services (System Services)
Sintaxis
services { bbe-stats-service { } database-replication { traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } dhcp { boot-file boot-file; boot-server boot-server; default-lease-time(infinite | length); domain-name domain-name; domain-search name; maximum-lease-time(infinite | length); name-server name; next-server next-server; option name { array { (byte [ byte ... ] | flag(false | off | on | true) | integer [ integer ... ] | ip-address [ ip-address ... ] | short [ short ... ] | string string | unsigned-integer [ unsigned-integer ... ] | unsigned-short [ unsigned-short ... ]); } byte byte; byte-stream byte-stream; flag(false | off | on | true); integer integer; ip-address ip-address; short short; string string; unsigned-integer unsigned-integer; unsigned-short unsigned-short; } pool name { address-rangehigh highlow low; boot-file boot-file; boot-server boot-server; default-lease-time(infinite | length); domain-name domain-name; domain-search name; exclude-address name; maximum-lease-time(infinite | length); name-server name; next-server next-server; option name { array { (byte [ byte ... ] | flag(false | off | on | true) | integer [ integer ... ] | ip-address [ ip-address ... ] | short [ short ... ] | string string | unsigned-integer [ unsigned-integer ... ] | unsigned-short [ unsigned-short ... ]); } byte byte; byte-stream byte-stream; flag(false | off | on | true); integer integer; ip-address ip-address; short short; string string; unsigned-integer unsigned-integer; unsigned-short unsigned-short; } router name; server-identifier server-identifier; sip-server { address name; name name; } wins-server name; } router name; server-identifier server-identifier; sip-server { address name; name name; } static-binding name {..} wins-server name; } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; level(all | error | info | notice | verbose | warning); no-remote-trace; } wins-server name; } dhcp-local-server { (requested-ip-interface-match | requested-ip-network-match requested-ip-network-match); access-profile access-profile; active-leasequery { idle-timeout seconds; peer-address name; timeout seconds; topology-discover; } allow-active-leasequery { idle-timeout seconds; timeout seconds; } allow-bulk-leasequery { max-connections max-connections; max-empty-replies seconds; restricted-requestor; timeout seconds; } allow-leasequery { restricted-requestor; } authentication {..} } } dhcpv6 { (requested-ip-interface-match | requested-ip-network-match requested-ip-network-match); access-profile access-profile; active-leasequery { idle-timeout seconds; peer-address name; timeout seconds; topology-discover; } allow-active-leasequery { idle-timeout seconds; timeout seconds; } allow-bulk-leasequery { max-connections max-connections; max-empty-replies seconds; restricted-requestor; timeout seconds; } allow-leasequery { restricted-requestor; } authentication { password password; username-include { circuit-type; client-id<exclude-headers><use-automatic-ascii-hex-encoding>; delimiter delimiter; domain-name domain-name; interface-description(device | logical); interface-name; logical-system-name; mac-address; relay-agent-interface-id; relay-agent-remote-id {} relay-agent-subscriber-id; routing-instance-name; user-prefix user-prefix; vlan-tags; } } duplicate-clientsincoming-interface; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); dynamic-server { group name { interface name { overrides {..} delegated-pool delegated-pool; ia-na-pool ia-na-pool; interface-client-limit interface-client-limit; process-inform { pool pool; } rapid-commit; } } neighbor-discovery-router-advertisement neighbor-discovery-router-advertisement; overrides {..} delegated-pool delegated-pool; ia-na-pool ia-na-pool; interface-client-limit interface-client-limit; process-inform { pool pool; } rapid-commit; } } overrides {..} delegated-pool delegated-pool; ia-na-pool ia-na-pool; interface-client-limit interface-client-limit; process-inform { pool pool; } rapid-commit; } } forward-snooped-clients(all-interfaces | configured-interfaces | non-configured-interfaces); group name { access-profile access-profile; authentication {..} dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); interface name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); exclude; overrides {..} delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; trace; upto upto; } interface-tag name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); overrides {..} delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } overrides {..} delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } reauthenticate<lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; strict; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression<access><access-internal>; service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } no-snoop; overrides {..} delegated-pool delegated-pool; delete-binding-on-renegotiation; dual-stack dual-stack; interface-client-limit interface-client-limit; multi-address-embedded-option-response; process-inform { pool pool; } protocol-attributes protocol-attributes; rapid-commit; top-level-status-code; } persistent-storageautomatic; reauthenticate<lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; strict; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression<access><access-internal>; server-duid-type { duid_ll; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } dual-stack-group name { access-profile access-profile; authentication {..} } classification-key { circuit-id; mac-address; remote-id; } dual-stack-interface-client-limit dual-stack-interface-client-limit; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } on-demand-address-allocation; protocol-master(inet | inet6); reauthenticate<lease-renewal><remote-id-mismatch>; service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } duplicate-clients-in-subnet(incoming-interface | option-82); dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); forward-snooped-clients(all-interfaces | configured-interfaces | non-configured-interfaces); group name { access-profile access-profile; authentication {..} dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); interface name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); exclude; overrides(dhcp-relay-agent) {..} delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; trace; upto upto; } interface-tag name { access-profile access-profile; dynamic-profile dynamic-profile(aggregate-clients(merge | replace) | use-primary use-primary); overrides(dhcp-relay-agent) {..} delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } overrides { allow-no-end-option; asymmetric-lease-time seconds; bootp-support; client-discover-match(incoming-interface | option60-and-option82); delay-offer { based-on { option-60 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-77 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } option-82 { equals { ascii name; hexadecimal name; } not-equals { ascii name; hexadecimal name; } starts-with { ascii name; hexadecimal name; } } } delay-time seconds; } delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } reauthenticate<actual-data-rate-change<actual-data-rate-downstream<threshold threshold>><actual-data-rate-upstream<threshold threshold>>><lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression { (access-internal | destination); } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } lease-time-validation { lease-time-threshold seconds; violation-action(override-lease | strict); } liveness-detection { failure-action(clear-binding | clear-binding-if-interface-up | log-only); method { bfd { no-adaptation; detection-time { threshold milliseconds; } holddown-interval milliseconds; inline-disable; minimum-interval milliseconds; minimum-receive-interval milliseconds; multiplier multiplier; pdu-size pdu-size; session-mode(automatic | multihop | single-hop); transmit-interval { minimum-interval milliseconds; threshold milliseconds; } version(0 | 1 | automatic); } layer2-liveness-detection { max-consecutive-retries max-consecutive-retries; transmit-interval seconds; } } } no-snoop; overrides (dhcp-relay-agent) {..} delete-binding-on-renegotiation; dual-stack dual-stack; include-option-82 { forcerenew; nak; } interface-client-limit interface-client-limit; process-inform { pool pool; } protocol-attributes protocol-attributes; } persistent-storageautomatic; pool-match-order name; reauthenticate<actual-data-rate-change<actual-data-rate-downstream<threshold threshold>><actual-data-rate-upstream<threshold threshold>>><lease-renewal><remote-id-mismatch>; reconfigure { attempts attempts; clear-on-abort; support-option-pd-exclude; timeout timeout; token token; trigger { radius-disconnect; } } remote-id-mismatch { disconnect; } route-suppression { (access-internal | destination); } service-profile service-profile; short-cycle-protection<lockout-max-time lockout-max-time><lockout-min-time lockout-min-time>; } dns { dnssec {..} } forwarders name; max-cache-ttl seconds; max-ncache-ttl seconds; traceoptions { category name; debug-level debug-level; file< filename><files files><size size><(world-readable | no-world-readable)>; no-remote-trace; } } dtcp-only; extension-service { notification { allow-clients { address [ address ... ]; } broker-socket-send-buffer-size broker-socket-send-buffer-size; max-connections max-connections; port port; } remote-telemetry-service { host host; password password; port port; user user; } request-response { grpc { ssl { address address; hot-reloading; local-certificate [ local-certificate ... ]; mutual-authentication { certificate-authority certificate-authority; client-certificate-request(no-certificate | request-certificate | request-certificate-and-verify | require-certificate | require-certificate-and-verify); } port port; use-pki; } max-connections max-connections; routing-instance routing-instance; } } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; levelerror; no-remote-trace; } } finger { connection-limit connections; rate-limit connections per minute; } flow-tap-dtcp { ssh { connection-limit connections; rate-limit connections per minute; } } ftp { authentication-order(one-time-password | otp-md4 | password | radius | tacplus); connection-limit connections; rate-limit connections per minute; } grpc-tunnel { servers { retry-interval seconds; server name { address address; credentials { tls { ca-profiles [ ca-profiles ... ]; certificate-id certificate-id; } } port port; routing-instance routing-instance; source-address source-address; targets(gnmi-gnoi | netconf-ssh | ssh); } } target-string-option { custom-string custom-string; delimiter delimiter; pattern(custom | hostname | model | vendor | version); } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; level(all | error | info | notice | verbose | warning); no-remote-trace; } } jeb { max-seed-size max-seed-size; port port; rbg(default-rng | hmac-drbg | jrbc); tls { cert-bundle cert-bundle; certificate certificate; key key; } } netconf { flatten-commit-results; hello-message { yang-module-capabilities { advertise-custom-yang-modules; advertise-native-yang-modules; advertise-standard-yang-modules; } } netconf-monitoring { netconf-state-schemas { retrieve-custom-yang-modules; retrieve-standard-yang-modules; } } notification { interleave; } rfc-compliant; ssh { client-alive-count-max client-alive-count-max; client-alive-interval seconds; connection-limit connections; port port; rate-limit connections per minute; } tls { client-identity name { fingerprint fingerprint; map-type(san-dirname-cn | specified); username username; } default-client-identity { map-type(san-dirname-cn | specified); username username; } local-certificate local-certificate; traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; level(all | error | info | notice | verbose | warning); no-remote-trace; } } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; on-demand; } unified { unhide; } yang-compliant; yang-modules { device-specific; emit-anyxml-in-rpc-output; emit-extensions; emit-family-ns-and-module-name; } } netproxy; outbound-https { client name { device-id device-id; reconnect-strategy(in-order | sticky); secret secret; servers name { port port; trusted-cert trusted-cert; } waittime waittime; } } resource-monitor { free-fw-memory-watermark percentage; free-heap-memory-watermark percentage; free-nh-memory-watermark percentage; high-cos-queue-threshold percentage; high-threshold percentage; no-load-throttle; no-logging; no-throttle; no-usage-update; resource-categoryjtree { resource-type(contiguous-pages | free-dwords | free-pages) { high-watermark high-watermark; low-watermark low-watermark; } } subscribers-limit { client-type(any | dhcp | l2tp | pppoe) { chassis { limit limit; } fpc name { limit limit; pic name { limit limit; port name { limit limit; } } } } } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } rest { control { allowed-sources [ allowed-sources ... ]; connection-limit connection-limit; } enable-explorer; http { addresses [ addresses ... ]; port port; } https { addresses [ addresses ... ]; ca-chain ca-chain; cipher-list(dhe-rsa-with-3des-ede-cbc-sha | dhe-rsa-with-aes-128-cbc-sha | dhe-rsa-with-aes-128-cbc-sha256 | dhe-rsa-with-aes-128-gcm-sha256 | dhe-rsa-with-aes-256-cbc-sha | dhe-rsa-with-aes-256-cbc-sha256 | dhe-rsa-with-aes-256-gcm-sha384 | ecdhe-rsa-with-3des-ede-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha256 | ecdhe-rsa-with-aes-128-gcm-sha256 | ecdhe-rsa-with-aes-256-cbc-sha | ecdhe-rsa-with-aes-256-cbc-sha384 | ecdhe-rsa-with-aes-256-gcm-sha384 | ecdhe-rsa-with-rc4-128-sha | rsa-with-3des-ede-cbc-sha | rsa-with-aes-128-cbc-sha | rsa-with-aes-128-cbc-sha256 | rsa-with-aes-128-gcm-sha256 | rsa-with-aes-256-cbc-sha | rsa-with-aes-256-cbc-sha256 | rsa-with-aes-256-gcm-sha384 | rsa-with-rc4-128-md5 | rsa-with-rc4-128-sha | tls-aes-128-gcm-sha256 | tls-aes-256-gcm-sha384); mutual-authentication { certificate-authority certificate-authority; } port port; server-certificate server-certificate; } https-5g { addresses [ addresses ... ]; mutual-authentication { certificate-authority certificate-authority; } port port; server-certificate server-certificate; } routing-instance routing-instance; traceoptions { flag(all | juise | lighttpd); } } reverse { ssh { port port; } telnet { port port; } } ssh { access-disable-external; allow-tcp-forwarding; authentication-order(one-time-password | otp-md4 | password | radius | tacplus); authorized-keys-command authorized-keys-command; authorized-keys-command-user authorized-keys-command-user; authorized-principals [ authorized-principals ... ]; authorized-principals-command authorized-principals-command; authorized-principals-file authorized-principals-file; cert-based-auth { host-certificate host-certificate; trusted-user-ca-keys name; } ciphers(3des-cbc | aes128-cbc | aes128-ctr | aes128-gcm@openssh.com | aes192-cbc | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm@openssh.com | chacha20-poly1305@openssh.com); client-alive-count-max client-alive-count-max; client-alive-interval seconds; connection-limit connections; fingerprint-hash(md5 | sha2-256); host-certificate-file host-certificate-file; hostkey-algorithm-list { ecdsa-sha2-nistp256; ecdsa-sha2-nistp384; ecdsa-sha2-nistp521; ed25519; rsa; } key-exchange(curve25519-sha256 | dh-group14-sha1 | dh-group1-sha1 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | group-exchange-sha1 | group-exchange-sha2); log-key-changes; macs(hmac-md5 | hmac-md5-96 | hmac-md5-96-etm@openssh.com | hmac-md5-etm@openssh.com | hmac-sha1 | hmac-sha1-96 | hmac-sha1-96-etm@openssh.com | hmac-sha1-etm@openssh.com | hmac-sha2-256 | hmac-sha2-256-etm@openssh.com | hmac-sha2-512 | hmac-sha2-512-etm@openssh.com | umac-128@openssh.com | umac-128-etm@openssh.com | umac-64@openssh.com | umac-64-etm@openssh.com); max-pre-authentication-packets max-pre-authentication-packets; max-sessions-per-connection max-sessions-per-connection; no-challenge-response; no-password-authentication; no-passwords; no-public-keys; port port; protocol-versionv2; rate-limit connections per minute; rekey { data-limit bytes; time-limit minutes; } root-login(allow | deny | deny-password); sftp-server; trusted-user-ca-key-file trusted-user-ca-key-file; } static-subscribers { access-profile< access-profile-name>; authentication {..} } auto-login; baseline-stats; dynamic-profile { aggregate-clients(merge | replace); dynamic-profile-name; } group name { access-profile< access-profile-name>; authentication { password password; username-include { delimiter delimiter; domain-name domain-name; interface; logical-system-name; routing-instance-name; user-prefix user-prefix; vlan-tags; } } auto-login; dynamic-profile { aggregate-clients(merge | replace); dynamic-profile-name; } interface name { exclude; upto upto; } service-profile< service-profile-name>; } interface name { subscriber-ip-address address; subscriber-ipv6-address address; } service-profile< service-profile-name>; } subscriber-management { enable { } enforce-strict-scale-limit-license; gres-route-flush-delay; interfaces name { auto-configure { agent-circuit-identifier { dynamic-profile dynamic-profile; } line-identity { dynamic-profile dynamic-profile; includes { accept-no-ids; circuit-id; remote-id; } } remove-when-no-subscribers; stacked-vlan-ranges { access-profile access-profile-name; authentication { packet-types; password password; username-include { circuit-type; delimiter delimiter; domain-name domain-name; interface-name; mac-address; option-18; option-37; option-82<circuit-id><remote-id>; radius-realm radius-realm; user-prefix user-prefix; vlan-tags; } } dynamic-profile name { accept; access-profile ap-name; ranges name; } override { outer-tag name { dynamic-profile dynamic-profile; inner-tag inner-tag; } } } vlan-ranges { access-profile access-profile-name; authentication {..} } dynamic-profile name { (accept | accept-out-of-band); access-profile ap-name; ranges name; } override { tag name { dynamic-profile dynamic-profile; } } } } interface-tag interface-tag; unit name { pppoe-underlying-options { access-concentrator access-concentrator; direct-connect; duplicate-protection; dynamic-profile dynamic-profile; max-sessions max-sessions; max-sessions-vsa-ignore; service-name-table service-name-table; short-cycle-protection { filteraci; lockout-time-max seconds; lockout-time-min seconds; } } } } location location; maintain-subscriber { interface-delete; } mode { control-plane { control-plane-name control-plane-name; cp-id cp-id; instance name { user-plane user-plane; } load-balancing { group name { user-plane name { port name { max-weight max-weight; } preferred; } } } pfcp { enable-tracing; heartbeat-interval seconds; retransmission-timer seconds; retries retries; } security-profiles name { ca-cert-file-name ca-cert-file-name; cert-file-name cert-file-name; key-file-name key-file-name; } transport {..} user-plane name { (inet inet | inet6 inet6); netconf { password password; port port; user-name user-name; } partition partition; service-set name { captive-portal-content-delivery-profile captive-portal-content-delivery-profile; interface-service { service-interface service-interface; } service-set-options { routing-engine-services; } } statistics-reporting-interval minutes; v6-delegated-partition v6-delegated-partition; v6-na-partition v6-na-partition; v6-ra-partition v6-ra-partition; } } user-plane { capabilities { function-features { exclude-lac; exclude-lcp-keepalive-offload; exclude-lns; } } control-plane { control-plane-name control-plane-name; transport { (inet inet | inet6 inet6); inet-tcp inet-tcp; port port; } } pfcp { enable-tracing; heartbeat-interval seconds; retransmission-timer seconds; retries retries; } security-profiles name { ca-cert-file-name ca-cert-file-name; cert-file-name cert-file-name; key-file-name key-file-name; } selection-function { cluster name; service-group name; } transport { (inet inet | inet6 inet6); security-profile security-profile; } user-plane-name user-plane-name; } } overrides { event { catastrophic-failure { reboot { routing-engine-specifiers; } } } force-show-arp-resolve; interfaces { family { inet { ipoe-dynamic-arp-enable; layer2-liveness-detection; receive-gratuitous-arp; } inet6 { layer2-liveness-detection; } } } no-unsolicited-ra; shmlog { disable; file filename<files files><size size>; filtering { enable; } log-name name {..} log-type(debug | info | notice) {..} } work-management {..} } redundancy { group name { interface name { standby-mode(hot-standby | service-activation-on-failover); } } interface name { local-inet6-address local-inet6-address; local-inet-address local-inet-address; shared-key shared-key; virtual-inet6-address virtual-inet6-address; virtual-inet-address virtual-inet-address; } no-advertise-routes-on-backup; protocol { pseudo-wire; vrrp; } re-authenticate-on-failover; } static-framed-route; subscriber-group name { control-plane-managed-mode { preferred-user-plane-name preferred-user-plane-name; redundancy-interface name { logical-ports logical-ports; } } user-plane-managed-mode { redundancy-interface name { logical-ports logical-ports; } } virtual-mac virtual-mac; } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } subscriber-management-helper { traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } } telnet { authentication-order(one-time-password | otp-md4 | password | radius | tacplus); connection-limit connections; rate-limit connections per minute; } tftp-server { connection-limit connections; rate-limit connections per minute; } web-management<controlmax-threads max-threads><https(local-certificate local-certificate | pki-local-certificate pki-local-certificate | system-generated-certificate)<interface [ interface ... ]><port port> namemtlsca-profile ca-profile nameport portpki-local-certificate pki-local-certificate><management-url management-url><session<idle-timeout minutes><session-limit session-limit>><traceoptions<file< filename><files files><match match><size size><(world-readable | no-world-readable)>> name<level(all | error | info | notice | verbose | warning)><no-remote-trace>> ; xnm-clear-text { connection-limit connections; rate-limit connections per minute; } xnm-ssl { connection-limit connections; local-certificate local-certificate; rate-limit connections per minute; (ssl-renegotiation | no-ssl-renegotiation); } }
Nivel jerárquico
[edit system]
Descripción
Configure el enrutador o conmutador para que los usuarios de sistemas remotos puedan acceder al enrutador o conmutador local a través del servidor DHCP, DTCP a través de SSH, finger, HTTPS saliente, rlogin, SSH, telnet, administración web, SSL de protocolo XML de Junos y utilidades de red, o permita que Junos OS funcione con el software de control de sesión y recursos (SRC). Además, habilite la configuración de aplicaciones de terceros desarrolladas con el kit de herramientas de extensión de Juniper (JET) para que se ejecuten en Junos OS.
A partir de Junos OS versión 22.2R1, hemos deshabilitado la función de reenvío SSH TCP de forma predeterminada para mejorar la seguridad. Para habilitar la característica de reenvío TCP SSH, puede configurar la allow-tcp-forwarding
instrucción en el nivel de jerarquía [edit system services ssh
]. Además, hemos dejado de usar las tcp-forwarding
instrucciones y no-tcp-forwarding
en el nivel de jerarquía [edit system services ssh
].
La opción de sistema services webapi
solo está disponible para dispositivos de la serie SRX. Para obtener más información, consulte la sección Información relacionada.
Las declaraciones restantes se explican por separado. Busque una instrucción en el Explorador de CLI o haga clic en una instrucción vinculada en la sección Sintaxis para obtener más información.
Nivel de privilegio requerido
system: para ver esta instrucción en la configuración.
system-control: para agregar esta instrucción a la configuración.
Información de la versión
Declaración introducida antes de Junos OS versión 7.4.
extension-service
opción agregada en Junos OS versión 16.1 para las series MX80, MX104, MX240, MX480, MX960, MX2010, MX2020 y vMX.
grpc
opción agregada en Junos OS versión 16.2 para las series MX80, MX104, MX240, MX480, MX960, MX2010, MX2020 y vMX.
allow-tcp-forwarding
añadido en Junos OS versión 22.2R1.