Juniper JUNOSE 11.3 Configuration Manual Download Page 455 | Manualshive

Page: 455 / 632

background image

Configuring Encryption

The embedded SSH server and external SSH client maintain separate lists of the
encryption algorithms that each supports. Lists are kept for inbound and outbound
algorithms. For the server:

•

Inbound means the algorithms that the server supports for information coming in from
a client.

•

Outbound means the algorithms that the server supports for information it sends out
to a client.

You must configure each list separately. By default, all of the supported encryption
algorithms are available. You need to configure encryption only if you need to specifically
remove or add any supported algorithm from the list. Refer to your SSH client
documentation for details on configuring encryption on your client. The system supports
the following SSH algorithms for encryption:

•

3des-cbc—A triple DES block cipher with 8-byte blocks and 24 bytes of key data. The
first 8 bytes of the key data are used for the first encryption, the next 8 bytes for the
decryption, and the following 8 bytes for the final encryption.

•

blowfish-cbc—A block cipher with 8-byte blocks and 128-bit keys that provides strong
encryption and is faster than DES.

•

twofish-cbc—A block cipher with 16-byte blocks and 256-bit keys that is stronger and
faster than Blowfish encryption.

Although it is not recommended, you can also specify

none

. In this case, the system does

not perform encryption.

ip ssh crypto

Use to add an encryption algorithm to the specified support list for the SSH server.

•

Example 1—This example adds the blowfish-cbc algorithm to the list of supported
inbound algorithms.

host1(config)#

ip ssh crypto client-to-server blowfish-cbc

Example 2—This example removes the 3des-cbc algorithm from the list of supported
outbound algorithms.

host1(config)#

ip ssh crypto server-to-client no 3des-cbc

•

The

default

version restores the specified list to the factory default, which includes all

supported algorithms (3des-cbc, twofish-cbc, and blowfish-cbc). The default list does
not include the none option.

Example

host1(config)#

ip ssh crypto server-to-client default 3des-cbc

•

If you do not specify a direction (client-to-server or server-to-client), the command
applies the algorithm to both inbound and outbound lists.

425

Copyright © 2010, Juniper Networks, Inc.

Chapter 7: Passwords and Security

«
...
453
454
455
456
457
...
»

Summary of Contents for JUNOSE 11.3

Page 1: ...JunosE Software for E Series Broadband Services Routers System Basics Configuration Guide Release 11 3 x Published 2010 10 04 Copyright 2010 Juniper Networks Inc...

Page 2: ...S Patent Nos 5 473 599 5 905 725 5 909 440 6 192 051 6 333 650 6 359 479 6 406 312 6 429 706 6 459 579 6 493 347 6 538 518 6 538 899 6 552 918 6 567 902 6 578 186 and 6 590 785 JunosE Software for E S...

Page 3: ...re physically contained on a single chassis c Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s us...

Page 4: ...ATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort inclu...

Page 5: ...ree years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http...

Page 6: ...Copyright 2010 Juniper Networks Inc vi...

Page 7: ...37 Chapter 5 Managing the System 239 Chapter 6 Managing Modules 341 Chapter 7 Passwords and Security 403 Chapter 8 Writing CLI Macros 459 Chapter 9 Booting the System 495 Chapter 10 Configuring the Sy...

Page 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 3 x System Basics Configuration Guide...

Page 9: ...h 6 Line Modules I O Modules and IOAs 7 Interfaces 8 Subinterfaces 8 interface Command 8 General Configuration Tasks 9 Configuring Virtual Routers 9 Configuring IPSec 10 Configuring Physical Layer Int...

Page 10: ...ted Commands 31 The Key 31 Backspace or Delete 31 Enter 31 Tab 32 Arrow Keys 32 The no Version 32 run and do Commands 33 show Commands 34 Redirection of show Command Output 38 Regular Expressions 39 T...

Page 11: ...Line Editing Keys 63 Command History Keys 65 Pagination Keys 65 Accessing Command Modes 66 Exec Modes 79 Password Protection 80 Global Configuration Mode 81 Executing a Script File 81 AAA Profile Con...

Page 12: ...onfiguration Mode 101 Policy Parameter Configuration Mode 101 PPPoE Service Name Table Configuration Mode 101 Profile Configuration Mode 102 QoS Interface Set Configuration Mode 102 QoS Interface Supe...

Page 13: ...123 Installing Software When a Firewall Does Not Exist 124 Installing Software in Normal Operational Mode 124 Task 1 Obtain the Required Information 124 Task 2 Divert Network Traffic to Another Route...

Page 14: ...and Reenabling SNMP Proxy 143 Communicating with the SNMP Engine 144 SNMP Attributes 145 SNMP Operations 145 SNMP PDU Types 146 Platform Considerations 146 References 147 Before You Configure SNMP 147...

Page 15: ...g Collection Statistics 193 Understanding Schemas 203 If Stats Schema Objects 204 IGMP Schema Objects 205 Policy Schema Objects 206 QoS Schema Objects 207 Configuring Schemas 209 Mapping Bulkstats Out...

Page 16: ...ace 269 Setting the Console Speed 269 Configuring the Display Terminal 270 Specifying the Character Set 270 Configuring Login Conditions 271 Setting Time Limits for User Login 271 Setting Time Limits...

Page 17: ...ng IP Prefix Reachability 318 Gathering Information for Customer Support 319 Managing and Monitoring Resources 320 Enabling and Disabling the Resource Threshold Monitor 320 Viewing Resource Threshold...

Page 18: ...es 369 Disabling Autosynchronization 369 Validating and Recovering Redundant SRP File Integrity 370 Reformatting the Primary Flash Card 373 Copying the Image on the Primary SRP Module 374 Scanning Fla...

Page 19: ...Key Management 422 Host Key Management 422 Performance 423 Security Concerns 424 Before You Configure SSH 424 SSH Configuration Tasks 424 Configuring Encryption 425 Configuring User Authentication 426...

Page 20: ...465 Operators 465 Assignment 468 Increment and Decrement 468 String Operations 469 Extraction Operations 469 Arithmetic Operations 470 Relational Operations 470 Logical Operations 470 Miscellaneous Op...

Page 21: ...Considerations 510 References 510 Setting the System Clock Manually 511 Before You Configure NTP 512 Choosing NTP Servers 513 NTP Configuration Tasks 513 Enabling NTP Services 513 NTP Client Configura...

Page 22: ...eviations and Acronyms 537 Appendix B References 559 RFCs 559 Draft RFCs 574 Other Software Standards 577 Hardware Standards 580 Part 3 Index Index 585 Copyright 2010 Juniper Networks Inc xxii JunosE...

Page 23: ...nterface Design 19 Figure 14 Structure of ATM Protocol 19 Figure 15 ATM Interface Configuration Parameters 19 Figure 16 IP PPP Connections from the CPE on an E Series Router 20 Figure 17 Structure of...

Page 24: ...Copyright 2010 Juniper Networks Inc xxiv JunosE 11 3 x System Basics Configuration Guide...

Page 25: ...ftware Installation Procedure When a Firewall Does Not Exist 124 Table 14 Software Installation Procedure in Boot Mode 128 Table 15 Release Compatibility 133 Chapter 4 Configuring SNMP 137 Table 16 SN...

Page 26: ...Modules for Line Rate Performance SRP 10G Module in an ERX1410 Router 362 Table 43 Combinations of Line Modules for Line Rate Performance SRP 5G Module in an ERX705 Router 362 Table 44 Supported Line...

Page 27: ...information in the latest release notes differs from the information in the documentation follow the JunosE Release Notes To obtain the most current version of all Juniper Networks technical document...

Page 28: ...ffic class low loss1 Represents text that the user must type Bold text like this host1 show ip ospf 2 Routing Process OSPF 2 with Router ID 5 5 0 250 Router is an Area Border Router ABR Represents inf...

Page 29: ...n CD ROMs or DVD ROMs see the Portable Libraries page at http www juniper net techpubs resources index html Copies of the Management Information Bases MIBs for a particular software release are availa...

Page 30: ...uniper net techpubs Find solutions and answer questions using our Knowledge Base http kb juniper net Download the latest versions of software and review release notes http www juniper net customers cs...

Page 31: ...age 117 Configuring SNMP on page 137 Managing the System on page 239 Managing Modules on page 341 Passwords and Security on page 403 Writing CLI Macros on page 459 Booting the System on page 495 Confi...

Page 32: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 3 x System Basics Configuration Guide...

Page 33: ...odules I O Modules and IOAs on page 7 Interfaces on page 8 General Configuration Tasks on page 9 Configuring Virtual Routers on page 9 Configuring IPSec on page 10 Configuring Physical Layer Interface...

Page 34: ...face on slot 5 adapter 0 port 0 of an E320 router host1 config interface atm 5 0 0 For more information about supported interface types and specifiers on E Series routers see Interface Types and Speci...

Page 35: ...on The router supports Broadband Remote Access Server B RAS applications as shown in Figure 2 on page 6 In this application the router handles the aggregated output from the digital subscriber line ac...

Page 36: ...keep the traffic logically separate and to direct packets to different destinations As shown in Figure 2 on page 6 the packets can be directed to a CLEC ISP corporate VPN or the Internet A large numb...

Page 37: ...e On the E120 and E320 routers a single line module pairs with all available IOAs I O modules and IOAs provide the input and output connections from the network to the router Line modules connect to t...

Page 38: ...ured IP to run over ATM and you want to reconfigure the interface to run IP over PPP over ATM you must first remove the IP interface apply PPP and then reapply IP Subinterfaces A subinterface is a mec...

Page 39: ...nnelized T3 OCx STMx and HDLC data channels over which the higher layer protocols run 8 Configure the data link layer protocols such as Frame Relay PPP and ATM that run over these physical interfaces...

Page 40: ...capsulating Security Payload ESP provides confidentiality and authentication functions to every data packet Authentication header AH provides authentication to every data packet For information about...

Page 41: ...either network ingress or network egress Figure 4 E Series Router Support for Fractional T1 E1 Through T3 E3 Interfaces As shown in Figure 4 on page 11 the router can support fractional full and chan...

Page 42: ...onfiguring Channelized T3 Interfaces There12 T3 controllers available on each CT3 12 F0 line module When you configure these T3 controllers you are actually configuring T3 DS3 lines Each T3 controller...

Page 43: ...llowing wide area network WAN protocol encapsulations IP over PPP IP over ATM IP over PPP over ATM IP over PPP over PPPoE over ATM IP over Frame Relay Figure 6 on page 13 shows sample configuration pa...

Page 44: ...osE Link Layer Configuration Guide for details host1 config interface pos 0 1 host1 config if encapsulation ppp host1 config if clock source internal module host1 config if loopback line host1 config...

Page 45: ...subinterfaces Ethernet modules use the Address Resolution Protocol ARP to obtain MAC addresses for outgoing Ethernet frames and support quality of service QoS classification See JunosE Physical Layer...

Page 46: ...l Service Interfaces You can configure both dynamic tunnels associated with L2TP and static IP tunnels on your E Series router however you must first install a Service Module SM Dynamic tunnels which...

Page 47: ...the physical layer can be channelized E1 E3 channelized T1 T3 or a fractional service as supported by the different line module ports The HDLC layer is on top of the physical layer and can support fl...

Page 48: ...st1 config if interface serial 0 1 1 5 1 host1 config subif frame relay interface dlci 17 ietf host1 config subif ip address 192 32 10 2 255 255 255 0 Configuring IP ATM The router supports IP over AT...

Page 49: ...ture of the ATM protocols The physical layer SONET and or DSx Ex is the foundation and provider of layer 1 framing service The ATM layer is on top and provides cell circuit and OAM services The AAL5 l...

Page 50: ...o transmit traffic in PPP format to other network devices Figure 16 on page 20 shows that the router supports the incoming IP PPP traffic from the CPE This traffic can then be routed to the uplink s a...

Page 51: ...st and address response messages with peer network devices The E Series router Cisco HDLC is compatible with the Cisco Systems Cisco HDLC protocol the default protocol for all Cisco serial interfaces...

Page 52: ...s control how traffic travels through the network Configuring Shared Interfaces and Subscriber Interfaces A shared IP interface is one of a group of IP interfaces that use the same layer 2 interface S...

Page 53: ...networks and is an extension of the original IS IS protocol which provides routing for pure Open Systems Interconnection OSI environments This link state protocol builds a complete and consistent pic...

Page 54: ...4 and IS IS routing tables Route maps Modify the characteristics of a route generally to set its metric or to specify additional attributes as it is transmitted or accepted by a router Route maps can...

Page 55: ...below the physical line rate of the port and sets limits on packet flows RADIUS policy support Allows you to attached a preconfigured policy to an interface through RADIUS See JunosE Policy Managemen...

Page 56: ...n which the router provides IP addresses to subscribers computers through Dynamic Host Configuration Protocol DHCP This method is particularly convenient for broadband cable and DSL environments or en...

Page 57: ...onnectivity and the router hardware Managing your router using the CLI gives you access to thousands of commands The router s CLI uses an industry de facto standard look and feel which might be famili...

Page 58: ...he JunosE Command Reference Guide to find related command modes for any command Figure 21 Command Mode Architecture Command Line Prompts Within the CLI the command line prompt identifies both the host...

Page 59: ...if the keyword you want to specify is map class and you enter only map an error appears The error indicates that one or more possible keywords begin with map thus making your entry ambiguous Paramete...

Page 60: ...new hostname appears in the prompt Another example is a command that requires you to enter a number from within a given range The command ip http port requires that a value be entered for the portNum...

Page 61: ...irst protocol OSPF ripConfigure the Routing Information Protocol host1 config router When you enter the character all available choices are displayed The router again displays the command you typed Yo...

Page 62: ...on of using the default keyword whenever the no keyword is also a choice simply enter the keyword default instead of no In most cases when you execute the default version of a command it produces the...

Page 63: ...way you can obtain show command information without leaving configuration mode The only commands that cannot be preceded by run or do are the configure command and those commands that are already ava...

Page 64: ...ain the text string or regular expression and excludes lines that do not contain the text string or regular expression exclude Displays output lines that do not contain the text string or regular expr...

Page 65: ...ck line atm uni version 3 0 atm oam loopback location 0xFFFFFFFF atm vc per vp 32768 atm vp tunnel 1 10 load interval 300 no atm snmp trap link status no atm shutdown no atm aal5 snmp trap link status...

Page 66: ...rsubscription ip domain lookup ip name server 10 2 0 3 ip domain name 789df interface ip 0 0 interface ip 2 0 interface ip s10 ip address 10 13 5 61 255 255 255 0 no ip proxy arp no ip directed broadc...

Page 67: ...ow delta counts clock timezone UTC 0 0 no exception dump exception protocol ftp anonymous null controller sonet 2 0 sdh loopback network clock source line no shutdown path 0 overhead j1 msg hello path...

Page 68: ...ion Appends output to the end of the specified file and displays the output to the screen The redirection is synchronized with the screen display for example if a More prompt appears the redirection h...

Page 69: ...ginning of the input string Alternatively when used as the first character within brackets matches any number except the ones specified within the brackets Matches the end of the input string Matches...

Page 70: ...cters and a text string Displays all output lines that contain the text string plus Displays all output lines that do not contain the text string minus Displays all output lines starting at the first...

Page 71: ...only lines that contain the string ip host1 show config include defaults Configuration script being generated on FRI AUG 04 2006 12 48 48 UTC Juniper Edge Routing Switch ERX 700 Version 7 3 0 beta 1 6...

Page 72: ...forces the system to filter out all comments from the remainder of the output that is output lines that contain the string The system displays only lines that do not contain the string host1 show conf...

Page 73: ...Dampening log verbosity low bgpEng1 More Responding to Prompts For some actions the system prompts you for a response The acceptable default responses are the following You can press y or Enter to agr...

Page 74: ...that does not finish within the expected completion time This type of status indicator is supported for the file system synchronization application and the file copy application The progress indicato...

Page 75: ...not completed initialization The show version command can be used to display line module status Do not enter commands for a line module until its state is online Platform Considerations The CLI is su...

Page 76: ...ress Enter To use a name your network must have a name server For example for Microsoft Windows NT enter telnet 192 168 1 13 or telnet westford2 You are connected to your E Series router when the foll...

Page 77: ...ed with one Refer to the enable secret and enable password Global Configuration commands described in Managing the System on page 239 2 Type your password and press Enter Password Enter host1 You can...

Page 78: ...to a lower Privileged Exec mode follow the disable command with an access level value For example host1 show privilege Privilege level is 10 host1 disable 5 host1 show privilege Privilege level is 5...

Page 79: ...group has access to all commands in all privilege groups with a lower number than the specific group A privilege group is reachable from another privilege group when it is a member of that privilege...

Page 80: ...1 host1 config privilege group membership 15 add 10 In Example 1 Privilege group 11 does not contain any privilege groups Privilege group 15 contains group 10 Therefore privilege group 10 and all grou...

Page 81: ...1 config privilege group membership 8 add 14 In Example 5 Privilege group 9 contains no privilege groups Privilege group 8 contains group 14 Privilege group 7 contains group 1 Example 6 host1 config p...

Page 82: ...contains 14 14 contains 13 13 contains 12 and so forth Privilege group 0 is reachable from every privilege group Example 10 host1 config no privilege group membership 7 In this example one privilege g...

Page 83: ...width Example 2 host1 config privilege exec all level 5 terminal Use the all keyword to change the privilege level of groups of commands For more information see Setting Privilege Levels for Multiple...

Page 84: ...mbers from a privilege group Example host1 config if privilege group membership clear There is no no version See privilege group membership clear CLI Command Exceptions Changing command privilege leve...

Page 85: ...privileged command that start with the letter t host1 config privilege exec level 12 t The list of affected commands includes telnet terminal test and traceroute The following example changes all the...

Page 86: ...you can access from a specified mode If the command specified in the privilege command changes the configuration mode all commands in the configuration will also be set to the specified privilege lev...

Page 87: ...e privilege level of Global Configuration mode takes precedence and the privilege levels of the other commands are rendered ineffective Users can access all snmp commands at level 5 or higher host1 sh...

Page 88: ...nes is 1 However you can use the privilege level command in Line Configuration mode to set the default login privilege for the console line or any number of vty lines To change the default privilege l...

Page 89: ...Connected Users Use the show users detail command to view the privilege levels for all users currently connected to the router See Monitoring the FTP Server on page 298 for information about the show...

Page 90: ...able in all command modes help Lists the keywords that begin with a certain character string partial keyword Completes the partial keyword you entered if you have provided an unambiguous abbreviation...

Page 91: ...ftp server Configure FTP Server characteristics help Describe the interactive help system host Add modify an entry to the host table hostname Set the host system name interface Enter Interface Configu...

Page 92: ...nfigure http server local Local IP address assignment multicast routing Enable IP multicast forwarding name server Configure DNS server pim Configure PIM Protocol prefix list Configure a prefix list e...

Page 93: ...press Tab and your terminal beeps then you have not typed enough characters to be unambiguous host1 config int Tab host1 config interface Using Command Line Editing This section provides information a...

Page 94: ...e session appears frozen or unresponsive Ctrl q Suspends a Telnet or console session Ctrl s Transposes character to left of cursor with character located at cursor Ctrl t Deletes entire command line C...

Page 95: ...row keys functions only on ANSI compatible terminals such as VT100s Table 8 Command History Keys Function Key Recalls commands in history buffer starting with most recent command Repeat key sequence t...

Page 96: ...mode use aaa profile command Prompt host1 config aaa profile Configure new AAA profiles AAA Profile Configuration Use the exit command twice to return to Global Configuration mode Press Ctrl z to ret...

Page 97: ...to return to Exec mode From Rate Limit Profile Configuration Mode use the color mark profile command and identify the interface type IP IPv6 MPLS Prompt host1 config color mark profile Configure pack...

Page 98: ...ion mode Press Ctrl z to return to Exec mode From Global Configuration mode use the drop profile command Prompt host1 config drop profile Configure drop profiles Drop Profile Configuration Use the exi...

Page 99: ...ion trees MDTs IP PIM Data MDT Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use the ip service prof...

Page 100: ...ed for a digital certificate IPSec Peer Public Key Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use...

Page 101: ...on profile command Prompt host1 config l2tp dest profile Define the location of an LAC L2TP Destination Profile Configuration Use the exit command twice to return to Global Configuration mode Press Ct...

Page 102: ...xec mode From the IPSec Transport Profile Configuration mode use the local ip address command Prompt host1 config ipsec transport profile local Configure preshared IKE keys for L2TP over IPSec profile...

Page 103: ...fig policy l ist parent group Configure an internal parent group in a hierarchy Policy List Parent Group Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to...

Page 104: ...tion mode Press Ctrl z to return to Exec mode From Global Configuration mode use the qos parameter define command Prompt host1 config qos parameter define Configure QoS parameter definitions QoS Param...

Page 105: ...obal Configuration mode use the l2tp rate limit profile command Prompt host1 config rate limit profile Configure an IP or L2TP rate limit parameters Rate Limit Profile Configuration Use the exit comma...

Page 106: ...onfiguration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec menu From Global Configuration mode use the scheduler profile command Prompt host1 config s...

Page 107: ...c name of the subscriber policy Prompt host1 config policy Configure a nondefault subscriber policy for a subscriber client bridge group interface Subscriber Policy Configuration Use the exit command...

Page 108: ...slot port location of the dynamic tunnel server port Prompt host1 config tunnel server Configure the maximum number of tunnel service interfaces for a dynamic tunnel server port Tunnel Server Configu...

Page 109: ...to its default s dir Display a list of local files disable Reduce the command privilege level enable Enable access to privileged commands erase Erase configuration settings exit Exit from the current...

Page 110: ...lete a local file dir Display a list of local files disable Reduce the command privilege level disconnect Disconnect remote CLI session enable Enable access to privileged commands exit Exit from the c...

Page 111: ...Configuration Mode Within Global Configuration mode you can Apply features globally to a router Enable a feature or function Disable a feature or function Configure a feature or function Access all C...

Page 112: ...specified duration translate Configure the translation map for domain name Address Family Configuration Mode From this mode you can configure address family parameters for BGP VPN services or RIP VPN...

Page 113: ...r Configure the Unspecified Bit Rate UBR service class vbr nrt Configure the Variable Bit Rate Non Real Time VBR nrt service class vbr rt Configure the Variable Bit Rate Real Time VBR rt service class...

Page 114: ...ctive help system log Configure logging settings macro Run a CLI macro mark Create a set TOS byte policy next hop Create a next hop policy next interface Create a next interface policy no Negate a com...

Page 115: ...command alias command do sleep Make the Command Interface pause for a specified duration Controller Configuration Mode You can configure physical interfaces such as a T3 in Controller Configuration mo...

Page 116: ...nfig aaa domain map charlie76 host1 config domain map address pool name Configure the address pool name for the domain name atm Configure ATM parameters default Set a command to its default s do Run a...

Page 117: ...rotection Group Configuration Mode In this mode you can configure parameters for Denial of Service DoS protection groups From Global Configuration mode type the dos protection group command and press...

Page 118: ...cify the index of the entry to be added or edited list List part or all of the entries in current explicit path log Configure logging settings macro Run a CLI macro next address Configure an IP addres...

Page 119: ...ce serial Serial interface tunnel Tunnel interface Some Interface Configuration commands can affect general interface parameters such as bandwidth and clock rate For interface specific commands such a...

Page 120: ...ause for a specified duration tunnel Configure tunnel parameters IP Service Profile Configuration Mode In this mode you can specify the information that the system uses in creating IP service profiles...

Page 121: ...command alias command run domain name Domain name exit Exit from the current command mode help Describe the interactive help system log Configure logging settings macro Run a CLI macro no Negate a co...

Page 122: ...you can configure the ISAKMP IKE public key that a remote peer uses for RSA authentication during the tunnel establishment phase without the need for a digital certificate From Global Configuration m...

Page 123: ...an exec mode command alias command run domain suffix Configure a domain suffix to be appended to users on this profile exit Exit from the current command mode extended authentication Configure extend...

Page 124: ...e for a specified duration tunnel Configure a tunnel parameter IPv6 Local Pool Configuration Mode In this mode you can specify the IPv6 local address pool from which prefixes are allocated to the requ...

Page 125: ...he destination is necessary to enable an LAC to connect to the LNS From Global Configuration mode type l2tp destination profile the profileName an ipAddress and press Enter host1 config l2tp destinati...

Page 126: ...tp tunnel switch profile avp Configure AVP behavior default Set a command to its default s do Run an exec mode command alias command run exit Exit from the current command mode help Describe the inter...

Page 127: ...p interface profile and the profileName and press Enter host1 config mpls ldp interface profile shell host1 config ldp default Set a command to its default s do Run an exec mode command alias command...

Page 128: ...Privileges on page 49 Local IPSec Transport Profile Configuration In this mode you can configure preshared IKE keys for IPSec transport profiles From the IPSec Transport Profile Configuration mode typ...

Page 129: ...and the mapClassName you want to configure and press Enter host1 config map class frame relay testmapclass host1 config map class default Set a command to its default s do Run an exec mode command al...

Page 130: ...rules that you can attach to an interface You can modify a policy list and update it wherever the policy list is used in the configuration To create a policy list from Global Configuration mode type...

Page 131: ...figure a policy parameter From Global Configuration mode type the policy parameter command and specify a policyParameterType the hierarchical keyword and press Enter host1 config policy parameter para...

Page 132: ...and mode help Describe the interactive help system ip Configure IP characteristics l2tp Configure L2TP characteristics log Configure logging settings macro Run a CLI macro no Negate a command or set i...

Page 133: ...o sleep Make the Command Interface pause for a specified duration QoS Parameter Definition Configuration Mode In this mode you can configure QoS parameter definitions From Global Configuration mode ty...

Page 134: ...cked VLAN subinterface vlan VLAN subinterface QoS Shared Shaper Control Configuration In this mode you can configure variables within the simple shared shaper algorithm to control the minimum dynamic...

Page 135: ...mmand do sleep Make the Command Interface pause for a specified duration RADIUS Configuration Mode In this mode you can configure various parameters of your RADIUS authentication accounting and dynami...

Page 136: ...applied to the ingress or egress of an interface To create a hierarchical rate limit profile for an IP interface from Global Configuration mode type rate limit profile and a profileName and add the ke...

Page 137: ...t Multicast PIM and Open Shortest Path First OSPF From Global Configuration mode type either router rip router pim or router ospf and the processID Press Enter You are now in Router Configuration mode...

Page 138: ...guration mode aggregate address Create an aggregate entry in BGP routing table auto summary Automatic summarization of redistributed routes to their natural network masks bgp Configure BGP default Set...

Page 139: ...mmand Interface pause for a specified duration RTR Configuration Mode In this mode you can configure Response Time Reporter RTR parameters The RTR feature allows you to monitor your network s performa...

Page 140: ...Set the relative weight of the node or queue Service Session Profile Configuration Mode In this mode you can set and modify Service Manager service session profile attributes such as time volume and...

Page 141: ...g a conformed drop event default Set a command to its default s do Run an exec mode command alias command run exceeded drop threshold Set threshold for logging an exceeded drop event exit Exit from th...

Page 142: ...y relearn Modify relearn policy run Run an exec mode command alias command do sleep Make the Command Interface pause for a specified duration unicast Modify user to user Unicast policy unknown destina...

Page 143: ...fig aaa tunnel group storm host1 config tunnel group default Set a command to its default s do Run an exec mode command alias command run exit Exit from the current command mode help Describe the inte...

Page 144: ...settings macro Run a CLI macro no Negate a command or set its default s run Run an exec mode command alias command do sleep Make the Command Interface pause for a specified duration tunnel Configure...

Page 145: ...Make the Command Interface pause for a specified duration VR Group Configuration Mode In this mode you can add up to four virtual routers to the virtual router group The accounting servers of the vir...

Page 146: ...Copyright 2010 Juniper Networks Inc 116 JunosE 11 3 x System Basics Configuration Guide...

Page 147: ...One Router to Another on page 130 Upgrading Systems That Are Operating with Two SRP Modules on page 131 Upgrading JunosE Software on page 133 Downgrading JunosE Software on page 135 Overview If the r...

Page 148: ...unosE release 2 Contains the release file for the E120 and E320 Broadband Services Routers the MIB directory and the Release Notes You can also download a compressed version of the software release by...

Page 149: ...mand line interface CLI You can access the CLI through either the local console or a Telnet session If you have not yet configured the router to support Telnet then you must use the local console To i...

Page 150: ...sk 4 Configure IP on an Interface Typically you configure IP on the Fast Ethernet interface of the SRP module To configure IP on an interface 1 Determine the slot number of the module host1 show versi...

Page 151: ...computer you use the operating system and the network configuration To find out how to mount the release files on the network host review the manual for the operating system or contact your network ad...

Page 152: ...command host1 config ftp server enable Task 8 Identify the Files to Transfer To identify all the files for the release use a text editor to open the software release rel file on the JunosE Software C...

Page 153: ...ig 2 Run the boot system command specifying the rel filename of the software release For example host1 config boot system erx_x y z rel The following message appears when you issue this command WARNIN...

Page 154: ...he CLI through either the local console or a Telnet session If you have not yet configured the router to support Telnet then you must use the local console To install the software perform the followin...

Page 155: ...ther the interface already has an IP address On ERX7xx models ERX14xx models and the ERX310 router host1 show ip interface fastEthernet 6 0 On the E120 and E320 routers host1 show ip interface fastEth...

Page 156: ...how host If the network host is listed go to Step 8 Otherwise proceed with Step 6 6 Add an entry to the Static Host Table so that the router can access the network host Use the host command to specify...

Page 157: ...current configuration use the copy running configuration command host1 copy running configuration filename cnf Task 9 Reboot the System To reboot the system using the newly installed software 1 Access...

Page 158: ...k traffic to another router 3 Access the Boot mode 4 Assign an IP address to the router 5 Configure access to the network host 6 Reset the SRP module 7 Copy the release files to the network host 8 Cop...

Page 159: ...me password Use the host command to specify the network host name and IP address Task 6 Resetting the SRP Module To ensure that the IP addresses are properly activated you must reset the SRP module To...

Page 160: ...different release of software 2 Run the reload command boot reload The following message appears when you issue this command WARNING Execution of this command will cause the system to reboot Proceed...

Page 161: ...operating with an earlier software release Each SRP module keeps the system operational while you upgrade the software on the other so that you can minimize service interruption CAUTION You must upgra...

Page 162: ...s configured to run differs from the software release it is running CAUTION The secondary SRP module does not run the new software until it reboots If you issue the srp switch command or the primary S...

Page 163: ...ered releases you must first install Release 5 1 2 or the highest numbered 5 x x release This enables the system to support application images greater than 172 MB For example you cannot go from Releas...

Page 164: ...that contains two SRP modules 1 Connect your antistatic wrist strap to the ESD grounding jack on your router 2 Turn off autosynchronization host1 enable host1 configure Configuring from terminal or fi...

Page 165: ...and can be installed Downgrading JunosE Software Downgrading JunosE Software requires factory defaults installed on the router and can cause NVS and configuration script incompatibilities CAUTION We d...

Page 166: ...Copyright 2010 Juniper Networks Inc 136 JunosE 11 3 x System Basics Configuration Guide...

Page 167: ...network devices such as your E Series router The goal of SNMP is to simplify network management in two ways By defining a single management protocol that can be used to manage any network device from...

Page 168: ...implyamanager a device that executes management applications that monitor and control network elements client A logical group of SNMP managed devices and clients in the same administrative domain comm...

Page 169: ...v1 SNMPv2c and SNMPv3 protocols Enhanced security and management features supported in SNMPv3 Traps for alarm and state change events Bulk data collection and retrieval Management of virtual routers S...

Page 170: ...ata representation across many vendors networking products Juniper Networks E Series Enterprise MIBs An enterprise MIB is defined by a single vendor In addition to providing consistency of management...

Page 171: ...ed the device to allow the interaction Messages are received promptly users cannot save messages and replay them to alter content This feature prevents users from sabotaging SNMP configurations and op...

Page 172: ...tandard and enterprise MIBs used to configure SNMP operation nothing Excludes all MIBs mirrorAdmin Includes the packetMirror MIB User An individual who requires access to the router The router may pro...

Page 173: ...uter specific data is required the requestor can direct a request to a particular server for a virtual router through the base community string extension for example SNMP get public megaRouter NOTE In...

Page 174: ...terprise number 1 4 Indicates that octets 6 15 contain information determined by the E Series router 5 The MAC address for the device For E120 and E320 routers the MAC address is a unique ID based on...

Page 175: ...ned SNMPv3 attributes as shown in Table 19 on page 145 Table 19 Relationship Between SNMPv1 v2c and SNMPv3 Attributes SNMPv3 Value SNMPv1 v2C Value Attribute admin admin Community everything View rw r...

Page 176: ...GetBulk is not available in SNMPv1 Get Bulk Transmitted by the client to the server to obtain the identifiers and the values of variables located after the designated variables Get Next Request Transm...

Page 177: ...RFC 3412 Message Processing and Dispatching for the Simple Network Management Protocol SNMP December 2002 RFC 3413 Simple Network Management Protocol SNMP Applications December 2002 RFC 3414 User base...

Page 178: ...Name objects host1 config snmp interfaces description format common 7 Optional Manage the interface sublayers compress interfaces and control interface numbering host1 config snmp server interfaces co...

Page 179: ...he community name acts as a password and is used to authenticate messages sent between an SNMP client and a router containing an SNMP server The community name is sent in every packet between the clie...

Page 180: ...he number of entries within a distinct view name you can configure complex views You can also have 32 access entries with distinct names per virtual router All views are on a per virtual router basis...

Page 181: ...ach of these parameters can be up to 64 characters Example host1 config snmp server contact Bob Smith host1 config snmp server location 3rdfloor Use the no version of these commands to clear the conta...

Page 182: ...ncoding schemes an E Series router proprietary method and a conventional industry method The proprietary method identifies each interface sublayer with its type The industry method bases the type info...

Page 183: ...ear in the interface tables interface stack tables ipAddrTable and ipNetToMedia table Compressing a table type in an interface removes the interface from the specified table type For example if you wa...

Page 184: ...e stack tables host1 config snmp server interfaces compress Ds1 table type interface stack tables Subsequent use of the same command on any interface in the following example Atm on the same router wi...

Page 185: ...ctions to accommodate interface sublayers The E Series router implementation of SNMP derives index numbers in 32 bit values that are unique on a given router This numbering scheme can result in large...

Page 186: ...les and the interface numbering method configured on the router Field descriptions Compressed Removed Interface Types List of interface types that are removed from the ifTable and ifStackTable Armed I...

Page 187: ...stination The maximum number of entries in the SNMP trap host table in each virtual router is eight Trap Categories The router supports the following trap categories addrPool Local address pool traps...

Page 188: ...s trap is generated the actual value of the exceeded warning threshold is displayed snmp SNMP coldStart warmStart authenticationFailure the trap option The snmp server enable traps snmp authentication...

Page 189: ...ilter is not defined for this trap the global trap severity applies If the trap does not meet these criteria the system discards the trap If the trap does meet these criteria the trap goes to the trap...

Page 190: ...for specific hosts using the snmp server host command If you configure global severity levels for different categories in succession the last global severity level you configure is applied to all cate...

Page 191: ...nfigure the per category severity level as debug for the SONET trap category This setting overrides the notice trap severity level that was applicable for the SONET trap category host1 config snmp ser...

Page 192: ...nable link status traps on an IP interface Example host1 config if snmp trap ip link status Use the no version to disable link status traps on an IP interface See snmp trap ip link status snmp trap ip...

Page 193: ...er The SNMP trap proxy does not forward global traps that it receives from other virtual routers The corresponding SNMP agent handles global traps locally and does not forward them to the SNMP trap pr...

Page 194: ...ed all the generated traps To identify the location of traps logged in the notification log the system assigns a consecutive index number to each SNMP trap message transmitted from the E Series router...

Page 195: ...r notificationLog entryLimit Use to set the maximum number of notifications kept in all notification log tables The range is 1 500 which means that you can allocate up to 500 notifications across all...

Page 196: ...t command The following are guidelines for setting the maximum ping window If you are losing traps because of scenario 1 base the maximum ping window time on the estimated time that it takes to establ...

Page 197: ...e and the event table These tables also contain subordinate MIB tables that contain more detailed information about the trigger tests Trigger Table The trigger table mteTriggerTable lists any currentl...

Page 198: ...falling events NOTE This release does not support the objects table Event Table The event table mteEventTable defines what action you want the device to take when a trigger occurs This action can be i...

Page 199: ...luretrigger host1 config mgmtevent event notification id mteTriggerFailure host1 config mgmtevent event exit host1 config mgmtevent event sysadmin fallingtrigger host1 config mgmtevent event notificat...

Page 200: ...r the discontinuity MIB value ID that you want to test host1 config mgmtevent trigger delta sampling discontinuity id 1 3 6 1 2 1 31 1 1 1 19 9 Optional Enter the discontinuity type timeStamp or timeT...

Page 201: ...snmp agent command The agent context name is independent of the virtual router name Enable the trigger host1 config mgmtevent trigger enable Once enabled you cannot edit an event or trigger configurat...

Page 202: ...gger threshold test absolute value rising 2000 falling 1900 delta value Use when defining delta threshold values host1 config mgmtevent trigger threshold test delta value rising 2000 falling 1900 2 De...

Page 203: ...e virtual router Use the wildcard keyword to specify that the context name is a wildcard value NOTE Use caution when assigning wildcards Wildcards can rapidly use up trigger resources Use the limit ke...

Page 204: ...sample The discontinuity MIB ID monitors the sample for any discontinuity errors during the sample frequency If a discontinuity error occurs the router removes the sampling for that interval Optional...

Page 205: ...e Boolean test trigger host1 config mgmtevent trigger existence test event sysadmin existenceTrigger Example 2 Specifying a startup condition host1 config mgmtevent trigger existence test startup pres...

Page 206: ...1 60 1 2 1 1 7 Use the no version to remove the MIB object from the trigger Removal returns the sample value id to its default 0 0 See sample set Use to perform an SNMP set operation under certain eve...

Page 207: ...g mgmtevent trigger threshold test absolute value rising 2000 falling 1900 Example 2 Specifying a startup threshold condition host1 config mgmtevent trigger threshold test startup rising Example 3 Bin...

Page 208: ...nmp management event Use to view statistical SNMP event information for event table entries router resources and trigger table entries Omit the events resource statistics or triggers options to obtain...

Page 209: ...Frequency at which this trigger is sampled ObjectsOwner Not supported in this release Objects Not supported in this release Enabled State False disabled or True enabled of the trigger EntryStatus Act...

Page 210: ...mber of failure traps sent as a result of event failures Threshold Startup Startup threshold condition for this trigger Rising Rising threshold condition for this trigger Falling Falling threshold con...

Page 211: ...disabled of this event EntryStatus Entry status for this event Notification Notification Notification trap setting for this event ObjectsOwner Not supported in this release Objects Not supported in t...

Page 212: ...t boolean SampleType absoluteValue ValueID 1 3 6 1 2 1 92 1 1 2 0 ValueIDLimit 0 ValueIDWildcard False ContextName router1 ContextNameLimit 0 ContextNameWildcard False Frequency 40 ObjectsOwner unitTe...

Page 213: ...t 1 3 6 1 2 1 11 1 0 ObjectWildcard False Value 20 ContextName router ContextNameWildcard True See show snmp management event Collecting Bulk Statistics The router offers an efficient data collection...

Page 214: ...it A collector can have up to 64 virtual routers associated with it To collect bulk statistics for a subset of all configured subinterfaces you can define the subinterfaces using the following syntax...

Page 215: ...led Type of Interface Ip IP IP interfaces Ppp PPP PPP interfaces Ds0 Ds0 DS0 interfaces Ds1 SERIAL DS1 interfaces Ds3 SERIAL DS3 interfaces FrameRelayMajor FR Frame Relay Major interfaces Ethernet ENE...

Page 216: ...lsIfMinor MPLS Minor interfaces PppNetwork MLPPP Ppp Network interfaces EthernetSub ENET Ethernet Sub interfaces MultilinkFrameRelay MLFR MultiLink Frame Relay interfaces IpTunnel IP TUNNEL Ip Tunnel...

Page 217: ...ations that utilize the counters in expressions or calculations generate erroneous values and misleading graphs Because counters are 64 bits long the possibility of a counter s wrapping naturally woul...

Page 218: ...5 8 Optional Specify the time for which the system transfers data host1 config bulkstats collector 2 interval 1000 9 Optional Set the maximum size of the bulk statistics file host1 config bulkstats c...

Page 219: ...to specify the time interval in seconds for which the collector transfers data to the receivers Example host1 config bulkstats collector 2 interval 1000 Use the no version to set this time to the defa...

Page 220: ...nd Example host1 config bulkstats collector 2 secondary receiver 5 Use the no version to clear the secondary receiver See bulkstats collector bulkstats collector single interval Use to set the system...

Page 221: ...ernet interfaces frame relay Collects statistics on Frame Relay interfaces frame relay sub Collects statistics on Frame Relay subinterfaces hdlc Collects statistics on Cisco HDLC interfaces ip Collect...

Page 222: ...sysName sysUpTime NOTE The variables in the remote name are replaced at runtime with the sysName and sysUpTime parameters to produce variable filenames on the remote host Use the no version to delete...

Page 223: ...parameters the router uses to collect statistics use the following show bulkstats commands To include or exclude lines of output based on a text string that you specify use the output filtering featur...

Page 224: ...Collects statistics once only XferMode Collect mode configured for the collector auto Agent transfers file when interval expires manual Network management system or the user initiates transfers onFul...

Page 225: ...d by a management client notReady Schema does not have enough configuration information to go active error Configuration or operational error Subtree List Types of statistics the schema is configured...

Page 226: ...us enabled OperStatus enabled Interface Description Setting industry common File Format CR LF Current Time TUE AUG 15 2002 15 54 20 UTC Intervals PrimaryXfers PrimaryFails SecondaryXfers SecondaryFail...

Page 227: ...ollector description Use to display information about the collector s file description Field descriptions Index Index number of the bulk statistics collector FileDescription Descriptive information ad...

Page 228: ...transfer mode Use to display information about the bulk statistics transfer mode configuration Field descriptions Index Index number of the bulk statistics collector Transfer Mode auto xfer Server aut...

Page 229: ...tReady Interface type does not have enough configuration information to go active error Configuration operational error Example host1 show bulkstats interface type Interface Types Index Type Collector...

Page 230: ...times the bulk statistics application detected a line module bulkstat collector s presence HdwCollectorCreates Number of line module collectors created CollectorCreateReqs Number of times the bulk st...

Page 231: ...y server transfer failures BulkStats Collector Statistics Index Bulk statistics collector index CurrSize Current size of the bulk statistics storage file in bytes CreateErrs Number of bulk statistics...

Page 232: ...3 UTC 2 0 0 Index Interval Start Time Interval Stop Time 1 MON JAN 24 2001 19 09 33 UTC MON JAN 24 2001 19 15 33 UTC 2 Not started N A Dynamic Interface Collector statistics CollectorIndex Slot Receiv...

Page 233: ...ers Collector Virtual Routers 33 serviceProviderABC 655 default See show bulkstats virtual routers Understanding Schemas You can set a management schema for bulk statistics A schema is a group of attr...

Page 234: ...rieved include the intPhysicalDesc the cpuUtilPct and the memUtilPct system If Stats Schema Objects Table 25 on page 204 describes the if stats objects that you can configure using the bulkstats schem...

Page 235: ...ut sched pkts out sched pkts Configure If stats schema for out ucast pkts out ucast pkts Configure If stats schema for time offset time offset All the schema if stats objects in Table 25 on page 204 a...

Page 236: ...hema Objects Definition Object Configure policy schema for all statistics all Configure policy schema for green bytes green bytes Configure policy schema for green packets green packets Configure poli...

Page 237: ...ytes configured for the byte adjustment application if the byte adjustment application is enabled on the queue byte adjustment bytes Configure QoS schema to export the type of byte adjustment if byte...

Page 238: ...ma to verify whether the Random Early Detect RED option is enabled on the queue RED enabled Configure QoS schema to export the scheduler profile name scheduler profile Configure QoS schema to export t...

Page 239: ...Configure a bulk statistics schema host 1 config bulkstats schema 11 2 Assign a collector to the schema The collector determines when the queue information is exported for the schema host1 config bul...

Page 240: ...interface record use the time offset keyword To collect the final statistics that may have been lost use the if create delete time stats keyword Example 1 Configures the schema to collect interface u...

Page 241: ...res the schema to collect statistics for a policy named XMYpolicy host1 config bulkstats schema 4 subtree policy policy name XMYpolicy Use the no version to delete the specified schema See bulkstats s...

Page 242: ...Bulk statistics organizes data in the form of schema definitions You can configure the schemas to retrieve specific accounting information by using the CLI or the SNMP MIB objects The schemas support...

Page 243: ...es are assigned contiguously starting from 1 The value for each interface sub layer must remain constant at least from one re initialization of the entity s network managementsystemtothe next re initi...

Page 244: ...d at other times as indicated by the value of ifCounterDiscontinuityTime in ucast pkts ifHCInUcastPkts RFC2863 ifHCInUcastPkts The number of inbound packets which were chosen to be discarded even thou...

Page 245: ...y the value of ifCounterDiscontinuityTime in errors ifInErrors RFC1213 ifInErrors For packet oriented interfaces the number of packets received via the interface which were discarded because of an unk...

Page 246: ...at this sub layer including those that were discarded or not sent This object is a 64 bit version of ifOutUcastPkts Discontinuities in the value of this counter can occur at re initialization of the m...

Page 247: ...Octets dropped due to ingress policy support 64 bit counters in policied octets juniAcctngIfInPolicedOctets juniAcctng ifInPolicedOctets Packets dropped due to ingress policy in policied octets juniA...

Page 248: ...lue of this counter can occur at re initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime in mcast pkts ifHCInMulticastPkts RFC2863 ifHCInM...

Page 249: ...continuityTime out mcast pkts ifHCOutMulticastPkts RFC2863 ifHCOutMulticastPkts The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast...

Page 250: ...ndex RFC1213 ifIndex The SVLAN or ATM virtual path ID over which the interfaces of the specified queue are stacked SVLAN VP ID The unique traffic class name within the traffic policy configured for th...

Page 251: ...chedulerProfile rsacctng QSchedulerProfile The statistics profile name associated with the egress queue The attribute is a 32 bit character string statistics profile rsAcctngStatisticsProfile rsacctng...

Page 252: ...arly Detect RED is enabled for the queue RED enabled rsAcctngRedEnabled rsacctng QREDEnabled Indicates the type of shared shaping enabled on the queue shared shaping mode rsAcctngSharedShapingMode rsa...

Page 253: ...discarded even though no errors had been detected to prevent their being received The attribute is a 64 bit integer green drop packets rsAcctngGreenDropPackets rsacctng QGreenDiscardPkts The number of...

Page 254: ...r the data generated by schemas show bulkstats schema Use to display data on the bulk statistics schema Field descriptions Schema Information Index Index number of the schema Subtree Type of bulk stat...

Page 255: ...nformation for a schema that is configured to collect QoS statistics for egress queue level attributes filtering out queue length and queue profile name attributes host1 show bulkstats schema Schema I...

Page 256: ...owever in the default interface numbering mode large gaps occur from the creation of interfaces due to the use of the upper 8 bits of the ifIndex for interface type encoding Gaps are not eliminated af...

Page 257: ...system reboot If you need the sequential number to restart remove and then add the bulk statistics receiver again You can use up to 128 characters for the remote file name Anything beyond that is trun...

Page 258: ...ring the statistics at the time the baseline is set and then subtracting this baseline whenever baseline relative statistics are retrieved To display statistics relative to the current baseline use th...

Page 259: ...contact person Location Router s location SNMP packets input Total number of SNMP packets received by the router Bad SNMP version errors Number of SNMP PDUs with a bad version number Unknown community...

Page 260: ...Us Number of packets received by the SNMP engine that were dropped because the PDU in the packet could not be passed to an application responsible for handling the PDU type for example no SNMP applica...

Page 261: ...texts 538 SNMP packets out 0 Too big errors Maximum packet size 1500 10 No such name errors 0 Bad values errors 0 General errors 538 Get response PDUs 0 SNMP trap PDUs 0 Invalid Message Report PDUs 0...

Page 262: ...MP communities Field descriptions Community Name of the community and the associated virtual router View Name of the view Priv Access privilege for the view ro Read only access rw Read write access ad...

Page 263: ...lost nonVolatile Does not lose contents when power is lost Example host1 show snmp group Group Name Storage Type group1 Volatile group2 NonVolatile admin Permanent mirror Permanent public Permanent p...

Page 264: ...Level Severity level filter for a trap category this severity level overrides the globally configured trap severity level TrapCategories Types of traps enabled on the router for which trap severity i...

Page 265: ...outer Field descriptions Trap request s Number of local traps requested Proxy trap request s Number of proxy traps requested Trap s discarded Total number of traps discarded No system memory Traps dis...

Page 266: ...obal trap category disabled 4 Global minimum severity level 0 Trap s out 3108 Trap s proxied 0 Address TrapsDiscarded TrapsDiscrded TrapsDiscrded TrapsDiscrded Severity Category bad encoding Queue Ful...

Page 267: ...d OID trees are not available in this view Oid Tree OID of the AS number version 1 subtree Storage SNMP storage type volatile or nonvolatile Example host1 show snmp view View Name View Type Oid Tree u...

Page 268: ...ring feature of the show commands to include or exclude lines of output based on a text string you specify See Command Line Interface on page 27 for details Copyright 2010 Juniper Networks Inc 238 Jun...

Page 269: ...n on page 249 Configuring the System Automatically on page 264 Saving the Current Configuration on page 264 Using the Desktop Tool for Viewing Uncompressed Text Configuration on page 267 Customizing t...

Page 270: ...Set system passwords Managing Modules on page 341 Write CLI macros Booting the System on page 495 Boot the system Managing Modules on page 341 Manage line modules and SRP modules Platform Consideratio...

Page 271: ...eturn the switch fabric to its default multicast to unicast ratio 15 2 See fabric weights Configuring Timing You can use the timing source command to configure three timing sources for the system Thes...

Page 272: ...host1 config timing select secondary There is no no version See timing select timing source Use to specify how the SRP module exchanges timing signals with an interface You can specify primary seconda...

Page 273: ...bled See show timing Using the CLI Use the commands described in this section to navigate the CLI For a complete description of the CLI see Command Line Interface on page 27 configure Use to enter Glo...

Page 274: ...ge Privilege level is 5 There is no no version See disable do Use to issue an Exec mode command from any CLI configuration command mode Example host1 config do show configuration begin interface The d...

Page 275: ...accessing Privileged Exec mode at the highest level 15 a password is not set for this example host1 enable 15 host1 There is no no version See enable end Use to exit Global Configuration mode or any...

Page 276: ...ee sleep Managing vty Lines The system supports 30 virtual tty vty lines for Telnet SSH and FTP services Each Telnet SSH or FTP session requires one vty line When you connect to the router through a v...

Page 277: ...encrypted or cipher text encrypted In either case the system stores the password as encrypted You can use the following keywords 0 zero Specifies an unencrypted password 5 Specifies a secret 7 Specifi...

Page 278: ...access class in data character bits 8 exec timeout 3w 3d 7h 20m 0s exec banner enabled motd banner enabled login timeout 30 seconds See show line vty Clearing Lines Use the clear line command to clea...

Page 279: ...a long time to generate and display The service show config format command enables you to run the show configuration command using one of two formats original format format 1 the default and a format...

Page 280: ...p MikeShare2 ip share interface atm 5 1 1 interface atm 5 0 interface atm 5 0 100 point to point atm pvc 100 0 100 aal5snap 0 0 0 encapsulation pppoe pppoe sessions 1 interface atm 5 0 100 1 encapsula...

Page 281: ...tm 5 1 103 1 encapsulation ppp ppp authentication pap interface atm 5 1 104 point to point atm pvc 104 0 104 aal5snap 0 0 0 interface atm 5 1 125 point to point interface fastEthernet 0 0 ip address 1...

Page 282: ...0 0 atm pvc 1022 0 1022 aal5snap 0 0 0 atm pvc 1023 0 1023 aal5snap 0 0 0 interface atm 5 0 103 point to point atm pvc 103 0 103 aal5snap 0 0 0 encapsulation bridge1483 pppoe pppoe subinterface atm 5...

Page 283: ...MikeShare2 ip share interface atm 5 1 1 interface mlppp joe interface fastEthernet 0 0 ip address 10 13 5 196 255 255 128 0 interface atm 5 0 100 1 ip address 102 0 1 1 255 255 255 0 interface atm 5...

Page 284: ...rd to display the current configuration of a specified virtual router You can combine the virtual router keyword with the category keyword to display the current configuration of specific settings for...

Page 285: ...nagement settings such as the CLI bulk statistics and Telnet management Physical layer protocols such as DS1 DS3 and SONET SDH physical layer protocols Policy settings such as policy lists classifier...

Page 286: ...onfiguration script from the output by saving it as a file with the scr extension This command provides configuration information based on the privilege level of the session user The output does not d...

Page 287: ...ication ppp default radius aaa accounting ppp default radius ip address pool local interface null 0 ip bgp community new format no ip source route snmp server End of generated configuration script Exa...

Page 288: ...n of running configuration files and CNF files on both the primary SRP when the corruption is due to a fatal duplicate key error CNF files must be present on the active file system to monitor them you...

Page 289: ...SRPs File synchronization and monitoring the file system are separate operations Depending on the wake up time of the monitoring task there is a period of time when corruption can occur and the file...

Page 290: ...es You can automatically recover corrupted CFG files detected in the running configuration When you turn on auto recovery the behavior of the file synchronization stateful SRP switchover high availabi...

Page 291: ...by SRP boots up using the last indicated configuration using the boot conf command If the file system on the primary SRP is corrupt when HA is enabled and the mode of theservicecheck configcommandhasb...

Page 292: ...he state is restored on successful recovery Unified ISSU If unified ISSU is in the idle state the operation is disabled until successful recovery or the recovery window is complete The unified ISSU pr...

Page 293: ...cessfully recovered monitoring of corrupt configuration resumes If recovery fails load another release on the primary SRP and run the reload force command The primary and standby SRP modules re initia...

Page 294: ...system to load from a script not autocfg scr through the boot config command or boot backup command Saving the Current Configuration By default the system automatically saves any change to the system...

Page 295: ...configuration file using the extractScrFromCnf pl script For more information about using the Perl script see Using the Desktop Tool for Viewing Uncompressed Text Configuration on page 267 NOTE To av...

Page 296: ...ater Example host1 copy running configuration startup configuration There is no no version See copy running configuration startup configuration copy startup configuration Use to copy the previously sa...

Page 297: ...m to view the text configuration embedded in the system configuration file You need to copy the system configuration file to your client system and run the desktop tool to view the uncompressed text c...

Page 298: ...ing requirements for client systems running on Sun Solaris platforms You must have execute permissions for the files 1 By default the GCC compiler is not available on Solaris 9 and Solaris 10 platform...

Page 299: ...ser Interface You can access the CLI through a console connected directly to the system or through a Telnet session This section describes how you can customize the user interface Some commands apply...

Page 300: ...ersion See terminal width Specifying the Character Set You can specify the number of data bits per character for the current vty session and for all subsequent sessions on the specified vty lines This...

Page 301: ...1 config line console 0 host1 config line dsr detect DSR is carried on pin 6 of the SRP module s RS 232 DB 9 connector The DSR input must be connected to the DSR output of a modem or the DTR output of...

Page 302: ...or vty lines To do so 1 Access the line configuration mode using either the console or vty keyword 2 Specify the time during which the user must enter information For example host1 config line vty 0 h...

Page 303: ...rompted for the remainder of the text after you press Enter To display a backslash as part of the message it must be immediately preceded by another backslash like this Do not use a backslash as a del...

Page 304: ...on a particular line when a connection is initiated Banners on the lines are enabled by default the no version does not reenable banners on the lines See banner on page 273 command description for mo...

Page 305: ...he console exec timeout Time interval that the terminal waits for expected user input Never Indicates that there is no time limit exec banner Status for the exec banner enabled or disabled This banner...

Page 306: ...character X more message text until you enter the second delimiterX Proceed with send confirm If you do not begin the message on the same line as the send command the CLI prompts you for the message t...

Page 307: ...he system releases available memory on an SRP module or line module automatically if that module requires extra memory for an application However you can force the system to release available memory o...

Page 308: ...ndby SRP module The system space contains files for system operation For example the current software configuration is stored in the system space The user space is reserved for FTP server operations a...

Page 309: ...ce depends on the features that the FTP client offers Table 34 FTP Commands That the System Supports Function FTP Command List supported commands HELP Verify username USER Verify password for the user...

Page 310: ...hat any traffic destined for the virtual router can reach the virtual router typically you configure the FTP server to reach the default address of the system which will always be able to reach the vi...

Page 311: ...g mac scr txt cnf dmp hty log mac rel scr txt Nonsystem files System None None cnf dmp hty log mac pub rel scr sts txt Nonsystem files cnf hty excluding reboot hty log excluding system log mac scr txt...

Page 312: ...t is not empty However if a file in the specified directory or a specified file is marked by the file system as in use because it is required for the current operation or configuration the force keywo...

Page 313: ...outer it is possible that files or file attributes may appear unsynchronized when they are not When enabled high availability mirrors configuration changes instantly from the active SRP to the standby...

Page 314: ...ize of the file date Date that file was created in use An exclamation point indicates that the system is using this file Example 1 host1 dir Please wait Active standby file systems are synchronized un...

Page 315: ...7 09 01 36 disk0 800beta5 cnf 01 02 2007 16 01 36 disk0 820beta5 cnf 05 09 2007 14 29 58 disk0 810beta16 cnf 03 15 2007 06 58 14 disk0 SRP 10Ge_3_SC_08_22_2006_07_39 dmp 08 22 2006 07 43 14 disk0 SRP...

Page 316: ...00 07 22 08 Disk capacity Capacity Free Reserved Device bytes bytes bytes disk0 220200960 120616448 36700160 Example 4 host1 dir outgoing unshared in file size size date UTC use disk0 test scr 1204 0...

Page 317: ...remote server named fileserver1 host1 more fileserver1 startup scripts myconfig scr There is no no version See more Transferring Files You may need to transfer files between the following locations Sy...

Page 318: ...y remote files using the URL format and the file redirect option for the related show commands Use the host command to define the host and the appropriate file transfer protocol FTP is the default if...

Page 319: ...ter characters can be used in the host username password and directory and file fields when added as encoded characters The encoded characters must be three characters starting with a percent and foll...

Page 320: ...scr sts txt cnf hty log mac pub scr txt cnf hty excluding reboot hty log excluding system log mac scr txt System None None cnf hty log mac pub rel rel file only not files associated with the rel file...

Page 321: ...ffic destined for the VR can reach the VR typically you configure the FTP server to reach the default address of the E Series router which will always be able to reach the VR 3 Add the FTP server to t...

Page 322: ...tain a valid encrypted string is to enable password encryption by issuing the service password encryption command and then examine the output of the show configuration command Username and password en...

Page 323: ...he interface before you issued the ip ftp source interface command Example host1 config ip ftp source address 10 10 5 21 Use the no version to restore the default in which the source address in the FT...

Page 324: ...a local file to a remote fileby using file copy command format The following command creates or replaces the remote file shConfigForJoe txt in the directory ftpDir results on the host joe by copying...

Page 325: ...ommand creates or replaces the local file autocfg scr by copying the remote file autocfg scr located in the directory ftpDir scripts on the host 172 28 32 156 Use the username fred to access the remot...

Page 326: ...ts vty resources between Telnet SSH and FTP services Each FTP session requires one vty line The FTP service uses the authentication method configured for the vty lines Features The system supports the...

Page 327: ...ate current FTP sessions and to disable the FTP server See ftp server enable Configuration Example Figure 23 on page 297 shows the scenario for this configuration example Figure 23 FTP Configuration E...

Page 328: ...line vty 2 4 host1 config line password foobar host1 config line access class Pops in host1 config line login authentication RadiusOnly 6 Enable the FTP server host1 config ftp server enable Monitorin...

Page 329: ...he line offers and the relative line number user Name of the user connected from Location or IP address of the user connected since Date and time that the user connected to the line idle time Amount o...

Page 330: ...which subsystems are included in the release on the server host1 show subsystems file m x images x y z rel 2 Exclude any subsystems in the release that you do not need for the configuration host1 con...

Page 331: ...pecified software release file Specify either a local filename or a remote path and filename to view the subsystems that are included in a software release file other than the current software release...

Page 332: ...es how to configure the NFS client if you are using an E Series application that requires NFS based transport References The NFS client complies with the following standards RFC 1094 Network File Syst...

Page 333: ...rce address 10 1 1 1 host1 boston config ip nfs source interface atm 3 2 6 Use the no version to delete the name server See ip nfs ip nfs host Use to configure a remote host as an NFS server for the c...

Page 334: ...ols for example BGP Telnet or LDP to use so that they can avoid any impact if a physical interface goes down The loopback interface sends packets back to the router or access server for local processi...

Page 335: ...or more information about port numbers and associated processes see www iana org You can force Telnet to use the IP address of an interface that you specify as its source address Example host1 telnet...

Page 336: ...server to the name resolver For more information see Assigning Name Servers on page 306 Each virtual router can have its own name resolver and domain name However if two virtual routers use the same n...

Page 337: ...domain name for each name resolver Multiple name resolvers can use the same default domain name If you map an unqualified hostname one without a domain name to an IP address with the host ftp command...

Page 338: ...e a virtual router to use the name servers you configured for another virtual router Example host1 boston config ip domain lookup transit virtual router default Use the no version to stop a virtual ro...

Page 339: ...e core dump from Boot mode or Global Configuration mode CAUTION CreateacoredumpfileonlyunderthedirectionofJuniperNetworks Customer Service Network function can be disrupted if you create a core dump f...

Page 340: ...ess to the server where you want to transfer the core dump file 6 Optional View parameters associated with creating a core dump file Example host1 config exception dump 192 168 56 7 CORE_DUMPS host1 c...

Page 341: ...d Use the no version to restore the default settings See exception protocol ftp exception source Use to set the IP address and mask of the system interface over which you want to send the core dump fi...

Page 342: ...Dump protocol FTP User name user_name Password user_password Interface IP address Interface netmask Gateway IP address See show exception dump Managing Core Dump Files When a core dump occurs on a red...

Page 343: ...tes a log message for this condition Enabling and Disabling the Core Dump Monitor The core dump monitor is disabled by default To enable the core dump monitor use the exception monitor command Use the...

Page 344: ...and configuration Field descriptions Core dump monitor Status enabled or disabled of the core dump monitor Next dump monitor check time Time at which the core dump monitor will next check for any new...

Page 345: ...saves the core dump file to the FTP server before the standby SRP module assumes control If the standby SRP module fails it must save the core dump file to NVS because it has no access to any configu...

Page 346: ...ve and the standby SRP module You can use the resulting information to help diagnose a problem or to verify whether the core settings are correct primarily for the network settings write core Use to r...

Page 347: ...in the display resulting if you issue the show version command Table 38 on page 317 shows how the chassis slot numbers relate to the hardware slot numbers Table 38 Chassis Slot Numbers Versus Hardwar...

Page 348: ...tion that is doing the tracking Example host1 config show track ERX_Bangalore Track ERX_Bangalore IP Route 1 1 1 0 255 255 255 0 reachability in virtual router 1 Reachability is Up First hop interface...

Page 349: ...you can issue this command the same way you issue any other show commands on the router This means that you can redirect the output from the command to a file For information about redirecting show co...

Page 350: ...memory See show tech support Managing and Monitoring Resources The resource threshold monitor RTM allows you to set the rising and falling thresholds and trap hold down times for certain interfaces Yo...

Page 351: ...show resource Use to display statistical information about resources and their current threshold configurations Field descriptions Resource Threshold Trap Status enabled or disabled of the resource t...

Page 352: ...the System This section provides basic system commands that allow you to display information about the router s state The show configuration command for example allows you to display the router s ent...

Page 353: ...ut thermal protection mode on ERX7xx models ERX14xx models and the ERX310 router see ERX Hardware Guide Chapter 9 Troubleshooting For information about thermal protection mode on the E120 and E320 rou...

Page 354: ...ry timing signal auto upgrade Status of the auto upgrade parameter which enables the system to revert to a higher priority timing source after switching to a lower priority timing source system operat...

Page 355: ...120 and E320 routers fabric temperature ranges Displays the temperature ranges for the SRP modules and SFMs on the E120 and E320 routers Example 1 Displays the environment of an ERX7xx model host1 sho...

Page 356: ...0 6 13 offline 7 empty 1 2 3 4 5 11 12 14 15 16 fabric slots ok online 6 7 8 9 10 line redundancy none temperature ok timing primary primary internal SC oscillator ok secondary internal SC oscillator...

Page 357: ...7 8 9 10 line redundancy none temperature ok timing primary primary internal SC oscillator ok secondary internal SC oscillator ok tertiary internal SC oscillator ok auto upgrade enabled fabric redund...

Page 358: ...0 32 normal 10 SFM 120 32 normal fabric temperature ranges below 5C is too cold above 79C is too hot low temperature warning below 10C high temperature warning above 56C processor temperature ranges b...

Page 359: ...he group Example host1 show hosts Static Host Table name ip address type host1 10 2 0 124 ftp hFtp 10 5 6 7 ftp hTftp 10 5 6 7 tftp Static Host Table name ip address type george 1111 2222 3333 4444 55...

Page 360: ...and entry errors if any Context stats Information about the memory utilization of context switching stack applicable only for mode 2 and 3 Fault summary Information about the fault counters applicable...

Page 361: ...r of times the process has been invoked invocations per second Frequency of the process invocation total running time msec Time the process has been running percent running time Percentage of the tota...

Page 362: ...hunks issuing this command performs a cleanup process to gather unused available memory for reallocation You can display different output variations by using the application slot and virtual router ke...

Page 363: ...output category that summarizes all memory that is not currently associated with any particular virtual router current size Amount of memory reserved by the listed application or virtual router utiliz...

Page 364: ...sets You can display the current reboot hty file or a saved reboot history file If you have a redundant router it can be convenient to copy the redundant module s reboot hty file to another filename f...

Page 365: ...Entry 3 time of reset TUE APR 10 2001 20 25 03 UTC run state unknown image type diagnostics location slot 4 build date 0x3abf3ee0 MON MAR 26 2001 13 06 40 UTC reset type user reboot task scheduler rea...

Page 366: ...le has a hardware fault inactive On ERX routers either the I O module is not present or the primary line module is fully booted and ready to resume operation In the latter case the standby is currentl...

Page 367: ...eserved System Release erx_7 1 0 rel Partial Version 7 1 0 BuildId 4518 December 21 2005 11 23 System running for 25 days 3 hours 31 minutes 5 seconds since THU DEC 22 2005 11 36 41 UTC slot state typ...

Page 368: ...elease 7 3 0 rel Version 7 3 0 BuildId 5759 July 27 2006 10 40 System running for 3 days 1 hour 37 minutes 4 seconds since FRI JUL 28 2006 09 08 14 UTC running slot state type admin spare release slot...

Page 369: ...06s 14 0 14 1 present OC12 STM4 2 POS IOA enabled 15 online LM 4 enabled 7 3 0 rel 3d01h 26m 28s 15 0 15 1 present OC12 STM4 2 ATM IOA enabled 16 online LM 4 enabled 7 3 0 rel 3d01h 25m 17s 16 0 pres...

Page 370: ...6 seconds since MON APR 09 2007 05 57 30 UTC running slot state type admin spare release slot uptime 0 0 0 0 1 1 online LM 10 enabled 8 2 0b0 9 rel 1d08h 32m 35s 1 0 1 1 present GE 8 IOA enabled 2 onl...

Page 371: ...page 359 Configuring Performance Rate of Line Modules on ERX7xx Models and the ERX1410 Router on page 359 Managing Flash Cards on SRP Modules on page 364 Updating the Router with JunosE Hotfix Files o...

Page 372: ...ERX705 ERX710 and ERX1410 Broadband Services Routers you can enable the line modules either to operate at full line rate performance or to allow line modules to operate at a rate dependent on the res...

Page 373: ...his router For more information see Line Module Redundancy in JunosE Services Availability Configuration Guide On the E120 router line modules can be installed in slots 0 5 On the E320 router line mod...

Page 374: ...Modules that support hot swapping enable you to remove and add an IOA in a slot without rebooting the line module If the slot is populated with another active IOA it continues to operate Depending on...

Page 375: ...Yes ES2 S1 OC12 2 STM4 POS Yes No No Yes Yes ES2 S1 OC48 STM16 POS No Not applicable Notapplicable Not applicable Yes Full height IOA ES2 S1 Service No Not applicable Notapplicable Not applicable Yes...

Page 376: ...ers have only a single slot Cards installed in the second slot can be used only for core dump dmp files For more information see Managing Flash Cards on SRP Modules on page 364 SRP modules on the E120...

Page 377: ...in the specified slot Allows you to restart the module that was installed in the slot You cannot use this command on a standby SRP module If you specify a slot on the E120 or E320 Broadband Services R...

Page 378: ...n page 344 When you issue the adapter disable command in a redundancy configuration the line module primary or spare currently associated with that IOA is rebooted If the IOA is protected by a line mo...

Page 379: ...fies the right IOA bay E120 router and the upper IOA bay E320 router adapter 1 identifies the left IOA bay E120 router and the lower IOA bay E320 router Example Enables the IOA residing in the upper b...

Page 380: ...not issue any keywords with this command When the high availability state is active or pending this command ensures that the router configuration up to when you issued the halt command is mirrored to...

Page 381: ...more ES2 10G ADV LMs When you replace an ES2 10G ADV LM with an ES2 10G LM and the module is paired with an ES2 S1 Redund IOA ensure that the provisioned redundancy group does not include an ES2 10G A...

Page 382: ...cy in Step 2 enable redundancy for the slot when the replacement line module has come online host1 config no redundancy lockout 7 Replacing a Line Module Without Erasing the Slot Configuration Use thi...

Page 383: ...ured for the slot disable redundancy host1 config redundancy lockout 1 2 Disable the slot host1 config slot disable 1 3 After the line module has booted issue the show version command to ensure that t...

Page 384: ...indicates that you must deactivate high availability feature for the applicable line modules before erasing or replacing the slot configuration You need to use the no mode high availability slot comm...

Page 385: ...adapter accept command or the slot erase command for the slot that contains the IOA bay Replacing SRP Modules and SFMs If you remove a standby SRP module or an SFM you must issue the slot erase comman...

Page 386: ...t issue the slot accept command Depending on the previous configuration of the slot the system might take a few moments to execute this command Example Accepting the IOA in the upper bay of slot 5 in...

Page 387: ...ecify a slot that contains a line module you erase the configuration of the line module and the I O modules or IOAs associated with it To erase the configuration of a specific IOA on the E120 or E320...

Page 388: ...OAs associated with it To erase the configuration of a specific IOA on the E120 or E320 router use adapter erase on page 356 command If you specify the slot erase command to delete the configuration o...

Page 389: ...ds to this I O module or IOA See Booting the System on page 495 3 When the line module has rebooted install the I O module or IOA 4 Upgrade the software on the router See Installing JunosE Software on...

Page 390: ...hat the line module can use Slot Groups The number of slots in a group depends on the E Series model For information about slot groups see ERX Hardware Guide Chapter 4 Installing Modules SRP Modules B...

Page 391: ...ndwidth of 2 5 Gbps for each slot group The GE line module requires 2 46 Mbps bandwidth for operation at line rate and can use both switches in the SRP 10G module If you require line rate from a GE li...

Page 392: ...binations Examples of Allowed Combinations PossibleCombinationsofLineModules Three OCx STMx ATM line modules in any slot group Two GE FE line modules in any slot group One COCX F3 line module in slot...

Page 393: ...STMx line module in slot groups 2 3 and 4 Specifying the Type of Performance After you have installed a suitable combination of line modules you can specify a different type of performance To specify...

Page 394: ...ubscription Bandwidth oversubscription is currently not in effect Bandwidth oversubscription will be in effect the next time the system reboots See show bandwidth oversubscription Troubleshooting Band...

Page 395: ...the primary SRP module reboots again Both SRP modules now have standby status and reboot The first SRP module to complete rebooting becomes the primary Because the former redundant module started to...

Page 396: ...12 standby disk0 lm4_13 dmp 344200394 344200394 02 13 2005 13 13 13 disk1 lm4_14 dmp 344200394 344200394 02 14 2005 14 14 14 standby disk1 lm4_15 dmp 344200394 344200394 02 15 2005 15 15 15 disk0 bos...

Page 397: ...dismounted Device is not present Command failed files are open on device CAUTION When you eject a mounted disk 0 while the router is in an operational state the SRP module initiates a reload When you...

Page 398: ...changed files from the primary flash card Depending on the outcome of the space verification the router proceeds as follows If the card has enough space the router copies new or changed files from the...

Page 399: ...redundant flash card the router copies all the files from the primary flash card to the redundant flash card However if the capacity of the primary flash card exceeds that of the redundant flash card...

Page 400: ...The information in this section does not apply to the ERX310 router which does not support SRP module redundancy Even when flash cards on the primary and redundant SRP modules are synchronized differe...

Page 401: ...If the corrupted file resides on the primary SRP module issue the srp switch command to force a switch from the primary SRP module to the redundant SRP module This action ensures that the error free...

Page 402: ...ber of files and bytes compared If one or more of the following conditions exist the command fails and the router displays a message that explains why it cannot perform the checksum test The file syst...

Page 403: ...to complete configuration Validates all configuration files in NVS and synchronizes all files that failed the checksum test as well as any other unsynchronized files this option takes less time to com...

Page 404: ...e 1 host1 halt primary srp host1 reload WARNING Execution of this command will cause the system to reboot Proceed with reload confirm Reload operation commencing please wait Press mb boot flash disk i...

Page 405: ...tally so you may need to exchange the flash cards several times Example host1 halt primary srp host1 reload WARNING Execution of this command will cause the system to reboot Proceed with reload confir...

Page 406: ...the router contains primary and redundant modules only NVS on the primary SRP module is scanned Use the repair keyword to fix nonfatal errors found on the disk If the repair fails the router no longe...

Page 407: ...Block OK File Allocation Table OK Root Directory OK Checking File Space Please Wait Checking Free Space Please Wait PCMCIA Card Scan successful There is no no version See flash disk scan Monitoring Fl...

Page 408: ...in all files in NVS nvs flash in use NVS used in bytes available nvs flash NVS available in bytes Example host1 show nvs total nvs file sizes 228864 total nvs file errors 0 nvs flash in use 1265152 a...

Page 409: ...ds as in the following examples Activated immediately on an active router but not armed as a startup hotfix In this case the hotfix is activated only until the SRP module reloads If the SRP module rel...

Page 410: ...ary flag that indicates whether line modules require a reload for the hotfix to become active on the module The CLI displays a warning message if the line modules must be reloaded If the warning is co...

Page 411: ...is activated on all applicable modules that are installed in the router When existing line modules come online during startup and when new line modules are inserted in the chassis image fixes for that...

Page 412: ...armed hotfix settings are retained in the event the router reverts back to its normal boot settings Example host1 config boot hotfix hf63037 hfx Use the no version to disarm a specified hotfix You can...

Page 413: ...rtup hotfixes cannot be manually activated If you attempt to manually activate a startup hotfix the operation fails and generates the following error message Manual activation not allowed Example host...

Page 414: ...1030 System running for 7 days 3 hours 55 minutes 5 seconds since FRI FEB 04 2005 13 01 30 UTC The show boot command displays the current boot settings including armed hotfixes that will be activated...

Page 415: ...n X indicates that the hotfix is active armed Status of hotfix arming X indicates that the hotfix is armed to be activated only hotfixes armed for the currently armed release are displayed as armed re...

Page 416: ...a particular hotfix displays the most detailed information host1 show hotfix clock hfx detail HotfixId 990 Synopsis Modify the behavior of show clock Active Yes Armed Yes Description Changes the outpu...

Page 417: ...3036 hfx This command succeeds because hf63036 hfx is compatible with the currently armed release 6 1 0 rel and has no dependencies on other hotfixes Now the attempt to arm hf63037 hfx succeeds becaus...

Page 418: ...e now unnecessary hotfixes from the router host1 delete hf63036 hfx host1 delete hf63037 hfx host1 dir Active System Controller unshared in file size size date UTC use reboot hty 596288 596288 03 07 2...

Page 419: ...terface fastEthernet 6 0 0 Use the no version to remove IP from an interface or subinterface See interface fastEthernet Monitoring Statistics You can set a baseline and view statistics on the Fast Eth...

Page 420: ...ildId 2538 September 7 2004 12 46 Copyright c 1999 2004 Juniper Networks Inc All rights reserved Commands displayed are limited to those available at privilege level 10 boot config running configurati...

Page 421: ...ostic tests that the system performs on line modules depends on whether you have configured line module redundancy If you enable warm restart diagnostics on the spare line module when all other line m...

Page 422: ...cs on a line module host1 diag 3 force Example 2 Enables warm restart diagnostics on the fabric subsystem of an active SRP module on the E320 Router host1 diag 6 fabric There is no no version See diag...

Page 423: ...ine redundancy none temperature ok timing primary primary internal SC oscillator ok secondary internal SC oscillator ok tertiary internal SC oscillator ok auto upgrade enabled system operational yes 3...

Page 424: ...no option assertions in no option memory debug no option disable backpress no option stl debug Related Documentation slot ignore diagnostic failure show environment Monitoring Modules Use the followin...

Page 425: ...assembly ram slot type number number rev MB 0 SRP 10Ge 4305358981 3500005472 A06 2048 1 SRP 10Ge 4305359020 3500005472 A06 2048 2 3 4 CT3 12 4305337201 3500010901 A07 128 5 OC3 OC12 DS3 ATM 4605300290...

Page 426: ...04206756 4500006701 04 1 104 9 SFM 100 4304206762 4500006701 04 1 104 10 SFM 100 4304206737 4500006701 04 1 104 11 12 13 14 15 16 Adapters number of serial assembly assembly MAC slot type number numbe...

Page 427: ...e Chassis serial assembly assembly Major Minor type number number rev rev Chassis 4307018011 4580002602 01 0 101 Modules serial assembly assembly ram Major Minor slot type number number rev MB rev 0 1...

Page 428: ...2 0 Fan s serial assembly assembly Major Minor Tray type number number rev rev 0 Primary FAN 4306505285 4400010001 01 1 101 See show hardware show utilization Use to display information about the reso...

Page 429: ...d and the 5 sec cpu field display the same value 5 sec cpu Average CPU utilization percentage for each installed module during the most recent 5 second interval 1 min cpu Average CPU utilization perce...

Page 430: ...example slot 12 is empty as indicated by the symbol the CPU utilization for the FE 8 module installed in slot 10 is unavailable as indicated by the symbol and the SRP module installed in slot 7 is run...

Page 431: ...ot 1 is unavailable as indicated by the symbol and the SRP 100 module installed in slot 7 is running an incompatible version of JunosE Software as indicated by the symbol host1 show utilization detail...

Page 432: ...Copyright 2010 Juniper Networks Inc 402 JunosE 11 3 x System Basics Configuration Guide...

Page 433: ...nial of Service DoS Protection on page 435 Overview One of your major management responsibilities is to secure your router To do this assign passwords or secrets to the router In Global Configuration...

Page 434: ...u are entering an unencrypted password host1 config enable password level 10 0 t1meout1 2 Display the encrypted password host1 config exit host1 show secret Current Password Settings encryption encryp...

Page 435: ...figuration file by using the service password encryption command This command is useful to keep unauthorized individuals from viewing your password in your configuration file It is important to rememb...

Page 436: ...encrypted The first time you define a secret you must enter it in plain text To view its encrypted form use the show config display To redefine the secret at a later date you can enter the secret in i...

Page 437: ...llow users to access commands at different privilege levels Table 45 Commands Available at Different Privilege Levels Commands Available Privilege Level help exit enable and disable commands 0 User Ex...

Page 438: ...y The serviceunattended password recovery command provides you with a way to delete existing passwords and secrets without physically being present at the router You must have the proper privilege lev...

Page 439: ...software reset button see Figure 25 on page 409 within the time you specify for this command Allows you to set the number of seconds 1 60 for this procedure to be accomplished Allows you to set a new...

Page 440: ...d enter the enable password if prompted 3 Access Global Configuration mode 4 Access Line Configuration mode host1 config line console 0 5 Enable password checking at login host1 config line login 6 Sp...

Page 441: ...use a system generated password or secret Example 1 unencrypted password host1 config line password 0 mypassword Example 2 secret host1 config line password 5 bcA 1aeJD8 1ZDP6 Example 3 encrypted pass...

Page 442: ...secret was inherited from a lower password level The show secrets command displays only secrets configured by the user it does not display inherited secrets Example host1 show secrets Current Password...

Page 443: ...Simple Authentication To configure simple authentication 1 Specify a vty line or a range of vty lines on which you want to enable the password host1 config line vty 8 13 host1 config line 2 Specify th...

Page 444: ...In either case the system stores the password as encrypted Use the following keywords to specify the type of password you will enter 0 zero Unencrypted password 5 Secret 7 Encrypted password NOTE To u...

Page 445: ...al during which the user must log in Never Indicates that there is no time limit Example host1 show line vty 0 no access class in data character bits 8 exec timeout 3w 3d 7h 20m 0s exec banner enabled...

Page 446: ...a list of authentication methods that are used to determine whether a user is granted access to the privilege command level The authentication methods that you can use in a list include these options...

Page 447: ...e Use the no version to remove the authentication list from your configuration See aaa authentication login aaa authorization Use to set the parameters that restrict access to a network Use the keywor...

Page 448: ...authentication list users will not be able to access the router through a vty line Example host1 config aaa new model Use the no version to restore simple authentication See aaa new model authorizatio...

Page 449: ...y_auth_list Use the no version to specify that the system should use the default authentication list See login authentication password Use to specify a password on a line or a range of lines if you sp...

Page 450: ...ame access class list To set up access lists Associate the access list with inbound Telnet sessions host1 config line vty 12 15 host1 config line access class Management in Configure an access list ho...

Page 451: ...d TACACS password authentication are the only user authentication protocols currently supported RADIUS authentication is enabled by default If authentication is disabled then all SSH clients that pass...

Page 452: ...User authentication begins after the transport keys are applied The client typically asks the server which authentication methods it supports The server responds with a list of supported methods with...

Page 453: ...necessary keys for matching during negotiation If you configure the client to accept unknown keys either automatically or with administrator approval this acceptance policy applies only to the first...

Page 454: ...ould severely limit Telnet access to the system To limit Telnet access create access control lists that prevent almost all Telnet usage permitting only trusted administrators to access the system thro...

Page 455: ...c A block cipher with 8 byte blocks and 128 bit keys that provides strong encryption and is faster than DES twofish cbc A block cipher with 16 byte blocks and 256 bit keys that is stronger and faster...

Page 456: ...a user can try to correct incorrect information such as a bad password in a given connection attempt Sleep Prevents a user that has exceeded the authentication retry limit from connecting from the sam...

Page 457: ...gotiation including user authentication is not completed within this timeout Specify an integer in the range 10 600 Example host1 config ip ssh timeout 480 Use the no version to restore the default va...

Page 458: ...a1 96 The default list does not include the none option Example 2 This example restores the hmac sha1 algorithm to the list of supported inbound algorithms host1 config ip ssh mac client to server def...

Page 459: ...ver For each active session detail shows the version of SSH running on the client and the algorithms in use for encryption and message authentication Field descriptions daemon status Indicates whether...

Page 460: ...supported MAC inbound hmac sha1 hmac sha1 96 hmac md5 supported MAC outbound hmac sha1 hmac sha1 96 hmac md5 user authentication enabled user authentication protocol TACACS retry limit 20 sleep period...

Page 461: ...ommands Available Access Level disable enable exit and help commands 0 Level 0 commands and all other commands available in User Exec mode 1 Level 1 commands and all Privileged show commands 5 All com...

Page 462: ...equest is based on the list the system received through RADIUS See Table 47 on page 432 Table 47 Juniper Networks Specific CLI Access VSA Descriptions Value Subtype Length Subtype Length Type Descript...

Page 463: ...len 26 Specifies the VR to which the user logs in or the only VR to which a user has access The default setting is the default VR Virtual Router String virtual router name sublen 21 len 26 Specifies...

Page 464: ...trictions on VR access for any user who successfully logs in to the router For example nonrestricted users can Issue the virtual router command in Privileged Exec mode to switch to another previously...

Page 465: ...how exception dump configure show ip ssh erase secrets show line halt Denial of Service DoS Protection A denial of service DoS attack is any attempt to deny valid users access to network or server res...

Page 466: ...When the system determines that a control flow is suspicious it can take corrective action on that control flow Keeping full state on each control flow can use a large number of resources Instead the...

Page 467: ...ller IC and forwarding controller FC monitor the table to determine whether the suspicious flow has a packet rate above the suspicious level If the packet rate is above this level the flow is marked a...

Page 468: ...sed on packet rate Backoff time in seconds for each protocol After this period expires the flow transitions to nonsuspicious regardless of the current rate When set to zero an interface does not retur...

Page 469: ...s control flow detection Use to clear the active state for suspicious control detection If you do not specify a slot or interface clears all suspicious flows If you specify a slot clears all specified...

Page 470: ...spicious flow changes to the nonsuspicious state Low threshold is the rate in packets per second at which a suspicious flow becomes no longer suspicious When set to zero a suspicious flow cannot chang...

Page 471: ...false negatives total Total number of flows monitored that have not become suspicious exceeded their threshold Number of false negatives current Current number of flows monitored that have not become...

Page 472: ...ation about suspicious flows You can specify the following keywords delta Displays statistics for the current baseline brief Displays only suspicious information slot Displays information for the spec...

Page 473: ...Frame Relay Inverse Arp OK 0 Pppoe Control OK 0 Pppoe Config Dynamic Interface Column OK 0 Creation Ethernet ARP Miss OK 0 Ethernet ARP OK 0 Ethernet LACP packet OK 0 Ethernet Dynamic Interface Column...

Page 474: ...n Priority State Transitions Hi Green IC OK 0 Hi Yellow IC OK 0 Lo Green IC OK 0 Lo Yellow IC OK 1 Hi Green SC OK 0 Hi Yellow SC OK 0 Lo Green SC OK 0 Lo Yellow SC OK 0 See show suspicious control flo...

Page 475: ...Multicast DHCP SC 512 256 300 IP Multicast Control SC 2048 1024 300 IP Multicast Control IC 512 256 300 IP Multicast VRRP 512 256 300 IP Mulitcast Cache Miss 128 64 300 IP Multicast Cache Miss Auto R...

Page 476: ...you to map a protocol to a maximum rate limit This rate limit applies to all packets for a particular protocol for interfaces belonging to this particular DoS protection group on a line module By hav...

Page 477: ...on configurable aspect of the default DoS protection group The DoS protection group is a configurable parameter for all Layer 2 and IP interfaces Similar to other configurable interface parameters the...

Page 478: ...eTbl Frame Relay LMI packets frameRelayControl Frame Relay inverse ARP packets frameRelayArp IPSec transport mode L2TP control packets itmL2tpControl MPLS TTL expired on ingress mplsTtlOnRx MPLS TTL e...

Page 479: ...ets destined for the IC not broadcast ipLocalDhcpIc IP DHCP packets destined for the SC broadcast and IC not enabled ipLocalDhcpSc IP fragments not classifiable ipLocalFrag IP ICMP echo request and re...

Page 480: ...castControlSc IP Multicast DHCP destined for SC ipMulticastDhcpSc IP VRRP packets ipMulticastVrrp IP Multicast on wrong interface ipMulticastWrongIf IPv6 Neighbor Discovery ipNeighborDiscovery IPv6 Ne...

Page 481: ...4 100 100 HI green N Atm Control ILMI IC 2048 1024 100 100 HI green Y Atm OAM IC 512 512 100 100 LO green N Atm Dynamic Interfac IC 1024 512 100 100 HI yellow N e Column Creation Atm Inverse ARP IC 25...

Page 482: ...tion group Use to attach an Ethernet DoS protection group to an interface Example host1 config if ethernet dos protection group group1 Use the no version to remove the attachment of the DoS protection...

Page 483: ...Use to attach an IPv6 DoS protection group to an interface Example host1 config if ipv6 dos protection group group1 Use the no version to remove the attachment of the DoS protection group from the in...

Page 484: ...mum rate limits for port compression Allows an oversubscription of the priority rate because all protocols within a priority are not generally used simultaneously Example host1 config dos protection p...

Page 485: ...sociated default group See protocol priority protocol rate Use to map a protocol to a maximum rate limit The rate limit applies to all packets of the protocol for interfaces belonging to the DoS prote...

Page 486: ...than the priority rate For each priority there is a separate rate for each DoS protection group Example host1 config dos protection protocol IpLocalDhcpIc weight 100 Use the no version to set the wei...

Page 487: ...brief keyword displays a list of references interfaces and templates to the DoS protection group When modified appears next to the name of the DoS protection group the group or protocol within the gr...

Page 488: ...Copyright 2010 Juniper Networks Inc 458 JunosE 11 3 x System Basics Configuration Guide...

Page 489: ...on about the modules supported on E Series routers See the ERX Module Guide for modules supported on ERX7xx models ERX14xx models and the ERX310 Broadband Services Router See the E120 and E320 Module...

Page 490: ...can also add comments outside the control expressions by prefacing the comment with an exclamation point The CLI displays these comments if you use the test or verbose keywords with the macro command...

Page 491: ...rned value is a string not a number if you want to use this value for a subsequent numeric operation you must first convert it to a number with the env atoi string command env argv n Returns the name...

Page 492: ...e next line of the capture buffer Each call gets the next line of the capture buffer The command returns the first line the first time it is called after a capture start env startCommandResults It res...

Page 493: ...cter string or number The global variable is retrieved with the following syntax value env getVar name The name is a quoted string and the value is the value stored by an earlier env setVar A macro ca...

Page 494: ...sages are output to the CLI session Macro c in file bench mac starting execution Id 25 Macro c in file bench mac ending execution Id 25 Accurate Use of Error Status When Accessed Ourside of onError Ma...

Page 495: ...iteral Place single or double quotation marks around a string to identify it as a string literal You can specify special characters within a literal string by prefacing them with a backslash as follow...

Page 496: ...to strings before joining Combine Evaluates as true returns a 1 if the element to the left of the operator is less than the expression to the right of the operator otherwise the result is false 0 Les...

Page 497: ...ds and operators to achieve results different from simple precedence effectively has the highest precedence Miscellaneous Provides access to environment commands see Table 51 on page 461 Provides acce...

Page 498: ...alue of a local variable The expression to the right of the operator is evaluated and then the result is assigned to the local variable to the left of the operator The expression to the right of the o...

Page 499: ...ubstring operator you must specify the source string an offset value and a count value You can specify the string directly or you can specify a local variable that contains the string The offset value...

Page 500: ...t of the operation is a 1 if the operation is true and 0 if the operation is false For the logical AND the result of the operation is true 1 if the values of the expressions to the left and right of t...

Page 501: ...1 The result is 1 5 2 1 The result is 0 Results of control expressions are written to the output stream when the expression consists of the following A single local variable A single literal element A...

Page 502: ...elseif expressions are present then the else expression group if present is executed 4 This evaluation process continues until an expression evaluates to nonzero If there is no nonzero evaluation the...

Page 503: ...pression This optional expression is evaluated after each execution of the while expression group You can include if structures within a while structure You can also include special control expression...

Page 504: ...g the env atoi string command Example The following macro saved as m mac uses values specified in a CLI command to compute the final result m left right third multi left right multiFinal multi third s...

Page 505: ...e macro as shown in this example macroName count total Additional parameters can be passed as well Parameters can be local variables environmental variables literals or operations The invoking macro p...

Page 506: ...o The output of callAnotherMacro looks like this host1 macro verbose macro1 mac callAnotherMacro host1 Macro callAnotherMacro in the file macro1 mac starting execution Id 55 macro macro2 mac macroName...

Page 507: ...macro the only appropriate place from which to execute these commands is from an onError macro Logging Macro Results You can use the env setResult command to set parameters within a macro to display...

Page 508: ...on error NOTICE 01 07 2006 09 46 57 macroData Id 402 commandError is interface fastEthernet 500 NOTICE 01 07 2006 09 46 57 macroData Id 402 commandErrorStatus is Command execution error NOTICE 01 07 2...

Page 509: ...tus result entry in the macroData log file For this example the runStatus value of 500 indicates that the macro ended early host1 config show log data category macroData severity debug NOTICE 01 07 20...

Page 510: ...entry in the macroData log file For this example the log output indicates the command error and displays the following to indicate that the macro ended early runStatus is after foo host1 show log data...

Page 511: ...05 12 39 10 macroData Id 407 commandError is foo NOTICE 05 27 2005 12 39 10 macroData Id 407 commandErrorStatus is macro not found NOTICE 05 27 2005 12 39 10 macroData Id 407 runStatus is start NOTICE...

Page 512: ...le confatm mac and runs the macro named confatm contained within the file host1 config macro name confatm You must specify a macro filename for remotely stored macro files as in the following example...

Page 513: ...rting and ending comments vary for a remote macro host1 config Macro atmOverDs3 in the file atmOverDs3 mac starting execution Id 103 host1 config controller t3 9 1 host1 config no shut host1 config cl...

Page 514: ...eduled macros is 100 In Global Configuration mode the setting persists on reboot but in Privileged Exec mode it does not persist on reboot After unified ISSU is started scheduled macros dol not run Ma...

Page 515: ...ost1 show schedule macro john mac john mac getuptime started at 2007 02 14 14 26 39 When you show the running configuration joe mac is the only one reported because the other macros were scheduled in...

Page 516: ...essfully NOTICE 02 14 2007 14 35 01 macroScheduler Id 3 operation is 7 6 5 NOTICE 02 14 2007 14 35 01 macroScheduler Id 3 theResult is 210 After the macro is executed it is no longer in the list of sc...

Page 517: ...ac File in use The macro macro b mac runs every 60 minutes NOTICE 02 14 2007 14 47 47 macroScheduler macro b mac started with ID 5 NOTICE 02 14 2007 14 47 49 macroScheduler macro b mac with ID 5 ran s...

Page 518: ...res Frame Relay encapsulation on serial interfaces called by other macros cx1Encap Configures Frame Relay circuits on the subinterfaces called by other macros cx1FrCir The following examples list the...

Page 519: ...proto fr proto frame relay ietf endif tmpl cx1Encap ifCount slot port proto endtmpl ds1FrCir if env argc 0 This macro configures Frame Relay circuits on Cx1 subinterfaces This macro must be called wi...

Page 520: ...oller type param 1 ifCount env atoi param 2 slot param 3 port env atoi param 4 clock param 5 framing param 6 coding param 7 while ifCount 0 controller type slot port n if framing unframed unframed els...

Page 521: ...ing ATM Interfaces This sample macro configures ATM interfaces based on the inputs you provide when prompted by the macro atmIf slotPort env getline slot port while vcType 1 vcType 2 vcTypeStr env get...

Page 522: ...red loopback loopbackStr n endif endwhile endwhile if encapType encapPPP authNone 1 authPap 2 authChap 3 authPapChap 4 authChapPap 5 while authType authNone authType authChapPap authTypeStr env getlin...

Page 523: ...seif authType authChap ppp authentication chap endif elseif encapType encapBridged encap bridged1483 endif if loopbackStr ip unnumbered loopback loopbackStr n endif endwhile endwhile endtmpl 493 Copyr...

Page 524: ...Copyright 2010 Juniper Networks Inc 494 JunosE 11 3 x System Basics Configuration Guide...

Page 525: ...pported on E Series routers See the ERX Module Guide for modules supported on ERX7xx models ERX14xx models and the ERX310 Broadband Services Router See the E120 and E320 Module Guide for modules suppo...

Page 526: ...n E Series router When the GE 2 line module is booting and it detects that it supports the software release on the SRP module the line module boots successfully with that software release However if t...

Page 527: ...scr Configuring this option causes the system to ignore only at the next reboot an autocfg scr file that you may also have configured If you specify a cnf file upon the next reboot the system resets t...

Page 528: ...use the normal release configuration do either of the following Delete the reboot history file after issuing the no boot force backup command Do not configure a backup release or configuration file U...

Page 529: ...oot subsystem Use to configure the software release the selected subsystem will use the next time it reboots This command does not reboot the subsystem Example 1 host1 config boot subsystem ct3 rel_1_...

Page 530: ...onfiguration update process resumes immediately following the reboot and completes before any application accesses its configuration data For more information about stateful line module switchover see...

Page 531: ...ries router cannot guarantee that the SRP modules were synchronized In this situation you must do either of the following to reload the router Issue the reload command with the force keyword Issue the...

Page 532: ...er of the primary SRP module the procedure will fail if the system is updating the boot prom In this case the system will display a message that indicates that the procedure cannot currently be perfor...

Page 533: ...ackground operation saving the configuration changes to NVS If the SRP module resets during the script or macro execution the system boots as though the script were never started because no NVS files...

Page 534: ...hardware Field descriptions slot Physical slot that contains the module type Type of module serial number Serial number of the module assembly number Part number of the module assembly rev Hardware r...

Page 535: ...ed reload or error caused reset Example host1 show last reset last reset power cycle See show last reset show reload Use to display the system s reload status Example host1 show reload reload schedule...

Page 536: ...Ge enabled erx_7 1 0 rel 25d03h 28m 49s 2 3 4 online CT3 12 enabled erx_7 1 0 rel 25d03h 24m 46s 5 online OC3 4A APS enabled erx_7 1 0 rel 25d03h 24m 22s 6 online GE enabled erx_7 1 0 rel 25d03h 24m 4...

Page 537: ...atically by configuring it as a Network Time Protocol NTP client NTP provides a method of synchronizing the system clocks of hosts on the Internet to Universal Coordinated Time UTC Using NTP allows th...

Page 538: ...Figure 27 on page 508 shows an example of an NTP hierarchy Figure 27 Example of an NTP Hierarchy System Operation as an NTP Client To synchronize to the clock of a server the system must receive time...

Page 539: ...message advising you to check the time zone and clock settings If the offset is less than 15 minutes the system sets its clock to that of the best server 4 Provided the system has not disabled NTP it...

Page 540: ...NTP server the system effectively synchronizes its clients to its master s clock If the system is configured as an NTP server but not an NTP client the system synchronizes its clients to its own cloc...

Page 541: ...owing steps 1 Set the time zone 2 Set the summer time dates 3 Set the time 4 Check the clock settings clock set Use to set the time and date on your system manually Use the following syntax for settin...

Page 542: ...e default setting See clock timezone show clock Use to display the system time and the date Example 1 Shows time source value when clock is manually configured host1 show clock detail TUE JAN 23 2007...

Page 543: ...re NTP client parameters to start NTP client operation You can also configure the system as an NTP server whether or not you configure NTP client parameters Enabling NTP Services Before you can config...

Page 544: ...cast client Use to enable the system to receive NTP broadcasts on an interface Example host1 config if ntp broadcast client Use the no version to prevent the system from receiving NTP broadcasts See n...

Page 545: ...NTP request originated You can now direct responses from all NTP servers to one interface on the system or direct responses from a specific NTP server to a specific interface ntp source Use to direct...

Page 546: ...from specified servers Only receive NTP control queries from specified servers Example host1 config line ntp access group peer europe Use the no version to enable the system to receive all NTP broadca...

Page 547: ...rt stratum 1 service The system can synchronize only with an NTP server and not directly with an atomic clock or radio clock Specify a stratum number for the system in the range 1 15 A stratum n serve...

Page 548: ...6 5 1 host1 boston config interface fastethernet 9 3 host1 boston config if ntp broadcast 4 5 NOTE In Example 3 the router that acts as the NTP broadcast server must either synchronize to another serv...

Page 549: ...m reaches one server less often than it does other servers that server is not a good choice for the master Precision Length of the clock tick interrupt interval of server s clock Delay Round trip dela...

Page 550: ...the errors associated with the network hops and servers between the server and its stratum 1 server Sync Dist Measure of the total time error since the update in the path to the stratum 1 server Peer...

Page 551: ...Dispersion 0 189056 sec Sync Dist 0 229679 sec Peer Delay 0 000016 sec Dispersion 0 009665 sec Offset 0 050714 sec Reachability 11111110 Precision 0 000000 sec Source Interface default transmit inter...

Page 552: ...e of time zone Timezone Offset Time difference between the time zone and UTC in hours minutes Access List Identities of access lists of servers from which the system does not accept broadcasts Server...

Page 553: ...dmin State NTP Enabled Virtual Router Name default Broadcast Delay 3000 microseconds Client Mode True Master Mode False Stratum No Unspecified Summer Time False Summer Timezone Name Timezone Name UTC...

Page 554: ...Copyright 2010 Juniper Networks Inc 524 JunosE 11 3 x System Basics Configuration Guide...

Page 555: ...sale customers corporate virtual private network VPN users or a specific traffic type Default Virtual Router When you first boot your router it creates a default virtual router The only difference bet...

Page 556: ...f the tunnel used between sites Your router supports VPNs consisting of VRs or VRFs See RFC 2547 BGP MPLS VPNs March 1999 Additionally your router supports tunnels built from GRE IPSec L2TP MPLS and t...

Page 557: ...r tasks There are different uses of the virtual router command You can create or access VRs and VRFs in Global Configuration mode or map a VR to a domain map in Domain Map Configuration mode After you...

Page 558: ...pying a subsystem from the release exit Exit from the current command mode ftp server Configure FTP Server characteristics help Describe the interactive help system host Add modify an entry to the hos...

Page 559: ...y protocol EGP to learn routes from a customer edge CE device See the related routing protocol chapters for detailed information Example 1 VR with an IGP host1 config virtual router miami host1 miami...

Page 560: ...elnet listen virtual router From Global Configuration mode use this command to create a virtual router or access the context of a previously created virtual router or a VRF From Domain Map Configurati...

Page 561: ...ak out of the wait period early See virtual router Monitoring Virtual Routers Use the show virtual router the show configuration virtual router and show aaa domain map commands to display virtual rout...

Page 562: ...m com host f 10 10 0 129 ftp anonymous null interface null 0 interface fastEthernet 0 0 ip address 192 168 1 155 255 255 255 0 ip route 0 0 0 0 0 0 0 0 192 168 1 1 no ip multicast routing mpls rsvp pr...

Page 563: ...etail keyword to display the status of the routing protocols configured for each virtual router Use the summary keyword with the detail keyword to display the number of VRF instances for each virtual...

Page 564: ...is Present Ospf Present Pim Present Rip Not Present Igmp Not Present Mld Not Present Dvmrp Not Present Example 3 host1 show virual router summary detail Virtual Router default VRF Count 0 Virtual Rout...

Page 565: ...PART 2 Reference Material Abbreviations and Acronyms on page 537 References on page 559 535 Copyright 2010 Juniper Networks Inc...

Page 566: ...Copyright 2010 Juniper Networks Inc 536 JunosE 11 3 x System Basics Configuration Guide...

Page 567: ...ccess concentrator AC Async Control Character Map ACCM asymmetric digital subscriber line ADSL ATM end system address AESA assured forwarding AF authority and format identifier AFI authentication head...

Page 568: ...ATM attribute value pair AVP B backup designated router backup DR backward explicit congestion notification BECN bit error rate BER bit error rate test BERT Bidirectional Forwarding Detection protoco...

Page 569: ...edge device CE Challenge Handshake Authentication Protocol CHAP classless interdomain routing CIDR International Special Committee on Radio Interference CISPR classifier control list CLACL competitive...

Page 570: ...data unit CSNP channel service unit CSU channelized T1 T3 CT1 CT3 computer telephony integration CTI clear to send CTS connection traffic table CTT agreement between Underwriter Laboratories and Canad...

Page 571: ...able System Interface Specifications DOCSIS denial of service DoS dead peer detection DPD designated router DR digital signal DiffServ DS dual stack Border Gateway Protocol DS BGP dynamic subscriber i...

Page 572: ...ion Control Protocol ECP electrically erasable programmable read only memory EEPROM expedited forwarding EF egress forwarding ASIC EFA exterior gateway protocol EGP EXP inferred PSC LSP E LSP European...

Page 573: ...FERF frame forwarding ASIC FFA forwarding information base FIB first in first out FIFO finish bit FIN field programmable gate array FPGA fully qualified domain name FQDN field replaceable unit FRU fin...

Page 574: ...y IANA Inter Access Point Protocol IAPP internal Border Gateway Protocol IBGP Industry Canada Communications Section IC CS International Code Designator ICD Internet Control Message Protocol ICMP inco...

Page 575: ...s Transfer Mode IPoA Internet Protocol Security IPSec ICMP Router Discovery Protocol IRDP Internet Security Association and Key Management Protocol ISAKMP Integrated Services Digital Network ISDN Inte...

Page 576: ...ess Protocol LDAP Label Distribution Protocol LDP light emitting diode LED label edge router LER label information base LIB Link Integrity Protocol LIP logical link control LLC label only inferred PSC...

Page 577: ...gest 5 MD5 maintenance data link MDL Message Digest x hash algorithm MDx multiple exit discriminator MED multicast group table manager MGTM Management Information Base MIB Multilink Frame Relay MLFR M...

Page 578: ...Translation NAPT network access server NAS Network Address Translation NAT nonbroadcast multiaccess NBMA Network Control Protocol NCP Neighbor Discovery ND Network Equipment Building System NEBS netwo...

Page 579: ...und route filter outbound route filtering ORF Open Systems Interconnection OSI OSI Internet Link Control Protocol OSI Network Layer Control Protocol OSINLCP Open Shortest Path First OSPF operations su...

Page 580: ...mation Base PIB Protocol Independent Multicast power input module PIM Protocol Independent Multicast dense mode PIM DM Protocol Independent Multicast sparse dense mode PIM S DM Protocol Independent Mu...

Page 581: ...QoS R Remote Authentication Dial In User Service RADIUS route distinguisher RD relational database system RDBS remote defect indication RDI random early detection RED remote error indication REI reser...

Page 582: ...ifier SAFI segmentation and reassembly SAR system controller SC Start Control Connection Request SCCRQ Simple Certificate Enrollment Protocol SCEP sustained cell rate SCR small computer system interfa...

Page 583: ...k Access Protocol subnetwork attachment point SNAP SMDS network interface SNI Simple Network Management Protocol SNMP subnet point of attachment SNPA Simple Network Time Protocol SNTP small outline du...

Page 584: ...TAC Terminal Access Controller Access Control System TACACS transmission convergence TC Transmission Control Protocol TCP traffic engineering TE Trivial File Transfer Protocol TFTP terminal interface...

Page 585: ...ocator URL user based security model USM Coordinated Universal Time UTC V volts alternating current VAC variable bit rate VBR variable bit rate non real time VBR NRT variable bit rate real time VBR RT...

Page 586: ...l Router Redundancy Protocol VRRP vendor specific attribute RADIUS VSA virtual tributary VT VPN Tunnel Server VTS virtual terminal vty W wide area network WAN wireless access point WAP Wired Equivalen...

Page 587: ...ation or Acronym X combined term used to refer to ADSL HDSL SDSL and VDSL xDSL 10 gigabit small form factor pluggable transceiver XFP 557 Copyright 2010 Juniper Networks Inc Appendix A Abbreviations a...

Page 588: ...Copyright 2010 Juniper Networks Inc 558 JunosE 11 3 x System Basics Configuration Guide...

Page 589: ...AS Number Space May 2007 MPLS RFC4816 PseudowireEmulationEdge to Edge PWE3 Asynchronous Transfer Mode ATM Transparent Cell Transport Service February 2007 MPLS RFC 4875 Extensions to Resource Reservat...

Page 590: ...ediate System IS IS July 2004 IS IS RFC 3784 Intermediate System to Intermediate System IS IS Extensions for Traffic Engineering TE June 2004 VRRP RFC 3768 Virtual Router Redundancy Protocol VRRP Apri...

Page 591: ...anism for Label Distribution Protocol February 2003 MPLS RFC 3473 Generalized Multi Protocol Label Switching GMPLS Signaling Resource ReserVation Protocol Traffic Engineering RSVP TE Extensions Januar...

Page 592: ...ternet Group Management Protocol October 2002 IS IS RFC 3373 Three Way Handshake for Intermediate System to Intermediate System IS IS Point to Point Adjacencies September 2002 Mobile IP RFC 3344 IP Mo...

Page 593: ...ning Information SPPI August 2001 L2TP RFC 3145 L2TP Disconnect Cause Information July 2001 MPLS RFC 3140 Per Hop Behavior Identification Codes June 2001 BGP MPLS VPNs RFC 3107 Carrying Label Informat...

Page 594: ...r 2000 Event Mgr RFC 2981 Event MIB October 2000 IS IS RFC 2973 IS IS Mesh Groups October 2000 IS IS RFC 2966 Domain wide Prefix Distribution with Two Level IS IS October 2000 MPLS RFC 2961 RSVP Refre...

Page 595: ...392 Capabilities Advertisement with BGP 4 November 2002 MPLS Policy Management QoS RFC 2836 Per Hop Behavior Identification Codes May 2000 BGP RFC 2796 BGP Route Reflection An Alternative to Full Mesh...

Page 596: ...tember 1999 Ethernet SNMP RFC 2668 Definitions of Managed Objects for IEEE 802 3 Medium Attachment Units MAUs August 1999 SNMP IP tunnels RFC 2667 IP Tunnel MIB August 1999 Ethernet SNMP RFC 2665 Defi...

Page 597: ...Management February 1999 SNMP RFC 2513 Managed Objects for Controlling the Collection and Storage of Accounting Information for Connection Oriented Networks February 1999 SNMP cOCx STMx CT3 E3 and T3...

Page 598: ...Certificate and CRL Profile January 1999 RIP RFC 2453 RIP Version 2 November 1998 BGP RFC 2439 BGP Route Flap Damping November 1998 Frame Relay RFC 2427 Multiprotocol Interconnect over Frame Relay Sep...

Page 599: ...Version 2 April 1998 System management RFC 2308 Negative Caching of DNS Queries DNS NCACHE March 1998 RADIUS RFC2284 PPPExtensibleAuthenticationProtocol EAP March1998 BGP RFC 2270 Using a Dedicated AS...

Page 600: ...rol Protocol using SMIv2 November 1996 SNMP RFC 2011 SNMPv2 Management Information Base for the Internet Protocol using SMIv2 November 1996 Mobile IP RFC 2006 The Definitions of Managed Objects for IP...

Page 601: ...IP OSPF Interaction December 1994 RIP RFC 1724 RIP Version 2 MIB Extension November 1994 IP tunnels RFC 1702 Generic Routing Encapsulation over IPv4 Networks October 1994 IP tunnels RFC 1701 Generic R...

Page 602: ...nd E1 Interface Types January 1993 TFTP System management RFC 1350 Trivial File Transfer Protocol TFTP Revision 2 July 1992 PPP RFC 1332 The PPP Internet Protocol Control Protocol IPCP May 1992 NTP RF...

Page 603: ...m management RFC 959 File Transfer Protocol FTP October 1985 IP RFC 950 Internet Standard Subnetting Procedure August 1985 IP RFC 922 Broadcasting Internet Datagrams in the Presence of Subnets October...

Page 604: ...ration BGP MPLS VPNs BGP MPLS VPN extension for IPv6 VPN draft ietf l3vpn bgp ipv6 03 txt December 2004 expiration BFD Bidirectional Forwarding Detection draft ietf bfd base 00 txt January 2005 expira...

Page 605: ...2000 expiration IS IS Extended Ethernet Frame Size Support draft ietf isis ext eth 01 txt November 2001 expiration PPPoE Extensions to a Method for Transmitting PPP over Ethernet PPPoE draft carrel in...

Page 606: ...in MPLS BGP IP VPNs draft rosen vpn mcast 08 txt June 2005 expiration L2TP over IPSec Negotiation of NAT Traversal in the IKE draft ietf ipsec nat t ike 08 txt July 2004 expiration IS IS Point to poin...

Page 607: ...ries Non RFC Software Standards Protocol or Feature Reference MDL T3 interfaces ANSIT1 107a 1990StandardforTelecommunications DigitalHierarchy Supplement to Formats Specification August 1990 FDL T1 in...

Page 608: ...DLC protocol Frame Relay Frame Relay Forum Frame Relay Fragmentation Implementation Agreement FRF 12 December 1997 Frame Relay Frame Relay Forum User to Network Implementation Agreement UNI FRF 1 1 Ja...

Page 609: ...e primary rate and above October 1992 BERT Patterns ITU O 153 Basic parameters for the measurement of error performance at bit rates below the primary rate October 1992 ATM ITU T Draft Recommendation...

Page 610: ...nd ISDN Physical Layer Specification for User Network Interfaces Including DS1 ATM 1997 Safety AS NZS 3260 1993 Safety of Information Technology Equipment Including Electrical Business Equipment EMC A...

Page 611: ...omagnetic Compatibility and Electrical Safety Generic Criteria for Network Telecommunications Equipment Issue 2 Revision 1 February 1999 Safety IEC 825 1 Safety of Laser Products Part 1 Safety IEC 609...

Page 612: ...ture Reference Safety UL 60950 3rd Edition Safety of Information Technology Equipment EMC VCCI Voluntary Control Council for Interference by Information Technology Equipment Copyright 2010 Juniper Net...

Page 613: ...PART 3 Index Index on page 585 583 Copyright 2010 Juniper Networks Inc...

Page 614: ...Copyright 2010 Juniper Networks Inc 584 JunosE 11 3 x System Basics Configuration Guide...

Page 615: ...ist command 420 516 adapter commands adapter accept 356 adapter disable 348 adapter enable 348 adapter erase 356 Address Family Configuration mode 66 82 address family ipv4 command 82 address family v...

Page 616: ...g to MIBs and CLI 212 monitoring collection statistics 189 schema statistics 224 bulkstats commands 189 bulkstats collector 168 189 bulkstats collector collect mode 189 bulkstats collector description...

Page 617: ...nfigure command 81 configuring See specific feature or protocol confirmations explicit command 43 console monitoring settings 274 password 410 restricting login 271 setting speed 269 console lines cle...

Page 618: ...6 priority burst 446 priority over subscription factor 446 priority rate 446 protocol burst 446 protocol drop probability 446 protocol priority 446 protocol rate 446 protocol skip priority rate limite...

Page 619: ...nd to prevent corruption 364 installing 364 managing 364 monitoring 370 primary 364 rebooting and configuration data 364 rebooting in response to corrupt sectors 364 replacing 364 scanning physical er...

Page 620: ...ting 356 IOAs disabling 348 enabling 348 erasing configurations 356 replacing 355 IP access list SNMP 149 IP addresses assigning 119 124 128 configuring 119 ip commands ip atm vc 81 ip dhcp local pool...

Page 621: ...ation mode 72 97 line module configurations deleting 357 358 line modules allowed combinations 360 363 bandwidth 360 combinations 359 360 disabling 346 enabling 347 erasing configurations 357 358 init...

Page 622: ...ies enterprise 138 standard SNMP 138 modules disabling 346 E Series managing 341 E120 and E320 Broadband Services Routers 342 enabling 346 monitoring 398 replacing 350 monitor See terminal more comman...

Page 623: ...tp broadcast client 513 ntp broadcast delay 513 ntp disable 513 ntp enable 513 ntp master 516 ntp server 513 ntp server enable 516 ntp source 513 See also show ntp commands NTP control queries 516 NTP...

Page 624: ...ds 49 changing command privileges 49 command exceptions 49 defining CLI 46 keyword mapping 49 password encryption 404 setting default line 56 multiple commands 56 no or default versions 49 SNMP 149 vi...

Page 625: ...See RADIUS remote host command 95 Remote Neighbor Configuration mode 75 107 remote neighbor command 107 rename command 280 renaming files 280 replies NTP 513 reset button software 410 resetting while...

Page 626: ...4 show output filtering feature 531 show policy list 436 show redirecting output 38 show configuration commands 256 show configuration 323 422 show configuration category 254 show configuration interf...

Page 627: ...oring status 228 229 multiple virtual routers 143 228 operations 143 packet mirroring 139 packet size setting 151 PDU 143 proxy creating 143 RFC 1213 compatibility 153 schema configuring 203 monitorin...

Page 628: ...ion algorithms 3des cbc 422 blowfish cbc 422 twofish cbc 422 encryption configuring 422 generating host keys 422 host key management 422 key exchange 421 message authentication configuring 422 hmac md...

Page 629: ...monitoring 322 passwords 403 patching with hotfixes 378 physical slots rebooting 500 RADIUS password authentication 421 software reset button 410 system configuration files 277 system name 240 TFTP c...

Page 630: ...iguration mode 78 113 Tunnel Profile Configuration mode 78 114 Tunnel Server Configuration mode 78 114 tunnel server command 114 tunnels IP 22 twofish cbc encryption algorithm for SSH 422 U Universal...

Page 631: ...Router Redundancy Protocol 24 VSAs vendor specific attributes levels of CLI access 431 restricting access to virtual routers 432 vty lines clearing 248 configuring 246 managing 246 monitoring 246 user...

Page 632: ...Copyright 2010 Juniper Networks Inc 602 JunosE 11 3 x System Basics Configuration Guide...

Reviews:

No comments

Related manuals for JUNOSE 11.3

Lazett Combo SCX-4116

Brand: Samsung Pages: 165

ML 1630 - B/W Laser Printer

Brand: Samsung Pages: 18

Brand: Samsung Pages: 11

Mobility Services Platform 3.3.1

Brand: Motorola Pages: 28

IDEN COMPANIONPRO

Brand: Motorola Pages: 94

AIR-CB21AG-A-K9

Brand: Motorola Pages: 15

Brand: Motorola Pages: 43

Brand: Motorola Pages: 33

FREESCALE SEMICONDUCTOR M68EZ328ADS

Brand: Motorola Pages: 65

Mobility Services Platform 3.2

Brand: Motorola Pages: 68

IDEN WIRELESS DATA SERVICES

Brand: Motorola Pages: 116

Mobility Services Platform 3.2.1

Brand: Motorola Pages: 72

mobile PhoneTools

Brand: Motorola Pages: 12

Brand: Seagate Pages: 1

CODESOFT Sentinel Print Pack

Brand: Techniques Avancees Pages: 50

DuraStor 6220SS

Brand: Adaptec Pages: 133

Brand: Adaptec Pages: 174

Brand: GRASS VALLEY Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands