service-set (Services)
语法
service-set service-set-name {
allow-multicast;
captive-portal-content-delivery-profile;
cos-options {
match-rules-on-reverse-flow;
}
cos-rules [cos-rule-name];
extension-service service-name {
provider-specific-rules-configuration;
}
(ids-rules rule-name | ids-rule-sets rule-set-name);
interface-service {
load-balancing-options {
hash-keys {
egress-key (destination-ip | source-ip);
ingress-key (destination-ip | source-ip);
}
}
service-interface interface-name;
}
ipsec-vpn-options {
anti-replay-window-size bits;
clear-dont-fragment-bit;
ike-access-profile profile-name;
local-gateway address;
no-anti-replay;
no-certificate-chain-in-ike;
passive-mode-tunneling;
trusted-ca [ ca-profile-names ];
tunnel-mtu bytes;
udp-encapsulation {
<udp-dest-port destination-port>;
}
}
ip-reassembly-rules rule-name};
(ipsec-vpn-rules rule-name | ipsec-vpn-rule-sets rule-set-name);
max-flows number;
max-drop-flows {
ingress ingress-flows;
egress egress-flows;
}
max-session-setup-rate max-setup-rate;
nat-options {
land-attack-check (ip-only | ip-port);
max-sessions-per-subscriber session-number;
stateful-nat64 {
clear-dont-fragment-bit;
}
}
(nat-rules rule-name | nat-rule-sets rule-set-name);
next-hop-service {
inside-service-interface interface-name.unit-number;
outside-service-interface interface-name.unit-number;
outside-service-interface-type local;
service-interface-pool name;
}
pcp-rules rule-name;
(pgcp-rules rule-name | pgcp-rule-sets rule-set-name);
(ptsp-rules rule-name | ptsp-rule-sets rule-set-name);
service-set-options {
bypass-traffic-on-exceeding-flow-limits;
bypass-traffic-on-pic-failure;
disable-session-open-syslog;
enable-asymmetric-traffic-processing;
header-integrity-check;
routing-engine-services;
static-subscriber-application;
subscriber-awareness;
support-uni-directional-traffic;
}
snmp-trap-thresholds {
flows high high-threshold | low low-threshold;
nat-address-port high-threshold | low low-threshold;
}
}
softwire-options {
dslite-ipv6-prefix-length dslite-ipv6-prefix-length;
}
(softwire-rules rule-name | softwire-rule-sets rule-set-name);
(stateful-firewall-rules rule-name | stateful-firewall-rule-sets rule-set-name);
syslog {
host hostname {
class {
alg-logs;
deterministic-nat-configuration-log;
ids-logs;
nat-logs;
packet-logs;
pcp-logs;
session-logs <open | close>;
stateful-firewall-logs ;
}
services severity-level;
facility-override facility-name;
interface-service prefix-value;
port port-number;
services severity-level;
}
}
(web-filter-profile | url-filter-profile) profile-name;
}
层次结构级别
[edit services]
描述
定义服务集。
web-filter-profile使用从 Junos OS 18.3R1 版开始的选项,并在 18.3R1 之前的 Junos OS 版本中使用url-filter-profile选项。
选项
service-set-name- 服务集的名称。可以包含特殊字符,如正斜杠 (/)、冒号 (:) 或句点 (.)
范围: 最多 64 个字母数字字符。
其余语句将单独解释。请参阅 CLI 资源管理器。
所需权限级别
system - 在配置中查看此语句。
系统控制 - 将此语句添加到配置中。
发布信息
在 Junos OS 7.4 版之前引入的语句。
pgcp-rules 以及 pgcp-rule-sets Junos OS 8.4 版 中添加的选项。
server-set-options Junos OS 10.1 版中添加了选项。
ptsp-rules 以及 ptsp-rule-sets Junos OS 10.2 版 中添加的选项。
softwire-rules以及 clear-rule-sets Junos OS 10.4 版中添加的选项。
ip-reassembly-rules 和 outside-service-interface-type 在 Junos OS 13.1R1 版中添加的选项。
pcp-rules 在 Junos OS 13.2R1 版中添加了选项。
softwire-options Junos OS 14.1 版中添加了选项。
subscriber-awareness 在 Junos OS 17.1R1 版中添加了选项。
url-filter-profile 在 Junos OS 17.2R1 版中添加了选项。
match-rules-on-reverse-flow Junos OS 版本 16.1R5 和 17.4R1 中添加了选项。
no-certificate-chain-in-ike 在 Junos OS 18.2R1 版中添加了选项。
web-filter-profile 在 Junos OS 18.3R1 版中添加了选项,替换了已 url-filter-profile 弃用的选项。
max-session-setup-rate 在 Junos OS 19.1R1 版中添加了选项,替换了在 Junos OS 17.1R1 版中添加的已弃用的选项 max-session-creation rate。
Junos 20.2R1 中添加了对下一代服务 NAT PT 功能的支持。
static-subscriber-application Junos OS 21.2R1 版中添加了选项。