version. See timing source. Monitoring Timing Use the show timing command to view the timing settings for the system. show timing Use to display the timing settings and the operational status of the system timing. If a timing source fails, the system uses the next time source in the hierarchy, and a message appears in the system log at the warning level.
Page 286 JUNOSe 11.1.x System Basics Configuration Guide host1(config)# Example 2 host1#configure Configuring from terminal or file [terminal]? file File name: system1.scr Proceed with configure? [confirm] host1(config)# There is no no version. See configure. disable Use to exit Privileged Exec mode and return to User Exec mode. Use to move to a lower Privileged Exec mode level without returning to User Exec mode.
Page 287 Chapter 5: Managing the System Use to move from User Exec to Privileged Exec mode. Privileged Exec mode allows you to access all other user interface modes. From here you can configure, monitor, and manage all aspects of the router. You can access the Privileged Exec commands using one of 16 levels of command privilege.
Page 288: Managing Vty Lines
JUNOSe 11.1.x System Basics Configuration Guide There is no no version. See exit. help Use to display basic information about the interactive help system. Example host1#help Use the help options as follows: ?, or command<Space>? - Lists the set of all valid next keywords or arguments partial-keyword? - Lists the keywords that begin with a certain...
Page 289: Configuring Vty Lines
Chapter 5: Managing the System Configuring vty Lines By default five vty lines (0–4) are open. You can open additional lines using the line vty command. Once lines are open, login is enabled by default. Before users can access the lines, you must configure a password, disable login using the no login command, or configure AAA authentication on the lines.
Page 290: Monitoring Vty Lines
JUNOSe 11.1.x System Basics Configuration Guide Use the no version to remove the password. By default, no password is specified. See password. For more information about configuring security for vty lines, see “Managing the System” on page 251. Monitoring vty Lines Use the show line vty command to monitor vty lines.
Page 291: Clearing Lines
Chapter 5: Managing the System Clearing Lines Use the clear line command to clear any line on the system (vty or console). Using this command terminates any service, such as an FTP session, on this line and closes any open files. clear line Use to remove any services on a line and close any files opened as a result of services on that line.
Page 292: Defining The Configuration Output Format
JUNOSe 11.1.x System Basics Configuration Guide Defining the Configuration Output Format The JUNOSe show configuration command displays the entire system configuration. For very large configurations, the show configuration report can take a long time to generate and display. The service show-config format command enables you to run the show configuration command using one of two formats original format (format 1;...
Page 293 Chapter 5: Managing the System interface atm 5/0.100.1 encapsulation ppp ppp authentication chap ip address 102.0.1.1 255.255.255.0 interface atm 5/0.102 multipoint atm pvc 1021 0 1021 aal5snap 0 0 0 atm pvc 1022 0 1022 aal5snap 0 0 0 atm pvc 1023 0 1023 aal5snap 0 0 0 ip address 102.0.2.1 255.255.255.0 interface atm 5/0.103 point-to-point atm pvc 103 0 103 aal5snap 0 0 0...
Page 294 JUNOSe 11.1.x System Basics Configuration Guide interface mlppp joe ip route 0.0.0.0 0.0.0.0 10.13.5.1 ip route 40.0.0.0 255.0.0.0 atm5/0.104 ip route 172.28.32.70 255.255.255.255 10.13.5.1 no ip source-route ipv6 ! ============================================================================ virtual-router foo … interface null 0 interface loopback 0 ip address 127.0.0.2 255.0.0.0 interface atm 5/1.100.1 ip address 102.0.1.2 255.255.255.0 interface atm 5/1.102...
Page 295 Chapter 5: Managing the System interface atm 5/0.103 point-to-point atm pvc 103 0 103 aal5snap 0 0 0 encapsulation bridge1483 pppoe pppoe subinterface atm 5/0.103.1 encapsulation ppp ppp authentication pap interface atm 5/0.104 point-to-point atm pvc 104 0 104 aal5snap 0 0 0 interface atm 5/0.126 point-to-point interface atm 5/1 interface atm 5/1.1 point-to-point...
Page 296: Customizing The Configuration Output
JUNOSe 11.1.x System Basics Configuration Guide interface atm 5/0.102 ip address 102.0.2.1 255.255.255.0 interface atm 5/0.103 ip address 100.0.0.1 255.255.255.0 interface atm 5/0.103.1 ip address 100.0.1.1 255.255.255.0 interface atm 5/0.104 ip address 150.0.1.1 255.255.255.0 ipv6 address 2000:0:17::1/60 ip route 0.0.0.0 0.0.0.0 10.13.5.1 ip route 40.0.0.0 255.0.0.0 atm5/0.104 ip route 172.28.32.70 255.255.255.255 10.13.5.1 no ip source-route...
Page 297: Table 32: Categories Of Router Settings
Chapter 5: Managing the System of show configuration to be generated, but the output is not displayed until the begin criterion is met. Use the virtual-router keyword to display the current configuration of a specified virtual router. You can combine the virtual-router keyword with the category keyword to display the current configuration of specific settings for a virtual router.
Page 298 JUNOSe 11.1.x System Basics Configuration Guide Table 32: Categories of Router Settings (continued) Category Configuration Displayed Quality of service (QoS) settings, such as traffic class, drop profile, and scheduler profile system System-level settings, such as timing, logging, and redundancy tunneling Tunneling protocols, such as IP Security (IPSec), Multiprotocol Label Switching (MPLS), and Layer Two Tunneling Protocol (L2TP) Many of the categories described in Table 32 on page 267 contain subcategories of...
Page 299 Interface” on page 29, for details. Example host1# show configuration ! Configuration script being generated on TUE JAN 29 200X 00:31:12 UTC! Juniper Networks Edge Routing Switch ERX-700 ! Version: x.y.z (January 18, 200X 15:01) ! Copyright (c) 1999-200X Juniper Networks, Inc. All rights reserved.
Page 300 JUNOSe 11.1.x System Basics Configuration Guide ! End of generated configuration script. Example using interface keyword: host1# show configuration interface serial 4/0 interface atm 4/0 atm vc-per-vp 1024 atm uni-version 3.0 interface atm 4/0.1 point-to-point profile pppoe myProfile qos-profile myQosProfile interface atm 4/0.2 point-to-point qos-profile myQosProfile ip description TestIP...
Page 301: Detecting Corrupt File Configurations
Chapter 5: Managing the System An interface can be in only one tag group. Example host1(config-if)#tag-group red Use the no version to remove the tag group. See tag-group. Detecting Corrupt File Configurations You can detect corruption of running configuration files and CNF files on both the primary SRP when the corruption is due to a fatal duplicate key error.
Page 302: Automatically Recovering Corrupt Configuration Files
JUNOSe 11.1.x System Basics Configuration Guide that you run the manual command to check the file system before you enable HA or perform any unified ISSU-related operations service check-config Use to detect corruption of running configuration files and CNF files on the primary SRP and the standby SRP when it is due to a fatal duplicate key error.
Page 303 Chapter 5: Managing the System When you turn on auto-recovery, the behavior of the file synchronization, stateful SRP switchover (high availability), and unified ISSU tasks changes to prevent synchronization of corrupt configuration. On detecting configuration file corruption, JUNOSe Software determines whether a corrupt file is recoverable by the application. If the file is recoverable: The configuration monitor on the SRP tries to recover it from a good configuration as determined by the application.
Page 304 JUNOSe 11.1.x System Basics Configuration Guide File Synchronization–Configuration files are not synchronized to the standby SRP when the HA state changes to disabled and the status is restored when the recovery window is complete. HA–Enabling of HA is prevented (HA remains in disabled state) during the recovery window and the state is restored after the recovery window is complete.
Page 305 Chapter 5: Managing the System Unified ISSU–If unified ISSU is in the idle state, the operation is disabled until successful recovery or the recovery window is complete. The unified ISSU process continues if it has started. Auto-Recovery Monitoring of corrupt configuration stops and a message indicating whether the files are recoverable appears.
Page 306: Configuring The System Automatically
JUNOSe 11.1.x System Basics Configuration Guide Use to enable auto-recovery of files in the running configuration that are corrupted due to a fatal duplicate key error or the existence of values such as 0XFF and 0x00 in sectors of a Flash. You cannot auto-recover CNF files on the primary and standby SRPs.
Page 307: Saving The Current Configuration
A Perl script is provided in the Tools folder of the software image bundle that you can download from the Juniper Networks website, depending on whether you want to install the software on an ERX model or an E120 and E320 model, shipped with your router that enables you to view the text configuration in a configuration file that contains both binary and text configuration.
Page 308 JUNOSe 11.1.x System Basics Configuration Guide Use to save the current configuration to a system configuration (*.cnf) file. Use the include-text-config keyword to add the text configuration to the system configuration file in compressed format. Although this command is available in either Automatic Commit mode or Manual Commit mode, use this command only in Manual Commit mode.
Page 309 Chapter 5: Managing the System Use to copy the previously saved startup configuration to a system configuration (*.cnf) file. If you have made but not saved any configuration changes, those changes are not in the startup configuration. This command is available only if the system is in Manual Commit mode. Example host1#copy startup-configuration system1.cnf There is no no version.
Page 310: Using The Desktop Tool For Viewing Uncompressed Text Configuration
You must configure execute permisions for the files and executables that you install from software image bundle that you downloaded from the Juniper Networks website or from the software CD that you created from the downloaded bundle.
Page 311: Requirements For Linux Systems
Chapter 5: Managing the System By default, the GCC compiler is not available on Solaris 9 and Solaris 10 platforms, but is required to run the desktop tool on Solaris platforms. Install the compiler from the following site: http://www.sunfreeware.com/ For example, type /usr/sbin/pkgadd -d gcc-3.4.6-sol10-x86-local. If the Solaris patch is not available by default on your client system, install it from the following site: http://www.sunfreeware.com/...
Page 312: Setting The Console Speed
JUNOSe 11.1.x System Basics Configuration Guide Setting the Console Speed You can specify the console speed for only the current console session or for the current console session and all subsequent console sessions. speed Use to set the speed for the current and all subsequent console sessions immediately.
Page 313: Specifying The Character Set
Chapter 5: Managing the System Use to set the width of the display terminal. Set the number of characters on a screen line in the range 30–512. Example host1#terminal width 80 There is no no version. See terminal width. Specifying the Character Set You can specify the number of data bits per character for the current vty session and for all subsequent sessions on the specified vty lines.
Page 314: Configuring Login Conditions
JUNOSe 11.1.x System Basics Configuration Guide Configuring Login Conditions You can issue the dsr-detect command to configure the system so that a data set ready (DSR) signal is required to log in to the console. If a session is in progress and the DSR signal is lost, the user is logged out automatically.
Page 315: Setting Time Limits For User Input
Chapter 5: Managing the System host1(config-line)#timeout login response 15 Use the no version to restore the default interval, 30 seconds. See timeout login response. Setting Time Limits for User Input You can specify a time interval that the CLI waits for user input on the console or vty lines.
Page 316 JUNOSe 11.1.x System Basics Configuration Guide exec Displays the banner after user authentication (if any) and before the first prompt of a CLI session. If you do not specify an option, the default behavior is to display the banner as an MOTD.
Page 317: Monitoring The Console Settings
Chapter 5: Managing the System host1(config-line)#exec-banner Use the default version to restore the default setting, in which the banner is displayed on all lines. Use the no version to disable the exec banner on the line. If both the exec and MOTD banners are enabled on a line, issuing the no exec-banner command disables both the exec banner and the MOTD banner.
Page 318: Sending Messages
JUNOSe 11.1.x System Basics Configuration Guide Use to view parameters of the current console session. Field descriptions Length Number of lines on the screen Width Number of characters on each line of the screen data-character-bits Number of bits per character 7 Setting for the standard ASCII set 8 Setting for the international character set Speed Speed of the console session...
Page 319 Chapter 5: Managing the System The following command sends the message “ hello console” to line 0: host1#send 0 “ hello console” The following command sends the message “ hello everyone” to all terminals: host1#send * “ hello everyone” If you begin the message on the same line as the send command, the first character of the message is considered to be a delimiter.
Page 320: Managing Memory
JUNOSe 11.1.x System Basics Configuration Guide The CLI prompts you for message text if you do not begin or complete the message on the same line as the send command. The CLI reminds you to signal the end of the message either with the delimiter or Ctrl+z. Example host1#send 0 “...
Page 321 Chapter 5: Managing the System Table 33: Types of System Files and Corresponding Extensions (continued) Type of File Extension Description Macro *.mac A macro program Release *.rel Software releases you can install in the system Script *.scr A sequence of CLI commands. When you run a script file, the system executes the commands as though they were entered at the terminal Secure Shell (SSH)
Page 322: Managing The User Space From A Network Host
JUNOSe 11.1.x System Basics Configuration Guide Managing the User Space from a Network Host If you enable the system’s FTP server (see “Configuring the FTP Server” on page 309), you can manage files on the user space from an FTP client on a network host. Table 34 on page 292 lists the FTP protocol commands that the E Series router supports.
Page 323: File Commands And Ftp Servers
Chapter 5: Managing the System File Commands and FTP Servers Commands copy, configure file, and macro that invoke a remote FTP server take place in the context of the current virtual router rather than the default virtual router. You must configure the remote FTP server so that any traffic destined for the virtual router can reach the virtual router;...
Page 324: Deleting Files
JUNOSe 11.1.x System Basics Configuration Guide Table 35: File Types You Can Rename (continued) Destination User Space Network Standby (Linked Files and Host Within Source System Space Unlinked Files) a Firewall Module User Space *.cnf *.cnf None None *.hty (excluding *.dmp reboot.hty) *.hty...
Page 325: Table 36: File Types You Can Delete
Chapter 5: Managing the System You can include an asterisk (*) as a wildcard at any position in a specified filename. The asterisk substitutes for zero or more characters in the name. You cannot use an asterisk in a directory or subdirectory name. You cannot delete reboot.hty or system.log files when you use a wildcard.
Page 326: Monitoring Files
JUNOSe 11.1.x System Basics Configuration Guide Table 36: File Types You Can Delete (continued) Location *.cnf *.cnf None *.dmp *.dmp *.dmp *.hty *.hty *.log *.log *.mac *.mac *.rel *.pub *.scr *.rel (deletes *.rel file only and not associated *.sts files) *.txt *.scr *.sts...
Page 327 Chapter 5: Managing the System Bulk statistics .sts files are stored in volatile storage on a RAM disk, and are displayed only when bulkstats is configured. NOTE: When you issue the dir command from Boot mode, a reduced set of file types is displayed.
Page 328 JUNOSe 11.1.x System Basics Configuration Guide standby-disk0:SRP-10Ge_1_SC_08_21_2006_13_48.dmp 153547479 153547479 standby-disk0:SRP-10Ge_1_SC_04_12_2007_10_04.dmp 194849368 194849368 standby-disk0:reboot.hty 123136 123136 standby-disk0:system.log file date (UTC) -------------------------------------------- ------------------- disk0:/incoming <DIR> 02/08/2008 15:06:42 disk0:/outgoing <DIR> 02/08/2008 15:06:42 disk0:810beta13.cnf 02/06/2007 15:13:44 disk0:800beta12.cnf 09/29/2006 16:31:54 disk0:bng___1.txt 02/12/2008 07:05:20 disk0:bng___2.txt 02/12/2008 07:05:28 disk0:bng___3.txt 02/12/2008 06:59:46 disk0:erx701rel.cnf...
Page 329: Viewing Files
Chapter 5: Managing the System disk0:bng___1.txt 02/12/2008 07:05:20 disk0:bng___2.txt 02/12/2008 07:05:28 disk0:bng___3.txt 02/12/2008 06:59:46 Disk capacity ------------- Capacity Free Reserved Device (bytes) (bytes) (bytes) -------------- ---------- --------- -------- disk0: 1054900224 167372414 68157440 standby-disk0: 1054900224 153330775 68157440 Example 3 host1#dir /incoming unshared file size...
Page 330: Transferring Files
JUNOSe 11.1.x System Basics Configuration Guide Use to display the contents of a macro, script, or text file that resides in NVS on the primary SRP module, in NVS on the redundant SRP module, or on a remote server that you access using FTP. Specify the file you want to display using one of the following formats, depending on the location of the file: fileName Name of the file that resides in NVS on the primary SRP module...
Page 331: References
Chapter 5: Managing the System you can use the copy command, the remote FTP server, or the remote TFTP server to transfer files. For example, you can transfer a file from a network host to an E Series router through FTP, and then transfer the file through the copy command from the E Series router to other E Series routers.
Page 332: Using The Copy Command
JUNOSe 11.1.x System Basics Configuration Guide The two versions of the URL format are as follows: ftp://[username[:password ]@]location[/directory]/filename tftp://location[/directory]/filename NOTE: The TFTP protocol does not support username and password. Entering a username and password in the TFTP version results in a command error. The protocol specified in the command always overrides the protocol associated with the host entry, if any, in the host table.
Page 333: Table 37: File Types You Can Transfer Using The Copy Command
Chapter 5: Managing the System Table 37: File Types You Can Transfer Using the copy Command Destination User Space Source Standby (Linked Files and Network Host System Unlinked Files) Within a Firewall Module System *.cnf *.cnf *.cnf None *.hty (excluding *.hty *.dmp reboot.hty)
Page 334 JUNOSe 11.1.x System Basics Configuration Guide Table 37: File Types You Can Transfer Using the copy Command (continued) Destination User Space Source Standby (Linked Files and Network Host System Unlinked Files) Within a Firewall Module Standby SRP system.log system.log system.log None Module reboot.hty...
Page 335 Chapter 5: Managing the System You cannot use wildcards. You cannot create or copy over files generated by the system; however, you can copy such files to an unreserved filename. Examples host1#copy host1:westford.cnf boston.cnf host1#copy /incoming/releases/2-8-0a3-7.rel 2-8-0a3-7.rel host1#copy /shconfig.txt ftp://joe:passwd@173.28.32.156/ftpDir /results/shConfigJoe.txt There is no no version.
Page 336 JUNOSe 11.1.x System Basics Configuration Guide host1(config)#service password-encryption host1(config)#host test 10.2.3.4 ftp nick nick host1(config)#end host1#show config | inc host hostname "host1" host test 10.2.3.4 ftp 8 CU&l,XM(S 8 X=emZn>'S Use the no version to remove a specified host. See host. ip ftp source-address Use to specify an operational interface by IP address as the source interface for FTP packets sent by the system’s FTP client.
Page 337: Copy Command Examples
Chapter 5: Managing the System If you delete the interface or change its IP address, the output of the show configuration command appears as if you had entered the ip ftp source-address command: ip ftp source-address ipAddress ipAddress IP address of the interface when you issued the ip ftp source-interface command Example host1(config)#ip ftp source-interface loopback1...
Page 338 JUNOSe 11.1.x System Basics Configuration Guide Copy a remote file to a local file by using the URL format, use the hostname to specify Example 4 the location, specify the user name in the command, and use the default value of the password.
Page 339: Using Tftp To Transfer Files
Chapter 5: Managing the System Using TFTP to Transfer Files You can use TFTP to copy files and redirect output from the E Series router to a remote server if the remote host supports TFTP. Before transferring files by the remote TFTP server, you must use the host command to define the host and to specify TFTP as the file transfer protocol.
Page 340: Configuring Authentication
JUNOSe 11.1.x System Basics Configuration Guide mode, and opens the data channel to the server. This method of establishing the FTP connection allows both the control channel and the data channel to pass through the firewall in the allowed direction. Configuring Authentication Before you enable the FTP server, configure the authentication procedure for the vty lines, as follows:...
Page 341: Figure 23: Ftp Configuration Example
Chapter 5: Managing the System Figure 23: FTP Configuration Example In this example, two FTP lines are required for administrators on the data center subnet, and two more lines are required for users on the POP subnet. The system verifies passwords of administrators on the data center subnet through either a RADIUS server or through simple line authentication if the RADIUS server is unreachable.
Page 342: Monitoring The Ftp Server
JUNOSe 11.1.x System Basics Configuration Guide Enable the FTP server. host1(config)#ftp-server enable Monitoring the FTP Server Use the dir command to monitor files on the FTP server. Use the show ftp-server and show users commands to monitor settings of the FTP server. show ftp-server Use to display information about the FTP server.
Page 343: Copying Partial Releases
Chapter 5: Managing the System line number Number of the line to which the user is connected line name Name of the line, the service the line offers, and the relative line number user Name of the user connected from Location or IP address of the user connected since Date and time that the user connected to the line idle time Amount of time it has been since an entry was made from this line (detail only)
Page 344 Juniper Networks, Inc. Operating System Software Copyright (c) 200X Juniper Networks, Inc. All rights reserved. System Release: x-y-z.rel Partial exclude-subsystem Use to exclude any subsystems that are in a release that you do not need for the system configuration.
Page 345 Chapter 5: Managing the System Use the no version of this command with the subsystem name to remove a subsystem from the exclude list. Use the no version of this command without a subsystem name to remove all subsystems from the exclude list. See exclude-subsystem.
Page 346: Configuring The Nfs Client
JUNOSe 11.1.x System Basics Configuration Guide Configuring the NFS Client You can configure a virtual router on the E Series router as a Network File System (NFS) client to provide remote file access for E Series applications that need NFS-based transport.
Page 347: Monitoring The Nfs Client
Chapter 5: Managing the System Use to specify the E Series interface that the current virtual router will use to exchange messages with the NFS server. Specify either the source-address keyword with the IP address of the interface or the source-interface keyword with the interface type and specifier. For information about interface types and specifiers, see Interface Types and Specifiers in JUNOSe Command Reference Guide.
Page 348: Using A Loopback Interface
JUNOSe 11.1.x System Basics Configuration Guide Example host1#show ip nfs Source address is 1.1.1.1 See show ip nfs. Using a Loopback Interface The loopback interface provides a stable address for protocols (for example, BGP, Telnet, or LDP) to use so that they can avoid any impact if a physical interface goes down.
Page 349: Configuring Dns
Chapter 5: Managing the System Depending on how the remote system accepts Telnet requests, you can specify a port number or port name through which the system will connect to the remote host. In the Transmission Control Protocol (TCP), ports define the ends of logical connections that carry communications.
Page 350: References
JUNOSe 11.1.x System Basics Configuration Guide Figure 24: DNS Hierarchy Example DNS messages from a name resolver to a name server must include the domain name for the resolver’s clients. Consequently, you must specify a default domain name for the clients. The default domain name is appended to unqualified hostnames (those without domain names).
Page 351 Chapter 5: Managing the System host1:boston(config)#ip domain-name urlofinterest.com host1:boston(config)#ip name-server 10.2.0.3 host1:boston(config)#ip name-server 10.2.5.5 ip domain-lookup Use to enable the system to query the configured DNS name servers when it needs an IP-hostname-to-IP-address translation. Domain lookup is disabled by default. Example host1(config)#ip domain-lookup Use the no version to disable domain lookup.
Page 352: Using One Name Resolver For Multiple Virtual Routers
JUNOSe 11.1.x System Basics Configuration Guide Using One Name Resolver for Multiple Virtual Routers You can use one name resolver for multiple virtual routers if those virtual routers use the same name servers and belong to the same local domain. To do so, complete the following steps: Configure a name resolver for the first virtual router.
Page 353: Troubleshooting The System
You can enable the core dump from Boot mode or Global Configuration mode. CAUTION: Create a core dump file only under the direction of Juniper Networks Customer Service. Network function can be disrupted if you create a core dump file while the system is running in a network.
Page 354: Global Configuration Mode
JUNOSe 11.1.x System Basics Configuration Guide Set the IP address and mask of the system interface over which you want to send the core dump file. Specify the gateway through which the system sends the core dump file to the FTP server.
Page 355 Chapter 5: Managing the System Use the no version to disable the core dump. See exception dump. exception gateway Use to specify the gateway through which the system sends the core dump file to the FTP server. Example host1(config)#exception gateway 10.10.1.15 Use the no version to return the value to its default (null).
Page 356: Managing Core Dump Files
JUNOSe 11.1.x System Basics Configuration Guide There is no no version. See reload. show exception dump Use to display the parameters associated with the core dump operation. Field descriptions Dump host IP address Address of the host where the system is configured to transfer the dump file Dump directory Name of directory on the host where the system is configured to transfer the dump file...
Page 357: Enabling And Disabling The Core Dump Monitor
Chapter 5: Managing the System When a router uses local NVS to store a core dump, the SRP does not need the management Ethernet port. However, because of the immense size of local core dump files, using NVS to store core dumps is not practical. The SRP-120 available on the E120 router and the SRP-320 available on the E120 and E320 routers has a second NVS card which is dedicated to storing core dump files.
Page 358: Specifying The Core Dump Monitor Interval
JUNOSe 11.1.x System Basics Configuration Guide NOTE: You can use “exception protocol ftp” on page 325 command to assign a username and password to the targeted FTP server. If you choose not to define a username or password, the router uses the values of “ anonymous” and “ null,” respectively.
Page 359: Accessing The Core Dump File
Chapter 5: Managing the System Files on flash which have been transferred A list of core dump files in the router NVS that have already been transferred to the FTP host Files on flash which have not been transferred A list of core dump files in the router NVS that have not yet been transferred to the FTP host Example host1#show exception monitor...
Page 360: Capturing And Writing Core Dumps
JUNOSe 11.1.x System Basics Configuration Guide If the standby SRP boot image encounters a problem loading the diagnostics or operational image, the state of the standby SRP appears as disabled (image error). When standby SRP diagnostics encounter a test failure, the primary SRP is notified and the state is set to hardware error.
Page 361: Understanding The Core Dump File
Chapter 5: Managing the System If you do not specify a reason, Write Core is the default reason recorded in the reboot history. Example 1 Prompts for confirmation to reboot host1#write core force Example 2 Reboots the module in slot 7 and writes a core memory file host1#write core slot 7 There is no no version.
Page 362: Tracking Ip Prefix Reachability
JUNOSe 11.1.x System Basics Configuration Guide Table 38: Chassis Slot Numbers Versus Hardware Slot Numbers (continued) ERX7xx Model ERX14xx Model E320 Model Slot Number Hardware Slot Hardware Slot Hardware Slot on Chassis Number Number Number – – – – – –...
Page 363: Gathering Information For Customer Support
Gathering Information for Customer Support When you report a problem with your router, customer support personnel from the Juniper Networks Technical Assistance Center (JTAC) may request that you issue the show tech-support command. This command was created to help streamline the information-gathering process by providing a large amount of router information from one command and avoiding the need to access certain diagnostic commands.
Page 364 JUNOSe 11.1.x System Basics Configuration Guide tech-support encoded-string Use to execute an encoded command string provided by Juniper Networks customer support personnel. This command requires privilege level 15 access. Optionally, specify a slot number on the router. Optionally, specify a reliable or fast connection type; fast does not work under some conditions.
Page 365: Managing And Monitoring Resources
Chapter 5: Managing the System Managing and Monitoring Resources The resource threshold monitor (RTM) allows you to set the rising and falling thresholds and trap hold-down times for certain interfaces. You can also view the resource threshold information. Enabling and Disabling the Resource Threshold Monitor You may want to set thresholds for certain interface resources on the router.
Page 366 JUNOSe 11.1.x System Basics Configuration Guide Resource Threshold Trap Status (enabled or disabled) of the resource threshold trap type Interface type location Location of the interface (system or slot location) max capacity Maximum capacity of the interface at either the system or slot level current value Current capacity of the interface at either the system or slot level...
Page 367: Monitoring The System
Chapter 5: Managing the System Monitoring the System This section provides basic system commands that allow you to display information about the router’s state. The show configuration command, for example, allows you to display the router’s entire configuration. baseline show-delta-counts Use to configure the system to always display statistics relative to the most recent appropriate baseline.
Page 368 JUNOSe 11.1.x System Basics Configuration Guide Field descriptions chassis Number of slots, midplane identifier, and hardware revision number 14Slot 5 Gbps, 14 slot midplane midplaneId7Slot 5 Gbps, 7 slot midplane midplaneIdRx1400 10 Gbps ASIC compatible, 12 line module slots, 2 SRP module slots for ERX14xx models midplaneIdRx700 10 Gbps ASIC compatible, 5 line module slots, 2 SRP module slots for ERX7xx models...
Page 369 Chapter 5: Managing the System tertiary Type and status of the tertiary timing signal auto-upgrade Status of the auto-upgrade parameter, which enables the system to revert to a higher-priority timing source after switching to a lower-priority timing source. system operational Status of the system slot Number of the slot in which the module resides type Type of module in the slot on the E120 and E320 routers temperature Temperature of the line module, SRP module, or SFM on the...
Page 370 JUNOSe 11.1.x System Basics Configuration Guide srp redundancy: none *** slots: cards missing or offline online: 6 9 standby: 8 offline: 2 empty: 0 1 3 4 5 7 10 11 12 13 line redundancy: 1 redundancy group(s) width 6, spare 8, primary 9 temperature: ok timing: primary primary: internal SC oscillator (ok)
Page 371 Chapter 5: Managing the System *** system operational: no temperature temperature slot type (10C - 70C) status ---- ------------------ ----------- ----------- LM-4 normal GE-4 IOA normal SRP-100 normal SFM-100 normal SRP IOA normal SFM-100 normal SFM-100 normal SFM-100 normal SFM-100 normal LM-4 normal...
Page 372 JUNOSe 11.1.x System Basics Configuration Guide temperature temperature slot type (10C - 56C) status ---- -------- ----------- ----------- LM-10 normal GE-8 IOA normal LM-10 normal GE-8 IOA normal LM-10A-ADV normal SRP-120 normal SFM-120 normal SRP IOA normal SRP-120 normal SFM-120 normal SFM-120 normal...
Page 373 Chapter 5: Managing the System below -5C is too cold above 79C is too hot low temperature warning below 10C high temperature warning above 51C IOA temperature ranges below -5C is too cold above 79C is too hot low temperature warning below 10C high temperature warning above 56C See show environment.
Page 374 JUNOSe 11.1.x System Basics Configuration Guide hTftp 10.5.6.7 tftp Static Host Table ----------------- name ip address type ----- ------------------------------------- ---- george 1111:2222:3333:4444:5555:6666:7777:8888 10.10.121.42 deab 10.6.128.12 mFtp 10.10.121.11 mTftp 10.10.121.11 tftp mary 10.10.121.11 10.10.121.80 NFS Host Table -------------- name userid groupid ---- ------ -------...
Page 375 Chapter 5: Managing the System agent1 3600 ar1EthHelp 362856 templateMgr timerd 2346566 ~GONE~ 405202 184700 ~IDLE~ ~INTERRUPT~ 8840490 51050 average time second minute minute invocation utilization utilization utilization task name (usec) ------------------- ---------- ----------- ----------- ----------- aaaAtm1483Config aaaServer 5000 agent1 9022 ar1EthHelp ar1InternalNetwork...
Page 376 JUNOSe 11.1.x System Basics Configuration Guide router Name of the virtual router being viewed (if applicable); asterisk (*) if no virtual router is specified app Application to which the statistics information applies rtr Virtual router to which the statistics information applies vrf Virtual routing and forwarding instance to which the statistics information applies _unassoc_ Special virtual router output category that summarizes all...
Page 377 Chapter 5: Managing the System --------- ------- ----------- -------- _unassoc_ (40M) default (339K) 100% test (366K) 100% (327K) 100% --------- ------- ----------- -------- Total: Example 3 host1#show processes memory virtual-router vr5 application ip *** Memory usage summary (by VRF) *** application: ip router: vr5 current...
Page 378 JUNOSe 11.1.x System Basics Configuration Guide host1#show reboot-history *** Entry 1 *** time of reset: TUE APR 10 2001 20:25:59 UTC run state: unknown image type: diagnostics location: slot (7) build date: 0x3abf4337 MON MAR 26 2001 13:25:11 UTC reset type: user reboot, task "scheduler", reason "not specified" *** Entry 2 *** time of reset: TUE APR 10 2001 20:25:44 UTC...
Page 379 Chapter 5: Managing the System booting Line module is booting disabled (assessing) Router is evaluating the status of this line module disabled (admin) Line module disabled by slot disable command disabled (cfg error) Use of the line module in this slot violates the permitted configuration for the router.
Page 380 * This release reflects whichever release the router is armed with at startup. Example 1 Displays the version of an ERX7xx model host1#show version Juniper Edge Routing Switch ERX-700 Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved. System Release: erx_7-1-0.rel Partial Version: 7.1.0 [BuildId 4518] (December 21, 2005...
Page 381 2d19h:13m:08s Example 3 Displays the version of an E320 router using the all keyword host1# show version all Juniper Edge Routing Switch E320 Copyright (c) 1999-2006 Juniper Networks, Inc. All rights reserved. System Release: 7-3-0.rel Version: 7.3.0 [BuildId 5759] (July 27, 2006...
Page 382 16/1 present OC3/STM1-8 ATM IOA enabled Example 4 Displays the version of an E120 router host1# show version Juniper Edge Routing Switch E120 Copyright (c) 1999-2007 Juniper Networks, Inc. All rights reserved. System Release: 8-2-0b0-9.rel Version: 8.2.0 beta-0.9 [BuildId 7030] (April 2, 2007...
Page 383 1d08h:34m:30s Example 5 Displays the version of an E120 router using the all keyword host1# show version all Juniper Edge Routing Switch E120 Copyright (c) 1999-2007 Juniper Networks, Inc. All rights reserved. System Release: 8-2-0b0-9.rel Version: 8.2.0 beta-0.9 [BuildId 7030]...
Page 384 JUNOSe 11.1.x System Basics Configuration Guide Monitoring the System...
Page 385: Managing Modules
Chapter 6 Managing Modules This chapter describes how to manage line modules, switch route processor (SRP) modules, switch fabric modules (SFMs), I/O modules, and I/O adapters (IOAs) in E Series routers. This chapter contains the following sections: Overview on page 355 Platform Considerations on page 356 Disabling and Reenabling Line Modules, SRP Modules, and SFMs on page 360 Disabling and Reenabling IOAs on page 362...
Page 386: Platform Considerations
I/O module; however, some line modules do not require a corresponding I/O module. For example, the Service Module (SM) does not have a corresponding I/O module. By configuring the performance line rate for a line module in the Juniper Networks ERX705 , ERX710, and ERX1410 Broadband Services Routers, you can enable the line modules either to operate at full line rate performance or to allow line modules to operate at a rate dependent on the resources available.
Page 387: E120 And E320 Broadband Services Routers
Chapter 6: Managing Modules SRP modules have a corresponding SRP I/O module that contains a Fast Ethernet management port. You can configure this port to access the router from a Telnet session or SNMP. For more information, see “Managing the Ethernet Port on the SRP Module”...
Page 388: Table 39: Ioa Management Information
JUNOSe 11.1.x System Basics Configuration Guide IOA bay (E120 router) and the upper IOA bay (E320 router); adapter 1 identifies the left IOA bay (E120 router) and the lower IOA bay (E320 router). You can configure the slot by using the command-line interface (CLI), as well as the individual IOAs.
Page 389: Srp Modules And Sfms
Chapter 6: Managing Modules Table 39: IOA Management Information (continued) Left Bay (E120) Right Bay Lower (E120) Upper Bay (E320) Combined with (E320) (Adapter Both Bays Other IOAs in Hot-Swapping (Adapter 0) Concurrently Same Slot Support ES2-S1 Yes (GE-8, OC3-8 STM1 OC3/STM1, and OC12/STM4 IOAs only)
Page 390: Disabling And Reenabling Line Modules, Srp Modules, And Sfms
JUNOSe 11.1.x System Basics Configuration Guide You can configure the E120 router with a 320 Gbps fabric by installing SRP 120 modules and SFM 120 modules, or SRP 320 modules and SFM 320 modules. You can configure the E320 router with a 100 Gbps fabric by installing SRP 100 modules and SFM 100 modules.
Page 391 Chapter 6: Managing Modules with it. To disable a specific IOA on the E120 or E320 Router, issue “adapter disable” on page 362 command. Example 1 Disables the module in slot 3 host1(config)#slot disable 3 Example 2 Disables the SRP module and the SC subsystem in slot 7 (applies only to the E120 and E320 routers) host1(config)#slot disable 7 Example 3 Disables only the fabric slice on the SRP module in slot 7 (applies...
Page 392: Disabling And Reenabling Ioas
JUNOSe 11.1.x System Basics Configuration Guide There is no no version. See slot enable. Disabling and Reenabling IOAs Disabling an IOA on the E120 or E320 router has the same effect as removing that IOA from a slot. A disabled IOA cannot operate, although its configuration remains in NVS.
Page 393: Removing An Srp Module
Chapter 6: Managing Modules When you issue the adapter enable command in a redundancy configuration, the line module (primary or spare) currently associated with that IOA is rebooted. If the IOA is protected by a line module redundancy group, an automatic line module redundancy switchover or revert can be triggered by the line module reboot.
Page 394: Replacing Line Modules On Erx Routers, The E120 Router, And The E320 Router
JUNOSe 11.1.x System Basics Configuration Guide The SRP modules are in certain states, such as during a synchronization. In these cases, the router will display a message that indicates that the procedure cannot currently be performed and the reason why. However, if the SRP modules are in other states that could lead to a loss of configuration data or NVS corruption, the router displays a message that explains the state of the SRP modules and asks you to confirm (enter...
Page 395: Replacing A Line Module By Erasing The Slot Configuration
Chapter 6: Managing Modules ES2 10G LM with ES2 10G ADV LM and vice versa when paired with one of the following IOAs: ES2-S1 GE-8 IOA ES2-S2 10GE PR IOA ES2-S1 REDUND IOA ES2 4G LM with ES2 10G LM and vice versa when paired with one of the following IOAs: ES2-S1 GE-8 IOA ES2-S1 REDUND IOA...
Page 396: Replacing A Line Module Without Erasing The Slot Configuration
JUNOSe 11.1.x System Basics Configuration Guide The slot accept command erases the configuration and enables you to reconfigure the new line module. When the replacement line module has come online, reconfigure the interfaces. If you disabled redundancy in Step 2, enable redundancy for the slot when the replacement line module has come online.
Page 397 Chapter 6: Managing Modules host1(config)#slot disable 1 After the line module has booted, issue the show version command to ensure that the status of the line module is disabled (admin). host1#show version Juniper Edge Routing Switch E120 ..running slot state type admin...
Page 398: Replacing Ioas On The E120 Router And The E320 Router
JUNOSe 11.1.x System Basics Configuration Guide host1(config)#no redundancy lockout 1 (Optional) If the following settings were configured before replacing the module, reconfigure the settings: a. Configure the Ethernet physical interface configuration using an SNMP set request for entPhysicalAssetID and entPhysicalAlias. b.
Page 399 Replace a 5-Gbps SRP module with a 10-Gbps SRP module or vice versa. Transfer an SRP module from an ERX7xx router to a Juniper Networks ERX1410 router or vice versa. You cannot use the slot accept command to force the router to accept the new SRP module.
Page 400 JUNOSe 11.1.x System Basics Configuration Guide Example Accepting the IOA in the upper bay of slot 5 in an E320 router host1(config)#adapter accept 5/0 There is no no version. See adapter accept. adapter erase Use to delete the configuration of the specified IOA in the specified IOA bay before you install a different type of IOA.
Page 401 Chapter 6: Managing Modules If you specify a slot that contains a line module, you erase the configuration of the line module and the I/O modules or IOAs associated with it. To erase the configuration of a specific IOA on the E120 or E320 router, use “adapter accept” on page 369 command.
Page 402: Software Compatibility
JUNOSe 11.1.x System Basics Configuration Guide If you specify a slot that contains a line module, you erase the configuration of the line module and the I/O modules or IOAs associated with it. To erase the configuration of a specific IOA on the E120 or E320 router, use “adapter erase” on page 370 command.
Page 403: Configuring Performance Rate Of Line Modules On Erx7Xx Models And The Erx1410 Router
ERX1440 router. Line modules in an ERX1440 or an ERX310 router always operate at line rate performance. However, you can configure ERX7xx models and the Juniper Networks ERX1410 Broadband Services Router to enable the line modules either to operate at full line rate performance or to allow line modules to operate at a rate dependent on the resources available.
Page 404: Srp Modules Bandwidth
JUNOSe 11.1.x System Basics Configuration Guide SRP Modules Bandwidth Different SRP modules offer different bandwidths: The SRP-10G module provides 2.5 Gbps bandwidth per slot group. The SRP-5G+ module (ERX705 router only) provides: 2.5 Gbps bandwidth per slot group 5 Gbps bandwidth per router Line Modules Bandwidth and Switch Usage The SRP-5G+ and SRP-10G modules comprise two switches;...
Page 405: Allowed Combinations For Line Rate Performance
Chapter 6: Managing Modules Allowed Combinations for Line Rate Performance The SRP-5G+ and SRP-10G modules support all the line modules listed in Table 40 on page 374. Only certain combinations of line modules allow line rate performance (see Table 41 on page 375 through Table 43 on page 376). However, if performance lower than line rate is acceptable, you can use any combination of line modules in a slot group.
Page 406: Specifying The Type Of Performance
JUNOSe 11.1.x System Basics Configuration Guide Table 42: Combinations of Line Modules for Line Rate Performance SRP-10G Module in an ERX1410 Router Examples of Allowed Examples of Forbidden Possible Combinations of Line Modules Combinations Combinations One supported line module and two One COCX-F3 line Three OCx/STMx empty slots in any slot group...
Page 407: Monitoring Bandwidth Oversubscription
Chapter 6: Managing Modules Reboot the router. bandwidth oversubscription Use to enable bandwidth oversubscription for an ERX7xx model or ERX1410 router. Reboot the router after you have issued this command to change the bandwidth oversubscription status. By default, bandwidth oversubscription is enabled. Example host1(config)#bandwidth oversubscription Use the no version to disable bandwidth oversubscription.
Page 408: Troubleshooting Bandwidth Oversubscription
JUNOSe 11.1.x System Basics Configuration Guide Bandwidth oversubscription is currently not in effect. Bandwidth oversubscription will be in effect the next time the system reboots. See show bandwidth oversubscription. Troubleshooting Bandwidth Oversubscription If you enter a forbidden combination of line modules or exceed the slot group bandwidth when you have not configured bandwidth oversubscription, you will see an error message.
Page 409: Flash Features On The E120 Router And The E320 Router
Chapter 6: Managing Modules with unused sectors. If the utility cannot correct a corrupt sector, it marks the sectors so that they cannot be reused. Errors in the boot block, FAT, or root directory are fatal and cannot be corrected by the scan utility. In a router that contains two SRP modules, if the scanning utility detects corrupt sectors in flash on the primary SRP module during rebooting, the primary SRP module reboots again.
Page 410: Installing And Removing Flash Cards
JUNOSe 11.1.x System Basics Configuration Guide disk1:lm4_14.dmp 344200394 344200394 02/14/2005 14:14:14 standby-disk1:lm4_15.dmp 344200394 344200394 02/15/2005 15:15:15 disk0:boston.scr 02/22/2005 17:46:18 disk0:bulkstats.scr 02/13/2006 17:34:30 ram:bulkstats1.sts 03/07/2006 09:07:52 Disk capacity ------------- Capacity Free Reserved Device (bytes) (bytes) (bytes) ------ ---------- --------- -------- disk0: 1025482752 342066375 68157440...
Page 411: Synchronizing Flash Cards
Chapter 6: Managing Modules CAUTION: When you eject a mounted disk 0 while the router is in an operational state, the SRP module initiates a reload. When you eject a mounted disk 1, data on the disk can be corrupted, but the router does not reboot. mount Use to mount the disk.
Page 412 JUNOSe 11.1.x System Basics Configuration Guide Depending on the outcome of the space verification, the router proceeds as follows: If the card has enough space, the router copies new or changed files from the primary flash card to the redundant flash card without deleting any files on the redundant flash card.
Page 413: Synchronizing Flash Cards Of Different Capacities
Chapter 6: Managing Modules Synchronizing Flash Cards of Different Capacities If the capacity of the primary flash card is equal to or smaller than that of the redundant flash card, the router copies all the files from the primary flash card to the redundant flash card.
Page 414: Validating And Recovering Redundant Srp File Integrity
JUNOSe 11.1.x System Basics Configuration Guide Validating and Recovering Redundant SRP File Integrity NOTE: The information in this section does not apply to the ERX310 router, which does not support SRP module redundancy. Even when flash cards on the primary and redundant SRP modules are synchronized, differences can exist in the content of files that reside on the primary flash card and the redundant flash card.
Page 415 Chapter 6: Managing Modules Validate all files in NVS (when you use the all keyword) or only configuration files in NVS (when you use the configuration keyword). Synchronize all files that failed the checksum test during the flash-disk compare command, as well as any other unsynchronized files. host1#synchronize low-level-check all host1#synchronize low-level-check configuration This action resolves any file discrepancies between the primary and...
Page 416 JUNOSe 11.1.x System Basics Configuration Guide host1#flash-disk compare all WARNING: This command may take several minutes to complete. Proceed? [confirm] WARNING: No changes should be made to the system while this command is in progress. Please wait............All file checksums matched. Number of Files = 866 Number of Bytes = 61660650 Example 2 Shows output when one or more configuration files failed the...
Page 417: Reformatting The Primary Flash Card
Chapter 6: Managing Modules The redundant SRP module is offline. The armed releases are different on the primary SRP and redundant SRP. Examples host1#synchronize host1#synchronize low-level-check all host1#synchronize low-level-check configuration There is no no version. See synchronize. Reformatting the Primary Flash Card You can reformat the primary flash card.
Page 418: Copying The Image On The Primary Srp Module
JUNOSe 11.1.x System Basics Configuration Guide host1#no mount disk1 % Device is dismounted host1#flash-disk initialize disk1 WARNING: Execution of this command will cause the contents of disk1 to be erased. Proceed with Flash disk initialization? [confirm] Please wait......There is no no version. See flash-disk initialize.
Page 419: Scanning Flash Cards
Chapter 6: Managing Modules WARNING: Execution of this command will cause the system to reboot. Proceed with reload? [confirm] Reload operation commencing, please wait... [ Press mb] :boot##flash-disk duplicate There is no no version. See flash-disk duplicate. Scanning Flash Cards You can find both structural errors in the data in NVS and physical errors in the flash card.
Page 420 JUNOSe 11.1.x System Basics Configuration Guide Use to find and repair files with physical errors in NVS. These errors are created if the router is not powered down or reset correctly. If the router contains primary and redundant modules, only NVS on the primary SRP module is scanned.
Page 421: Monitoring Flash Cards
Chapter 6: Managing Modules Root Directory OK Checking File Space Please Wait... Checking Free Space Please Wait... PCMCIA Card Scan successful! There is no no version. See flash-disk scan. Monitoring Flash Cards Use the show nvs command to monitor the status of NVS on the primary SRP module. Use the show flash command to view information about the flash card.
Page 422: Updating The Router With Junose Hotfix Files
JUNOSe 11.1.x System Basics Configuration Guide Use to monitor NVS status. Field descriptions total nvs file sizes Sum of sizes of all files in NVS, in bytes total nvs file errors Number of read and write errors in all files in NVS nvs flash in use NVS used, in bytes available nvs flash NVS available, in bytes Example...
Page 423: Hotfix Compatibility And Dependency
Chapter 6: Managing Modules Activated immediately on an active router but not armed as a startup hotfix. In this case, the hotfix is activated only until the SRP module reloads. If the SRP module reloads, then you must manually activate the hotfix again (if desired) with the hotfix activate command.
Page 424: Removing Hotfixes
JUNOSe 11.1.x System Basics Configuration Guide displays a warning message if the line modules must be reloaded. If the warning is confirmed, the SRP module reloads each line module. The flag applies to all line modules targeted by the hotfix that are installed in the router. Hotfixes remain armed only for compatible releases.
Page 425 Chapter 6: Managing Modules that are installed in the router. When existing line modules come online during startup and when new line modules are inserted in the chassis, image fixes for that particular line module are requested and activated during module startup. Line module image hotfixes that have been armed as startup hotfixes are activated before application configuration occurs on the line module.
Page 426 JUNOSe 11.1.x System Basics Configuration Guide host1(config)#boot hotfix hf63037.hfx Use the no version to disarm a specified hotfix. You can disarm all hotfixes armed for all releases by specifying the all-releases keyword. If any startup hotfixes are armed, the CLI then prompts you to confirm the deletion, If the hotfix being disarmed is a dependency for another armed hotfix, the command fails and the CLI displays an error message similar to the following: The hotfix, 990, has the following armed dependents which must be disarmed...
Page 427: Monitoring Hotfixes
Chapter 6: Managing Modules % Activation failed Startup hotfixes cannot be manually activated. If you attempt to manually activate a startup hotfix, the operation fails and generates the following error message: % Manual activation not allowed Example host1#hotfix activate hf63037.hfx Use the no version to manually deactivate the specified hotfix.
Page 428 (January 28, 2005 14:55) Active hotfixes: hf63036.hfx (Id: 23453036) hf63037.hfx (Id: 34563037) ! Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved. ! Commands displayed are limited to those available at privilege level 15 boot config running-configuration boot system 6-0-1p0-5.rel boot hotfix hf63036.hfx...
Page 429 Chapter 6: Managing Modules name Filename of the hotfix id Number uniquely identifying the hotfix; nonconfigurable so that you can identify the hotfix if the filename has been changed active Status of hotfix activation; X indicates that the hotfix is active armed Status of hotfix arming;...
Page 430: Example: Using And Monitoring Hotfixes
JUNOSe 11.1.x System Basics Configuration Guide clock.hfx Modify the behavior of show clock. showHotfix.hfx Changes the output of show hotfix. incompatible.hfx Changes the output of show hotfix. hfActivate.hfx Change log message severity for hotfix activate. Example 3 The detail keyword for a particular hotfix displays the most detailed information.
Page 431 Chapter 6: Managing Modules hf63035.hfx 12343035 hf63036.hfx 23453036 hf63037.hfx 34563037 23453036 name synopsis ----------- -------------------------------------------- hf63035.hfx Fix for CQ63035, bgp crash, out of resources hf63036.hfx Fixed show version formatting issue hf63037.hfx Increased max session limit on ERX310 to 32,000 host1(config)# boot hotfix hf63037.hfx % The hotfix, 34563037, requires the following hotfix(es) to be armed: 23453036 The hf63036.hfx hotfix must be armed as a startup hotfix:...
Page 432: Managing The Ethernet Port On The Srp Module
JUNOSe 11.1.x System Basics Configuration Guide first: 34563037 % De-activation failed. The command fails because hf63037.hfx is dependent on hf63036.hfx. Interdependent hotfixes must be deactivated and disarmed in the reverse order that they were activated. When 6-0-1p0-5.rel is re-armed and the router reloaded, the hotfix loader determines that the startup hotfixes, hf63036.hfx and hf63037.hfx, are incompatible with the release.
Page 433: Monitoring Statistics
SRP module and it is installed in the higher slot, as shown in the following example: host1#show version Juniper Edge Routing Switch ERX-700 Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved. System Release: erx_7-1-0.rel Partial Version: 7.1.0 [BuildId 4518]...
Page 434: Enabling Warm Restart Diagnostics On Modules
! Juniper Edge Routing Switch ERX-700 ! Version: 6.0.0 beta-1.8 [BuildId 2538] (September 7, 2004 12:46) ! Copyright (c) 1999-2004 Juniper Networks, Inc. All rights reserved. ! Commands displayed are limited to those available at privilege level 10 boot config running-configuration boot system erx_6-0-0b1-8.rel...
Page 435: Enabling Warm Restart Diagnostics
Chapter 6: Managing Modules Table 44: Supported Line Modules Line Module cOCx FO CT3/T3-F0 OCx/STMx ATM GE/FE GE-2 GE-HDE OC3/STM1 GE/FE OC48 ES2 4G LM ES2 10G Uplink LM The number of diagnostic tests that the system performs on line modules depends on whether you have configured line module redundancy.
Page 436: Enabling Diagnostics
JUNOSe 11.1.x System Basics Configuration Guide Use the srp keyword to perform diagnostic tests on the SC subsystem that resides on a specified SRP module. Use the fabric keyword to run diagnostic tests on the fabric slice that resides on the specified SRP module. Example 1 Enables warm restart diagnostics on a line module host1#diag 3 force Example 2 Enables warm restart diagnostics on the fabric subsystem of an...
Page 437 Chapter 6: Managing Modules Issue the show environment command to check which line modules are configured to ignore diagnostics test failure. host1#show environment chassis: 14 slot (id 0x5, rev. 0x1) fabric: 40 Gbps (rev. 0) fans: fanSubsystemOk nvs: ok (488MB flash disk, 43% full), matches running config power: A ok, B not present srp redundancy: mode is high-availability, state initializing auto-sync enabled, switch-on-error enabled...
Page 438: Monitoring Modules
JUNOSe 11.1.x System Basics Configuration Guide From the boot prompt, issue the option ignore-srp-diagnostic-results command. :boot##option ignore-srp-diagnostic-results Verify that the setting is correct: :boot##show options no option auto-boot-disable option countdown no option debug-startup no option halt-on-failure no option bypass-diagnostics no option stay-in-diagnostics option ignore-srp-diagnostic-results no option instruction-cache-disable no option watchdog-disable...
Page 439 Chapter 6: Managing Modules number of MAC addresses Total number of Ethernet addresses on an I/O module or an IOA base MAC address Lowest Ethernet address on an I/O module or an IOA Tray Number of the fan tray in the E120 and E320 routers; 0 indicates the primary fan Major/Minor rev Revision number of the module on the E120 and E320 routers...
Page 440 JUNOSe 11.1.x System Basics Configuration Guide Modules ------- serial assembly assembly Major/Min slot type number number rev. (MB) ---- ------- ---------- ---------- -------- ---- --------- LM-4 4303470363 4500006301 1.101 SRP-100 4304218323 4500006601 1024 1.103 SFM-100 4304218323 4500006601 1.103 SFM-100 4304206756 4500006701 1.104 SFM-100...
Page 441 Chapter 6: Managing Modules 0090.1a00.17ec 1.111 0090.1a00.17ae 1.102 11/0 11/1 12/0 12/1 13/0 13/1 14/0 14/1 15/0 15/1 16/0 16/1 Fan(s) ------ serial assembly assembly Major/Minor Tray type number number rev. ---- ----------- ---------- ---------- -------- ----------- Primary FAN 4303370009 4400007000 1.101 Example 3 Displays the status of hardware on the E120 router...
Page 442 JUNOSe 11.1.x System Basics Configuration Guide Adapters -------- number serial assembly assembly slot type number number rev. addresses ---- -------- ---------- ---------- -------- --------- GE-8 IOA 4306472048 4500009102 GE-8 IOA 4306362247 4500009102 SRP IOA 4306483232 4501006502 base Major/Minor slot MAC address ---- -------------- -----------...
Page 443 Chapter 6: Managing Modules slot Slot in which the module resides type Type of module heap (%) Percentage of the RAM that is currently in use by software running on the module cpu (%) Percentage of the module CPU capacity currently used; this field appears only when the detail keyword is omitted bw exceed Status of bandwidth oversubscription for this slot;...
Page 444 JUNOSe 11.1.x System Basics Configuration Guide *** indicates that a module installed in the slot is running an incompatible version of JUNOSe software. Example 1 Displays basic information about the resources consumed on the router host1#show utilization Please wait..System Resource Utilization --------------------------- heap slot...
Page 445 Chapter 6: Managing Modules CT3-12 Note: '---' indicates empty slots. '???' indicates data not available. '***' indicates board running incompatible version of software. Example 3 Displays detailed information about the average CPU utilization percentage calculated over 5-second, 1-minute, and 5-minute intervals for each module installed in an E320 router.
Page 446 JUNOSe 11.1.x System Basics Configuration Guide Monitoring Modules...
Page 447: Passwords And Security
Chapter 7 Passwords and Security Passwords and security are of utmost importance for the security of your router. This chapter provides the information you need to configure your E Series router to be secure for all levels of users. This chapter contains the following sections: Overview on page 417 Platform Considerations on page 417 Setting Basic Password Parameters on page 418...
Page 448: Setting Basic Password Parameters
JUNOSe 11.1.x System Basics Configuration Guide Setting Basic Password Parameters This section shows how to set up basic passwords and secrets on your router. You cannot create your own encrypted passwords and secrets. You must use encrypted passwords and secrets that the router generates. NOTE: See “Setting and Erasing Passwords”...
Page 449: Creating Secrets
Chapter 7: Passwords and Security Creating Secrets This example generates a secret for the password rocket, and creates a secret for privilege level 15. Enable and configure the secret. The 0 keyword specifies that you are entering an unencrypted secret. host1(config)#enable secret level 15 0 rocket Display the secret.
Page 450 JUNOSe 11.1.x System Basics Configuration Guide Use to set a password, which controls access to Privileged Exec mode and some configuration modes. Enter the password in plain text (unencrypted) or cipher text (encrypted). In either case, the system stores the password as encrypted. The first time you define a password, you must enter it in plain text.
Page 451: Setting And Erasing Passwords
Privileged Exec show commands plus commands at levels 0 and 1 All commands except support commands Support commands that Juniper Networks Technical Support may provide and all other commands To maximize security and usability, set different passwords for levels 1, 5, 10, and 15.
Page 452: Accessing Privilege Levels
JUNOSe 11.1.x System Basics Configuration Guide Accessing Privilege Levels If users have access to the console, they automatically have access to privilege level 0. To access higher levels of privilege, they must enter the enable privilege-level command. When users specify a privilege level, the system determines whether there is a password at that level.
Page 453: Figure 25: Location Of The Software Reset Button
Chapter 7: Passwords and Security Figure 25: Location of the Software Reset Button NOTE: If you do not press the software reset button within the time limit, the system will not erase the password, and you will need to repeat the process. erase secrets Use to delete all CLI passwords and secrets.
Page 454: Setting A Console Password
JUNOSe 11.1.x System Basics Configuration Guide Use to allow you to delete all passwords and secrets from the console without being physically present at the router. When executed, this command changes the behavior of the erase secrets command, which will not take any parameters and will not be available through a vty session.
Page 455: Erasing The Console Password
Chapter 7: Passwords and Security Use to enable password checking at login. The default setting is to enable a password. Example host1(config)#line vty 1 4 host1(config-line)#login Use the no version to disable password checking and allow access without a password. See login.
Page 456: Monitoring Passwords
JUNOSe 11.1.x System Basics Configuration Guide Reboot the router by pressing the recessed software reset button on the primary SRP module (Figure 25 on page 423) and then pressing the mb key sequence during the countdown. Disable authentication at the console level. :boot##disable console authentication If you remember the password at this point, you can override this action by entering:...
Page 457: Vty Line Authentication And Authorization
Chapter 7: Passwords and Security 7 (password) zRFj_6>^]1OkZR@e!|S$ inherited 7 (password) zRFj_6>^]1OkZR@e!|S$ inherited See show secrets. Vty Line Authentication and Authorization The router supports 30 virtual tty (vty) lines for Telnet, Secure Shell Server (SSH) and FTP services. Each Telnet, SSH, or FTP session requires one vty line. You can add security to your router by configuring the software to validate login requests.
Page 458 JUNOSe 11.1.x System Basics Configuration Guide Use to specify the vty lines on which you want to enable the password. You can set a single line or a range of lines. The range is 0–29. Example host1(config)#line vty 8 13 Use the no version to remove a vty line or a range of lines from your configuration;...
Page 459 Chapter 7: Passwords and Security Example 2 (secret) host1(config-line)#password 5 bcA";+1aeJD8)/[1ZDP6 Example 3 (encrypted password) host1(config-line)#password 7 dq]XG`,%N"SS7d}o)_?Y Use the no version to remove the password. By default, no password is specified. See password. show line vty Use to display the configuration of a vty line. Field descriptions access-class Access-class associated with the vty line data-character-bits Number of bits per character...
Page 460: Configuring Aaa Authentication And Aaa Authorization
JUNOSe 11.1.x System Basics Configuration Guide Configuring AAA Authentication and AAA Authorization Before you configure AAA authentication and AAA authorization, you need to configure a RADIUS and/or TACACS+ authentication server. Note that several of the steps in the configuration procedure are optional. To configure AAA new model authentication and authorization for inbound sessions to vty lines on your router: Specify AAA new model authentication.
Page 461 Chapter 7: Passwords and Security Use to allow privilege determination to be authenticated through the TACACS+ or RADIUS server. This command specifies a list of authentication methods that are used to determine whether a user is granted access to the privilege command level.
Page 462 JUNOSe 11.1.x System Basics Configuration Guide Use the no version to remove the authentication list from your configuration. See aaa authentication login. aaa authorization Use to set the parameters that restrict access to a network. Use the keyword exec to determine if the user is allowed to run Exec mode commands.
Page 463 Chapter 7: Passwords and Security aaa new-model Use to specify AAA new model as the authentication method for the vty lines on your router. If you specify AAA new model and you do not create an authentication list, users will not be able to access the router through a vty line. Example host1(config)#aaa new-model Use the no version to restore simple authentication.
Page 464: Virtual Terminal Access Lists
JUNOSe 11.1.x System Basics Configuration Guide login authentication Use to apply an authentication list to the vty lines you specified on your router. Example host1(config-line)#login authentication my_auth_list Use the no version to specify that the system should use the default authentication list.
Page 465: Secure System Administration With Ssh
Chapter 7: Passwords and Security When the router attempts to authenticate a user, it always selects the first vty line that has an access class that permits that user’s host. The vty line’s configuration must authenticate the user to allow access. Otherwise, the user can never gain access. Consequently, we recommend that you use identical authentication configurations for all vtys that have the same access class list.
Page 466: Transport
JUNOSe 11.1.x System Basics Configuration Guide NOTE: Versions earlier than 2.0.12 of the SSH protocol client are not supported. The SSH server embedded within the router recognizes SSH clients that report an SSH protocol version of 1.99, with the expectation that such clients are compatible with SSH protocol version 2.0.
Page 467: User Authentication
Chapter 7: Passwords and Security When the client authenticates the server’s host key, it begins the transport key exchange process by sending the key data required by the negotiated set of algorithms. The server responds by sending its own key data set. If both sides agree that the keys are consistent and authentic, the keys are applied so that all subsequent messages between client and server are encrypted, authenticated, and compressed according to the negotiated algorithms.
Page 468: Performance
JUNOSe 11.1.x System Basics Configuration Guide The public half of the host key is sent from the server to the client as part of the transport layer negotiation. The client attempts to find a match for this key with one stored locally and assigned to the server.
Page 469: Before You Configure Ssh
Chapter 7: Passwords and Security controller. A flood of packets from a packet generator does not cause problems regardless of whether SSH is enabled. Before You Configure SSH You must obtain and install a commercial SSH client on the host from which you want to administer the system.
Page 470: Configuring User Authentication
JUNOSe 11.1.x System Basics Configuration Guide client documentation for details on configuring encryption on your client. The system supports the following SSH algorithms for encryption: 3des-cbc A triple DES block cipher with 8-byte blocks and 24 bytes of key data. The first 8 bytes of the key data are used for the first encryption, the next 8 bytes for the decryption, and the following 8 bytes for the final encryption.
Page 471 Chapter 7: Passwords and Security successfully authenticated. The timeout limits are independent of any limits configured for virtual terminals (vtys). The following limits are supported: User authentication protocol SSH user authentication protocol enabled on the router. SSH timeout Maximum time allowed for a user to be authenticated, starting from the receipt of the first SSH protocol packet.
Page 472: Configuring Message Authentication
JUNOSe 11.1.x System Basics Configuration Guide ip ssh sleep Use to set a sleep period in seconds for users that have exceeded the authentication retry limit. Connection attempts from the user at the same host are denied until this period expires. Specify any nonnegative integer.
Page 473: Enabling And Disabling Ssh
Chapter 7: Passwords and Security Use to add a message authentication algorithm to the specified support list for the SSH server. Example 1 This example adds the hmac-md5 algorithm to the list of supported outbound algorithms. host1(config)#ip ssh mac server-to-client hmac-md5 If you to not specify a direction (client-to-server or server-to-client), the command applies the algorithm to both inbound and outbound lists.
Page 474: Displaying Ssh Status
JUNOSe 11.1.x System Basics Configuration Guide Example host1(config)#crypto key zeroize dss There is no no version. See crypto key dss. Displaying SSH Status You can monitor the current state of the SSH server with the show ip ssh command. show ip ssh Use to display the current state of the SSH server.
Page 475: Terminating An Ssh Session
Chapter 7: Passwords and Security ciphers inbound/outbound Encryption algorithms used by the client and the system for this session MAC inbound/outbound Message authentication code algorithms used by the client and the system for this session Example host1#show ip ssh detail SSH Server version: SSH-2.0-2.0.12 SSH Server status: enabled, up since THU JUL 24 2008 16:01:17 UTC supported encryption, inbound: 3des-cbc,blowfish-cbc,twofish-cbc...
Page 476: Restricting User Access
Level 0 commands and all other commands available in User Exec mode Level 1 commands and all Privileged show commands All commands except support and privilege change commands Commands that Juniper Networks Technical Support may provide and all other commands Restricting Access to Commands with RADIUS You can use RADIUS authentication to specify a level of commands that a user is allowed.
Page 477: Per-User Enable Authentication
The decision to deny or approve the user’s request is based on the list the system received through RADIUS. See Table 47 on page 447. Table 47: Juniper Networks–Specific CLI Access VSA Descriptions Subtype Description...
Page 478: Vsa Configuration Examples
VSA Alt-CLI-Virtual-Router-Name specifies which VRs other than the VR specified by the VSA virtual-router are accessible to restricted users. See Table 48 on page 448. Table 48: Juniper Networks–Specific Virtual Router Access VSA Descriptions Subtype Description...
Page 479: Commands Available To Users
Chapter 7: Passwords and Security Allow-All-VR-Access 1 In this example, you want the user to have access to all VRs and to log in to the VR Example 2 Boston. Set the VSAs as follows: Allow-All-VR-Access 1 Virtual-Router Boston In this example, you want the user to have access only to the VR Boston. Set the Example 3 VSAs as follows: Allow-All-VR-Access 0...
Page 480: Denial Of Service (Dos) Protection
JUNOSe 11.1.x System Basics Configuration Guide Cannot access Global Configuration mode and cannot configure VRs to which they have access. Cannot see or use any commands associated with the file system, boot settings, or system configuration. The following table lists some, but not all, commands accessed from Exec mode that are available only to users with no VR restriction: clear line reload...
Page 481: Suspicious Control Flow Detection
Chapter 7: Passwords and Security Figure 26: Typical Control Packet Processing Suspicious Control Flow Detection To reduce the chance of a successful denial of service (DoS) attack and to provide diagnostic abilities while undergoing an attack, the system can detect suspicious control flows and keep state on those flows.
Page 482: Suspicious Control Flow Monitoring
JUNOSe 11.1.x System Basics Configuration Guide a packet is marked as suspicious, it is dropped based on drop probability before being delivered to the control processor. When a distributed DoS attack occurs on a line module, suspicious flow control resources can be exhausted. To provide further counter measures, you can enable the group feature, where flows are grouped together and treated as a whole.
Page 483: Configurable Options
Chapter 7: Passwords and Security DoS attacks. Group membership is based on physical port and control protocol; all flows in that group are considered suspicious. Configurable Options You can configure the following options for suspicious flow detection: Global on or off. When the option is set to off, flows or packets are not marked as suspicious.
Page 484: Suspicious Control Flow Commands
JUNOSe 11.1.x System Basics Configuration Guide A control flow transitions into a suspicious state; another trap and log message is generated on removal from a suspicious state. A protocol transitions to or from the suspicious state. A priority transitions to or from the suspicious state. The suspicious flow control system is overflowing or grouping flows on a line module.
Page 485 Chapter 7: Passwords and Security suspicious-control-flow-detection off Use to turn off the suspicious control flow detection. Example host1(config)#suspicious-control-flow-detection off Use the no version to turn on suspicious control flow detection, which is the default. See suspicious-control-flow-detection off. suspicious-control-flow-detection protocol backoff-time Use to set the backoff time in seconds for a specific protocol that triggers the suspicious flow to return to a nonsuspicious state.
Page 486: Monitoring Suspicious Control Flow
JUNOSe 11.1.x System Basics Configuration Guide Use the no version to restore the defaults for the protocol. See suspicious-control-flow-detection protocol threshold. Monitoring Suspicious Control Flow Use the commands described in this section to monitor suspicious control flows. show suspicious-control-flow-detection counts Use to display statistics for suspicious control flow detection.
Page 487 Chapter 7: Passwords and Security Interface Interface for the flow Protocol Control protocol of the flow MAC address Source MAC address of the flow InSlot For certain flows detected on egress, the possible ingress slot of the flow Rate (pps) Rate of the flow Peak Rate (pps) Peak rate of the flow Time Since Create Time since the flow was determined to be suspicious, in hh:mm:sec format...
Page 488 JUNOSe 11.1.x System Basics Configuration Guide State: OK Protocol is currently not receiving an excess amount of traffic Suspicious Protocol detected as receiving an excess amount of traffic within the last backoff time in number of seconds. Transitions Number of times this protocol or priority has transitioned to the suspicious state Example host1(config)#show suspicious-control-flow-detection info slot 2...
Page 489 Chapter 7: Passwords and Security IP Local Dhcp (IC) IP Local Icmp Echo IP Local Icmp Other IP Local LDP IP Local BGP IP Local OSPF IP Local RSVP IP Local PIM IP Local COPS IP Local L2tp Control (SC) IP Local L2tp Control (IC) IP Local Other IP Local Subscriber Interface Miss...
Page 490 JUNOSe 11.1.x System Basics Configuration Guide Ppp Echo Request Ppp Echo Reply Ppp Echo Reply Fastpath Ppp Control Atm Control (ILMI) Atm OAM Atm Dynamic Interface Column Creation Atm Inverse ARP Frame Relay LMI Control Frame Relay Inverse Arp Pppoe Control Pppoe Config Dynamic Interface Column Creation Ethernet ARP Miss...
Page 491: Denial-Of-Service Protection Groups
Chapter 7: Passwords and Security IP Local PIM Assert IP Local BFD 1024 IP IKE IP Reassembly 2048 1024 IP Local Icmp Frag IP Local Frag IP Application Classifier HTTP Redirect See show suspicious-control-flow-detection protocol. Denial-of-Service Protection Groups A DoS protection group provides a simple policy that can be applied to interfaces. This policy can specify a complete set of parameters to tune the behavior of the DoS protection groups.
Page 492: Attaching Groups
JUNOSe 11.1.x System Basics Configuration Guide Protocol drop probability for suspicious packets enables you to map a protocol to a specific drop probability. The drop probability is the percentage probability that a suspicious packet is dropped. Protocol skip priority rate limiter enables you to configure the system so that the specified protocol is not subject to the priority rate limiter for the priority and DoS protection group selected.
Page 493 Chapter 7: Passwords and Security Table 49: Layer 2-Related Protocols (continued) CLI Name Description of Flow atmInverseArp ATM inverse ARP packets dhcpExternal DHCP external packets ethernetArpMiss Ethernet/Bridged Ethernet request to send ARP ethernetArp Ethernet/Bridged Ethernet reception of ARP packet ethernetLacp Ethernet LACP packet ethernetDynamicIf Ethernet/Bridged Ethernet dynamic VLAN interface creation...
Page 494: Table 50: Ip-Related Protocols
JUNOSe 11.1.x System Basics Configuration Guide Table 49: Layer 2-Related Protocols (continued) CLI Name Description of Flow pppoePppConfig PPPoE handling of PPP LCP packets for dynamic interface creation slepSlarp Serial Line Interface SLARP packets Table 50: IP-Related Protocols CLI Name Description of Flow ipAppClassifierHttpRedirect IP Application Classifier (HTTP redirect) packets...
Page 495: Dos Protection Group Configuration Example
Chapter 7: Passwords and Security Table 50: IP-Related Protocols (continued) CLI Name Description of Flow ipMld IP Multicast listener packet ipMulticastBroadcastOther Ip Multicast/Broadcast not otherwise classified ipMulticastCacheMiss IP Multicast route table misses ipMulticastCacheMissAutoRp IP Multicast route table Auto-RP misses ipMulticastControlIc IP IGMP packets for the IC ipMulticastControlSc IP Multicast control packet not otherwise classified...
Page 496: Dos Protection Group Commands
JUNOSe 11.1.x System Basics Configuration Guide To display the configuration: host1#show dos-protection-group default default (canned-group: defaultCanned) *modified -- no references Protocol Dest Mod Rate Burst Weight DropProb Priority Skip -------------------- ---- --- ----- ----- ------ -------- --------- ---- Ppp Echo Request 2048 1024 100 HI green...
Page 497 Chapter 7: Passwords and Security Use to create a DoS protection group and enter DoS Protection Group Configuration mode. A group named default always exists. Example host1(coonfig)#dos-protection-group default Use the no version to remove the DoS protection group. See dos-protection-group. ethernet dos-protection-group Use to attach an Ethernet DoS protection group to an interface.
Page 498 JUNOSe 11.1.x System Basics Configuration Guide Example 2 host1(config)#dos-protection-group default host1(config-dos-protection)#protocol AtmOam rate 512 host1(config-dos-protection)#protocol PppoeControl rate 512 host1(config-dos-protection)#protocol IpLocalOther rate 512 Use the no version to remove the attachment of the DoS protection group from the interface. See ip dos-protection-group. ipv6 dos-protection-group Use to attach an IPv6 DoS protection group to an interface.
Page 499 Chapter 7: Passwords and Security Use the no version to remove the attachment of the DoS protection group from the interface. See pppoe dos-protection-group. priority burst Use to set the burst size in packets for the priority. Example host1(config-dos-protection)#priority Hi-Green-IC burst 32 Use the no version to return to the default value.
Page 500 JUNOSe 11.1.x System Basics Configuration Guide protocol drop-probability Use to map a protocol to a specific drop probability, which is the percentage probability of an exceeded packet being dropped. Example host1(config-dos-protection)#protocol IpLocalDhcpIc drop-probability 100 Use the no version to set the drop probability to the value specified in the associated default group.
Page 501 Chapter 7: Passwords and Security Example host1(config-dos-protection)#protocol IpLocalDhcpIc skip-priority-rate-limiter Use the no version to set the value to the default, which is not to use skip-priority-rate-limiter. See protocol skip-priority-rate-limiter. protocol weight Use to set the weight for the protocol. For each port compression, weight determines the effective minimum rate that each protocol receives.
Page 502: Monitoring Dos Protection Groups
JUNOSe 11.1.x System Basics Configuration Guide Monitoring DoS Protection Groups Use the commands described in this section to monitor DoS protection groups. show dos-protection-group Use to display DoS protection groups. If you do not specify a group, displays the names of the currently configured DoS protection groups.
Page 503: Writing Cli Macros
Chapter 8 Writing CLI Macros An E Series router has an embedded macro language that enables you to define and run macros that can generate and execute CLI commands. Macro files identified by the .mac extension can be used to store more than one macro. Depending on your needs, you might want to store all of your macros in one file, group macros by function, or store only one macro per file.
Page 504 JUNOSe 11.1.x System Basics Configuration Guide name and macro end statements, and while loops. A control expression can include multiple operation statements if you separate the statements with semicolons (;). For example: <# i:=0; while i++ < 3 #> All macros must have names consisting only of letters, numbers, and the underline character (_).
Page 505: Environment Commands
Chapter 8: Writing CLI Macros Environment Commands Macros use environment commands to write data to the macro output, to determine a value, or to call other commands. Table 51 on page 475 describes the environment commands that are currently supported. Table 51: Environment Commands Command Description...
Page 506: Capturing Output Of Commands
JUNOSe 11.1.x System Basics Configuration Guide Table 51: Environment Commands (continued) Command Description env.regexpMatch(string) Checks a string against a regular expression env.getRegexpMatch(string) Extracts a string from a larger string Capturing Output of Commands Macro language commands can start and stop the capture of JUNOSe command output and save the results.
Page 507: Extracting A Substring Based On Regular Expression Matching
Chapter 8: Writing CLI Macros <# if env.regexpMatch(outputLine, "^System") #> . . . <# endif #> In this example, the string interface is checked to determine whether it has the correct syntax: <# interface := env.argv(1) #> <# if env.regexpMatch(interface, "^[0-9]+/[0-9]+$") #> .
Page 508: Unique Ids For Macros
JUNOSe 11.1.x System Basics Configuration Guide <#endtmpl#> <# onError #> <# c := env.getVar("interface") #> <# setoutput console #> <# "begin output\n" #> <# "The interface value: ";c; "\n" #> <# endsetoutput #> <#endtmpl#> When the macro runs, the global variable interface is set and the interface command contains an invalid interface value.
Page 509: Variables
Chapter 8: Writing CLI Macros <# "error: " $ env.getErrorCommand $ "\n" #> <# "status: " $ env.getErrorStatus $ "\n\n" #> <# endsetoutput #> <#endtmpl#> When you run the macro, the error command is blank and the error status is Status is not available: ERX-40-4a-cc#macro b.mac errorStatusTest Macro 'errorStatusTest' in file 'b.mac' starting execution (Id: 17)
Page 510: Operators
JUNOSe 11.1.x System Basics Configuration Guide “ count” “ \t this string starts with a tab and ends with a tab \t” Operators You can use operators to perform specific actions on local variables or literals, resulting in some string or numeric value. Table 52 on page 480 lists the available macro operators in order of precedence by operation type.
Page 511 Chapter 8: Writing CLI Macros Table 53: Operator Actions (continued) Operation Operator Action Greater than > Evaluates as true (returns a 1) if the element to the left of the operator is greater than the expression to the right of the operator; otherwise the result is false (0) Less than or equal to <= Evaluates as true (returns a 1) if the element to the left...
Page 512: Assignment
JUNOSe 11.1.x System Basics Configuration Guide Table 53: Operator Actions (continued) Operation Operator Action Modulo Divides the expression to the left of the operator by the expression to the right and returns the integer remainder. If the expression to the left of the operator is less than the expression to the right, then the result is the expression to the left of the operator.
Page 513: String Operations
Chapter 8: Writing CLI Macros Example 1 <# i := 0; j := 10 #> <# j := j - i++ #> In Example 1, the result is that i equals 1 and j equals 10, because the expression is evaluated (10 –...
Page 514: Arithmetic Operations
JUNOSe 11.1.x System Basics Configuration Guide <# decimal:= 4.7 #> <# round(decimal) #>The result is decimal is now 5 The truncate operator truncates noninteger numbers to the value left of the decimal point: <# decimal:= 4.7 #> <# truncate(decimal) #>The result is decimal is now 4 Arithmetic Operations The arithmetic operations are multiply (*), divide (/), modulo (%), add (+), and subtract (-).
Page 515: Miscellaneous Operations
Chapter 8: Writing CLI Macros 1. For the logical NOT, the result of the operation is true (1) if it evaluates to zero, or false if it evaluates to nonzero. Example <# i := 6; i >= 3 && i <= 10 #>The result is 1 <# i := 1;...
Page 516: Conditional Execution
JUNOSe 11.1.x System Basics Configuration Guide <# i := i + 1 #>nothing is written <# count := (count - 2) #>nothing is written Conditional Execution You can use if or while constructs in macros to enable conditional execution of commands.
Page 517: While Constructs
Chapter 8: Writing CLI Macros <# if 0 #> ! This is never output because a value of zero is “ false.” <# endif #> <# // Here’s an example with elseif and else. #> <# color := env.getline("What is your favorite color? ") #> <# if color = "red"...
Page 518: Passing Parameters In Macros
JUNOSe 11.1.x System Basics Configuration Guide expression skips over the rest of the expression group, evaluates any iteration expression, then continues with the execution of the while structure. The while structure is limited to 100,000 repetitions by default. You can nest up to 10 while structures.
Page 519: Generating Macro Output
Chapter 8: Writing CLI Macros The following example provides the output from using this macro: host1#macro m.mac m 5 6 7 host1#The result is: 210 Generating Macro Output You may want a macro to provide output while it is operating. In simple cases, you can use the verbose keyword to echo commands to the display and display comments as the macro executes.
Page 520 JUNOSe 11.1.x System Basics Configuration Guide Additional parameters can be passed as well. Parameters can be local variables, environmental variables, literals, or operations. The invoking macro passes local variables by reference to the invoked macro. Passing parameters has no effect on the invoking macro unless the parameter is a local variable that is changed by the invoked macro.
Page 521: Detecting And Recording Macro Errors
Chapter 8: Writing CLI Macros host1# macro verbose macro1.mac callAnotherMacro host1#!Macro 'callAnotherMacro' in the file 'macro1.mac' starting execution (Id: 55) macro macro2.mac macroName2 5 string1 !Macro 'macroName2' in the file 'macro2.mac' starting execution !Macro 'macroName2' in the file 'macro2.mac' ending execution host1#!Macro 'callAnotherMacro' in the file 'macro1.mac' ending execution (Id: 55) The invoked macro cannot invoke a third macro from another file.
Page 522: Logging Macro Results
JUNOSe 11.1.x System Basics Configuration Guide Logging Macro Results You can use the env.setResult command to set parameters within a macro to display information through the macroData log file. When defined, parameter information appears in the macroData log file at the NOTICE severity level following the completion of the macro.
Page 523: Onerror Macro Examples
Chapter 8: Writing CLI Macros error NOTICE 01/07/2006 09:46:57 macroData: (Id: 402) commandError is interface fastEthernet 500 NOTICE 01/07/2006 09:46:57 macroData: (Id: 402) commandErrorStatus is Command execution error NOTICE 01/07/2006 09:46:57 macroData: (Id: 402) runStatus is Loop:500 NOTICE 01/07/2006 09:46:57 macroData: Macro 'badInterfaceCommandMacro' in file 'testInterfaceCommand.mac' ending execution (Id: 402) on vty, 0 See show log data.
Page 524: Detecting Invalid Commands
JUNOSe 11.1.x System Basics Configuration Guide Enter configuration commands, one per line. End with ^Z. ERX-40-94-fb(config)#interface fastEthernet 500 % invalid interface format Macro 'badInterfaceCommandMacro' in file 'testInterfaceCommand.mac' ending execution (Id: 402) You can determine the execution progress through the runStatus result entry in the macroData log file.
Page 525: Detecting Missing Macros
Chapter 8: Writing CLI Macros Without the onError macro, the macro would indicate the invalid command, but it would also continue with the rest of the configuration. When using the onError macro, the macro stops when it encounters the invalid command. Executing the macro that contains the onError macro, the output appears as follows: host1# macro badExecCommandTest.mac badExecCommandMacro Macro 'badExecCommandMacro' in file 'badExecCommandTest.mac' starting execution (Id: 101)
Page 526: Running Macros
JUNOSe 11.1.x System Basics Configuration Guide host1# macro badMacroInvocation.mac badMacroInvocation Macro 'badMacroInvocation' in file 'badMacroInvocation.mac' starting execution (Id: 407) % can't find macro foo Macro 'badMacroInvocation' in file 'badMacroInvocation.mac' ending execution (Id: 407) You can determine the execution progress through the runStatus result entry in the macroData log file.
Page 527 Chapter 8: Writing CLI Macros You can specify only a macro filename. The command searches in the specified file for a macro named start. The command fails if the start macro does not exist. For example, the following command looks for the file confatm.mac and runs the macro named start contained within the file: host1(config)#macro confatm.mac You can specify only the macro name, using the name keyword, if the macro...
Page 528 JUNOSe 11.1.x System Basics Configuration Guide ip addr 10.1.<#i#>.1 255.255.255.0 <# i++ #> <# endwhile #> <# endtmpl #> If you stored this macro remotely in the macro file, pc:/macros.mac, you issue the following commands to execute the macro: host1>enable host1#conf t host1(config)#macro pc:/macros.mac atm0verDs3 Alternatively, if you stored this macro locally in the macro file atm0verDs3.mac, you...
Page 529: Scheduling Macros
Chapter 8: Writing CLI Macros host1(config)#interface atm 9/1.1.99 host1(config)#encap ppp host1(config)#no ppp shut host1(config)#no ppp keep host1(config)#atm pvc 99 1 99 aal5mux ip host1(config)#ip addr 10.1.99.1 255.255.255.0 host1(config)#!Macro 'atmOverDs3' in the file 'atmOverDs3.mac' ending execution (Id: 103) Scheduling Macros You can schedule a macro to run once at a specific time, after a periodic interval, or at a periodic time of day, day of the week, or day of the month.
Page 530 JUNOSe 11.1.x System Basics Configuration Guide interval macro privilege interval frequency file name macro level time-of-day (minutes) schedule started --------- --------- --------- ------------------ --------- ------------------- ------- fred.mac Freddie 00:10 DayOfMonth:2 2007-03-02 00:10:00 *joe.mac start 00:00 sunday 2007-02-18 00:00:00 john.mac getuptime 2007-02-14 14:26:38 larry.mac start...
Page 531 Chapter 8: Writing CLI Macros host1#schedule macro at 14:35 m.mac m host1#show schedule macro m.mac interval macro privilege interval frequency file name macro level time-of-day (minutes) schedule started --------- -------- --------- ------------ --------- ------------------- ------- m.mac Freddie 00:10 sunday 2008-09-28 00:00:00 host1# When you show the directory listing, the schedule macro m.mac is marked in use and cannot be modified.
Page 532: Practical Examples
JUNOSe 11.1.x System Basics Configuration Guide NOTICE 02/14/2007 11:26:20 macroScheduler: macro b.mac started with ID 3 NOTICE 02/14/2007 11:26:21 macroScheduler: macro b.mac with ID 3 ran successfully NOTICE 02/14/2007 11:26:21 macroScheduler: (Id: 3) Days: is 0 days NOTICE 02/14/2007 11:26:21 macroScheduler: (Id: 3) Hours: is 0 hours NOTICE 02/14/2007 11:26:21 macroScheduler: (Id: 3) Minutes: is 17 minutes NOTICE 02/14/2007 11:26:21 macroScheduler: (Id: 3) Seconds: is 16 seconds After the macro is run, display the next scheduled run time:...
Page 533: Table 54: Contents Of Ds1Mac.mac
Chapter 8: Writing CLI Macros It consists of a number of related macros for configuring interfaces on CT1 and CE1 modules, as described in Table 54 on page 503. Some of the macros provide a single configuration function, like configuring the controller.
Page 534 JUNOSe 11.1.x System Basics Configuration Guide ! This macro should be called with 4 arguments. ! The argument list should be as follows: ! type; number of numPorts; slot; port; clock; framing; lineCoding <# return #> <# endif #> <# type := env.argv(1) #> <# ifCount := env.argv(2) #>...
Page 535 Chapter 8: Writing CLI Macros <# endif #> <# type := env.argv(1) #> <# ifCount := env.argv(2) #> <# slot := env.argv(3) #> <# port := env.argv(4) #> <# clock := env.argv(5) #> <# framing := env.argv(6) #> <# coding := env.argv(7) #> <# proto := env.argv(8) #>...
Page 536: Configuring Atm Interfaces
JUNOSe 11.1.x System Basics Configuration Guide <# proto := 'frame-relay ietf' #> <# endif #> <# while ifCount-- > 0 #> interface serial <# slot;'/';port;':1';'\n' #> encapsulation <# proto;'\n' #> <# if proto = 'frame-relay ietf' #> frame-relay intf-type <# param[5];'\n'#> frame-relay lmi-type <# param[6];'\n'#>...
Page 537 Chapter 8: Writing CLI Macros authTypeStr :=env.getline("authentication (1 = None, 2 = PAP, 3 = CHAP, 4 = PAP/CHAP; 5 = CHAP/PAP)?"); authType := env.atoi(authTypeStr); endwhile #> <# endif #> <# vpStartStr := env.getline("Starting VP number?"); vpStart:=env.atoi(vpStartStr)#> <# vpEndStr := env.getline("Ending VP number?"); vpEnd :=env.atoi(vpEndStr)#>...
Page 538 JUNOSe 11.1.x System Basics Configuration Guide encap ppp <# if authType = authPap#> ppp authentication pap <# elseif authType = authPapChap#> ppp authentication pap chap <# elseif authType = authChapPap#> ppp authentication chap pap <# elseif authType = authChap#> ppp authentication chap <# endif #>...
Page 539: Booting The System
E320 Broadband Services Routers. Configuring Your System for Booting Juniper Networks delivers your E Series router already set up with a factory default configuration and a software release (.rel) file. You can, however, create a new configuration file (.cnf) and select a different software release file to use in future reboots of your router.
Page 540: Booting The Ge-2 Line Module
JUNOSe 11.1.x System Basics Configuration Guide An existing script file to be used on the next and every subsequent reboot using backup mode The configuration that is already running on the system The factory default configuration In addition, you can configure the system to load a different software release file on its next reboot.
Page 541 Chapter 9: Booting the System Use to specify the configuration with which the system is rebooted. CAUTION: All versions of this command except those using the running-configuration or startup-configuration keywords erase the current system running configuration. Before issuing one of those versions, you might want to save the running configuration to a .cnf file by issuing the copy running-configuration command.
Page 542 JUNOSe 11.1.x System Basics Configuration Guide You can require the system to reboot from the factory default configuration. On subsequent reboots, the system will use the running configuration current at the time of that reboot: host1(config)#boot config factory-defaults This command does not reboot the system. Use the no version to clear a previous request to reboot in a specified manner.
Page 543 Chapter 9: Booting the System Use to set the boot logic to never revert to the backup image/configuration. This command does not reboot the system. Example host1(config)#boot revert-tolerance never NOTE: This command is functionally equivalent to specifying no backup image/configuration, but it allows you to leave the backup settings alone and to toggle autoreversion on and off.
Page 544: Rebooting Your System
JUNOSe 11.1.x System Basics Configuration Guide In a dual SRP configuration, when this information is synchronized to the standby SRP, the standby SRP is reloaded to boot the specified release. The high availability feature requires the release to be the same on the active and the standby SRP.
Page 545 Chapter 9: Booting the System When you issue this command, the system prompts you for a confirmation before the procedure starts. If you remove a standby SRP module without issuing the slot erase command to delete the configuration, the E Series router cannot guarantee that the SRP modules were synchronized.
Page 546: Rebooting When A Command Takes A Prolonged Time To Execute
JUNOSe 11.1.x System Basics Configuration Guide host1#reload in 00:10 This command reloads the software in 10 minutes. There is no no version. See reload. reload slot Use to reboot a selected slot on the router. Reloads the system software (.rel) file and the configuration (.cnf) file on the module in the selected slot.
Page 547: Configuration Caching
Chapter 9: Booting the System host1(config)#service ctrl-x-reboot Use the no version to disable this feature. See service ctrl-x-reboot. Configuration Caching Configuration caching prevents the system from being partially configured with changes in the event of a reset. When a script or macro begins execution, the resulting configuration changes are automatically cached in system RAM rather than being committed to nonvolatile storage (NVS).
Page 548 JUNOSe 11.1.x System Basics Configuration Guide show boot Use to show the current boot settings. Example host1#show boot System Release: release.rel System Configuration: running-configuration Note: This system is not configured with backup settings. See show boot. show hardware Use to display detailed information about the system hardware. Field descriptions slot Physical slot that contains the module type Type of module...
Page 549 Use to display the configuration of the system hardware and the software version. Example host1#show version Juniper Edge Routing Switch ERX-700 Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved. System Release: erx_7-1-0.rel Partial Version: 7.1.0 [BuildId 4518] (December 21, 2005...
Page 550: Output Filtering
JUNOSe 11.1.x System Basics Configuration Guide online CT3-12 enabled erx_7-1-0.rel 25d03h:24m:46s online OC3-4A-APS enabled erx_7-1-0.rel 25d03h:24m:22s online enabled erx_7-1-0.rel 25d03h:24m:44s See show version. Output Filtering The output filtering feature of the show command is not available in Boot mode. Displaying Boot Information...
Page 551: Chapter 10 Configuring The System Clock
Chapter 10 Configuring the System Clock Use the procedures described in this chapter to configure the E Series router clock. This chapter contains the following sections: Overview on page 521 Platform Considerations on page 524 References on page 524 Setting the System Clock Manually on page 525 Before You Configure NTP on page 527 NTP Configuration Tasks on page 527 Monitoring NTP on page 533...
Page 552: System Operation As An Ntp Client
JUNOSe 11.1.x System Basics Configuration Guide To obtain high precision and reliability with NTP, clients typically synchronize with several NTP servers at different physical locations. Peer associations, especially for stratum 1 and 2 servers, provide redundancy for the network. Hosts synchronize by exchanging NTP messages through UDP. NTP uses the IP and UDP checksums to confirm data integrity.
Page 553: Synchronization
Chapter 10: Configuring the System Clock NOTE: When the system is not configured as either an NTP client or an NTP server, it responds to NTP requests with an invalid stratum number. Synchronization There are three stages to synchronization: Preliminary synchronization Frequency calibration Progressive synchronization Preliminary Synchronization...
Page 554: System Operation As An Ntp Server
JUNOSe 11.1.x System Basics Configuration Guide The system evaluates which server is currently the best time source (the master) by analyzing time data in the messages and comparing the data from different servers. The system gradually synchronizes its clock to that of the master. System Operation as an NTP Server The NTP server supports both unicast (user-to-user addressing protocol) and broadcast modes.
Page 555: Setting The System Clock Manually
Chapter 10: Configuring the System Clock RFC 2030 Simple Network Time Protocol (SNTP) (Version 4) for IPv4, IPv6, and OSI (October 1996) Setting the System Clock Manually Before you set the system clock, obtain the following information about your time zone: The name of the time zone The difference (offset) between the time zone and UTC...
Page 556 JUNOSe 11.1.x System Basics Configuration Guide clock summer-time date Use to set the clock to switch automatically to summer time (daylight saving time). Example host1(config)#clock summer-time PDT date 1 April 200X 2:00 31 October 200X 2:00 60 Use the no version to prevent automatic switching to summer time. See clock summer-time date.
Page 557: Before You Configure Ntp
Chapter 10: Configuring the System Clock Before You Configure NTP Before you configure NTP, complete the following procedures: Configure at least one IP address on the router. Check that the system clock reads the correct time to within 15 minutes, and that the time zone and summer time settings are correct.
Page 558: Ntp Client Configuration
JUNOSe 11.1.x System Basics Configuration Guide Example host1:boston(config)#ntp enable Use the no version to disable NTP polling and clock correction and to remove the association between NTP services and the virtual router. See ntp enable. NTP Client Configuration To configure the system as an NTP client: Ping the selected NTP servers to ensure that the system can reach them.
Page 559: Directing Responses From Ntp Servers
Chapter 10: Configuring the System Clock host1(config-if)#ntp disable Use the no version to reenable NTP on an interface. See ntp disable. ntp server Use to assign an NTP server to the system and to customize the way the server communicates with the system. Specify the source option to direct responses from the NTP server to a specific interface on the system and override the ntp source command.
Page 560: Refusing Broadcasts From Ntp Servers
JUNOSe 11.1.x System Basics Configuration Guide Refusing Broadcasts from NTP Servers You can prevent the system from receiving certain types of broadcasts and specify the servers from which the system will accept NTP broadcasts. To do so: Issue the ntp access-group command. Configure an access list.
Page 561 Chapter 10: Configuring the System Clock CAUTION: Be sure that you do not override a valid time source if you specify the stratum of the NTP server. Issuing the ntp master command on multiple systems in the network might lead to unreliable timestamps if those systems do not agree on the time.
Page 562: Configuration Examples
JUNOSe 11.1.x System Basics Configuration Guide host1:boston(config)#ntp server enable Use the no version to prevent a virtual router from acting as an NTP server. See ntp server enable. Configuration Examples The following examples show how to configure the system as an NTP client and an NTP server.
Page 563: Monitoring Ntp
Chapter 10: Configuring the System Clock Monitoring NTP After you configure the system as an NTP client, you can use show commands to view information about the NTP servers you assigned and the status of NTP on the interface. NOTE: For about 30 minutes after you configure the system as an NTP client, the data varies rapidly, and then starts to stabilize.
Page 564 JUNOSe 11.1.x System Basics Configuration Guide Offset Difference, with the lowest dispersion in the sample buffer, between the system’s clock and the server’s clock Disp. Lowest measure, in the sample buffer, of the error associated with the peer offset, based on the peer delay Example host1# show ntp associations Peer Address...
Page 565 Chapter 10: Configuring the System Clock Sync Dist. Measure of the total time error since the update in the path to the stratum 1 server Peer Delay Round-trip delay, with the lowest dispersion value in the sample buffer, between the system and the server Peer Dispersion Lowest measure, in the sample buffer, of the error associated with the peer offset, based on the peer delay and precision Offset Difference, with the lowest dispersion in the sample buffer,...
Page 566 JUNOSe 11.1.x System Basics Configuration Guide Timestamps of latest time sample from this peer: Root reference Thu, Apr 13 2000 17:27:17.145 from 128.118.25.3 Broadcast was sent: Thu, Apr 13 2000 17:42:02.118 Broadcast received: Thu, Apr 13 2000 17:42:02.067 Sample buffer for this peer contains the following samples: Delay (sec): 0.000...
Page 567 Chapter 10: Configuring the System Clock Timezone Offset Time difference between the time zone and UTC, in hours:minutes Access List Identities of access lists of servers from which the system does not accept broadcasts ‘Server Source’ Interface Interface through which responses from the NTP server are directed;...
Page 568 JUNOSe 11.1.x System Basics Configuration Guide Address Enable BcastClient BcastServer Name 1.1.1.1 FastEthernet1/0 See show ntp status. Monitoring NTP...
Page 569: Configuring Virtual Routers
Chapter 11 Configuring Virtual Routers E Series routers allow you to create multiple logical or virtual routers in a single router. Each virtual router has its own separate set of IP interfaces, forwarding table, and instances of routing protocols. This chapter contains the following sections: Overview on page 539 Platform Considerations on page 541 References on page 541...
Page 570: Routing Protocols
JUNOSe 11.1.x System Basics Configuration Guide Figure 28: Virtual Routers E Series router VRs and VRFs are tools for implementing VPNs. Routing Protocols Your router implements the VRs by maintaining a separate instance of each data structure for each VR and allowing each protocol (for example, TCP/UDP, RIP, OSPF, and IS-IS) to be enabled on a case-by-case basis.
Page 571: Platform Considerations
Chapter 11: Configuring Virtual Routers to identify the VPNs that it wants to receive the updates. See JUNOSe BGP and MPLS Configuration Guide. Platform Considerations Virtual routers are supported on all E Series routers. For information about the modules supported on E Series routers: See the ERX Module Guide for modules supported on ERX7xx models, ERX14xx models, and the ERX310 router.
Page 572 JUNOSe 11.1.x System Basics Configuration Guide Proceed with new VRF creation? [confirm] host1:western(config-vrf)#virtual-router:eastern host1:western:eastern(config)# Access a VRF from the context of a different VR. host1(config)#virtual-router western:eastern host1:western:eastern(config)# View your configuration choices from a VR or VRF context. host1:western:eastern(config)#? Configure authentication, authorization, and accounting characteristics access-list Configure an access list entry...
Page 573 Chapter 11: Configuring Virtual Routers Configure sleep Make the Command Interface pause for a specified duration slot Configure and administer slot operation snmp-server Configure SNMP parameters sscc The SSC Client telnet telnet daemon configuration timing Configure network timing traffic-shape-profile Enter traffic shape profile configuration mode virtual-router Specify a virtual router host1:western:eastern(config)#...
Page 574 JUNOSe 11.1.x System Basics Configuration Guide VRF : southern host1# Map a VR to a user domain name in Domain Map Configuration mode. The VR must already exist. host1(config)#aaa domain-map jacksonville host1(config-domain-map)#virtual-router western host1(config-domain-map)# aaa domain-map Use to map a user domain name to a virtual router. Examples host1-0-1-90(config)#aaa domain-map juniper.net vrouter_1 host1-0-1-90(config)#aaa domain-map none vrouter__all_purpose...
Page 575: Monitoring Virtual Routers
Chapter 11: Configuring Virtual Routers From Global Configuration mode, use this command to create a virtual router or access the context of a previously created virtual router or a VRF. From Domain Map Configuration mode, use this command to map the VR to a user domain name.
Page 576 JUNOSe 11.1.x System Basics Configuration Guide default All client requests with a domain present that has no map are associated with the virtual router mapped to the default entry Example host1#show aaa domain-map Domain: boston; virtual-router: default Tunnel Tunnel Tunnel Tunnel Tunnel Tunnel Tunnel Tunnel...
Page 577 Chapter 11: Configuring Virtual Routers timeout 10000 See show configuration. show ip forwarding-table slot Use to display the memory used by each VR configured on a line module and free memory available on the line module. Field descriptions Free Memory Amount of memory free on the line module, in kilobytes Virtual Router Name of the virtual routers configured on the line module Memory (KB) Amount of memory consumed by the VR, in kilobytes Load Errors Counts errors made while loading the routing table on the line...
Page 578 JUNOSe 11.1.x System Basics Configuration Guide host1#show virtual-router Virtual Router : default Virtual Router : vr1 VRF : eastern VRF : western VRF : northern VRF : southern Virtual Router : vr2 VRF : eastern VRF : western VRF : northern VRF : southern Virtual Router : vr3 VRF : eastern...
Page 579 Chapter 11: Configuring Virtual Routers Total VRF Count: 12 Total Count : 16 See show virtual-router. Monitoring Virtual Routers...
Page 580 JUNOSe 11.1.x System Basics Configuration Guide Monitoring Virtual Routers...
Page 581: Reference Material
Part 2 Reference Material Abbreviations and Acronyms on page 553 References on page 571 Reference Material...
Page 582 JUNOSe 11.1.x System Basics Configuration Guide Reference Material...
Page 583: Appendix A Abbreviations And Acronyms
Appendix A Abbreviations and Acronyms Abbreviation or Acronym Term authentication, authorization, and accounting AAAA authentication, authorization, accounting, and address assignment ATM Adaptation Layer area border router alternating current; access concentrator ACCM Async Control Character Map ADSL asymmetric digital subscriber line AESA ATM end system address assured forwarding...
Page 584 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term AS boundary router autonomous system boundary router ASCII American Standard Code for Information Interchange ASIC application-specific integrated circuit AS number autonomous system number Asynchronous Transfer Mode attribute-value pair backup DR backup designated router BECN backward explicit congestion notification...
Page 585 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term Compression Control Protocol cell delay variation CDVT cell delay variation tolerance customer edge device CHAP Challenge Handshake Authentication Protocol CIDR classless interdomain routing CISPR International Special Committee on Radio Interference CLACL classifier control list CLEC competitive local exchange carrier...
Page 586 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term computer telephony integration clear to send connection traffic table agreement between Underwriter Laboratories and Canadian Standards Association for joint product safety approval direct current Data Country Code data carrier detect data communication equipment dynamic configuration manager discard eligibility...
Page 587 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term dynamic subscriber interface digital subscriber line DSLAM digital subscriber line access multiplexer domain-specific part data set ready Digital Signature Standard Daylight Saving Time data service unit data terminal equipment data terminal ready downstream unsolicited DVMRP Distance Vector Multicast Routing Protocol...
Page 588 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term extended superframe end system identifier Encapsulating Security Payload experimental (refers to bits in MPLS shim header) file allocation table Federal Communications Commission frame check sequence facilities data link Fast Ethernet FE-2 dual-port Fast Ethernet forwarding equivalence class (abbreviation pronounced “...
Page 589 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term Generic Routing Encapsulation GRxx (refers to Bellcore standards) graphical user interface hierarchical assured rate HDLC High-Level Data Link Control; High-Speed Data Link Control HMAC Hashed Message Authentication Code HO-DSP high-order domain-specific part hierarchical round-robin HSSI high-speed serial interface (abbreviation pronounced “...
Page 590 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term interior gateway protocol incoming interface Internet Key Exchange ILEC incumbent local exchange carrier ILMI Integrated Local Management Interface InARP Inverse Address Resolution Protocol input/output adapter Internet Protocol IPCP Internet Protocol Control Protocol IPoA Internet Protocol over Asynchronous Transfer Mode IPSec...
Page 591 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term L2TP access concentrator link aggregation group local area network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol light-emitting diode label edge router label information base Link Integrity Protocol logical link control L-LSP label-only-inferred-PSC LSP...
Page 592 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term maximum burst size Message Digest 5 maintenance data link Message Digest x (hash algorithm) multiple exit discriminator MGTM multicast group table manager Management Information Base MLFR Multilink Frame Relay MLPPP Multilink Point-to-Point Protocol motd message of the day...
Page 593 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term Network Control Protocol Neighbor Discovery NEBS Network Equipment Building System network entity title NLRI network layer reachability information Network Management Center network management system network-to-network interface nonreturn to zero NRZI nonreturn to zero inverted NSAP network service access point nonstop forwarding...
Page 594 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term provider core router PADI PPPoE Active Discovery Initiation PADM PPPoE Active Discovery Message PADN PPPoE Active Discovery Network PADO PPPoE Active Discovery Offer PADR PPPoE Active Discovery Request PADS PPPoE Active Discovery Session PADT PPPoE Active Discovery Termination Password Authentication Protocol...
Page 595 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term point of presence packet over SONET POST power-on self-test Point-to-Point Protocol PPPoE Point-to-Point Protocol over Ethernet packets per second PROM programmable read-only memory per-hop scheduling class PSNP partial sequence number PDU (protocol data unit) permanent virtual circuit (or connection) quality of service RADIUS...
Page 596 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term RSVP Resource Reservation Protocol RSVP-TE Resource Reservation Protocol with traffic engineering extensions resource threshold monitor Response Time Reporter RTSP Real-Time Streaming Protocol receive window size receive security association SAFI subsequent address family identifier segmentation and reassembly system controller SCCRQ...
Page 597 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term service level agreement SLARP Serial Line Address Resolution Protocol Service line module single-mode fiber switch management module SNAP Subnetwork Access Protocol; subnetwork attachment point SMDS network interface SNMP Simple Network Management Protocol SNPA subnet point of attachment SNTP...
Page 598 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term Technical Assistance Center TACACS Terminal Access Controller Access Control System transmission convergence Transmission Control Protocol traffic engineering TFTP Trivial File Transfer Protocol terminal interface processor type-length-value type of service TPID Tag Protocol Identifier Tunnel Service line module time-to-live...
Page 599 Appendix A: Abbreviations and Acronyms Abbreviation or Acronym Term volts alternating current variable bit rate VBR-NRT variable bit rate, non–real time VBR-RT variable bit rate, real time virtual circuit (or connection) virtual channel connection VCCI Voluntary Control Council for Interference virtual circuit descriptor virtual channel identifier volts direct current...
Page 600 JUNOSe 11.1.x System Basics Configuration Guide Abbreviation or Acronym Term wireless access point Wired Equivalent Privacy weighted fair queuing WINS Windows Internet Name Service (Microsoft) WLAN wireless local area network wireless local loop WRED weighted random early detection weighted round-robin xDSL combined term used to refer to ADSL, HDSL, SDSL, and VDSL 10-gigabit small form-factor pluggable transceiver...
Page 601: Appendix B References
Appendix B References This document lists RFCs, draft RFCs, other software standards, hardware standards, and other references that provide information about the protocols and features supported by the system. RFCs on page 571 Draft RFCs on page 584 Other Software Standards on page 587 Hardware Standards on page 590 RFCs Table 55: E Series RFCs...
Page 602 JUNOSe 11.1.x System Basics Configuration Guide Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 4447 Pseudowire Setup and Maintenance Using the Label VPLS Distribution Protocol (LDP) (April 2006) RFC 4379 Detecting Multi-Protocol Label Switched (MPLS) Data Plane MPLS;...
Page 603 Appendix B: References Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 3564 Requirements for support of Differentiated Services-aware MPLS MPLS Traffic Engineering (July 2003) RFC 3539 Authentication, Authorization and Accounting (AAA) RADIUS 6.0.0b1 Transport Profile (June 2003) RFC 3498 Definitions of Managed Objects for Synchronous Optical SONET APS Network (SONET) Linear Automatic Protection Switching (APS)
Page 604 JUNOSe 11.1.x System Basics Configuration Guide Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 3411 An Architecture for Describing Simple Network SNMP Management Protocol (SNMP) Management Frameworks (December 2002) RFC 3410 Introduction and Applicability Statements for Internet SNMP Standard Management Framework (December 2002) RFC 3392 Capabilities Advertisement with BGP-4 (November 2002)
Page 605 Appendix B: References Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 3193 Securing L2TP using IPSec (November 2001) L2TP over IPSec RFC 3159 Structure of Policy Provisioning Information (SPPI) (August COPS 2001) RFC 3145 L2TP Disconnect Cause Information (July 2001) L2TP RFC 3140 Per Hop Behavior Identification Codes (June 2001) MPLS...
Page 606 JUNOSe 11.1.x System Basics Configuration Guide Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 2973 IS-IS Mesh Groups (October 2000) IS-IS RFC 2966 Domain-wide Prefix Distribution with Two-Level IS-IS IS-IS (October 2000) RFC 2961 RSVP Refresh Overhead Reduction Extensions (April 2001) MPLS RFC 2934 Protocol Independent Multicast MIB for IPv4 (October SNMP...
Page 607 Appendix B: References Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 2794 Mobile IP Network Access Identifier Extension for IPv4 Mobile IP (March 2000) RFC 2790 Host Resources MIB (March 2000) SNMP RFC 2787 Definitions of Managed Objects for the Virtual Router VRRP Redundancy Protocol (March 2000) RFC 2784 Generic Routing Encapsulation (GRE) (March 2000)
Page 608 JUNOSe 11.1.x System Basics Configuration Guide Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 2661 Layer Two Tunneling Protocol “ L2TP” (August 1999) L2TP RFC 2616 Hypertext Transfer Protocol – HTTP/1.1 (June 1989) HTTP RFC 2615 PPP over SONET/SDH (June 1999) RFC 2598 An Expedited Forwarding PHB (June 1999) RFC 2597 Assured Forwarding PHB Group (June 1999) MPLS;...
Page 609 Appendix B: References Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 2475 An Architecture for Differentiated Services (December MPLS; Policy, 1998) Management; QoS RFC 2474 Definition of the Differentiated Services Field (DS Field) in MPLS; Policy the IPv4 and IPv6 Headers (December 1998) management;...
Page 610 JUNOSe 11.1.x System Basics Configuration Guide Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 2403 The Use of HMAC-MD5-96 within ESP and AH (November IPSec 1998) RFC 2402 IP Authentication Header (November 1998) IPSec RFC 2401 Security Architecture for the Internet Protocol (November IPSec 1998) RFC 2390 Inverse Address Resolution Protocol (September 1998)
Page 611 Appendix B: References Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 2132 DHCP Options and BOOTP Vendor Extensions (March DHCP 1997) RFC 2131 Dynamic Host Configuration Protocol (March 1997) DHCP RFC 2115 Management Information Base for Frame Relay DTEs Using Frame Relay;...
Page 612 JUNOSe 11.1.x System Basics Configuration Guide Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 1863 A BGP/IDRP Route Server alternative to a full mesh routing (October 1995) RFC 1850 OSPF Version 2 Management Information Base (November OSPF 1995) RFC 1812 Requirements for IP Version 4 Routers (June 1995) RFC 1774 BGP-4 Protocol Analysis (March 1995)
Page 613 Appendix B: References Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 1407 Definitions of Managed Objects for the DS3/E3 Interface SNMP; cOCx/STMx, Types (January 1993) channelized T3, E3, and T3 interfaces RFC 1406 Definitions of Managed Objects for the DS1 and E1 Interface SNMP;...
Page 614: Draft Rfcs
JUNOSe 11.1.x System Basics Configuration Guide Table 55: E Series RFCs (continued) Reference Protocol or Feature RFC 959 File Transfer Protocol (FTP) (October 1985) FTP; System management RFC 950 Internet Standard Subnetting Procedure (August 1985) RFC 922 Broadcasting Internet Datagrams in the Presence of Subnets (October 1984) RFC 919 Broadcasting Internet Datagrams (October 1984) RFC 894 A Standard for the Transmission of IP Datagrams over...
Page 615 Appendix B: References Table 56: E Series Draft RFCs (continued) Reference Protocol or Feature BGP Extended Communities Attribute draft-ietf-idr-bgp-ext-communities-07.txt (February 2004 expiration) BGP-MPLS VPN extension for IPv6 VPN draft-ietf-l3vpn-bgp-ipv6-03.txt BGP/MPLS VPNs (December 2004 expiration) Bidirectional Forwarding Detection draft-ietf-bfd-base-00.txt. (January 2005 expiration) Connecting IPv6 Islands across IPv4 Clouds with BGP draft-ietf-ngtrans-bgp-tunnel-04.txt (July 2002 expiration) Cooperative Route Filtering Capability for...
Page 616 JUNOSe 11.1.x System Basics Configuration Guide Table 56: E Series Draft RFCs (continued) Reference Protocol or Feature Fail Over extensions for L2TP “ failover” L2TP draft-ietf-l2tpext-failover-06.txt (April 2006 expiration) Framework for Pseudo Wire Emulation Edge-to-Edge Layer 2 services (PWE3) draft-ietf-pwe3-arch-06.txt (April 2004 expiration) Graceful Restart Mechanism for BGP draft-ietf-idr-restart-10.txt (March 2004 expiration) GSMPv3 Base Specification draft-ietf-gsmp-v3-base-spec-06.txt (May...
Page 617: Other Software Standards
Appendix B: References Table 56: E Series Draft RFCs (continued) Reference Protocol or Feature Protocol Independent Multicast MIB for IP multicasting IPv4 draft-ietf-idmr-pim-mib-10.txt (July 2000 expiration) Pseudowire Setup and Maintenance Using Layer 2 services LDP draft-ietf-pwe3-control-protocol-08.txt (January 2005 expiration) Requirements for Pseudo-Wire Emulation Edge-to-Edge Layer 2 services (PWE3) draft-ietf-pwe3-requirements-08.txt (June 2004 expiration) Routing IPv6 with IS-IS draft-ietf-isis-ipv6-06.txt (April 2006 expiration)
Page 618 JUNOSe 11.1.x System Basics Configuration Guide Table 57: E Series Non-RFC Software Standards (continued) Reference Protocol or Feature ANSI T1.617 Annex D Frame Relay AT&T Technical Reference 54016 Requirements for Interfacing Digital FDL (T1 interfaces) Terminal Equipment to Services Employing the Extended Superframe Format (September 1989) ATM Forum ATM User-Network Interface Specification, Version 3.0 (September 1993)
Page 619 Appendix B: References Table 57: E Series Non-RFC Software Standards (continued) Reference Protocol or Feature IEEE 802.3z (Gigabit Ethernet only) Ethernet IEEE 802.3ah-2004 (Clause 57, Operations, Administration, and Ethernet Maintenance [OAM]) Media Access Control Parameters, Physical Layers, and Management Parameters for Subscriber Access Networks IEEE 802.3ah-2000 Part 3: Carrier Sense multiple access with collision Ethernet detection (CSMA/CD) access methods and physical layer specifications...
Page 620: Hardware Standards
JUNOSe 11.1.x System Basics Configuration Guide Table 57: E Series Non-RFC Software Standards (continued) Reference Protocol or Feature Multilink Frame Relay UNI/NNI Implementation Agreement, FRF.16 Multilink Frame Relay (April 2000) T1M1.3 Working Group A Technical Report on Test Patterns for DS1 BERT Patterns Circuits (November 1993) Telcordia document GR-253 Synchronous Optical Network (SONET)
Page 621 Appendix B: References Table 58: E Series Hardware Standards (continued) Protocol or Reference Feature EN55022 Class A (CISPR-22 Class A) EN55024, Annex C for WAN Equipment Performance Criteria A, B, and C EN60825-1, Safety of Laser Products - Part 1: Equipment Class, Safety Requirements, and User’s Guide (2001) EN60950:2000, 3rd Edition, Safety of Information Technology Equipment...
Page 622 JUNOSe 11.1.x System Basics Configuration Guide Hardware Standards...
Page 623: Part 3 Index
Part 3 Index Index on page 595 Index...
Page 624 JUNOSe 11.1.x System Basics Configuration Guide Index...
Page 625: Index
Index address-family ipv4 command........89 address-family vpnv4 command........89 Symbols agent, SNMP..............148 --More-- prompt........40, 41, 43, 67, 69 algorithm negotiation, SSH.........435 .cnf files........277, 278, 279, 290, 509 arrow keys............34, 67, 69 .dmp files............290, 323 assembly numbers, displaying for hardware....517 .hty files..............290 assembly revisions, displaying for hardware....517 .log files..............290 assigning an IP address......127, 132, 133, 137 .pub files............290, 291...
Page 626 JUNOSe 11.1.x System Basics Configuration Guide bandwidth oversubscription bulkstats collector single-interval......200 configuring............376 bulkstats file-format endOfLine-Lf.......237 monitoring............376 bulkstats interface-type........200 overview.............373 bulkstats interfaces description-format bandwidth oversubscription command......376 common............200 banner command............285 bulkstats receiver remote-name......200 banners bulkstats schema..........215 configuring............285 bulkstats schema subtree........215 baseline commands bulkstats schema subtree policy......215 baseline show-delta-counts.........337 bulkstats traps............200...
Page 627 Index color-mark-profile command........92 core dump files for troubleshooting....290, 323 command history keys..........67 core dumps..............330 command modes...........29, 30 corrupted files. See flash cards, scanning accessing..............69 crypto key dss command...........437 exiting............49, 255 Ctrl-key combinations (CLI) command-line interface. See CLI command history..........69 command-line prompts..........31 command-line editing...........67 commands current configuration...
Page 628 JUNOSe 11.1.x System Basics Configuration Guide DoS protection group commands encrypt passwords.............420 atm dos-protection-group........461 encryption bridge1483 dos-protection-group......461 3des-cbc for SSH ..........437 dos-protection-group...........461 blowfish-cbc for SSH ..........437 ethernet dos-protection-group......461 configuring SSH..........437 frame-relay dos-protection-group......461 twofish-cbc for SSH ..........437 hdlc dos-protection-group........461 end command............255 ip dos-protection-group........461 Enter key............34, 67, 69 ipv6 dos-protection-group........461...
Page 629 Index formatting............384 history command............67 halt command to prevent corruption....378 hmac-md5 authentication for SSH......437 installing ............378 hmac-sha1 authentication for SSH......437 managing............378 hmac-sha1-96 authentication for SSH......437 monitoring............384 host command............316 primary...............378 host ftp command............301 rebooting and configuration data......378 host table, modifying.........301, 316 rebooting in response to corrupt sectors.....378 hostname command..........252 replacing.............378 hotfix activate command...........396...
Page 630 IPSec Tunnel Profile Configuration mode....100 compatibility..........372 IPv6 Local Configuration mode........102 switch usage............373 IPv6 Local Pool Configuration mode......75 troubleshooting...........323 IS-IS protocol..............24 line rates..............10 issuing commands from other CLI modes....255 line vty command..........105, 259 lines clearing...............261 configuring............258 Juniper Networks E Series enterprise SNMP MIB..148 Index...
Page 631 See MAC addresses logging system events message-of-the-day (MOTD) banner......285 viewing logs............491 MIBs (Management Information Bases) login banner...............285 definition of............148 login commands Juniper Networks E Series enterprise....148 login...........282, 424, 427 standard SNMP...........148 login authentication..........433 modules login conditions disabling.............360 configuring............284 E Series, managing..........355...
Page 632 JUNOSe 11.1.x System Basics Configuration Guide configuration overview...........4 NTP client CT3 12-F0 modules..........12 configuring the system as........527 data link-layer interfaces........17 system operation as..........522 distribution lists............25 ntp commands............530 E3 modules............13 ntp access-group..........530 Ethernet modules..........15 ntp broadcast............530 general configuration tasks........9 ntp broadcast-client..........527 interfaces and subinterfaces........8 ntp broadcast-delay..........527 IP multicast............24...
Page 633 Index passwords..........67, 70, 87, 417 keyword mapping..........52 enabling..............420 password encryption..........418 encryption............418 setting erasing console passwords........424 default line.............60 See also Privileged Exec mode multiple commands........59 passwords and secrets no or default versions........52 deleting...............422 SNMP..............159 patching the system with hotfixes......392 viewing information..........60 pausing before command execution......255 privilege level command..........62 PDU (protocol data unit)..........153...
Page 634 JUNOSe 11.1.x System Basics Configuration Guide radius relay commands router commands radius relay accounting server......88 router..............88 radius relay authentication server......88 router bgp.............88 RADIUS Relay Configuration mode......81 router ospf............88 Rate Limit Profile Configuration mode....81, 114 router pim............88 rate limiting router rip..............88 per priority............451 Router Configuration mode........82, 116 per protocol............451...
Page 635 Index enabling..............361 show reboot-history command........345 erasing configurations.........371 show reload command..........519 overview.............356 show running-configuration command....270, 348 replacing.............368 show secrets command..........424 shared interfaces............23 show snmp commands show aaa commands show snmp............240 show aaa domain-map........545 show snmp community........159 show bandwidth oversubscription......376 show snmp interfaces.........163 show boot command..........518 show snmp notificationLog.........240 show bulkstats commands ........159...
Page 636 JUNOSe 11.1.x System Basics Configuration Guide operations............153 software packet mirroring..........149 compatibility............372 packet size, setting..........162 configuration..........130, 135 PDU..............153 backing up...........130 proxy, creating............153 saving............130 RFC 1213 compatibility........163 installing.............125, 381 schema line rates...............10 configuring..........215 release file............130 monitoring...........235 updating.............392 security features..........148 upgrading...........125, 140, 142 server..............148 software release file...........291 server parameters, setting........160...
Page 637 Index message authentication suspicious-control-flow-detection protocol configuring..........437 low-threshold..........451 hmac-md5...........437 suspicious-control-flow-detection protocol hmac-sha1...........437 threshold............451 hmac-sha1-96..........437 switch fabric modules. See SFMs monitoring............437 switch usage, line modules.........373 performance issues..........437 synchronization process..........381 security concerns..........437 synchronization reserve file........383 server public key files.........291 synchronize command........382, 386 terminating............437 system user authentication..........435 autoupgrade feature..........253...
Page 638 JUNOSe 11.1.x System Basics Configuration Guide T3 interfaces traffic-class-group command........121 configuring............13 transport protocols, xDSL..........6 controllers for............12 traps command............173 line rates...............10 traps, SNMP Tab key..............34, 64 categories............168 TACACS+ configuring............167 aaa authentication login........431 configuring notification logs for......173 restricting access to commands......446 configuring trap queues........173 tag-group command...........270 operation............156 tech-support encoded-string command......334...
Page 639 Index view, SNMP............148, 149 viewing files............37, 294 See also show commands virtual interfaces (subinterfaces)........8 virtual router commands ip vrf..............543 virtual-router........148, 448, 543 Virtual Router Redundancy Protocol (VRRP). See VRRP virtual routers............10, 539 configuring............10, 541 default virtual router...........539 map VR to domain map......541, 543 monitoring............545 name resolvers for multiple........322 NTP.............521, 527, 530...
Page 640 JUNOSe 11.1.x System Basics Configuration Guide Index...

This manual is also suitable for:

Junose 11.1

Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X Configuration Manual

Chapter 1 Planning Your Network

Quick Links

Troubleshooting

Related Manuals for Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X

Summary of Contents for Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X