Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
external-header-nav
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Junos CLI Reference CLI Reference S

Junos CLI Reference

keyboard_arrow_up
close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

service-set (Services)

date_range 10-Jun-24
arrow_backward
arrow_forward

Syntax

content_copy zoom_out_map
service-set service-set-name {
    allow-multicast;
    captive-portal-content-delivery-profile;
    cos-options {
        match-rules-on-reverse-flow;
    }
    cos-rules [cos-rule-name];
    cos-rule-sets;
    extension-service service-name {
        provider-specific-rules-configuration;
    }
    flow;
    hcm-profile;
    ids-option;
    (ids-rules rule-name | ids-rule-sets rule-set-name);
    interface-service {
        load-balancing-options {
            hash-keys {
                egress-key (destination-ip | source-ip);
                ingress-key (destination-ip | source-ip);
            }
        }
        service-interface interface-name;
    }    ipsec-vpn-options {
        anti-replay-window-size bits;
        clear-dont-fragment-bit;
        ike-access-profile profile-name;
        local-gateway address;
        no-anti-replay;
        no-certificate-chain-in-ike;
        passive-mode-tunneling;
        trusted-ca [ ca-profile-names ];
        tunnel-mtu bytes;
        udp-encapsulation {
            <udp-dest-port destination-port>;
        }
    }
    ip-reassembly-rules rule-name};
    (ipsec-vpn-rules rule-name | ipsec-vpn-rule-sets rule-set-name);
        ipsec-vpn vpn1;
        jflow-log;
        lrf-profile;
    max-flows number;
    max-drop-flows {
        ingress ingress-flows;
        egress egress-flows;
    }
    max-session-setup-rate max-setup-rate;
    nat-options {
        land-attack-check (ip-only | ip-port);
        max-sessions-per-subscriber session-number;
        
        stateful-nat64 {
            clear-dont-fragment-bit;
        }
    }
    (nat-rules rule-name | nat-rule-sets rule-set-name);
    next-hop-service {
        inside-service-interface interface-name.unit-number;
        outside-service-interface interface-name.unit-number;
        outside-service-interface-type local;
        service-interface-pool name;
    }
        pcef-profile;pcp-rules rule-name;
    (pgcp-rules rule-name | pgcp-rule-sets rule-set-name);
    (ptsp-rules rule-name | ptsp-rule-sets rule-set-name); 
        redundancy-set-id;
        replicate-services;   
    service-set-options {
        bypass-traffic-on-exceeding-flow-limits;
        bypass-traffic-on-pic-failure;
        disable-session-open-syslog;
        enable-asymmetric-traffic-processing;
        header-integrity-check;
        routing-engine-services;
        static-subscriber-application; 
        subscriber-awareness; 
        support-uni-directional-traffic;
    }
    snmp-trap-thresholds {
        flows high high-threshold | low low-threshold;
        nat-address-port high-threshold | low low-threshold;
        }
    }
    softwire-options {
        dslite-ipv6-prefix-length dslite-ipv6-prefix-length;
    }
    (softwire-rules rule-name | softwire-rule-sets rule-set-name);
    (stateful-firewall-rules rule-name | stateful-firewall-rule-sets rule-set-name);
    syslog {
        host hostname {
            class {
                alg-logs;
                deterministic-nat-configuration-log;
                ids-logs;
                nat-logs;
                packet-logs;
                pcp-logs;
                session-logs <open | close>;
                stateful-firewall-logs ;
            }
            services severity-level;
            facility-override facility-name;
            interface-service prefix-value;
            port port-number;
            services severity-level;
        }
    }
    (web-filter-profile | url-filter-profile) profile-name;
}

Hierarchy Level

content_copy zoom_out_map
[edit services]

Description

Define the service set.

Note:

Use the web-filter-profile option starting in Junos OS Release 18.3R1 and use the url-filter-profile option in Junos OS Releases before 18.3R1.

Options

service-set-name—Name of the service set. You can include special characters, such as a forward slash (/), colon (:), or a period (.).

  • Range: Up to 64 alphanumeric characters.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

pgcp-rules and pgcp-rule-sets options added in Junos OS Release 8.4.

server-set-options option added in Junos OS Release 10.1.

ptsp-rules and ptsp-rule-sets options added in Junos OS Release 10.2.

softwire-rules and clear-rule-sets options added in Junos OS Release 10.4.

ip-reassembly-rules and outside-service-interface-type option added in Junos OS Release 13.1R1.

pcp-rules option added in Junos OS Release 13.2R1.

softwire-options option added in Junos OS Release 14.1.

subscriber-awareness option added in Junos OS Release 17.1R1.

url-filter-profile option added in Junos OS Release 17.2R1.

match-rules-on-reverse-flow option added in Junos OS Release 16.1R5 and 17.4R1.

no-certificate-chain-in-ike option added in Junos OS Release 18.2R1.

web-filter-profile option added in Junos OS Release 18.3R1, replacing the deprecated url-filter-profile option.

max-session-setup-rate option added in Junos OS Release 19.1R1, replacing the deprecated option max-session-creation rate, which was added in Junos OS Release 17.1R1.

Support added in Junos 20.2R1 for Next Gen Services NAT PT feature.

static-subscriber-application option added in Junos OS Release 21.2R1.

Related Documentation

arrow_backward PREVIOUS service-set-options (Next Gen Services Services)
NEXT arrow_forward service-set (Subscriber-Aware)
external-footer-nav