[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

System Configuration Statement Hierarchy

To configure system properties, use the following statements at the [edit system] hierarchy level. Statements exclusively for J-series and SRX-series devices running JUNOS software are shown in bold font and are documented in this chapter.

Shared JUNOS statements in the system hierarchy are shown in normal font and are documented in the JUNOS System Basics Configuration Guide and the JUNOS Network Interfaces Configuration Guide.

system {
accounting {
destination {
radius {
server {
server-address {
accounting-port port-number ;
retry number ;
secret password ;
source-address address ;
timeout seconds ;
}
}
}
tacplus {
server server-address {
port port-number ;
secret password ;
single-connection;
timeout seconds ;
}
}
}
events [login change-log interactive-commands];
traceoptions {
file filename <files number > <size maximum-file-size >
<world-readable | no-world-readable>;
flag flag ;
}
}
archival {
configuration {
archive-sites {
ftp://< username >:< password >@< host >:< port >/< url-path >;
scp: // < username >:< password >@< host >:< port >/< url-path >;
}
transfer-interval interval ;
transfer-on-commit;
}
}
arp {
aging-timer minutes;
passive-learning;
}
authentication-order [ authentication-methods ];
autoinstallation {
configuration-servers url {
password password ;
}
interfaces interface-name {
bootp;
rarp;
slarp;
}
}
backup-router address <destination destination-address>;
building name;
commit synchronize;
(compress-configuration-files | no-compression-configuration-files);
default-address-selection;
diag-port-authentication (encrypted-password "password" | plain-text-password);
domain-name domain-name ;
domain-search [ domain-list ];
dump-device {
boot-device;
compact-flash;
removable-compact-flash;
usb;
}
encrypt-configuration-files;
host-name hostname;
inet6-backup-router address <destination destination-address >;
internet-options address <destination destination-address >;
internet-options {
(gre-path-mtu-discovery | no-gre-path-mtu-discovery);
icmpv4-rate-limit {
bucket-size seconds ;
packet-rate packet-rate ;
}
icmpv6-rate-limit {
bucket-size seconds ;
packet-rate packet-rate ;
}
(ipip-path-mtu-discovery | no-ipip-path-mtu-discovery);
no-tcp-rfc1323;
no-tcp-rfc1323-paws;
(path-mtu-discovery | no-path-mtu-discovery);
source-quench;
source-port upper-limit < upper-limit >;
(source-quench | no-source-quench);
tcp-drop-synfin-set;
}
location {
altitude feet ;
building name ;
country-code code ;
floor number ;
hcoord horizontal-coordinate ;
lata service-area ;
latitude degrees ;
longitude degrees ;
npa-nxx number ;
postal-code postal-code ;
rack number ;
vcoord vertical-coordinate ;
}
login {
announcement text ;
class class-name {
allow-commands " regular-expression ";
allow-configuration " regular-expression ";
deny-commands " regular-expression ";
deny-configuration " regular-expression ";
idle-timeout minutes ;
login-alarms;
login-tip;
permissions [ permissions ];
}
message text ;
password {
change-type (set-transitions | character-set);
format (md5 | sha1 | des);
maximum-length length;
minimum-changes number;
minimum-length length;
}
user username {
authentication {
(encrypted-password “password”" | plain-text-password);
ssh-dsa " public-key ";
ssh-rsa " public-key ";
}
class class-name ;
full-name complete-name ;
uid uid-value ;
}
retry-options {
backoff-threshold number ;
backoff-factor seconds ;
minimum-time seconds ;
tries-before-disconnect number ;
}
}
max-configurations-on-flash number ;
mirror-flash-on-disk;
name-server ip-address ;
no-compress-configuration-files;
no-multicast-echo;
no-redirects;
no-saved-core-context;
ntp {
authentication-key key-number type type value password ;
boot-server (NTP) address ;
broadcast < address > <key key-number > <version value > <ttl value >;
broadcast-client;
multicast-client < address >;
peer address <key key-number > <version value > <prefer>;
server address <key key-number > <version value > <prefer>;
source-address source-address ;
trusted-key [ key-numbers ];
}
pic-console-authentication {
encrypted-password encrypted-password ;
plain-text-password;
}
ports {
auxiliary {
disable;
insecure;
type terminal-type ;
}
console {
disable;
insecure;
log-out-on-disconnect;
type terminal-type ;
}
}
processes {
audit-process;
bootp;
chassis-control (enable | disable) failover failover-option;
class-of-service (enable | disable) failover failover-option;
craft-control (enable | disable) failover failover-option;
dfc-daemon;
dhcp (enable | disable) failover failover-option;
dialer-services;
disk-monitoring (enable | disable) failover failover-option;
ecc-error-logging (enable | disable) failover failover-option;
event-processing (enable | disable) failover failover-option;
firewall (enable | disable) failover failover-option;
firewall-authentication-service (enable | disable);
forwarding;
general-authentication-service {
(enable | disable);
traceoptions {
file filename {
files number;
match regular-expression;
size maximum-file-size;
<world-readable | no-world-readable>;
}
flag flag;
}
}
ilmi;
inet-process (enable | disable) failover failover-option;
init;
interface-control (enable | disable) failover failover-option;
isdn-signaling;
kernel-replication (enable | disable) failover failover-option;
l2ald-service;
l2tp-service (enable | disable) failover failover-option;
lacp;
link-management (enable | disable) failover failover-option;
logical-system-mux;
mib-process (enable | disable) failover failover-option;
named;
network-security (enable | disable);
ntp (enable | disable) failover failover-option;
periodic-packet-services;
pfe;
pgm (enable | disable) failover failover-option;
pic-services-logging (enable | disable) failover failover-option;
ppp;
pppoe (enable | disable) failover failover-option;
redundancy-device (enable | disable) failover failover-option;
remote-operations (enable | disable) failover failover-option;
routing (enable | disable) failover failover-option;
sampling (enable | disable) failover failover-option;
service-deployment (enable | disable) failover failover-option;
snmp (enable | disable) failover failover-option;
sonet-aps;
usb-control (enable | disable) failover failover-option;
vrrp;
watchdog (enable | disable) failover failover-option;
wan-acceleration {
(enable | disable);
traceoptions {
file filename {
files number;
match regular-expression;
size maximum-file-size;
<world-readable | no-world-readable>;
}
flag flag;
}
}
web-management (enable | disable) failover failover-option;
}
radius-options {
attributes {
nas-ip-address nas-ip-address ;
}
}
radius-server server-address {
accounting-port number ;
port number ;
retry number ;
secret password ;
source-address source-address ;
timeout seconds ;
}
root-authentication {
(encrypted-password " password " | plain-text-password);
ssh-dsa " public-key ";
ssh-rsa " public-key ";
}
(saved-core-context | no-saved-core-context);
saved-core-files number;
scripts {
commit {
allow-transients;
file filename .xsl {
optional;
refresh;
refresh-from url ;
source url ;
}
refresh;
refresh-from url ;
traceoptions {
file filename <files number > <size maximum-file-size >
<world-readable | no-world-readable>;
flag flag ;
}
}
load-scripts-from-flash;
op {
file filename .xsl {
arguments name {
description cli-help-text ;
}
command filename-alias ;
description cli-help-text ;
refresh;
refresh-from url ;
source url ;
}
refresh;
refresh-from url ;
traceoptions {
file filename <files number > <size maximum-file-size >;
flag flag ;
}
}
}
services {
dhcp {
boot-file filename ;
boot-server ( address | hostname );
domain-name domain-name ;
domain-search [ domain-list ];
default-lease-time seconds;
maximum-lease-time seconds;
name-server {
address ;
}
option {
[ ( id-number option-type option-value) | ( id-number array option-type
option-values ) ];
}
pool {
subnet-address ( address/netmask ) {
address-range {
high address;
low address;
}
exclude-address {
address ;
}
}
propagate-settings propagate-settings;
}
propagate-settings propagate-settings;
router {
address ;
}
static-binding MAC-address {
fixed-address {
address ;
}
host hostname ;
client-identifier (ascii client-id | hexadecimal client-id) ;
}
server-identifier address ;
wins-server {
address;
}
}
dns-proxy {
cache hostname inet ip-adress;
interface interface-name;
server-select name {
domain-name domain-name;
name-server ip-address;
}
traceoptions {
file filename {
<files number>;
<match regular-expression>;
<size maximum-file-size>;
<world-readable | no-world-readable>;
}
flag flag;
}
}
dynamic-dns {
client hostname {
agent agent-name;
interface interface-name;
password password;
server (dyndns | ddo);
username username;
}
}
finger {
<connection-limit limit >;
<rate-limit limit >;
}
ftp {
<connection-limit limit >;
<rate-limit limit >;
}
netconf {
ssh {
<connection-limit number> ;
<rate-limit number >;
}
}
outbound-ssh {
application-id application-id {
device-id device-id ;
ip-address {
port port-number ;
retry number ;
timeout value ;
}
keep-alive number ;
reconnect-strategy (in-order | sticky);
secret secret ;
services {
netconf;
}
}
traceoptions {
file filename {
<files number> ;
<match regular-expression >;
<size maximum-file-size >;
<world-readable | no-world-readable>;
}
flag flag ;
}
}
service-deployment {
local-certificate certificate-name ;
servers server-address {
port-number port-number ;
}
source-address source-address ;
traceoptions {
flag flag ;
}
}
ssh {
<connection-limit limit >;
protocol-version [v1 v2];
<rate-limit limit >;
root-login (allow | deny | deny-password);
}
telnet {
<connection-limit limit >;
<rate-limit limit >;
}
web-management {
http {
interface [ interface-name s];
port port ;
}
https {
interface [ interface-names ];
local-certificate name ;
pki-local-certificate name;
port port ;
system-generated-certificate;
}
session {
idle-timeout [ minutes ];
session-limit [ session-limit ];
}
}
xnm-clear-text {
connection-limit limit ;
rate-limit limit ;
}
xnm-ssl {
connection-limit limit ;
local-certificate name ;
rate-limit limit ;
}
}
static-host-mapping hostname {
alias [ alias ];
inet [ address ];
inet6 [address];
sysid system-identifier ;
}
syslog {
archive {
archive-sites url;
<files number >;
<size maximum-file-size >;
<world-readable | no-world-readable>;
}
console {
facility severity ;
}
file filename {
facility severity ;
explicit-priority;
match " regular-expression ";
archive {
files number ;
size maximum-file-size ;
start-time;
transfer-interval;
<world-readable | no-world-readable>;
}
}
host ( hostname | other-routing-engine | scc-master) {
any;
authorization;
change-log;
conflict-log;
daemon;
dfc;
external;
firewall;
ftp;
interactive-commands;
kernel;
pfe;
user;
explicit-priority;
facility-override facility ;
log-prefix string ;
match " regular-expression ";
}
source-address source-address {
archive;
console;
file;
host;
time-format;
user;
}
time-format (year | millisecond | year millisecond);
user ( username | *) {
match < regular-expression >;
}
}
tacplus-options service-name service-name ;
tacplus-server server-address {
port port-number;
secret password ;
single-connection;
source-address source-address ;
timeout seconds ;
}
time-zone (GMT hour-offset | time-zone );
}
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]