View
231
Download
0
Category
Preview:
Citation preview
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
1/509
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: 530-008935-01, Revision 1
JUNOS™Internet Software
Configuration Guide
Gett ing St art ed
Release 5.6
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
2/509
•••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
i i
This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright ©1986–1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the publicdomain.
This product includes memory allocation software developed by Mark Moraes, copyright©1988, 1989, 1993, University of Toronto.
This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and softwareincluded in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by The Regents of the University of California. Copyright©1979, 1980, 1983, 1986, 1988,1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.
GateD software copyright ©1995, The Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 byCornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol.Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright ©1988, Regents of theUniversity of California. All rights reserved. Portions of the GateD software copyright ©1991, D. L. S. Associates.
This product includes software developed by Maker Communications, Inc., Copyright ©1996, 1997, Maker Communications, Inc.
Juniper Networks is registered in the U.S. Patent and Trademark Office and in other countries as a trademark of Juniper Networks, Inc. Broadband CableProcessor, ERX, ESP, G10, Internet Processor, JUNOS, JUNOScript, M5, M10, M20, M40, M40e, M160, MRX, M-series, NMC-RX, SDX, ServiceGuard, T320,
T640, T-series, UMC, and Unison are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered servicemarks are the property of their respective owners. All specifications are subject to change without notice.
JUNOS Internet Software Configuration Guide: Getti ng Started , Release 5.6Copyright ©2002, Juniper Networks, Inc.All rights reserved. Printed in USA.
Writers: Margaret Jones, John Gilbert ChanEditors: Cathy Steinberg, Cris MorrisCovers and template design: Edmonds Design
Revision History27 December 2002—First edition.
The information in this document is current as of the date listed in the revision history above.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer orotherwise revise this publication without notice.
Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.
Products made or sold by Juniper Networks (including the M5, M10, M20, M40, M40e, and M160 routers, T320 router, T640 routing node, and the JUNOSsoftware) or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. PatentNos. 5,473,599, 5,905,725, 5,909,440, 6,333,650, 6,359,479, and 6,406,312.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to theextent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, youindicate that you understand and agree to be bound by those terms and conditions.
Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certainuses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.
For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
3/509
••••••••
••••••••••••••
••••••••••••••••••••••••••
Abbreviated Table of Contents i i i
Abbreviated Table of ContentsAbout this Manual
Part 1Overview
Chapter 1Product Archit ecture .............................................................................................3
Chapter 2JUNOS Software Overview .................................................................................9
Chapter 3Complete Configuration ModeCommands and Statements ............................................................................35
Part 2Sof tware Instal lat ion and Upgrade
Chapter 4Installat ion Overview ..........................................................................................83
Chapter 5Configure the Sof tware Init ially ..................................................................89
Chapter 6Reinstall t he Sof tware .......................................................................................93
Chapter 7Upgrade Software Packages .........................................................................97
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
4/509
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
5/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Abbreviated Table of Contents v
Chapter 19Conf igure Basic System Management ...................................................243
Chapter 20Configure System Authentication.............................................................251
Chapter 21Configure User Access .....................................................................................263
Chapter 22Conf igure Time .......................................................................................................277
Chapter 23System Log Messages Overview ...............................................................283
Chapter 24Conf igure Miscel laneous System Management Features ........295
Chapter 25Summary of System ManagementConf iguration Statements..............................................................................305
Part 5Access
Chapter 26Access Conf igurat ion Guidel ines ..............................................................339
Part 6Securit y Services
Chapter 27Securit y Services Overview ..........................................................................347
Chapter 28Security Services Configuration Guidelines ......................................351
Chapter 29Summary of Security Services
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
6/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedvi
Conf iguration Statements .............................................................................379
Part 7Rout er Chassis
Chapter 30Router Chassis Conf igurat ion Guidel ines ..........................................399
Chapter 31Summary of Router Chassis Configuration Statements ............ 417
Part 8Appendix
Appendix AGlossary .....................................................................................................................435
Part 9Index
IndexIndex ............................................................................................................................457
IndexIndex of Statements and Commands ..................................................... 471
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
7/509
••••••••
••••••••••••••
••••••••••••••••••••••••••
Table of Contents vi i
Table of ContentsAbout this Manual
Objectives......................................................................................................... xxviiAudience.......................................................................................................... xxviiiDocument Organization................................................................................... xxviiiPart Organization................................................................................................xxx
Using the Indexes..............................................................................................xxxiDocumentation Conventions ............................................................................ xxxiiGeneral Conventions ................................................................................ xxxiiConventions for Software Commands and Statements..............................xxxii
List of Technical Publications........................................................................... xxxivDocumentation Feedback................................................................................. xxxvHow to Request Support................................................................................... xxxv
Part 1Overview
Chapter 1Product Archit ecture .............................................................................................3
Hardware Overview................................................................................................3Product Architecture...............................................................................................4
Packet Forwarding Engine ..............................................................................5Packet Flow through an M-Series Router ..................................................5Packet Flow through a T-series Router......................................................6
Routing Engine ...............................................................................................7
Chapter 2JUNOS Software Overview .................................................................................9
Routing Engine Software Components....................................................................9Routing Protocol Process...............................................................................10
Routing Protocols (IPv4).........................................................................10Routing Protocols (IPv6).........................................................................12Routing and Forwarding Tables..............................................................12Routing Policy .......................................................................................13
VPNs..............................................................................................................14Interface Process...........................................................................................14
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
8/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedv i i i
Chassis Process.............................................................................................14SNMP and MIB II Processes...........................................................................14Management Process....................................................................................15Routing Engine Kernel...................................................................................15
Software Installation Overview.............................................................................15 Tools for Accessing and Controlling the Software.................................................15Software Configuration Overview.........................................................................16
Methods of Configuring the Software ............................................................16Configuring the Software...............................................................................16Activating a Configuration.............................................................................17
Software Monitoring Tools....................................................................................17Router Security.....................................................................................................17
JUNOS Default Settings..................................................................................18Router Access................................................................................................19User Authentication.......................................................................................19Routing Protocol Security Features................................................................20Firewall Filters...............................................................................................20Auditing for Security......................................................................................20
Supported Software Standards..............................................................................21Supported Internet RFCs and Drafts..............................................................21
ATM.......................................................................................................21BGP........................................................................................................21CHAP .....................................................................................................22Frame Relay...........................................................................................22GMPLS....................................................................................................22GRE and IP-IP Encapsulation..................................................................23IP Multicast............................................................................................23IPSec and IKE.........................................................................................24IPv6........................................................................................................24IS-IS........................................................................................................26LDP........................................................................................................26MIBs ......................................................................................................26MPLS......................................................................................................29OSPF......................................................................................................30PPP ........................................................................................................30RIP ........................................................................................................30RSVP......................................................................................................30SSL.........................................................................................................31 TCP/IP v4...............................................................................................31VPNs......................................................................................................32
Supported ISO Standards...............................................................................32IS-IS........................................................................................................32
Supported SDH and SONET Standards..........................................................32Other Supported Standards...........................................................................33
ATM.......................................................................................................33
Ethernet.................................................................................................33Frame Relay...........................................................................................34 T3..........................................................................................................34
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
9/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Table of Contents ix
Chapter 3Complete Configuration ModeCommands and Statements ............................................................................35
Complete Configuration Mode Commands...........................................................35Complete Configuration Statement Hierarchy.......................................................36
[edit access] Hierarchy Level .........................................................................37[edit accounting-options] Hierarchy Level......................................................37[edit chassis] Hierarchy Level ........................................................................38[edit class-of-service] Hierarchy Level ...........................................................39[edit firewall] Hierarchy Level........................................................................40[edit forwarding-options] Hierarchy Level......................................................41[edit groups] Hierarchy Level.........................................................................42[edit interfaces] Hierarchy Level....................................................................43[edit policy-options] Hierarchy Level .............................................................49[edit protocols] Hierarchy Level.....................................................................50
[edit routing-instances] Hierarchy Level.........................................................66[edit routing-options] Hierarchy Level............................................................71[edit security] Hierarchy Level.......................................................................74[edit snmp] Hierarchy Level ..........................................................................75[edit system] Hierarchy Level ........................................................................76
Part 2Sof tware Instal lat ion and Upgrade
Chapter 4Installat ion Overview
..........................................................................................83
JUNOS Software Distribution ................................................................................83Software Release Names ..............................................................................84Package Names.............................................................................................84
Storage Media ......................................................................................................86Boot Devices.........................................................................................................86Boot Sequence......................................................................................................87
Chapter 5Configure the Sof tware Init ially ..................................................................89
Chapter 6Reinstall t he Sof tware .......................................................................................93
Prepare to Reinstall the JUNOS Software..............................................................93Reinstall the JUNOS Software................................................................................93Reconfigure the JUNOS Software..........................................................................94
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
10/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx
Chapter 7Upgrade Sof tware Packages ........................................................................97
Upgrade All Software Packages.............................................................................98Upgrade Individual Software Packages...............................................................101Copy a Configuration to a PC Card or LS-120MB Floppy Disk.............................102
Chapter 8Upgrade to Release 5.0 or Downgrade from Release 5.0 ......... 103
Part 3Command-Line Interf ace
Chapter 9Command-Line Interface Overview ..........................................................109
CLI Modes...........................................................................................................109CLI Command Hierarchy....................................................................................110
Chapter 10Command-Line Interface Operational Mode........................................ 111
Use the CLI.........................................................................................................112Get Help About Commands.........................................................................113
Examples: Get Help About Commands.................................................113Have the CLI Complete Commands.............................................................114
Examples: Use CLI Command Completion...........................................115CLI Messages...............................................................................................115Move around and Edit the Command Line..................................................116How Output Appears on the Screen............................................................117
Display Output One Screen at a Time..................................................117Filter Command Output ......................................................................119
Place Command Output in a File...................................................120Search for a String in the Output...................................................120Compare Configuration Changes with a Prior Version...................123
Count the Number of Lines in the Output .....................................124Display All Output at Once............................................................124Retain the Output after the Last Screen.........................................125Display Additional Information about the Configuration ..............125Filter Command Output Multiple Times........................................127
Set the Current Date and Time...........................................................................127Set Date and Time from NTP Servers .................................................................128Display CLI Command History............................................................................128Monitor Who Uses the CLI..................................................................................129
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
11/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Table of Contents x i
Chapter 11Control the CLI Environment ........................................................................131
Set the Terminal Type.........................................................................................132Set the Screen Length.........................................................................................132Set the Screen Width ..........................................................................................132Set the CLI Prompt..............................................................................................132Set the Idle Timeout............................................................................................132Set CLI to Prompt after a Software Upgrade........................................................133Set Command Completion..................................................................................133Display CLI Settings............................................................................................133Example: Control the CLI Environment...............................................................133
Chapter 12Configure the Router with the CLI ............................................................135
Configuration Statement Hierarchy.....................................................................136How the Configuration Is Stored ........................................................................138Enter Configuration Mode...................................................................................139
Using the Configure Command....................................................................140Using the Configure Exclusive Command ...................................................140Using the Configure Private Command........................................................141
Update the Configure Private Configuration .........................................143Configuration Mode Prompt................................................................................144Configuration Mode Banner................................................................................144Configuration Statements and Identifiers............................................................145Get Help about Configuration Mode Commands,
Statements, and Identifiers..........................................................................147Use Command Completion in Configuration Mode......................................147
Examples: Use Command Completion in Configuration Mode.............147Get Help Based on a String in a Statement Name........................................149
Example: Get Help Based on a String Contained in aStatement Name...........................................................................149
Create and Modify the Configuration..................................................................150Examples: Create and Modify the Configuration..........................................151
Move among Levels of the Hierarchy..................................................................153Move Down to a Specific Level ...................................................................154Move Back Up to Your Previous Level..........................................................154Move Up One Level .....................................................................................154Move Directly to the Top of the Hierarchy...................................................155Warning Messages When Moving Up...........................................................155Issue Relative Configuration Commands .....................................................155
Exit Configuration Mode.....................................................................................156Display the Current Configuration.......................................................................156
Examples: Display the Current Configuration..............................................157Display Users Currently Editing the Configuration ..............................................158Remove a Statement from the Configuration......................................................159
Examples: Remove a Statement from the Configuration .............................160Copy a Statement in the Configuration...............................................................161
Example: Copy a Statement in the Configuration ........................................161Rename an Identifier..........................................................................................162
Example: Rename an Identifier...................................................................162Insert a New Identifier........................................................................................162
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
12/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx i i
Examples: Insert a New Identifier................................................................162Run an Operational Mode CLI Command from Configuration Mode...................164
Example: Run an Operational Mode CLI Commandfrom Configuration Mode.....................................................................164
Display Configuration Mode Command History..................................................165Verify a Configuration.........................................................................................165Commit a Configuration.....................................................................................165
Commit a Configuration and Exit Configuration Mode................................167Activate a Configuration but Require Confirmation .....................................167Schedule a Commit .....................................................................................168
Synchronize Routing Engines.............................................................................169Example: Apply Groups Re0 and Re1..........................................................170Example: Set Apply Groups Re0 and Re1....................................................170
Save a Configuration to a File ...........................................................................171Load a Configuration .........................................................................................171
Examples: Load a Configuration from a File................................................172Return to a Previously Committed Configuration................................................174
Example: Return to a Previously Committed Version of the Configuration..175
Configuration Mode Error Messages...................................................................175Deactivate and Reactivate Statements and Identifiers in a Configuration ...........176
Examples: Deactivate and Reactivate Statements andIdentifiers in aConfiguration................................................................176
Add Comments in a Configuration......................................................................177Examples: Include Comments in Configurations.........................................178
Have Multiple Users Configure the Software.......................................................179Example: Using the CLI to Configure the Router ................................................179
Shortcut.......................................................................................................180Longer Configuration Example....................................................................180
Additional Details about Specifying Statements and Identifiers ..........................185How to Specify Statements .........................................................................185How the CLI Performs Type-Checking.........................................................187
Chapter 13Conf igurat ion Groups ........................................................................................189
Overview............................................................................................................189Inheritance Model .......................................................................................190
Configuration Groups Configuration Statements.................................................190Configuration Groups Configuration Guidelines..................................................190
Create a Configuration Group......................................................................191Apply a Configuration Group.......................................................................191
Example: Configure and Apply Configuration Groups...........................192Display Inherited Values..............................................................................193
Use Wildcards .............................................................................................194Example: Use Wildcards.......................................................................196
Examples: Configuration Groups........................................................................197Configure Sets of Statements.......................................................................197Configure Interfaces....................................................................................199Configure Peer Entities................................................................................201Establish Regional Configurations................................................................203Select Wildcard Names................................................................................204
Summary of Configuration Group Statements....................................................205apply-groups................................................................................................205groups.........................................................................................................206
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
13/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Table of Contents x i i i
Chapter 14Summary of CLI Environment Commands............................................207
set cli complete-on-space....................................................................................207set cli idle-timeout ..............................................................................................208set cli prompt......................................................................................................208set cli restart-on-upgrade....................................................................................208set cli screen-length............................................................................................209set cli screen-width.............................................................................................209set cli terminal....................................................................................................209set date...............................................................................................................210set date ntp ........................................................................................................210show cli ..............................................................................................................210show cli history...................................................................................................211
Chapter 15Summary of CLI Configuration Mode Commands ...........................213
activate...............................................................................................................213annotate.............................................................................................................214commit...............................................................................................................215copy....................................................................................................................216deactivate...........................................................................................................216delete .................................................................................................................217edit .....................................................................................................................217exit .....................................................................................................................218help ....................................................................................................................218insert ..................................................................................................................219load ....................................................................................................................219quit.....................................................................................................................220rename...............................................................................................................220rollback...............................................................................................................221run......................................................................................................................221save....................................................................................................................222set.......................................................................................................................223show...................................................................................................................223status..................................................................................................................223top......................................................................................................................224up.......................................................................................................................224
Chapter 16Summary of CLI Operat ional Mode Commands................................225
clear....................................................................................................................225configure............................................................................................................225file .....................................................................................................................225monitor ..............................................................................................................226ping....................................................................................................................226update................................................................................................................226| (pipe)................................................................................................................227quit.....................................................................................................................227
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
14/509
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
15/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Table of Contents x v
Chapter 20Configure System Authentication.............................................................251
Configure RADIUS Authentication ......................................................................251Configure Juniper Networks-Specific RADIUS Attributes..............................252
Configure TACACS+ Authentication ..................................................................253Configure Juniper Networks-Specific TACACS+ Attributes ..........................254
Configure Template Accounts for RADIUS and TACACS+ Authentication ..........255Remote Template Accounts.........................................................................255Local User Template Accounts.....................................................................256
Local User Template Example:.............................................................256Configure the Authentication Order ...................................................................258
Example: Remove an Ordered Set from the Authentication Order ..............258Example: Insert an Order Set in the Authentication Order...........................258
Examples: Configure System Authentication ......................................................259Local User Fallback Mechanism...................................................................260
Example1: Insert Password into the Authentication Order ...................261Example 2: Default to Local User Password Authentication, TACACS +.....261
Example 3: Default to Local User Password Authentication, RADIUS ...261Example 4: Default to Local User Password Authentication, TACACS + and
RADIUS.........................................................................................262
Chapter 21Configure User Access .....................................................................................263
Define Login Classes ..........................................................................................263Configure Access Privilege Levels ................................................................264
Example: Configure Access Privilege Levels .........................................266Deny or Allow Individual Commands..........................................................267
Operational Mode Commands..............................................................267Example 1: Define Access Privileges to Individual Operational Mode
Commands............................................................................268Example 2: Define Access Privileges to Individual Operational Mode
Commands............................................................................269Configuration Mode Commands...........................................................269
Example 3: Define Access Privileges to Individual Configuration ModeCommands............................................................................271
Example 4: Configure Access Privileges to Individual ConfigurationMode Commands...................................................................272
Configure the Timeout Value for Idle Login Sessions ...................................272Configure User Accounts ....................................................................................273
Example: Configure User Accounts..............................................................274
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
16/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx vi
Chapter 22Conf igure Time ......................................................................................................277
Set the Time Zone..............................................................................................277Examples: Set the Time Zone......................................................................277
Configure the Network Time Protocol.................................................................278Configure the NTP Boot Server....................................................................279Configure the NTP Time Server and Time Services......................................279
Configure the Router to Operate in Client Mode...................................280Configure the Router to Operate in Symmetric Active Mode................280Configure the Router to Operate in Broadcast Mode............................281
Configure NTP Authentication Keys ............................................................281Configure the Router to Listen for Broadcast Messages...............................282Configure the Router to Listen for Multicast Messages.................................282
Chapter 23System Log Messages Overview ...............................................................283
System Logging Configuration Guidelines...........................................................284Minimum System Logging Configuration............................................................285Direct Messages to a Log File..............................................................................287Direct Messages to a User Terminal....................................................................287Direct Messages to the Console..........................................................................288Archive System Logs...........................................................................................288Direct Messages to a Remote Machine................................................................289
Assign an Alternate Facility.........................................................................289Examples: Assign an Alternate Facility..........................................290
Prepend a Prefix..........................................................................................291Example: Prepend a Prefix............................................................291
Examples: Configure System Logging..........................................................292...........................................................................................................................293
Chapter 24Conf igure Miscellaneous System Management Features ........295
Configure Console and Auxiliary Port Properties ...............................................295Disable the Sending of Redirect Messages on the Router....................................296Configure the Source Address for Locally Generated TCP/IP Packets..................296Configure the Router or Interface to Act as a
DHCP/BOOTP Relay Agent..........................................................................297Configure System Services..................................................................................297
Configure Finger Service.............................................................................297Configure FTP Service.................................................................................298Configure rlogin Service..............................................................................298Configure ssh Service..................................................................................298
Configure Root Login............................................................................299Configure ssh Protocol Version.............................................................299
Configure telnet Service ..............................................................................300Configure a System Login Message.....................................................................300Configure JUNOS Software Processes .................................................................300
Disable JUNOS Software Processes .............................................................300
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
17/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Table of Contents xv i i
Configure Failover to Backup Media if a Software Process Fails ..................301Configure a Password on the Diagnostics Port....................................................301Core Dump Files.................................................................................................301Configure a Router to Transfer its Configuration to an Archive Site ....................302
Configure the Transfer Interval....................................................................302Configure Transfer on Commit....................................................................302Configure Archive Sites................................................................................303
Chapter 25Summary of System ManagementConf iguration Statements..............................................................................305
allow-commands................................................................................................305allow-configuration ............................................................................................306archive-sites........................................................................................................306
authentication.....................................................................................................307authentication-key..............................................................................................308authentication-order ..........................................................................................308auxiliary .............................................................................................................309backup-router .....................................................................................................309boot-server .........................................................................................................310broadcast............................................................................................................310broadcast-client..................................................................................................311class....................................................................................................................311compress-configuration-files...............................................................................312configuration......................................................................................................312console ..............................................................................................................313default-address-selection.....................................................................................313deny-commands.................................................................................................313
deny-configuration..............................................................................................314diag-port-authentication......................................................................................314domain-name.....................................................................................................315domain-search....................................................................................................315full-name............................................................................................................315host-name...........................................................................................................316idle-timeout ........................................................................................................316load-key-file........................................................................................................316location...............................................................................................................317login ...................................................................................................................318message..............................................................................................................318mirror-flash-on-disk ............................................................................................319multicast-client ...................................................................................................319name-server........................................................................................................320no-redirects.........................................................................................................320no-saved-core-context.........................................................................................320ntp......................................................................................................................321peer....................................................................................................................321permissions........................................................................................................322port.....................................................................................................................322ports...................................................................................................................322processes............................................................................................................323protocol-version..................................................................................................324radius-server.......................................................................................................324retry....................................................................................................................325
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
18/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedxv i i i
root-authentication.............................................................................................325root-login............................................................................................................326secret..................................................................................................................326server .................................................................................................................327
services..............................................................................................................328single-connection................................................................................................329static-host-mapping............................................................................................329syslog.................................................................................................................330system................................................................................................................331tacplus-server .....................................................................................................332timeout...............................................................................................................332time-zone...........................................................................................................333transfer-interval..................................................................................................335transfer-on-commit.............................................................................................335trusted-key .........................................................................................................335uid......................................................................................................................336user ...................................................................................................................336
Part 5Access
Chapter 26Access Conf igurat ion Guideli nes ..............................................................339
Configure Challenge Handshake Authentication Protocol....................................340Example: PPP Challenge Handshake Authentication Protocol......................340
Configure the Authentication Order....................................................................341
Trace Access Processes.......................................................................................342Summary of Access Configuration Statements ...................................................343
authentication-order....................................................................................343profile..........................................................................................................343traceoptions................................................................................................344
Part 6Securit y Services
Chapter 27Security Services Overview ..........................................................................347
IPSec Overview...................................................................................................347Security Associations..........................................................................................348IPSec Security.....................................................................................................348
Host-to-Host Protection ...............................................................................348Gateway-to-Gateway Protection...................................................................348
IKE .....................................................................................................................349
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
19/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Table of Contents x ix
Chapter 28Security Services Configuration Guidelines ......................................351
Minimum IPSec Configuration............................................................................353Minimum Manual SA Configuration.............................................................353Minimum Dynamic SA Configuration..........................................................353
Configure Global IPSec Properties.......................................................................354Configure IPSec Proposal Properties...................................................................354Configure Security Associations..........................................................................355
IPSec Security..............................................................................................355Host-to-Host Security............................................................................356Gateway-to-Gateway Security...............................................................356
Configure IPSec Mode..................................................................................356Configure Manual Security Associations.......................................................357
Configure Direction..............................................................................357Configure the Protocol..........................................................................358
Configure a Security Parameter Index (SPI)..........................................359Configure the Auxiliary Security Parameter Index................................359Configure Authentication......................................................................360Configure Encryption ...........................................................................360
Configure Dynamic Security Associations....................................................361Configure IKE (Dynamic SAs Only).....................................................................362
IKE Global Properties...................................................................................362IKE Proposal Properties...............................................................................363Configure an IKE Proposal...........................................................................363
Configure an IKE Authentication Algorithm..........................................363Configure an IKE Authentication Method..............................................364Configure an IKE Diffie-Hellman Group................................................364Configure an IKE Encryption Algorithm................................................364Configure IKE Lifetime.........................................................................365
Example: IKE Proposal Configuration...................................................365Configure an IKE Policy......................................................................................365
Configure IKE Policy Mode..........................................................................366Configure IKE Policy Proposal .....................................................................366Configure IKE Policy Preshared Key............................................................367
Example: Configure IKE Policy.............................................................367Configure an IPSec Proposal ...............................................................................368
Configure an Authentication Algorithm........................................................368Configure an Encryption Algorithm.............................................................368Configure IPSec Lifetime..............................................................................369Configure Protocol for Dynamic SA.............................................................369
Configure an IPSec Policy ...................................................................................370Configure Perfect Forward Secrecy..............................................................370Example: IPSec Policy Configuration...........................................................371
Configure Trace Options.....................................................................................372Configure the ES PIC...........................................................................................372
Example: ES PIC Configuration....................................................................373Configure Traffic.................................................................................................373
Traffic Overview..........................................................................................374Example 1: Configure Outbound Traffic Filter .............................................375Example 2: Apply Outbound Traffic Filter....................................................376Example 3: Configure Inbound Traffic Filter for Policy Check......................376Example 4: Apply Inbound Traffic Filter to ES PIC for Policy Check.............377
Configure an ES Tunnel Interface for a Layer 3 VPN...........................................378Configure JUNOScript XNM-SSL Service..............................................................378
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
20/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x
Chapter 29Summary of Security ServicesConf iguration Statements .............................................................................379
authentication.....................................................................................................379auxiliary-spi........................................................................................................380authentication-algorithm.....................................................................................380
authentication-algorithm (IKE).....................................................................380authentication-algorithm (IPSec)..................................................................381
authentication-method .......................................................................................381certificates..........................................................................................................381dh-group.............................................................................................................382direction.............................................................................................................382dynamic.............................................................................................................383encryption..........................................................................................................384encryption-algorithm..........................................................................................385
ike......................................................................................................................385ipsec...................................................................................................................386lifetime-seconds..................................................................................................387manual ...............................................................................................................387mode..................................................................................................................388
mode (IPSec)...............................................................................................388mode (IKE)..................................................................................................388
perfect-forward-secrecy......................................................................................389policy..................................................................................................................389
policy (IPSec)...............................................................................................389policy (IKE)..................................................................................................390
pre-shared-key....................................................................................................390proposal .............................................................................................................391
proposal (IKE)..............................................................................................391
proposal (IPSec)...........................................................................................391protocol..............................................................................................................392
protocol (manual SA)...................................................................................392protocol (dynamic SA).................................................................................392
security-association ............................................................................................393spi ......................................................................................................................394traceoptions........................................................................................................395
Part 7Rout er Chassis
Chapter 30Router Chassis Conf igurat ion Guidel ines ..........................................399
Minimum Chassis Configuration.........................................................................400Configure Aggregated Devices ...........................................................................401Configure ATM Cell-Relay Accumulation Mode...................................................401Configure Conditions That Trigger Alarms .........................................................402
Chassis Conditions That Trigger Alarms .....................................................403Silence External Devices .............................................................................404
Configure SONET/SDH Framing .........................................................................404
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
21/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
Table of Contents x x i
Configure Sparse DLCIS Mode............................................................................405Configure Channelized PIC Operation ................................................................405
Concatenated and Nonconcatenated Mode..................................................406Channelized DS-3 to DS-0 Naming......................................................................406
Channelized E1 Naming......................................................................................408Channelized STM-1 Interface Virtual Tributary Mapping.....................................409Configure the Drop Policy for Traffic with Source-Route Constraints .................410Configure Redundancy.......................................................................................410
Configure Routing Engine Redundancy ......................................................410Copy a Configuration File from One Routing Engine to the Other .......411Load a Package from the Other Routing Engine ..................................413Change over to the Backup Routing Engine .........................................413
Default Routing Engine Redundancy Behavior.............................................414Configure SFM Redundancy.........................................................................414Configure SSB Redundancy.........................................................................415
Configure Packet Scheduling...............................................................................415
Chapter 31Summary of Router Chassis Configuration Statements............417
aggregated-devices .............................................................................................417alarm .................................................................................................................418atm-cell-relay-accumulation................................................................................418ce1......................................................................................................................419channel-group.....................................................................................................419chassis ...............................................................................................................419ct3......................................................................................................................420device-count.......................................................................................................420e1.......................................................................................................................420
ethernet..............................................................................................................421failover on-loss-of-keepalives..............................................................................421fpc .....................................................................................................................422framing ..............................................................................................................423keepalive-time....................................................................................................423no-concatenate ..................................................................................................424packet-scheduling ..............................................................................................425pic .....................................................................................................................426port.....................................................................................................................426redundancy ........................................................................................................427routing-engine ...................................................................................................427sfm.....................................................................................................................428sonet...................................................................................................................428source-route .......................................................................................................429
ssb .....................................................................................................................429sparse-dlcis.........................................................................................................430t1........................................................................................................................430timeslots.............................................................................................................430vtmapping..........................................................................................................431
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
22/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x i i
Part 8Appendix
Appendix AGlossary .....................................................................................................................435
Part 9Index
IndexIndex ............................................................................................................................457
IndexIndex of Statements and Commands ..................................................... 471
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
23/509
••••••••
••••••••••••••
••••••••••••••••••••••••••
List of Figures x x i i i
List of FiguresList of Figures
Figure 1: Product Architecture.............................................................................5Figure 2: CLI Command Hierarchy Example....................................................110Figure 3: Configuration Mode Hierarchy of Statements...................................137Figure 4: Commands for Storing and Modifying the Router Configuration.......138
Figure 5: Confirm a Configuration ...................................................................168Figure 6: Example 1: Load a Configuration from a File....................................172Figure 7: Example 2: Load a Configuration from a File....................................173Figure 8: Example 3: Load a Configuration from a File....................................173Figure 9: Example 4: Load Configuration from a File.......................................174Figure 10: Example: IPSec Tunnel Connecting Security Gateways.....................374
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
24/509
List of Figures
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x i v
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
25/509
••••••••
••••••••••••••
••••••••••••••••••••••••••
List of Tables List of Tables x x v
List of TablesList of Tables
Table 1: Juniper Networks Technical Documentation..................................xxxiv Table 2: Release 5.x Device Names..................................................................86 Table 3: CLI Keyboard Sequences .................................................................116 Table 4: ---More--- Prompt Keyboard Sequences ............................................118
Table 5: Common Regular Expression Operators...........................................120 Table 6: Configuration Mode Top-Level Statements .......................................146 Table 7: CLI Configuration Input Types .........................................................187 Table 8: Juniper Networks–Specific RADIUS Attributes ..................................252 Table 9: Juniper Networks-Specific TACACS+ Attributes................................254 Table 10: Login Class Permission Bits...............................................................265 Table 11: Default System Login Classes ...........................................................266 Table 12: Operational Mode Commands—Common Regular Expression
Operators..........................................................................................268 Table 13: Configuration Mode Commands—Common Regular Expression
Operators..........................................................................................271 Table 14: Mininum Configuration Statements for System Logging...................285 Table 15: System Logging Facilities..................................................................286 Table 16: System Log Message Severity Levels.................................................286
Table 17: Facilities for the facility-override Statement .....................................290 Table 18: Configurable PIC Alarm Conditions ..................................................402 Table 19: Chassis Component Alarm Conditions .............................................403 Table 20: Ranges for Channelized DS-3 to DS-0 Configuration.........................407 Table 21: Ranges for Channelized E1 Configuration ........................................409
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
26/509
List of Tables
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedxxv i
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
27/509
••••••••
••••••••••••••
••••••••••••••••••••••••••
About this Manual xxv i i
About this Manual
This chapter provides a high-level overview of the JUNOS Internet Software Confi gurati onGuide: Getti ng Star ted :
! Objectives on pagexxvii
! Audience on pagexxviii
! Document Organization on pagexxviii
! Part Organization on pagexxx
! Using the Indexes on pagexxxi
! Documentation Conventions on pagexxxii
! List of Technical Publications on pagexxxiv
! Documentation Feedback on pagexxxv
! How to Request Support on pagexxxv
Objectives
This manual provides an overview of the JUNOS Internet software and describes how toinstall and upgrade the software. This manual also describes how to configure systemmanagement functions and how to configure the chassis, including user accounts,passwords, and redundancy.
This manual documents Release 5.6 of the JUNOS Internet software. To obtain additionalinformation about the JUNOS software—either corrections to information in this manual orinformation that might have been omitted from this manual—refer to the software release
notes.
To obtain additional information about the JUNOS software—either corrections toinformation in this manual or information that might have been omitted from thismanual—refer to the printed software release notes that accompany your router.
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
28/509
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
29/509
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
About this Manual x x i x
Document Organization
! Chapter 6, “Reinstall the Software,” describes how to reinstall the JUNOS software.
! Chapter 7, “Upgrade Software Packages,” describes how to upgrade softwarepackages.
! Chapter 8, “Upgrade to Release 5.0 or Downgrade from Release 5.0,” describeshow to upgrade to Release 5.0 or downgrade from Release 5.0.
! Part3, “Command-Line Interface,” describes the interface that you use to configure andmonitor the JUNOS software. The command-line interface (CLI) is the interface you usewhen you access the router.
! Chapter 9, “Command-Line Interface Overview,” provides an overview of thefunctions of the CLI.
! Chapter 10, “Command-Line Interface Operational Mode,” describes theoperational mode of the CLI.
! Chapter 11, “Control the CLI Environment,” describes how to configure the CLIenvironment.
! Chapter 12, “Configure the Router with the CLI,” describes the configuration modeof the CLI.
! Chapter 13, “Configuration Groups,” describes configuration groups.
! Chapter 14, “Summary of CLI Environment Commands,” explains each of the CLIenvironment commands.
! Chapter 15, “Summary of CLI Configuration Mode Commands,” explains each ofthe CLI configuration mode commands.
! Chapter 16, “Summary of CLI Operational Mode Commands,” explains each of theCLI operational mode commands.
! Part 4, “System Management,” describes how to use the CLI to manage the router.
! Chapter17, “System Management Overview,” provides background information forconfiguring system management functions.
! Chapter 18, “System Management Configuration Statements,” lists all thestatements available at the [edit system] hierarchy level.
! Chapter 19, “Configure Basic System Management,” describes how to configurebasic system management functions.
! Chapter20, “Configure System Authentication,” describes how to configure RADIUSand TACACS+ authentication.
! Chapter 21, “Configure User Access,” describes how to configure user access.
! Chapter22, “Configure Time,” describes how to set the time zone and configure theNetwork Time Protocol, which provides mechanisms to synchronize time andcoordinate time distribution in a large, diverse network.
! Chapter 23, “System Log Messages Overview,” describes how to control systemlogging and how much information the system should log.
8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]
30/509
Part Organization
••••
••••••••••••••
•••••••••••••••••••••••••••
•••••••••••••
JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x x
! Chapter 24, “Configure Miscellaneous System Management Features,” describeshow to configure various system management functions, such as console andauxiliary port properties and the source address for locally generated TCP/IPpackets.
! Chapter 25, “Summary of System Management Configuration Statements,”explains each of the system management configuration statements.
! Part 5, “Access,” describes how to configure access services
! Chapter 26, “Access Configuration Guidelines,” describes how to configure access.and explains each of the access configuration statements.
! Part 6, “Security Services,” describes how to configure security services.
! Chapter 27, “Security Services Overview,” provides background information forconfiguring security services.
! Chapter 28, “Security Services Configuration Guidelines,” describes how toconfigure security service properties.
! Chapter 29, “Summary of Security Services Configuration Statements,” explainseach of the security services configuration statements.
! Part 7, “Router Chassis,” covers the configuration of router chassis properties.
! Chapter 30, “Router Chassis Configuration Guidelines,” describes how to configurerouter chassis properties.
! Chapter 31, “Summary of Router Chassis Configuration Statements,” provides adetailed listing of all configuration statements used in router chassis configuration.
This manua
Recommended