Page 1 J-series Services Router Administration Guide Release 9.1 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 408-745-2000 www.juniper.net Part Number: 530-023932-01, Revision 1...
Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3 AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively “Juniper”), and the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).
Page 4 (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N.
Page 5 Abbreviated Table of Contents About This Guide Part 1 Configuring a Services Router for Administration Chapter 1 Managing User Authentication and Access Chapter 2 Setting Up USB Modems for Remote Management Chapter 3 Configuring SNMP for Network Management Chapter 4 Configuring the Router as a DHCP Server Chapter 5 Configuring Autoinstallation...
Page 6 J-series Services Router Administration Guide...
Page 7: Table Of Contents
Table of Contents About This Guide Objectives ...xv Audience ...xv How to Use This Guide ...xvi Document Conventions ...xvii Related Juniper Networks Documentation ...xviii Documentation Feedback ...xxi Requesting Technical Support ...xxi Part 1 Configuring a Services Router for Administration Chapter 1 Managing User Authentication and Access User Authentication Terms ...3...
Page 8 J-series Services Router Administration Guide Accessing Remote Devices with the CLI ...24 Using the telnet Command ...24 Using the ssh Command ...25 Configuring Password Retry Limits for Telnet and SSH Access ...26 Chapter 2 Setting Up USB Modems for Remote Management USB Modem Terms ...29...
Page 9 Chapter 4 Configuring the Router as a DHCP Server DHCP Terms ...63 DHCP Overview ...64 DHCP Options ...65 Compatibility with Autoinstallation ...65 Conflict Detection and Resolution ...65 Interface Restrictions ...65 Before You Begin ...66 Configuring the DHCP Server with Quick Configuration ...66 Configuring the DHCP Server with a Configuration Editor ...72 Verifying a DHCP Server Configuration ...75 Displaying a DHCP Server Configuration ...75...
Page 10 J-series Services Router Administration Guide Part 2 Monitoring a Services Router Chapter 7 Monitoring the Router and Routing Operations Monitoring Terms ...101 Monitoring Overview ...101 Monitoring Tools Overview ...102 Filtering Command Output ...105 Before You Begin ...106 Using the Monitoring Tools ...107 Monitoring System Properties ...107...
Page 11 Upgrade Software Packages ...180 Recovery Software Packages ...180 Before You Begin ...181 Downloading Software Upgrades from Juniper Networks ...181 Installing Software Upgrades with the J-Web Interface ...182 Installing Software Upgrades from a Remote Server ...182 Installing Software Upgrades by Uploading Files ...183 Installing Software Upgrades with the CLI ...184...
Page 12 J-series Services Router Administration Guide Downgrading the Software ...185 Downgrading the Software with the J-Web Interface ...185 Downgrading the Software with the CLI ...185 Configuring Boot Devices ...186 Configuring a Boot Device for Backup with the J-Web Interface ...186 Configuring a Boot Device for Backup with the CLI ...189 Configuring a Boot Device to Receive Software Failure Memory Recovering Primary Boot Devices ...191...
Page 13 Pinging Hosts from the J-Web Interface ...216 Using the J-Web Ping Host Tool ...216 Ping Host Results and Output Summary ...218 Checking MPLS Connections from the J-Web Interface ...219 Using the J-Web Ping MPLS Tool ...219 Ping MPLS Results and Output ...222 Tracing Unicast Routes from the J-Web Interface ...223 Using the J-Web Traceroute Tool ...223 Traceroute Results and Output Summary ...225...
Page 14 J-series Services Router Administration Guide Chapter 14 Configuring RPM Probes RPM Terms ...267 RPM Overview ...268 RPM Probes ...268 RPM Tests ...269 Probe and Test Intervals ...269 Jitter Measurement with Hardware Timestamping ...269 RPM Statistics ...270 RPM Thresholds and Traps ...271 RPM for BGP Monitoring ...271...
Page 15: About This Guide
J-series Services Router Release Notes at Audience This guide is designed for anyone who installs and sets up a J-series Services Router or prepares a site for Services Router installation. The guide is intended for the following audiences:...
Page 16 Typically, J-series documentation provides both general and specific information—for example, a configuration overview, configuration examples, and verification methods. Because you can configure and manage J-series routers in several ways, you can choose from multiple sets of instructions to perform a task. To make best use of this information: If you are new to the topic—Read through the initial overview information, keep...
Page 17 To monitor, diagnose, and manage a router, use the J-Web interface or CLI operational mode commands. Document Conventions Table 2 on page xvii defines the notice icons used in this guide. Table 2: Notice Icons Icon Meaning Informational note Caution Warning Laser warning Table 3 on page xvii defines the text and syntax conventions used in this guide.
Page 18 > (bold right angle bracket) Related Juniper Networks Documentation J-series Services Routers are documented in multiple guides. Although the J-series guides provide instructions for configuring and managing a Services Router with the JUNOS CLI, they are not a comprehensive JUNOS software resource. For complete documentation of the statements and commands described in J-series guides, see the JUNOS software manuals listed in Table 4 on page xix.
Page 19 Chapter in a J-series Guide Getting Started Guide for Your Router “Services Router User Interface Overview” “Establishing Basic Connectivity” J-series Services Router Basic LAN and WAN Access Configuration Guide “Using Services Router Configuration Tools” “Interfaces Overview” “Configuring DS1, DS3, Ethernet, and Serial Interfaces”...
Page 20 J-series Services Router Administration Guide Table 4: J-series Guides and Related JUNOS Software Publications (continued) Chapter in a J-series Guide “Configuring IPSec for Secure Packet Exchange” “Multicast Overview” “Configuring a Multicast Network” “Configuring Data Link Switching” “Policy Framework Overview” “Configuring Routing Policies”...
Page 21 Table 4: J-series Guides and Related JUNOS Software Publications (continued) Chapter in a J-series Guide “Configuring and Monitoring Alarms” “Performing Software Upgrades and Reboots” “Managing Files” “Using Services Router Diagnostic Tools” “Configuring Packet Capture” “Configuring RPM Probes” Documentation Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation.
Page 22 J-series Services Router Administration Guide For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: Search for known bugs: Find product documentation: Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/...
Page 23: Configuring A Services Router For Administration
Part 1 Configuring a Services Router for Administration Managing User Authentication and Access on page 3 Setting Up USB Modems for Remote Management on page 29 Configuring SNMP for Network Management on page 47 Configuring the Router as a DHCP Server on page 63 Configuring Autoinstallation on page 81 Automating Network Operations and Troubleshooting on page 89 Configuring a Services Router for Administration...
Page 24 J-series Services Router Administration Guide Configuring a Services Router for Administration...
Page 25: Managing User Authentication And Access
Chapter 1 Managing User Authentication and Access You can use either J-Web Quick Configuration or a configuration editor to manage system functions, including RADIUS and TACACS+ servers, and user login accounts. This chapter contains the following topics. For more information about system management, see the JUNOS System Basics Configuration Guide.
Page 26: User Authentication Overview
J-series Services Router Administration Guide User Authentication Overview This section contains the following topics: User Authentication on page 4 User Accounts on page 4 Login Classes on page 5 Template Accounts on page 7 User Authentication The JUNOS software supports three methods of user authentication: local password authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+).
Page 27: Login Classes
password that the JUNOS software encrypts using MD5-style encryption before entering it in the password database. If you configure the plain-text-password option, you are prompted to enter and confirm the password. Login Classes All users who log into the Services Router must be in a login class. You can define any number of login classes.
Page 28 J-series Services Router Administration Guide Table 7: Permission Bits for Login Classes Permission Bit Access admin Can view user account information in configuration mode and with the command. admin-control Can view user accounts and configure them (at the access Can view the access configuration in configuration mode and with the operational mode command.
Page 29: Denying Or Allowing Individual Commands
Table 7: Permission Bits for Login Classes (continued) Permission Bit Access Can view general routing, routing protocol, and routing policy configuration information routing-control and configure general routing (at the protocols (at the policy-options] Can view passwords and other authentication keys in the configuration. secret Can view passwords and other authentication keys in the configuration and can modify secret-control...
Page 30: Before You Begin
J-series Services Router Administration Guide When you configure local user templates and a user logs in, the JUNOS software issues a request to the authentication server to authenticate the user's login name. If a user is authenticated, the server returns the local username to the router, which...
Page 31 To cancel your entries and return to the Users Quick Configuration page, click Cancel. Table 8: Users Quick Configuration for RADIUS Servers Summary Field Function RADIUS Server RADIUS Server Address Identifies the IP address of the RADIUS (required) server. RADIUS Server Secret (required) The secret (password) of the RADIUS server.
Page 32 J-series Services Router Administration Guide Table 9: Users Quick Configuration for TACACS+ Servers Summary Field Function TACACS+ Server TACACS+ Server Address Identifies the IP address of the (required) TACACS+ server. TACACS+ Server Secret The secret (password) of the TACACS+ (required) server.
Page 33 Adding New Users You can use the Users Quick Configuration page for user information to add new users to a Services Router. For each account, you define a login name and password for the user and specify a login class for access privileges. Figure 4 on page 11 shows the Quick Configuration page for adding a user.
Page 34: Managing User Authentication With A Configuration Editor
J-series Services Router Administration Guide Table 10: Add a User Quick Configuration Page Summary (continued) Field Function Login Password The login password for this (required) user. Verify Login Password Verifies the login password (required) for this user. Managing User Authentication with a Configuration Editor...
Page 35 Go on to one of the following procedures: To specify a system authentication order, see “Configuring Authentication Order” on page 15. To configure a remote user template account, see “Creating a Remote Template Account” on page 19. To configure local user template accounts, see “Creating a Local Template Account”...
Page 36 J-series Services Router Administration Guide To configure TACACS+ authentication: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 12 on page 14. If you are finished configuring the network, commit the configuration.
Page 37 Configuring Authentication Order The procedure provided in this section configures the Services Router to attempt user authentication with the local password first, then with the RADIUS server, and finally with the TACACS+ server. To configure authentication order: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 38: Defining Login Classes
J-series Services Router Administration Guide Controlling User Access This section contains the following topics: Defining Login Classes on page 16 Creating User Accounts on page 17 Defining Login Classes You can define any number of login classes. You then apply one login class to an individual user account, as described in “Creating User Accounts”...
Page 39 Table 14: Defining Login Classes (continued) Task J-Web Configuration Editor Create a login class named Next to Class, click Add new entry. operator-and-boot with the Type the name of the login class: ability to reboot the router. operator-and-boot In the Allow commands box, type the reboot “request system reboot”...
Page 40: Setting Up Template Accounts
J-series Services Router Administration Guide To create user accounts: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 15 on page 18. If you are finished configuring the network, commit the configuration.
Page 41 Creating a Remote Template Account You can create a remote template that is applied to users authenticated by RADIUS or TACACS+ that do not belong to a local template account. By default, the JUNOS software uses the The authenticated user does not exist locally on the Services Router. The authenticated user's record in the RADIUS or TACACS+ server specifies local user, or the specified local user does not exist locally on the router.
Page 42 J-series Services Router Administration Guide Creating a Local Template Account You can create a local template that is applied to users authenticated by RADIUS or TACACS+ that are assigned to the local template account. You use local template accounts when you need different types of templates. Each template can define a different set of permissions appropriate for the group of users who use that template.
Page 43: Recovering The Root Password
Recovering the Root Password If you forget the root password for the router, you can use the password recovery procedure to reset the root password. NOTE: You need console access to recover the root password. To recover the root password: Power off the router by pressing the power button on the front panel.
Page 44 J-series Services Router Administration Guide Figure 6: Connecting to the Console Port on the J4350 or J6350 Services Router Turn on the power to the management device. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal) and select the appropriate...
Page 45: Securing The Console Port
At the following prompt, enter procedure. Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery Enter configuration mode in the CLI. Set the root password. For example: user@host# set system root-authentication plain-text-password For more information about configuring the root password, see the JUNOS System Basics Configuration Guide.
Page 46: Accessing Remote Devices With The Cli
J-series Services Router Administration Guide In a Common Criteria environment, you must disable the console port. For more information, see the Secure Configuration Guide for Common Criteria and JUNOS-FIPS. To secure the console port: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 47 To escape from the Telnet session to the Telnet command prompt, press Ctrl-]. To exit from the Telnet session and return to the CLI command prompt, enter Table 19 on page 25 describes the see the JUNOS System Basics and Services Command Reference. Table 19: CLI telnet Command Options Option Description...
Page 48: Configuring Password Retry Limits For Telnet And Ssh Access
J-series Services Router Administration Guide Table 20: CLI ssh Command Options (continued) Option Description Open an SSH connection to a host on the specified interface. If you do not include this interface source-interface option, all interfaces are used. Use the specified routing instance for the SSH connection.
Page 49 Table 21: Configuring Password Retry Limits for Telnet and SSH Access Task Navigate to the Retry options level in the configuration hierarchy. Configure password retry limits for Telnet and SSH access. Tries—Maximum number of consecutive password retries before a SSH or Telnet sessions is disconnected. The default number is , but you can set a number between...
Page 50 J-series Services Router Administration Guide Configuring Password Retry Limits for Telnet and SSH Access...
Page 51: Setting Up Usb Modems For Remote Management
Setting Up USB Modems for Remote Management J-series Services Routers support the use of USB modems for remote management. You can use Telnet or SSH to connect to the router from a remote location through two modems over a telephone network. The USB modem is connected to the USB port on the Services Router, and a second modem is connected to a remote management device such as a PC or laptop computer.
Page 52: Usb Modem Overview
Services Router creates this interface when a USB modem is connected to the USB port. The dialer interface, for USB modem connections. See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide. The following rules apply when you configure dialer interfaces for USB modem connections:...
Page 53 AT S7=45 S0=0 V1 X4 &C1 E0 Q0 &Q8 %C0 the commands. For more information about these commands, see the documentation for your modem. Table 23: J-series Default Modem Initialization Commands Modem Command S7=45 S0=0 &C1 &Q8...
Page 54 J-series Services Router Administration Guide Table 23: J-series Default Modem Initialization Commands (continued) Modem Command When the Services Router applies the modem AT commands in the command or the default sequence of initialization commands to the modem, it compares them to the initialization commands already configured on the modem...
Page 55: Before You Begin
If you do not already have a basic understanding of physical and logical interfaces and Juniper Networks interface conventions, see the J-series Services Router Basic LAN and WAN Access Configuration Guide. Connecting the USB Modem to the Services Router's USB Port NOTE: J4350 and J6350 Services Routers have two USB ports.
Page 56 J-series Services Router Administration Guide Navigate to the top of the interfaces configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 25 on page 34. Go on to “Configuring a Dialer Interface (Required)” on page 35.
Page 57 Configuring a Dialer Interface (Required) The dialer interface ( connectivity. You can configure multiple dialer interfaces for different functions on the Services Router. To configure a logical dialer interface for the Services Router: Navigate to the top of the interfaces configuration hierarchy in either the J-Web or CLI configuration editor.
Page 58 J-series Services Router Administration Guide Table 26: Adding a Dialer Interface to a Services Router (continued) Task Configure the name of the dialer pool to use for USB modem connectivity—for example, usb-modem-dialer-pool Configure source and destination IP addresses for the dialer interface—for example, 172.20.10.2...
Page 59 Authentication Protocol (CHAP). When you enable CHAP on a dialer interface, the Services Router can authenticate the remote locations connecting to the USB modem. For more information about CHAP, see the J-series Services Router Basic LAN and WAN Access Configuration Guide and the JUNOS Network Interfaces Configuration Guide.
Page 60 J-series Services Router Administration Guide Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 28 on page 38. If you are finished configuring the router, commit the configuration.
Page 61: Connecting To The Services Router From The User End
Connecting to the Services Router from the User End NOTE: These instructions describe connecting to the Services Router from a remote PC or laptop computer running Microsoft Windows XP. If your remote PC or laptop computer does not run Microsoft Windows XP, see the documentation for your operating system and enter equivalent commands.
Page 62: Connecting To The Services Router From The User End
J-series Services Router Administration Guide The Connect USB-modem-connect page is displayed. If CHAP is configured on the dialer interface used for the USB modem interface at the router end, type the username and password configured in the CHAP configuration in the User name and Password boxes. For information about configuring CHAP on dialer interfaces, see “Configuring CHAP on Dialer Interfaces...
Page 63 Modifying USB Modem Initialization Commands NOTE: These instructions use Hayes-compatible modem commands to configure the modem. If your modem is not Hayes-compatible, see the documentation for your modem and enter equivalent modem commands. You can use the J-Web or CLI configuration editor to override the value of an initialization command configured on the USB modem or configure additional commands for initializing USB modems.
Page 64: Resetting Usb Modems
J-series Services Router Administration Guide Table 29: Modifying USB Modem Initialization Commands (continued) Task Configure the modem AT commands to initialize the USB modem. For example: The command S0=2 configures the modem to automatically answer calls on the second ring.
Page 65 Verifying a USB Modem Interface Verify that the USB modem interface is correctly configured and display the status Purpose of the modem. From the CLI, enter the Action user@host> show interfaces umd0 extensive Physical interface: umd0, Enabled, Physical link is Up Interface index: 64, SNMP ifIndex: 33, Generation: 1 Type: Async-Serial, Link-level type: PPP-Subordinate, MTU: 1504, Clocking: Unspecified, Speed: MODEM...
Page 66 J-series Services Router Administration Guide In the J-Web configuration editor, clear the Disable check box on the Interfaces>interface-name page. The physical link is module, interface port, or physical connection (link-layer errors). Last Flapped last time the physical interface became unavailable and then available again.
Page 67 Link flags : Keepalives Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unspecified Alternate link address: Unspecified Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes Output bytes Input packets: Output packets:...
Page 68 J-series Services Router Administration Guide The physical interface is of the following: In the CLI configuration editor, delete the interfaces interface-name] In the J-Web configuration editor, clear the Disable check box on the Interfaces>interface-name page. The physical link is module, interface port, or physical connection (link-layer errors).
Page 69: Configuring Snmp For Network Management
You can use either J-Web Quick Configuration or a configuration editor to configure SNMP. NOTE: SNMP is not supported on Gigabit Ethernet interfaces on J-series Services Routers. This chapter contains the following topics. For more information about SNMP, see the JUNOS Network Management Configuration Guide.
Page 70: Management Information Base
J-series Services Router Administration Guide Communication between the agent and the manager occurs in one of the following forms: Get, GetBulk, and GetNext requests—The manager requests information from the agent, and the agent returns the information in a Get response message.
Page 71: Snmp Traps
Services Router characteristics (object instances) like the CPU usage, memory usage, and file system usage. The health monitor feature also monitors the CPU usage of the J-series Services Router forwarding process (also called a daemon)—for example, the chassis process and forwarding process microkernel.
Page 72: Before You Begin
Before you begin configuring SNMP, complete the following tasks: Establish basic connectivity. See the Getting Started Guide for your router. Configure network interfaces. See the J-series Services Router Basic LAN and WAN Access Configuration Guide. Configuring SNMP with Quick Configuration...
Page 73 To apply the configuration and stay on the Quick Configuration page for SNMP, click Apply. To apply the configuration and return to the Quick Configuration SNMP page, click OK. To cancel your entries and return to the Quick Configuration for SNMP page, click Cancel.
Page 74 J-series Services Router Administration Guide Table 30: SNMP Quick Configuration Summary (continued) Field Categories Targets Health Monitoring Configuring SNMP with Quick Configuration Function Specifies which trap categories are added to the trap group being configured. One or more hostnames or IP addresses...
Page 75 Table 30: SNMP Quick Configuration Summary (continued) Field Enable Health Monitoring Interval Rising Threshold Falling Threshold Chapter 3: Configuring SNMP for Network Management Function Enables the SNMP health monitor on the router. The health monitor periodically (the time you specify in the interval field) checks the following key indicators of router health: Percentage of file storage used...
Page 76: Configuring Snmp With A Configuration Editor
To configure SNMP on a Services Router, you must perform the following tasks marked (Required). For information about using the J-Web and CLI configuration editors, see the J-series Services Router Basic LAN and WAN Access Configuration Guide. Defining System Identification Information (Required) on page 54...
Page 77 Table 32: Configuring Basic System Identification (continued) Task Configure the system contact information (such as a name and phone number). Configure the system location information (such as a lab name and a rack name). Configure the system description (J4300 with 4 PIMs, for example). Configure a system name to override the system hostname defined in the Getting Started Guide for your router.
Page 78 J-series Services Router Administration Guide Table 33: Configuring SNMP Agents and Communities Task J-Web Configuration Editor Navigate to the SNMP level in the configuration hierarchy. Create and name a community. Grant read-write access to the In the Authorization box, select read-write from community.
Page 79 If you are finished configuring the network, commit the configuration. To check the configuration, see “Verifying the SNMP Configuration” on page 58. Table 34: Configuring SNMP Trap Groups Task Navigate to the SNMP level in the configuration hierarchy. Create a trap group. Configure the trap group to send all trap notifications to a target IP address—for example, to the IP address...
Page 80: Verifying The Snmp Configuration
J-series Services Router Administration Guide Table 35: Configuring SNMP Views Task J-Web Configuration Editor Navigate to the SNMP level In the J-Web interface, select Configuration>View in the configuration and Edit>Edit Configuration. hierarchy. Next to Snmp, click Configure or Edit. Create a view.
Page 81 Get requests: 44942, Get nexts: 190371, Set requests: 10712, Get responses: 0, Traps: 0, Silent drops: 0, Proxy drops: 0, Commit pending drops: 0, Throttle drops: 0, V3 Input: Unknown security models: 0, Invalid messages: 0 Unknown pdu handlers: 0, Unavailable contexts: 0 Unknown contexts: 0, Unsupported security levels: 1 Not in time windows: 0, Unknown user names: 0 Unknown engine ids: 44, Wrong digests: 23, Decryption errors: 0...
Page 82 J-series Services Router Administration Guide Interface daemon SNMP daemon MIB2 daemon VRRP daemon Alarm daemon PFE daemon CRAFT daemon Traffic sampling control daemon Remote operations daemon CoS daemon Inet daemon Syslog daemon Web management daemon USB Supervise Daemon PPP daemon...
Page 83 rising threshold crossed limit. Verify that any rising threshold values are greater than the configured rising threshold, and that any falling threshold values are less than the configured falling threshold. For a complete description of Related Topics Basics and Services Command Reference. Chapter 3: Configuring SNMP for Network Management —Variable value has crossed the upper threshold show snmp health-monitor...
Page 84: Verifying Snmp Health Monitor Configuration
J-series Services Router Administration Guide Verifying SNMP Health Monitor Configuration...
Page 85: Configuring The Router As A Dhcp Server
Configuring the DHCP Server with a Configuration Editor on page 72 Verifying a DHCP Server Configuration on page 75 DHCP Terms Before configuring the DHCP server on J-series Services Routers, become familiar with the terms defined in Table 36 on page 64. DHCP Terms...
Page 86 J-series Services Router Administration Guide Table 36: DHCP Terms Term Definition binding Collection of configuration parameters, including at least an IP address, assigned by a DHCP server to a DHCP client. A binding can be dynamic (temporary) or static (permanent). Bindings are stored in the DHCP server's binding database.
Page 87: Dhcp Options
Store, manage, and provide client configuration parameters. As a DHCP server, a Services Router can provide temporary IP addresses from an IP address pool to all clients on a specified subnet, a process known as dynamic binding. Services Routers can also perform static binding, assigning permanent IP addresses to specific clients based on their media access control (MAC) addresses.
Page 88: Before You Begin
J-series Services Router Administration Guide DHCP is not supported on interfaces that are part of a virtual private network (VPN). Before You Begin Before you begin configuring the Services Router as a DHCP server, complete the following tasks: Determine the IP address pools and the lease durations to use for each subnet.
Page 89 Chapter 4: Configuring the Router as a DHCP Server Figure 8: DHCP Quick Configuration Main Page Configuring the DHCP Server with Quick Configuration...
Page 90 J-series Services Router Administration Guide Figure 9: DHCP Quick Configuration Pool Page Configuring the DHCP Server with Quick Configuration...
Page 91 Figure 10: DHCP Quick Configuration Static Binding Page To configure the DHCP server with Quick Configuration: In the J-Web interface, select Configuration>Quick Configuration>DHCP. Access a DHCP Quick Configuration page: To configure a DHCP pool for a subnet, click Add in the DHCP Pools box. To configure a static binding for a DHCP client, click Add in the DHCP Static Binding box.
Page 92 J-series Services Router Administration Guide Enter information into the DHCP Quick Configuration pages, as described in Table 37 on page 70. Click one of the following buttons on the DHCP Quick Configuration page: To apply the configuration and return to the Quick Configuration page, click To cancel your entries and return to the Quick Configuration page, click Cancel.
Page 93 Table 37: DHCP Server Quick Configuration Pages Summary (continued) Field Function Server Identifier Specifies the IP address of the DHCP server reported to a client. Domain Name Specifies the domain name that clients must use to resolve hostnames. Domain Search Specifies the order—from top to bottom—in which clients must append domain names when resolving hostnames using DNS.
Page 94: Configuring The Dhcp Server With A Configuration Editor
J-series Services Router Administration Guide Table 37: DHCP Server Quick Configuration Pages Summary (continued) Field Function Fixed IP Addresses Defines a list of IP addresses permanently (required) assigned to the client. A static binding must have at least one fixed address assigned to it, but multiple addresses are also allowed.
Page 95 Table 38: Sample DHCP Server Configuration Settings (continued) Settings Address pool subnet address High address in the pool range Low address in the pool range Address pool default lease time, in seconds Address pool maximum lease time, in seconds Domain search suffixes Address to exclude from the pool DNS server address Identifier code for router solicitation address option...
Page 96 J-series Services Router Administration Guide Table 39: Configuring the DHCP Server Task J-Web Configuration Editor Navigate to the Dhcp In the J-Web interface, select server level in the Configuration>View and Edit>Edit configuration hierarchy. Configuration. Next to System, click Configure or Edit.
Page 97: Verifying A Dhcp Server Configuration
Table 39: Configuring the DHCP Server (continued) Task J-Web Configuration Editor Define a DNS server. Next to Name server, click Add new entry. In the Address box, type Click OK. Define DHCP Next to Option, click Add new entry. option 32—the router In the Option identifier code box, type solicitation address option.
Page 98 192.168.2.50; Verify that the output shows the intended configuration of the DHCP server. Meaning For more information about the format of a configuration file, see the J-series Services Related Topics Router Basic LAN and WAN Access Configuration Guide. Verifying the DHCP Binding Database Verify that the DHCP binding database reflects your DHCP server configuration.
Page 99 IP Address 192.168.2.2 192.168.2.50 01:03:05:07:09:0B user@host> show system services dhcp binding 192.168.2.2 detail IP address Hardware address Pool Request received on Lease information: Type Obtained at Expires at State DHCP options: Name: domain-name, Value: mycompany.net mylab.net Name: name-server, Value: 192.168.10.2 Code: 16, Type: ip-address, Value: 192.168.2.33 user@host>...
Page 100 J-series Services Router Administration Guide user@host> ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2): 56 data bytes 64 bytes from 192.168.2.2: icmp_seq=0 ttl=255 time=8.856 ms 64 bytes from 192.168.2.2: icmp_seq=1 ttl=255 time=11.543 ms 64 bytes from 192.168.2.2: icmp_seq=2 ttl=255 time=10.315 ms C:\Documents and Settings\user> ipconfig /all Windows 2000 IP Configuration Host Name .
Page 101 To use the J-Web interface to ping a host, see “Using the J-Web Ping Host Related Topics Tool” on page 216. For more information about the from the CLI” on page 230 or the JUNOS System Basics and Services Command Reference. Displaying DHCP Statistics Display DHCP statistics, including lease times, packets dropped, and DHCP and Purpose...
Page 102 J-series Services Router Administration Guide Displaying DHCP Statistics...
Page 103: Configuring Autoinstallation
Chapter 5 Configuring Autoinstallation If you are setting up many J-series Services Routers, autoinstallation can help automate the configuration process by loading configuration files onto new or existing routers automatically over the network. You can use either the J-Web configuration editor or CLI configuration editor to configure a Services Router for autoinstallation.
Page 104: Autoinstallation Overview
J-series Services Router Administration Guide Table 40: Autoinstallation Terms (continued) Term host-specific configuration network.conf router.conf Autoinstallation Overview Autoinstallation provides automatic configuration for a new Services Router that you connect to the network and turn on, or for a Services Router configured for autoinstallation.
Page 105 Table 41: Interfaces and Protocols for IP Address Acqusition During Autoinstallation Interface and Encapsulation Type Ethernet LAN interface with High-level Data Link Control (HDLC) Serial WAN interface with HDLC Serial WAN interface with Frame Relay If the server with the autoinstallation configuration file is not on the same LAN segment as the new Services Router, or if a specific router is required by the network, you must configure an intermediate router directly attached to the new router, through which the new router can send Trivial File Transfer Protocol (TFTP), BOOTP, and...
Page 106: Before You Begin
J-series Services Router Administration Guide After the new Services Router acquires an IP address, the autoinstallation process on the router attempts to download a configuration file in the following ways: If the DHCP server specifies the host-specific configuration file (boot file) hostname.conf...
Page 107: Configuring Autoinstallation With A Configuration Editor
Gigabit Ethernet Serial with HDLC encapsulation If you configure the DHCP server to provide only the TFTP server hostname, add an IP address-to-hostname mapping entry for the TFTP server to the DNS database file on the DNS server in the network. If the new router is not on the same network segment as the DHCP server (or other device providing IP address resolution), configure an existing router as an intermediate to receive TFTP and DNS requests and forward them to the TFTP...
Page 108: Verifying Autoinstallation
J-series Services Router Administration Guide Table 42: Configuring Autoinstallation Task Navigate to the System level in the configuration hierarchy. Enable autoinstallation. Specify the URL address of one or more servers from which to obtain configuration files. For example: tftp://tftpconfig.sp.com ftp://user:password @sftpconfig.sp.com...
Page 109 From the CLI, enter the Action show system autoinstallation status user@host> show system autoinstallation status Autoinstallation status: Master state: Active Last committed file: None Configuration server of last committed file: 10.25.100.1 Interface: Name: ge-0/0/0 State: Configuration Acquisition Acquired: Address: 192.168.124.75 Hostname: host-ge-000 Hostname source: DNS Configuration filename: router-ge-000.conf...
Page 110 J-series Services Router Administration Guide Verifying Autoinstallation Status...
Page 111: Automating Network Operations And Troubleshooting
Chapter 6 Automating Network Operations and Troubleshooting J-series Services Routers support automation of network operations and troubleshooting tasks using commit scripts, operation scripts, and event policies. You can use commit scripts to enforce custom configuration rules. Operation scripts allow you to automate network management and troubleshooting tasks. You can configure event policies that initiate self-diagnostic actions on the occurrence of specific events.
Page 112 J-series Services Router Administration Guide Generate custom warning messages, system log messages, or error messages. If error messages are generated, the commit operation fails and the candidate configuration remains unchanged. Change the configuration in accordance with your rules and then proceed with the commit operation.
Page 113 Table 43: Enabling Commit Scripts Task J-Web Configuration Editor Navigate to the Commit level in the configuration hierarchy. Enable the commit script file—for example, commit-script.xsl Disabling Commit Scripts If you do not want a commit script to run, you can disable it by deleting or deactivating it in the configuration.
Page 114: Automating Network Management And Troubleshooting With Operation Scripts
J-series Services Router Administration Guide commit complete NOTE: You can later reactivate the commit script using the commit filename.xsl Automating Network Management and Troubleshooting with Operation Scripts Operation scripts are scripts that you write to automate network management and troubleshooting tasks. They can perform any function available through JUNOScript remote procedure calls (RPCs).
Page 115 Enabling Operation Scripts To enable operation scripts: Write an operation script. For information about writing operation scripts, see the JUNOS Configuration and Diagnostic Automation Guide. Copy the script to the Only users with superuser privileges can access and edit files in the /var/db/scripts/op Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Page 116: Running Self-Diagnostics With Event Policies
J-series Services Router Administration Guide user@host# op filename.xsl Disabling Operation Scripts If you do not want an operation script to run, you can disable it by deleting or deactivating it in the configuration. Deleting an operation script permanently removes it from the configuration. To run the script later, you must reenable the script as described in “Enabling Operation Scripts”...
Page 117: Event Policy Overview
actions when specific events occur. These actions can either help you diagnose a fault or take corrective action. This section contains the following topics: Event Policy Overview on page 95 Configuring Event Policies on page 95 Event Policy Overview In response to events, event policies can execute the following actions: Ignore the event—Do not generate a system log message for this event and do not process any further policy instructions for this event.
Page 118 J-series Services Router Administration Guide Table 45: Configuring Event Policies Task J-Web Configuration Editor Configuring Destination for Uploading Files for Analysis Navigate to the Destinations level in the configuration hierarchy. Enter the destination name—for In the Destination name box, type...
Page 119 Table 45: Configuring Event Policies (continued) Task J-Web Configuration Editor Flag the event to initiate an SNMP trap when it generates a system log message. Define the action to be taken when the configured event occurs. For example, configure the Services Router to do the following when the event occurs SNMP_TRAP_LINK_DOWN...
Page 120 J-series Services Router Administration Guide Running Self-Diagnostics with Event Policies...
Page 121 Part 2 Monitoring a Services Router Monitoring the Router and Routing Operations on page 101 Monitoring Events and Managing System Log Files on page 155 Configuring and Monitoring Alarms on page 165 Monitoring a Services Router...
Page 122 J-series Services Router Administration Guide Monitoring a Services Router...
Page 123: Chapter 7 Monitoring The Router And Routing Operations
Chapter 7 Monitoring the Router and Routing Operations J-series Services Routers support a suite of J-Web tools and CLI operational mode commands for monitoring system health and performance. Monitoring tools and commands display the current state of the router. This chapter contains the following topics. For complete descriptions of CLI operational...
Page 124: Monitoring Tools Overview
J-series Services Router Administration Guide You can also monitor the router with CLI operational mode commands. CLI command output appears on the screen of your console or management device, or you can filter the output to a file. This section contains the following topics:...
Page 125 Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued) Monitor Option Function Routing Displays routing information through the following options: Route Information—Information about the routes in a routing table, including destination, protocol, state, and parameter information. You can narrow the list of routes displayed by specifying search criteria.
Page 126 J-series Services Router Administration Guide Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued) Monitor Option Function MPLS Displays information about MPLS label-switched paths (LSPs) and virtual private networks (VPNs) through the following options: Interfaces—Information about the interfaces on which MPLS is enabled, including operational state and any administrative groups applied to an interface.
Page 127 TGM550 connectivity and digital signal processor (DSP) capacity. Telephony Interface Module Information—Displays the online and offline status of telephony interface modules (TIMs) installed in a J-series router. For details, see “Monitoring the TGM550 Media Gateway (VoIP)” on page 151. Filtering Command Output For operational commands that display output, such as the can redirect the output into a filter or a file.
Page 128: Before You Begin
NOTE: To filter the output of configuration mode commands, use the filter commands provided for the operational mode commands. In configuration mode, an additional filter is supported. See the J-series Services Router Basic LAN and WAN Access Configuration Guide. Before You Begin To use the J-Web interface and CLI operational tools, you must have the appropriate access privileges.
Page 129: Using The Monitoring Tools
Table 48: Summary of Key System Properties Output Fields Field Values System Identification Serial Serial number for the J-series Services Router. Number JUNOS Version of JUNOS software active on the Services Software Router, including whether the software is for domestic Version or export use.
Page 130 J-series Services Router Administration Guide Table 48: Summary of Key System Properties Output Fields (continued) Field Values Router Hostname of the Services Router, as defined with the Hostname set system hostname command. Router IP IP address, in dotted decimal notation, of Ethernet...
Page 131 Table 48: Summary of Key System Properties Output Fields (continued) Field Values Total Total RAM available on the Services Router. Memory Available Total Total RAM currently being consumed by processes Memory actively running on the Services Router, displayed Used both as a quantity of memory and as a percentage of the total RAM on the router.
Page 132: Monitoring System Process Information
J-series Services Router Administration Guide Table 48: Summary of Key System Properties Output Fields (continued) Field Values Memory Percentage of the installed RAM that is being used by Usage the process. System Storage Total Flash Total size, in megabytes, of the primary flash device.
Page 133: Monitoring The Chassis
CAUTION: Do not install a combination of PIMs in a single chassis that exceeds the maximum power and heat capacity of the chassis. If J-series power management is enabled, PIMs that exceed the maximum power and heat limits remain offline when the chassis is powered on.
Page 134 Alarms” on page 165. Speed is adjusted automatically according to the current temperature. On J-series Services Routers, an FPC and a PIM are the same physical unit. The PIM number is always 0. Supply the version number when reporting any hardware problems to customer support.
Page 135: Monitoring The Interfaces
For J-series PIMs, the description lists the number and type of the ports on the PIM—identified in the display as a PIC. On J-series Services Routers, an FPC and a PIM are the same physical unit. J-series Services Routers do not monitor and report the temperature of PIMs.
Page 136 Field Values Interface Summary Interface Name of interface. Name (See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide.) Oper State Link state of the interface: Admin Whether the interface is enabled up (...
Page 137: Monitoring Routing Information
Table 51: Summary of Key Interfaces Output Fields (continued) Field Values Admin Whether the interface is enabled up ( State Down Maximum transmission unit (MTU) size on the physical interface. Speed Speed at which the interface is running. Current Configured media access control (MAC) address. Address Hardware Hardware MAC address.
Page 138: Monitoring Route Information
J-series Services Router Administration Guide This section contains the following topics: Monitoring Route Information on page 116 Monitoring BGP Routing Information on page 117 Monitoring OSPF Routing Information on page 119 Monitoring RIP Routing Information on page 120 Monitoring DLSw Routing Information on page 121...
Page 139: Monitoring Bgp Routing Information
Table 52: Summary of Key Routing Information Output Fields (continued) Field Values Next-Hop Network layer address of the directly reachable neighboring system (if applicable) and the interface used to reach it. How long the route has been known. State Flags for this route. AS Path AS path through which the route was learned.
Page 140 J-series Services Router Administration Guide Table 53: Summary of Key BGP Routing Output Fields (continued) Field Values Down Number of unavailable BGP peers. Peers Peer Address of each BGP peer. InPkt Number of packets received from the peer, OutPkt Number of packets sent to the peer.
Page 141: Monitoring Ospf Routing Information
Table 53: Summary of Key BGP Routing Output Fields (continued) Field Values Export Names of any export policies configured on the peer. Import Names of any import policies configured on the peer. Number of Number of times the BGP sessions has changed state flaps from Down...
Page 142: Monitoring Rip Routing Information
J-series Services Router Administration Guide Table 54: Summary of Key OSPF Routing Output Fields (continued) Field Values Area Number of the area that the interface is in. DR ID Address of the area's designated router. BDR ID Address of the area's backup designated router.
Page 143: Monitoring Dlsw Routing Information
DLSw Capabilities Peer IP address of the peer DLSw router Vendor ID Numerical value assigned to Juniper Networks. Chapter 7: Monitoring the Router and Routing Operations Additional Information This value is the name of the interface on which RIP is enabled. The name is set in either of the following...
Page 144 Values Version DLSw protocol version. number Initial Frequency at which packets are sent. pacing window Version Juniper Networks software version information. string DLSw Circuits Circuit id DLSw circuit ID Local MAC address of the local DLSw peer. Address LSAP Number of the local service access point.
Page 145: Monitoring Class-Of-Service Performance
Table 56: Summary of Key DLSw Routing Information Output Fields (continued) Field Values DLSw Reachability MAC index Number assigned to the remote DLSw peer. MAC address of the remote DLSw peer. address Remote IP address of the remote DLSw peer. DLSw address Monitoring Class-of-Service Performance...
Page 146 J-series Services Router Administration Guide Table 57: Summary of Key CoS Interfaces Output Fields Field Values Interface Name of a physical interface to which CoS components are assigned. Scheduler Map Name of the scheduler map associated with this interface. Queues Supported Number of queues you can configure on the interface.
Page 147 Table 58: Summary of Key CoS Classifier Output Fields (continued) CoS Value Type The classifiers are displayed by type: Index Internal index of the classifier. Incoming CoS Value CoS value of the incoming packets, in bits. These values are used for classification. Assign to Forwarding Class Forwarding class that the classifier assigns to an incoming packet.
Page 148 J-series Services Router Administration Guide Table 59: Summary of Key CoS Value Alias Output Fields Field Values CoS Value Type Type of the CoS value: CoS Value Alias Name given to a set of bits—for example, af11 Bit Pattern Set of bits associated with an alias.
Page 149 Table 60: Summary of Key CoS RED Drop Profile Output Fields (continued) Field Values Type Type of a specific drop profile: For information about types of drop profiles, see the JUNOS Class of Service Configuration Guide. Index Internal index of this drop profile. Fill Level Percentage fullness of a buffer queue.
Page 150 J-series Services Router Administration Guide Table 61: Summary of Key CoS Forwarding Class Output Fields Field Values Forwarding Class Names of forwarding classes assigned to queue numbers. By default, the following forwarding classes are assigned to queues 0 through 3:...
Page 151 Table 62: Summary of Key CoS Rewrite Rules Output Fields (continued) Field Values Forwarding Class Forwarding class that in combination with loss priority is used to determine CoS values for rewriting. Loss Priority Loss priority that in combination with forwarding class is used to determine CoS values for rewriting.
Page 152: Monitoring Mpls Traffic Engineering Information
J-series Services Router Administration Guide Table 63: Summary of Key CoS Scheduler Maps Output Fields (continued) Field Values Buffer Size Delay buffer size in the queue or the amount of transmit delay (in milliseconds). The buffer size can be either of the following:...
Page 153: Monitoring Rsvp Session Information
Monitoring RSVP Session Information on page 133 Monitoring MPLS RSVP Interfaces Information on page 134 Monitoring MPLS Interfaces To view the interfaces on which MPLS is configured, select Monitor>MPLS>Interfaces, or enter the following CLI command: show mpls interface Table 64 on page 131 summarizes key output fields in the MPLS interface information display.
Page 154 J-series Services Router Administration Guide Table 65: Summary of Key MPLS LSP Information Output Fields (continued) Field Values From Source (inbound router) of the session. State State of the path. It can be Number of active routes (prefixes) installed in the routing table.
Page 155 Table 66: Summary of Key MPLS LSP Statistics Output Fields Field Values Ingress LSP Information about LSPs on the inbound router. Each session has one line of output. Egress LSP Information about the LSPs on the outbound router. Each session has one line of output. Transit LSP Number of LSPs on the transit routers and the state of these paths.
Page 156: Monitoring Mpls Rsvp Interfaces Information
J-series Services Router Administration Guide Table 67: Summary of Key RSVP Session Information Output Fields (continued) Field Values Transit LSP Information about transit RSVP sessions. Destination (outbound router) of the session. From Source (inbound router) of the session. State State of the path: Number of active routes (prefixes) installed in the routing table.
Page 157: Monitoring Service Sets
You must configure IPSec services in a separate service set. For more information about using service sets with these features, see the J-series Services Router Advanced WAN Access Configuration Guide. Service set information includes the services interfaces on the Services Router, the number of services sets configured on the interfaces, and the total CPU used by the service sets.
Page 158: Monitoring Firewalls
J-series Services Router Administration Guide Table 69: Summary of Key Service Set Output Fields Field Values Service Set Summary Interface Name of the adaptive services interface on the Services Router—always Service sets Total number of service sets configured on the configured Services Router.
Page 159: Monitoring Stateful Firewall Statistics
NAT Ports Exhausted—Number of packets dropped because the router has no available NAT ports to assign for a given source address. For more information about these match conditions, see the J-series Services Router Advanced WAN Access Configuration Guide and the JUNOS Services Interfaces Configuration Guide.
Page 160 J-series Services Router Administration Guide Table 70: Summary of Key Stateful Firewall Statistics Output Fields (continued) Field Values Errors Number of protocol errors detected: IP—Number of IPv4 errors (for example, TCP—Number of TCP errors (for example, UDP—Number of UDP errors (for example, (8 bytes) ICMP—Number of ICMP errors (for example,...
Page 161 Table 71: Summary of Key Stateful Firewall Filters Output Fields (continued) Field Values Direction Direction of the flow: Frames Number of frames in the flow. Monitoring Firewall Intrusion Detection Services (IDS) To view intrusion detection service (IDS) information for stateful firewall filters, select Monitor>Firewall>IDS Information.
Page 162: Monitoring Ipsec Tunnels
J-series Services Router Administration Guide Table 73 on page 140 summarizes key output fields for stateful firewall filter intrusion detection. Table 73: Summary of Key Firewall IDS Output Fields Field Values Source Address Source address for the event. Destination address Destination address for the event.
Page 163 Table 74: Summary of Key IPSec Output Fields (continued) Field Values Remote Gateway Gateway address of the remote system. Direction Direction of the IPSec tunnel: Protocol Protocol supported: either Encapsulation Security Protocol ( AH+ESP Tunnel Index Numeric identifier of the IPSec tunnel. Tunnel Local Identity Prefix and port number of the local endpoint of the IPSec tunnel.
Page 164: Monitoring Nat Pools
Each exchange type provides a particular set of security services, such as anonymity of the participants, perfect forward secrecy of the keying material, and authentication of the participants. J-series Services Routers support the following types of IKE exchanges: —IKE exchange is done with six messages.
Page 165: Monitoring Dhcp
show services nat pool Table 75 on page 143 summarizes key output fields in NAT displays. Table 75: Summary of Key NAT Output Fields Field Values NAT Pools NAT Pool Name of the NAT pool. Pool Start Address Lower address in the NAT pool address range. Pool Address End Upper address in the NAT pool address range.
Page 166 J-series Services Router Administration Guide Table 76: Summary of DHCP Output Fields (continued) Field Values Binding Type of binding assigned to the client: Type static Lease Date and time the lease expires, or Expires that do not expire. DHCP Conflicts Detection Date and time the client detected the conflict.
Page 167: Monitoring Rpm Probes
Monitoring RPM Probes The RPM information includes the round-trip time, jitter, and standard deviation values for each configured RPM test on the Services Router. To view these RPM properties, select Monitor>RPM in the J-Web interface, or enter the following CLI command: show show services rpm probe-results...
Page 168 J-series Services Router Administration Guide Table 77: Summary of Key RPM Output Fields (continued) Field Values Minimum Shortest round-trip time from the Services Router to the remote server, as measured over the course of the test. Maximum Longest round-trip time from the Services Router to the remote server, as measured over the course of the test.
Page 169: Monitoring Ppp
Table 77: Summary of Key RPM Output Fields (continued) Field Values Cumulative Jitter for a Probe Samples Total number of probes used for the data set. Earliest System time when the first probe in the sample was Sample received. Latest System time when the last probe in the sample was Sample received.
Page 170: Monitoring Pppoe
Values PPPoE Interfaces Interface Name of the PPPoE interface. (See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide.) State State of the PPPoE session on the interface. Session ID Unique session identifier for the PPPoE session.
Page 171 Table 78: Summary of Key PPPoE Output Fields (continued) Field Values Service Name Type of service required from the access concentrator. Configured AC Configured access concentrator name. Name Session AC Names Name of the access concentrator. AC MAC Address Media access control (MAC) address of the access concentrator.
Page 172 J-series Services Router Administration Guide Table 78: Summary of Key PPPoE Output Fields (continued) Field Values Packet Type Packets sent and received during the PPPoE session, categorized by packet type and packet error: —PPPoE Active Discovery Initiation PADI packets. PADO —PPPoE Active Discovery Offer...
Page 173: Monitoring The Tgm550 Media Gateway (Voip)
Table 78: Summary of Key PPPoE Output Fields (continued) Field Values PADI Resend Initial time, (in seconds) the Services Router waits Timeout to receive a PADO packet for the PADI packet sent—for example, doubles for each successive PADI packet sent. PADR Resend Initial time (in seconds) the Services Router waits Timeout...
Page 174 Services Router. Interface Name Name of interface on which dynamic CAC is configured. (See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide.) State Link state of the interface: Activation Priority Activation priority configured on the interface.
Page 175 Table 79: Summary of Key Media Gateway Information Output Fields (continued) Field Values DSP Capacity Number of voice channels in the low-capacity DSP. Chapter 7: Monitoring the Router and Routing Operations Additional Information Using the Monitoring Tools...
Page 176 J-series Services Router Administration Guide Using the Monitoring Tools...
Page 177: Monitoring Events And Managing System Log Files
Monitoring Events and Managing System Log Files J-series Services Routers support configuring and monitoring of system log messages (also called syslog messages). You can configure files to log system messages and also assign attributes, such as severity levels, to messages. The View Events page on the J-Web interface enables you to filter and view system log messages.
Page 178: System Log Messages Overview
J-series Services Router Administration Guide Table 80: System Log Message Terms (continued) Term Definition priority Combination of the facility and severity level of a system log message. By default, priority information is not included in system log messages, but you can configure the JUNOS software to include it.
Page 179: System Log Message Destinations
The JUNOS system logging utility is similar to the UNIX log message identifies the software process that generated the message and briefly describes the operation or error that occurred. Reboot requests are recorded to the system log files, which you can view with the show log command.
Page 180: Regular Expressions
J-series Services Router Administration Guide Table 81: System Logging Facilities (continued) Facility interactive-commands kernel user Table 82: System Logging Severity Levels Severity Level (from Highest to Lowest Severity) Description System panic or other conditions that cause the routing platform to stop functioning.
Page 181: Before You Begin
Before you begin configuring and monitoring system log messages, complete the following tasks: Establish basic connectivity. See the Getting Started Guide for your router. Configure network interfaces. See the J-series Services Router Basic LAN and WAN Access Configuration Guide. Chapter 8: Monitoring Events and Managing System Log Files Matching Terms One instance of any character except the space.
Page 182: Configuring System Log Messages With A Configuration Editor
J-series Services Router Administration Guide Configuring System Log Messages with a Configuration Editor This section contains the following topics: Sending System Log Messages to a File on page 160 Sending System Log Messages to a User Terminal on page 161...
Page 183 Sending System Log Messages to a User Terminal To direct system log messages to the terminal session of one or more specific users (or all users) when they are logged into the local Routing Engine, specify one or more JUNOS usernames. Separate multiple values with spaces, or use the asterisk (*) to indicate all users who are logged into the local Routing Engine.
Page 184: Monitoring System Log Messages With The J-Web Event Viewer
J-series Services Router Administration Guide and permissions for the specified log file. For configuration details, see the information about archiving log files in the JUNOS System Basics Configuration Guide. Disabling System Logs To disable logging of the messages from a facility, use the statement.
Page 185 Table 86: Filtering System Log Messages (continued) Field Function Event ID Specifies the Event ID for which you want to display the messages. Allows you to type part of the ID and completes the remaining automatically. An event ID, also known as system log message code, uniquely identifies a system log message.
Page 186 J-series Services Router Administration Guide Viewing System Log Messages By default, the View Events page displays the most recent 25 events, with severity levels highlighted in different colors. After you specify the filters, Event Summary displays the events matching the specified filters. Click First, Next, Prev, and Last links to navigate through messages.
Page 187: Configuring And Monitoring Alarms
Chapter 9 Configuring and Monitoring Alarms Alarms on a J-series Services Router alert you to conditions on a network interface, on the router chassis, or in the system software that might prevent the router from operating normally. You can set the conditions that trigger alarms on an interface.
Page 188: Alarm Types
J-series Services Router Administration Guide Table 88: Alarm Terms (continued) Term Definition interface alarm Alarm triggered by the state of a physical link on a fixed or installed Physical Interface Module (PIM), such as a link failure or a missing signal.
Page 189: Alarm Severity
Alarm Severity Alarms on a Services Router have two severity levels: Major (red)—Indicates a critical situation on the router that has resulted from one of the following conditions. A red alarm condition requires immediate action. One or more hardware components have failed. One or more hardware components have exceeded temperature thresholds.
Page 190 J-series Services Router Administration Guide Table 89: Interface Alarm Conditions Interface Alarm Condition DS1 (T1) Alarm indication signal Yellow alarm Ethernet Link is down Integrated Hardware or software failure services Serial Clear-to-Send signal absent Data Carrier Detect signal absent Data Set Ready signal absent...
Page 191 Table 89: Interface Alarm Conditions (continued) Interface Alarm Condition Services Services module hardware down Services link down Services module held in reset Services module reset Services module software down Alarm indication signal Loss of signal Out of frame Remote defect indication Chapter 9: Configuring and Monitoring Alarms Description A hardware problem has occurred on the Services...
Page 192 J-series Services Router Administration Guide Table 89: Interface Alarm Conditions (continued) Interface Alarm Condition T3 (DS3) Alarm indication signal Excessive number of zeros Far-end receive failure Idle alarm Line code violation Loss of frame Loss of signal Phase-locked loop out of lock...
Page 193 Table 90: Chassis Alarm Conditions and Corrective Actions Component Alarm Conditions Alternative boot media The Services Router boots from an alternative boot device. A PIM has failed. When a PIM fails, it attempts to reboot. If the Routing Engine detects that a PIM is rebooting too often, it shuts down the PIM.
Page 194: Before You Begin
Before you begin configuring and monitoring alarms, complete the following tasks: Establish basic connectivity. See the Getting Started Guide for your router. Configure network interfaces. See the J-series Services Router Basic LAN and WAN Access Configuration Guide. Configuring Alarms with a Configuration Editor To configure interface alarms on a Services Router, you must select the network interface on which to apply an alarm and the condition you to trigger the alarm.
Page 195 Table 92: Configuring Interface Alarms Task Navigate to the Alarm level in the configuration hierarchy. Configure the system to generate a red interface alarm when a Yellow alarm is detected on a T1 (DS1) link. Configure the system to generate a red interface alarm when a link down failure is detected on an Ethernet link.
Page 196: Checking Active Alarms
J-series Services Router Administration Guide Table 92: Configuring Interface Alarms (continued) Task Configure the system to display active system alarms whenever a user with the login class logs in to the router. admin To define login classes, see the JUNOS System Basics Configuration Guide.
Page 197: Verifying The Alarms Configuration
Table 93: Summary of Key Alarm Output Fields (continued) Field Values Received at Date and time when the alarm condition was detected. Severity Alarm severity—either major (red) or minor (yellow). Subject Brief synopsis of the alarm. Detailed Alarm Message Received at Date and time when the failure was detected.
Page 198 Verify that the output shows the intended configuration of the alarms. T3 alarms DS1 alarms Ethernet alarms Serial alarms For more information about the format of a configuration file, see the J-series Services Related Topics Router Basic LAN and WAN Access Configuration Guide. Displaying Alarm Configurations...
Page 199: Managing Services Router Software
Part 3 Managing Services Router Software Performing Software Upgrades and Reboots on page 179 Managing Files on page 199 Managing Services Router Software...
Page 200 J-series Services Router Administration Guide Managing Services Router Software...
Page 201: Performing Software Upgrades And Reboots
Performing Software Upgrades and Reboots A J-series Services Router is delivered with the JUNOS software preinstalled. When you power on the router, it starts (boots) up using its primary boot device. All Services Routers support a secondary boot device that allows you to back up your primary boot device and configuration.
Page 202: Upgrade Software Packages
A sample J-series upgrade software package name is Recovery Software Packages Download a recovery software package, also known as an install media package, to recover a primary compact flash.
Page 203: Before You Begin
A sample J-series recovery software package name is junos-jseries-9.0R1-export-cf256.gz Before You Begin To download software upgrades, you must have a Juniper Networks Web account and a valid support contract. To obtain an account, complete the registration form at the Juniper Networks Web site: Before an upgrade, back up your primary boot device onto a secondary storage device.
Page 204: Installing Software Upgrades With The J-Web Interface
Download the software to a local host or to an internal software distribution site. NOTE: For downloads to J-series Services Routers with 256 MB of flash memory, see the J-series Services Router Release Notes for special instructions and ensure that you...
Page 205 To install software upgrades by uploading files: Download the software package as described in “Downloading Software Upgrades from Juniper Networks” on page 181. In the J-Web interface, select Manage>Software>Upload Package. On the Upload Package page, enter information into the fields described in Table 96 on page 183.
Page 206: Installing Software Upgrades With The Cli
To install software upgrades on a router with the CLI: If your router has 256 MB of flash memory and 256 MB of RAM, see the special instructions in the J-series Services Router Release Notes. Download the software package as described in “Downloading Software Upgrades from Juniper Networks”...
Page 207: Downgrading The Software
Downgrading the Software When you upgrade the JUNOS software, the router creates a backup image of the software that was previously installed, as well as installs the requested software upgrade. To downgrade the software, you can use the backup image of the software that was previously installed, which is saved on the router.
Page 208: Configuring Boot Devices
J-series Services Router Administration Guide router. To downgrade to an earlier version of software, follow the procedure for upgrading, using the JUNOS software image labeled with the appropriate release. To downgrade software with the CLI: Enter the JUNOS software version: user@host>...
Page 209 Figure 16 on page 187 shows the Snapshot page. Figure 16: Snapshot Page To create a boot device: In the J-Web interface, select Manage>Snapshot. On the Snapshot page, enter information into the fields described in Table 97 on page 187. Click Snapshot.
Page 210 J-series Services Router Administration Guide Table 97: Snapshot Summary (continued) Field Function As Primary Media On an external compact flash or USB storage device only, creates a snapshot for use as the primary boot medium. Use this feature to replace the medium in the internal compact flash slot or to replicate it for use in another Services Router.
Page 211 Configuring a Boot Device for Backup with the CLI Use the request system snapshot Router on an alternate medium, to replace the primary boot device or serve as a backup. Enter the command with the following syntax: user@host> request system snapshot <as-primary> <config-size size> <data-size size>...
Page 212: Configuring A Boot Device To Receive Software Failure Memory Snapshots
J-series Services Router Administration Guide Table 98: CLI request system snapshot Command Options (continued) Option Description Partitions the medium. This option is usually necessary for boot devices that do not have software partition already installed on them. Specifies the size of the...
Page 213: Recovering Primary Boot Devices
Table 99: CLI set system dump-device Command Options Option Description Uses whatever device was booted from as the system software failure memory snapshot boot-device device. Uses the internal compact flash as the system software failure memory snapshot device. compact-flash Uses the compact flash on the front of the router (J4300 and J6300 only) as the system removable-compact-flash software failure memory snapshot device.
Page 214 To recover an internal compact flash with a corrupt or missing operating system, you must remove the corrupt internal compact from the J-series Services Router, plug it into a PC with a PCMIA adapter or USB card reader, copy the JUNOS recovery software package onto it, and reinstall on the router.
Page 215 Recovery software packages are available from the same location as J-series upgrade software packages. (See “Downloading Software Upgrades from Juniper Networks” on page 181.) To recover an internal compact flash: Plug the compact flash into a PCMCIA adapter or USB card reader.
Page 216: Rebooting Or Halting A Services Router
NOTE: The copy process can take several minutes. After copying the software package to the compact flash, you can use it as the internal compact flash in any J-series Services Router. For installation instructions, see the Getting Started Guide for your router.
Page 217 Choose the boot device from the Reboot from media list: compact-flash—Reboots from the internal compact flash. This selection is the default choice. removable-compact-flash—Reboots from the optional external compact flash. This selection is available on J2320, J2350, J4300, and J6300 Services Routers only.
Page 218 J-series Services Router Administration Guide Table 101: CLI Request System Reboot Command Options (continued) Option Description Specifies the time at which to reboot the router. You can specify time in one of the at time following ways: in minutes Specifies the number of minutes from now to reboot the router. This option is a...
Page 219 Table 102: CLI Request System Halt Command Options (continued) Option Description Time at which to stop the software processes on the router. You can specify time in at time one of the following ways: Specifies the number of minutes from now to stop the software processes on the router. in minutes This option is a synonym for the Specifies the boot device to boot the router from after the halt:...
Page 220 J-series Services Router Administration Guide Rebooting or Halting a Services Router...
Page 221: Managing Files
Chapter 11 Managing Files You can use the J-Web interface to perform routine file management operations such as archiving log files and deleting unused log files, cleaning up temporary files and crash files, and downloading log files from the routing platform to your computer. You can also encrypt the configuration files with the CLI configuration editor to prevent unauthorized users from viewing sensitive configuration information.
Page 222: Downloading Files
J-series Services Router Administration Guide Rotates log files—All information in the current log files is archived, old archives are deleted, and fresh log files are created. Deletes log files in deleted. Deletes temporary files in two days are deleted. Deletes all crash files in during an error are deleted.
Page 223: Deleting The Backup Software Image
The file is downloaded. Deleting the Backup Software Image J-series software keeps a backup image of the software that was previously installed so that you can downgrade to that version of the software if necessary. You can use the J-Web interface to delete this backup image. If you delete this image, you cannot downgrade to this particular version of the software.
Page 224: Managing Accounting Files
J-series Services Router Administration Guide Rotates log files—All information in the current log files is archived, old archives are deleted, and fresh log files are created. Deletes log files in deleted. Deletes temporary files in two days are deleted. Deletes all crash files in during an error are deleted.
Page 225: Encrypting Configuration Files
user@host> set file filename nonpersistent For more information about the Management Configuration Guide. CAUTION: If log files for accounting data are stored on DRAM, these files are lost when the router reboots. Therefore, we recommend that you back up these files periodically.
Page 226 J-series Services Router Administration Guide Encrypting Configuration Files To encrypt configuration files on a Services Router: Enter operational mode in the CLI. To configure an encryption key in EEPROM and determine the encryption process, enter one of the in Table 103 on page 204.
Page 227 user@host# set encrypt-configuration-files To begin the encryption process, commit the configuration. user@host# commit commit complete Decrypting Configuration Files To disable the encryption of configuration files on a Services Router and make them readable to all: Enter operational mode in the CLI. To verify your permission to decrypt configuration files on this router, enter the following command and the encryption key for the router: user@host>...
Page 228 J-series Services Router Administration Guide To modify the encryption key: Enter operational mode in the CLI. To configure a new encryption key in EEPROM and determine the encryption process, enter one of the in Table 103 on page 204. For example: user@host>...
Page 229 Part 4 Diagnosing Performance and Network Problems Using Services Router Diagnostic Tools on page 209 Configuring Packet Capture on page 253 Configuring RPM Probes on page 267 Diagnosing Performance and Network Problems...
Page 230 J-series Services Router Administration Guide Diagnosing Performance and Network Problems...
Page 231: Using Services Router Diagnostic Tools
Chapter 12 Using Services Router Diagnostic Tools J-series Services Routers support a suite of J-Web tools and CLI operational mode commands for evaluating system health and performance. Diagnostic tools and commands test the connectivity and reachability of hosts in the network.
Page 232: Diagnostic Tools Overview
J-series Services Router Administration Guide Table 104: J-series Diagnostic Terms (continued) Term Definition strict source routing Option in the IP header used to route a packet based on information supplied by the source. A gateway or host must route the packet exactly as specified by this information.
Page 233 Table 105: J-Web Interface Diagnose and Manage Options (continued) Option Function Traceroute Allows you to trace a route between the Services Router and a remote host. You can configure advanced options for the traceroute operation. For details, see “Tracing Unicast Routes from the J-Web Interface” on page 223. Packet Capture Allows you to capture and analyze router control traffic.
Page 234 J-series Services Router Administration Guide Table 106: CLI Diagnostic Command Summary Command Controlling the CLI Environment set option Diagnosis and Troubleshooting clear mtrace monitor ping ping mpls test traceroute Connecting to Other Network Systems telnet Management copy restart option request...
Page 235 Table 106: CLI Diagnostic Command Summary (continued) Command start configuration quit MPLS Connection Checking Use either the J-Web ping MPLS diagnostic tool or the CLI diagnose the state of label-switched paths (LSPs), Layer 2 and Layer 3 virtual private networks (VPNs), and Layer 2 circuits. When you use the ping MPLS feature from a Services Router operating as the inbound (ingress) node at the entry point of an LSP or VPN, the router sends probe packets into the LSP or VPN.
Page 236 For information about interface connections related to a Layer 2 VPN. names, See the interface naming The Services Router directs outgoing conventions in the J-series Services request probes out the specified Router Basic LAN and WAN Access interface. Configuration Guide.
Page 237: Before You Begin
VPN or LSP. If MPLS is not enabled, the remote endpoint drops the incoming request packets and returns an “ICMP host unreachable” message to the Services Router. To enable MPLS on an interface, see the J-series Services Router Advanced WAN Access Configuration Guide.
Page 238: Pinging Hosts From The J-Web Interface
J-series Services Router Administration Guide Pinging Hosts from the J-Web Interface This section contains the following topics: Using the J-Web Ping Host Tool on page 216 Ping Host Results and Output Summary on page 218 Using the J-Web Ping Host Tool You can ping a host to verify that the host can be reached over the network.
Page 239 Table 108: J-Web Ping Host Field Summary (continued) Field Function Don't Resolve Determines whether to display hostnames of the Addresses hops along the path. Interface Specifies the interface on which the ping requests are sent. Count Specifies the number of ping requests to send. Don't Fragment Specifies the Don't Fragment (DF) bit in the IP header of the ping request packet.
Page 240 J-series Services Router Administration Guide Ping Host Results and Output Summary Table 109 on page 218 summarizes the output in the ping host display. If the Services Router receives no ping responses from the destination host, review the list after Table 109 on page 218 for a possible explanation.
Page 241: Checking Mpls Connections From The J-Web Interface
For more information about ICMP, see RFC 792, Internet Control Message Protocol. Checking MPLS Connections from the J-Web Interface Use the J-Web ping MPLS diagnostic tool to diagnose the state of label-switched paths (LSPs), Layer 2 and Layer 3 VPNs, and Layer 2 circuits. Alternatively, you can use the CLI commands l2vpn , and...
Page 242 Locate LSP using interface name Interface Specifies the interface on which the ping requests are sent. (See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide.) Source Address Specifies the source address of the ping request packet.
Page 243 Table 110: J-Web Ping MPLS Field Summary (continued) Field Function Instance to which this connection belongs Layer 2VPN Identifies the Layer 2 VPN to ping. Name Remote Site Specifies the remote site identifier of the Layer 2 Identifier VPN to ping. Source Address Specifies the source address of the ping request packet.
Page 244 J-series Services Router Administration Guide Table 110: J-Web Ping MPLS Field Summary (continued) Field Function Source Address Specifies the source address of the ping request packet. Count Specifies the number of ping requests to send. Detailed Output Requests the display of extensive rather than brief ping output.
Page 245: Tracing Unicast Routes From The J-Web Interface
The host is not operational. There are network connectivity problems between the Services Router and the host. The host might be configured to ignore echo requests. The host might be configured with a firewall filter that blocks echo requests or echo responses.
Page 246 J-series Services Router Administration Guide The Services Router sends a total of three traceroute packets to each router along the path and displays the round-trip time for each traceroute operation. If the Services Router times out before receiving a (*) is displayed for that round-trip time.
Page 247 Table 112: Traceroute Field Summary (continued) Field Function Resolve AS Determines whether the autonomous system (AS) Numbers number of each intermediate hop between the router and the destination host is displayed. Traceroute Results and Output Summary Table 113 on page 225 summarizes the output in the traceroute display. If the Services Router receives no responses from the destination host, review the list after Table 113 on page 225 for a possible explanation.
Page 248: Capturing And Viewing Packets With The J-Web Interface
J-series Services Router Administration Guide For more information about ICMP, see RFC 792, Internet Control Message Protocol. Capturing and Viewing Packets with the J-Web Interface You can use the J-Web packet capture diagnostic tool when you need to quickly capture and analyze router control traffic on a Services Router. Packet capture on the J-Web interface allows you to capture traffic destined for or originating from the Routing Engine.
Page 249 To stop capturing packets and return to the Packet Capture page, click OK. Figure 24: Packet Capture Page Table 114: Packet Capture Field Summary Field Function Interface Specifies the interface on which the packets are captured. If you select default, packets on the Ethernet management port 0, are captured.
Page 250 J-series Services Router Administration Guide Table 114: Packet Capture Field Summary (continued) Field Function Absolute TCP Specifies that absolute TCP sequence numbers are Sequence to be displayed for the packet headers. Layer 2 Headers Specifies that link-layer packet headers are to be displayed.
Page 251 Table 114: Packet Capture Field Summary (continued) Field Function Write Packet Writes the captured packets to a file in PCAP format Capture File /var/tmp . The files are named with the prefix and the extension jweb-pcap If you select this option, the decoded packet headers are not displayed on the packet capture page.
Page 252: Using Cli Diagnostic Commands
J-series Services Router Administration Guide Table 115: J-Web Packet Capture Results and Output Summary (continued) Field Description Size of the packet (in bytes). data size Using CLI Diagnostic Commands Because the CLI is a superset of the J-Web interface, you can perform certain tasks only through the CLI.
Page 253 Table 116: CLI ping Command Options (continued) Option Description (Optional) Sends the ping requests on the interface you specify. If you do not include this option, interface source-interface ping requests are sent on all interfaces. (Optional) Bypasses the routing tables and sends the ping requests only to hosts on directly bypass-routing attached interfaces.
Page 254 J-series Services Router Administration Guide Table 116: CLI ping Command Options (continued) Option Description (Optional) Sets the time-to-live (TTL) value for the ping request packet. Specify a value from ttl number through (Optional) Sets the maximum time to wait after sending the last ping request packet. If you do...
Page 255: Pinging Rsvp-Signaled Lsps And Ldp-Signaled Lsps
ping mpls the following ways: Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs on page 233 Pinging Layer 3 VPNs on page 234 Pinging Layer 2 VPNs on page 235 Pinging Layer 2 Circuits on page 236 Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs Enter the ping mpls describes the...
Page 256 J-series Services Router Administration Guide The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool. For information, see “Ping MPLS Results and Output” on page 222. Pinging Layer 3 VPNs Enter the...
Page 257 Pinging Layer 2 VPNs Enter the ping mpls l2vpn 235 describes the user@host> ping mpls l2vpn interface interface-name | instance l2vpn-instance-name local-site-id local-site-id-number remote-site-id remote-site-id-number <bottom-label-ttl> <exp forwarding-class> <count number> <source source-address> <detail> To quit the Alternatively, you can use the J-Web interface. (See “Checking MPLS Connections from the J-Web Interface”...
Page 258 J-series Services Router Administration Guide Reply for seq 5, return code: Egress-ok --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool.
Page 259: Tracing Unicast Routes From The Cli
Tracing Unicast Routes from the CLI Use the CLI Router and a specified destination host. This command is useful for diagnosing a point of failure in the path from the Services Router to the destination host, and addressing network traffic latency and throughput problems. The Services Router generates the list of routers by sending a series of ICMP traceroute packets in which the time-to-live (TTL) value in the messages sent to each successive router is incremented by 1.
Page 260 J-series Services Router Administration Guide Table 121: CLI traceroute Command Options (continued) Option Description (Optional) Bypasses the routing tables and sends the traceroute packets only to hosts on directly bypass-routing attached interfaces. If the host is not on a directly attached interface, an error message is returned.
Page 261 To quit the Table 122: CLI traceroute monitor Command Options Option Description Sends traceroute packets to the hostname or IP address you specify. host (Optional) Limits the number of ping requests, in packets, to send in summary mode. If you do count number not specify a count, ping requests are continuously sent until you press Q.
Page 262: Tracing Multicast Routes From The Cli
J-series Services Router Administration Guide Table 123: CLI traceroute monitor Command Output Summary Field Description host Hostname or IP address of the Services Router issuing the size Size of ping request packet, in bytes. psize Keys Displays the help for the CLI commands.
Page 263: Using The Mtrace From-Source Command
the Services Router. The trace operations. This section contains the following topics. For more information about commands, see the JUNOS System Basics and Services Command Reference. Using the mtrace from-source Command on page 241 Using the mtrace monitor Command on page 243 Using the mtrace from-source Command To display information about a multicast path from a source to the Services Router, enter the...
Page 264 (ip-address) protocolttl Table 125 on page 243 summarizes the output fields of the display. NOTE: The packet statistics gathered from Juniper Networks routers and routing nodes are always displayed as Using CLI Diagnostic Commands...
Page 265 Table 125: CLI mtrace from-source Command Output Summary Field Description Number of the hop (router) along the path. hop-number Hostname, if available, or IP address of the router. If the host in the command, the hostname is not displayed. IP address of the router. ip-address Protocol used.
Page 266: Displaying Log And Trace Files From The Cli
J-series Services Router Administration Guide This example displays only mtrace response, the display is similar, but the complete displayed—exactly as it is displayed in Table 126 on page 244 summarizes the output fields of the display. Table 126: CLI mtrace monitor Command Output Summary...
Page 267: Monitoring Interfaces And Traffic From The Cli
Monitoring Interfaces and Traffic from the CLI This section contains the following topics: Using the monitor interface Command on page 245 Using the monitor traffic Command on page 246 Using the monitor interface Command Use the CLI filter statistics about a physical or logical interface. Enter the command with the following syntax: user@host>...
Page 268: Using The Monitor Traffic Command
J-series Services Router Administration Guide Table 128: CLI monitor interface traffic Output Control Keys (continued) Action Displays the second (pps). Displays the statistics in units of packets and packets per second (pps). q or ESC Quits the command and returns to the command prompt.
Page 269 Enter the monitor traffic describes the monitor traffic user@host> monitor traffic <absolute-sequence> <count number> <interface interface-name> <layer2-headers> <matching "expression"> <no-domain-names> <no-promiscuous> <no-resolve> <no-timestamp> <print-ascii> <print-hex> <size bytes> <brief | detail | extensive> To quit the monitor traffic If you want to capture and view packet headers using the J-Web interface, see “Capturing and Viewing Packets with the J-Web Interface”...
Page 270 J-series Services Router Administration Guide Table 129: CLI monitor traffic Command Options (continued) Option brief detail extensive To limit the packet header information displayed by the include the match conditions listed in Table 130 on page 248, enclosed in quotation marks (" ").
Page 271 Table 130: CLI monitor traffic Match Conditions (continued) Match Condition Description Matches packet headers that contain the specified address or hostname. You can host [address | hostname] preprend any of the following protocol match conditions, followed by a space, to Matches packet headers with source or destination addresses containing the specified network address network address.
Page 272 J-series Services Router Administration Guide Table 130: CLI monitor traffic Match Conditions (continued) Match Condition Description Matches all TCP packets. Matches all UDP packets. Table 131: CLI monitor traffic Logical Operators Logical Operator Description Logical NOT. If the first condition does not match, the next condition is evaluated.
Page 273 Table 132: CLI monitor traffic Arithmetic, Binary, and Relational Operators (continued) Operator Description A match occurs if the first expression is not equal to the second. Following is sample output from the user@host> monitor traffic count 4 matching “arp” detail Listening on fe-0/0/0, capture size 96 bytes 15:04:16.276780 In arp who-has 193.1.1.1 tell host1.site2.net...
Page 274 J-series Services Router Administration Guide Using CLI Diagnostic Commands...
Page 275: Chapter 13 Configuring Packet Capture
Configuring Packet Capture Packet capture is a tool that helps you to analyze network traffic and troubleshoot network problems. On a J-series Services Router, the packet capture tool captures real-time data packets traveling over the network, for monitoring and logging.
Page 276: Packet Capture Overview
Packet sampling method available only on J-series routers, in which entire IPv4 packets flowing through a router are captured for analysis. Packets are captured in the Routing Engine and stored as libpcap-formatted files in the capture files can be opened and analyzed offline with packet analyzers such as tcpdump or Ethereal.
Page 277: Configuring Packet Capture
NOTE: You can enable packet capture and port mirroring simultaneously on a Services Router. For more information about traffic sampling, see the JUNOS Policy Framework Configuration Guide. This overview contains the following topics: Packet Capture on Router Interfaces on page 255 Firewall Filters for Packet Capture on page 255 Packet Capture Files on page 256 Analysis of Packet Capture Files on page 256...
Page 278 To configure firewall filters for packet capture, see “Configuring a Firewall Filter for Packet Capture (Optional)” on page 259. For more information about firewall filters, see the J-series Services Router Advanced WAN Access Configuration Guide. Packet Capture Files When packet capture is enabled on an interface, the entire packet including the Layer 2 header is captured and stored in a file.
Page 279: Before You Begin
Before you begin configuring packet capture, complete the following tasks: Establish basic connectivity. See the Getting Started Guide for your router. Configure network interfaces. See the J-series Services Router Basic LAN and WAN Access Configuration Guide. If you do not already have an understanding of the packet capture feature, see “Packet Capture Overview”...
Page 280 (See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide.) Specify the maximum number of files In the Files box, type to capture—for example, .
Page 281: Configuring Packet Capture On An Interface (Required)
(See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide.) Configure the direction of the traffic for which you are enabling packet capture on the logical interface—for...
Page 282 (See the interface naming conventions in the J-series Services Router Basic LAN and WAN Access Configuration Guide.) Configuring Packet Capture with a Configuration Editor CLI Configuration Editor In the J-Web interface, select From the Configuration>View and Edit>Edit...
Page 283: Disabling Packet Capture
NOTE: If you apply a firewall filter on the loopback interface, it affects all traffic to and from the Routing Engine. If the firewall filter has a from the Routing Engine are sampled. If packet capture is enabled, then packets to and from the Routing Engine are captured in the files created for the input and output interfaces.
Page 284: Changing Encapsulation On Interfaces With Packet Capture Configured
J-series Services Router Administration Guide To delete a packet capture file: Disable packet capture following the steps in “Disabling Packet Capture” on page 261. Using the CLI, delete the packet capture file for the interface: From CLI operational mode, access the local UNIX shell: Navigate to the directory where packet capture files are stored: Delete the packet capture file for the interface—for example,...
Page 285: Verifying Packet Capture
Return to the CLI operational mode: Change the encapsulation on the interface using the J-Web or CLI configuration editor. See instructions for configuring interfaces in the J-series Services Router Basic LAN and WAN Access Configuration Guide. Commit the configuration. Reenable packet capture following the steps in “Enabling Packet Capture (Required)”...
Page 286 Meaning For more information about the format of a configuration file, see the information Related Topics about viewing configuration text in the J-series Services Router Basic LAN and WAN Access Configuration Guide. Displaying a Firewall Filter for Packet Capture Configuration Verify the firewall filter for packet capture configuration.
Page 287 Name (tools-server:user):remoteuser 331 Password required for remoteuser. Password: 230 User remoteuser logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> Navigate to the directory where packet capture files are stored on the router: ftp> lcd /var/tmp Local directory now /cf/var/tmp Copy the packet capture file that you want to analyze—for example, , to the server:...
Page 288 J-series Services Router Administration Guide Verify that the output shows the intended packets. Meaning Verifying Captured Packets...
Page 289: Chapter 14 Configuring Rpm Probes
Chapter 14 Configuring RPM Probes J-series Services Routers support a tool that allows network operators and their customers to accurately measure the performance between two network endpoints. With the real-time performance monitoring (RPM) feature, you configure and send probes to a specified target and monitor the analyzed results to determine packet loss, round-trip time, and jitter.
Page 290: Rpm Overview
J-series Services Router Administration Guide Table 138: RPM Terms (continued) Term Definition RPM target Remote network endpoint, identified by an IP address or URL, to which the Services Router sends a real-time performance monitoring (RPM) probe. RPM test A collection of real-time performance monitoring (RPM) probes sent out at regular intervals.
Page 291 UDP and TCP probe types require that the remote server be configured as an RPM receiver so that it generates responses to the probes. RPM Tests Each probed target is monitored over the course of a test. A test represents a collection of probes, sent out at regular intervals, as defined in the configuration.
Page 292: Rpm Statistics
J-series Services Router Administration Guide RPM Statistics At the end of each test, the Services Router collects the statistics for packet round-trip time, packet inbound and outbound times (for ICMP timestamp probes only), and probe loss shown in Table 139 on page 270.
Page 293: Rpm Thresholds And Traps
BGP neighbors configured. In the Services Router, you can configure RPM probes to monitor the BGP neighbors and determine if they are active. For BGP configuration information, see the J-series Services Router Basic LAN and WAN Access Configuration Guide. Before You Begin Before you begin configuring RPM, complete the following tasks: Establish basic connectivity.
Page 294 J-series Services Router Administration Guide Figure 26: Main Quick Configuration Page for RPM Figure 27: Probe Test Quick Configuration Page for RPM To configure RPM parameters with Quick Configuration: In the J-Web interface, select Configuration>Quick Configuration>Realtime Performance Monitoring. Enter information into the Quick Configuration page for RPM, as described in Table 140 on page 272.
Page 295 To use TCP or UDP probes, you must configure the remote server as a probe receiver. Both the probe server (Services Router) and the remote server must be Juniper Networks routers configured to receive and transmit RPM probes on the same TCP or UDP port. DSCP Bits Specifies the Differentiated Services code point (DSCP) bits.
Page 296 Field Function Hardware Enables timestamping of RPM probe messages. On Timestamp J-series Services Routers you can timestamp the following RPM probes to improve the measurement of latency or jitter: ICMP ping ICMP ping timestamp UDP ping—destination port UDP-ECHO (port 7) only UDP ping timestamp—destination port...
Page 297 Table 140: RPM Quick Configuration Summary (continued) Field Function Ingress Standard Sets the maximum allowable standard deviation of Deviation inbound times (in microseconds) for a test, which, if exceeded, triggers a probe failure and generates a system log message. Traps Egress Jitter Generates SNMP traps when the threshold for jitter in Exceeded...
Page 298: Configuring Rpm With A Configuration Editor
To configure the Services Router to perform real-time performance tests, you perform the following tasks. For information about using the J-Web and CLI configuration editors, see the J-series Services Router Basic LAN and WAN Access Configuration Guide. Configuring Basic RPM Probes on page 276...
Page 299 probe for Customer B uses HTTP packets and sets thresholds and corresponding SNMP traps to catch excessive lost probes. To configure these RPM probes: Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. Perform the configuration tasks described in Table 141 on page 277.
Page 300 J-series Services Router Administration Guide Table 141: Configuring Basic RPM Probes (continued) Task Configure the RPM test for the icmp-test RPM owner customerA The sample RPM test is an ICMP probe with a test interval (probe frequency) of 15 seconds, a probe type of...
Page 301 Table 141: Configuring Basic RPM Probes (continued) Task Configure the RPM test for the http-test RPM owner customerB The sample RPM test is an HTTP probe with a test interval (probe frequency) of 30 seconds, a probe type of , and http-get a target URL of http://customerB.net...
Page 302 Classified packets are sent to the output queue on the output interface specified by the CoS scheduler map configured on the interface. For information about CoS, see the J-series Services Router Advanced WAN Access Configuration Guide.
Page 303 Table 142: Configuring TCP and UDP Probes (continued) Task Configure the RPM test for the tcp-test RPM owner customerC The sample RPM test is a TCP probe with a test interval (probe frequency) of , a probe type of , and a target tcp-ping address of 192.162.45.6...
Page 304 J-series Services Router Administration Guide Table 142: Configuring TCP and UDP Probes (continued) Task Configure Router B to act as a UDP server, using port 50037 to send and receive UDP probes. Tuning RPM Probes After configuring an RPM probe, you can set parameters to control probe functions, such as the interval between probes, the total number of concurrent probes that a system can handle, and the source address used for each probe packet.
Page 305: Configuring Rpm Probes For Bgp Monitoring
Table 143: Tuning RPM Probes (continued) Task Set the time between probe transmissions to 15 seconds. Set the number of probes within a test Set the source address for each probe packet to 192.168.2.9 If you do not explicitly configure a source address, the address on the outgoing interface through which the probe is sent is used as the source...
Page 306 J-series Services Router Administration Guide To check the configuration, see “Verifying an RPM Configuration” on page 285. Table 144: Configuring RPM Probes to Monitor BGP Neighbors Task Navigate to the Services>RPM>BGP level in the configuration hierarchy. Specify a hexadecimal value (the range...
Page 307: Directing Rpm Probes To Select Bgp Routers
Directing RPM Probes to Select BGP Routers If a Services Router has a large number of BGP neighbors configured, you can direct (filter) the RPM probes to a selected group of BGP neighbors rather than to all the neighbors. To identify the BGP routers to receive RPM probes, you can configure routing instances.
Page 308 J-series Services Router Administration Guide Verifying RPM Services Verify that the RPM configuration is within the expected values. Purpose From configuration mode in the CLI, enter the Action user@host# show services rpm probe test { test customerA { probe-type icmp-ping;...
Page 309 Minimum Rtt: 1093 usec, Maximum Rtt: 1372 usec, Average Rtt: 1231 usec, Jitter Rtt: 279 usec, Stddev Rtt: 114 usec Probes sent: 3, Probes received: 3, Loss percentage: 0 Owner: Rpm-Bgp-Owner, Test: Rpm-Bgp-Test-1 Target address: 10.209.152.37, Probe type: icmp-ping, Test size: 5 probes Routing Instance Name: LR1/RI1 Probe results: Response received, Fri Oct 28 05:20:23 2005...
Page 310 J-series Services Router Administration Guide Verifying RPM Probe Servers Verify that the Services Router is configured to receive and transmit TCP and UDP Purpose RPM probes on the correct ports. From the CLI, enter the Action user@host> show services rpm active-servers...
Page 311: Part 5 Index
Part 5 Index Index on page 291 Index...
Page 312 J-series Services Router Administration Guide Index...
Page 313: Index
Index Symbols #, comments in configuration statements...xviii ( ), in syntax descriptions...xviii .gz.jc file extension See file encryption /cf/var/crash directory See crash files /config directory file encryption See file encryption snapshots for boot directories (CLI)...189 snapshots for boot directories (J-Web)...188 /var/crash directory See crash files /var/db/config directory See file encryption /var/db/scripts/commit directory See commit scripts...
Page 314 J-series Services Router Administration Guide Alarms Summary page...174 alert logging severity...158 alias, CoS value...125 alternative boot media See boot devices; USB ambient temperature, monitoring...112 any level statement...162 any logging facility...157 archiving system logs...161 arithmetic operators, for multicast traffic...250 AS path, displaying...117 AT commands, for modem initialization description...31...
Page 315 change-log logging facility...157 CHAP (Challenge Handshake Authentication Protocol), enabling on dialer interfaces...37 chassis alarm condition indicator...175 alarm conditions and remedies...171 alarms, displaying...111 component part numbers ...113 component serial numbers...113 environment, displaying...112 FPC (PIM) summary, displaying...113 identifiers, displaying...112 monitoring...111 PIM (FPC) summary, displaying...113 power management...111 temperature, monitoring...112 circuits, DLSw...122...
Page 316 J-series Services Router Administration Guide CPU usage PIM (in FPC summary)...113 CPU usage, displaying...109 crash files cleaning up (CLI)...201 cleaning up (J-Web)...199 displaying size...110 downloading (J-Web)...200 critical logging severity...158 cron logging facility...157 curly braces, in configuration statements...xviii customer support...xxi contacting JTAC...xxi hardware information for...112...
Page 317 SNMP health monitor...49 system logs...155 system operation...244 traceroute (J-Web)...223 traceroute command...237 traceroute monitor command...237 traffic analysis with packet capture...253 verifying captured packets...264 verifying DHCP binding database...76 verifying DHCP server operation...77 verifying dialer interfaces...44 verifying RPM probe servers...288 verifying RPM statistics...286 verifying USB modem interfaces...43 viewing active alarms...174 diagnostic commands...211...
Page 318 J-series Services Router Administration Guide event policies Common Criteria information...89 configuration editor...95 overview...95 event viewer, J-Web Common Criteria information...155 overview...162 See also system log messages Extensible Stylesheet Language Transformations (XSLT) See commit scripts; operation scripts facility none statement...162 failures PIM, troubleshooting...171 Routing Engine fan, troubleshooting...171...
Page 319 Monitor options...102 jitter description...270 See also RPM probes in RPM probes, improving with timestamps...269 monitoring...147 threshold, setting...274 JTAC (Juniper Networks Technical Assistance Center) hardware information for...112 JUNOS CLI access privilege levels...5 automatic command execution with event policies...95 denying and allowing commands...7 diagnostic command summary...212...
Page 320 J-series Services Router Administration Guide JUNOS Internet software release notes, URL...xv JUNOS software autoinstallation...81 encryption See file encryption known problems, operation scripts as workarounds...92 upgrading...179 USB modems for remote management...29 version, displaying...107 junos-jseries package See upgrades JUNOScript Extensible Markup Language (XML) See commit scripts;...
Page 321 diagnosing problems from...210 monitoring from...102 recovering root password from...21 Management Information Bases See MIBs management interface address, displaying...108 management interfaces active alarms...115 administrative states...114 alarm conditions and configuration options...168 configuration, displaying...114 configuring alarms on...172 monitoring...113, 245 statistics...245 managing files...199 reboots...194 snapshots...186 software...179 user authentication and access...3...
Page 322 J-series Services Router Administration Guide system logs...244 system process information...110 system properties...107 TGM550...151 trace files...244 VoIP...151 MPLS (Multiprotocol Label Switching) connections, checking...219 LSPs...132 monitoring interfaces...131 monitoring LSP information...131 monitoring LSP statistics...132, 133 monitoring MPLS interfaces...131 monitoring RSVP interfaces...134 monitoring RSVP sessions...133, 134 monitoring traffic engineering...130...
Page 323 packet capture configuring...259 configuring (J-Web)...226 configuring on an interface...259 disabling...261 disabling before changing encapsulation on interfaces...262 displaying configurations...263 displaying firewall filter for...264 enabling...257 encapsulation on interfaces, disabling before modifying...262 files See packet capture files firewall filters, configuring...259 firewall filters, overview...255 J-Web tool...226 overview...254 overview (J-Web)...226...
Page 324 J-series Services Router Administration Guide Ping Host page...216 field summary...216 results...217 Ping LDP-signaled LSP description...214 using...220 Ping LSP to Layer 3 VPN prefix description...214 using...220 ping MPLS (J-Web) indications...222 Layer 2 circuits...219 Layer 2 VPNs...219 Layer 3 VPNs...219 LSP state...219 options...213...
Page 325 secret (configuration editor)...13 secret (Quick Configuration)...9 specifying for authentication (Quick Configuration)...10 random early detection (RED) drop profiles, CoS...126 RARP, for autoinstallation...86 RBBL (reported BBL)...152 reachability, DLSw...123 See also host reachability read or write error, Routing Engine...171 read-only login class permissions...5 real-time performance monitoring See RPM reboot immediately with J-Web...194...
Page 326 J-series Services Router Administration Guide overview...268 See also RPM probes preparation...271 probe and test intervals...269 probe counts...270 Quick Configuration...271 round-trip times, description...270 round-trip times, viewing...146 sample configuration...286 sample graphs...145 statistics...270 statistics, verifying...286 TCP probes (configuration editor)...279 See also TCP RPM probes tests...269...
Page 327 serial number chassis components...113 Services Router...107 serial ports alarm condition indicator...175 alarm conditions and configuration options...168 autoinstallation on...82 configuring alarms on...172 service sets, monitoring...135 services interfaces See adaptive services interfaces services module alarm condition indicator...175 alarm conditions and configuration options...169 Services Router as a DHCP server...63 autoinstallation...81...
Page 328 J-series Services Router Administration Guide show system services dhcp binding command...76, 143 explanation...77 show system services dhcp binding detail command...76 explanation...77 show system services dhcp command...75 show system services dhcp conflict command...65, 76, 143 explanation...77 show system services dhcp pool command...75, 143 show system services dhcp statistics command...79, 143...
Page 329 RPM, monitoring...145 RPM, verifying...286 status administrative link state...114 autoinstallation...87 BGP...118 fans...112 link states, network interfaces...114 link states, TGM550 (VoIP)...152 OSPF interfaces...119 OSPF neighbors...119 RIP neighbors...121 slot (in FPC summary)...113 stateful firewall filters...138 storage media configuring boot devices...186 recovering internal compact flash...191 Structure of Management Information (SMI)...48 super-user login class permissions...5 superuser login class permissions...5...
Page 330 J-series Services Router Administration Guide telnet command...25 options...25 Telnet session...25 temperature chassis, monitoring...112 PIM (in FPC summary)...113 Routing Engine, too warm...171 template accounts description...7 local accounts (configuration editor)...20 remote accounts (configuration editor)...19 temporary files cleaning up (CLI)...201 cleaning up (J-Web)...199 displaying size...110...
Page 331 (CLI)...184 installing by uploading...183 installing from remote server...182 overview...179 requirements...179, 181 Upload package page...183 field summary...183 URLs Juniper Networks enterprise MIBs...48 release notes...xv software downloads...181 standard MIBs...48 USB (universal serial bus) configuring...189 configuring for failure snapshot storage...190 USB modem connections adding an interface...33...
Page 332 J-series Services Router Administration Guide version hardware, displaying...112 PPPoE, information about...150 software, displaying...107 View Events page...162 field summary (filtering log messages)...162 field summary (viewing log messages)...164 views, SNMP...58 VoIP (voice over IP), monitoring...151 VPNs (virtual private networks), DHCP support on interfaces...66...

Juniper J-Series Administration Manual

Table of Contents

Chapter 1 Managing User Authentication and Access

Chapter 2 Setting up Usb Modems for Remote Management

Chapter 3 Configuring Snmp for Network Management

Chapter 4 Configuring the Router as a Dhcp Server

Chapter 5 Configuring Autoinstallation

Chapter 6 Automating Network Operations and Troubleshooting

Chapter 7 Monitoring the Router and Routing Operations

Chapter 8 Monitoring Events and Managing System Log Files

Chapter 9 Configuring and Monitoring Alarms

Chapter 10 Performing Software Upgrades and Reboots

Chapter 11 Managing Files

Chapter 12 Using Services Router Diagnostic Tools

Chapter 13 Configuring Packet Capture

Chapter 14 Configuring Rpm Probes

Quick Links

Chapters

Troubleshooting

Related Manuals for Juniper J-Series

Summary of Contents for Juniper J-Series