Navigation
Supported Platforms
Related Documentation
- EX, J, M, MX, PTX, SRX, T Series
- Notational Conventions Used in Junos OS Configuration Hierarchies
[edit system] Hierarchy Level
system {accounting {destination {radius {server {server-address {accounting-port port-number;port port-number;retry number;secret password;source-address address;timeout seconds;}}}tacplus {server {server-address {port port-number;secret password;single-connection;timeout seconds;}}}}events [ change-log interactive-commands login ];}archival {configuration {archive-sites {ftp://<username>:<password>@<host>:<port>/<url-path>;scp://<username>:<password>@<host>:<port>/<url-path>;}transfer-interval interval;transfer-on-commit;}}arp {aging-timer minutes;gratuitous-arp-delay;gratuitous-arp-on-ifup;interfaces {logical-interface-name {aging-timer minutes;}}passive-learning;purging;}authentication-order [ authentication-methods ];auto-configuration {traceoptions {file <filename> <files number> <match regular-expression> <size size> <world-readable | no-world-readable>;flag flag;level level;no-remote-trace;}}autoinstallation {configuration-servers {server-url <password password>;}interfaces {interface-name {bootp;rarp;}}}backup-router address <destination [ destination-addresses ]>;commit synchronize;(compress-configuration-files | no-compress-configuration-files);ddos-protection {global {disable-fpc;disable-logging;disable-routing-engine;flow-detection;flow-report-rate;violation-report-rate;}protocols protocol-group (aggregate | packet-type) {bandwidth packets-per-second;burst size;bypass-aggregate;disable-fpc;disable-logging;disable-routing-engine;fpc {bandwidth-scale percentage;burst-scale percentage;disable-fpc;}priority level;recover-time seconds;flow-detection {flow-detect-time detect-period;no-flow-logging;timeout-active-flows enable-period;flow-level-bandwidth;flow-level-control (all | keep-all | police);flow-detection-mode (always-on |automatic |disabled);physical-interface;flow-recover-time recover-period;flow-timeout-time timeout-period;subscriber;}}traceoptions{ file filename <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>;flag flag;level (all | error | info | notice | verbose | warning);no-remote-trace;}}default-address-selection;diag-port-authentication (encrypted-password "password" | plain-text-password);dynamic-profile-options {versioning;}domain-name domain-name;domain-search [ domain-list ];encrypt-configuration-files;extensions {... the extensions subhierarchy appears after the main [edit system] hierarchy ...}host-name hostname;inet6-backup-router ipv6-address <destination address>;internet-options {(gre-path-mtu-discovery | no-gre-path-mtu-discovery);icmpv4-rate-limit bucket-size number packet-rate rate;icmpv6-rate-limit bucket-size number packet-rate rate;(ipip-path-mtu-discovery | no-ipip-path-mtu-discovery);(ipv6-path-mtu-discovery | noipv6-path-mtu-discovery);ipv6-path-mtu-discovery-timeout;no-tcp-rfc1323-paws;no-tcp-rfc1323;(path-mtu-discovery | no-path-mtu-discovery);source-port upper-limit port-number;(source-quench | no-source-quench);tcp-drop-synfin-set;}location {altitude feet;building name;country-code code;floor number;hcoord horizontal-coordinate;lata service-area;latitude degrees;longitude degrees;npa-nxx number;postal-code postal-code;rack number;vcoord vertical-coordinate;}login {announcement "text";class class-name {access-end "hh<:mm:<ss>>";access-start "hh<:mm:<ss>>";allow-commands "regular-expression";( allow-configuration | allow-configuration-regexps) “regular expression 1” “regular expression 2”;allowed-days [ sunday monday tuesday wednesday thursday friday saturday ];deny-commands "regular-expression";( deny-configuration | deny-configuration-regexps ) “regular expression 1” “regular expression 2 ”;idle-timeout minutes;logical-system logical-system-name;login-alarms;login-script filename;login-tip;permissions [ permissions ];}message "text";password {change-type (character-sets | set-transitions);format (des | md5 | sha1);maximum-length length;minimum-changes number;minimum-length length;minimum-lower-cases number;minimum-numerics number;minimum-punctuations number;minimum-upper-cases number;}retry-options {backoff-factor number;backoff-threshold number;minimum-time number;tries-before-disconnect number;}user username {authentication {(encrypted-password "password" | plain-text-password);load-key-file filename;ssh-dsa "public-key" <from hostname>;ssh-ecdsa "public-key" <from hostname>;ssh-rsa "public-key" <from hostname>;}class class-name;full-name "complete-name";uid uid-value;}}max-configurations-on-flash number;mirror-flash-on-disk;name-server {address;}no-multicast-echo;no-ping-record-route;no-ping-time-stamp;no-redirects;ntp {authentication-key key-number type md5 value password;boot-server address;broadcast <address> <key key-number> <ttl value> <version value>;broadcast-client;multicast-client <address>;peer address <key key-number> <prefer> <version value>;server address <key key-number> <prefer> <version value>;source-address source-address;trusted-key [ key-numbers ];}packet-triggered-subscribers-partition {partition-name;}pic-console-authentication {(encrypted-password "encrypted-password" | plain-text-password);}ports {auxiliary {disable;insecure;type (ansi | small-xterm | vt100 | xterm);port-type (mini-usb | rj45) ;}}console {disable;insecure;log-out-on-disconnect;type (ansi | small-xterm | vt100 | xterm);}}processes {process-name (enable | disable) failover (alternate-media | other-routing-engine);timeout seconds;}radius-options {attributes {nas-ip-address address;}password-protocol mschap-v2;}radius-server {server-address {accounting-port port-number;port port-number;retry number;secret password;source-address source-address;timeout seconds;}}root-authentication {(encrypted-password "password" | plain-text-password);load-key-file filename;ssh-dsa "public-key" <from hostname>;ssh-ecdsa "public-key" <from hostname>;ssh-rsa "public-key" <from hostname>;}(saved-core-context | no-saved-core-context);saved-core-files number;scripts {commit {allow-transients;direct-access;file filename.xsl {checksum (md5 | sha-256 | sha1) hash;optional;refresh;refresh-from url;source url;}max-datasizerefresh;refresh-from url;traceoptions {file <filename> <files number> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}op {file filename.xsl {arguments {argument-name {description descriptive-text;}}checksum (md5 | sha-256 | sha1) hash;command filename-alias;description descriptive-text;refresh;refresh-from url;source url;}max-datasizeno-allow-urlrefresh;refresh-from url;traceoptions {file <filename> <files number> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}}services {... the services subhierarchy appears after the main [edit system] hierarchy ...}static-host-mapping {hostname {alias [ aliases ];inet [ addresses ];inet6 [ addresses ];sysid system-identifier;}}syslog {archive <files number> <size size> <world-readable | no-world-readable>;console {facility severity;}file filename {facility severity;archive <archive-sites {ftp-url <password password>}> <files number> <size size> <start-time "YYYY-MM-DD.hh:mm"> <transfer-interval minutes> <world-readable | no-world-readable>;explicit-priority;match "regular-expression";structured-data;}host (hostname | other-routing-engine | scc-master) {facility severity;explicit-priority;facility-override facility;log-prefix string;match "regular-expression";}source-address source-address;time-format (year | millisecond | year millisecond);user (username | *) {facility severity;match "regular-expression";}}tacplus-options {(exclude-cmd-attribute | no-cmd-attribute-value);service-name service-name;}tacplus-server {server-address {port port-number;secret password;single-connection;source-address source-address;timeout seconds;}}time-zone (GMT | GMT+hour-offset | GMT-hour-offset | zone-name);tracing destination-override syslog host address;use-imported-time-zones;}
system {extensions {providers {provider-id {license-type license deployment-scope [ deployments ];}}resource-limits {package package-name {resources {cpu {priority number;time seconds;}file {core-size bytes;open number;size bytes;}memory {data-size bytes;locked-in bytes;resident-set-size bytes;socket-buffers bytes;stack-size bytes;}}}process process-ui-name {resources {cpu {priority number;time seconds;}file {core-size bytes;open number;size bytes;}memory {data-size bytes;locked-in bytes;resident-set-size bytes;socket-buffers bytes;stack-size bytes;}}}}}}
system {services {database-replication {traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}dhcp {... the dhcp subhierarchy appears after the main [edit system services] hierarchy ...}dhcp-local-server {... the dhcp-local-server subhierarchy appears after the main [edit system services] hierarchy ...}dns-proxy {cache {hostname inet address;}interface {interface-name;}server-select list-identifier {domain-name domain-name;name-server {address;}}traceoptions {file filename <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;}}finger {connection-limit limit;rate-limit limit;}flow-tap-dtcp {ssh {connection-limit limit;rate-limit limit;}}ftp {connection-limit limit;rate-limit limit;}local-policy-decision-function {statistics {aacl-statistics-profile profile-name {aacl-fields {address;all-fields;application;application-group;input-bytes;input-interface;input-packets;mask;output-bytes;output-packets;subscriber-name;timestamp;vrf-name;}file filename;record-mode (interim-active-only | interim-full);report-interval minutes;}file filename {archive-sites {url;}files number;size bytes;transfer-interval minutes;}record-type (data | interim);}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}netconf {ssh {connection-limit limit;port port;rate-limit limit;}traceoptions {file <filename> <files number> <match regular-expression> <size size> <world-readable | no-world-readable>;flag flag;no-remote-trace;on-demand;}}outbound-ssh {client client-id {address {port port-number;retry number;timeout seconds;}device-id device-id;keep-alive {retry number;timeout seconds;}reconnect-strategy (in-order | sticky);secret secret;services netconf;}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}packet-triggered-subscribers {partition partition-name {destination-host hostname;destination-realm realm;diameter-instance instance-name;}traceoptions {file filename <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}service-deployment {local-certificate certificate-name;servers {server-address {port port-number;security-options {(ssl3 | tls);}user username;}}source-address source-address;traceoptions {flag flag;}}ssh {ciphers [ cipher-1 cipher-2 cipher-3 ...]client-alive-count-max seconds;client-alive-interval seconds;connection-limit limit;hostkey-algorithm limit;key-exchange limit;macs limit;protocol-version [v1 v2];rate-limit limit;root-login (allow | deny | deny-password);root-login (allow | deny | deny-password);}static-subscribers {access-profile profile-name;authentication {password password-string;username-include {domain-name domain-name;interface;logical-system-name;routing-instance-name;user-prefix user-prefix-string;}}dynamic-profile profile-name {access-profile (merge | replace);}group group-name {access-profile profile-name;authentication {password password-string;username-include {domain-name domain-name;interface;logical-system-name;routing-instance-name; user-prefix user-prefix-string;}}dynamic-profile profile-name {aggregate-clients (merge | replace);}interface interface-name <exclude> <upto upto-interface-name>;}traceoptions {file filename <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>;flag flag;level (all | error | info | notice | verbose | warning);no-remote-trace;}}subscriber-management {gres-route-flush-delay;maintain-subscriber {interface-delete;}traceoptions {file filename <files number> <match regular-expression > <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}telnet {connection-limit limit;rate-limit limit;}web-management {control {max-threads number;}http {interface [ interface-names ];port port-number;}https {interface [ interface-names ];(local-certificate certificate-name | pki-local-certificate certificate-name | system-generated-certificate);port port-number;}session {idle-timeout minutes;session-limit number;}}xnm-clear-text {connection-limit limit;rate-limit limit;}xnm-ssl {connection-limit limit;local-certificate certificate-name;rate-limit limit;}} services {dhcp {boot-file filename;boot-server (address | hostname);default-lease-time (seconds | infinite);domain-name domain-name;domain-search {domain-suffix;}maximum-lease-time (seconds | infinite);name-server {address;}next-server address;option option-index (array type-name [ type-values ] | byte 8-bit-value | flag (false | off | on | true) | integer signed-32-bit-value | ip-address address | short signed-16-bit-value | string text-string | unsigned-integer 32-bit-value | unsigned-short 16-bit-value);pool ip-prefix/prefix-length {... the pool subhierarchy appears after the main [edit system services dhcp] hierarchy ...}propagate-settings interface-name;router {address;}server-identifier identifier;static-binding {... the static-binding subhierarchy appears after the main [edit system services dhcp] hierarchy ...}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;level severity;no-remote-trace;}wins-server {address;}} dhcp {pool ip-prefix/prefix-length {address-range low address high address;boot-file filename;boot-server (address | hostname);default-lease-time (seconds | infinite);domain-name domain-name;domain-search {domain-suffix;}exclude-address {ipv4-address;}maximum-lease-time (seconds | infinite);name-server {address;}next-server address;option option-index (array type-name type-values ] | byte 8-bit-value | flag (false | off | on | true) | integer signed-32-bit-value | ip-address address | short signed-16-bit-value | string text-string | unsigned-integer 32-bit-value | unsigned-short 16-bit-value);propagate-settings interface-name;router {address;}server-identifier identifier;wins-server {address;}}} dhcp {static-binding mac-address {boot-file filename;boot-server (address | hostname);client-identifier (ascii ascii-text | hexadecimal hexadecimal-value);domain-name domain-name;domain-search {domain-suffix;}fixed-address {ipv4-address;}host-name hostname;name-server {address;}next-server address;option option-index (array type-name type-values ] | byte 8-bit-value | flag (false | off | on | true) | integer signed-32-bit-value | ip-address address | short signed-16-bit-value | string text-string | unsigned-integer 32-bit-value | unsigned-short 16-bit-value);router {address;}server-identifier identifier;wins-server {address;}}}} services {dhcp-local-server {authentication {password password;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name;logical-system-name;mac-address;option-60;option-82 <circuit-id> <remote-id>;routing-instance-name;user-prefix user-prefix;}}dhcpv6 {... the dhcpv6 subhierarchy appears after the main [edit system services dhcp-local-server] hierarchy ...}duplicate-clients-on-interface;dynamic-profile (profile-name | junos-default-profile) <aggregate-clients <merge | replace> | use-primary primary-profile-name>;forward-snooped-clients (all-interfaces | configured-interfaces | non-configured-interfaces);group group-name {authentication {... same statements as at the [edit system services dhcp-local-server authentication] hierarchy level ...}dynamic-profile (profile-name | junos-default-profile) <aggregate-clients <merge | replace> | use-primary primary-profile-name>;interface interface-name {exclude;overrides {... same statements as at the [edit system services dhcp-local-server overrides] hierarchy level ...}trace;upto upto-interface-name;}overrides {... same statements as at the [edit system services dhcp-local-server overrides] hierarchy level ...}reconfigure {... same statements as at the [edit system services dhcp-local-server reconfigure] hierarchy level ...}}overrides {client-discover-match <option60-and-option82>;interface-client-limit number;no-arp;process-inform {pool pool-name;}}pool-match-order {external-authority;ip-address-first;option-82;}reconfigure {attempts attempt-count;clear-on-abort;strict;timeout timeout-value;token token-value; trigger {radius-disconnect;}}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}} dhcp-local-server {dhcpv6 {authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;logical-system-name;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;}}dynamic-profile (profile-name | junos-default-profile) <aggregate-clients <merge | replace> | use-primary primary-profile-name>;group group-name {group group-name {authentication {... same statements as at the [edit system services dhcp-local-server dhcpv6 authentication] hierarchy level ...}dynamic-profile (profile-name | junos-default-profile) <aggregate-clients <merge | replace> | use-primary primary-profile-name>;interface interface-name {exclude;overrides {interface-client-limit number;process-inform {pool pool-name;}}trace;upto interface-name;}}overrides {interface-client-limit number;process-inform {pool pool-name;}}reconfigure {attempts attempt-count;clear-on-abort;strict;timeout timeout-value;token token-value; trigger {radius-disconnect;}}}}}}
Related Documentation
- EX, J, M, MX, PTX, SRX, T Series
- Notational Conventions Used in Junos OS Configuration Hierarchies
Published: 2013-09-25
Supported Platforms
Related Documentation
- EX, J, M, MX, PTX, SRX, T Series
- Notational Conventions Used in Junos OS Configuration Hierarchies
