Juniper JUNOSe 11.1 Скачать руководство пользователя | Manualshive

Страница: 461 / 640

background image

■

Use to allow privilege determination to be authenticated through the
or RADIUS server. This command specifies a list of authentication methods that
are used to determine whether a user is granted access to the privilege command
level.

■

The authentication methods that you can use in a list include these options:

radius

,

line

,

,

none

, and

enable

.

■

To specify that the authentication should succeed even if all methods return an
error, specify

none

as the final method in the command line.

■

Requests sent to a or RADIUS server include the username that is
entered for login authentication.

■

If the authentication method list is empty, the local

enable

password is used.

■

Example

host1(config)#

aaa authentication enable default radius

■

Use the

no

version to empty the list.

■

See aaa authentication enable default.

aaa authentication login

■

Use to set AAA authentication at login. This command creates a list that specifies
the methods of authentication.

■

After you have specified

aaa new-model

as the authentication method for vty

lines, an authentication list called default is automatically assigned to the vty
lines. To allow users to access the vty lines, you must create an authentication
list and either:

■

Name the list default.

■

Assign a different name to the authentication list, and assign the new list to
the vty line using the

login authentication

command.

■

The authentication methods that you can use in a list include these options:

radius

,

line

,

,

none

, and

enable

.

■

The system traverses the list of authentication methods to determine whether
a user is allowed to start a Telnet session. If a specific method is available but
the user information is not valid (such as an incorrect password), the system
does not continue to traverse the list and denies the user a session.

■

If a specific method is unavailable, the system continues to traverse the list. For
example, if

is the first authentication type element on the list and the

server is unreachable, the system attempts to authenticate with the
next authentication type on the list, such as

radius

.

■

The system assumes an implicit denial of service if it reaches the end of the
authentication list without finding an available method.

■

Example

host1(config)#

aaa authentication login my_auth_list radius line none

Vty Line Authentication and Authorization

■

431

Chapter 7: Passwords and Security

«
...
459
460
461
462
463
...
»

Содержание JUNOSe 11.1

Страница 1: ...or E Series Broadband Services Routers System Basics Configuration Guide Release 11 1 x Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale California 94089 USA 408 745 2000 www juniper net Publ...

Страница 2: ...33 650 6 359 479 6 406 312 6 429 706 6 459 579 6 493 347 6 538 518 6 538 899 6 552 918 6 567 902 6 578 186 and 6 590 785 JUNOSe Software for E Series Broadband Services Routers System Basics Configura...

Страница 3: ...alms devices links ports or transactions or require the purchase of separate licenses to use particular features functionalities services applications operations or capabilities or provide throughput...

Страница 4: ...n connection with such withholding taxes by promptly providing Juniper with valid tax receipts and other required documentation showing Customer s payment of any withholding taxes completing appropria...

Страница 5: ...nted to in writing by the party to be charged If any portion of this Agreement is held invalid the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement T...

Страница 6: ...vi...

Страница 7: ...P 147 Chapter 5 Managing the System 251 Chapter 6 Managing Modules 355 Chapter 7 Passwords and Security 417 Chapter 8 Writing CLI Macros 473 Chapter 9 Booting the System 509 Chapter 10 Configuring the...

Страница 8: ...viii JUNOSe 11 1 x System Basics Configuration Guide...

Страница 9: ...erview 4 Private Line Aggregation 4 xDSL Session Termination 5 Layered Approach 6 Line Modules I O Modules and IOAs 7 Interfaces 8 Subinterfaces 8 interface Command 9 General Configuration Tasks 9 Con...

Страница 10: ...mmand Modes 29 Command Line Prompts 31 Keywords and Parameters 31 Keywords 31 Parameters 32 Keywords and Parameters Together 32 Using CLI Commands 33 Abbreviated Commands 33 The Key 33 Backspace or De...

Страница 11: ...ged CLI Commands 63 Using Help 63 Question Mark Key 64 help Command 66 Partial keyword Tab 66 Using Command Line Editing 67 Basic Editing 67 Command Line Editing Keys 67 Command History Keys 68 Pagina...

Страница 12: ...7 Parent Group Configuration Mode 107 Policy List Configuration Mode 108 Policy List Parent Group Configuration Mode 108 Policy Parameter Configuration Mode 109 PPPoE Service Name Table Configuration...

Страница 13: ...n 131 Task 12 Reboot the System 131 Installing Software When a Firewall Does Not Exist 132 Installing Software in Normal Operational Mode 132 Task 1 Obtain the Required Information 133 Task 2 Divert N...

Страница 14: ...NMP Proxy 153 Disabling and Reenabling SNMP Proxy 154 Communicating with the SNMP Engine 154 SNMP Attributes 155 SNMP Operations 155 SNMP PDU Types 156 Platform Considerations 156 References 157 Befor...

Страница 15: ...Monitoring Collection Statistics 204 Understanding Schemas 215 If Stats Schema Objects 215 IGMP Schema Objects 217 Policy Schema Objects 217 QoS Schema Objects 218 Configuring Schemas 220 Mapping Bulk...

Страница 16: ...1 Setting the Console Speed 282 Configuring the Display Terminal 282 Specifying the Character Set 283 Configuring Login Conditions 284 Setting Time Limits for User Login 284 Setting Time Limits for Us...

Страница 17: ...for Customer Support 333 Managing and Monitoring Resources 335 Enabling and Disabling the Resource Threshold Monitor 335 Viewing Resource Threshold Information 335 Monitoring the System 337 Chapter 6...

Страница 18: ...tting the Primary Flash Card 387 Copying the Image on the Primary SRP Module 388 Scanning Flash Cards 389 Monitoring Flash Cards 391 Updating the Router with JUNOSe Hotfix Files 392 Hotfix Compatibili...

Страница 19: ...ncryption 439 Configuring User Authentication 440 Configuring Message Authentication 442 Enabling and Disabling SSH 443 Displaying SSH Status 444 Terminating an SSH Session 445 Restricting User Access...

Страница 20: ...rations 484 Logical Operations 484 Miscellaneous Operations 485 Conditional Execution 486 If Constructs 486 While Constructs 487 Passing Parameters in Macros 488 Generating Macro Output 489 Invoking O...

Страница 21: ...Manually 525 Before You Configure NTP 527 Choosing NTP Servers 527 NTP Configuration Tasks 527 Enabling NTP Services 527 NTP Client Configuration 528 Directing Responses from NTP Servers 529 Refusing...

Страница 22: ...ix A Abbreviations and Acronyms 553 Appendix B References 571 RFCs 571 Draft RFCs 584 Other Software Standards 587 Hardware Standards 590 Part 3 Index Index 595 xxii Table of Contents JUNOSe 11 1 x Sy...

Страница 23: ...the ATM Interface Design 19 Figure 14 Structure of ATM Protocol 20 Figure 15 ATM Interface Configuration Parameters 20 Figure 16 IP PPP Connections from the CPE on an E Series Router 21 Figure 17 Str...

Страница 24: ...xxiv List of Figures JUNOSe 11 1 x System Basics Configuration Guide...

Страница 25: ...a Firewall Does Not Exist 133 Table 14 Software Installation Procedure in Boot Mode 137 Table 15 Release Compatibility 142 Chapter 4 Configuring SNMP 147 Table 16 SNMP Terminology 148 Table 17 Relati...

Страница 26: ...SRP 10G Module in an ERX1410 Router 376 Table 43 Combinations of Line Modules for Line Rate Performance SRP 5G Module in an ERX705 Router 376 Table 44 Supported Line Modules 405 Chapter 7 Passwords a...

Страница 27: ...tion in the latest release notes differs from the information in the documentation follow the JUNOSe Release Notes To obtain the most current version of all Juniper Networks technical documentation se...

Страница 28: ...f 2 Routing Process OSPF 2 with Router ID 5 5 0 250 Router is an Area Border Router ABR Represents information as displayed on your terminal s screen Fixed width text like this There are two levels of...

Страница 29: ...from the Juniper Networks Web site athttp www juniper net Documentation Feedback We encourage you to provide feedback comments and suggestions so that we can improve the documentation to better meet...

Страница 30: ...se notes http www juniper net customers csc software Search technical bulletins for relevant hardware and software notifications https www juniper net alerts Join and participate in the Juniper Networ...

Страница 31: ...Software on page 125 Configuring SNMP on page 147 Managing the System on page 251 Managing Modules on page 355 Passwords and Security on page 417 Writing CLI Macros on page 473 Booting the System on p...

Страница 32: ...2 Chapters JUNOSe 11 1 x System Basics Configuration Guide...

Страница 33: ...ral Configuration Tasks on page 9 Configuring Virtual Routers on page 10 Configuring IPSec on page 10 Configuring Physical Layer Interfaces on page 10 Configuring Data Link Layer Interfaces on page 17...

Страница 34: ...nterface atm 5 0 0 For more information about supported interface types and specifiers on E Series routers see Interface Types and Specifiers in JUNOSe Command Reference Guide Edge Applications Overvi...

Страница 35: ...ination The router supports Broadband Remote Access Server B RAS applications as shown in Figure 2 on page 6 In this application the router handles the aggregated output from the digital subscriber li...

Страница 36: ...can also be used to keep the traffic logically separate and to direct packets to different destinations As shown in Figure 2 on page 6 the packets can be directed to a CLEC ISP corporate VPN or the In...

Страница 37: ...nd the ERX310 router most line modules pair with a corresponding I O module On the E120 and E320 routers a single line module pairs with all available IOAs I O modules and IOAs provide the input and o...

Страница 38: ...face layering must always be configured in order from the lowest layer to the highest layer For example if you have already configured IP to run over ATM and you want to reconfigure the interface to r...

Страница 39: ...mine how IPSec will be used to provide security 5 Determine routing information that defines all or part of the network 6 Create the virtual routers 7 Configure the interfaces and subinterfaces such a...

Страница 40: ...re communicating with the individual or organization that they believe they are communicating with Encryption makes data confidential by making it unreadable to everyone except the sender and intended...

Страница 41: ...protocols to enable B RAS services The router s DSx and E1 E3 implementations support termination statistics gathering alarm surveillance and performance monitoring These links can be used for either...

Страница 42: ...on enable disable Maximum receive unit MRU Maximum transmit unit MTU Statistics are also gathered per line module Configuring Channelized T3 Interfaces There12 T3 controllers available on each CT3 12...

Страница 43: ...1 2 1 host1 config controll t1 2 framing esf host1 config controll t1 2 lineCoding b8zs host1 config controll t1 2 1 timeslots 2 1 1 3 8 10 12 host1 config controll interface serial 0 1 2 1 Configurin...

Страница 44: ...es OC48 interfaces support IP Frame Relay and IP PPP over SONET but do not support ATM operation This interface support allows service providers to accept incoming optical connections or connect the r...

Страница 45: ...5 shows the configuration parameters for a sample T1 over DS3 interface configuration Figure 8 Parameters for T1 over DS3 Interface Configuration The following sample command sequence configures T1 ov...

Страница 46: ...e adds an IP interface over PPPoE to the same VLAN host1 config interface fastEthernet 2 0 1 2 host1 config if encapsulation pppoe host1 config if interface fastEthernet 2 0 1 2 1 host1 config if enca...

Страница 47: ...PPP Frame Relay is supported on the T3 and E3 modules With this interface the service provider can Receive traffic from subscribers that have CPE equipment such as routers with Frame Relay interfaces...

Страница 48: ...VCs in operation LMI specifies a polling mechanism to receive incremental and full status updates from the network The router can represent either side of the User to Network Interface UNI and support...

Страница 49: ...page 19 shows the structure of the ATM interface For ATM this can be SONET DS3 or E3 as supported by the different line modules The major ATM interface sits on top of the SONET DS3 E3 resource and the...

Страница 50: ...if interface atm 0 1 22 host1 config if atm pvc 22 100 10 aal5snap host1 config subif ip address 192 32 10 20 255 255 255 0 Configuring IP PPP The router supports IP PPP on the channelized T3 E1 and...

Страница 51: ...nterfaces are supported at the physical layer Figure 17 Structure of PPP Figure 18 on page 21 shows sample configuration parameters for PPP on a serial interface Figure 18 PPP Interface Configuration...

Страница 52: ...Structure of Cisco HDLC Protocol As shown in Figure 19 on page 22 the Cisco HDLC protocol can exist directly on top of the HDLC layer or ATM or SONET interface Both SONET and DSx Ex interfaces are su...

Страница 53: ...t traffic You can create multiple shared IP interfaces over the same layer 2 logical interface for example atm 5 3 101 enabling more than one IP interface to share the same logical resources This capa...

Страница 54: ...o all end systems located within them See JUNOSe IP IPv6 and IGP Configuration Guide for information about how to configure IS IS Border Gateway Protocol BGP BGP an external gateway protocol EGP provi...

Страница 55: ...r accepted by a router Route maps can use access lists to identify the set of routes to modify Distribution lists Control the routing information that is accepted or transmitted to peer routers Distri...

Страница 56: ...figuring policy management Configuring Remote Access The E Series router supports the following remote access functionality Broadband Remote Access Server B RAS This application runs on the router and...

Страница 57: ...vironments or environments that use bridged Ethernet over ATM because network operators can support one central system rather than an individual PPPoE client on each subscriber s computer See JUNOSe B...

Страница 58: ...28 Configuring Remote Access JUNOSe 11 1 x System Basics Configuration Guide...

Страница 59: ...ware network connectivity and the router hardware Managing your router using the CLI gives you access to thousands of commands The router s CLI uses an industry de facto standard look and feel which m...

Страница 60: ...on modes are shown Command modes are discussed in greater detail in the section Accessing Command Modes on page 69 See the JUNOSe Command Reference Guide to find related command modes for any command...

Страница 61: ...The keyword s must be typed into the CLI accurately for it to be recognized These are examples of keywords reload run router map class map list clear ip isis redistribution show vlan subinterface qos...

Страница 62: ...d parameters in the correct sequence you can begin using the CLI to configure and monitor your router For example you could specify the command hostname to change the name of your router by entering a...

Страница 63: ...ing to Prompts on page 46 Abbreviated Commands Remember you can abbreviate keywords to save time if you enter at least enough leading characters to uniquely identify the desired keyword For example ho...

Страница 64: ...ckspace or Delete Use either key to delete the character immediately preceding the cursor Enter Always use this key to execute the command you entered Tab Use this key to complete the current keyword...

Страница 65: ...m configuration commands that do not have a no version are indicated in the individual command description Because show commands are for the purpose of monitoring your configurations they do not have...

Страница 66: ...0 0 0 0 0 0 0 10 6 128 1 ip route 10 10 121 72 255 255 255 255 10 6 128 1 route map adsf permit 10 router dvmrp router igmp snmp server community private view everything rw snmp server contact Mary sn...

Страница 67: ...he text string For example if you enter include IP as the text string on which to filter the system ignores the space and displays lines that include words such as RIP Example 1 In the following examp...

Страница 68: ...pf intra area 110 distance ospf inter area 112 distance ospf external 114 Area 0 0 0 0 Trap Source not configured Note SNMP server not running host1 Example 2 In the following example the output displ...

Страница 69: ...ow NameResolverLog log verbosity low atm log verbosity low atm1483 log verbosity low atmAal5 log verbosity low bgpConnections log verbosity low bgpDampening host1 Example 3 In the following example th...

Страница 70: ...ring log fields timestamp instance no calling task timing select primary timing source primary internal timing source secondary internal timing source tertiary internal no atm aal5 snmp trap link stat...

Страница 71: ...Only one instance of a file can be open for file redirection An error message is generated if you attempt to redirect output to a file that is already open You cannot redirect output to a file that in...

Страница 72: ...thin brackets to specify a range of AS or community numbers hyphen Matches a a a comma a space a or a Placed on either side of a string to specify a literal and disallow substring matching Numerals en...

Страница 73: ...en is filled and the More prompt appears By entering the filter interf the user forces the system to filter out all output lines until the first occurrence of the string interf The system displays tha...

Страница 74: ...c 1999 2006 Juniper Networks Inc All rights reserved boot config running configuration boot system erx_7 3 0 rel boot config running configuration boot system 3 3 1 rel no boot backup no boot subsyst...

Страница 75: ...04 2006 12 48 48 UTC Juniper Edge Routing Switch ERX 700 Version 7 3 0 beta 1 6 BuildId 5672 July 11 2006 11 58 Copyright c 1999 2006 Juniper Networks Inc All rights reserved boot config running confi...

Страница 76: ...nue You can press any other key to disagree with the prompt and cancel the action You can use the confirmations explicit command to require a more explicit response to CLI prompts confirmations explic...

Страница 77: ...ported for the file system synchronization application and the file copy application The progress indicator displays a series of dots that represents the time required to complete the operation The do...

Страница 78: ...pleted initialization The show version command can be used to display line module status Do not enter commands for a line module until its state is online Platform Considerations The CLI is supported...

Страница 79: ...s running on your host system type in the E Series router name or its IP address and press Enter To use a name your network must have a name server For example for Microsoft Windows NT enter telnet 19...

Страница 80: ...CLI access level is 10 To access the default Privileged Exec mode 1 At the prompt type enable and press Enter host1 enable Password NOTE You will be prompted for a password only if your system has be...

Страница 81: ...the Privileged Exec mode to the User Exec mode enter the disable command For example host1 disable host1 NOTE Using the exit command from either the Privileged Exec or User Exec mode logs out of the C...

Страница 82: ...no longer required to be hierarchical You can modify the privilege group membership and define which privilege group is a member of another privilege group A privilege group can contain commands and o...

Страница 83: ...ot configure a circular dependency where group X has member Y Y has member Z Z has member P and X can reach Z and P Group X cannot have member Z or P because Z and P are reachable through Y Examples U...

Страница 84: ...contains 13 13 contains 12 and so forth Privilege group 12 contains one privilege group the privilege group 5 Privilege group 11 contains one privilege group the privilege group 5 Privilege groups 0 1...

Страница 85: ...ntains 12 12 contains 11 11 contains 10 10 contains 9 and 9 contains 8 Example 9 host1 config no privilege group membership In Example 9 privilege group membership reverts to the default setting All p...

Страница 86: ...re reachable privilege Use to change the privilege level of any command within a specified mode Example 1 host1 config privilege exec level 12 terminal width Example 2 host1 config privilege exec all...

Страница 87: ...ings When all privilege groups are reset to the default settings the privilege group membership is hierarchical See privilege group membership privilege group membership clear Use to clear a privilege...

Страница 88: ...e commands rcmd 514 Setting Privileges for Ambiguous Commands The privilege command allows you to set command privilege levels for parts of commands that the CLI would normally consider ambiguous In o...

Страница 89: ...y other command to follow This would force all commands that have a no or default version to function only for that privilege level and higher For example if you issue the privilege exec level 10 no c...

Страница 90: ...y NOTE This order of precedence does not apply to privilege levels that are set without the all keyword In the following example the privilege level of the snmp server community command is set to leve...

Страница 91: ...evel 5 snmp server Removing the all Keyword Using the no version or reset version removes the all keyword and restores default privilege levels If the privilege setting of the mode or command for whic...

Страница 92: ...ilege level privilege level Use to change the default privilege level of the console line or one or more vty lines Example host1 config line privilege level 5 Use the no or default version to restore...

Страница 93: ...The show configuration command output displays output specific to the session access level For example if the session is enabled at level 5 issuing the show configuration command displays only output...

Страница 94: ...y itself or when it is preceded by one or more spaces a list of all next available choices is displayed Example 1 host1 config aaa Configure authentication authorization and accounting characteristics...

Страница 95: ...ode command alias command do service Configure system level services set Configure sleep Make the Command Interface pause for a specified duration slot Configure and administer slot operation snmp ser...

Страница 96: ...letter Do not use a space between the partial keyword and the key For example host1 sh show shutdown host1 sh NOTE If you want to use the character as part of a string such as a hostname or a regular...

Страница 97: ...que abbreviation Executing a command Always use the Enter key Command Line Editing Keys You can use several keys to edit the command line Table 7 on page 67 defines the keys for editing the command li...

Страница 98: ...led characters overwrite or are inserted in current line depending on overwrite insert toggle Ctrl y In all modes except User Exec mode executes any command typed immediately before the command sequen...

Страница 99: ...w string Ctrl r Pagination Keys If the system needs to display more text than you can fit on the screen the output pauses and the More prompt appears Table 9 on page 69 defines the pagination keys tha...

Страница 100: ...ure BGP or RIP address family parameters Address Family Configuration Use the exit command to return to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use...

Страница 101: ...k profile Configure packet color after exit from rate limit hierarchy Color Mark Profile Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec m...

Страница 102: ...Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration Mode use the dos protection group command Prompt host1 config dos group Configure parameters for DoS protection...

Страница 103: ...ess Ctrl z to return to Exec mode From Global Configuration mode use the interface command and identify the interface by slot port Prompt host1 config if Create an interface Modify the operation of an...

Страница 104: ...ng negotiations with IKE peers IPSec CA Identity Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec mode From the Global Configuration mode u...

Страница 105: ...Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use the ipsec tunnel profile command Prompt host1 config ipsec tunnel profile Configure a profile for IPSec...

Страница 106: ...turn to Global Configuration mode Press Ctrl z to return to Exec mode From L2TP Destination Profile Configuration mode use theremote host command Prompt host1 config l2tp dest profile host Configure h...

Страница 107: ...ion mode Press Ctrl z to return to Exec mode From Global Configuration mode use the line command Prompt host1 config line Modify a virtual terminal line Line Configuration Use the exit command twice t...

Страница 108: ...nfiguration mode use the parent group command Prompt host1 config parent group Configure an external parent group Parent Group Configuration Use the exit command once to return to Global Configuration...

Страница 109: ...Service Name Table Configuration Use the disable command to return to User Exec mode Use the exit command to log out of the CLI Use the configure command to enter Global Configuration mode From User...

Страница 110: ...xit command once to return to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use the qos profile command Prompt host1 config qos profile Configure QoS pro...

Страница 111: ...reate an IP rate limit profile from Global Configuration mode use the ip rate limit profile command To create an L2TP rate limit profile from Global Configuration mode use the l2tp rate limit profile...

Страница 112: ...on Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use the mpls rsvp profile command Prompt host1 config rsvp Config...

Страница 113: ...server management event command Prompt host1 config mgmtevent Configure SNMP events SNMP Event Manager Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to r...

Страница 114: ...to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use the traffic class group command Prompt host1 config traffic class group Configure a traffic class gr...

Страница 115: ...namic tunnel server port Tunnel Server Configuration Use the enable command to enter Privileged Exec mode Use the exit command to log out of the CLI Log into system Prompt host1 Change terminal settin...

Страница 116: ...o its default s dir Display a list of local files disable Reduce the command privilege level enable Enable access to privileged commands erase Erase configuration settings exit Exit from the current c...

Страница 117: ...ons default Set a command to its default s delete Delete a local file dir Display a list of local files disable Reduce the command privilege level disconnect Disconnect remote CLI session enable Enabl...

Страница 118: ...u can execute a script file scr which is simply a file containing a sequence of CLI commands through the configure command Global Configuration Mode Within Global Configuration mode you can Apply feat...

Страница 119: ...command alias command run exit Exit from the current command mode help Describe the interactive help system log Configure logging settings macro Run a CLI macro no Negate a command or set its default...

Страница 120: ...stem inarp Configure the Inverse Address Resolution Protocol InARP protocol log Configure logging settings macro Run a CLI macro no Negate a command or set its default s oam Configure Operations Admin...

Страница 121: ...classification group in a policy list that you can attach to an interface From Policy List Configuration mode type the classifier group command and its attributes and then press Enter host1 config pol...

Страница 122: ...e In this mode you can configure policing for a specific protocol From Global Configuration mode type the control plane command and press Enter host1 config control plane host1 config control plane de...

Страница 123: ...Mac Address run Run an exec mode command alias command do server address The DHCP Server address to send to clients sleep Make the Command Interface pause for a specified duration snmpTrap Enable snmp...

Страница 124: ...nd alias command run help Describe the interactive help system hostname Configure the client hostname of the tunnel identification Configure tunnel identification log Configure logging settings macro...

Страница 125: ...active help system log Configure logging settings macro Run a CLI macro no Negate a command or set its default s run Run an exec mode command alias command do sleep Make the Command Interface pause fo...

Страница 126: ...om Interface Configuration mode you can enable many system features for each interface you create Interface Configuration commands allow you to Create an interface Modify the operation of an interface...

Страница 127: ...ctive help system log Configure logging settings macro Run a CLI macro no Negate a command or set its default s run Run an exec mode command alias command do sleep Make the Command Interface pause for...

Страница 128: ...nfiguration Mode In this mode you can specify the information that the system uses in online certificate requests and during negotiations with its peers From Global Configuration mode type ipsec ca id...

Страница 129: ...run encryption Configure the encryption algorithm within an IKE policy exit Exit from the current command mode group Configure the Diffie Hellman group identifier hash Configure the hash algorithm wit...

Страница 130: ...tion IPSec Transport Profile Configuration Mode In this mode you can configure an IP Security IPSec transport profile which is used for Layer 2 Tunneling Protocol L2TP over IPSec connections From the...

Страница 131: ...phase 2 transforms allowed on this IPSEC tunnel profile tunnel Configure tunnel parameters IP Tunnel Destination Profile Mode In this mode you can specify parameters for GRE or DVMRP dynamic tunnels F...

Страница 132: ...IPv6 prefix range run Run an exec mode command alias command do sleep Make the Command Interface pause for a specified duration NOTE You must enable the IPv6 local address pool feature to be able to c...

Страница 133: ...local hostname the local IP address or the interface profile From Global Configuration mode enter L2TP Destination Profile mode see above and type remote host and a hostName and press Enter host1 conf...

Страница 134: ...current command mode help Describe the interactive help system log Configure logging settings macro Run a CLI macro neighbor Configure l2c neighbor parameters no Negate a command or set its default s...

Страница 135: ...t is 5 vty lines However you can increase the number of vty lines available by typing the start number and end number of the vty line range Once you execute the line vty command you will have access t...

Страница 136: ...an exec mode command alias command do sleep Make the Command Interface pause for a specified duration Local User Configuration Mode In this mode you can configure parameters for user entries in local...

Страница 137: ...ure map list parameters In Map List Configuration mode commands such as map list and ip atm vc are used to configure ATM NBMA interfaces From Global Configuration mode type map list and a mapListName...

Страница 138: ...list classifier group Specify the classifier list color Create a color policy default Set a command to its default s do Run an exec mode command exit Exit from the current command mode filter Create a...

Страница 139: ...macro Run a CLI macro no Negate a command or set its default s run Run an exec mode command alias command do sleep Make the Command Interface pause for a specified time PPPoE Service Name Table Confi...

Страница 140: ...e Set Configuration Mode In this mode you can can configure QoS interface sets From Global Configuration mode type the qos interface set command followed by an interfaceSetName and press Enter host1 c...

Страница 141: ...me and press Enter host1 config qos parameter define vpSharedShaper1 host1 config qos parameter define controlled interface type Configure the valid interface types controlled by this parameter defaul...

Страница 142: ...ared shaper control command and press Enter host1 config qos shared shaper control host1 config qos shared shaper control convergence factor Configure how quickly the simple shared shaper converges to...

Страница 143: ...servers From Global Configuration mode type either the radius authentication server radius accounting server or radius dynamic request server command with the server ipAddress and press Enter host1 c...

Страница 144: ...n mode type rate limit profile and a profileName and add the keyword hierarchical and press Enter To create an IP rate limit profile from Global Configuration mode type ip rate limit profile and a pro...

Страница 145: ...onfiguration mode type either router rip router pim or router ospf and the processID Press Enter You are now in Router Configuration mode From Router Configuration mode type the remote neighbor comman...

Страница 146: ...router address family Enter address family configuration mode aggregate address Create an aggregate entry in BGP routing table auto summary Automatic summarization of redistributed routes to their na...

Страница 147: ...macro no Negate a command or set its default s refresh period Configure refresh period run Run an exec mode command alias command do sleep Make the Command Interface pause for a specified duration RT...

Страница 148: ...ts default s run Run an exec mode command alias command do shaping rate Shape the node or queue to the specified rate sleep Make the Command Interface pause for a specified duration strict priority De...

Страница 149: ...ring and enable the counting of drop and forwarding events From Global Configuration mode type statistics profile and the statisticsProfileName that you want to create or configure and press Enter hos...

Страница 150: ...ent1 host1 config policy arp Modify arp policy broadcast Modify broadcast policy default Set a command to its default s do Run an exec mode command alias command run exit Exit from the current command...

Страница 151: ...ctive help system log Configure logging settings macro Run a CLI macro no Negate a command or set its default s run Run an exec mode command alias command do sleep Make the Command Interface pause for...

Страница 152: ...ed duration source address Configure tunnel source address type Configure tunnel type Tunnel Profile Configuration Mode In this mode you can create and configure MPLS tunnel profiles From Global Confi...

Страница 153: ...em import Specify VRF import characteristics ip Configure IP characteristics log Configure logging settings macro Run a CLI macro maximum Specify a maximum limit no Negate a command or set its default...

Страница 154: ...n an exec mode command alias command do sleep Make the Command Interface pause for a specified duration support Enter Support mode 124 Accessing Command Modes JUNOSe 11 1 x System Basics Configuration...

Страница 155: ...om One Router to Another on page 140 Upgrading Systems That Are Operating with Two SRP Modules on page 140 Upgrading from Release 5 1 1 or Lower Numbered Releases on page 142 Downgrading JUNOSe Softwa...

Страница 156: ...ervices Routers the MIB directory and the Release Notes You can also download a compressed version of the software release by logging on to https www juniper net support The zip file that you download...

Страница 157: ...hrough either the local console or a Telnet session If you have not yet configured the router to support Telnet then you must use the local console To install the software perform the following tasks...

Страница 158: ...ype the password if the system prompts you Task 4 Configure IP on an Interface Typically you configure IP on the Fast Ethernet interface of the SRP module To configure IP on an interface 1 Determine t...

Страница 159: ...you created from the image bundle in compressed format that you downloaded from the Juniper Networks website you must mount the CD The way you mount the release files on the network host depends on th...

Страница 160: ...procedure and that the network host is operational Task 7 Enable the FTP Server on the Router The router divides its vty resources among Telnet SSH and FTP services Each FTP session requires one vty l...

Страница 161: ...release rel filename for the router you are using as described in Identifying the Software Release File on page 126 NOTE The destination file must have a rel extension For example host1 copy incoming...

Страница 162: ...en a Firewall Does Not Exist If there is no firewall between the router and the network host to which you copied the release files you can transfer the software release files from the network host to...

Страница 163: ...Exec mode on the router The IP address of the network host The IP address of the router The IP address of the next hop to reach the destination network for example a gateway The login name and passwo...

Страница 164: ...et 6 0 host1 config if ip address ipAddress mask On the E120 and E320 routers host1 configure Configuring from terminal or file terminal Enter configuration commands one per line End with CNTL Z host1...

Страница 165: ...ach the network host verify that you correctly performed the previous steps in this procedure and that the network host is operational Task 6 Copy the Release Files to the Network Host If you download...

Страница 166: ...e boot system command specifying the rel filename of the software release For example host1 config boot system erx_x y z rel The following message appears when you issue this command WARNING We recomm...

Страница 167: ...e network host 6 Reset the SRP module 7 Copy the release files to the network host 8 Copy the software release file to the router 9 Reboot the system Task 1 Obtain the Required Information Before you...

Страница 168: ...listed go to the next section Otherwise proceed with Step 3 3 Add an entry to the Static Host Table so that the router can access the network host boot host hostName ipAddress ftp login name password...

Страница 169: ...l The software release is copied from the network host to the router This process can take several minutes Task 9 Reboot the System To reboot the system using the newly installed software 1 Run the bo...

Страница 170: ...the source router for the network host Omit the step about copying the release files to the network host Copy the file to the system space of the second router from the user space of the first router...

Страница 171: ...the files from one router to another copy the file to the system space of the second router from the user space of the first router See Copying Release Files from One Router to Another on page 140 Fo...

Страница 172: ...er application images for Release 6 0 0 and higher numbered releases you must first install Release 5 1 2 or the highest numbered 5 x x release This enables the system to support application images gr...

Страница 173: ...rd Follow these steps to upgrade your system software when the software is on an NVS card The procedure you use depends on the number of SRP modules in the system Upgrading a System That Contains One...

Страница 174: ...RP module NOTE The release you are installing must be Release 5 1 2 or higher numbered 5 x x release 5 Reinsert the SRP module into the chassis 6 Force the redundant SRP module to take over from the p...

Страница 175: ...pt to downgrade JUNOSe software without the assistance of a Juniper Technical Assistance Center representative Contact the Juniper Technical Assistance Center to obtain help Downgrading JUNOSe Softwar...

Страница 176: ...146 Downgrading JUNOSe Software JUNOSe 11 1 x System Basics Configuration Guide...

Страница 177: ...s network devices such as your E Series router The goal of SNMP is to simplify network management in two ways By defining a single management protocol that can be used to manage any network device fro...

Страница 178: ...group of SNMP managed devices and clients in the same administrative domain community Refers to both a server and a client entity A condition or state change that may cause the generation of a trap m...

Страница 179: ...and state change events Bulk data collection and retrieval Management of virtual routers Secure audit logging for packet mirroring traps and Juni PACKET MIRROR MIB access NOTE You can disable the mana...

Страница 180: ...by a body such as the IETF and fosters consistency of management data representation across many vendors networking products Juniper Networks E Series Enterprise MIBs An enterprise MIB is defined by...

Страница 181: ...ntication provides the following benefits Only authorized parties can communicate with each other Consequently a management station can interact with a device only if the administrator configured the...

Страница 182: ...associated with the router except the packetMirror MIB user Includes all MIBs associated with the router except the packetMirror MIB and standard and enterprise MIBs used to configure SNMP operation n...

Страница 183: ...router has its own SNMP server At router initialization SNMP creates a server for each existing virtual router When router specific data is required the requestor can direct a request to a particular...

Страница 184: ...a managed task is allowed Each SNMP engine has an SnmpEngine ID a hexadecimal number 15 octets long Table 18 on page 154 shows the structure of the SnmpEngine ID Table 18 SnmpEngineID Structure Objec...

Страница 185: ...0 13 0a 05 00 90 1a 00 04 6c 80 00 00 01 SnmpEngineID 0x80 00 13 0a 05 00 90 1a 00 04 6c 80 00 00 01 contextEngineID router1 contextName SNMP Attributes The software automatically maps predefined SNMP...

Страница 186: ...d the values of a group or collection of variables rather than one variable at a time GetBulk is not available in SNMPv1 Get Bulk Transmitted by the client to the server to obtain the identifiers and...

Страница 187: ...k Management Protocol SNMP Management Frameworks December 2002 RFC 3412 Message Processing and Dispatching for the Simple Network Management Protocol SNMP December 2002 RFC 3413 Simple Network Managem...

Страница 188: ...l Configure the method the router uses to encode the ifDescr and ifName objects host1 config snmp interfaces description format common 7 Optional Manage the interface sublayers compress interfaces and...

Страница 189: ...tch is found its access list name is used to validate the IP address If the access list name is null the IP address is accepted A nonmatching community or an invalid IP address results in an SNMP auth...

Страница 190: ...onfigure SNMPv3 users use the following command snmp server user Use to create and modify SNMPv3 users Example host1 config snmp server user fred auth sha fred password priv des password group user Us...

Страница 191: ...version to remove the dynamically created view See snmp server view Setting Server Parameters Setting the server s contact person and location provides helpful identifiers for the SNMP server These i...

Страница 192: ...gh memory utilization value and an abated memory utilization value When the system reaches the high utilization value it sends warning messages When memory usage falls to the abated utilization value...

Страница 193: ...ering method used in the interface tables Compressing Interfaces You can compress interfaces by interface type table type and the administrative status of the interface Compressing interfaces without...

Страница 194: ...faces compress command on an interface without specifying a table type it compresses the interface in all the tables If you compress an interface using the table type keyword for the first time subseq...

Страница 195: ...config snmp server interfaces compress atm table type interface tables host1 config snmp server interfaces compress Ds1 table type interface stack tables Router show snmp interfaces Compressed Remove...

Страница 196: ...ed on RFC 1213 The maxIfIndex option sets the maximum value of the ifIndex field that the system will allocate The maxIfNumber option sets the maximum number of interfaces allowed in the interface tab...

Страница 197: ...pes HDLC FT1 ATM ATM1483 Armed Interface Numbering Mode RFC1213 maxIfIndex 65535 maxIfNumber 65535 Interface Description Setting proprietary See show snmp interfaces Configuring Traps This section pro...

Страница 198: ...traps dvmrp Distance Vector Multicast Routing Protocol traps dvmrpProp E Series router proprietary DVMRP traps environment Power temperature fan and memory utilization traps fileXfer File transfer st...

Страница 199: ...server enable traps command To enable trap categories for a specific host use the snmp server host command Trap Severity Levels The router provides a method of filtering traps according to severity Ta...

Страница 200: ...server enable traps Use to enable and configure SNMP trap generation on a global basis Traps are unsolicited messages sent from an SNMP server agent to an SNMP client manager You can enable the traps...

Страница 201: ...hanged as notice This behavior occurs because only the category specific severity level was configured in the last operation Example 2 Overwriting the global severity level to the last configured sett...

Страница 202: ...trap destination is the IP address of a client network management station that receives the SNMP traps You can configure up to eight trap hosts on each virtual router You can enable the traps listed i...

Страница 203: ...link down trap recognizes a failure in one of the communication links represented in the server s configuration Example host1 config controll snmp trap link status Use the no version to disable these...

Страница 204: ...ver trap proxy Use to enable or disable the SNMP trap proxy Example host1 config snmp server trap proxy enable Use the no version to disable the SNMP trap proxy See snmp server trap proxy Configuring...

Страница 205: ...fication logs 1 Configure the notification log host1 config snmp server notificationlog log 10 10 4 4 adminStatus includeVarbinds 2 Optional Specify when the notification log ages out host1 config snm...

Страница 206: ...he router As you allocate the entry limits for virtual routers the available range changes to reflect the number of notifications that you have allocated Example host1 config snmp server notificationL...

Страница 207: ...tes to establish connectivity If you are losing traps because of scenario 2 we recommend that you use the default value for the maximum ping window time which is one minute snmp server host Use to set...

Страница 208: ...object instance you can specify that the trigger occur by either the appearance disappearance or change in value of a MIB instance A Boolean trigger tests whether the value of a MIB object base synta...

Страница 209: ...nt the device to take when a trigger occurs This action can be in the form of a notification setting a specified MIB object or both The results of these actions are controlled within two subordinate M...

Страница 210: ...nt event sysadmin failuretrigger host1 config mgmtevent event notification id mteTriggerFailure host1 config mgmtevent event exit host1 config mgmtevent event sysadmin fallingtrigger host1 config mgmt...

Страница 211: ...u want to perform delta sampling the values are absolute 9 Optional Specify that you want to perform delta sampling on the sample value ID host1 config mgmtevent trigger delta sampling Optional Enter...

Страница 212: ...mtevent trigger boolean test event george trigger1 When specifying an event use the exact owner name and event name Specify the Boolean value to which the test compares host1 config mgmtevent trigger...

Страница 213: ...an obtain the agent context name for a virtual router from the show snmp agent command The agent context name is independent of the virtual router name 5 Enable the trigger host1 config mgmtevent trig...

Страница 214: ...resides host1 config mgmtevent trigger agent context name router1 You can obtain the agent context name for a virtual router from the show snmp agent command The agent context name is independent of...

Страница 215: ...oolean value to which the test compares host1 config mgmtevent trigger boolean test value 5175438 Example 3 Binding an event to the Boolean test trigger host1 config mgmtevent trigger boolean test eve...

Страница 216: ...ent Use to create an event and access the event configuration mode of the SNMP server event manager Example host1 config mgmtevent event sysadmin failuretrigger host1 config mgmtevent event To leave t...

Страница 217: ...ication id Use to specify a trap notification for an event Example host1 config mgmtevent event notification id mteTriggerFailure Use the no version to remove the notification from the event Removal r...

Страница 218: ...host1 config snmp server management event host1 config mgmtevent To leave the SNMP server event manager use the exit command Use the no version to delete all the management events See snmp server man...

Страница 219: ...ger configuration mode use the exit command Use the no version to remove the trigger See trigger Monitoring Events To view the status of the SNMP agent use the following show snmp agent command To vie...

Страница 220: ...r Name Name value assigned to the trigger Test Type of trigger test to perform SampleType Type of sampling absolute or delta to perform ValueID Object ID of the MIB sample for this trigger ValueIDLimi...

Страница 221: ...gger trigger name Name value assigned to the trigger current time Current UTC time started sampling UTC time sampling started last sampled UTC time event last sampled sample instances Number of sample...

Страница 222: ...ner value for this trigger DeltaFallingEvent Delta falling event name value for this trigger Delta DiscontinuityID Discontinuity MIB ID for this trigger DiscontinuityIDWildcard Not supported in this r...

Страница 223: ...1 92 1 1 2 0 ValueIDLimit 0 ValueIDWildcard False ContextName router1 ContextNameLimit 0 ContextNameWildcard False Frequency 40 ObjectsOwner unitTest Objects test3 Enabled False EntryStatus createAndW...

Страница 224: ...1 1 2 DiscontinuityIDWildcard True DiscontinuityIDType timeTicks Objects Owner unitTest Name test1 Index 1 ID 1 3 6 1 2 1 11 1 0 IDWildcard False EntryStatus active Index 2 ID 1 3 6 1 2 1 11 2 0 IDWi...

Страница 225: ...as collectors to retrieve data You can configure up to six collectors The router sends collected statistics through FTP to assigned hosts known as receivers You must assign a primary receiver to each...

Страница 226: ...ame z mmddHHMM s sts where fileName Name of the file which includes sysName sysUpTime depending on the attributes specified z Receiver index value mmddHHMM Timestamp when the receiver is created in mo...

Страница 227: ...unnel L2TP L2TP Tunnel L2tpSession L2TP L2TP Session PppLink MLPPP PppLink interfaces Hdlc HDLCEncaps HDLC interfaces L2tpDestination L2TP L2TP Destinataion MplsMajor MplsIfMajor MPLS Major interfaces...

Страница 228: ...n occur when a counter wraps or after a line module is reloaded or reset If one of these actions occurs applications that utilize the counters in expressions or calculations generate erroneous values...

Страница 229: ...ollect mode auto 6 Assign the primary receiver host1 config bulkstats collector 2 primary receiver 1 7 Optional Assign the secondary receiver host1 config bulkstats collector 2 secondary receiver 5 8...

Страница 230: ...mode auto Use the no version to specify that either the user or the system will initiate transfers manually See bulkstats collector bulkstats collector description Use to add descriptive information t...

Страница 231: ...to assign the primary receiver to which the system transfers data The index for the receiver must match the index that you specified with the bulkstats receiver remote name command Example host1 conf...

Страница 232: ...ct statistics You can provide an interface specifier location to identify a specific interface on which you want to collect statistics If you define more than one collector you must specify a unique c...

Страница 233: ...me of the host must match the name you specify with this command The hostname is relative to the virtual router s context when you issue this command When specifying the remote filename for bulk stati...

Страница 234: ...nt bulkstats from being reported for virtual router groups See bulkstats virtual router group Deleting All Bulkstats Configurations Although individual bulkstats commands allow you to disable or delet...

Страница 235: ...ers Number of times the bulk statistics collector has attempted a data file transfer to a secondary server SecondaryFails Number of secondary server transfer failures BulkStats Collector Information I...

Страница 236: ...the schema Subtree Type of bulk statistics schema configured on the collector if stack if stats policy QoS or system CollectorIndex Bulk statistics collector index number Create Delete Time Stats Sta...

Страница 237: ...erly configured and currently active notInSvc Receiver has been decommissioned by a management client notReady Receiver does not have enough configuration information to go active error Configuration...

Страница 238: ...G 15 2000 16 02 33 UTC 2 Not started N A Schema Information Index Subtree 1 ifStats Index CollectorIndex State 1 1 active Index Create Delete Time Stats Create Delete Interface Types 1 enabled IP Inde...

Страница 239: ...mation about the collector transfer interval configuration Field descriptions Index Index number of the bulk statistics collector Interval Amount of time in seconds that the collector transfers data t...

Страница 240: ...1 show bulkstats collector transfer mode Index Transfer Mode Primary Receiver Secondary Receiver 1 auto xfer 1 2 See show bulkstats collector transfer mode show bulkstats interface type Use to display...

Страница 241: ...er of the receiver State active Receiver is properly configured and currently active notInSvc Receiver has been decommissioned by a management client notReady Receiver does not have enough configurati...

Страница 242: ...tor attempted to start a collector but failed because the collector s configuration was incomplete CollectorStopFailures Number of times the bulk statistics collector failed during a collector stop re...

Страница 243: ...e specified interface Transferred Number of record for dynamic interface that were written to the bulk statistics sts file Dropped Number of records for dynamic interfaces that were dropped that is no...

Страница 244: ...setting enabled disabled Threshold Nearly full trap will be posted to the SNMP entity on this system when this percentage is reached Traps Sent Number of times this event was posted to the SNMP entity...

Страница 245: ...he interface usage data is the ifTable ifXTable counters The ifXTable supports 64 bit counters and the data written into the bulk statistics file supports the 64 bit counters if stats Statistics assoc...

Страница 246: ...ts Configure If stats schema for in unknown protos in unknown protos Configure If stats schema for lower interface lower interface Configure If stats schema for out bcast pkts out bcast pkts Configure...

Страница 247: ...ubtree igmp command Table 26 IGMP Schema Objects Definition Object Configure IGMP schema for all attributes all Configure IGMP schema for destination address dest address Configure IGMP schema for IGM...

Страница 248: ...formation about QoS objects see the JUNOSe Quality of Service Configuration Guide Table 28 QoS Schema Objects Definition Object Configure QoS schema to export the average drop rate within the rate per...

Страница 249: ...arent shared shaping rate Configure QoS schema to export the aggregate weight of the parent interface parent weight Configure QoS schema to export the queue length attribute queue length Configure QoS...

Страница 250: ...ar location or virtual router group by specifying the location of a particular slot port or virtual router group You can view the QoS rate statistics over each S VLAN or ATM virtual path by including...

Страница 251: ...e column configuration information Retrieves statistics from ifStackTable which stores the configured interfaces and their stacking relationship on a router Example Configures the if stack schema host...

Страница 252: ...the bulk statistics interface record use the time offset keyword Example Configures the schema to collect the destination address and time offset attributes for IGMP host1 config bulkstats schema 4 su...

Страница 253: ...nfig bulkstats schema 4 subtree qos subtreelist all Example 2 Configures the QoS schema to export summarized QoS rate statistics host1 config bulkstats schema 4 subtree qos export summarized stats Use...

Страница 254: ...type of interface Additional values for ifType are assigned by the Internet Assigned Numbers Authority IANA through updating the syntax of the IANAifType textual convention ifType RFC1213 ifType Iden...

Страница 255: ...broadcast address at this sub layer This object is a 64 bit version of ifInUcastPkts Discontinuities in the value of this counter can occur at re initialization of the management system and at other...

Страница 256: ...he value of ifCounterDiscontinuityTime in errors ifInErrors RFC1213 ifInErrors For packet oriented interfaces the number of packets received via the interface which were discarded because of an unknow...

Страница 257: ...oadcast address at this sub layer including those that were discarded or not sent This object is a 64 bit version of ifOutUcastPkts Discontinuities in the value of this counter can occur at re initial...

Страница 258: ...cy support 64 bit counters in policied octets juniAcctngIfInPolicedOctets juniAcctng ifInPolicedOctets Packets dropped due to ingress policy in policied octets juniAcctngIfInPolicedPkts juniAcctng ifI...

Страница 259: ...ounter can occur at re initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime in mcast pkts ifHCInMulticastPkts RFC2863 ifHCInMulticastPkts...

Страница 260: ...uityTime out mcast pkts ifHCOutMulticastPkts RFC2863 ifHCOutMulticastPkts The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast addre...

Страница 261: ...ich the interfaces of the specified queue are stacked SVLAN VP ID The unique traffic class name within the traffic policy configured for the queue Traffic Class Name The shaping rate associated with t...

Страница 262: ...acctng QStatsProfile The shaping mode associated with the egress queue In the shape mode is used to control the downstream rate for different media shaping mode rsAcctngShapingMode rsacctng QShapMode...

Страница 263: ...a 32 bit integer shared shaping rate rsAcctngSharedShapingRate rsacctng QSharShapRate The type of byte adjustment application configured on the queue byte adjustment type rsAcctngByteAdjType rsacctng...

Страница 264: ...r of yellow packets which were chosen to be discarded even though no errors had been detected to prevent their being received The attribute is a 64 bit integer yellow drop packets rsAcctngYellowDropPa...

Страница 265: ...information to go active error Configuration operational error Subtree List Types of statistics the schema is configured to receive Example 1 Displays bulk statistics information for a schema that is...

Страница 266: ...de differs from the default interface numbering mode which encodes a type field in the upper 8 bits of a 32 bit integer The use of the upper 8 bits creates large gaps in the ifIndex numbering scheme T...

Страница 267: ...rfc1213 Use to enable the RFC 1213 interface numbering mode on bulkstats Example host1 config bulkstats interfaces rfc 1213 Use the no version to disable the RFC 1213 interface numbering mode on bulks...

Страница 268: ...m reboots Specifying End of Line Format By default the bulk statistics application generates a DOS compatible file that contains both a carriage return CR and line feed LF at the end of each line The...

Страница 269: ...ands SNMP operations such as Get and Set continue to use and report statistics from the system counters See Viewing SNMP Status on page 240 for a sample display when you enter the show snmp command If...

Страница 270: ...packets received by the router Bad SNMP version errors Number of SNMP PDUs with a bad version number Unknown community name Number of SNMP PDUs that had an unrecognized community name Illegal operati...

Страница 271: ...PDU Handler Report PDUs Number of packets received by the SNMP engine that were dropped because the PDU in the packet could not be passed to an application responsible for handling the PDU type for ex...

Страница 272: ...texts 538 SNMP packets out 0 Too big errors Maximum packet size 1500 10 No such name errors 0 Bad values errors 0 General errors 538 Get response PDUs 0 SNMP trap PDUs 0 Invalid Message Report PDUs 0...

Страница 273: ...rmation about the SNMP communities Field descriptions Community Name of the community and the associated virtual router View Name of the view Priv Access privilege for the view ro Read only access rw...

Страница 274: ...lost nonVolatile Does not lose contents when power is lost Example host1 show snmp group Group Name Storage Type group1 Volatile group2 NonVolatile admin Permanent mirror Permanent public Permanent pr...

Страница 275: ...is used for that category Trap Severity Level Severity level filter for a trap category this severity level overrides the globally configured trap severity level TrapCategories Types of traps enabled...

Страница 276: ...as well as statistics for each SNMP host configured on the virtual router Field descriptions Trap request s Number of local traps requested Proxy trap request s Number of proxy traps requested Trap s...

Страница 277: ...ap s discarded 4 No system memory 0 No queue resources 0 SNMP agent disabled 0 Global trap category disabled 4 Global minimum severity level 0 Trap s out 3108 Trap s proxied 0 Address TrapsDiscarded T...

Страница 278: ...ed Specified OID trees are not available in this view Oid Tree OID of the AS number version 1 subtree Storage SNMP storage type volatile or nonvolatile Example host1 show snmp view View Name View Type...

Страница 279: ...use the output filtering feature of the show commands to include or exclude lines of output based on a text string you specify See Command Line Interface on page 29 for details Monitoring SNMP 249 Ch...

Страница 280: ...250 Monitoring SNMP JUNOSe 11 1 x System Basics Configuration Guide...

Страница 281: ...rrent Configuration on page 261 Configuring the System Automatically on page 276 Saving the Current Configuration on page 277 Using the Desktop Tool for Viewing Uncompressed Text Configuration on page...

Страница 282: ...m on page 251 Set system passwords Managing Modules on page 355 Write CLI macros Booting the System on page 509 Boot the system Managing Modules on page 355 Manage line modules and SRP modules Platfor...

Страница 283: ...urn the switch fabric to its default multicast to unicast ratio 15 2 See fabric weights Configuring Timing You can use the timing source command to configure three timing sources for the system These...

Страница 284: ...Example host1 config timing select secondary There is no no version See timing select timing source Use to specify how the SRP module exchanges timing signals with an interface You can specify primary...

Страница 285: ...k auto upgrade enabled See show timing Using the CLI Use the commands described in this section to navigate the CLI For a complete description of the CLI see Command Line Interface on page 29 configur...

Страница 286: ...sable command changes the Privileged Exec mode to the lower level that you specify you do not return to User Exec mode Example 1 host1 disable host1 Example 2 host1 show privilege Privilege level is 1...

Страница 287: ...d in Global Configuration mode This protects the system from any unauthorized use Once a password is set anyone trying to use Privileged Exec mode will be asked to provide the password Example 1 acces...

Страница 288: ...tion begin interface The run command functions the same as the do command There is no no version See run sleep Use to make the CLI pause for a specified period of time in seconds Pausing is very usefu...

Страница 289: ...e a vty line the system removes all lines above that line For example no line vty 6 causes the system to remove lines 6 through 29 You cannot remove lines 0 through 4 See line password Use to specify...

Страница 290: ...al that the terminal waits for expected user input Never Indicates that there is no time limit exec banner Status for the exec banner enabled or disabled This banner is displayed by the CLI after user...

Страница 291: ...host1 clear line 2 Example 2 host1 clear line console 0 There is no no version See clear line Monitoring the Current Configuration Use the commands described in this section to monitor the current run...

Страница 292: ...cations for Layer 2 and Layer 3 Interface Configurations Layer 2 and Layer 3 Combination Interfaces Layer 3 Only Interfaces Layer 2 Only Interfaces Format Layer 2 configuration appears in the default...

Страница 293: ...s 2000 0 17 1 60 interface atm 5 0 126 point to point interface atm 5 1 interface atm 5 1 1 point to point interface atm 5 1 100 point to point atm pvc 100 0 100 aal5snap 0 0 0 encapsulation pppoe ppp...

Страница 294: ...0 0 1 2 255 255 255 0 interface atm 5 1 104 ip address 150 0 1 2 255 255 255 0 ipv6 address 2000 0 17 2 60 ip route 30 0 0 0 255 0 0 0 atm5 1 104 no ip source route ipv6 Example 2 Format 2 output serv...

Страница 295: ...0 atm pvc 1022 0 1022 aal5snap 0 0 0 atm pvc 1023 0 1023 aal5snap 0 0 0 interface atm 5 1 103 point to point atm pvc 103 0 103 aal5snap 0 0 0 encapsulation bridge1483 pppoe pppoe subinterface atm 5 1...

Страница 296: ...5 1 103 ip address 100 0 0 2 255 255 255 0 interface atm 5 1 103 1 ip address 100 0 1 2 255 255 255 0 interface atm 5 1 104 ip address 150 0 1 2 255 255 255 0 ipv6 address 2000 0 17 2 60 ip route 30 0...

Страница 297: ...ollowing interface types cannot be added to tag groups tunnel lag mlppp and mlframe relay An interface can be in only one tag group Table 32 on page 267 describes the categories of router settings and...

Страница 298: ...NOTE When you specify categories with the show configuration command the output might display additional configuration data that is not explicitly associated with the categories that you specified ser...

Страница 299: ...rsion x y z January 18 200X 15 01 Copyright c 1999 200X Juniper Networks Inc All rights reserved Commands displayed are limited to those available at privilege level 10 Juniper Networks Edge Routing S...

Страница 300: ...no boot subsystem no boot backup subsystem See show configuration show running configuration Use to display the configuration currently running on the router a specified virtual router a specified in...

Страница 301: ...ion between the active and standby SRP occurs when HA is enabled Configuration files are not synchronized to the standby SRP when corruption is detected and the auto recovery option is disabled You ca...

Страница 302: ...ndby SRP By default background monitoring is not running For corruption detection of the CNF files you must use manual mode Auto mode checks the running configuration at regular intervals auto mode ca...

Страница 303: ...fig running configuration command output lists as recoverable Auto recovery of a corrupted running configuration in the active and standby SRPs works as follows If the file system on the primary SRP i...

Страница 304: ...es do not synchronize and the synchronization state does not restore until successful recovery of the corrupted files or the recovery window is complete HA Enabling of HA is prevented during recovery...

Страница 305: ...a message appears indicating whether the files are recoverable If the SRPs are successfully recovered monitoring of corrupt configuration resumes If recovery fails load another release on the primary...

Страница 306: ...service check config running configuration recover Use to recover the corrupted CFG files in the running configuration You can recover only the files that the service check config running configuratio...

Страница 307: ...g you to save the changes before reloading You can use the include text config keyword with the copy running configuration command to add the text configuration to the system configuration file in com...

Страница 308: ...y running configuration copy running configuration startup configuration Use to save all outstanding unsaved configuration changes to NVS This command is an exact alias of the write memory command Thi...

Страница 309: ...commit The no version returns the system to Automatic Commit mode the no version has no effect if the system is already in Automatic Commit mode See service manual commit write memory Use to save all...

Страница 310: ...the Desktop Tool The desktop tool has the following prerequisites for the installation of necessary executables depending on the operating system that is running on your client system Requirements for...

Страница 311: ...s also available with Linux 5 0 and Linux 5 1 installation Usage Notes for the Perl Script Issue the following command from the directory in which Perl is installed on your system perl_install_dir ext...

Страница 312: ...e session Example host1 terminal speed 14400 There is no no version See terminal speed Configuring the Display Terminal You can specify the number of lines that appear on a terminal screen and the num...

Страница 313: ...characters Be sure that the software on other devices in the network also supports international characters Set the number of bits to 7 to view only characters in the standard ASCII set Example host1...

Страница 314: ...the no version to remove the DSR requirement for login See dsr detect Setting Time Limits for User Login You can specify a time interval that the CLI waits for a user to provide a password when loggin...

Страница 315: ...ser has not responded the system closes the session or lines Specify a time limit in the range 0 35791 minutes and optionally specify the number of seconds By default there is no time limit Example ho...

Страница 316: ...acter Failure to do so may produce undesired results Examples host1 config banner motd x This is an MOTD banner x host1 config banner Y This is also an MOTD banner Y host1 config banner Quotes make go...

Страница 317: ...uring an MOTD banner Example host1 config line motd banner Use the default version to restore the default setting in which the banner is displayed on all lines Use the no version to disable the MOTD b...

Страница 318: ...nabled or disabled This banner is displayed by the CLI after user authentication if any and before the first prompt of a CLI session motd banner Status for the MOTD banner enabled or disabled This ban...

Страница 319: ...iters for these messages you must enter Ctrl z as shown in the following example host1 send 0 Enter remainder of text message End with Z Good morning Major Tom Z Proceed with send confirm The receivin...

Страница 320: ...show processes memory command or the show utilization command For information about the show processes memory command see Managing Files on page 290 For information about the show utilization command...

Страница 321: ...tions and has the typical directory structure of a secure FTP server The root or top level directory is a read only directory that contains two subdirectories incoming Read write directory to and from...

Страница 322: ...ssword for the user PASS Quit the session QUIT List contents of a directory LIST List directory contents using a concise format NLST Retrieve a file RETR Store a file STOR Change working directory CWD...

Страница 323: ...reach the virtual router Renaming Files To rename files use the rename command Table 35 on page 293 shows the types of files you can rename in different locations rename Use to rename a local file Yo...

Страница 324: ...e None None None Network Host Within a Firewall None None None None Standby SRP Module See rename Deleting Files Use the delete command to delete files in NVS Table 36 on page 295 shows the types of f...

Страница 325: ...e force keyword is ignored when you attempt to delete any dmp or tsa file unless the deletion is issued from a mac or scr file this means that the CLI always prompts for confirmation for these file ty...

Страница 326: ...iguration changes instantly from the active SRP to the standby SRP However although these changes are reflected immediately in memory the standby SRP NVS is updated at 5 minute intervals dir Use to sh...

Страница 327: ...file systems are synchronized unshared file size size disk0 incoming DIR 0 disk0 outgoing DIR 0 disk0 810beta13 cnf 280944 280944 disk0 800beta12 cnf 327011 327011 disk0 bng___1 txt 11092 11092 disk0...

Страница 328: ...cnf 03 15 2007 06 58 14 disk0 SRP 10Ge_3_SC_08_22_2006_07_39 dmp 08 22 2006 07 43 14 disk0 SRP 10Ge_3_SC_04_12_2007_09_47 dmp 04 12 2007 09 51 08 disk0 reboot hty 01 09 2008 13 57 02 disk0 system log...

Страница 329: ...12 19 2000 07 22 08 Disk capacity Capacity Free Reserved Device bytes bytes bytes disk0 220200960 120616448 36700160 Example 4 host1 dir outgoing unshared in file size size date UTC use disk0 test sc...

Страница 330: ...ript file named myconfig scr that resides on a remote server named fileserver1 host1 more fileserver1 startup scripts myconfig scr There is no no version See more Transferring Files You may need to tr...

Страница 331: ...copying or redirecting files to or from a remote FTP or TFTP server Include all remote file data in the copy command You can specify remote files using the URL format and the file redirect option for...

Страница 332: ...path The characters in the URL format can be encoded Any of the delimiter characters can be used in the host username password and directory and file fields when added as encoded characters The encode...

Страница 333: ...hty log mac pub scr sts txt cnf hty log mac pub scr txt cnf hty excluding reboot hty log excluding system log mac scr txt System None None cnf hty log mac pub rel rel file only not files associated w...

Страница 334: ...onfigure the FTP server to reach the default address of the E Series router which will always be able to reach the VR 3 Add the FTP server to the static host table and specify the file transport proto...

Страница 335: ...ncryption by issuing the service password encryption command and then examine the output of the show configuration command Username and password encryption is made available primarily so that scripts...

Страница 336: ...ore you issued the ip ftp source interface command Example host1 config ip ftp source address 10 10 5 21 Use the no version to restore the default in which the source address in the FTP packets is tha...

Страница 337: ...pDir scripts on the host mary The username mike and password mikePwd from the host entry mary are used to access the remote file copy mary ftpDir scripts autocfg scr autocfg scr Example 2 Copy a local...

Страница 338: ...ile autocfg scr located in the directory ftpDir scripts on the host mary The username mike and password mikePwd from the host entry are used copy ftp mary ftpDir scripts autocfg scr autocfg scr Exampl...

Страница 339: ...eature is to allow the transfer of system files to NVS You can transfer files by FTP to the user space You can then install files from the user space onto the system using the copy command It is not p...

Страница 340: ...ion service any client can access the FTP server For information about authentication on vty lines see Managing the System on page 251 Configuration Tasks FTP is disabled by default You must enable th...

Страница 341: ...ta center subnet and one named Pops permitting only the POP subnet host1 config access list DataCenter permit 10 6 128 0 255 255 128 0 host1 config access list DataCenter deny any host1 config access...

Страница 342: ...u last booted the system attempts Number of attempts to connect failed hosts Number of connection attempts that failed because of disallowed host addresses failed users Number of connection attempts t...

Страница 343: ...sole 0 console 02 12 2001 19 57 4 vty 3 ftp fred 10 10 0 64 02 12 2001 20 04 5 vty 4 telnet 10 10 0 64 02 12 2001 20 04 Note indicates current user Example 2 host1 show users detail line connected idl...

Страница 344: ...ter copying a release view which subsystems were excluded host1 show subsystems file x8 rel 6 Optional Determine whether the currently running software is a result of a copy with excluded subsystems T...

Страница 345: ...or the required portion of the release Included Subsystems Number of bytes of data for the included subsystems listed All included subsystems in the release are listed Excluded Subsystems Number of by...

Страница 346: ...tandards RFC 1094 Network File System Protocol Specification March 1989 RFC 1057 Remote Procedure Call Protocol Specification June 1988 Prerequisites The E Series NFS client requires a remote host to...

Страница 347: ...fault user identity is 2001 and the default group identity is 100 Example host1 boston config ip nfs host host50 user 1500 group 150 Use the no version to disassociate this NFS server from the current...

Страница 348: ...to access and configure the loopback interface Provides a stable address to minimize impact of a physical interface going down Example host1 config interface loopback 20 host1 config if ip address 10...

Страница 349: ...3 config telnet listen port 3223 Use the no version of the command to delete the daemon See telnet listen Configuring DNS You can configure virtual routers to act as name resolvers for Domain Name Ser...

Страница 350: ...to the same local domain you do not need to configure name resolvers on both virtual routers For more information see Using One Name Resolver for Multiple Virtual Routers on page 322 References For m...

Страница 351: ...an use the same default domain name If you map an unqualified hostname one without a domain name to an IP address with the host ftp command the domain name is appended to the hostname before the name...

Страница 352: ...irtual router default ip domain lookup Use to configure a virtual router to use the name servers you configured for another virtual router Example host1 boston config ip domain lookup transit virtual...

Страница 353: ...ess the core dump file and analyze it to determine what went wrong Local core dumps stored in NVS are enabled by default You can enable the core dump from Boot mode or Global Configuration mode CAUTIO...

Страница 354: ...4 Specify the gateway through which the system sends the core dump file to the FTP server 5 Optional Set a username and password for FTP access to the server where you want to transfer the core dump f...

Страница 355: ...d Example host1 config exception protocol ftp 8 user_core 8 user_password Use the no version to restore the default settings See exception protocol ftp exception source Use to set the IP address and m...

Страница 356: ...nfigured to send the core dump file Interface netmask Mask of the system interface configured to send the core dump file Gateway IP address Address of gateway configured between the system and the FTP...

Страница 357: ...ocess Only those core dump files that have already been transferred from NVS are considered for deletion Of those the oldest files are deleted first and the router generates a log message for each cor...

Страница 358: ...the no version to revert the core dump monitor interval to its default value 60 minutes See exception monitor interval Viewing Core Dump Monitor Status To view information about core dump monitor stat...

Страница 359: ...you must transfer the file to a network host before it can be examined You can transfer the core dump file when the module is back online or has assumed a redundant status For information about the st...

Страница 360: ...e copy Capturing and Writing Core Dumps You can capture and write a core dump to a file for an active or a standby SRP module or the line modules You can store the file on the file system or on a netw...

Страница 361: ...ignation on the systems s backplane This slot number is different from the chassis slot number that appears on the front of the chassis and in screen displays for example in the display resulting if y...

Страница 362: ...the object you specify Field descriptions Track Name of the object being tracked IP Route IP prefix being tracked Virtual router Virtual router on which the object resides First hop interface Outgoing...

Страница 363: ...hen you report a problem with your router customer support personnel from the Juniper Networks Technical Assistance Center JTAC may request that you issue the show tech support command This command wa...

Страница 364: ...ng show tech support Use to display technical support information used by Juniper Networks customer support personnel to assist in troubleshooting the router Example host1 show tech support Show Techn...

Страница 365: ...the no version to set the threshold parameter to its default value for rising 90 percent of the maximum value of the resource for falling 1 percent of the maximum value of the resource for hold down t...

Страница 366: ...pe location capacity value threshold ip interface system 32000 1 28800 ip interface slot 3 8192 0 7373 ip interface slot 4 4095 0 3686 atm sub if interface system 65536 0 58982 atm vc interface system...

Страница 367: ...n of the router a specified virtual router a specified interface or a specified category of router settings See full description and examples in show configuration on page 268 on show configuration on...

Страница 368: ...space used power States of power feeds AC power For ERX310 router only states of power feeds srp redundancy Availability of a redundant SRP module slots cards missing or offline Status of each slot o...

Страница 369: ...perature Temperature of the corresponding I O module or IOA IOA temperature status Temperature condition of the corresponding I O module or IOA normal Temperature is in normal range too hot Module is...

Страница 370: ...ng above 70C IOA temperature ranges below 5C is too cold above 80C is too hot low temperature warning below 10C high temperature warning above 70C Example 2 Displays the environment of an E320 router...

Страница 371: ...elow 5C is too cold above 79C is too hot low temperature warning below 10C high temperature warning above 70C Example 3 Displays the environment on an E120 router host1 show environment all chassis 11...

Страница 372: ...51C IOA temperature ranges below 5C is too cold above 79C is too hot low temperature warning below 10C high temperature warning above 56C Example 4 Displays the temperature status table on an E120 rou...

Страница 373: ...ost1 show fabric weights Fabric scheduler weights multicast 1 unicast 8 See show fabric weights show hosts Use to display a list of configured network servers Field descriptions Static Host Table Info...

Страница 374: ...ocation total running time msec Time the process has been running percent running time Percentage of the total running time attributable to this process average time per invocation usec Average number...

Страница 375: ...ne these keywords in specific ways to display information combinations of application slot and virtual router The appearance of parentheses in the output is significant The parentheses indicate partia...

Страница 376: ...the listed application or router headroom Amount of memory overage available to each listed application or virtual router if needed 100 indicates an unlimited headroom that is no memory limits are se...

Страница 377: ...with this command Field descriptions Entry Number of entry in the reboot history numbers range from lowest most recent reset to highest oldest reset time of reset Timestamp for reset run state State o...

Страница 378: ...specified virtual router a specified interface or a specified category of router settings See full description and examples in show running configuration on page 270 See show running configuration sh...

Страница 379: ...e of the following conditions exists the primary line module has no IOAs or the primary line module has IOAs but they have failed diagnostics or the standby line module has taken over for the primary...

Страница 380: ...slot state type admin spare running release slot uptime 0 standby SRP 10Ge enabled erx_7 1 0 rel 1 online SRP 10Ge enabled erx_7 1 0 rel 25d03h 28m 49s 2 3 4 online CT3 12 enabled erx_7 1 0 rel 25d03h...

Страница 381: ...4 seconds since FRI JUL 28 2006 09 08 14 UTC running slot state type admin spare release slot uptime 0 online LM 4 enabled 7 3 0 rel 3d01h 29m 01s 0 0 present 10GE IOA enabled 0 1 1 online LM 4 enable...

Страница 382: ...M IOA enabled 16 online LM 4 enabled 7 3 0 rel 3d01h 25m 17s 16 0 present OC3 STM1 8 ATM IOA enabled 16 1 present OC3 STM1 8 ATM IOA enabled Example 4 Displays the version of an E120 router host1 show...

Страница 383: ...lot uptime 0 0 0 0 1 1 online LM 10 enabled 8 2 0b0 9 rel 1d08h 32m 35s 1 0 1 1 present GE 8 IOA enabled 2 online LM 10 enabled 8 2 0b0 9 rel 1d08h 32m 29s 2 0 2 1 present GE 8 IOA enabled 3 3 0 3 1 4...

Страница 384: ...354 Monitoring the System JUNOSe 11 1 x System Basics Configuration Guide...

Страница 385: ...e of Line Modules on ERX7xx Models and the ERX1410 Router on page 373 Managing Flash Cards on SRP Modules on page 378 Updating the Router with JUNOSe Hotfix Files on page 392 Managing the Ethernet Por...

Страница 386: ...rate performance or to allow line modules to operate at a rate dependent on the resources available For more information see Configuring Performance Rate of Line Modules on ERX7xx Models and the ERX14...

Страница 387: ...les can be installed in slots 0 5 and 11 16 Both the E120 and E320 routers have two turbo slots numbered 2 and 4 When a line module is installed in a turbo slot it spans slots 2 3 and 4 5 The bandwidt...

Страница 388: ...he slot is populated with another active IOA it continues to operate Depending on the IOA type you can manage IOAs from certain slots or bays Table 39 on page 358 lists the IOA management information...

Страница 389: ...t applicable Yes Full height IOA slots 0 and 11 only ES2 S1 Redund Yes Not applicable Not applicable Yes Yes ES2 SRP IOA For more information about interface types and specifiers for the E120 and E320...

Страница 390: ...port to access the router from the CLI or SNMP For more information see Managing the Ethernet Port on the SRP Module on page 402 For information about using high availability mode for stateful SRP swi...

Страница 391: ...y default You do not however enable the fabric slice that resides on the slot Use the srp keyword to enable only the portion of the SC subsystem that resides on a specified SRP module Use the fabric k...

Страница 392: ...itchover or revert can be triggered by the line module reboot To prevent undesired line module redundancy actions issue the redundancy lockout command for the primary line module slot before issuing t...

Страница 393: ...sue the halt command which stops operation on that module If the router contains both primary and redundant SRP modules you can specify which modules the command should affect You can also configure t...

Страница 394: ...uting the halt command Otherwise the SRP module will automatically reboot Examples host1 halt host1 halt primary srp host1 halt standby srp force There is no no version See halt Replacing Line Modules...

Страница 395: ...eplacing a Line Module by Erasing the Slot Configuration Use this procedure when you must erase the slot configuration to replace line modules on the ERX routers or on E120 and E320 routers For inform...

Страница 396: ...e line module or all of the line modules in a redundancy group using this procedure NOTE In some cases the ES2 4G LM and ES2 10G LM support different system maximums and protocols Before you replace a...

Страница 397: ...ow version command to ensure that the status of the line module is disabled mismatch host1 show version Juniper Edge Routing Switch E120 running slot state type admin spare release slot uptime 0 1 onl...

Страница 398: ...her IOA in the E120 or E320 router for example an ES2 S1 GE 4 IOA in an IOA bay that previously contained an ES2 S1 OC3 8 STM1 ATM IOA consider whether the IOA that you are replacing supports hot swap...

Страница 399: ...d the operating router boot reload For more information about the reload and boot config commands see Booting the System on page 509 adapter accept Use to delete the configuration of the IOA in the sp...

Страница 400: ...pter erase slot accept Use to delete the configuration of the module in the selected slot after you install a different type of module This command enables you to create a fresh configuration for the...

Страница 401: ...module and the SC subsystem in slot 7 applies only to E120 and E320 routers host1 config slot accept 7 Example 3 Accepts the configuration of the SC on the SRP module in slot 7 applies only to E120 a...

Страница 402: ...d install a software release that supports the new module Line Modules If the router uses a software version that does not support a line module that you install you see the message unrecognized board...

Страница 403: ...ormance See Choosing a Combination of Line Modules on page 373 2 Disable slots that contain unwanted line modules or modify the combination of line modules in the router See Disabling and Reenabling L...

Страница 404: ...re from one SRP switch exceeds the bandwidth that the SRP switch can supply per slot group Table 40 on page 374 shows the bandwidth that each line module requires for line rate performance and the swi...

Страница 405: ...he available bandwidth However if one line module is using less bandwidth than it is allocated the other line module can use more bandwidth than it is allocated and can operate at a greater rate Table...

Страница 406: ...ine modules that require maximum bandwidth in slot 2 3 or 4 Two OCx STMx ATM line modules total 2 44 Gbps in slot group 1 a GE FE line module 2 46 Gbps in slot group 3 and an OCx STMx POS line module...

Страница 407: ...mple 1 This example shows the display when bandwidth oversubscription is enabled host1 show bandwidth oversubscription Bandwidth oversubscription is currently in effect Example 2 This example shows th...

Страница 408: ...ard the second card is reserved for the storage of core dumps In this documentation the flash card on the primary SRP module is referred to as the primary flash card the flash card on the redundant SR...

Страница 409: ...served for the E120 and E320 routers flash card slots disk0 disk1 standby disk0 and standby disk1 For backward compatibility you can use the name standby which is equivalent to standby disk0 You can u...

Страница 410: ...mmand for the card and then ejecting the card Always reboot the router using the rebooting procedure See Booting the System on page 509 Do not reboot the router by switching it off and on Installing a...

Страница 411: ...ce keyword to force the dismount even when files on the flash disk are open for modification See mount Synchronizing Flash Cards NOTE The information in this section does not apply to the ERX310 route...

Страница 412: ...missing files from becoming the primary and overwriting files or directories on the primary module synchronize Use to force the file system of the redundant SRP module to synchronize with the flash fi...

Страница 413: ...and you see a warning message on the console To resolve this issue either delete unwanted files from the primary flash card or replace the redundant flash card with a higher capacity flash card Disab...

Страница 414: ...ash Cards on page 381 for details 2 Issue the flash disk compare command specifying whether to perform the checksum validation for all files in NVS or only for configuration files host1 flash disk com...

Страница 415: ...e synchronized between the primary and redundant SRP modules it does not validate log files core dump files and other files that are excluded from the system synchronization process Specify one of the...

Страница 416: ...tically rebooted to load the armed release Optionally you can use the low level check keyword to force the router to validate all files or only configuration files in NVS and to synchronize all files...

Страница 417: ...e flash disk initialize command flash disk initialize Use to reformat the flash card You can perform a low level format of the flash card On the E120 and E320 routers only you can use this command to...

Страница 418: ...This CLI enters Boot mode boot prompt If you do not press the mb key sequence the reloading process continues and returns the CLI to the normal User Exec mode 2 Issue the flash disk duplicate command...

Страница 419: ...d as disk1 You can issue this command in Boot mode for either flash card In Privileged Exec mode you can use the disk1 keyword to access the unmounted second flash card while the router is in an opera...

Страница 420: ...s NVS and finds one file with an error The user then issues the flash disk scan with the repair keyword to remove the file Finally the user scans NVS again and finds no files with errors boot flash di...

Страница 421: ...SRP module disk1 Flash card installed in slot 1 of the SRP module available only on SRP modules for the E120 and E320 routers Manufacturer Name of manufacturer of the installed flash card Capacity To...

Страница 422: ...y when the router reloads A hotfix consists of a hfx file and possibly other supporting files The hfx file manages the associated files in much the same way that a rel file manages supporting files as...

Страница 423: ...A hotfix that must be active or armed before another hotfix can be activated or armed Safe With A list of hotfixes with which another hotfix is compatible and can safely be concurrently armed or activ...

Страница 424: ...are automatically rearmed and reactivated after a reload Hotfixes and Standby SRP Modules Hotfixes are supported in redundant SRP module configurations Hotfix files are synchronized between the activ...

Страница 425: ...nding module the entire activation fails for all applicable line modules Activation failure results in the generation of an appropriate log message E Series routers do not support activation of a hotf...

Страница 426: ...eleases hotfix activate Use to manually activate the specified hotfix Each image fix contained in the hotfix is downloaded from the local flash card to the SRP module and any corresponding line module...

Страница 427: ...utput lists the hotfix by name and a unique ID number which is useful if the filename has been changed This command also displays dependencies for each hotfix that is other hotfixes that must be activ...

Страница 428: ...part of the command output or the resulting configuration script Only armed hotfixes are part of the show configuration script host1 show configuration system file system Configuration script being g...

Страница 429: ...which are hotfixes that must be activated before this hotfix can be activated Safe to repatch Hotfix ID number or numbers of hotfixes that can be concurrently active with this hotfix applies only to...

Страница 430: ...w hotfix Example Using and Monitoring Hotfixes This example presents several aspects of hotfix use In this example 6 0 1p0 5 rel is the currently armed and active release Hotfix hf63035 hfx is compati...

Страница 431: ...armed startup hotfixes hf63035 hfx hf63036 hfx and hf63037 hfx Only hf63036 hfx and hf63037 hfx are activated Hotfix hf63035 hfx is disarmed because it is incompatible with the new running release Th...

Страница 432: ...4 04 02 host1 show hotfix detail name active armed requires hf63035 hfx X X Managing the Ethernet Port on the SRP Module You can configure the Fast Ethernet management port to access the router from a...

Страница 433: ...erved for SRP modules on ERX7xx models slots 6 and 7 are reserved for SRP modules on ERX14xx models the E120 Router and the E320 Router When you configure the Fast Ethernet interface on an SRP module...

Страница 434: ...ual routers and vrfs are created before other commands that may need to reference them These commands will be repeated further on as each virtual router and vrf has its configuration presented virtual...

Страница 435: ...line module redundancy using the redundancy lockout command before enabling warm restart diagnostics Enabling Warm Restart Diagnostics Use the diag command to enable warm restart diagnostics on a modu...

Страница 436: ...ring a cold and a warm boot Use the normal keyword default to execute full diagnostics on the boot of the line card Use the bypass keyword to skip diagnostic tests on the boot of the line card Example...

Страница 437: ...r the slot host1 config no slot ignore diagnostic failure 12 4 Issue the show environment command to check that the slot no longer ignores diagnostic test failures host1 show environment chassis 14 sl...

Страница 438: ...es Use the following commands to view information about all router modules show hardware Use to display information about SRP modules line modules and I O modules in ERX7xx models ERX14xx models and t...

Страница 439: ...00005472 A06 2048 2 3 4 CT3 12 4305337201 3500010901 A07 128 5 OC3 OC12 DS3 ATM 4605300290 3500103958 A06 256 6 GE FE 4605340294 3500104554 A08 256 number of serial assembly assembly MAC slot type num...

Страница 440: ...0 4304206762 4500006701 04 1 104 10 SFM 100 4304206737 4500006701 04 1 104 11 12 13 14 15 16 Adapters number of serial assembly assembly MAC slot type number number rev addresses 0 0 0 1 1 0 1 1 2 0 G...

Страница 441: ...type number number rev rev Chassis 4307018011 4580002602 01 0 101 Modules serial assembly assembly ram Major Minor slot type number number rev MB rev 0 1 LM 10 4306493492 4500009501 08 1024 1 108 2 L...

Страница 442: ...y Major Minor Tray type number number rev rev 0 Primary FAN 4306505285 4400010001 01 1 101 See show hardware show utilization Use to display information about the resources that modules consume When y...

Страница 443: ...cpu field and the 5 sec cpu field display the same value 5 sec cpu Average CPU utilization percentage for each installed module during the most recent 5 second interval 1 min cpu Average CPU utilizat...

Страница 444: ...ERX310 router In this example slot 12 is empty as indicated by the symbol the CPU utilization for the FE 8 module installed in slot 10 is unavailable as indicated by the symbol and the SRP module ins...

Страница 445: ...module installed in slot 1 is unavailable as indicated by the symbol and the SRP 100 module installed in slot 7 is running an incompatible version of JUNOSe software as indicated by the symbol host1...

Страница 446: ...416 Monitoring Modules JUNOSe 11 1 x System Basics Configuration Guide...

Страница 447: ...450 Overview One of your major management responsibilities is to secure your router To do this assign passwords or secrets to the router In Global Configuration mode you can set passwords or secrets t...

Страница 448: ...that you are entering an unencrypted password host1 config enable password level 10 0 t1meout1 2 Display the encrypted password host1 config exit host1 show secret Current Password Settings encryption...

Страница 449: ...password bcA 1aeJD8 1ZDP6 with the password command Encrypting Passwords in Configuration File You can also direct the system software to encrypt passwords saved in the configuration file by using th...

Страница 450: ...remove the password See enable password enable secret Use to set a secret which controls access to the Privileged Exec mode and some configuration modes Enter the secret in plain text its unencrypted...

Страница 451: ...s Enable passwords that control access to different groups of commands A console password that controls access to the console Passwords for individual vty lines or groups of vty lines Privilege Levels...

Страница 452: ...have a finite number of seconds to press the software reset button on the SRP module You can execute this command from the console or any vty The service unattended password recovery command provides...

Страница 453: ...the software reset button see Figure 25 on page 423 within the time you specify for this command Allows you to set the number of seconds 1 60 for this procedure to be accomplished Allows you to set a...

Страница 454: ...e Privilege Levels on page 421 2 Access Privileged Exec mode and enter the enable password if prompted 3 Access Global Configuration mode 4 Access Line Configuration mode host1 config line console 0 5...

Страница 455: ...ret you must follow the procedure in Setting Basic Password Parameters on page 418 to obtain the encrypted password or secret You cannot create your own encrypted password or secret you must use a sys...

Страница 456: ...nt passwords and secrets show secrets Use to display all passwords and secrets Passwords and secrets appear in their encrypted form In the mode column inherited indicates whether a secret was inherite...

Страница 457: ...enable AAA authorization which allows you to limit the services available to a user Based on information retrieved from a user s profile the user is either granted or denied access to the requested se...

Страница 458: ...password See login password Use to specify a password on a single line or a range of lines If you enable password checking but do not configure a password the system will not allow you to access virt...

Страница 459: ...r expected user input Never Indicates that there is no time limit exec banner Status for the exec banner enabled or disabled This banner is displayed by the CLI after user authentication if any and be...

Страница 460: ...on host1 config aaa authentication enable default tacacs radius enable 4 Optional Enable authorization and create an authorization method list host1 config aaa authorization commands 15 boston if auth...

Страница 461: ...automatically assigned to the vty lines To allow users to access the vty lines you must create an authentication list and either Name the list default Assign a different name to the authentication lis...

Страница 462: ...designate one or more security protocols in the method list to be used for authorization If the initial method fails the next method in the list is used The process continues until either there is su...

Страница 463: ...a authorization command and define a named authorization method list or use the default method list for a particular type of authorization you must apply the defined list to the appropriate lines for...

Страница 464: ...ed password 5 Secret 7 Encrypted password NOTE To use an encrypted password or a secret you must follow the procedure in Setting Basic Password Parameters on page 418 to obtain the encrypted password...

Страница 465: ...gement permit ip 192 168 4 0 0 0 0 255 host1 config access list Management deny ip any any access class in Use to associate the access list with vty lines Example This example sets the virtual termina...

Страница 466: ...ruct man in the middle attacks in which unauthorized persons access messages and modify them without detection Transport The SSH transport layer handles algorithm negotiation between the server and cl...

Страница 467: ...Connection The SSH connection layer creates the user session when the user is authenticated The server waits for a connection request The router currently supports only shell requests which the serve...

Страница 468: ...own from that server it is rejected You cannot configure an SSH client to accept a new key after it has accepted a key from an SSH server You must delete the old key before a new key can be accepted P...

Страница 469: ...tware You must also configure the RADIUS client on your router See JUNOSe Broadband Access Configuration Guide for more information SSH Configuration Tasks You configure SSH on individual virtual rout...

Страница 470: ...s example removes the 3des cbc algorithm from the list of supported outbound algorithms host1 config ip ssh crypto server to client no 3des cbc The default version restores the specified list to the f...

Страница 471: ...tication protocol TACACS Use the no to restore the SSH user authentication protocol to the default RADIUS See ip ssh authentication retries ip ssh authentication retries Use to set the number of times...

Страница 472: ...bound algorithms For the server inbound means the algorithms that the server supports for information coming in from a client For the server outbound means the algorithms that the server supports for...

Страница 473: ...ip ssh mac client to server no hmac sha1 See ip ssh mac Enabling and Disabling SSH The SSH server daemon starts only if the server host key exists when the router boots The host key resides in NVS and...

Страница 474: ...rom the client supported encryption outbound Encryption algorithms supported outbound to the client supported MAC inbound Message authentication code algorithms supported inbound from the client suppo...

Страница 475: ...thentication enabled user authentication protocol TACACS retry limit 20 sleep period 600 timeout 600 connections since last system reset 4 out of 4 attempts connections since daemon startup 4 out of 4...

Страница 476: ...s and all other commands available in User Exec mode 1 Level 1 commands and all Privileged show commands 5 All commands except support and privilege change commands 10 Commands that Juniper Networks T...

Страница 477: ...Access VSA Descriptions Value Subtype Length Subtype Length Type Description VSA Single attribute enter only 0 1 5 10 or 15 sublen 18 len 26 Specifies the initial level of access to CLI commands Initi...

Страница 478: ...VR to which a user has access The default setting is the default VR Virtual Router String virtual router name sublen 21 len 26 Specifies a VR other than the VR specified by the Virtual Router VSA to w...

Страница 479: ...ere are no restrictions on VR access for any user who successfully logs in to the router For example nonrestricted users can Issue the virtual router command in Privileged Exec mode to switch to anoth...

Страница 480: ...ception dump configure show ip ssh erase secrets show line halt Denial of Service DoS Protection A denial of service DoS attack is any attempt to deny valid users access to network or server resources...

Страница 481: ...fic control protocol on a specific interface from a particular source When the system determines that a control flow is suspicious it can take corrective action on that control flow Keeping full state...

Страница 482: ...w is placed in the suspicious flow table the system inspects all packets that belong to the flow The interface controller IC and forwarding controller FC monitor the table to determine whether the sus...

Страница 483: ...setting means that the flow does not transition back to nonsuspicious based on packet rate Backoff time in seconds for each protocol After this period expires the flow transitions to nonsuspicious reg...

Страница 484: ...suspicious control flow detection Use to clear the active state for suspicious control detection If you do not specify a slot or interface clears all suspicious flows If you specify a slot clears all...

Страница 485: ...to set a threshold for a specific protocol if the flow rate falls below this rate a suspicious flow changes to the nonsuspicious state Low threshold is the rate in packets per second at which a suspic...

Страница 486: ...f groups current and past Number of groups current Number of groups currently detected and monitored Number of false negatives total Total number of flows monitored that have not become suspicious exc...

Страница 487: ...spicious control flow detection flows show suspicious control flow detection info Use to display information about suspicious flows You can specify the following keywords delta Displays statistics for...

Страница 488: ...n Creation OK 0 Atm Inverse ARP OK 0 Frame Relay LMI Control OK 0 Frame Relay Inverse Arp OK 0 Pppoe Control OK 0 Pppoe Config Dynamic Interface Column OK 0 Creation Ethernet ARP Miss OK 0 Ethernet AR...

Страница 489: ...0 IP Local Frag OK 0 IP Application Classifier HTTP Redirect OK 0 Priority Information Priority State Transitions Hi Green IC OK 0 Hi Yellow IC OK 0 Lo Green IC OK 0 Lo Yellow IC OK 1 Hi Green SC OK...

Страница 490: ...ons Router Alert 2048 1024 300 IP Multicast Broadcast Other 512 256 300 IP Multicast DHCP SC 512 256 300 IP Multicast Control SC 2048 1024 300 IP Multicast Control IC 512 256 300 IP Multicast VRRP 512...

Страница 491: ...rotocol burst enables you to configure the burst level for the protocol The burst is configurable in packets and defaults to a value in packets that is one half of the maximum rate Protocol maximum ra...

Страница 492: ...ndicates a percentage that the priority rate limiter is allowed to be oversubscribed in the range 100 1000 Attaching Groups By default each interface belongs to the default DoS protection group The na...

Страница 493: ...AT payload and update table flisInPayloadUpdateTbl Frame Relay LMI packets frameRelayControl Frame Relay inverse ARP packets frameRelayArp IPSec transport mode L2TP control packets itmL2tpControl MPLS...

Страница 494: ...calDhcpIc IP DHCP packets destined for the SC broadcast and IC not enabled ipLocalDhcpSc IP fragments not classifiable ipLocalFrag IP ICMP echo request and reply ipLocalIcmpEcho IP ICMP packets that a...

Страница 495: ...ipNormalPathMtu IP options not otherwise classified ipOptionsOther IP Router Alert ipOptionsRouterAlert OSI packets ipOsi IP packets that have been reassembled on a server card ipReassembly IP packet...

Страница 496: ...Dyn IC 1024 512 100 100 HI yellow N amic Interface Colum n Creation Ethernet ARP Miss IC 256 128 100 100 LO yellow N Ethernet ARP IC 256 128 100 100 LO yellow N DoS Protection Group Commands Use the...

Страница 497: ...s protection group Use to attach a Frame Relay DoS protection group to an interface Example host1 config if frame relay dos protection group group1 Use the no version to remove the attachment of the D...

Страница 498: ...See ipv6 dos protection group lag dos protection group Use to attach a LAG DoS protection group to an interface Example host1 config if lag dos protection group group1 Use the no version to remove th...

Страница 499: ...ity are not generally used simultaneously Example host1 config dos protection priority Hi Green IC over subscription factor 100 Use the no version to return no oversubscription value See priority over...

Страница 500: ...protection group A particular protocol can be up to the sum of the four rates configured depending on the DoS group attached to an interface Use a maximum rate of 0 for protocols that are not used Th...

Страница 501: ...s protection protocol IpLocalDhcpIc weight 100 Use the no version to set the weight to the value specified in the associated default group See protocol weight use canned group Use to create a DoS prot...

Страница 502: ...keyword displays a list of references interfaces and templates to the DoS protection group When modified appears next to the name of the DoS protection group the group or protocol within the group ha...

Страница 503: ...information about the modules supported on E Series routers See the ERX Module Guide for modules supported on ERX7xx models ERX14xx models and the ERX310 Broadband Services Router See the E120 and E32...

Страница 504: ...l A comment in the macro end expression Text after the is ignored when the macro is run and is not displayed by the CLI You can also add comments outside the control expressions by prefacing the comme...

Страница 505: ...tered by the user env getLineMasked string prompt string Returns the number of arguments passed to the macro env argc Returns the value of the nth argument such that 1 n env argc The returned value is...

Страница 506: ...rtCommandResults env stopCommandResults and env getResults commands apply to one CLI session There is no effect on CLI sessions other than the CLI session running the macro The env getResults command...

Страница 507: ...Adding Global Variables for Availability to the onError Macro Global variables can be set in any macro and retrieved without being explicitly passed in another macro The global variable is set with t...

Страница 508: ...cro terminates Macro badInt in file b mac ending execution Id 18 Unique IDs for Macros Each macro that is started has an associated macro ID The ID is displayed when the macro is started and when the...

Страница 509: ...ial value of local variables is zero Like macros local variables must have a name consisting only of letters numbers or the underline character _ The variable name must not begin with a number You mus...

Страница 510: ...performed by each operator Table 53 Operator Actions Action Operator Operation Adds the right and left sides together Arithmetic binary Subtracts the element to the right of the operator from the ele...

Страница 511: ...ght of the operator otherwise the result is false 0 Not equal to logical NOT Evaluates as true returns a 1 if the values of either the left or right sides is nonzero evaluation halts at the first true...

Страница 512: ...rtion of a string substr Substring Generates a random integer between the provided endpoints inclusive rand Randomize Rounds the value to the nearest integer round Round Truncates a noninteger value t...

Страница 513: ...d truncate These operators are equal in precedence and all take precedence over the string operator You can use the substring operator substr to extract a shorter string from a longer string To use th...

Страница 514: ...th sides of the operator are strings they are compared alphabetically If only one expression is a string the numeric value is used for comparison Arithmetic operators have a higher precedence Example...

Страница 515: ...decrement operators If there is an operand on both sides of these operators they are interpreted as the add and subtract operators Example local_abs local local_neg local All operations are performed...

Страница 516: ...aluated If the result is true nonzero the associated expression group is executed 2 If the result is false zero then the first elseif expression if present is evaluated If the result is true nonzero t...

Страница 517: ...f the macro based on a condition that changes during the execution A while construct consists of the following components An opening while expression A group of any number of additional expressions An...

Страница 518: ...than 11 i 0 while i 100 if i 2 continue endif if i 10 break endif i n endwhile While constructs will NOT iterate forever while 100 0 This is always true but the macro will eventually stop iterations e...

Страница 519: ...output console This message appears in the console window whether or not you use verbose mode endsetoutput Example 2 The following example shows how you can send a single argument to the console puts...

Страница 520: ...o demonstrates macro invocation invoking_examples name env getline What is your first name First name we will invoke the if_examples and the while_examples macros tmpl if_examples tmpl while_examples...

Страница 521: ...ion stops again and the onError macro is invoked again This process continues either until the onError macro completes or until reaching the recursion limit of 10 Detectable Macro Errors CLI macros de...

Страница 522: ...Errors You can view macro error information in the macroData log file using the show log data command and specifying the macroData keyword for the category NOTE Each execution of a macro by any user a...

Страница 523: ...interface format badInterfaceCommandMacro env setResult runStatus start theLoopCount 500 conf t while theLoopCount 0 env setResult runStatus Loop theLoopCount interface fastEthernet theLoopCount n th...

Страница 524: ...rStatus is Command execution error NOTICE 01 07 2006 09 46 57 macroData Id 402 runStatus is Loop 500 NOTICE 01 07 2006 09 46 57 macroData Macro badInterfaceCommandMacro in file testInterfaceCommand ma...

Страница 525: ...01 08 2006 07 14 18 macroData Macro startmin in file master mac ending execution Id 1 on vty 0 NOTICE 01 08 2006 07 21 50 macroData Macro badExecCommandMacro in file badExecCommandTest mac starting e...

Страница 526: ...u can copy them to the system Issue the macro command from the CLI to execute both local macros and macros stored remotely You can display the commands that are generated by the macro file without exe...

Страница 527: ...arguments to the macro if the argument contains a space or other special character you must enclose the argument within double quotation marks Use the test keyword to specify that the macro generate b...

Страница 528: ...1 config no shut host1 config clock source internal module host1 config framing cbitadm host1 config ds3 scramble host1 config interface atm 9 1 host1 config atm vc per vp 256 host1 config controller...

Страница 529: ...cheduled macros dol not run Macro scheduling supports high availability HA using mirrored storage Macros scheduled to run persist during an SRP switchover operation whether scheduled in Privilege Exec...

Страница 530: ...ng configuration joe mac is the only one reported because the other macros were scheduled in Privileged Exec mode host1 show conf include schedule schedule macro joe mac interval time of day 00 00 day...

Страница 531: ...01 macroScheduler Id 3 operation is 7 6 5 NOTICE 02 14 2007 14 35 01 macroScheduler Id 3 theResult is 210 After the macro is executed it is no longer in the list of scheduled macros host1 show schedul...

Страница 532: ...02 05 2007 16 01 50 host1 delete b mac File in use The macro macro b mac runs every 60 minutes NOTICE 02 14 2007 14 47 47 macroScheduler macro b mac started with ID 5 NOTICE 02 14 2007 14 47 49 macro...

Страница 533: ...es Cx1 serial Frame Relay interfaces calls macros cntrDs1 cx1Encap and cx1FrCir configCx1 Configures the Cx1 controller called by other macros cntrDs1 Configures Frame Relay encapsulation on serial in...

Страница 534: ...proto frType frLmi return endif ifCount env argv 1 slot env argv 2 port env argv 3 proto env argv 4 if proto fr proto frame relay ietf endif tmpl cx1Encap ifCount slot port proto endtmpl ds1FrCir if e...

Страница 535: ...r are interface Type numPorts slot port clock framing lineCoding Configure Cx1 Controller type param 1 ifCount env atoi param 2 slot param 3 port env atoi param 4 clock param 5 framing param 6 coding...

Страница 536: ...lot port 1 id n frame relay interface dlci dlci ietf id dlci endwhile port endwhile endtmpl Configuring ATM Interfaces This sample macro configures ATM interfaces based on the inputs you provide when...

Страница 537: ...elseif authType authChap ppp authentication chap endif elseif encapType encapBridged encap bridged1483 endif if loopbackStr ip unnumbered loopback loopbackStr n endif endwhile endwhile if encapType e...

Страница 538: ...f authType authChapPap ppp authentication chap pap elseif authType authChap ppp authentication chap endif elseif encapType encapBridged encap bridged1483 endif if loopbackStr ip unnumbered loopback lo...

Страница 539: ...ers See the ERX Module Guide for modules supported on ERX7xx models ERX14xx models and the ERX310 Broadband Services Router See the E120 and E320 Module Guide for modules supported on the E120 and E32...

Страница 540: ...2 line module is booting and it detects that it supports the software release on the SRP module the line module boots successfully with that software release However if the GE 2 line module detects t...

Страница 541: ...onfiguring this option causes the system to ignore only at the next reboot an autocfg scr file that you may also have configured If you specify a cnf file upon the next reboot the system resets to the...

Страница 542: ...l release configuration do either of the following Delete the reboot history file after issuing the no boot force backup command Do not configure a backup release or configuration file Use the no vers...

Страница 543: ...ill use the next time it reboots This command does not reboot the subsystem Example 1 host1 config boot subsystem ct3 rel_1_0_1 rel The boot backup subsystem version of this command enables you to con...

Страница 544: ...process resumes immediately following the reboot and completes before any application accesses its configuration data reload Use to reload the software on the system immediately Reloads the system sof...

Страница 545: ...r one minute Each time the system delays the procedure it adds a message to the os log that explains why the procedure was delayed If the system cannot reload on its sixth attempt the reboot procedure...

Страница 546: ...the force keyword the procedure will fail if the system is in a state that could lead to a loss of configuration data or an NVS corruption and the system will display a message that explains why the...

Страница 547: ...operation the current flush is halted now if the SRP module resets during the script the system boots with factory defaults If you issue the reload command to manually reset the system the system chec...

Страница 548: ...module ram MB Memory capacity of the host processor number of MAC addresses Total number of Ethernet addresses on an I O module base MAC address Lowest Ethernet address on an I O module Example host1...

Страница 549: ...load reload scheduled for TUE OCT 2 2001 10 10 00 UTC See show reload show version Use to display the configuration of the system hardware and the software version Example host1 show version Juniper E...

Страница 550: ...abled erx_7 1 0 rel 25d03h 24m 22s 6 online GE enabled erx_7 1 0 rel 25d03h 24m 44s See show version Output Filtering The output filtering feature of the show command is not available in Boot mode 520...

Страница 551: ...zing the system clocks of hosts on the Internet to Universal Coordinated Time UTC Using NTP allows the system to record accurate times of events You can view the log file of events to monitor the stat...

Страница 552: ...ystem Operation as an NTP Client To synchronize to the clock of a server the system must receive time information from NTP servers recurrently The way the system receives such information depends on h...

Страница 553: ...ceeds as follows If the offset is greater than 15 minutes the system disables NTP and displays a message advising you to check the time zone and clock settings If the offset is less than 15 minutes th...

Страница 554: ...broadcast server would also respond to any NTP unicast requests from clients If the system is configured both as an NTP client and an NTP server the system effectively synchronizes its clients to its...

Страница 555: ...ault is UTC and summer time dates before you set the clock You can set the system clock at any time This process involves the following steps 1 Set the time zone 2 Set the summer time dates 3 Set the...

Страница 556: ...ee clock summer time recurring clock timezone Use to set the time zone for display Example This sets the time zone to 5 hours behind UTC host1 config clock timezone EST 5 Use the no version to set the...

Страница 557: ...a network to which the system has an interface you do not need to configure NTP servers Simply enable the system to accept NTP broadcasts on that interface NTP Configuration Tasks By default the syste...

Страница 558: ...e system and an NTP broadcast server 4 Disable NTP on interfaces that you do not want to receive NTP communications for security or other reasons ntp broadcast client Use to enable the system to recei...

Страница 559: ...NTP server Example host1 config ping 192 35 42 1 There is no no version See ping Directing Responses from NTP Servers By default an NTP server sends a response to the interface from which an NTP reque...

Страница 560: ...rs from which the system will accept broadcasts You can enable the system to Receive time requests receive NTP control queries and synchronize itself to the servers specified on the access list Only r...

Страница 561: ...ast version 4 5 Use the no version to prevent the interface from sending NTP broadcast messages See ntp broadcast ntp master Use to specify the stratum number of a virtual router you configured as an...

Страница 562: ...boston The system is specified as an NTP server host1 virtual router boston host1 boston configure terminal host1 boston config ntp server Example 3 NTP communications are established on the virtual...

Страница 563: ...rver when it chooses the master Candidate System may consider this server when it chooses the master x Unusable Server does not meet the initial criteria for master p Preferred Server that you specifi...

Страница 564: ...sable configured Confirmation that you assigned this NTP server to the system master System has chosen this server as the master selected System will consider this server when it chooses the master ca...

Страница 565: ...of latest time samples from this peer actual timestamps displayed depends on how the server is configured Root reference at Last time at which the stratum 1 server sent an NTP reply to the server Last...

Страница 566: ...equency Error Error in the frequency of the system s clock in seconds per second Last Update Last time received from the master Root Dispersion Measure of all the errors associated with the network ho...

Страница 567: ...not this interface accepts broadcasts from NTP servers On or Off BcastServer Indication of whether or not this interface functions as a broadcast server On or Off Name Type of interface and its locati...

Страница 568: ...Address Enable BcastClient BcastServer Name 1 1 1 1 ON ON ON FastEthernet1 0 See show ntp status 538 Monitoring NTP JUNOSe 11 1 x System Basics Configuration Guide...

Страница 569: ...ated to wholesale customers corporate virtual private network VPN users or a specific traffic type Default Virtual Router When you first boot your router it creates a default virtual router The only d...

Страница 570: ...ent levels of security are available depending on the security of the tunnel used between sites Your router supports VPNs consisting of VRs or VRFs See RFC 2547 BGP MPLS VPNs March 1999 Additionally y...

Страница 571: ...s February 2006 Configuring Virtual Routers This section provides examples of some of the more common virtual router tasks There are different uses of the virtual router command You can create or acce...

Страница 572: ...error enable Configure security related options end Exit Global Configuration mode exception Configure core dump exclude subsystem Exclude copying a subsystem from the release exit Exit from the curr...

Страница 573: ...nded community Target sleep Make the Command Interface pause for a specified duration host1 western config vrf Access a VR to configure it with an interior gateway protocol IGP or exterior gateway pro...

Страница 574: ...router_all_purpose Use the no version to delete the domain map See aaa domain map ip vrf Use to create a VRF or access VRF Configuration mode to configure a VRF You must specify a route distinguisher...

Страница 575: ...executing Telnet or console commands through an external script Alternatively you might want to use this keyword if the VR being deleted has many configured VRFs and someone might attempt to re creat...

Страница 576: ...extension You can exclude information about a particular type of interface You can use the output filtering feature of the show command to include or exclude lines of output based on a text string tha...

Страница 577: ...emory Load Errors Status KB vr1 4128 0 Valid vr2 3136 0 Valid vr3 2256 0 Valid vr4 1512 0 Valid default 1024 0 Valid See show ip forwarding table slot show virtual router Use to display the virtual ro...

Страница 578: ...f Not Present Pim Not Present Rip Not Present Igmp Not Present Mld Not Present Dvmrp Not Present Virtual Router vr1 Ip Present Ipv6 Not Present Mgtm Present Mgtmv6 Not Present Bgp Not Present Isis Pre...

Страница 579: ...Total VRF Count 12 Total Count 16 See show virtual router Monitoring Virtual Routers 549 Chapter 11 Configuring Virtual Routers...

Страница 580: ...550 Monitoring Virtual Routers JUNOSe 11 1 x System Basics Configuration Guide...

Страница 581: ...Part 2 Reference Material Abbreviations and Acronyms on page 553 References on page 571 Reference Material 551...

Страница 582: ...552 Reference Material JUNOSe 11 1 x System Basics Configuration Guide...

Страница 583: ...er Map ACCM asymmetric digital subscriber line ADSL ATM end system address AESA assured forwarding AF authority and format identifier AFI authentication header AH alarm indication signal AIS alarm ind...

Страница 584: ...Bidirectional Forwarding Detection protocol BFD Border Gateway Protocol BGP broadcast multiaccess BMA bootstrap protocol BOOTP Broadband Remote Access Server B RAS Berkeley Software Distribution BSD...

Страница 585: ...nless Network Service CLNS cell loss priority CLP code division multiple access CMDA cable modem termination system CMTS change of authorization CoA channelized optical carrier cOC Common Open Policy...

Страница 586: ...n Standard triple DES DES 3DES don t fragment bit DF Dynamic Host Configuration Protocol DHCP designated intermediate system DIS data link connection identifier DLCI data link connection management in...

Страница 587: ...Routing Protocol DVMRP data exchange interface abbreviation pronounced dixie DXI E Extensible Authentication Protocol EAP external Border Gateway Protocol EBGP error checking and correction error chec...

Страница 588: ...rwarding equivalence class abbreviation pronounced feck FEC forward explicit congestion notification FECN far end receive failure FERF frame forwarding ASIC FFA forwarding information base FIB first i...

Страница 589: ...ed Numbers Authority IANA Inter Access Point Protocol IAPP internal Border Gateway Protocol IBGP Industry Canada Communications Section IC CS International Code Designator ICD Internet Control Message...

Страница 590: ...tocol IRDP Internet Security Association and Key Management Protocol ISAKMP Integrated Services Digital Network ISDN Intermediate System to Intermediate System IS IS IPSec Service module ISM Internati...

Страница 591: ...abel only inferred PSC LSP L LSP local management interface link management interface LMI L2TP network server LNS loss of frame LOF loss of pointer LOP loss of signal LOS link state advertisement LSA...

Страница 592: ...sometimes referred to as multiprotocol Border Gateway Protocol MP BGP Multiprotocol Label Switching MPLS multicast router information mrinfo multilink maximum received reconstructed unit MRRU maximum...

Страница 593: ...nonstop forwarding NSF not so stubby area refers to OSPF routing NSSA Network Time Protocol NTP nonvolatile random access memory NVRAM nonvolatile storage NVS O operations administration and manageme...

Страница 594: ...rate PCR protocol data unit PDU provider edge router PE Protocol Field Compression PFC perfect forward secrecy PFS per hop behavior PHB penultimate hop pop PHP Policy Information Base PIB Protocol Ind...

Страница 595: ...ion PVC Q quality of service QoS R Remote Authentication Dial In User Service RADIUS route distinguisher RD relational database system RDBS remote defect indication RDI random early detection RED remo...

Страница 596: ...SCCRQ Simple Certificate Enrollment Protocol SCEP sustained cell rate SCR small computer system interface abbreviation pronounced scuzzy SCSI Synchronous Digital Hierarchy SDH synchronous dynamic ran...

Страница 597: ...small outline dual inline memory module SODIMM Synchronous Optical Network SONET security policy database SPD shortest path first SPF security parameter index SPI strict priority queues SPQ soft perm...

Страница 598: ...rvice line module TSM time to live TTL tributary unit TU tributary unit group TUG transmit TX U unit of measurement for rack mounted equipment a U is 1 75 in or 4 44 cm U unspecified bit rate UBR User...

Страница 599: ...t VDC very high bit rate digital subscriber line VDSL virtual local area network VLAN voice over Internet Protocol VoIP virtual output queue length VOQL virtual path VP virtual path connection VPC vir...

Страница 600: ...ernet Name Service Microsoft WINS wireless local area network WLAN wireless local loop WLL weighted random early detection WRED weighted round robin WRR X combined term used to refer to ADSL HDSL SDSL...

Страница 601: ...re Emulation Edge to Edge PWE3 Asynchronous Transfer Mode ATM Transparent Cell Transport Service February 2007 MPLS RFC 4875 Extensions to Resource Reservation Protocol Traffic Engineering RSVP TE for...

Страница 602: ...Router Redundancy Protocol VRRP April 2004 PPP7 3 0b1 RFC 3748 Extensible Authentication Protocol EAP June 2004 L2TP over IPSec RFC 3715 IPsec Network Address Transation NAT Compatibility Requirement...

Страница 603: ...gital certificates RFC 3447 Public Key Cryptography Standards PKCS 1 RSA Cryptography Specifications Version 2 1 February 2003 MPLS RFC 3443 Time To Live TTL Processing in Multi Protocol Label Switchi...

Страница 604: ...for Asynchronous Transfer Mode ATM Ethernet and Transmission Control Protocol TCP June 2002 IP multicasting ANCP RFC 3292 General Switch Management Protocol GSMP V3 June 2002 IP RFC 3291 Textual Conv...

Страница 605: ...y 2001 MPLS VPLS RFC 3036 LDP Specification January 2001 MPLS RFC 3035 MPLS using LDP and ATM VC Switching January 2001 MPLS RFC 3032 MPLS Label Stack Encoding January 2001 MPLS RFC 3031 Multiprotocol...

Страница 606: ...er 2000 GRE RFC 2890 Key and Sequence Number Extensions to GRE September 2000 RADIUS RFC 2869 RADIUS Extensions June 2000 RADIUS RFC 2868 RADIUS Attributes for Tunnel Protocol Support June 2000 RADIUS...

Страница 607: ...Requirements for Traffic Engineering over MPLS September 1999 Policy management QoS RFC 2698 A Two Rate Three Color Marker September 1999 Policy management RFC 2697 A Single Rate Three Color Marker S...

Страница 608: ...rotocol Extensions for IPv6 Inter Domain Routing March 1999 BGP RFC 2519 A Framework for Inter Domain Route Aggregation February 1999 PPPoE RFC 2516 Method for Transmitting PPP over Ethernet PPPoE Feb...

Страница 609: ...r 1998 IPv6 Neighbor Discovery RFC 2461 Neighbor Discovery for IP Version 6 IPv6 December 1998 IPv6 RFC 2460 Internet Protocol Version 6 IPv6 December 1998 Digital certificates RFC 2459 Internet X 509...

Страница 610: ...FC 2328 OSPF Version 2 April 1998 System management RFC 2308 Negative Caching of DNS Queries DNS NCACHE March 1998 RADIUS RFC 2284 PPP Extensible Authentication Protocol EAP March 1998 BGP RFC 2270 Us...

Страница 611: ...nformation Base for the Internet Protocol using SMIv2 November 1996 Mobile IP RFC 2006 The Definitions of Managed Objects for IP Mobility Support using SMIv2 October 1996 IP tunnels RFC 2003 IP Encaps...

Страница 612: ...Framing July 1994 PPP MLPPP cOCx STMx channelized E1 channelized T1 channelized T3 E3 and T3 interfaces RFC 1661 The Point to Point Protocol PPP July 1994 BGP SNMP RFC 1657 Definitions of Managed Obje...

Страница 613: ...March 1991 SNMP RFC 1212 Concise MIB Definitions March 1991 IS IS RFC 1195 Use of OSI IS IS for Routing in TCP IP and Dual Environments December 1990 TCP IP RFC 1158 Management Information Base for N...

Страница 614: ...Protocol DARPA Internet Program Protocol Specification September 1981 IP RFC 768 User Datagram Protocol August 1980 Draft RFCs NOTE IETF drafts are valid for only 6 months from the date of issuance T...

Страница 615: ...rt of ATM Over MPLS Networks draft ietf pwe3 atm encap 07 txt April 2005 expiration Layer 2 services Encapsulation Methods for Transport of Ethernet Frames Over IP MPLS Networks draft ietf pwe3 ethern...

Страница 616: ...f l2tpext proxy authen ext eap 01 txt December 2006 expiration L2VPNs Layer 2 VPNs over Tunnels draft kompella l2vpn l2vpn 01 txt July 2006 expiration MPLS LDP IGP Synchronization draft jork ldp igp s...

Страница 617: ...iguration Method draft dukes ike mode cfg 02 txt March 2002 expiration TACACS The TACACS Protocol Version 1 78 draft grant tacacs 02 txt January 1997 expiration Layer 2 services Transport of Layer 2 F...

Страница 618: ...QoS DSL DSL Forum Technical Report TR 059 DSL Evolution Architecture Requirements for the Support of QoS Enabled IP Services Dynamic VLANs PPPoE DHCP DSL Forum Technical Report TR 101 Migration to Eth...

Страница 619: ...onnectionless mode network service ISO 8473 BERT Patterns ITU O 151 Error performance measuring equipment operating at the primary rate and above October 1992 BERT Patterns ITU O 153 Basic parameters...

Страница 620: ...r User Network Interfaces Including DS1 ATM 1997 Safety AS NZS 3260 1993 Safety of Information Technology Equipment Including Electrical Business Equipment EMC AS NZS 3548 1995 CISPR 22 Class A Safety...

Страница 621: ...vision 1 February 1999 Safety IEC 825 1 Safety of Laser Products Part 1 Safety IEC 60950 1 2001 10 Ed 1 0 Information technology equipment Safety Part 1 General requirements EMC IECS 003 Issue 3 Class...

Страница 622: ...592 Hardware Standards JUNOSe 11 1 x System Basics Configuration Guide...

Страница 623: ...Part 3 Index Index on page 595 Index 593...

Страница 624: ...594 Index JUNOSe 11 1 x System Basics Configuration Guide...

Страница 625: ...ter accept 369 adapter disable 362 adapter enable 362 adapter erase 370 Address Family Configuration mode 70 89 address family ipv4 command 89 address family vpnv4 command 89 agent SNMP 148 algorithm...

Страница 626: ...max size 200 bulkstats collector primary receiver 200 bulkstats collector secondary receiver 200 bulkstats collector single interval 200 bulkstats file format endOfLine Lf 237 bulkstats interface typ...

Страница 627: ...unning configuration startup configuration 277 copy startup configuration 277 examples 301 copying the software release file 130 135 138 core dump files for troubleshooting 290 323 core dumps 330 corr...

Страница 628: ...ion applications 4 private line aggregation 4 editing on command line interface 67 enable commands enable 49 70 255 447 enable password 420 enable privilege level 422 enable secret 420 enable password...

Страница 629: ...ing 408 517 HDLC parameters 12 help 255 CLI system 63 help command 64 66 258 history command 67 hmac md5 authentication for SSH 437 hmac sha1 authentication for SSH 437 hmac sha1 96 authentication for...

Страница 630: ...ion mode 75 IS IS protocol 24 issuing commands from other CLI modes 255 J Juniper Networks E Series enterprise SNMP MIB 148 K keywords 31 32 partial keyword 64 L L2 Transport Load Balancing Circuit Co...

Страница 631: ...ucts 487 writing 473 489 managed object SNMP 148 Management Information Bases See MIBs Manual Commit mode 277 manuals comments on xxix Map Class Configuration mode 78 107 Map List Configuration mode 7...

Страница 632: ...1 peers 521 replies 527 requests 522 servers 521 527 530 synchronization 523 virtual routers 521 527 NTP client configuring the system as 527 system operation as 522 ntp commands 530 ntp access group...

Страница 633: ...uous commands 52 changing command privileges 52 command exceptions 52 defining CLI 49 keyword mapping 52 password encryption 418 setting default line 60 multiple commands 59 no or default versions 52...

Страница 634: ...67 RIP Routing Information Protocol 24 Route Map Configuration mode 82 116 route maps 25 route map command 116 router commands router 88 router bgp 88 router ospf 88 router pim 88 router rip 88 Route...

Страница 635: ...show ntp associations 533 show ntp associations detail 533 show ntp status 533 show nvs command 392 show processes command 290 344 show reboot history command 345 show reload command 519 show running...

Страница 636: ...proxy 173 snmp server trap source 168 snmp server user 160 SNMP Event Manager Configuration mode 83 119 SNMP traps 148 167 240 enabling 168 software compatibility 372 configuration 130 135 backing up...

Страница 637: ...51 suspicious control flow detection grouping off 451 suspicious control flow detection off 451 suspicious control flow detection protocol backoff time 451 suspicious control flow detection protocol l...

Страница 638: ...e 84 121 traffic class command 120 traffic class group command 121 transport protocols xDSL 6 traps command 173 traps SNMP categories 168 configuring 167 configuring notification logs for 173 configur...

Страница 639: ...PN routing and forwarding instance See VRF VPNs virtual private networks 541 VR Group Configuration mode 85 123 VRF VPN routing and forwarding instance 539 VRF Configuration mode 85 123 VRRP Virtual R...

Страница 640: ...610 Index JUNOSe 11 1 x System Basics Configuration Guide...

Отзывы:

Нет отзывов

Похожие инструкции для JUNOSe 11.1

Бренд: Canon Страницы: 2

Pixma Pro9500 Series

Бренд: Canon Страницы: 31

PowerShot SD430 DIGITAL ELPH WIRELESS

Бренд: Canon Страницы: 130

PowerShot SD880 IS Digital ELPH

Бренд: Canon Страницы: 83

Бренд: Canon Страницы: 34

N1240U - CanoScan Flatbed Scanner

Бренд: Canon Страницы: 109

Venture IP Telephone System

Бренд: Aastra Страницы: 10

DocuColor 45054549

Бренд: Xerox Страницы: 30

Software Audio Processor DLA

Бренд: Waves Страницы: 6

Бренд: AMD Страницы: 120

Бренд: Acer Страницы: 32

Altos RAIDWatch

Бренд: Acer Страницы: 212

Бренд: GE Страницы: 82

Veritas CommandCentral 5.1

Бренд: Symantec Страницы: 52

Бренд: Seagate Страницы: 2

Бренд: Creative Страницы: 84

Бренд: Extron electronics Страницы: 37

Бренд: I.R.I.S. Страницы: 10

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды