[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
Table of Contents
- About This Guide
-
- JUNOS Documentation and Release Notes
- Objectives
- Audience
- Supported Platforms
- Using the Indexes
- Using the Examples in This Manual
- Documentation Conventions
-
- Documentation Feedback
- Requesting
Technical Support
- Overview
-
- Introduction to JUNOS Software
-
- JUNOS Software Overview
- JUNOS Software Architecture Overview
-
- Product Architecture
- Routing Process Architecture
-
- Packet Forwarding Engine
- Routing Engine
- Routing Platform Hardware Components
- JUNOS Software Commit Model for Router Configuration
- JUNOS Software Routing Engine Components and Processes
-
- Routing Engine Kernel
- Initialization Process
- Management Process
- Process Limits
- Routing Protocol Process
- Interface Process
- Chassis Process
- SNMP and MIB II Processes
- JUNOS Software Support for IPv4 Routing Protocols
- JUNOS Software Support for IPv6 Routing Protocols
- JUNOS Software Routing and Forwarding Tables
- Routing Policy Overview
- JUNOS Software Support for VPNs
- JUNOS Configuration Basics
-
- JUNOS Software Configuration Basics
- JUNOS Software Configuration from External Devices
- Methods for Configuring the JUNOS Software
-
- JUNOS Command-Line Interface (CLI)
- ASCII File
- J-Web Package
- JUNOScript API Software
- NETCONF API Software
- Configuration Commit Scripts
- Configuring a Router for the First Time
-
- Initial Router Configuration Using the JUNOS Software
- Configuring the JUNOS Software the First Time on a Router with
a Single Routing Engine
- Configuring the JUNOS Software the First Time on a Router with
Dual Routing Engines
- JUNOS Software Default Settings for Router Security
- JUNOS Software Configuration Using the CLI
- Activation of the JUNOS Software Candidate Configuration
- Disk Space Management for JUNOS Software Installation
- JUNOS Software Tools for Monitoring the Router
- JUNOS Software Features for Router Security
-
- Methods of Remote Access for Router Management
- JUNOS Software Supported Protocols and Methods for User Authentication
- JUNOS Software Plain-Text Password Requirements
- JUNOS Software Support for Routing Protocol Security Features
and IPSec
- JUNOS Software Support for Firewall Filters
- JUNOS Software Auditing Support for Security
- System Management
-
- System Management Overview
-
- Format for Specifying IP Addresses, Network Masks, and Prefixes
in JUNOS Configuration Statements
- Format for Specifying Filenames and URLs in JUNOS CLI Commands
- Default Directories for JUNOS Software File Storage on the
Router
-
- Directories on the Logical System
- JUNOS Software Tracing and Logging Operations
- JUNOS Software Authentication Methods for Routing Protocols
- JUNOS Software User Authentication Methods
- System Management Configuration Statements
-
- System Management Complete Configuration Statements
- Configuring Basic System Management
-
- Configuring the Basic Router Properties
- Configuring the Router’s Hostname
- Mapping the Router’s Name to IP Addresses
- Configuring an ISO System Identifier for the Router
- Example: Configuring a Router’s Name, IP Address, and
System ID
- Configuring the Router’s Domain Name
- Example: Configuring the Router’s Domain Name
- Configuring the Domains to Search When a Router Is Included
in Multiple Domains
- Configuring a DNS Name Server for Resolving a Router’s
Hostname into Addresses
- Configuring a Backup Router
-
- Configuring a Backup Router Running IPv4
- Configuring a Backup Router Running IPv6
- Configuring Automatic Mirroring of the CompactFlash Card on
the Hard Disk Drive
- Configuring the Physical Location of the Router
- Configuring the Root Password
- Example: Configuring the Root Password
- Example: Configuring a Plain-Text Password for Root Logins
- Example: Configuring SSH Authentication for Root Logins
- Special Requirements for JUNOS Software Plain-Text Passwords
- Changing the Requirements for JUNOS Software Plain-Text Passwords
- Example: Changing the Requirements for JUNOS software Plain-Text
Passwords
- Configuring Multiple Routing Engines to Synchronize Committed
Configurations Automatically
- Compressing the Current Configuration File
- Configuring User Access
-
- JUNOS Software Login Classes Overview
- Defining JUNOS Software Login Classes
- JUNOS Software User Accounts Overview
- Configuring JUNOS Software User Accounts
- Example: Configuring User Accounts
- Limiting the Number of User Login Attempts for SSH and Telnet
Sessions
- Example: Limiting the Number of Login Attempts for SSH and
Telnet Sessions
- JUNOS-FIPS Crypto Officer and User Accounts Overview
-
- Crypto Officer User Configuration
- FIPS User Configuration
- JUNOS Software Access Privilege Levels Overview
-
- JUNOS Software Login Class Permission Flags
- Allowing or Denying Individual Commands for JUNOS Software
Login Classes
- Configuring Access Privilege Levels
- Example: Configuring Access Privilege Levels
- Specifying Access Privileges for JUNOS Software Individual
Operational Mode Commands
- Example 1: Defining Access Privileges to Individual Configuration
Mode Commands
- Example 2: Configuring Access Privileges to Individual Operational
Mode Commands
- Regular Expressions in Allow and Deny Commands for JUNOS Software
Operational Mode Commands
- Specifying Access Privileges for JUNOS Software Individual
Configuration Mode Commands
- Example 1: Defining Access Privileges to Individual Configuration
Mode Commands
- Example 2: Configuring Access Privileges to Individual Configuration
Mode Commands
- Regular Expressions in Allow and Deny Commands for JUNOS Software
Configuration Mode Commands
- Configuring the Timeout Value for Idle Login Sessions
- Configuring CLI Tips
- Configuring System Authentication
-
- Configuring RADIUS Authentication
-
- Configuring RADIUS Server Details
- Configuring MS-CHAPv2 for Password-Change Support
- Specifying a Source Address for the JUNOS Software to Access
External RADIUS Servers
- Juniper Networks Vendor-Specific RADIUS Attributes
- Configuring TACACS+ Authentication
-
- Configuring TACACS+ Server Details
- Specifying a Source Address for the JUNOS Software to Access
External TACACS+ Servers
- Configuring the Same Authentication Service for Multiple TACACS+
Servers
- Configuring Juniper Networks Vendor-Specific TACACS+ Attributes
- Juniper Networks Vendor-Specific TACACS+ Attributes
- Overview of Template Accounts for RADIUS and TACACS+ Authentication
- Configuring Remote Template Accounts for User Authentication
- Configuring Local User Template Accounts for User Authentication
- Using Regular Expressions on a
TACACS+ or RADIUS Server to Allow or Deny Access to Commands
- JUNOS Software Authentication Order for RADIUS, TACACS+, and
Password Authentication
-
- Using RADIUS or TACACS+ Authentication
- Using Local Password Authentication
- Order of Authentication Attempts
- Configuring the JUNOS Software Authentication Order for RADIUS,
TACACS+, and Local Password Authentication
- Example: Configuring System Authentication for RADIUS, TACACS+,
and Password Authentication
- Recovering the Root Password
- Configuring Time
-
- Modifying the Default Time Zone for a Router Running JUNOS
Software
- NTP Overview
- Synchronizing and Coordinating Time Distribution Using NTP
-
- Configuring NTP
- Configuring the NTP Boot Server
- Specifying a Source Address for an NTP Server
- NTP Time Server and Time Services Overview
- Configuring the NTP Time Server and Time Services
-
- Configuring the Router to Operate in Client Mode
- Configuring the Router to Operate in Symmetric Active Mode
- Configuring the Router to Operate in Broadcast Mode
- Configuring the Router to Operate in Server Mode
- Configuring NTP Authentication Keys
- Configuring the Router to Listen for Broadcast Messages Using
NTP
- Configuring the Router to Listen for Multicast Messages Using
NTP
- Setting a Custom Time Zone on Routers Running JUNOS Software
-
- Importing and Installing Time Zone Files
- Configuring a Custom Time Zone
- Configuring System Log Messages
-
- JUNOS Software System Log Configuration Overview
- JUNOS Software System Log Configuration Statements
- JUNOS Software Minimum and Default System Logging Configuration
-
- JUNOS Software Minimum System Logging Configuration
- JUNOS Software Default System Log Settings
- JUNOS Software Platform-Specific Default System Log Messages
- Single-Chassis System Logging Configuration
-
- Single-Chassis System Logging Configuration Overview
- Specifying the Facility and Severity of Messages to Include
in the Log
- JUNOS System Logging Facilities and Message Severity Levels
- Directing System Log Messages to a Log File
- Logging Messages in Structured-Data Format
- Directing System Log Messages to a User Terminal
- Directing System Log Messages to the Console
- System Logging on a Remote Machine or the Other Routing Engine
-
- Directing System Log Messages to a Remote Machine or the Other
Routing Engine
- Specifying an Alternative Source Address for System Log Messages
- Changing the Alternative Facility Name for Remote System Log
Messages
- System Log Default Facilities for Messages Directed to a Remote
Destination
- JUNOS System Log Alternate Facilities for Remote Logging
- Examples: Assigning an Alternative Facility
- Adding a Text String to System Log Messages
- Specifying Log File Size, Number, and Archiving Properties
- Including Priority Information in System Log Messages
- System Log Facility Codes and Numerical Codes Reported in Priority
Information
- Including the Year or Millisecond in Timestamps
- Using Regular Expressions to Refine the Set of Logged Messages
- JUNOS System Log Regular Expression Operators for the match
Statement
- Disabling the System Logging of a Facility
- Examples: Configuring System Logging
- Routing Matrix System Logging Configuration
-
- Configuring System Logging for a Routing Matrix
- Configuring Message Forwarding in the Routing Matrix
- Impact of Different Local and Forwarded Severity Levels on
System Log Messages
-
- Messages Logged When Local and Forwarded Severity Levels Are
the Same
- Messages Logged When Local Severity Level Is Lower
- Messages Logged When Local Severity Level Is Higher
- Configuring Optional Features for Forwarded Messages
-
- Including Priority Information in Forwarded Messages
- Adding a Text String to Forwarded Messages
- Using Regular Expressions to Refine the Set of Forwarded Messages
- Directing Messages to a Remote Destination from the Routing
Matrix
- Configuring System Logging Differently on Each Platform
- Configuring Miscellaneous System Management Features
-
- Configuring the JUNOS Software to Set Console and Auxiliary
Port Properties on a Router's Craft Interface
- Configuring the JUNOS Software to Disable Protocol Redirect
Messages on the Router
- Configuring the JUNOS Software to Select a Fixed Source Address
for Locally Generated TCP/IP Packets
- Configuring the JUNOS Software to Make the Router or Interface
Act as a DHCP or BOOTP Relay Agent
- Configuring the JUNOS Software to Disable the Routing Engine
Response to Multicast Ping Packets
- Configuring the JUNOS Software to Disable the Reporting of
IP Address and Timestamps in Ping Responses
- Configuring System Services for Remote Router Access
-
- System Services Overview
- Configuring clear-text or SSL Service for JUNOScript Client
Applications
-
- Configuring clear-text Service for JUNOScript Client Applications
- Configuring SSL Service for JUNOScript Client Applications
- Configuring the Router or Interface to Act as a DHCP Server
on J-series Services Routers
- DHCP Access Service Overview
-
- Network Address Assignments (Allocating a New Address)
- Network Address Assignments (Reusing a Previously Assigned
Address)
- Static and Dynamic Bindings
- Compatibility with Autoinstallation
- Conflict Detection and Resolution
- DHCP Statement Hierarchy and Inheritance
- Configuring Address Pools for DHCP Dynamic Bindings
- Configuring Manual (Static) DHCP Bindings Between a Fixed IP
Address and a Client’s MAC Address
- Specifying DHCP Lease Times for IP Address Assignments
- Configuring a DHCP Boot File and DHCP Boot Server
- Configuring a Static IP Address as DHCP Server Identifier
- Configuring a Domain Name and Domain Search List for a DHCP
Server Host
- Configuring Routers Available to the DHCP Client
- Creating User-Defined DHCP Options Not Included in the Default
JUNOS Implementation of the DHCP Server
- Example: Complete DHCP Server Configuration
- Example: Viewing DHCP Bindings
- Example: Viewing DHCP Address Pools
- Example: Viewing and Clearing DHCP Conflicts
- Configuring Tracing Operations for DHCP Processes
-
- Configuring the DHCP Processes Log Filename
- Configuring the Number and Size of DHCP Processes Log Files
- Configuring Access to the DHCP Log File
- Configuring a Regular Expression for Refining the Output of
DHCP Logged Events
- Configuring DHCP Trace Operation Events
- DHCP Processes Tracing Flags
- Configuring the Router as an Extended DHCP Local Server
- Interaction Among the DHCP Client, Extended DHCP Local Server,
and Address-Assignment Pools
- Extended DHCP Local Server and Address-Assignment Pools
- Methods Used by the Extended DHCP Local Server to Determine
Which Address-Assignment Pool to Use
-
- Matching the Client IP Address to the Address-Assignment Pool
- Matching Option 82 Information to Named Address Ranges
- Default Options Provided by the Extended DHCP Server for the
DHCP Client
- Using External AAA Authentication Services to Authenticate
DHCP Clients
-
- Configuring Authentication Support for an Extended DHCP Application
- Grouping Interfaces with Common DHCP Configurations
- Configuring Passwords for Usernames the DHCP Application Presents
to the External AAA Authentication Service
- Creating Unique Usernames the Extended DHCP Application Passes
to the External AAA Authentication Service
- Client Configuration Information Exchanged Between the External
Authentication Server, DHCP Application, and DHCP Client
- Tracing Extended DHCP Local Server Operations
-
- Configuring the Filename of the Extended DHCP Local Server
Processes Log
- Configuring the Number and Size of Extended DHCP Local Server
Processes Log Files
- Configuring Access to the Log File
- Configuring a Regular Expression for Lines to Be Logged
- Configuring Trace Option Flags
- Example: Configuring Minimum Extended DHCP Local Server Configuration
- Example: Extended DHCP Local Server Configuration with Optional
Pool Matching
- Verifying and Managing DHCP Local Server Configuration
- Configuring DTCP-over-SSH Service for the Flow-Tap Application
- Configuring Finger Service for Remote Access to the Router
- Configuring FTP Service for Remote Access to the Router
- Configuring SSH Service for Remote Access to the Router
-
- Configuring the Root Login Through SSH
- Configuring the SSH Protocol Version
- Configuring Outbound SSH Service
-
- Configuring the Router's Device Identifier for Outbound SSH
Connections
- Sending the Router’s Public SSH Host Key to the Outbound
SSH Client
- Configuring Keepalive Messages for Outbound SSH Connections
- Configuring a New Outbound SSH Connection
- Configuring the Outbound SSH Client to Accept NETCONF as an
Available Service
- Configuring Outbound SSH Clients
- Configuring Telnet Service for Remote Access to a Router
- Configuring Password Authentication for Console Access to PICs
- Configuring the JUNOS Software to Display a System Login Message
- Configuring the JUNOS Software to Display a System Login Announcement
- Disabling JUNOS Software Processes
- Configuring Failover to Backup Media if a JUNOS Software Process
Fails
- Configuring Password Authentication for the Diagnostics Port
- Viewing Core Files from JUNOS Software Processes
- Saving Core Files from JUNOS Software Processes
- Using JUNOS Software to Configure Logical System Administrators
- Using JUNOS Software to Configure a Router to Transfer Its
Configuration to an Archive Site
-
- Configuring the Router to Transfer Its Currently Active Configuration
to an Archive
- Configuring the Transfer Interval for Periodic Transfer of
the Active Configuration to an Archive Site
- Configuring Transfer of the Current Active Configuration When
a Configuration Is Committed
- Configuring Archive Sites for Transfer of Active Configuration
Files
- Using JUNOS Software to Specify the Number of Configurations
Stored on the CompactFlash Card
- Configuring RADIUS System Accounting
-
- Configuring Auditing of User Events on a RADIUS Server
- Specifying RADIUS Server Accounting and Auditing Events
- Configuring RADIUS Server Accounting
- Example: Configuring RADIUS System Accounting
- Configuring TACACS+ System Accounting
-
- Specifying TACACS+ Auditing and Accounting Events
- Configuring TACACS+ Server Accounting
- Configuring TACACS+ Accounting on a TX Matrix Platform
- Configuring the JUNOS Software to Work with SRC Software
- Configuring the JUNOS Software ICMPv4 Rate Limit for ICMPv4
Routing Engine Messages
- Configuring the JUNOS Software ICMPv6 Rate Limit for ICMPv6
Routing Engine Messages
- Configuring the JUNOS Software for IP-IP Path MTU Discovery
on IP-IP Tunnel Connections
- Configuring TCP MSS for Session Negotiation
-
- Configuring
TCP MSS on T-series and M-series Routing Platforms
- Configuring TCP MSS on J-series Services Routers
- Configuring the JUNOS Software for IPv6 Path MTU Discovery
- Configuring the JUNOS Software for IPv6 Duplicate Address Detection
Attempts
- Configuring the JUNOS Software for Acceptance of IPv6 Packets
with a Zero Hop-Limit
- Configuring the JUNOS Software for Path MTU Discovery on Outgoing
GRE Tunnel Connections
- Configuring the JUNOS Software for Path MTU Discovery on Outgoing
TCP Connections
- Configuring the JUNOS Software to Ignore ICMP Source Quench
Messages
- Configuring the JUNOS Software to Enable the Router to Drop
Packets with the SYN and FIN Bits Set
- Configuring the JUNOS Software to Disable TCP RFC 1323 Extensions
- Configuring the JUNOS Software to Disable the TCP RFC 1323
PAWS Extension
- Configuring the JUNOS Software to Extend the Default Port Address
Range
- Configuring the JUNOS Software ARP Learning and Aging Options
for Mapping IPv4 Network Addresses to MAC Addresses
-
- Configuring Passive ARP Learning for Backup VRRP Routers
- Adjusting the ARP Aging Timer
- Using JUNOS Software to Configure System Alarms to Appear Automatically
on J-series Routers
- System Alarms on J-series Routers
- Security Configuration Example
-
- Example: Configuring a Router's Name and Domain Name
- Example: Configuring RADIUS Authentication
- Example: Creating Login Classes
- Example: Defining User Login Accounts
- Example: Defining RADIUS Template Accounts
- Example: Enabling SSH Connection Services
- Example: Configuring System Logging
- Example: Configuring NTP as a Single Time Source for Router
Clock Synchronization
- Example: Configuring ATM, SONET, Loopback, and Out-of-band
Management Interfaces
- Example: Configuring SNMPv3
- Examples: Configuring Protocol-Independent Routing Properties
-
- Example: Configuring the Router ID and Autonomous System Number
for BGP
- Example: Configuring Martian Addresses
- Example: Viewing Reserved IRI IP Addresses
- Example: Configuring the BGP and IS-IS Routing Protocols
-
- Configuring BGP
- Configuring IS-IS
- Configuring Firewall Policies and Filters
-
- Example: Configuring Firewall Filters
- Example: Configuring Firewall Policies
- Example: Consolidated Security Configuration
- Summary of System Management Configuration Statements
-
- accounting
- accounting-port
- allow-commands
- allow-configuration
- allow-transients
- announcement
- archival
- archive
-
- archive (All System Log Files)
- archive (Individual System Log File)
- archive-sites
-
- archive-sites (Configuration)
- archive-sites (System Log)
- arp
- authentication
-
- authentication (Login)
- authentication (Subscriber Access Management)
- authentication-key
- authentication-order
- autoinstallation
- auxiliary
- backup-router
- boot-file
- boot-server
-
- boot-server (DHCP)
- boot-server (NTP)
- broadcast
- broadcast-client
- bucket-size
- change-type
- circuit-type
- class
-
- class (Define Login Classes)
- class (Assign a Class to an Individual User)
- client-identifier
- commit
- commit synchronize
- compress-configuration-files
- configuration
- configuration-servers
- connection-limit
- console
-
- console (Physical Port)
- console (System Logging)
- default-address-selection
- default-lease-time
- delimiter
- deny-commands
- deny-configuration
- destination
- destination-override
- dhcp
- dhcp-local-server
- diag-port-authentication
- domain-name
-
- domain-name (DHCP)
- domain-name (Subscriber Access Management)
- domain-name (Router)
- domain-search
- dump-device
- events
- explicit-priority
- facility-override
- file
-
- file (Commit Scripts)
- file (System Logging)
- files
- finger
- flow-tap-dtcp
- format
- ftp
- full-name
- gre-path-mtu-discovery
- group
- host
- host-name
- http
- https
- icmpv4-rate-limit
- icmpv6-rate-limit
- idle-timeout
- inet6-backup-router
- interface
-
- interface (ARP Aging Timer)
- interface (DHCP Local Server)
- interfaces
- internet-options
- ip-address-first
- ipip-path-mtu-discovery
- ipv6-duplicate-addr-detection-transmits
- ipv6-path-mtu-discovery
- ipv6-path-mtu-discovery-timeout
- ipv6-reject-zero-hop-limit
- limits
- load-key-file
- local-certificate
- location
- log-prefix
- logical-system-name
- login
- login-alarms
- login-tip
- mac-address
- match
- max-configurations-on-flash
- maximum-lease-time
- maximum-length
- message
- minimum-changes
- minimum-length
- mirror-flash-on-disk
- multicast-client
- name-server
- no-compress-configuration-files
- no-gre-path-mtu-discovery
- no-ipip-path-mtu-discovery
- no-ipv6-reject-zero-hop-limit
- no-multicast-echo
- no-path-mtu-discovery
- no-ping-record-route
- no-ping-time-stamp
- no-redirects
- no-remote-trace
- no-saved-core-context
- no-source-quench
- no-tcp-rfc1323
- no-tcp-rfc1323-paws
- no-world-readable
- ntp
- option-60
- option-82
-
- option-82 (Extended DHCP Local Server)
- option-82 (Subscriber Access Management)
- optional
- outbound-ssh
- packet-rate
- password
-
- password (Login)
- password (Subscriber Access Management)
- path-mtu-discovery
- peer
- permissions
- pic-console-authentication
- pool
- pool-match-order
- port
-
- port (HTTP/HTTPS)
- port (RADIUS Server)
- port (SRC Server)
- port (TACACS+ Server)
- ports
- processes
- protocol-version
- radius
- radius-options
- radius-server
- rate-limit
- refresh
- refresh-from
- retry
- retry-options
- root-authentication
- root-login
- router
- routing-instance-name
- saved-core-context
- saved-core-files
- scripts
- secret
- server
-
- server (NTP)
- server (RADIUS Accounting)
- server (TACACS+ Accounting)
- server-identifier
- servers
- service-deployment
- services
- session
- single-connection
- size
- source
- source-address
-
- source-address (NTP, RADIUS, System Logging, or TACACS+)
- source-address (SRC Software)
- source-port
- source-quench
- ssh
- start-time
- static-binding
- static-host-mapping
- structured-data
- syslog
- system
- tacplus
- tacplus-options
- tacplus-server
- tcp-drop-synfin-set
- tcp-mss
- telnet
- time-format
- timeout
- time-zone
- traceoptions
-
- traceoptions (Address-Assignment Pool)
- traceoptions (Commit Scripts)
- traceoptions (DHCP Server on J-series Services Routers)
- traceoptions (Extended DHCP Local Server)
- traceoptions (SBC Configuration Process)
- tracing
- transfer-interval
-
- transfer-interval (Configuration)
- transfer-interval (System Log)
- transfer-on-commit
- trusted-key
- uid
- user
-
- user (Access)
- user (System Logging)
- username-include
- user-prefix
- web-management
- wins-server
- world-readable
- xnm-clear-text
- xnm-ssl
- Access
-
- Configuring Access
-
- Access Configuration Complete Statements
- Configuring the PPP Authentication Protocol
- Example: Configuring PPP CHAP
- Example: Configuring CHAP Authentication with RADIUS
- Configuring Tracing Operations for Access Processes
-
- Configuring the Access Processes Log Filename
- Configuring the Number and Size of Access Processes Log Files
- Configuring Access to the Log File
- Configuring a Regular Expression for Lines to Be Logged
- Configuring the Trace Operations to be Logged
- Configuring L2TP for Enabling PPP Tunneling Within a Network
- Defining Minimum L2TP Configuration
- Configuring the Address Pool for L2TP Network Server IP Address
Allocation
- Configuring the Group Profile for Defining L2TP Attributes
-
- Configuring L2TP for a Group Profile
- Configuring the PPP Attributes for a Group Profile
- Example: Group Profile Configuration
- Configuring Access Profiles for L2TP or PPP Parameters
-
- Configuring the Access Profile
- Configuring the L2TP Properties for a Profile
- Configuring the PPP Properties for a Profile
- Configuring the Authentication Order
- Configuring the Accounting Order
- Configuring the L2TP Client
- Example: Defining the Default Tunnel Client
- Example: Defining the User Group Profile
- Configuring the CHAP Secret for an L2TP Profile
- Example: Configuring L2TP PPP CHAP
- Referencing the Group Profile from the L2TP Profile
- Configuring L2TP Properties for a Client-Specific Profile
- Example: PPP MP for L2TP
- Example: L2TP Multilink PPP Support on Shared Interfaces
- Configuring the PAP Password for an L2TP Profile
- Example: Configuring PAP for an L2TP Profile
- Configuring the PPP Properties for a Client-Specific Profile
- Applying a Configured PPP Group Profile to a Tunnel
- Example: Applying a User Group Profile on the M7i or M10i Router
- Example: Configuring the Access Profile
- Example: Configuring L2TP
- Configuring RADIUS Authentication for L2TP
- RADIUS Attributes for L2TP
- Example: Configuring RADIUS Authentication for L2TP
- Configuring the RADIUS Disconnect Server for L2TP
- Configuring RADIUS Authentication for an L2TP Client and Profile
- Example: Configuring RADIUS Authentication for an L2TP Profile
- Configuring an IKE Access Profile
- Subscriber Access Management
-
- Subscriber Access Management Overview
-
- AAA Service Framework Overview
- RADIUS Authentication and Accounting for Subscriber Access
Management Overview
- Configuring Router Interactions with RADIUS Servers for Subscriber
Access
- Configuring Authentication and Accounting Parameters for Subscriber
Access
-
- Specifying the Authentication and Accounting Methods
- Configuring How Accounting Statistics Are Collected
- Configuring RADIUS Parameters for AAA Subscriber Management
-
- Specifying the RADIUS Authentication and Accounting Servers
to Use for Subscriber Access Management
- Configuring Options for RADIUS Servers
- Configuring How RADIUS Attributes Are Used
- Example: Configuring RADIUS-Based Subscriber Authentication
and Accounting
- RADIUS Attributes and Juniper Networks VSAs Supported by the
AAA Service Framework
-
- RADIUS IETF Attributes Supported by the AAA Service Framework
- Juniper Networks VSAs Supported by the AAA Service Framework
- Attaching Access Profiles with the Routing Instance
- Verifying and Managing Subscriber Access Information
- Overview of Address-Assignment Pools for Subscriber Access
Management
- License Requirements for Address-Assignment Pools
- Configuring Address-Assignment Pools for Subscriber Access
Management
-
- Configuring an Address-Assignment Pool Name and Network Address
- Configuring a Named Address Range for Dynamic Address Assignment
- Configuring Static Address Assignment
- Configuring DHCP Client-Specific Attributes
- DHCP Client-Specific Attributes
- Example: Configuring an Address-Assignment Pool
- Tracing Address-Assignment Pool Processes
-
- Configuring the Address-Assignment Pool Trace Log Filename
- Configuring the Number and Size of Address-Assignment Pool
Processes Log Files
- Configuring Access to the Log File
- Configuring a Regular Expression for Lines to Be Logged
- Configuring the Trace
- Summary of Access Configuration Statements
-
- accounting
- accounting-order
- accounting-port
- accounting-server
- accounting-session-id-format
- accounting-stop-on-access-deny
- accounting-stop-on-failure
- address
- address-assignment
- address-pool
- address-range
- allowed-proxy-pair
- attributes
- authentication-order
- authentication-server
- boot-file
- boot-server
- cell-overhead
- chap-secret
- circuit-id
- client
- dhcp-attributes
- domain-name
- drop-timeout
- encapsulation-overhead
- ethernet-port-type-virtual
- exclude
- fragmentation-threshold
- framed-ip-address
- framed-pool
- grace-period
- group-profile
-
- group-profile (Group Profile)
- group-profile (Profile)
- hardware-address
- host
- idle-timeout
- ignore
- ike
- ike-policy
- immediate-update
- initiate-dead-peer-detection
- interface-description-format
- interface-id
- ip-address
- keepalive
- l2tp
-
- l2tp (Group Profile)
- l2tp (Profile)
- lcp-renegotiation
- local-chap
- maximum-lease-time
- maximum-sessions-per-tunnel
- multilink
- name-server
- nas-identifier
- nas-port-extended-format
- netbios-node-type
- network
- option
- options
- option-82
- option-match
- order
- override-nas-information
- pap-password
- pool
- port
- ppp
-
- ppp (Group Profile)
- ppp (Profile)
- ppp-authentication
- ppp-profile
- pre-shared-key
- primary-dns
- primary-wins
- profile
- radius
- radius-disconnect
- radius-disconnect-port
- radius-server
- range
- remote-id
- retry
- revert-interval
- router
- routing-instance
- secondary-dns
- secondary-wins
- secret
- shared-secret
- source-address
- statistics
- tftp-server
- timeout
- traceoptions
- update-interval
- user-group-profile
- vlan-nas-port-stacked-format
- wins-server
- Security Services
-
- Security Services Overview
-
- IPSec Overview
- Security Associations Overview
- IKE Key Management Protocol Overview
- IPSec Requirements for JUNOS-FIPS Overview
- Security Services Configuration Guidelines
-
- Security Services Complete Configuration Statements
- Configuring IPSec for an ES PIC
-
- IPSec Configuration for an ES PIC Overview
- Configuring Minimum Manual Security Associations for IPSec
on an ES PIC
- Configuring Minimum IKE Requirements for IPSec on an ES PIC
- Configuring Minimum Digital Certificates Requirements for IKE
on an ES PIC
- Configuring Security Associations for IPSec on an ES PIC
-
- Configuring the Description for an SA
- Configuring IPSec Transport Mode
- Configuring IPSec Tunnel Mode
- Configuring Manual IPSec Security Associations for an ES PIC
-
- Configuring the Processing Direction
- Configuring the Protocol for a Manual SA
- Configuring the Security Parameter Index
- Configuring the Auxiliary Security Parameter Index
- Configuring the Authentication Algorithm and Key
- Configuring the Encryption Algorithm and Key
- Configuring Dynamic IPSec Security Associations
- Enabling Dynamic IPSec Security Associations
- Configuring an IKE Proposal for Dynamic SAs
-
- Configuring the Authentication Algorithm for an IKE Proposal
- Configuring the Authentication Method for an IKE Proposal
- Configuring the Description for an IKE Proposal
- Configuring the Diffie-Hellman Group for an IKE Proposal
- Configuring the Encryption Algorithm for an IKE Proposal
- Configuring the Lifetime for an IKE SA
- Example: Configuring an IKE Proposal
- Configuring an IKE Policy for Preshared Keys
-
- Configuring the Description for an IKE Policy
- Configuring the Mode for an IKE Policy
- Configuring the Preshared Key for an IKE Policy
- Associating Proposals with an IKE Policy
- Example: Configuring an IKE Policy
- Configuring an IPSec Proposal for an ES PIC
-
- Configuring the Authentication Algorithm for an IPSec Proposal
- Configuring the Description for an IPSec Proposal
- Configuring the Encryption Algorithm for an IPSec Proposal
- Configuring the Lifetime for an IPSec SA
- Configuring the Protocol for a Dynamic IPSec SA
- Configuring the IPSec Policy for an ES PIC
-
- Configuring Perfect Forward Secrecy
- Example: Configuring an IPSec Policy
- Using Digital Certificates for ES and AS PICs
-
- Complete Configuration Statements for Configuring Digital Certificates
for an ES PIC
- Digital Certificates Overview
- Obtaining a Certificate from a Certificate Authority for an
ES PIC
- Requesting a CA Digital Certificate for an ES PIC on an M-series
or T-series Routing Platform
- Example: Requesting a CA Digital Certificate
- Generating a Private and Public Key Pair for Digital Certificates
for an ES PIC
- Configuring Digital Certificates for an ES PIC
-
- Configuring the Certificate Authority Properties for an ES
PIC
-
- Specifying the Certificate Authority Name
- Configuring the Certificate Revocation List
- Configuring the Type of Encoding Your CA Supports
- Specifying an Enrollment URL
- Specifying a File to Read the Digital Certificate
- Specifying an LDAP URL
- Configuring the Cache Size
- Configuring the Negative Cache
- Configuring the Number of Enrollment Retries
- Configuring the Maximum Number of Peer Certificates
- Configuring the Path Length for the Certificate Hierarchy
- Configuring an IKE Policy for Digital Certificates for an ES
PIC
-
- Configuring the Type of Encoding Your CA Supports
- Configuring the Identity to Define the Remote Certificate Name
- Specifying the Certificate Filename
- Specifying the Private and Public Key File
- Obtaining a Signed Certificate from the CA for an ES PIC
- Associating the Configured Security Association with a Logical
Interface
- Configuring Digital Certificates for Adaptive Services Interfaces
-
- Configuring the Certificate Authority Properties
-
- Specifying the CA Profile Name
- Specifying an Enrollment URL
- Specifying the Enrollment Properties
- Configuring the Certificate Revocation List
-
- Specifying an LDAP URL
- Configuring the Interval Between CRL Updates
- Overriding Certificate Verification if CRL Download Fails
- Managing Digital Certificates
-
- Requesting a CA Digital Certificate for AS and MultiServices
PICs installed on M-series and T-series Routing Platforms
- Generating a Public/Private Key Pair
- Generating and Enrolling a Local Digital Certificate
- Configuring the Auto-Reenrollment Properties for Automatic
Renewal of the Router Certificate from the CA
-
- Specify the Certificate ID
- Specify the CA Profile
- Specify the Challenge Password
- Specify the Reenroll Trigger Time
- Specify the Regenerate Key Pair
- Specify the Validity Period
- Configuring IPSec Tunnel Traffic
-
- IPSec Tunnel Traffic Configuration Overview
- Example: Configuring an Outbound Traffic Filter
- Example: Applying an Outbound Traffic Filter
- Example: Configuring an Inbound Traffic Filter for Policy Check
- Example: Applying an Inbound Traffic Filter to an ES PIC for
Policy Check
- ES Tunnel Interface Configuration for a Layer 3 VPN
- Configuring Tracing Operations for Security Services
- Configuring Tracing Operations for IPSec Events for Adaptive
Services PICs
- Configuring the Authentication Key Update Mechanism for BGP
and LDP Routing Protocols
-
- Configuring Authentication Key Updates
- Configuring BGP and LDP for Authentication Key Updates
- Configuring SSH Host Keys for Secure Copying of Data
-
- Configuring SSH Known Hosts
- Configuring Support for SCP File Transfer
- Updating SSH Host Key Information
-
- Retrieving Host Key Information Manually
- Importing Host Key Information from a File
- Importing SSL Certificates for JUNOScript Support
- Configuring Internal IPSec for JUNOS-FIPS
-
- Configuring the SA Direction
- Configuring the IPSec SPI
- Configuring the IPSec Key
- Example: Configuring Internal IPSec
- Summary of Security Services Configuration Statements
-
- algorithm
- authentication
- authentication-algorithm
-
- authentication-algorithm (IKE)
- authentication-algorithm (IPSec)
- authentication-key-chains
- authentication-method
- auto-re-enrollment
- auxiliary-spi
- ca-identity
- ca-name
- ca-profile
- cache-size
- cache-timeout-negative
- certificate-id
- certificates
- certification-authority
- challenge-password
- crl
-
- crl (Encryption Interface on M-series and T-series Routing
Platforms Only)
- crl (Adaptive Services Interfaces Only)
- description
- dh-group
- direction
-
- direction (JUNOS Software)
- direction (JUNOS-FIPS Software)
- dynamic
- encoding
- encryption
-
- encryption (JUNOS Software)
- encryption (JUNOS-FIPS Software)
- encryption-algorithm
- enrollment
- enrollment-retry
- enrollment-url
- file
- identity
- ike
- internal
- ipsec
- key
- ldap-url
- lifetime-seconds
- local
- local-certificate
- local-key-pair
- manual
-
- manual (JUNOS Software)
- manual (JUNOS-FIPS Software)
- maximum-certificates
- mode
-
- mode (IKE)
- mode (IPSec)
- path-length
- perfect-forward-secrecy
- pki
- policy
-
- policy (IKE)
- policy (IPSec)
- pre-shared-key
- proposal
-
- proposal (IKE)
- proposal (IPSec)
- proposals
- protocol
-
- protocol (JUNOS Software)
- protocol (JUNOS-FIPS Software)
- re-enroll-trigger-time
- re-generate-keypair
- refresh-interval
- retry
- retry-interval
- revocation-check
- security-association
-
- security-association (JUNOS Software)
- security-association (JUNOS-FIPS Software)
- spi
-
- spi (JUNOS Software)
- spi (JUNOS-FIPS Software)
- ssh-known-hosts
- traceoptions
- url
- validity-period
- Router Chassis
-
- Router Chassis Configuration Guidelines
-
- Router Chassis Complete Configuration Statements
- Configuring the JUNOS Software to Make a Flexible PIC Concentrator
Stay Offline
- Configuring the JUNOS Software to Make an SFM Stay Offline
- Configuring the JUNOS Software for Supporting Aggregated Devices
-
- Configuring Virtual Links for Aggregated Devices
- Configuring LACP Link Protection at the Chassis Level
- Enabling LACP Link Protection
- Configuring System Priority
- Configuring the JUNOS Software to Use ATM Cell-Relay Accumulation
Mode on an ATM1 PIC
- Configuring Port-Mirroring Instances
-
- Port-Mirroring Instances Overview
- Configuring
Port-Mirroring Instances on MX-series Routers
-
- Configuring Port-Mirroring Instances at the DPC Level
- Configuring Port-Mirroring Instances at the PIC Level
- Configuring Port-Mirroring Instances on M320 Routers
- Configuring Port-Mirroring Instances on M120 Routers
- Configuring the JUNOS Software to Determine the Conditions
That Trigger Alarms
-
- Configuring the JUNOS Software to Determine Conditions That
Trigger Alarms on Different Interface Types
- System-Wide Alarms and Alarms for Each Interface Type
- Chassis Conditions That Trigger Alarms
-
- Chassis Components Alarm Conditions on an M5 or M10 Router
- Chassis Components Alarm Conditions for an M20 Router
- Chassis Component alarm Conditions for an M120 Router
- Chassis Component Alarm Conditions for an M40 Router
- Chassis Component Alarm Conditions for an M40e or M160 Router
- Chassis Component Alarm Conditions for an M320 Router
- Chassis Component Alarm Conditions for an MX240, MX480, or
MX960 Router
- Backup Routing Engine Alarms
- Silencing External Devices Connected to the Alarm Relay Contacts
- Configuring the JUNOS Software to Disable the Physical Operation
of the Craft Interface
- Configuring the JUNOS Software to Enable Service Packages on
Adaptive Services Interfaces
- Configuring the JUNOS Software to Enable SONET/SDH Framing
for SONET/SDH PICs
- Configuring the JUNOS Software to Support an External Clock
Synchronization Interface for the M320, M40e, and M120 Routing Platforms
- Configuring the JUNOS Software to Support the Sparse DLCI Mode
on Channelized STM1 or Channelized DS3 PICs
- Configuring the JUNOS Software to Enable a SONET PIC to Operate
in the Channelized (Multiplexed) Mode
- Configuring Channelized DS3-to-DS0 Naming
-
- Configuring the JUNOS Software to Support Channelized DS3-to-DS0
Naming for Channel Groups and Time Slots
- Ranges for Channelized DS3-to-DS0 Configuration
- Configuring the JUNOS Software to Support Eight Queues on IQ
Interfaces for T-Series and M320 Routing Platforms
- Configuring Channel Groups and Time Slots for a Channelized
E1 Interface
-
- Configuring the JUNOS Software to Support Channel Groups and
Time Slots for Channelized E1 PICs
- Ranges for Channelized E1 Configuration
- Configuring the JUNOS Software to Support Channelized STM1
Interface Virtual Tributary Mapping
- Configuring the JUNOS Software to Enable ATM2 Intelligent Queuing
Layer 2 Circuit Transport Mode
- Configuring the JUNOS Software to Support ILMI for Cell Relay
Encapsulation on an ATM2 IQ PIC
- Configuring the JUNOS Software to Support Tunnel Interfaces
on MX-Series Ethernet Services Routers
- Example: Configuring Tunnel Interfaces on a Gigabit Ethernet
40-Port DPC
- Example: Configuring Tunnel Interfaces on a 10-Gigabit Ethernet
4-Port DPC
- Configuring the JUNOS Software to Enable an M160 Router to
Operate in Packet Scheduling Mode
- Configuring the Link Services PIC for Multilink Protocol Support
-
- Configuring the JUNOS Software to Support the Link Services
PIC
- Multiclass Extension for Multiple Classes of Service Using
MLPPP (RFC 2686)
- Configuring the JUNOS Software to Enable Idle Cell Format and
Payload Patterns for ATM Devices
- Configuring the JUNOS Software to Enable MTU Path Check for
a Routing Instance on M-series Routers
-
- Enabling MTU Check for a Routing Instance
- Assigning an IP Address to an Interface in the Routing Instance
- Configuring the JUNOS Software to Support Redundancy on Routers
Having Multiple Routing Engines or Switching Boards
- Configuring the JUNOS Software to Support FPC to FEB Connectivity
on M120 Routers
- Configuring the JUNOS Software to Enable a Routing Engine to
Reboot on Hard Disk Errors
- Configuring the JUNOS Software to Prevent the Resetting of
the Factory Default or Rescue Configuration During Current Configuration
Failure on J-Series Routers
- Configuring Larger Delay Buffers to Prevent Congestion And
Packet Dropping
-
- Configuring the JUNOS Software to Enable Larger Delay Buffers
for T1, E1, and DS0 Interfaces Configured on Channelized IQ PICs
- Maximum Delay Buffer with q-pic-large-buffer Statement Enabled
- Configuring the JUNOS Software to Support Entry-Level Configuration
on an M320 Router With a Minimum Number of SIBs and PIMs
- Configuring the uPIM Mode to Run in the Switching or Routing
Modes on J-Series Routes
-
- Configuring the JUNOS Software to Support the uPIM Mode on
J-series Routers
- Configuring the JUNOS Software to Set a PIM Offline on J-Series
Routers
- Configuring the JUNOS Software to Disable Power Management
on the J-series Chassis
- Configuring the IP and Ethernet Services Mode in MX-series
Routers
-
- Configuring the JUNOS Software to Run in the IP and Ethernet
Services Mode in MX-series Routers
- Restrictions on JUNOS Features for MX-series Routers
- Configuring J-series Services Router Switching Interfaces
- Example: Configuring J-series Services Router Switching Interfaces
- TX Matrix Platform and T640 Routing Node Configuration Guidelines
-
- TX Matrix Platform and T640 Routing Node Configuration Overview
-
- Routing Matrix Overview
- Running Different JUNOS Software Releases on the TX Matrix
Platform and the T640 Routing Nodes
- TX Matrix Platform Software Upgrades and Reinstallation
- TX Matrix Platform Rebooting Process
- Committing Configurations on the TX Matrix Platform
- Routing Matrix Configuration Groups
- Routing Matrix System Log Messages
- Using the JUNOS software to Configure a T640 Routing Node Within
a Routing Matrix
- TX Matrix Platform Chassis and Interface Names
- Configuring the JUNOS Software to Upgrade and Downgrade Switch
Interface Boards on a TX Matrix Platform
-
- Configuring the JUNOS Software to Upgrade Switch Interface
Boards on a TX Matrix Platform
- Configuring the JUNOS Software to Downgrade Switch Interface
Boards on a TX Matrix Platform
- Configuring the JUNOS Software to Enable the TX Matrix Platform
to Generate an Alarm if a T640 Routing Node Stays Offline
- Summary of Router Chassis Configuration Statements
-
- adaptive-services
- aggregate-ports
- aggregated-devices
- alarm
- atm-cell-relay-accumulation
- atm-l2circuit-mode
- bandwidth
- ce1
- channel-group
- chassis
- config-button
- craft-lockout
- ct3
- device-count
- disk-failure-action
- e1
- ethernet
- fabric upgrade-mode
- fpc
-
- fpc (M320, T320, T640 Routing Platforms)
- fpc (MX-Series Ethernet Services Routers)
- fpc (TX Matrix Platform)
- fpc-feb-connectivity
- framing
- idle-cell-format
- lacp
- lcc
- link-protection
- max-queues-per-interface
- mlfr-uni-nni-bundles
- network-services
- no-concatenate
- non-revertive
- offline
- on-disk-failure
- online-expected
- packet-scheduling
- pem
- pic
-
- pic (M-series and T-series Routing Platforms)
- pic (TX Matrix Platform)
- port
- power
- q-pic-large-buffer
- red-buffer-occupancy
- routing-engine
- sfm
- service-package
- sib
- sonet
- sparse-dlcis
- synchronization
- system-priority
- t1
- timeslots
- traffic-manager
- tunnel-services
- vrf-mtu-check
- vtmapping
- Index
-
- Index
- Index of Statements and Commands
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]