Juniper JUNOSE 11.3 Скачать руководство пользователя страница 451 | Manualshive

Страница: 451 / 632

background image

•

Use the

no

version to remove the access list.

•

See access-list.

Secure System Administration with SSH

The system supports the SSH protocol version 2 as a secure alternative to Telnet for
system administration.

NOTE:

Versions earlier than 2.0.12 of the SSH protocol client are not

supported. The SSH server embedded within the router recognizes SSH clients
that report an SSH protocol version of 1.99, with the expectation that such
clients are compatible with SSH protocol version 2.0. Clients that report an
SSH protocol version of 1.99 apparently do so to determine the protocol
version supported by the server.

SSH provides the following major features:

•

Server authentication through a Diffie-Hellman key exchange—Protects against hackers
interjecting mimics to obtain your password. You can be confident that you are
connected to your own router.

•

User authentication—Ensures that the router is allowing connection from a permitted
host and remote user.

NOTE:

Digital Signature Standard (DSS) public key user authentication

for SSH is not supported. Only password type SSH user authentication is
supported. RADIUS and password authentication are the only
user authentication protocols currently supported. RADIUS authentication
is enabled by default. If authentication is disabled, then all SSH clients that
pass protocol negotiation are accepted.

•

Data encryption and key-protected hashing—Provides a secure, trustable session to
the upper-layer user interface. Encryption provides confidentiality by preventing
unauthorized persons from listening in on management traffic. Encryption and hashing
ensure data integrity to obstruct man-in-the-middle attacks, in which unauthorized
persons access messages and modify them without detection.

Transport

The SSH transport layer handles algorithm negotiation between the server and client
over TCP/IP. Negotiation begins when the SSH client and server send each other textual
information that identifies their SSH version. If they both agree that the versions are
compatible, the client and server exchange lists that specify the algorithms that they
support for key exchange, encryption, data integrity through a message authentication
code (MAC), and compression. Each party sends two lists. One list has the algorithms
supported for transmission; the other has the algorithms supported for receipt. The

421

Copyright © 2010, Juniper Networks, Inc.

Chapter 7: Passwords and Security

«
...
449
450
451
452
453
...
»

Содержание JUNOSE 11.3

Страница 1: ...JunosE Software for E Series Broadband Services Routers System Basics Configuration Guide Release 11 3 x Published 2010 10 04 Copyright 2010 Juniper Networks Inc...

Страница 2: ...S Patent Nos 5 473 599 5 905 725 5 909 440 6 192 051 6 333 650 6 359 479 6 406 312 6 429 706 6 459 579 6 493 347 6 538 518 6 538 899 6 552 918 6 567 902 6 578 186 and 6 590 785 JunosE Software for E S...

Страница 3: ...re physically contained on a single chassis c Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s us...

Страница 4: ...ATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort inclu...

Страница 5: ...ree years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http...

Страница 6: ...Copyright 2010 Juniper Networks Inc vi...

Страница 7: ...37 Chapter 5 Managing the System 239 Chapter 6 Managing Modules 341 Chapter 7 Passwords and Security 403 Chapter 8 Writing CLI Macros 459 Chapter 9 Booting the System 495 Chapter 10 Configuring the Sy...

Страница 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 3 x System Basics Configuration Guide...

Страница 9: ...h 6 Line Modules I O Modules and IOAs 7 Interfaces 8 Subinterfaces 8 interface Command 8 General Configuration Tasks 9 Configuring Virtual Routers 9 Configuring IPSec 10 Configuring Physical Layer Int...

Страница 10: ...ted Commands 31 The Key 31 Backspace or Delete 31 Enter 31 Tab 32 Arrow Keys 32 The no Version 32 run and do Commands 33 show Commands 34 Redirection of show Command Output 38 Regular Expressions 39 T...

Страница 11: ...Line Editing Keys 63 Command History Keys 65 Pagination Keys 65 Accessing Command Modes 66 Exec Modes 79 Password Protection 80 Global Configuration Mode 81 Executing a Script File 81 AAA Profile Con...

Страница 12: ...onfiguration Mode 101 Policy Parameter Configuration Mode 101 PPPoE Service Name Table Configuration Mode 101 Profile Configuration Mode 102 QoS Interface Set Configuration Mode 102 QoS Interface Supe...

Страница 13: ...123 Installing Software When a Firewall Does Not Exist 124 Installing Software in Normal Operational Mode 124 Task 1 Obtain the Required Information 124 Task 2 Divert Network Traffic to Another Route...

Страница 14: ...and Reenabling SNMP Proxy 143 Communicating with the SNMP Engine 144 SNMP Attributes 145 SNMP Operations 145 SNMP PDU Types 146 Platform Considerations 146 References 147 Before You Configure SNMP 147...

Страница 15: ...g Collection Statistics 193 Understanding Schemas 203 If Stats Schema Objects 204 IGMP Schema Objects 205 Policy Schema Objects 206 QoS Schema Objects 207 Configuring Schemas 209 Mapping Bulkstats Out...

Страница 16: ...ace 269 Setting the Console Speed 269 Configuring the Display Terminal 270 Specifying the Character Set 270 Configuring Login Conditions 271 Setting Time Limits for User Login 271 Setting Time Limits...

Страница 17: ...ng IP Prefix Reachability 318 Gathering Information for Customer Support 319 Managing and Monitoring Resources 320 Enabling and Disabling the Resource Threshold Monitor 320 Viewing Resource Threshold...

Страница 18: ...es 369 Disabling Autosynchronization 369 Validating and Recovering Redundant SRP File Integrity 370 Reformatting the Primary Flash Card 373 Copying the Image on the Primary SRP Module 374 Scanning Fla...

Страница 19: ...Key Management 422 Host Key Management 422 Performance 423 Security Concerns 424 Before You Configure SSH 424 SSH Configuration Tasks 424 Configuring Encryption 425 Configuring User Authentication 426...

Страница 20: ...465 Operators 465 Assignment 468 Increment and Decrement 468 String Operations 469 Extraction Operations 469 Arithmetic Operations 470 Relational Operations 470 Logical Operations 470 Miscellaneous Op...

Страница 21: ...Considerations 510 References 510 Setting the System Clock Manually 511 Before You Configure NTP 512 Choosing NTP Servers 513 NTP Configuration Tasks 513 Enabling NTP Services 513 NTP Client Configura...

Страница 22: ...eviations and Acronyms 537 Appendix B References 559 RFCs 559 Draft RFCs 574 Other Software Standards 577 Hardware Standards 580 Part 3 Index Index 585 Copyright 2010 Juniper Networks Inc xxii JunosE...

Страница 23: ...nterface Design 19 Figure 14 Structure of ATM Protocol 19 Figure 15 ATM Interface Configuration Parameters 19 Figure 16 IP PPP Connections from the CPE on an E Series Router 20 Figure 17 Structure of...

Страница 24: ...Copyright 2010 Juniper Networks Inc xxiv JunosE 11 3 x System Basics Configuration Guide...

Страница 25: ...ftware Installation Procedure When a Firewall Does Not Exist 124 Table 14 Software Installation Procedure in Boot Mode 128 Table 15 Release Compatibility 133 Chapter 4 Configuring SNMP 137 Table 16 SN...

Страница 26: ...Modules for Line Rate Performance SRP 10G Module in an ERX1410 Router 362 Table 43 Combinations of Line Modules for Line Rate Performance SRP 5G Module in an ERX705 Router 362 Table 44 Supported Line...

Страница 27: ...information in the latest release notes differs from the information in the documentation follow the JunosE Release Notes To obtain the most current version of all Juniper Networks technical document...

Страница 28: ...ffic class low loss1 Represents text that the user must type Bold text like this host1 show ip ospf 2 Routing Process OSPF 2 with Router ID 5 5 0 250 Router is an Area Border Router ABR Represents inf...

Страница 29: ...n CD ROMs or DVD ROMs see the Portable Libraries page at http www juniper net techpubs resources index html Copies of the Management Information Bases MIBs for a particular software release are availa...

Страница 30: ...uniper net techpubs Find solutions and answer questions using our Knowledge Base http kb juniper net Download the latest versions of software and review release notes http www juniper net customers cs...

Страница 31: ...age 117 Configuring SNMP on page 137 Managing the System on page 239 Managing Modules on page 341 Passwords and Security on page 403 Writing CLI Macros on page 459 Booting the System on page 495 Confi...

Страница 32: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 3 x System Basics Configuration Guide...

Страница 33: ...odules I O Modules and IOAs on page 7 Interfaces on page 8 General Configuration Tasks on page 9 Configuring Virtual Routers on page 9 Configuring IPSec on page 10 Configuring Physical Layer Interface...

Страница 34: ...face on slot 5 adapter 0 port 0 of an E320 router host1 config interface atm 5 0 0 For more information about supported interface types and specifiers on E Series routers see Interface Types and Speci...

Страница 35: ...on The router supports Broadband Remote Access Server B RAS applications as shown in Figure 2 on page 6 In this application the router handles the aggregated output from the digital subscriber line ac...

Страница 36: ...keep the traffic logically separate and to direct packets to different destinations As shown in Figure 2 on page 6 the packets can be directed to a CLEC ISP corporate VPN or the Internet A large numb...

Страница 37: ...e On the E120 and E320 routers a single line module pairs with all available IOAs I O modules and IOAs provide the input and output connections from the network to the router Line modules connect to t...

Страница 38: ...ured IP to run over ATM and you want to reconfigure the interface to run IP over PPP over ATM you must first remove the IP interface apply PPP and then reapply IP Subinterfaces A subinterface is a mec...

Страница 39: ...nnelized T3 OCx STMx and HDLC data channels over which the higher layer protocols run 8 Configure the data link layer protocols such as Frame Relay PPP and ATM that run over these physical interfaces...

Страница 40: ...capsulating Security Payload ESP provides confidentiality and authentication functions to every data packet Authentication header AH provides authentication to every data packet For information about...

Страница 41: ...either network ingress or network egress Figure 4 E Series Router Support for Fractional T1 E1 Through T3 E3 Interfaces As shown in Figure 4 on page 11 the router can support fractional full and chan...

Страница 42: ...onfiguring Channelized T3 Interfaces There12 T3 controllers available on each CT3 12 F0 line module When you configure these T3 controllers you are actually configuring T3 DS3 lines Each T3 controller...

Страница 43: ...llowing wide area network WAN protocol encapsulations IP over PPP IP over ATM IP over PPP over ATM IP over PPP over PPPoE over ATM IP over Frame Relay Figure 6 on page 13 shows sample configuration pa...

Страница 44: ...osE Link Layer Configuration Guide for details host1 config interface pos 0 1 host1 config if encapsulation ppp host1 config if clock source internal module host1 config if loopback line host1 config...

Страница 45: ...subinterfaces Ethernet modules use the Address Resolution Protocol ARP to obtain MAC addresses for outgoing Ethernet frames and support quality of service QoS classification See JunosE Physical Layer...

Страница 46: ...l Service Interfaces You can configure both dynamic tunnels associated with L2TP and static IP tunnels on your E Series router however you must first install a Service Module SM Dynamic tunnels which...

Страница 47: ...the physical layer can be channelized E1 E3 channelized T1 T3 or a fractional service as supported by the different line module ports The HDLC layer is on top of the physical layer and can support fl...

Страница 48: ...st1 config if interface serial 0 1 1 5 1 host1 config subif frame relay interface dlci 17 ietf host1 config subif ip address 192 32 10 2 255 255 255 0 Configuring IP ATM The router supports IP over AT...

Страница 49: ...ture of the ATM protocols The physical layer SONET and or DSx Ex is the foundation and provider of layer 1 framing service The ATM layer is on top and provides cell circuit and OAM services The AAL5 l...

Страница 50: ...o transmit traffic in PPP format to other network devices Figure 16 on page 20 shows that the router supports the incoming IP PPP traffic from the CPE This traffic can then be routed to the uplink s a...

Страница 51: ...st and address response messages with peer network devices The E Series router Cisco HDLC is compatible with the Cisco Systems Cisco HDLC protocol the default protocol for all Cisco serial interfaces...

Страница 52: ...s control how traffic travels through the network Configuring Shared Interfaces and Subscriber Interfaces A shared IP interface is one of a group of IP interfaces that use the same layer 2 interface S...

Страница 53: ...networks and is an extension of the original IS IS protocol which provides routing for pure Open Systems Interconnection OSI environments This link state protocol builds a complete and consistent pic...

Страница 54: ...4 and IS IS routing tables Route maps Modify the characteristics of a route generally to set its metric or to specify additional attributes as it is transmitted or accepted by a router Route maps can...

Страница 55: ...below the physical line rate of the port and sets limits on packet flows RADIUS policy support Allows you to attached a preconfigured policy to an interface through RADIUS See JunosE Policy Managemen...

Страница 56: ...n which the router provides IP addresses to subscribers computers through Dynamic Host Configuration Protocol DHCP This method is particularly convenient for broadband cable and DSL environments or en...

Страница 57: ...onnectivity and the router hardware Managing your router using the CLI gives you access to thousands of commands The router s CLI uses an industry de facto standard look and feel which might be famili...

Страница 58: ...he JunosE Command Reference Guide to find related command modes for any command Figure 21 Command Mode Architecture Command Line Prompts Within the CLI the command line prompt identifies both the host...

Страница 59: ...if the keyword you want to specify is map class and you enter only map an error appears The error indicates that one or more possible keywords begin with map thus making your entry ambiguous Paramete...

Страница 60: ...new hostname appears in the prompt Another example is a command that requires you to enter a number from within a given range The command ip http port requires that a value be entered for the portNum...

Страница 61: ...irst protocol OSPF ripConfigure the Routing Information Protocol host1 config router When you enter the character all available choices are displayed The router again displays the command you typed Yo...

Страница 62: ...on of using the default keyword whenever the no keyword is also a choice simply enter the keyword default instead of no In most cases when you execute the default version of a command it produces the...

Страница 63: ...way you can obtain show command information without leaving configuration mode The only commands that cannot be preceded by run or do are the configure command and those commands that are already ava...

Страница 64: ...ain the text string or regular expression and excludes lines that do not contain the text string or regular expression exclude Displays output lines that do not contain the text string or regular expr...

Страница 65: ...ck line atm uni version 3 0 atm oam loopback location 0xFFFFFFFF atm vc per vp 32768 atm vp tunnel 1 10 load interval 300 no atm snmp trap link status no atm shutdown no atm aal5 snmp trap link status...

Страница 66: ...rsubscription ip domain lookup ip name server 10 2 0 3 ip domain name 789df interface ip 0 0 interface ip 2 0 interface ip s10 ip address 10 13 5 61 255 255 255 0 no ip proxy arp no ip directed broadc...

Страница 67: ...ow delta counts clock timezone UTC 0 0 no exception dump exception protocol ftp anonymous null controller sonet 2 0 sdh loopback network clock source line no shutdown path 0 overhead j1 msg hello path...

Страница 68: ...ion Appends output to the end of the specified file and displays the output to the screen The redirection is synchronized with the screen display for example if a More prompt appears the redirection h...

Страница 69: ...ginning of the input string Alternatively when used as the first character within brackets matches any number except the ones specified within the brackets Matches the end of the input string Matches...

Страница 70: ...cters and a text string Displays all output lines that contain the text string plus Displays all output lines that do not contain the text string minus Displays all output lines starting at the first...

Страница 71: ...only lines that contain the string ip host1 show config include defaults Configuration script being generated on FRI AUG 04 2006 12 48 48 UTC Juniper Edge Routing Switch ERX 700 Version 7 3 0 beta 1 6...

Страница 72: ...forces the system to filter out all comments from the remainder of the output that is output lines that contain the string The system displays only lines that do not contain the string host1 show conf...

Страница 73: ...Dampening log verbosity low bgpEng1 More Responding to Prompts For some actions the system prompts you for a response The acceptable default responses are the following You can press y or Enter to agr...

Страница 74: ...that does not finish within the expected completion time This type of status indicator is supported for the file system synchronization application and the file copy application The progress indicato...

Страница 75: ...not completed initialization The show version command can be used to display line module status Do not enter commands for a line module until its state is online Platform Considerations The CLI is su...

Страница 76: ...ress Enter To use a name your network must have a name server For example for Microsoft Windows NT enter telnet 192 168 1 13 or telnet westford2 You are connected to your E Series router when the foll...

Страница 77: ...ed with one Refer to the enable secret and enable password Global Configuration commands described in Managing the System on page 239 2 Type your password and press Enter Password Enter host1 You can...

Страница 78: ...to a lower Privileged Exec mode follow the disable command with an access level value For example host1 show privilege Privilege level is 10 host1 disable 5 host1 show privilege Privilege level is 5...

Страница 79: ...group has access to all commands in all privilege groups with a lower number than the specific group A privilege group is reachable from another privilege group when it is a member of that privilege...

Страница 80: ...1 host1 config privilege group membership 15 add 10 In Example 1 Privilege group 11 does not contain any privilege groups Privilege group 15 contains group 10 Therefore privilege group 10 and all grou...

Страница 81: ...1 config privilege group membership 8 add 14 In Example 5 Privilege group 9 contains no privilege groups Privilege group 8 contains group 14 Privilege group 7 contains group 1 Example 6 host1 config p...

Страница 82: ...contains 14 14 contains 13 13 contains 12 and so forth Privilege group 0 is reachable from every privilege group Example 10 host1 config no privilege group membership 7 In this example one privilege g...

Страница 83: ...width Example 2 host1 config privilege exec all level 5 terminal Use the all keyword to change the privilege level of groups of commands For more information see Setting Privilege Levels for Multiple...

Страница 84: ...mbers from a privilege group Example host1 config if privilege group membership clear There is no no version See privilege group membership clear CLI Command Exceptions Changing command privilege leve...

Страница 85: ...privileged command that start with the letter t host1 config privilege exec level 12 t The list of affected commands includes telnet terminal test and traceroute The following example changes all the...

Страница 86: ...you can access from a specified mode If the command specified in the privilege command changes the configuration mode all commands in the configuration will also be set to the specified privilege lev...

Страница 87: ...e privilege level of Global Configuration mode takes precedence and the privilege levels of the other commands are rendered ineffective Users can access all snmp commands at level 5 or higher host1 sh...

Страница 88: ...nes is 1 However you can use the privilege level command in Line Configuration mode to set the default login privilege for the console line or any number of vty lines To change the default privilege l...

Страница 89: ...Connected Users Use the show users detail command to view the privilege levels for all users currently connected to the router See Monitoring the FTP Server on page 298 for information about the show...

Страница 90: ...able in all command modes help Lists the keywords that begin with a certain character string partial keyword Completes the partial keyword you entered if you have provided an unambiguous abbreviation...

Страница 91: ...ftp server Configure FTP Server characteristics help Describe the interactive help system host Add modify an entry to the host table hostname Set the host system name interface Enter Interface Configu...

Страница 92: ...nfigure http server local Local IP address assignment multicast routing Enable IP multicast forwarding name server Configure DNS server pim Configure PIM Protocol prefix list Configure a prefix list e...

Страница 93: ...press Tab and your terminal beeps then you have not typed enough characters to be unambiguous host1 config int Tab host1 config interface Using Command Line Editing This section provides information a...

Страница 94: ...e session appears frozen or unresponsive Ctrl q Suspends a Telnet or console session Ctrl s Transposes character to left of cursor with character located at cursor Ctrl t Deletes entire command line C...

Страница 95: ...row keys functions only on ANSI compatible terminals such as VT100s Table 8 Command History Keys Function Key Recalls commands in history buffer starting with most recent command Repeat key sequence t...

Страница 96: ...mode use aaa profile command Prompt host1 config aaa profile Configure new AAA profiles AAA Profile Configuration Use the exit command twice to return to Global Configuration mode Press Ctrl z to ret...

Страница 97: ...to return to Exec mode From Rate Limit Profile Configuration Mode use the color mark profile command and identify the interface type IP IPv6 MPLS Prompt host1 config color mark profile Configure pack...

Страница 98: ...ion mode Press Ctrl z to return to Exec mode From Global Configuration mode use the drop profile command Prompt host1 config drop profile Configure drop profiles Drop Profile Configuration Use the exi...

Страница 99: ...ion trees MDTs IP PIM Data MDT Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use the ip service prof...

Страница 100: ...ed for a digital certificate IPSec Peer Public Key Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec mode From Global Configuration mode use...

Страница 101: ...on profile command Prompt host1 config l2tp dest profile Define the location of an LAC L2TP Destination Profile Configuration Use the exit command twice to return to Global Configuration mode Press Ct...

Страница 102: ...xec mode From the IPSec Transport Profile Configuration mode use the local ip address command Prompt host1 config ipsec transport profile local Configure preshared IKE keys for L2TP over IPSec profile...

Страница 103: ...fig policy l ist parent group Configure an internal parent group in a hierarchy Policy List Parent Group Configuration Use the exit command once to return to Global Configuration mode Press Ctrl z to...

Страница 104: ...tion mode Press Ctrl z to return to Exec mode From Global Configuration mode use the qos parameter define command Prompt host1 config qos parameter define Configure QoS parameter definitions QoS Param...

Страница 105: ...obal Configuration mode use the l2tp rate limit profile command Prompt host1 config rate limit profile Configure an IP or L2TP rate limit parameters Rate Limit Profile Configuration Use the exit comma...

Страница 106: ...onfiguration Use the exit command once to return to Global Configuration mode Press Ctrl z to return to Exec menu From Global Configuration mode use the scheduler profile command Prompt host1 config s...

Страница 107: ...c name of the subscriber policy Prompt host1 config policy Configure a nondefault subscriber policy for a subscriber client bridge group interface Subscriber Policy Configuration Use the exit command...

Страница 108: ...slot port location of the dynamic tunnel server port Prompt host1 config tunnel server Configure the maximum number of tunnel service interfaces for a dynamic tunnel server port Tunnel Server Configu...

Страница 109: ...to its default s dir Display a list of local files disable Reduce the command privilege level enable Enable access to privileged commands erase Erase configuration settings exit Exit from the current...

Страница 110: ...lete a local file dir Display a list of local files disable Reduce the command privilege level disconnect Disconnect remote CLI session enable Enable access to privileged commands exit Exit from the c...

Страница 111: ...Configuration Mode Within Global Configuration mode you can Apply features globally to a router Enable a feature or function Disable a feature or function Configure a feature or function Access all C...

Страница 112: ...specified duration translate Configure the translation map for domain name Address Family Configuration Mode From this mode you can configure address family parameters for BGP VPN services or RIP VPN...

Страница 113: ...r Configure the Unspecified Bit Rate UBR service class vbr nrt Configure the Variable Bit Rate Non Real Time VBR nrt service class vbr rt Configure the Variable Bit Rate Real Time VBR rt service class...

Страница 114: ...ctive help system log Configure logging settings macro Run a CLI macro mark Create a set TOS byte policy next hop Create a next hop policy next interface Create a next interface policy no Negate a com...

Страница 115: ...command alias command do sleep Make the Command Interface pause for a specified duration Controller Configuration Mode You can configure physical interfaces such as a T3 in Controller Configuration mo...

Страница 116: ...nfig aaa domain map charlie76 host1 config domain map address pool name Configure the address pool name for the domain name atm Configure ATM parameters default Set a command to its default s do Run a...

Страница 117: ...rotection Group Configuration Mode In this mode you can configure parameters for Denial of Service DoS protection groups From Global Configuration mode type the dos protection group command and press...

Страница 118: ...cify the index of the entry to be added or edited list List part or all of the entries in current explicit path log Configure logging settings macro Run a CLI macro next address Configure an IP addres...

Страница 119: ...ce serial Serial interface tunnel Tunnel interface Some Interface Configuration commands can affect general interface parameters such as bandwidth and clock rate For interface specific commands such a...

Страница 120: ...ause for a specified duration tunnel Configure tunnel parameters IP Service Profile Configuration Mode In this mode you can specify the information that the system uses in creating IP service profiles...

Страница 121: ...command alias command run domain name Domain name exit Exit from the current command mode help Describe the interactive help system log Configure logging settings macro Run a CLI macro no Negate a co...

Страница 122: ...you can configure the ISAKMP IKE public key that a remote peer uses for RSA authentication during the tunnel establishment phase without the need for a digital certificate From Global Configuration m...

Страница 123: ...an exec mode command alias command run domain suffix Configure a domain suffix to be appended to users on this profile exit Exit from the current command mode extended authentication Configure extend...

Страница 124: ...e for a specified duration tunnel Configure a tunnel parameter IPv6 Local Pool Configuration Mode In this mode you can specify the IPv6 local address pool from which prefixes are allocated to the requ...

Страница 125: ...he destination is necessary to enable an LAC to connect to the LNS From Global Configuration mode type l2tp destination profile the profileName an ipAddress and press Enter host1 config l2tp destinati...

Страница 126: ...tp tunnel switch profile avp Configure AVP behavior default Set a command to its default s do Run an exec mode command alias command run exit Exit from the current command mode help Describe the inter...

Страница 127: ...p interface profile and the profileName and press Enter host1 config mpls ldp interface profile shell host1 config ldp default Set a command to its default s do Run an exec mode command alias command...

Страница 128: ...Privileges on page 49 Local IPSec Transport Profile Configuration In this mode you can configure preshared IKE keys for IPSec transport profiles From the IPSec Transport Profile Configuration mode typ...

Страница 129: ...and the mapClassName you want to configure and press Enter host1 config map class frame relay testmapclass host1 config map class default Set a command to its default s do Run an exec mode command al...

Страница 130: ...rules that you can attach to an interface You can modify a policy list and update it wherever the policy list is used in the configuration To create a policy list from Global Configuration mode type...

Страница 131: ...figure a policy parameter From Global Configuration mode type the policy parameter command and specify a policyParameterType the hierarchical keyword and press Enter host1 config policy parameter para...

Страница 132: ...and mode help Describe the interactive help system ip Configure IP characteristics l2tp Configure L2TP characteristics log Configure logging settings macro Run a CLI macro no Negate a command or set i...

Страница 133: ...o sleep Make the Command Interface pause for a specified duration QoS Parameter Definition Configuration Mode In this mode you can configure QoS parameter definitions From Global Configuration mode ty...

Страница 134: ...cked VLAN subinterface vlan VLAN subinterface QoS Shared Shaper Control Configuration In this mode you can configure variables within the simple shared shaper algorithm to control the minimum dynamic...

Страница 135: ...mmand do sleep Make the Command Interface pause for a specified duration RADIUS Configuration Mode In this mode you can configure various parameters of your RADIUS authentication accounting and dynami...

Страница 136: ...applied to the ingress or egress of an interface To create a hierarchical rate limit profile for an IP interface from Global Configuration mode type rate limit profile and a profileName and add the ke...

Страница 137: ...t Multicast PIM and Open Shortest Path First OSPF From Global Configuration mode type either router rip router pim or router ospf and the processID Press Enter You are now in Router Configuration mode...

Страница 138: ...guration mode aggregate address Create an aggregate entry in BGP routing table auto summary Automatic summarization of redistributed routes to their natural network masks bgp Configure BGP default Set...

Страница 139: ...mmand Interface pause for a specified duration RTR Configuration Mode In this mode you can configure Response Time Reporter RTR parameters The RTR feature allows you to monitor your network s performa...

Страница 140: ...Set the relative weight of the node or queue Service Session Profile Configuration Mode In this mode you can set and modify Service Manager service session profile attributes such as time volume and...

Страница 141: ...g a conformed drop event default Set a command to its default s do Run an exec mode command alias command run exceeded drop threshold Set threshold for logging an exceeded drop event exit Exit from th...

Страница 142: ...y relearn Modify relearn policy run Run an exec mode command alias command do sleep Make the Command Interface pause for a specified duration unicast Modify user to user Unicast policy unknown destina...

Страница 143: ...fig aaa tunnel group storm host1 config tunnel group default Set a command to its default s do Run an exec mode command alias command run exit Exit from the current command mode help Describe the inte...

Страница 144: ...settings macro Run a CLI macro no Negate a command or set its default s run Run an exec mode command alias command do sleep Make the Command Interface pause for a specified duration tunnel Configure...

Страница 145: ...Make the Command Interface pause for a specified duration VR Group Configuration Mode In this mode you can add up to four virtual routers to the virtual router group The accounting servers of the vir...

Страница 146: ...Copyright 2010 Juniper Networks Inc 116 JunosE 11 3 x System Basics Configuration Guide...

Страница 147: ...One Router to Another on page 130 Upgrading Systems That Are Operating with Two SRP Modules on page 131 Upgrading JunosE Software on page 133 Downgrading JunosE Software on page 135 Overview If the r...

Страница 148: ...unosE release 2 Contains the release file for the E120 and E320 Broadband Services Routers the MIB directory and the Release Notes You can also download a compressed version of the software release by...

Страница 149: ...mand line interface CLI You can access the CLI through either the local console or a Telnet session If you have not yet configured the router to support Telnet then you must use the local console To i...

Страница 150: ...sk 4 Configure IP on an Interface Typically you configure IP on the Fast Ethernet interface of the SRP module To configure IP on an interface 1 Determine the slot number of the module host1 show versi...

Страница 151: ...computer you use the operating system and the network configuration To find out how to mount the release files on the network host review the manual for the operating system or contact your network ad...

Страница 152: ...command host1 config ftp server enable Task 8 Identify the Files to Transfer To identify all the files for the release use a text editor to open the software release rel file on the JunosE Software C...

Страница 153: ...ig 2 Run the boot system command specifying the rel filename of the software release For example host1 config boot system erx_x y z rel The following message appears when you issue this command WARNIN...

Страница 154: ...he CLI through either the local console or a Telnet session If you have not yet configured the router to support Telnet then you must use the local console To install the software perform the followin...

Страница 155: ...ther the interface already has an IP address On ERX7xx models ERX14xx models and the ERX310 router host1 show ip interface fastEthernet 6 0 On the E120 and E320 routers host1 show ip interface fastEth...

Страница 156: ...how host If the network host is listed go to Step 8 Otherwise proceed with Step 6 6 Add an entry to the Static Host Table so that the router can access the network host Use the host command to specify...

Страница 157: ...current configuration use the copy running configuration command host1 copy running configuration filename cnf Task 9 Reboot the System To reboot the system using the newly installed software 1 Access...

Страница 158: ...k traffic to another router 3 Access the Boot mode 4 Assign an IP address to the router 5 Configure access to the network host 6 Reset the SRP module 7 Copy the release files to the network host 8 Cop...

Страница 159: ...me password Use the host command to specify the network host name and IP address Task 6 Resetting the SRP Module To ensure that the IP addresses are properly activated you must reset the SRP module To...

Страница 160: ...different release of software 2 Run the reload command boot reload The following message appears when you issue this command WARNING Execution of this command will cause the system to reboot Proceed...

Страница 161: ...operating with an earlier software release Each SRP module keeps the system operational while you upgrade the software on the other so that you can minimize service interruption CAUTION You must upgra...

Страница 162: ...s configured to run differs from the software release it is running CAUTION The secondary SRP module does not run the new software until it reboots If you issue the srp switch command or the primary S...

Страница 163: ...ered releases you must first install Release 5 1 2 or the highest numbered 5 x x release This enables the system to support application images greater than 172 MB For example you cannot go from Releas...

Страница 164: ...that contains two SRP modules 1 Connect your antistatic wrist strap to the ESD grounding jack on your router 2 Turn off autosynchronization host1 enable host1 configure Configuring from terminal or fi...

Страница 165: ...and can be installed Downgrading JunosE Software Downgrading JunosE Software requires factory defaults installed on the router and can cause NVS and configuration script incompatibilities CAUTION We d...

Страница 166: ...Copyright 2010 Juniper Networks Inc 136 JunosE 11 3 x System Basics Configuration Guide...

Страница 167: ...network devices such as your E Series router The goal of SNMP is to simplify network management in two ways By defining a single management protocol that can be used to manage any network device from...

Страница 168: ...implyamanager a device that executes management applications that monitor and control network elements client A logical group of SNMP managed devices and clients in the same administrative domain comm...

Страница 169: ...v1 SNMPv2c and SNMPv3 protocols Enhanced security and management features supported in SNMPv3 Traps for alarm and state change events Bulk data collection and retrieval Management of virtual routers S...

Страница 170: ...ata representation across many vendors networking products Juniper Networks E Series Enterprise MIBs An enterprise MIB is defined by a single vendor In addition to providing consistency of management...

Страница 171: ...ed the device to allow the interaction Messages are received promptly users cannot save messages and replay them to alter content This feature prevents users from sabotaging SNMP configurations and op...

Страница 172: ...tandard and enterprise MIBs used to configure SNMP operation nothing Excludes all MIBs mirrorAdmin Includes the packetMirror MIB User An individual who requires access to the router The router may pro...

Страница 173: ...uter specific data is required the requestor can direct a request to a particular server for a virtual router through the base community string extension for example SNMP get public megaRouter NOTE In...

Страница 174: ...terprise number 1 4 Indicates that octets 6 15 contain information determined by the E Series router 5 The MAC address for the device For E120 and E320 routers the MAC address is a unique ID based on...

Страница 175: ...ned SNMPv3 attributes as shown in Table 19 on page 145 Table 19 Relationship Between SNMPv1 v2c and SNMPv3 Attributes SNMPv3 Value SNMPv1 v2C Value Attribute admin admin Community everything View rw r...

Страница 176: ...GetBulk is not available in SNMPv1 Get Bulk Transmitted by the client to the server to obtain the identifiers and the values of variables located after the designated variables Get Next Request Transm...

Страница 177: ...RFC 3412 Message Processing and Dispatching for the Simple Network Management Protocol SNMP December 2002 RFC 3413 Simple Network Management Protocol SNMP Applications December 2002 RFC 3414 User base...

Страница 178: ...Name objects host1 config snmp interfaces description format common 7 Optional Manage the interface sublayers compress interfaces and control interface numbering host1 config snmp server interfaces co...

Страница 179: ...he community name acts as a password and is used to authenticate messages sent between an SNMP client and a router containing an SNMP server The community name is sent in every packet between the clie...

Страница 180: ...he number of entries within a distinct view name you can configure complex views You can also have 32 access entries with distinct names per virtual router All views are on a per virtual router basis...

Страница 181: ...ach of these parameters can be up to 64 characters Example host1 config snmp server contact Bob Smith host1 config snmp server location 3rdfloor Use the no version of these commands to clear the conta...

Страница 182: ...ncoding schemes an E Series router proprietary method and a conventional industry method The proprietary method identifies each interface sublayer with its type The industry method bases the type info...

Страница 183: ...ear in the interface tables interface stack tables ipAddrTable and ipNetToMedia table Compressing a table type in an interface removes the interface from the specified table type For example if you wa...

Страница 184: ...e stack tables host1 config snmp server interfaces compress Ds1 table type interface stack tables Subsequent use of the same command on any interface in the following example Atm on the same router wi...

Страница 185: ...ctions to accommodate interface sublayers The E Series router implementation of SNMP derives index numbers in 32 bit values that are unique on a given router This numbering scheme can result in large...

Страница 186: ...les and the interface numbering method configured on the router Field descriptions Compressed Removed Interface Types List of interface types that are removed from the ifTable and ifStackTable Armed I...

Страница 187: ...stination The maximum number of entries in the SNMP trap host table in each virtual router is eight Trap Categories The router supports the following trap categories addrPool Local address pool traps...

Страница 188: ...s trap is generated the actual value of the exceeded warning threshold is displayed snmp SNMP coldStart warmStart authenticationFailure the trap option The snmp server enable traps snmp authentication...

Страница 189: ...ilter is not defined for this trap the global trap severity applies If the trap does not meet these criteria the system discards the trap If the trap does meet these criteria the trap goes to the trap...

Страница 190: ...for specific hosts using the snmp server host command If you configure global severity levels for different categories in succession the last global severity level you configure is applied to all cate...

Страница 191: ...nfigure the per category severity level as debug for the SONET trap category This setting overrides the notice trap severity level that was applicable for the SONET trap category host1 config snmp ser...

Страница 192: ...nable link status traps on an IP interface Example host1 config if snmp trap ip link status Use the no version to disable link status traps on an IP interface See snmp trap ip link status snmp trap ip...

Страница 193: ...er The SNMP trap proxy does not forward global traps that it receives from other virtual routers The corresponding SNMP agent handles global traps locally and does not forward them to the SNMP trap pr...

Страница 194: ...ed all the generated traps To identify the location of traps logged in the notification log the system assigns a consecutive index number to each SNMP trap message transmitted from the E Series router...

Страница 195: ...r notificationLog entryLimit Use to set the maximum number of notifications kept in all notification log tables The range is 1 500 which means that you can allocate up to 500 notifications across all...

Страница 196: ...t command The following are guidelines for setting the maximum ping window If you are losing traps because of scenario 1 base the maximum ping window time on the estimated time that it takes to establ...

Страница 197: ...e and the event table These tables also contain subordinate MIB tables that contain more detailed information about the trigger tests Trigger Table The trigger table mteTriggerTable lists any currentl...

Страница 198: ...falling events NOTE This release does not support the objects table Event Table The event table mteEventTable defines what action you want the device to take when a trigger occurs This action can be i...

Страница 199: ...luretrigger host1 config mgmtevent event notification id mteTriggerFailure host1 config mgmtevent event exit host1 config mgmtevent event sysadmin fallingtrigger host1 config mgmtevent event notificat...

Страница 200: ...r the discontinuity MIB value ID that you want to test host1 config mgmtevent trigger delta sampling discontinuity id 1 3 6 1 2 1 31 1 1 1 19 9 Optional Enter the discontinuity type timeStamp or timeT...

Страница 201: ...snmp agent command The agent context name is independent of the virtual router name Enable the trigger host1 config mgmtevent trigger enable Once enabled you cannot edit an event or trigger configurat...

Страница 202: ...gger threshold test absolute value rising 2000 falling 1900 delta value Use when defining delta threshold values host1 config mgmtevent trigger threshold test delta value rising 2000 falling 1900 2 De...

Страница 203: ...e virtual router Use the wildcard keyword to specify that the context name is a wildcard value NOTE Use caution when assigning wildcards Wildcards can rapidly use up trigger resources Use the limit ke...

Страница 204: ...sample The discontinuity MIB ID monitors the sample for any discontinuity errors during the sample frequency If a discontinuity error occurs the router removes the sampling for that interval Optional...

Страница 205: ...e Boolean test trigger host1 config mgmtevent trigger existence test event sysadmin existenceTrigger Example 2 Specifying a startup condition host1 config mgmtevent trigger existence test startup pres...

Страница 206: ...1 60 1 2 1 1 7 Use the no version to remove the MIB object from the trigger Removal returns the sample value id to its default 0 0 See sample set Use to perform an SNMP set operation under certain eve...

Страница 207: ...g mgmtevent trigger threshold test absolute value rising 2000 falling 1900 Example 2 Specifying a startup threshold condition host1 config mgmtevent trigger threshold test startup rising Example 3 Bin...

Страница 208: ...nmp management event Use to view statistical SNMP event information for event table entries router resources and trigger table entries Omit the events resource statistics or triggers options to obtain...

Страница 209: ...Frequency at which this trigger is sampled ObjectsOwner Not supported in this release Objects Not supported in this release Enabled State False disabled or True enabled of the trigger EntryStatus Act...

Страница 210: ...mber of failure traps sent as a result of event failures Threshold Startup Startup threshold condition for this trigger Rising Rising threshold condition for this trigger Falling Falling threshold con...

Страница 211: ...disabled of this event EntryStatus Entry status for this event Notification Notification Notification trap setting for this event ObjectsOwner Not supported in this release Objects Not supported in t...

Страница 212: ...t boolean SampleType absoluteValue ValueID 1 3 6 1 2 1 92 1 1 2 0 ValueIDLimit 0 ValueIDWildcard False ContextName router1 ContextNameLimit 0 ContextNameWildcard False Frequency 40 ObjectsOwner unitTe...

Страница 213: ...t 1 3 6 1 2 1 11 1 0 ObjectWildcard False Value 20 ContextName router ContextNameWildcard True See show snmp management event Collecting Bulk Statistics The router offers an efficient data collection...

Страница 214: ...it A collector can have up to 64 virtual routers associated with it To collect bulk statistics for a subset of all configured subinterfaces you can define the subinterfaces using the following syntax...

Страница 215: ...led Type of Interface Ip IP IP interfaces Ppp PPP PPP interfaces Ds0 Ds0 DS0 interfaces Ds1 SERIAL DS1 interfaces Ds3 SERIAL DS3 interfaces FrameRelayMajor FR Frame Relay Major interfaces Ethernet ENE...

Страница 216: ...lsIfMinor MPLS Minor interfaces PppNetwork MLPPP Ppp Network interfaces EthernetSub ENET Ethernet Sub interfaces MultilinkFrameRelay MLFR MultiLink Frame Relay interfaces IpTunnel IP TUNNEL Ip Tunnel...

Страница 217: ...ations that utilize the counters in expressions or calculations generate erroneous values and misleading graphs Because counters are 64 bits long the possibility of a counter s wrapping naturally woul...

Страница 218: ...5 8 Optional Specify the time for which the system transfers data host1 config bulkstats collector 2 interval 1000 9 Optional Set the maximum size of the bulk statistics file host1 config bulkstats c...

Страница 219: ...to specify the time interval in seconds for which the collector transfers data to the receivers Example host1 config bulkstats collector 2 interval 1000 Use the no version to set this time to the defa...

Страница 220: ...nd Example host1 config bulkstats collector 2 secondary receiver 5 Use the no version to clear the secondary receiver See bulkstats collector bulkstats collector single interval Use to set the system...

Страница 221: ...ernet interfaces frame relay Collects statistics on Frame Relay interfaces frame relay sub Collects statistics on Frame Relay subinterfaces hdlc Collects statistics on Cisco HDLC interfaces ip Collect...

Страница 222: ...sysName sysUpTime NOTE The variables in the remote name are replaced at runtime with the sysName and sysUpTime parameters to produce variable filenames on the remote host Use the no version to delete...

Страница 223: ...parameters the router uses to collect statistics use the following show bulkstats commands To include or exclude lines of output based on a text string that you specify use the output filtering featur...

Страница 224: ...Collects statistics once only XferMode Collect mode configured for the collector auto Agent transfers file when interval expires manual Network management system or the user initiates transfers onFul...

Страница 225: ...d by a management client notReady Schema does not have enough configuration information to go active error Configuration or operational error Subtree List Types of statistics the schema is configured...

Страница 226: ...us enabled OperStatus enabled Interface Description Setting industry common File Format CR LF Current Time TUE AUG 15 2002 15 54 20 UTC Intervals PrimaryXfers PrimaryFails SecondaryXfers SecondaryFail...

Страница 227: ...ollector description Use to display information about the collector s file description Field descriptions Index Index number of the bulk statistics collector FileDescription Descriptive information ad...

Страница 228: ...transfer mode Use to display information about the bulk statistics transfer mode configuration Field descriptions Index Index number of the bulk statistics collector Transfer Mode auto xfer Server aut...

Страница 229: ...tReady Interface type does not have enough configuration information to go active error Configuration operational error Example host1 show bulkstats interface type Interface Types Index Type Collector...

Страница 230: ...times the bulk statistics application detected a line module bulkstat collector s presence HdwCollectorCreates Number of line module collectors created CollectorCreateReqs Number of times the bulk st...

Страница 231: ...y server transfer failures BulkStats Collector Statistics Index Bulk statistics collector index CurrSize Current size of the bulk statistics storage file in bytes CreateErrs Number of bulk statistics...

Страница 232: ...3 UTC 2 0 0 Index Interval Start Time Interval Stop Time 1 MON JAN 24 2001 19 09 33 UTC MON JAN 24 2001 19 15 33 UTC 2 Not started N A Dynamic Interface Collector statistics CollectorIndex Slot Receiv...

Страница 233: ...ers Collector Virtual Routers 33 serviceProviderABC 655 default See show bulkstats virtual routers Understanding Schemas You can set a management schema for bulk statistics A schema is a group of attr...

Страница 234: ...rieved include the intPhysicalDesc the cpuUtilPct and the memUtilPct system If Stats Schema Objects Table 25 on page 204 describes the if stats objects that you can configure using the bulkstats schem...

Страница 235: ...ut sched pkts out sched pkts Configure If stats schema for out ucast pkts out ucast pkts Configure If stats schema for time offset time offset All the schema if stats objects in Table 25 on page 204 a...

Страница 236: ...hema Objects Definition Object Configure policy schema for all statistics all Configure policy schema for green bytes green bytes Configure policy schema for green packets green packets Configure poli...

Страница 237: ...ytes configured for the byte adjustment application if the byte adjustment application is enabled on the queue byte adjustment bytes Configure QoS schema to export the type of byte adjustment if byte...

Страница 238: ...ma to verify whether the Random Early Detect RED option is enabled on the queue RED enabled Configure QoS schema to export the scheduler profile name scheduler profile Configure QoS schema to export t...

Страница 239: ...Configure a bulk statistics schema host 1 config bulkstats schema 11 2 Assign a collector to the schema The collector determines when the queue information is exported for the schema host1 config bul...

Страница 240: ...interface record use the time offset keyword To collect the final statistics that may have been lost use the if create delete time stats keyword Example 1 Configures the schema to collect interface u...

Страница 241: ...res the schema to collect statistics for a policy named XMYpolicy host1 config bulkstats schema 4 subtree policy policy name XMYpolicy Use the no version to delete the specified schema See bulkstats s...

Страница 242: ...Bulk statistics organizes data in the form of schema definitions You can configure the schemas to retrieve specific accounting information by using the CLI or the SNMP MIB objects The schemas support...

Страница 243: ...es are assigned contiguously starting from 1 The value for each interface sub layer must remain constant at least from one re initialization of the entity s network managementsystemtothe next re initi...

Страница 244: ...d at other times as indicated by the value of ifCounterDiscontinuityTime in ucast pkts ifHCInUcastPkts RFC2863 ifHCInUcastPkts The number of inbound packets which were chosen to be discarded even thou...

Страница 245: ...y the value of ifCounterDiscontinuityTime in errors ifInErrors RFC1213 ifInErrors For packet oriented interfaces the number of packets received via the interface which were discarded because of an unk...

Страница 246: ...at this sub layer including those that were discarded or not sent This object is a 64 bit version of ifOutUcastPkts Discontinuities in the value of this counter can occur at re initialization of the m...

Страница 247: ...Octets dropped due to ingress policy support 64 bit counters in policied octets juniAcctngIfInPolicedOctets juniAcctng ifInPolicedOctets Packets dropped due to ingress policy in policied octets juniA...

Страница 248: ...lue of this counter can occur at re initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime in mcast pkts ifHCInMulticastPkts RFC2863 ifHCInM...

Страница 249: ...continuityTime out mcast pkts ifHCOutMulticastPkts RFC2863 ifHCOutMulticastPkts The total number of packets that higher level protocols requested be transmitted and which were addressed to a broadcast...

Страница 250: ...ndex RFC1213 ifIndex The SVLAN or ATM virtual path ID over which the interfaces of the specified queue are stacked SVLAN VP ID The unique traffic class name within the traffic policy configured for th...

Страница 251: ...chedulerProfile rsacctng QSchedulerProfile The statistics profile name associated with the egress queue The attribute is a 32 bit character string statistics profile rsAcctngStatisticsProfile rsacctng...

Страница 252: ...arly Detect RED is enabled for the queue RED enabled rsAcctngRedEnabled rsacctng QREDEnabled Indicates the type of shared shaping enabled on the queue shared shaping mode rsAcctngSharedShapingMode rsa...

Страница 253: ...discarded even though no errors had been detected to prevent their being received The attribute is a 64 bit integer green drop packets rsAcctngGreenDropPackets rsacctng QGreenDiscardPkts The number of...

Страница 254: ...r the data generated by schemas show bulkstats schema Use to display data on the bulk statistics schema Field descriptions Schema Information Index Index number of the schema Subtree Type of bulk stat...

Страница 255: ...nformation for a schema that is configured to collect QoS statistics for egress queue level attributes filtering out queue length and queue profile name attributes host1 show bulkstats schema Schema I...

Страница 256: ...owever in the default interface numbering mode large gaps occur from the creation of interfaces due to the use of the upper 8 bits of the ifIndex for interface type encoding Gaps are not eliminated af...

Страница 257: ...system reboot If you need the sequential number to restart remove and then add the bulk statistics receiver again You can use up to 128 characters for the remote file name Anything beyond that is trun...

Страница 258: ...ring the statistics at the time the baseline is set and then subtracting this baseline whenever baseline relative statistics are retrieved To display statistics relative to the current baseline use th...

Страница 259: ...contact person Location Router s location SNMP packets input Total number of SNMP packets received by the router Bad SNMP version errors Number of SNMP PDUs with a bad version number Unknown community...

Страница 260: ...Us Number of packets received by the SNMP engine that were dropped because the PDU in the packet could not be passed to an application responsible for handling the PDU type for example no SNMP applica...

Страница 261: ...texts 538 SNMP packets out 0 Too big errors Maximum packet size 1500 10 No such name errors 0 Bad values errors 0 General errors 538 Get response PDUs 0 SNMP trap PDUs 0 Invalid Message Report PDUs 0...

Страница 262: ...MP communities Field descriptions Community Name of the community and the associated virtual router View Name of the view Priv Access privilege for the view ro Read only access rw Read write access ad...

Страница 263: ...lost nonVolatile Does not lose contents when power is lost Example host1 show snmp group Group Name Storage Type group1 Volatile group2 NonVolatile admin Permanent mirror Permanent public Permanent p...

Страница 264: ...Level Severity level filter for a trap category this severity level overrides the globally configured trap severity level TrapCategories Types of traps enabled on the router for which trap severity i...

Страница 265: ...outer Field descriptions Trap request s Number of local traps requested Proxy trap request s Number of proxy traps requested Trap s discarded Total number of traps discarded No system memory Traps dis...

Страница 266: ...obal trap category disabled 4 Global minimum severity level 0 Trap s out 3108 Trap s proxied 0 Address TrapsDiscarded TrapsDiscrded TrapsDiscrded TrapsDiscrded Severity Category bad encoding Queue Ful...

Страница 267: ...d OID trees are not available in this view Oid Tree OID of the AS number version 1 subtree Storage SNMP storage type volatile or nonvolatile Example host1 show snmp view View Name View Type Oid Tree u...

Страница 268: ...ring feature of the show commands to include or exclude lines of output based on a text string you specify See Command Line Interface on page 27 for details Copyright 2010 Juniper Networks Inc 238 Jun...

Страница 269: ...n on page 249 Configuring the System Automatically on page 264 Saving the Current Configuration on page 264 Using the Desktop Tool for Viewing Uncompressed Text Configuration on page 267 Customizing t...

Страница 270: ...Set system passwords Managing Modules on page 341 Write CLI macros Booting the System on page 495 Boot the system Managing Modules on page 341 Manage line modules and SRP modules Platform Consideratio...

Страница 271: ...eturn the switch fabric to its default multicast to unicast ratio 15 2 See fabric weights Configuring Timing You can use the timing source command to configure three timing sources for the system Thes...

Страница 272: ...host1 config timing select secondary There is no no version See timing select timing source Use to specify how the SRP module exchanges timing signals with an interface You can specify primary seconda...

Страница 273: ...bled See show timing Using the CLI Use the commands described in this section to navigate the CLI For a complete description of the CLI see Command Line Interface on page 27 configure Use to enter Glo...

Страница 274: ...ge Privilege level is 5 There is no no version See disable do Use to issue an Exec mode command from any CLI configuration command mode Example host1 config do show configuration begin interface The d...

Страница 275: ...accessing Privileged Exec mode at the highest level 15 a password is not set for this example host1 enable 15 host1 There is no no version See enable end Use to exit Global Configuration mode or any...

Страница 276: ...ee sleep Managing vty Lines The system supports 30 virtual tty vty lines for Telnet SSH and FTP services Each Telnet SSH or FTP session requires one vty line When you connect to the router through a v...

Страница 277: ...encrypted or cipher text encrypted In either case the system stores the password as encrypted You can use the following keywords 0 zero Specifies an unencrypted password 5 Specifies a secret 7 Specifi...

Страница 278: ...access class in data character bits 8 exec timeout 3w 3d 7h 20m 0s exec banner enabled motd banner enabled login timeout 30 seconds See show line vty Clearing Lines Use the clear line command to clea...

Страница 279: ...a long time to generate and display The service show config format command enables you to run the show configuration command using one of two formats original format format 1 the default and a format...

Страница 280: ...p MikeShare2 ip share interface atm 5 1 1 interface atm 5 0 interface atm 5 0 100 point to point atm pvc 100 0 100 aal5snap 0 0 0 encapsulation pppoe pppoe sessions 1 interface atm 5 0 100 1 encapsula...

Страница 281: ...tm 5 1 103 1 encapsulation ppp ppp authentication pap interface atm 5 1 104 point to point atm pvc 104 0 104 aal5snap 0 0 0 interface atm 5 1 125 point to point interface fastEthernet 0 0 ip address 1...

Страница 282: ...0 0 atm pvc 1022 0 1022 aal5snap 0 0 0 atm pvc 1023 0 1023 aal5snap 0 0 0 interface atm 5 0 103 point to point atm pvc 103 0 103 aal5snap 0 0 0 encapsulation bridge1483 pppoe pppoe subinterface atm 5...

Страница 283: ...MikeShare2 ip share interface atm 5 1 1 interface mlppp joe interface fastEthernet 0 0 ip address 10 13 5 196 255 255 128 0 interface atm 5 0 100 1 ip address 102 0 1 1 255 255 255 0 interface atm 5...

Страница 284: ...rd to display the current configuration of a specified virtual router You can combine the virtual router keyword with the category keyword to display the current configuration of specific settings for...

Страница 285: ...nagement settings such as the CLI bulk statistics and Telnet management Physical layer protocols such as DS1 DS3 and SONET SDH physical layer protocols Policy settings such as policy lists classifier...

Страница 286: ...onfiguration script from the output by saving it as a file with the scr extension This command provides configuration information based on the privilege level of the session user The output does not d...

Страница 287: ...ication ppp default radius aaa accounting ppp default radius ip address pool local interface null 0 ip bgp community new format no ip source route snmp server End of generated configuration script Exa...

Страница 288: ...n of running configuration files and CNF files on both the primary SRP when the corruption is due to a fatal duplicate key error CNF files must be present on the active file system to monitor them you...

Страница 289: ...SRPs File synchronization and monitoring the file system are separate operations Depending on the wake up time of the monitoring task there is a period of time when corruption can occur and the file...

Страница 290: ...es You can automatically recover corrupted CFG files detected in the running configuration When you turn on auto recovery the behavior of the file synchronization stateful SRP switchover high availabi...

Страница 291: ...by SRP boots up using the last indicated configuration using the boot conf command If the file system on the primary SRP is corrupt when HA is enabled and the mode of theservicecheck configcommandhasb...

Страница 292: ...he state is restored on successful recovery Unified ISSU If unified ISSU is in the idle state the operation is disabled until successful recovery or the recovery window is complete The unified ISSU pr...

Страница 293: ...cessfully recovered monitoring of corrupt configuration resumes If recovery fails load another release on the primary SRP and run the reload force command The primary and standby SRP modules re initia...

Страница 294: ...system to load from a script not autocfg scr through the boot config command or boot backup command Saving the Current Configuration By default the system automatically saves any change to the system...

Страница 295: ...configuration file using the extractScrFromCnf pl script For more information about using the Perl script see Using the Desktop Tool for Viewing Uncompressed Text Configuration on page 267 NOTE To av...

Страница 296: ...ater Example host1 copy running configuration startup configuration There is no no version See copy running configuration startup configuration copy startup configuration Use to copy the previously sa...

Страница 297: ...m to view the text configuration embedded in the system configuration file You need to copy the system configuration file to your client system and run the desktop tool to view the uncompressed text c...

Страница 298: ...ing requirements for client systems running on Sun Solaris platforms You must have execute permissions for the files 1 By default the GCC compiler is not available on Solaris 9 and Solaris 10 platform...

Страница 299: ...ser Interface You can access the CLI through a console connected directly to the system or through a Telnet session This section describes how you can customize the user interface Some commands apply...

Страница 300: ...ersion See terminal width Specifying the Character Set You can specify the number of data bits per character for the current vty session and for all subsequent sessions on the specified vty lines This...

Страница 301: ...1 config line console 0 host1 config line dsr detect DSR is carried on pin 6 of the SRP module s RS 232 DB 9 connector The DSR input must be connected to the DSR output of a modem or the DTR output of...

Страница 302: ...or vty lines To do so 1 Access the line configuration mode using either the console or vty keyword 2 Specify the time during which the user must enter information For example host1 config line vty 0 h...

Страница 303: ...rompted for the remainder of the text after you press Enter To display a backslash as part of the message it must be immediately preceded by another backslash like this Do not use a backslash as a del...

Страница 304: ...on a particular line when a connection is initiated Banners on the lines are enabled by default the no version does not reenable banners on the lines See banner on page 273 command description for mo...

Страница 305: ...he console exec timeout Time interval that the terminal waits for expected user input Never Indicates that there is no time limit exec banner Status for the exec banner enabled or disabled This banner...

Страница 306: ...character X more message text until you enter the second delimiterX Proceed with send confirm If you do not begin the message on the same line as the send command the CLI prompts you for the message t...

Страница 307: ...he system releases available memory on an SRP module or line module automatically if that module requires extra memory for an application However you can force the system to release available memory o...

Страница 308: ...ndby SRP module The system space contains files for system operation For example the current software configuration is stored in the system space The user space is reserved for FTP server operations a...

Страница 309: ...ce depends on the features that the FTP client offers Table 34 FTP Commands That the System Supports Function FTP Command List supported commands HELP Verify username USER Verify password for the user...

Страница 310: ...hat any traffic destined for the virtual router can reach the virtual router typically you configure the FTP server to reach the default address of the system which will always be able to reach the vi...

Страница 311: ...g mac scr txt cnf dmp hty log mac rel scr txt Nonsystem files System None None cnf dmp hty log mac pub rel scr sts txt Nonsystem files cnf hty excluding reboot hty log excluding system log mac scr txt...

Страница 312: ...t is not empty However if a file in the specified directory or a specified file is marked by the file system as in use because it is required for the current operation or configuration the force keywo...

Страница 313: ...outer it is possible that files or file attributes may appear unsynchronized when they are not When enabled high availability mirrors configuration changes instantly from the active SRP to the standby...

Страница 314: ...ize of the file date Date that file was created in use An exclamation point indicates that the system is using this file Example 1 host1 dir Please wait Active standby file systems are synchronized un...

Страница 315: ...7 09 01 36 disk0 800beta5 cnf 01 02 2007 16 01 36 disk0 820beta5 cnf 05 09 2007 14 29 58 disk0 810beta16 cnf 03 15 2007 06 58 14 disk0 SRP 10Ge_3_SC_08_22_2006_07_39 dmp 08 22 2006 07 43 14 disk0 SRP...

Страница 316: ...00 07 22 08 Disk capacity Capacity Free Reserved Device bytes bytes bytes disk0 220200960 120616448 36700160 Example 4 host1 dir outgoing unshared in file size size date UTC use disk0 test scr 1204 0...

Страница 317: ...remote server named fileserver1 host1 more fileserver1 startup scripts myconfig scr There is no no version See more Transferring Files You may need to transfer files between the following locations Sy...

Страница 318: ...y remote files using the URL format and the file redirect option for the related show commands Use the host command to define the host and the appropriate file transfer protocol FTP is the default if...

Страница 319: ...ter characters can be used in the host username password and directory and file fields when added as encoded characters The encoded characters must be three characters starting with a percent and foll...

Страница 320: ...scr sts txt cnf hty log mac pub scr txt cnf hty excluding reboot hty log excluding system log mac scr txt System None None cnf hty log mac pub rel rel file only not files associated with the rel file...

Страница 321: ...ffic destined for the VR can reach the VR typically you configure the FTP server to reach the default address of the E Series router which will always be able to reach the VR 3 Add the FTP server to t...

Страница 322: ...tain a valid encrypted string is to enable password encryption by issuing the service password encryption command and then examine the output of the show configuration command Username and password en...

Страница 323: ...he interface before you issued the ip ftp source interface command Example host1 config ip ftp source address 10 10 5 21 Use the no version to restore the default in which the source address in the FT...

Страница 324: ...a local file to a remote fileby using file copy command format The following command creates or replaces the remote file shConfigForJoe txt in the directory ftpDir results on the host joe by copying...

Страница 325: ...ommand creates or replaces the local file autocfg scr by copying the remote file autocfg scr located in the directory ftpDir scripts on the host 172 28 32 156 Use the username fred to access the remot...

Страница 326: ...ts vty resources between Telnet SSH and FTP services Each FTP session requires one vty line The FTP service uses the authentication method configured for the vty lines Features The system supports the...

Страница 327: ...ate current FTP sessions and to disable the FTP server See ftp server enable Configuration Example Figure 23 on page 297 shows the scenario for this configuration example Figure 23 FTP Configuration E...

Страница 328: ...line vty 2 4 host1 config line password foobar host1 config line access class Pops in host1 config line login authentication RadiusOnly 6 Enable the FTP server host1 config ftp server enable Monitorin...

Страница 329: ...he line offers and the relative line number user Name of the user connected from Location or IP address of the user connected since Date and time that the user connected to the line idle time Amount o...

Страница 330: ...which subsystems are included in the release on the server host1 show subsystems file m x images x y z rel 2 Exclude any subsystems in the release that you do not need for the configuration host1 con...

Страница 331: ...pecified software release file Specify either a local filename or a remote path and filename to view the subsystems that are included in a software release file other than the current software release...

Страница 332: ...es how to configure the NFS client if you are using an E Series application that requires NFS based transport References The NFS client complies with the following standards RFC 1094 Network File Syst...

Страница 333: ...rce address 10 1 1 1 host1 boston config ip nfs source interface atm 3 2 6 Use the no version to delete the name server See ip nfs ip nfs host Use to configure a remote host as an NFS server for the c...

Страница 334: ...ols for example BGP Telnet or LDP to use so that they can avoid any impact if a physical interface goes down The loopback interface sends packets back to the router or access server for local processi...

Страница 335: ...or more information about port numbers and associated processes see www iana org You can force Telnet to use the IP address of an interface that you specify as its source address Example host1 telnet...

Страница 336: ...server to the name resolver For more information see Assigning Name Servers on page 306 Each virtual router can have its own name resolver and domain name However if two virtual routers use the same n...

Страница 337: ...domain name for each name resolver Multiple name resolvers can use the same default domain name If you map an unqualified hostname one without a domain name to an IP address with the host ftp command...

Страница 338: ...e a virtual router to use the name servers you configured for another virtual router Example host1 boston config ip domain lookup transit virtual router default Use the no version to stop a virtual ro...

Страница 339: ...e core dump from Boot mode or Global Configuration mode CAUTION CreateacoredumpfileonlyunderthedirectionofJuniperNetworks Customer Service Network function can be disrupted if you create a core dump f...

Страница 340: ...ess to the server where you want to transfer the core dump file 6 Optional View parameters associated with creating a core dump file Example host1 config exception dump 192 168 56 7 CORE_DUMPS host1 c...

Страница 341: ...d Use the no version to restore the default settings See exception protocol ftp exception source Use to set the IP address and mask of the system interface over which you want to send the core dump fi...

Страница 342: ...Dump protocol FTP User name user_name Password user_password Interface IP address Interface netmask Gateway IP address See show exception dump Managing Core Dump Files When a core dump occurs on a red...

Страница 343: ...tes a log message for this condition Enabling and Disabling the Core Dump Monitor The core dump monitor is disabled by default To enable the core dump monitor use the exception monitor command Use the...

Страница 344: ...and configuration Field descriptions Core dump monitor Status enabled or disabled of the core dump monitor Next dump monitor check time Time at which the core dump monitor will next check for any new...

Страница 345: ...saves the core dump file to the FTP server before the standby SRP module assumes control If the standby SRP module fails it must save the core dump file to NVS because it has no access to any configu...

Страница 346: ...ve and the standby SRP module You can use the resulting information to help diagnose a problem or to verify whether the core settings are correct primarily for the network settings write core Use to r...

Страница 347: ...in the display resulting if you issue the show version command Table 38 on page 317 shows how the chassis slot numbers relate to the hardware slot numbers Table 38 Chassis Slot Numbers Versus Hardwar...

Страница 348: ...tion that is doing the tracking Example host1 config show track ERX_Bangalore Track ERX_Bangalore IP Route 1 1 1 0 255 255 255 0 reachability in virtual router 1 Reachability is Up First hop interface...

Страница 349: ...you can issue this command the same way you issue any other show commands on the router This means that you can redirect the output from the command to a file For information about redirecting show co...

Страница 350: ...memory See show tech support Managing and Monitoring Resources The resource threshold monitor RTM allows you to set the rising and falling thresholds and trap hold down times for certain interfaces Yo...

Страница 351: ...show resource Use to display statistical information about resources and their current threshold configurations Field descriptions Resource Threshold Trap Status enabled or disabled of the resource t...

Страница 352: ...the System This section provides basic system commands that allow you to display information about the router s state The show configuration command for example allows you to display the router s ent...

Страница 353: ...ut thermal protection mode on ERX7xx models ERX14xx models and the ERX310 router see ERX Hardware Guide Chapter 9 Troubleshooting For information about thermal protection mode on the E120 and E320 rou...

Страница 354: ...ry timing signal auto upgrade Status of the auto upgrade parameter which enables the system to revert to a higher priority timing source after switching to a lower priority timing source system operat...

Страница 355: ...120 and E320 routers fabric temperature ranges Displays the temperature ranges for the SRP modules and SFMs on the E120 and E320 routers Example 1 Displays the environment of an ERX7xx model host1 sho...

Страница 356: ...0 6 13 offline 7 empty 1 2 3 4 5 11 12 14 15 16 fabric slots ok online 6 7 8 9 10 line redundancy none temperature ok timing primary primary internal SC oscillator ok secondary internal SC oscillator...

Страница 357: ...7 8 9 10 line redundancy none temperature ok timing primary primary internal SC oscillator ok secondary internal SC oscillator ok tertiary internal SC oscillator ok auto upgrade enabled fabric redund...

Страница 358: ...0 32 normal 10 SFM 120 32 normal fabric temperature ranges below 5C is too cold above 79C is too hot low temperature warning below 10C high temperature warning above 56C processor temperature ranges b...

Страница 359: ...he group Example host1 show hosts Static Host Table name ip address type host1 10 2 0 124 ftp hFtp 10 5 6 7 ftp hTftp 10 5 6 7 tftp Static Host Table name ip address type george 1111 2222 3333 4444 55...

Страница 360: ...and entry errors if any Context stats Information about the memory utilization of context switching stack applicable only for mode 2 and 3 Fault summary Information about the fault counters applicable...

Страница 361: ...r of times the process has been invoked invocations per second Frequency of the process invocation total running time msec Time the process has been running percent running time Percentage of the tota...

Страница 362: ...hunks issuing this command performs a cleanup process to gather unused available memory for reallocation You can display different output variations by using the application slot and virtual router ke...

Страница 363: ...output category that summarizes all memory that is not currently associated with any particular virtual router current size Amount of memory reserved by the listed application or virtual router utiliz...

Страница 364: ...sets You can display the current reboot hty file or a saved reboot history file If you have a redundant router it can be convenient to copy the redundant module s reboot hty file to another filename f...

Страница 365: ...Entry 3 time of reset TUE APR 10 2001 20 25 03 UTC run state unknown image type diagnostics location slot 4 build date 0x3abf3ee0 MON MAR 26 2001 13 06 40 UTC reset type user reboot task scheduler rea...

Страница 366: ...le has a hardware fault inactive On ERX routers either the I O module is not present or the primary line module is fully booted and ready to resume operation In the latter case the standby is currentl...

Страница 367: ...eserved System Release erx_7 1 0 rel Partial Version 7 1 0 BuildId 4518 December 21 2005 11 23 System running for 25 days 3 hours 31 minutes 5 seconds since THU DEC 22 2005 11 36 41 UTC slot state typ...

Страница 368: ...elease 7 3 0 rel Version 7 3 0 BuildId 5759 July 27 2006 10 40 System running for 3 days 1 hour 37 minutes 4 seconds since FRI JUL 28 2006 09 08 14 UTC running slot state type admin spare release slot...

Страница 369: ...06s 14 0 14 1 present OC12 STM4 2 POS IOA enabled 15 online LM 4 enabled 7 3 0 rel 3d01h 26m 28s 15 0 15 1 present OC12 STM4 2 ATM IOA enabled 16 online LM 4 enabled 7 3 0 rel 3d01h 25m 17s 16 0 pres...

Страница 370: ...6 seconds since MON APR 09 2007 05 57 30 UTC running slot state type admin spare release slot uptime 0 0 0 0 1 1 online LM 10 enabled 8 2 0b0 9 rel 1d08h 32m 35s 1 0 1 1 present GE 8 IOA enabled 2 onl...

Страница 371: ...page 359 Configuring Performance Rate of Line Modules on ERX7xx Models and the ERX1410 Router on page 359 Managing Flash Cards on SRP Modules on page 364 Updating the Router with JunosE Hotfix Files o...

Страница 372: ...ERX705 ERX710 and ERX1410 Broadband Services Routers you can enable the line modules either to operate at full line rate performance or to allow line modules to operate at a rate dependent on the res...

Страница 373: ...his router For more information see Line Module Redundancy in JunosE Services Availability Configuration Guide On the E120 router line modules can be installed in slots 0 5 On the E320 router line mod...

Страница 374: ...Modules that support hot swapping enable you to remove and add an IOA in a slot without rebooting the line module If the slot is populated with another active IOA it continues to operate Depending on...

Страница 375: ...Yes ES2 S1 OC12 2 STM4 POS Yes No No Yes Yes ES2 S1 OC48 STM16 POS No Not applicable Notapplicable Not applicable Yes Full height IOA ES2 S1 Service No Not applicable Notapplicable Not applicable Yes...

Страница 376: ...ers have only a single slot Cards installed in the second slot can be used only for core dump dmp files For more information see Managing Flash Cards on SRP Modules on page 364 SRP modules on the E120...

Страница 377: ...in the specified slot Allows you to restart the module that was installed in the slot You cannot use this command on a standby SRP module If you specify a slot on the E120 or E320 Broadband Services R...

Страница 378: ...n page 344 When you issue the adapter disable command in a redundancy configuration the line module primary or spare currently associated with that IOA is rebooted If the IOA is protected by a line mo...

Страница 379: ...fies the right IOA bay E120 router and the upper IOA bay E320 router adapter 1 identifies the left IOA bay E120 router and the lower IOA bay E320 router Example Enables the IOA residing in the upper b...

Страница 380: ...not issue any keywords with this command When the high availability state is active or pending this command ensures that the router configuration up to when you issued the halt command is mirrored to...

Страница 381: ...more ES2 10G ADV LMs When you replace an ES2 10G ADV LM with an ES2 10G LM and the module is paired with an ES2 S1 Redund IOA ensure that the provisioned redundancy group does not include an ES2 10G A...

Страница 382: ...cy in Step 2 enable redundancy for the slot when the replacement line module has come online host1 config no redundancy lockout 7 Replacing a Line Module Without Erasing the Slot Configuration Use thi...

Страница 383: ...ured for the slot disable redundancy host1 config redundancy lockout 1 2 Disable the slot host1 config slot disable 1 3 After the line module has booted issue the show version command to ensure that t...

Страница 384: ...indicates that you must deactivate high availability feature for the applicable line modules before erasing or replacing the slot configuration You need to use the no mode high availability slot comm...

Страница 385: ...adapter accept command or the slot erase command for the slot that contains the IOA bay Replacing SRP Modules and SFMs If you remove a standby SRP module or an SFM you must issue the slot erase comman...

Страница 386: ...t issue the slot accept command Depending on the previous configuration of the slot the system might take a few moments to execute this command Example Accepting the IOA in the upper bay of slot 5 in...

Страница 387: ...ecify a slot that contains a line module you erase the configuration of the line module and the I O modules or IOAs associated with it To erase the configuration of a specific IOA on the E120 or E320...

Страница 388: ...OAs associated with it To erase the configuration of a specific IOA on the E120 or E320 router use adapter erase on page 356 command If you specify the slot erase command to delete the configuration o...

Страница 389: ...ds to this I O module or IOA See Booting the System on page 495 3 When the line module has rebooted install the I O module or IOA 4 Upgrade the software on the router See Installing JunosE Software on...

Страница 390: ...hat the line module can use Slot Groups The number of slots in a group depends on the E Series model For information about slot groups see ERX Hardware Guide Chapter 4 Installing Modules SRP Modules B...

Страница 391: ...ndwidth of 2 5 Gbps for each slot group The GE line module requires 2 46 Mbps bandwidth for operation at line rate and can use both switches in the SRP 10G module If you require line rate from a GE li...

Страница 392: ...binations Examples of Allowed Combinations PossibleCombinationsofLineModules Three OCx STMx ATM line modules in any slot group Two GE FE line modules in any slot group One COCX F3 line module in slot...

Страница 393: ...STMx line module in slot groups 2 3 and 4 Specifying the Type of Performance After you have installed a suitable combination of line modules you can specify a different type of performance To specify...

Страница 394: ...ubscription Bandwidth oversubscription is currently not in effect Bandwidth oversubscription will be in effect the next time the system reboots See show bandwidth oversubscription Troubleshooting Band...

Страница 395: ...the primary SRP module reboots again Both SRP modules now have standby status and reboot The first SRP module to complete rebooting becomes the primary Because the former redundant module started to...

Страница 396: ...12 standby disk0 lm4_13 dmp 344200394 344200394 02 13 2005 13 13 13 disk1 lm4_14 dmp 344200394 344200394 02 14 2005 14 14 14 standby disk1 lm4_15 dmp 344200394 344200394 02 15 2005 15 15 15 disk0 bos...

Страница 397: ...dismounted Device is not present Command failed files are open on device CAUTION When you eject a mounted disk 0 while the router is in an operational state the SRP module initiates a reload When you...

Страница 398: ...changed files from the primary flash card Depending on the outcome of the space verification the router proceeds as follows If the card has enough space the router copies new or changed files from the...

Страница 399: ...redundant flash card the router copies all the files from the primary flash card to the redundant flash card However if the capacity of the primary flash card exceeds that of the redundant flash card...

Страница 400: ...The information in this section does not apply to the ERX310 router which does not support SRP module redundancy Even when flash cards on the primary and redundant SRP modules are synchronized differe...

Страница 401: ...If the corrupted file resides on the primary SRP module issue the srp switch command to force a switch from the primary SRP module to the redundant SRP module This action ensures that the error free...

Страница 402: ...ber of files and bytes compared If one or more of the following conditions exist the command fails and the router displays a message that explains why it cannot perform the checksum test The file syst...

Страница 403: ...to complete configuration Validates all configuration files in NVS and synchronizes all files that failed the checksum test as well as any other unsynchronized files this option takes less time to com...

Страница 404: ...e 1 host1 halt primary srp host1 reload WARNING Execution of this command will cause the system to reboot Proceed with reload confirm Reload operation commencing please wait Press mb boot flash disk i...

Страница 405: ...tally so you may need to exchange the flash cards several times Example host1 halt primary srp host1 reload WARNING Execution of this command will cause the system to reboot Proceed with reload confir...

Страница 406: ...the router contains primary and redundant modules only NVS on the primary SRP module is scanned Use the repair keyword to fix nonfatal errors found on the disk If the repair fails the router no longe...

Страница 407: ...Block OK File Allocation Table OK Root Directory OK Checking File Space Please Wait Checking Free Space Please Wait PCMCIA Card Scan successful There is no no version See flash disk scan Monitoring Fl...

Страница 408: ...in all files in NVS nvs flash in use NVS used in bytes available nvs flash NVS available in bytes Example host1 show nvs total nvs file sizes 228864 total nvs file errors 0 nvs flash in use 1265152 a...

Страница 409: ...ds as in the following examples Activated immediately on an active router but not armed as a startup hotfix In this case the hotfix is activated only until the SRP module reloads If the SRP module rel...

Страница 410: ...ary flag that indicates whether line modules require a reload for the hotfix to become active on the module The CLI displays a warning message if the line modules must be reloaded If the warning is co...

Страница 411: ...is activated on all applicable modules that are installed in the router When existing line modules come online during startup and when new line modules are inserted in the chassis image fixes for that...

Страница 412: ...armed hotfix settings are retained in the event the router reverts back to its normal boot settings Example host1 config boot hotfix hf63037 hfx Use the no version to disarm a specified hotfix You can...

Страница 413: ...rtup hotfixes cannot be manually activated If you attempt to manually activate a startup hotfix the operation fails and generates the following error message Manual activation not allowed Example host...

Страница 414: ...1030 System running for 7 days 3 hours 55 minutes 5 seconds since FRI FEB 04 2005 13 01 30 UTC The show boot command displays the current boot settings including armed hotfixes that will be activated...

Страница 415: ...n X indicates that the hotfix is active armed Status of hotfix arming X indicates that the hotfix is armed to be activated only hotfixes armed for the currently armed release are displayed as armed re...

Страница 416: ...a particular hotfix displays the most detailed information host1 show hotfix clock hfx detail HotfixId 990 Synopsis Modify the behavior of show clock Active Yes Armed Yes Description Changes the outpu...

Страница 417: ...3036 hfx This command succeeds because hf63036 hfx is compatible with the currently armed release 6 1 0 rel and has no dependencies on other hotfixes Now the attempt to arm hf63037 hfx succeeds becaus...

Страница 418: ...e now unnecessary hotfixes from the router host1 delete hf63036 hfx host1 delete hf63037 hfx host1 dir Active System Controller unshared in file size size date UTC use reboot hty 596288 596288 03 07 2...

Страница 419: ...terface fastEthernet 6 0 0 Use the no version to remove IP from an interface or subinterface See interface fastEthernet Monitoring Statistics You can set a baseline and view statistics on the Fast Eth...

Страница 420: ...ildId 2538 September 7 2004 12 46 Copyright c 1999 2004 Juniper Networks Inc All rights reserved Commands displayed are limited to those available at privilege level 10 boot config running configurati...

Страница 421: ...ostic tests that the system performs on line modules depends on whether you have configured line module redundancy If you enable warm restart diagnostics on the spare line module when all other line m...

Страница 422: ...cs on a line module host1 diag 3 force Example 2 Enables warm restart diagnostics on the fabric subsystem of an active SRP module on the E320 Router host1 diag 6 fabric There is no no version See diag...

Страница 423: ...ine redundancy none temperature ok timing primary primary internal SC oscillator ok secondary internal SC oscillator ok tertiary internal SC oscillator ok auto upgrade enabled system operational yes 3...

Страница 424: ...no option assertions in no option memory debug no option disable backpress no option stl debug Related Documentation slot ignore diagnostic failure show environment Monitoring Modules Use the followin...

Страница 425: ...assembly ram slot type number number rev MB 0 SRP 10Ge 4305358981 3500005472 A06 2048 1 SRP 10Ge 4305359020 3500005472 A06 2048 2 3 4 CT3 12 4305337201 3500010901 A07 128 5 OC3 OC12 DS3 ATM 4605300290...

Страница 426: ...04206756 4500006701 04 1 104 9 SFM 100 4304206762 4500006701 04 1 104 10 SFM 100 4304206737 4500006701 04 1 104 11 12 13 14 15 16 Adapters number of serial assembly assembly MAC slot type number numbe...

Страница 427: ...e Chassis serial assembly assembly Major Minor type number number rev rev Chassis 4307018011 4580002602 01 0 101 Modules serial assembly assembly ram Major Minor slot type number number rev MB rev 0 1...

Страница 428: ...2 0 Fan s serial assembly assembly Major Minor Tray type number number rev rev 0 Primary FAN 4306505285 4400010001 01 1 101 See show hardware show utilization Use to display information about the reso...

Страница 429: ...d and the 5 sec cpu field display the same value 5 sec cpu Average CPU utilization percentage for each installed module during the most recent 5 second interval 1 min cpu Average CPU utilization perce...

Страница 430: ...example slot 12 is empty as indicated by the symbol the CPU utilization for the FE 8 module installed in slot 10 is unavailable as indicated by the symbol and the SRP module installed in slot 7 is run...

Страница 431: ...ot 1 is unavailable as indicated by the symbol and the SRP 100 module installed in slot 7 is running an incompatible version of JunosE Software as indicated by the symbol host1 show utilization detail...

Страница 432: ...Copyright 2010 Juniper Networks Inc 402 JunosE 11 3 x System Basics Configuration Guide...

Страница 433: ...nial of Service DoS Protection on page 435 Overview One of your major management responsibilities is to secure your router To do this assign passwords or secrets to the router In Global Configuration...

Страница 434: ...u are entering an unencrypted password host1 config enable password level 10 0 t1meout1 2 Display the encrypted password host1 config exit host1 show secret Current Password Settings encryption encryp...

Страница 435: ...figuration file by using the service password encryption command This command is useful to keep unauthorized individuals from viewing your password in your configuration file It is important to rememb...

Страница 436: ...encrypted The first time you define a secret you must enter it in plain text To view its encrypted form use the show config display To redefine the secret at a later date you can enter the secret in i...

Страница 437: ...llow users to access commands at different privilege levels Table 45 Commands Available at Different Privilege Levels Commands Available Privilege Level help exit enable and disable commands 0 User Ex...

Страница 438: ...y The serviceunattended password recovery command provides you with a way to delete existing passwords and secrets without physically being present at the router You must have the proper privilege lev...

Страница 439: ...software reset button see Figure 25 on page 409 within the time you specify for this command Allows you to set the number of seconds 1 60 for this procedure to be accomplished Allows you to set a new...

Страница 440: ...d enter the enable password if prompted 3 Access Global Configuration mode 4 Access Line Configuration mode host1 config line console 0 5 Enable password checking at login host1 config line login 6 Sp...

Страница 441: ...use a system generated password or secret Example 1 unencrypted password host1 config line password 0 mypassword Example 2 secret host1 config line password 5 bcA 1aeJD8 1ZDP6 Example 3 encrypted pass...

Страница 442: ...secret was inherited from a lower password level The show secrets command displays only secrets configured by the user it does not display inherited secrets Example host1 show secrets Current Password...

Страница 443: ...Simple Authentication To configure simple authentication 1 Specify a vty line or a range of vty lines on which you want to enable the password host1 config line vty 8 13 host1 config line 2 Specify th...

Страница 444: ...In either case the system stores the password as encrypted Use the following keywords to specify the type of password you will enter 0 zero Unencrypted password 5 Secret 7 Encrypted password NOTE To u...

Страница 445: ...al during which the user must log in Never Indicates that there is no time limit Example host1 show line vty 0 no access class in data character bits 8 exec timeout 3w 3d 7h 20m 0s exec banner enabled...

Страница 446: ...a list of authentication methods that are used to determine whether a user is granted access to the privilege command level The authentication methods that you can use in a list include these options...

Страница 447: ...e Use the no version to remove the authentication list from your configuration See aaa authentication login aaa authorization Use to set the parameters that restrict access to a network Use the keywor...

Страница 448: ...authentication list users will not be able to access the router through a vty line Example host1 config aaa new model Use the no version to restore simple authentication See aaa new model authorizatio...

Страница 449: ...y_auth_list Use the no version to specify that the system should use the default authentication list See login authentication password Use to specify a password on a line or a range of lines if you sp...

Страница 450: ...ame access class list To set up access lists Associate the access list with inbound Telnet sessions host1 config line vty 12 15 host1 config line access class Management in Configure an access list ho...

Страница 451: ...d TACACS password authentication are the only user authentication protocols currently supported RADIUS authentication is enabled by default If authentication is disabled then all SSH clients that pass...

Страница 452: ...User authentication begins after the transport keys are applied The client typically asks the server which authentication methods it supports The server responds with a list of supported methods with...

Страница 453: ...necessary keys for matching during negotiation If you configure the client to accept unknown keys either automatically or with administrator approval this acceptance policy applies only to the first...

Страница 454: ...ould severely limit Telnet access to the system To limit Telnet access create access control lists that prevent almost all Telnet usage permitting only trusted administrators to access the system thro...

Страница 455: ...c A block cipher with 8 byte blocks and 128 bit keys that provides strong encryption and is faster than DES twofish cbc A block cipher with 16 byte blocks and 256 bit keys that is stronger and faster...

Страница 456: ...a user can try to correct incorrect information such as a bad password in a given connection attempt Sleep Prevents a user that has exceeded the authentication retry limit from connecting from the sam...

Страница 457: ...gotiation including user authentication is not completed within this timeout Specify an integer in the range 10 600 Example host1 config ip ssh timeout 480 Use the no version to restore the default va...

Страница 458: ...a1 96 The default list does not include the none option Example 2 This example restores the hmac sha1 algorithm to the list of supported inbound algorithms host1 config ip ssh mac client to server def...

Страница 459: ...ver For each active session detail shows the version of SSH running on the client and the algorithms in use for encryption and message authentication Field descriptions daemon status Indicates whether...

Страница 460: ...supported MAC inbound hmac sha1 hmac sha1 96 hmac md5 supported MAC outbound hmac sha1 hmac sha1 96 hmac md5 user authentication enabled user authentication protocol TACACS retry limit 20 sleep period...

Страница 461: ...ommands Available Access Level disable enable exit and help commands 0 Level 0 commands and all other commands available in User Exec mode 1 Level 1 commands and all Privileged show commands 5 All com...

Страница 462: ...equest is based on the list the system received through RADIUS See Table 47 on page 432 Table 47 Juniper Networks Specific CLI Access VSA Descriptions Value Subtype Length Subtype Length Type Descript...

Страница 463: ...len 26 Specifies the VR to which the user logs in or the only VR to which a user has access The default setting is the default VR Virtual Router String virtual router name sublen 21 len 26 Specifies...

Страница 464: ...trictions on VR access for any user who successfully logs in to the router For example nonrestricted users can Issue the virtual router command in Privileged Exec mode to switch to another previously...

Страница 465: ...how exception dump configure show ip ssh erase secrets show line halt Denial of Service DoS Protection A denial of service DoS attack is any attempt to deny valid users access to network or server res...

Страница 466: ...When the system determines that a control flow is suspicious it can take corrective action on that control flow Keeping full state on each control flow can use a large number of resources Instead the...

Страница 467: ...ller IC and forwarding controller FC monitor the table to determine whether the suspicious flow has a packet rate above the suspicious level If the packet rate is above this level the flow is marked a...

Страница 468: ...sed on packet rate Backoff time in seconds for each protocol After this period expires the flow transitions to nonsuspicious regardless of the current rate When set to zero an interface does not retur...

Страница 469: ...s control flow detection Use to clear the active state for suspicious control detection If you do not specify a slot or interface clears all suspicious flows If you specify a slot clears all specified...

Страница 470: ...spicious flow changes to the nonsuspicious state Low threshold is the rate in packets per second at which a suspicious flow becomes no longer suspicious When set to zero a suspicious flow cannot chang...

Страница 471: ...false negatives total Total number of flows monitored that have not become suspicious exceeded their threshold Number of false negatives current Current number of flows monitored that have not become...

Страница 472: ...ation about suspicious flows You can specify the following keywords delta Displays statistics for the current baseline brief Displays only suspicious information slot Displays information for the spec...

Страница 473: ...Frame Relay Inverse Arp OK 0 Pppoe Control OK 0 Pppoe Config Dynamic Interface Column OK 0 Creation Ethernet ARP Miss OK 0 Ethernet ARP OK 0 Ethernet LACP packet OK 0 Ethernet Dynamic Interface Column...

Страница 474: ...n Priority State Transitions Hi Green IC OK 0 Hi Yellow IC OK 0 Lo Green IC OK 0 Lo Yellow IC OK 1 Hi Green SC OK 0 Hi Yellow SC OK 0 Lo Green SC OK 0 Lo Yellow SC OK 0 See show suspicious control flo...

Страница 475: ...Multicast DHCP SC 512 256 300 IP Multicast Control SC 2048 1024 300 IP Multicast Control IC 512 256 300 IP Multicast VRRP 512 256 300 IP Mulitcast Cache Miss 128 64 300 IP Multicast Cache Miss Auto R...

Страница 476: ...you to map a protocol to a maximum rate limit This rate limit applies to all packets for a particular protocol for interfaces belonging to this particular DoS protection group on a line module By hav...

Страница 477: ...on configurable aspect of the default DoS protection group The DoS protection group is a configurable parameter for all Layer 2 and IP interfaces Similar to other configurable interface parameters the...

Страница 478: ...eTbl Frame Relay LMI packets frameRelayControl Frame Relay inverse ARP packets frameRelayArp IPSec transport mode L2TP control packets itmL2tpControl MPLS TTL expired on ingress mplsTtlOnRx MPLS TTL e...

Страница 479: ...ets destined for the IC not broadcast ipLocalDhcpIc IP DHCP packets destined for the SC broadcast and IC not enabled ipLocalDhcpSc IP fragments not classifiable ipLocalFrag IP ICMP echo request and re...

Страница 480: ...castControlSc IP Multicast DHCP destined for SC ipMulticastDhcpSc IP VRRP packets ipMulticastVrrp IP Multicast on wrong interface ipMulticastWrongIf IPv6 Neighbor Discovery ipNeighborDiscovery IPv6 Ne...

Страница 481: ...4 100 100 HI green N Atm Control ILMI IC 2048 1024 100 100 HI green Y Atm OAM IC 512 512 100 100 LO green N Atm Dynamic Interfac IC 1024 512 100 100 HI yellow N e Column Creation Atm Inverse ARP IC 25...

Страница 482: ...tion group Use to attach an Ethernet DoS protection group to an interface Example host1 config if ethernet dos protection group group1 Use the no version to remove the attachment of the DoS protection...

Страница 483: ...Use to attach an IPv6 DoS protection group to an interface Example host1 config if ipv6 dos protection group group1 Use the no version to remove the attachment of the DoS protection group from the in...

Страница 484: ...mum rate limits for port compression Allows an oversubscription of the priority rate because all protocols within a priority are not generally used simultaneously Example host1 config dos protection p...

Страница 485: ...sociated default group See protocol priority protocol rate Use to map a protocol to a maximum rate limit The rate limit applies to all packets of the protocol for interfaces belonging to the DoS prote...

Страница 486: ...than the priority rate For each priority there is a separate rate for each DoS protection group Example host1 config dos protection protocol IpLocalDhcpIc weight 100 Use the no version to set the wei...

Страница 487: ...brief keyword displays a list of references interfaces and templates to the DoS protection group When modified appears next to the name of the DoS protection group the group or protocol within the gr...

Страница 488: ...Copyright 2010 Juniper Networks Inc 458 JunosE 11 3 x System Basics Configuration Guide...

Страница 489: ...on about the modules supported on E Series routers See the ERX Module Guide for modules supported on ERX7xx models ERX14xx models and the ERX310 Broadband Services Router See the E120 and E320 Module...

Страница 490: ...can also add comments outside the control expressions by prefacing the comment with an exclamation point The CLI displays these comments if you use the test or verbose keywords with the macro command...

Страница 491: ...rned value is a string not a number if you want to use this value for a subsequent numeric operation you must first convert it to a number with the env atoi string command env argv n Returns the name...

Страница 492: ...e next line of the capture buffer Each call gets the next line of the capture buffer The command returns the first line the first time it is called after a capture start env startCommandResults It res...

Страница 493: ...cter string or number The global variable is retrieved with the following syntax value env getVar name The name is a quoted string and the value is the value stored by an earlier env setVar A macro ca...

Страница 494: ...sages are output to the CLI session Macro c in file bench mac starting execution Id 25 Macro c in file bench mac ending execution Id 25 Accurate Use of Error Status When Accessed Ourside of onError Ma...

Страница 495: ...iteral Place single or double quotation marks around a string to identify it as a string literal You can specify special characters within a literal string by prefacing them with a backslash as follow...

Страница 496: ...to strings before joining Combine Evaluates as true returns a 1 if the element to the left of the operator is less than the expression to the right of the operator otherwise the result is false 0 Les...

Страница 497: ...ds and operators to achieve results different from simple precedence effectively has the highest precedence Miscellaneous Provides access to environment commands see Table 51 on page 461 Provides acce...

Страница 498: ...alue of a local variable The expression to the right of the operator is evaluated and then the result is assigned to the local variable to the left of the operator The expression to the right of the o...

Страница 499: ...ubstring operator you must specify the source string an offset value and a count value You can specify the string directly or you can specify a local variable that contains the string The offset value...

Страница 500: ...t of the operation is a 1 if the operation is true and 0 if the operation is false For the logical AND the result of the operation is true 1 if the values of the expressions to the left and right of t...

Страница 501: ...1 The result is 1 5 2 1 The result is 0 Results of control expressions are written to the output stream when the expression consists of the following A single local variable A single literal element A...

Страница 502: ...elseif expressions are present then the else expression group if present is executed 4 This evaluation process continues until an expression evaluates to nonzero If there is no nonzero evaluation the...

Страница 503: ...pression This optional expression is evaluated after each execution of the while expression group You can include if structures within a while structure You can also include special control expression...

Страница 504: ...g the env atoi string command Example The following macro saved as m mac uses values specified in a CLI command to compute the final result m left right third multi left right multiFinal multi third s...

Страница 505: ...e macro as shown in this example macroName count total Additional parameters can be passed as well Parameters can be local variables environmental variables literals or operations The invoking macro p...

Страница 506: ...o The output of callAnotherMacro looks like this host1 macro verbose macro1 mac callAnotherMacro host1 Macro callAnotherMacro in the file macro1 mac starting execution Id 55 macro macro2 mac macroName...

Страница 507: ...macro the only appropriate place from which to execute these commands is from an onError macro Logging Macro Results You can use the env setResult command to set parameters within a macro to display...

Страница 508: ...on error NOTICE 01 07 2006 09 46 57 macroData Id 402 commandError is interface fastEthernet 500 NOTICE 01 07 2006 09 46 57 macroData Id 402 commandErrorStatus is Command execution error NOTICE 01 07 2...

Страница 509: ...tus result entry in the macroData log file For this example the runStatus value of 500 indicates that the macro ended early host1 config show log data category macroData severity debug NOTICE 01 07 20...

Страница 510: ...entry in the macroData log file For this example the log output indicates the command error and displays the following to indicate that the macro ended early runStatus is after foo host1 show log data...

Страница 511: ...05 12 39 10 macroData Id 407 commandError is foo NOTICE 05 27 2005 12 39 10 macroData Id 407 commandErrorStatus is macro not found NOTICE 05 27 2005 12 39 10 macroData Id 407 runStatus is start NOTICE...

Страница 512: ...le confatm mac and runs the macro named confatm contained within the file host1 config macro name confatm You must specify a macro filename for remotely stored macro files as in the following example...

Страница 513: ...rting and ending comments vary for a remote macro host1 config Macro atmOverDs3 in the file atmOverDs3 mac starting execution Id 103 host1 config controller t3 9 1 host1 config no shut host1 config cl...

Страница 514: ...eduled macros is 100 In Global Configuration mode the setting persists on reboot but in Privileged Exec mode it does not persist on reboot After unified ISSU is started scheduled macros dol not run Ma...

Страница 515: ...ost1 show schedule macro john mac john mac getuptime started at 2007 02 14 14 26 39 When you show the running configuration joe mac is the only one reported because the other macros were scheduled in...

Страница 516: ...essfully NOTICE 02 14 2007 14 35 01 macroScheduler Id 3 operation is 7 6 5 NOTICE 02 14 2007 14 35 01 macroScheduler Id 3 theResult is 210 After the macro is executed it is no longer in the list of sc...

Страница 517: ...ac File in use The macro macro b mac runs every 60 minutes NOTICE 02 14 2007 14 47 47 macroScheduler macro b mac started with ID 5 NOTICE 02 14 2007 14 47 49 macroScheduler macro b mac with ID 5 ran s...

Страница 518: ...res Frame Relay encapsulation on serial interfaces called by other macros cx1Encap Configures Frame Relay circuits on the subinterfaces called by other macros cx1FrCir The following examples list the...

Страница 519: ...proto fr proto frame relay ietf endif tmpl cx1Encap ifCount slot port proto endtmpl ds1FrCir if env argc 0 This macro configures Frame Relay circuits on Cx1 subinterfaces This macro must be called wi...

Страница 520: ...oller type param 1 ifCount env atoi param 2 slot param 3 port env atoi param 4 clock param 5 framing param 6 coding param 7 while ifCount 0 controller type slot port n if framing unframed unframed els...

Страница 521: ...ing ATM Interfaces This sample macro configures ATM interfaces based on the inputs you provide when prompted by the macro atmIf slotPort env getline slot port while vcType 1 vcType 2 vcTypeStr env get...

Страница 522: ...red loopback loopbackStr n endif endwhile endwhile if encapType encapPPP authNone 1 authPap 2 authChap 3 authPapChap 4 authChapPap 5 while authType authNone authType authChapPap authTypeStr env getlin...

Страница 523: ...seif authType authChap ppp authentication chap endif elseif encapType encapBridged encap bridged1483 endif if loopbackStr ip unnumbered loopback loopbackStr n endif endwhile endwhile endtmpl 493 Copyr...

Страница 524: ...Copyright 2010 Juniper Networks Inc 494 JunosE 11 3 x System Basics Configuration Guide...

Страница 525: ...pported on E Series routers See the ERX Module Guide for modules supported on ERX7xx models ERX14xx models and the ERX310 Broadband Services Router See the E120 and E320 Module Guide for modules suppo...

Страница 526: ...n E Series router When the GE 2 line module is booting and it detects that it supports the software release on the SRP module the line module boots successfully with that software release However if t...

Страница 527: ...scr Configuring this option causes the system to ignore only at the next reboot an autocfg scr file that you may also have configured If you specify a cnf file upon the next reboot the system resets t...

Страница 528: ...use the normal release configuration do either of the following Delete the reboot history file after issuing the no boot force backup command Do not configure a backup release or configuration file U...

Страница 529: ...oot subsystem Use to configure the software release the selected subsystem will use the next time it reboots This command does not reboot the subsystem Example 1 host1 config boot subsystem ct3 rel_1_...

Страница 530: ...onfiguration update process resumes immediately following the reboot and completes before any application accesses its configuration data For more information about stateful line module switchover see...

Страница 531: ...ries router cannot guarantee that the SRP modules were synchronized In this situation you must do either of the following to reload the router Issue the reload command with the force keyword Issue the...

Страница 532: ...er of the primary SRP module the procedure will fail if the system is updating the boot prom In this case the system will display a message that indicates that the procedure cannot currently be perfor...

Страница 533: ...ackground operation saving the configuration changes to NVS If the SRP module resets during the script or macro execution the system boots as though the script were never started because no NVS files...

Страница 534: ...hardware Field descriptions slot Physical slot that contains the module type Type of module serial number Serial number of the module assembly number Part number of the module assembly rev Hardware r...

Страница 535: ...ed reload or error caused reset Example host1 show last reset last reset power cycle See show last reset show reload Use to display the system s reload status Example host1 show reload reload schedule...

Страница 536: ...Ge enabled erx_7 1 0 rel 25d03h 28m 49s 2 3 4 online CT3 12 enabled erx_7 1 0 rel 25d03h 24m 46s 5 online OC3 4A APS enabled erx_7 1 0 rel 25d03h 24m 22s 6 online GE enabled erx_7 1 0 rel 25d03h 24m 4...

Страница 537: ...atically by configuring it as a Network Time Protocol NTP client NTP provides a method of synchronizing the system clocks of hosts on the Internet to Universal Coordinated Time UTC Using NTP allows th...

Страница 538: ...Figure 27 on page 508 shows an example of an NTP hierarchy Figure 27 Example of an NTP Hierarchy System Operation as an NTP Client To synchronize to the clock of a server the system must receive time...

Страница 539: ...message advising you to check the time zone and clock settings If the offset is less than 15 minutes the system sets its clock to that of the best server 4 Provided the system has not disabled NTP it...

Страница 540: ...NTP server the system effectively synchronizes its clients to its master s clock If the system is configured as an NTP server but not an NTP client the system synchronizes its clients to its own cloc...

Страница 541: ...owing steps 1 Set the time zone 2 Set the summer time dates 3 Set the time 4 Check the clock settings clock set Use to set the time and date on your system manually Use the following syntax for settin...

Страница 542: ...e default setting See clock timezone show clock Use to display the system time and the date Example 1 Shows time source value when clock is manually configured host1 show clock detail TUE JAN 23 2007...

Страница 543: ...re NTP client parameters to start NTP client operation You can also configure the system as an NTP server whether or not you configure NTP client parameters Enabling NTP Services Before you can config...

Страница 544: ...cast client Use to enable the system to receive NTP broadcasts on an interface Example host1 config if ntp broadcast client Use the no version to prevent the system from receiving NTP broadcasts See n...

Страница 545: ...NTP request originated You can now direct responses from all NTP servers to one interface on the system or direct responses from a specific NTP server to a specific interface ntp source Use to direct...

Страница 546: ...from specified servers Only receive NTP control queries from specified servers Example host1 config line ntp access group peer europe Use the no version to enable the system to receive all NTP broadca...

Страница 547: ...rt stratum 1 service The system can synchronize only with an NTP server and not directly with an atomic clock or radio clock Specify a stratum number for the system in the range 1 15 A stratum n serve...

Страница 548: ...6 5 1 host1 boston config interface fastethernet 9 3 host1 boston config if ntp broadcast 4 5 NOTE In Example 3 the router that acts as the NTP broadcast server must either synchronize to another serv...

Страница 549: ...m reaches one server less often than it does other servers that server is not a good choice for the master Precision Length of the clock tick interrupt interval of server s clock Delay Round trip dela...

Страница 550: ...the errors associated with the network hops and servers between the server and its stratum 1 server Sync Dist Measure of the total time error since the update in the path to the stratum 1 server Peer...

Страница 551: ...Dispersion 0 189056 sec Sync Dist 0 229679 sec Peer Delay 0 000016 sec Dispersion 0 009665 sec Offset 0 050714 sec Reachability 11111110 Precision 0 000000 sec Source Interface default transmit inter...

Страница 552: ...e of time zone Timezone Offset Time difference between the time zone and UTC in hours minutes Access List Identities of access lists of servers from which the system does not accept broadcasts Server...

Страница 553: ...dmin State NTP Enabled Virtual Router Name default Broadcast Delay 3000 microseconds Client Mode True Master Mode False Stratum No Unspecified Summer Time False Summer Timezone Name Timezone Name UTC...

Страница 554: ...Copyright 2010 Juniper Networks Inc 524 JunosE 11 3 x System Basics Configuration Guide...

Страница 555: ...sale customers corporate virtual private network VPN users or a specific traffic type Default Virtual Router When you first boot your router it creates a default virtual router The only difference bet...

Страница 556: ...f the tunnel used between sites Your router supports VPNs consisting of VRs or VRFs See RFC 2547 BGP MPLS VPNs March 1999 Additionally your router supports tunnels built from GRE IPSec L2TP MPLS and t...

Страница 557: ...r tasks There are different uses of the virtual router command You can create or access VRs and VRFs in Global Configuration mode or map a VR to a domain map in Domain Map Configuration mode After you...

Страница 558: ...pying a subsystem from the release exit Exit from the current command mode ftp server Configure FTP Server characteristics help Describe the interactive help system host Add modify an entry to the hos...

Страница 559: ...y protocol EGP to learn routes from a customer edge CE device See the related routing protocol chapters for detailed information Example 1 VR with an IGP host1 config virtual router miami host1 miami...

Страница 560: ...elnet listen virtual router From Global Configuration mode use this command to create a virtual router or access the context of a previously created virtual router or a VRF From Domain Map Configurati...

Страница 561: ...ak out of the wait period early See virtual router Monitoring Virtual Routers Use the show virtual router the show configuration virtual router and show aaa domain map commands to display virtual rout...

Страница 562: ...m com host f 10 10 0 129 ftp anonymous null interface null 0 interface fastEthernet 0 0 ip address 192 168 1 155 255 255 255 0 ip route 0 0 0 0 0 0 0 0 192 168 1 1 no ip multicast routing mpls rsvp pr...

Страница 563: ...etail keyword to display the status of the routing protocols configured for each virtual router Use the summary keyword with the detail keyword to display the number of VRF instances for each virtual...

Страница 564: ...is Present Ospf Present Pim Present Rip Not Present Igmp Not Present Mld Not Present Dvmrp Not Present Example 3 host1 show virual router summary detail Virtual Router default VRF Count 0 Virtual Rout...

Страница 565: ...PART 2 Reference Material Abbreviations and Acronyms on page 537 References on page 559 535 Copyright 2010 Juniper Networks Inc...

Страница 566: ...Copyright 2010 Juniper Networks Inc 536 JunosE 11 3 x System Basics Configuration Guide...

Страница 567: ...ccess concentrator AC Async Control Character Map ACCM asymmetric digital subscriber line ADSL ATM end system address AESA assured forwarding AF authority and format identifier AFI authentication head...

Страница 568: ...ATM attribute value pair AVP B backup designated router backup DR backward explicit congestion notification BECN bit error rate BER bit error rate test BERT Bidirectional Forwarding Detection protoco...

Страница 569: ...edge device CE Challenge Handshake Authentication Protocol CHAP classless interdomain routing CIDR International Special Committee on Radio Interference CISPR classifier control list CLACL competitive...

Страница 570: ...data unit CSNP channel service unit CSU channelized T1 T3 CT1 CT3 computer telephony integration CTI clear to send CTS connection traffic table CTT agreement between Underwriter Laboratories and Canad...

Страница 571: ...able System Interface Specifications DOCSIS denial of service DoS dead peer detection DPD designated router DR digital signal DiffServ DS dual stack Border Gateway Protocol DS BGP dynamic subscriber i...

Страница 572: ...ion Control Protocol ECP electrically erasable programmable read only memory EEPROM expedited forwarding EF egress forwarding ASIC EFA exterior gateway protocol EGP EXP inferred PSC LSP E LSP European...

Страница 573: ...FERF frame forwarding ASIC FFA forwarding information base FIB first in first out FIFO finish bit FIN field programmable gate array FPGA fully qualified domain name FQDN field replaceable unit FRU fin...

Страница 574: ...y IANA Inter Access Point Protocol IAPP internal Border Gateway Protocol IBGP Industry Canada Communications Section IC CS International Code Designator ICD Internet Control Message Protocol ICMP inco...

Страница 575: ...s Transfer Mode IPoA Internet Protocol Security IPSec ICMP Router Discovery Protocol IRDP Internet Security Association and Key Management Protocol ISAKMP Integrated Services Digital Network ISDN Inte...

Страница 576: ...ess Protocol LDAP Label Distribution Protocol LDP light emitting diode LED label edge router LER label information base LIB Link Integrity Protocol LIP logical link control LLC label only inferred PSC...

Страница 577: ...gest 5 MD5 maintenance data link MDL Message Digest x hash algorithm MDx multiple exit discriminator MED multicast group table manager MGTM Management Information Base MIB Multilink Frame Relay MLFR M...

Страница 578: ...Translation NAPT network access server NAS Network Address Translation NAT nonbroadcast multiaccess NBMA Network Control Protocol NCP Neighbor Discovery ND Network Equipment Building System NEBS netwo...

Страница 579: ...und route filter outbound route filtering ORF Open Systems Interconnection OSI OSI Internet Link Control Protocol OSI Network Layer Control Protocol OSINLCP Open Shortest Path First OSPF operations su...

Страница 580: ...mation Base PIB Protocol Independent Multicast power input module PIM Protocol Independent Multicast dense mode PIM DM Protocol Independent Multicast sparse dense mode PIM S DM Protocol Independent Mu...

Страница 581: ...QoS R Remote Authentication Dial In User Service RADIUS route distinguisher RD relational database system RDBS remote defect indication RDI random early detection RED remote error indication REI reser...

Страница 582: ...ifier SAFI segmentation and reassembly SAR system controller SC Start Control Connection Request SCCRQ Simple Certificate Enrollment Protocol SCEP sustained cell rate SCR small computer system interfa...

Страница 583: ...k Access Protocol subnetwork attachment point SNAP SMDS network interface SNI Simple Network Management Protocol SNMP subnet point of attachment SNPA Simple Network Time Protocol SNTP small outline du...

Страница 584: ...TAC Terminal Access Controller Access Control System TACACS transmission convergence TC Transmission Control Protocol TCP traffic engineering TE Trivial File Transfer Protocol TFTP terminal interface...

Страница 585: ...ocator URL user based security model USM Coordinated Universal Time UTC V volts alternating current VAC variable bit rate VBR variable bit rate non real time VBR NRT variable bit rate real time VBR RT...

Страница 586: ...l Router Redundancy Protocol VRRP vendor specific attribute RADIUS VSA virtual tributary VT VPN Tunnel Server VTS virtual terminal vty W wide area network WAN wireless access point WAP Wired Equivalen...

Страница 587: ...ation or Acronym X combined term used to refer to ADSL HDSL SDSL and VDSL xDSL 10 gigabit small form factor pluggable transceiver XFP 557 Copyright 2010 Juniper Networks Inc Appendix A Abbreviations a...

Страница 588: ...Copyright 2010 Juniper Networks Inc 558 JunosE 11 3 x System Basics Configuration Guide...

Страница 589: ...AS Number Space May 2007 MPLS RFC4816 PseudowireEmulationEdge to Edge PWE3 Asynchronous Transfer Mode ATM Transparent Cell Transport Service February 2007 MPLS RFC 4875 Extensions to Resource Reservat...

Страница 590: ...ediate System IS IS July 2004 IS IS RFC 3784 Intermediate System to Intermediate System IS IS Extensions for Traffic Engineering TE June 2004 VRRP RFC 3768 Virtual Router Redundancy Protocol VRRP Apri...

Страница 591: ...anism for Label Distribution Protocol February 2003 MPLS RFC 3473 Generalized Multi Protocol Label Switching GMPLS Signaling Resource ReserVation Protocol Traffic Engineering RSVP TE Extensions Januar...

Страница 592: ...ternet Group Management Protocol October 2002 IS IS RFC 3373 Three Way Handshake for Intermediate System to Intermediate System IS IS Point to Point Adjacencies September 2002 Mobile IP RFC 3344 IP Mo...

Страница 593: ...ning Information SPPI August 2001 L2TP RFC 3145 L2TP Disconnect Cause Information July 2001 MPLS RFC 3140 Per Hop Behavior Identification Codes June 2001 BGP MPLS VPNs RFC 3107 Carrying Label Informat...

Страница 594: ...r 2000 Event Mgr RFC 2981 Event MIB October 2000 IS IS RFC 2973 IS IS Mesh Groups October 2000 IS IS RFC 2966 Domain wide Prefix Distribution with Two Level IS IS October 2000 MPLS RFC 2961 RSVP Refre...

Страница 595: ...392 Capabilities Advertisement with BGP 4 November 2002 MPLS Policy Management QoS RFC 2836 Per Hop Behavior Identification Codes May 2000 BGP RFC 2796 BGP Route Reflection An Alternative to Full Mesh...

Страница 596: ...tember 1999 Ethernet SNMP RFC 2668 Definitions of Managed Objects for IEEE 802 3 Medium Attachment Units MAUs August 1999 SNMP IP tunnels RFC 2667 IP Tunnel MIB August 1999 Ethernet SNMP RFC 2665 Defi...

Страница 597: ...Management February 1999 SNMP RFC 2513 Managed Objects for Controlling the Collection and Storage of Accounting Information for Connection Oriented Networks February 1999 SNMP cOCx STMx CT3 E3 and T3...

Страница 598: ...Certificate and CRL Profile January 1999 RIP RFC 2453 RIP Version 2 November 1998 BGP RFC 2439 BGP Route Flap Damping November 1998 Frame Relay RFC 2427 Multiprotocol Interconnect over Frame Relay Sep...

Страница 599: ...Version 2 April 1998 System management RFC 2308 Negative Caching of DNS Queries DNS NCACHE March 1998 RADIUS RFC2284 PPPExtensibleAuthenticationProtocol EAP March1998 BGP RFC 2270 Using a Dedicated AS...

Страница 600: ...rol Protocol using SMIv2 November 1996 SNMP RFC 2011 SNMPv2 Management Information Base for the Internet Protocol using SMIv2 November 1996 Mobile IP RFC 2006 The Definitions of Managed Objects for IP...

Страница 601: ...IP OSPF Interaction December 1994 RIP RFC 1724 RIP Version 2 MIB Extension November 1994 IP tunnels RFC 1702 Generic Routing Encapsulation over IPv4 Networks October 1994 IP tunnels RFC 1701 Generic R...

Страница 602: ...nd E1 Interface Types January 1993 TFTP System management RFC 1350 Trivial File Transfer Protocol TFTP Revision 2 July 1992 PPP RFC 1332 The PPP Internet Protocol Control Protocol IPCP May 1992 NTP RF...

Страница 603: ...m management RFC 959 File Transfer Protocol FTP October 1985 IP RFC 950 Internet Standard Subnetting Procedure August 1985 IP RFC 922 Broadcasting Internet Datagrams in the Presence of Subnets October...

Страница 604: ...ration BGP MPLS VPNs BGP MPLS VPN extension for IPv6 VPN draft ietf l3vpn bgp ipv6 03 txt December 2004 expiration BFD Bidirectional Forwarding Detection draft ietf bfd base 00 txt January 2005 expira...

Страница 605: ...2000 expiration IS IS Extended Ethernet Frame Size Support draft ietf isis ext eth 01 txt November 2001 expiration PPPoE Extensions to a Method for Transmitting PPP over Ethernet PPPoE draft carrel in...

Страница 606: ...in MPLS BGP IP VPNs draft rosen vpn mcast 08 txt June 2005 expiration L2TP over IPSec Negotiation of NAT Traversal in the IKE draft ietf ipsec nat t ike 08 txt July 2004 expiration IS IS Point to poin...

Страница 607: ...ries Non RFC Software Standards Protocol or Feature Reference MDL T3 interfaces ANSIT1 107a 1990StandardforTelecommunications DigitalHierarchy Supplement to Formats Specification August 1990 FDL T1 in...

Страница 608: ...DLC protocol Frame Relay Frame Relay Forum Frame Relay Fragmentation Implementation Agreement FRF 12 December 1997 Frame Relay Frame Relay Forum User to Network Implementation Agreement UNI FRF 1 1 Ja...

Страница 609: ...e primary rate and above October 1992 BERT Patterns ITU O 153 Basic parameters for the measurement of error performance at bit rates below the primary rate October 1992 ATM ITU T Draft Recommendation...

Страница 610: ...nd ISDN Physical Layer Specification for User Network Interfaces Including DS1 ATM 1997 Safety AS NZS 3260 1993 Safety of Information Technology Equipment Including Electrical Business Equipment EMC A...

Страница 611: ...omagnetic Compatibility and Electrical Safety Generic Criteria for Network Telecommunications Equipment Issue 2 Revision 1 February 1999 Safety IEC 825 1 Safety of Laser Products Part 1 Safety IEC 609...

Страница 612: ...ture Reference Safety UL 60950 3rd Edition Safety of Information Technology Equipment EMC VCCI Voluntary Control Council for Interference by Information Technology Equipment Copyright 2010 Juniper Net...

Страница 613: ...PART 3 Index Index on page 585 583 Copyright 2010 Juniper Networks Inc...

Страница 614: ...Copyright 2010 Juniper Networks Inc 584 JunosE 11 3 x System Basics Configuration Guide...

Страница 615: ...ist command 420 516 adapter commands adapter accept 356 adapter disable 348 adapter enable 348 adapter erase 356 Address Family Configuration mode 66 82 address family ipv4 command 82 address family v...

Страница 616: ...g to MIBs and CLI 212 monitoring collection statistics 189 schema statistics 224 bulkstats commands 189 bulkstats collector 168 189 bulkstats collector collect mode 189 bulkstats collector description...

Страница 617: ...nfigure command 81 configuring See specific feature or protocol confirmations explicit command 43 console monitoring settings 274 password 410 restricting login 271 setting speed 269 console lines cle...

Страница 618: ...6 priority burst 446 priority over subscription factor 446 priority rate 446 protocol burst 446 protocol drop probability 446 protocol priority 446 protocol rate 446 protocol skip priority rate limite...

Страница 619: ...nd to prevent corruption 364 installing 364 managing 364 monitoring 370 primary 364 rebooting and configuration data 364 rebooting in response to corrupt sectors 364 replacing 364 scanning physical er...

Страница 620: ...ting 356 IOAs disabling 348 enabling 348 erasing configurations 356 replacing 355 IP access list SNMP 149 IP addresses assigning 119 124 128 configuring 119 ip commands ip atm vc 81 ip dhcp local pool...

Страница 621: ...ation mode 72 97 line module configurations deleting 357 358 line modules allowed combinations 360 363 bandwidth 360 combinations 359 360 disabling 346 enabling 347 erasing configurations 357 358 init...

Страница 622: ...ies enterprise 138 standard SNMP 138 modules disabling 346 E Series managing 341 E120 and E320 Broadband Services Routers 342 enabling 346 monitoring 398 replacing 350 monitor See terminal more comman...

Страница 623: ...tp broadcast client 513 ntp broadcast delay 513 ntp disable 513 ntp enable 513 ntp master 516 ntp server 513 ntp server enable 516 ntp source 513 See also show ntp commands NTP control queries 516 NTP...

Страница 624: ...ds 49 changing command privileges 49 command exceptions 49 defining CLI 46 keyword mapping 49 password encryption 404 setting default line 56 multiple commands 56 no or default versions 49 SNMP 149 vi...

Страница 625: ...See RADIUS remote host command 95 Remote Neighbor Configuration mode 75 107 remote neighbor command 107 rename command 280 renaming files 280 replies NTP 513 reset button software 410 resetting while...

Страница 626: ...4 show output filtering feature 531 show policy list 436 show redirecting output 38 show configuration commands 256 show configuration 323 422 show configuration category 254 show configuration interf...

Страница 627: ...oring status 228 229 multiple virtual routers 143 228 operations 143 packet mirroring 139 packet size setting 151 PDU 143 proxy creating 143 RFC 1213 compatibility 153 schema configuring 203 monitorin...

Страница 628: ...ion algorithms 3des cbc 422 blowfish cbc 422 twofish cbc 422 encryption configuring 422 generating host keys 422 host key management 422 key exchange 421 message authentication configuring 422 hmac md...

Страница 629: ...monitoring 322 passwords 403 patching with hotfixes 378 physical slots rebooting 500 RADIUS password authentication 421 software reset button 410 system configuration files 277 system name 240 TFTP c...

Страница 630: ...iguration mode 78 113 Tunnel Profile Configuration mode 78 114 Tunnel Server Configuration mode 78 114 tunnel server command 114 tunnels IP 22 twofish cbc encryption algorithm for SSH 422 U Universal...

Страница 631: ...Router Redundancy Protocol 24 VSAs vendor specific attributes levels of CLI access 431 restricting access to virtual routers 432 vty lines clearing 248 configuring 246 managing 246 monitoring 246 user...

Страница 632: ...Copyright 2010 Juniper Networks Inc 602 JunosE 11 3 x System Basics Configuration Guide...

Отзывы:

Нет отзывов

Похожие инструкции для JUNOSE 11.3

Бренд: CSSN Страницы: 8

Бренд: Alcatel Страницы: 2

BACKUP AND RECOVERY 10 ADVANCED SERVER VIRTUAL EDITION - COMMAND LINE REFERENCE UPDATE 3

Бренд: ACRONIS Страницы: 54

Бренд: Ulead Страницы: 168

Data Explorer 4 Series

Бренд: Applied Biosystems Страницы: 447

Streaming Client

Бренд: BARIX Страницы: 51

Бренд: Intel Страницы: 30

DRIVERSCANNER 2009

Бренд: UNIBLUE Страницы: 62

Бренд: M-Audio Страницы: 88

25366 - Camera Control Pro

Бренд: Nikon Страницы: 94

Бренд: Autodesk Страницы: 6

23802-091408-9020 - PSG Dwf Composer 2

Бренд: Autodesk Страницы: 12

COLDFUSION 4.5-DEVELOPING WEB

Бренд: MACROMEDIA Страницы: 380

VIAVOICE-SIMPLY DICTATION FOR MAC OS X

Бренд: IBM Страницы: 92

Бренд: FARONICS Страницы: 99

Бренд: Waves Страницы: 16

Бренд: Patton electronics Страницы: 331

DSN-210-SW - SureSync Continuous Data...

Бренд: D-Link Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды