Config Guide Services

Juniper Networks JUNOS Software

Services Interfaces Configuration Guide

Release 9.6

Juniper Networks, Inc.1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000

www.juniper.netPublished: 2009-07-20

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain. This product includes memory allocation software developed by Mark Moraes, copyright 1988, 1989, 1993, University of Toronto. This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved. GateD software copyright 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirtons EGP, UC Berkeleys routing daemon (routed), and DCNs HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright 1991, D. L. S. Associates. This product includes software developed by Maker Communications, Inc., copyright 1996, 1997, Maker Communications, Inc. Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, ScreenOS, and Steel-Belted Radius are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Juniper Networks JUNOS Software Services Interfaces Configuration Guide Release 9.6 Copyright 2009, Juniper Networks, Inc. All rights reserved. Printed in USA. Writing: Alan Twhigg, Justine Kangas, Myron Weintraub Editing: Benjamin Mann, Joanne McClintock Illustration: Nathaniel Woodward Cover Design: Edmonds Design Revision History July 2009R1 JUNOS 9.6 The information in this document is current as of the date listed in the revision history. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS Software has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

ii

END USER LICENSE AGREEMENTREAD THIS END USER LICENSE AGREEMENT (AGREEMENT) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customers principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customers principal office is located outside the Americas) (such applicable entity being referred to herein as Juniper), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (Customer) (collectively, the Parties). 2. The Software. In this Agreement, Software means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. Software also includes updates, upgrades and new releases of such software. Embedded Software means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment. 3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions: a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller. b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single chassis. c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to Customers use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customers use of the Software shall be subject to all such limitations and purchase of all applicable licenses. d. For any trial copy of the Software, Customers right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period. e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customers enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services. The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller. 4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any locked or key-restricted feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein. 5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

iii

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customers internal business purposes. 7. Ownership. Juniper and Junipers licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software. 8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software (the Warranty Statement). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Junipers or its suppliers or licensors liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties. 9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customers possession or control. 10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing Customers payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customers non-compliance or delay with its responsibilities herein. Customers obligations under this Section shall survive termination or expiration of this Agreement. 11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customers ability to export the Software without an export license. 12. Commercial Computer Software. The Software is commercial computer software and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable. 13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available. 14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (GPL) or the GNU Library General Public License (LGPL)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html. 15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous

iv

agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux prsents confirment leur volont que cette convention de mme que tous les documents y compris tout avis qui s'y rattach, soient redigs en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

v

vi

Abbreviated Table of ContentsAbout This Guide xlix

Part 1Chapter 1 Chapter 2

OverviewServices Interfaces Overview Services Interfaces Configuration Statements 3 5

Part 2Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Chapter 25 Chapter 26 Chapter 27 Chapter 28 Chapter 29 Chapter 30

Adaptive ServicesAdaptive Services Overview Applications Configuration Guidelines Summary of Applications Configuration Statements Stateful Firewall Services Configuration Guidelines Summary of Stateful Firewall Configuration Statements Network Address Translation Services Configuration Guidelines Summary of Network Address Translation Configuration Statements Intrusion Detection Service Configuration Guidelines Summary of Intrusion Detection Service Configuration Statements IPsec Services Configuration Guidelines Summary of IPsec Services Configuration Statements Layer 2 Tunneling Protocol Services Configuration Guidelines Summary of Layer 2 Tunneling Protocol Configuration Statements Link Services IQ Interfaces Configuration Guidelines Summary of Link Services IQ Configuration Statements Voice Services Configuration Guidelines Summary of Voice Services Configuration Statements Class-of-Service Configuration Guidelines Summary of Class-of-Service Configuration Statements Service Set Configuration Guidelines Summary of Service Set Configuration Statements Service Interface Configuration Guidelines Summary of Service Interface Configuration Statements PGCP Configuration Guidelines for the BGF Feature Summary of PGCP Configuration Statements Service Interface Pools Configuration Guidelines Summary of Service Interface Pools Statements Border Signaling Gateway Configuration Guidelines 33 59 97 107 117 129 155 179 191 213 257 291 309 323 385 397 411 423 433 447 461 479 493 511 517 613 615 617

Abbreviated Table of Contents

vii

JUNOS 9.6 Services Interfaces Configuration Guide

Chapter 31

Summary of Border Signaling Gateway Configuration Statements

621

Part 3Chapter 32 Chapter 33 Chapter 34 Chapter 35 Chapter 36 Chapter 37 Chapter 38

Dynamic Application Awareness for JUNOS SoftwareDynamic Application Awareness for JUNOS Software Overview Application Identification Configuration Guidelines Summary of Application Identification Configuration Statements Application-Aware Access List Configuration Guidelines Summary of AACL Configuration Statements Local Policy Decision Function Configuration Guidelines Summary of L-PDF Configuration Statements 683 687 697 719 725 737 741

Part 4Chapter 39 Chapter 40 Chapter 41

Data Link SwitchingData Link Switching Overview Data Link Switching Configuration Guidelines Summary of Data Link Switching Configuration Statements 749 751 763


Encryption ServicesEncryption Overview Encryption Interfaces Configuration Guidelines Summary of Encryption Configuration Statements 785 787 797

Part 6Chapter 45 Chapter 46 Chapter 47 Chapter 48 Chapter 49 Chapter 50 Chapter 51 Chapter 52

Flow Monitoring and Discard Accounting ServicesFlow Monitoring and Discard Accounting Overview Flow Monitoring and Discard Accounting Configuration Guidelines Summary of Flow-Monitoring Configuration Statements Flow Collection Configuration Guidelines Summary of Flow Collection Configuration Statements Dynamic Flow Capture Configuration Guidelines Flow-Tap Configuration Guidelines Summary of Dynamic Flow Capture and Flow-Tap Configuration Statements 807 811 863 921 933 951 963 971


Link and Multilink ServicesLink and Multilink Services Overview Link and Multilink Services Configuration Guidelines Summary of Multilink and Link Services Configuration Statements 991 995 1037

Part 8Chapter 56 Chapter 57

Real-Time Performance Monitoring ServicesReal-Time Performance Monitoring Services Overview Real-Time Performance Monitoring Configuration Guidelines 1061 1063

viii


Chapter 58

Summary of Real-Time Performance Monitoring Configuration Statements

1081


Tunnel ServicesTunnel Services Overview Tunnel Interfaces Configuration Guidelines Summary of Tunnel Services Configuration Statements 1109 1113 1129

Part 10

IndexIndex Index of Statements and Commands 1145 1165


ix


x

Table of ContentsAbout This Guide xlix JUNOS Documentation and Release Notes ...................................................xlix Objectives ........................................................................................................l Audience ..........................................................................................................l Supported Platforms .........................................................................................l Using the Indexes ............................................................................................li Using the Examples in This Manual .................................................................li Merging a Full Example .............................................................................li Merging a Snippet ....................................................................................lii Documentation Conventions ..........................................................................lii Documentation Feedback ..............................................................................liv Requesting Technical Support .........................................................................lv

Part 1Chapter 1

OverviewServices Interfaces Overview 3

Services PIC Types ..........................................................................................3 Supported Platforms ........................................................................................4 Chapter 2 Services Interfaces Configuration Statements 5

[edit applications] Hierarchy Level ..................................................................5 [edit forwarding-options] Hierarchy Level .......................................................6 [edit interfaces] Hierarchy Level ......................................................................8 [edit logical-systems] Hierarchy Level ...........................................................11 [edit protocols] Hierarchy Level .....................................................................11 [edit services] Hierarchy Level .......................................................................12

Table of Contents

xi


Part 2Chapter 3

Adaptive ServicesAdaptive Services Overview 33

Enabling Service Packages ............................................................................35 Layer 2 Service Package Capabilities and Interfaces ...............................38 Services Configuration Procedure ..................................................................39 Packet Flow Through the Adaptive Services or MultiServices PIC ..................40 Stateful Firewall Overview .............................................................................41 Stateful Firewall Support for Application Protocols ..................................42 Stateful Firewall Anomaly Checking ........................................................42 Network Address Translation Overview .........................................................44 Traditional NAT .......................................................................................44 Twice NAT ..............................................................................................45 IPsec Overview ..............................................................................................45 IPsec .......................................................................................................46 Security Associations ..............................................................................46 IKE ..........................................................................................................46 Comparison of IPsec Services and ES Interface Configuration ................47 Layer 2 Tunneling Protocol Overview ............................................................48 Voice Services Overview ...............................................................................48 Class of Service Overview .............................................................................49 Examples: Services Interfaces Configuration .................................................49 Chapter 4 Applications Configuration Guidelines 59

Configuring Application Protocol Properties ..................................................60 Configuring an Application Protocol ........................................................60 Configuring the Network Protocol ...........................................................62 Configuring the ICMP Code and Type .....................................................63 Configuring Source and Destination Ports ...............................................65 Configuring the Inactivity Timeout Period ...............................................68 Configuring SIP .......................................................................................68 Configuring an SNMP Command for Packet Matching ............................69 Configuring an RPC Program Number ....................................................69 Configuring the TTL Threshold ................................................................69 Configuring a Universal Unique Identifier ...............................................70 Configuring Application Sets .........................................................................70 ALG Descriptions ...........................................................................................70 Basic TCP ALG ........................................................................................71 Basic UDP ALG ........................................................................................71 BOOTP ....................................................................................................72 DCE RPC Services ...................................................................................72 FTP .........................................................................................................72 H323 .......................................................................................................73 ICMP .......................................................................................................73 IIOP ........................................................................................................74 NetShow .................................................................................................74 RealAudio ...............................................................................................74

xii

Table of Contents

Table of Contents

RPC and RPC Portmap Services ..............................................................74 RTSP .......................................................................................................76 SMB ........................................................................................................76 SNMP ......................................................................................................76 SQLNet ...................................................................................................77 TFTP .......................................................................................................77 Traceroute ..............................................................................................77 UNIX Remote-Shell Services ....................................................................77 WinFrame ...............................................................................................78 Verifying the Output of ALG Sessions ............................................................78 FTP Example ..........................................................................................78 Sample Output .................................................................................78 FTP System Log Messages ................................................................79 Analysis ............................................................................................80 Troubleshooting Questions ...............................................................80 RTSP ALG Example .................................................................................81 Sample Output .................................................................................81 Analysis ............................................................................................81 Troubleshooting Questions ...............................................................82 System Log Messages .............................................................................83 System Log Configuration ................................................................84 System Log Output ...........................................................................85 JUNOS Default Groups ...................................................................................85 Examples: Referencing the Preset Statement from the JUNOS Default Group ...............................................................................................91 Examples: Configuring Application Protocols ................................................93 Chapter 5 Summary of Applications Configuration Statements 97

application ....................................................................................................97 application-protocol .......................................................................................98 application-set ...............................................................................................99 applications ...................................................................................................99 destination-port ...........................................................................................100 icmp-code ...................................................................................................100 icmp-type ....................................................................................................101 inactivity-timeout ........................................................................................101 learn-sip-register ..........................................................................................102 protocol .......................................................................................................103 rpc-program-number ...................................................................................104 sip-call-hold-timeout ....................................................................................104 snmp-command ..........................................................................................105 source-port ..................................................................................................105 ttl-threshold .................................................................................................106 uuid .............................................................................................................106

Table of Contents

xiii


Chapter 6

Stateful Firewall Services Configuration Guidelines

107

Configuring Stateful Firewall Rules ..............................................................108 Configuring Match Direction for Stateful Firewall Rules ........................108 Configuring Match Conditions in Stateful Firewall Rules .......................109 Configuring Actions in Stateful Firewall Rules .......................................110 Configuring IP Option Handling ......................................................111 Configuring Stateful Firewall Rule Sets ........................................................112 Examples: Configuring Stateful Firewall Rules .............................................112 Chapter 7 Summary of Stateful Firewall Configuration Statements 117

allow-ip-options ...........................................................................................118 application-sets ...........................................................................................119 applications .................................................................................................119 destination-address .....................................................................................120 destination-address-range ...........................................................................120 destination-prefix-list ...................................................................................121 from ............................................................................................................121 match-direction ...........................................................................................122 rule ..............................................................................................................123 rule-set ........................................................................................................124 services .......................................................................................................124 source-address ............................................................................................125 source-address-range ...................................................................................125 source-prefix-list ..........................................................................................126 syslog ..........................................................................................................126 term ............................................................................................................127 then .............................................................................................................128 Chapter 8 Network Address Translation Services Configuration Guidelines 129

Configuring Addresses and Ports for Use in NAT Rules ................................130 Configuring Pools of Addresses and Ports .............................................130 Specifying Destination and Source Prefixes when Pools Are Not Used ...............................................................................................132 Requirements for NAT Addresses .........................................................132 Configuring IPv6 Multicast Filters ..........................................................133 Configuring NAT Rules ................................................................................133 Configuring Match Direction for NAT Rules ...........................................134 Configuring NAT Type for Terms in NAT Rules .....................................135 Configuring Match Conditions in NAT Rules ..........................................136 Configuring Actions in NAT Rules .........................................................137 Configuring NAT Rule Sets ..........................................................................139 Examples: Configuring NAT Rules ...............................................................139 Example: Configuring Dynamic Source Translation ..............................140 Example: Configuring Static Source Translation ....................................140 Example: Configuring Dynamic and Static Source Translation ..............141

xiv

Table of Contents

Table of Contents

Example: Configuring an Oversubscribed Pool with No Fallback ..........141 Example: Configuring an Oversubscribed Pool with Fallback to NAPT ..............................................................................................142 Example: Configuring Static Source Translation with Multiple Prefixes and Address Ranges .......................................................................142 Example: Assigning Addresses from a Dynamic Pool for Static Use ......143 Example: Configuring NAT Rules Without Defining a Pool ....................144 Example: Preventing Translation of Specific Addresses ........................144 Example: Configuring NAT for Multicast Traffic ....................................145 Rendezvous Point Configuration ....................................................145 Router 1 Configuration ...................................................................148 Example: Configuring Twice NAT .........................................................149 Example: Configuring Full-Cone NAT ....................................................150 Example: Configuring NAT in mixed IPv4 and IPv6 Networks ..............150 Chapter 9 Summary of Network Address Translation Configuration Statements

155

address ........................................................................................................155 address-range ..............................................................................................156 application-sets ...........................................................................................156 applications .................................................................................................157 destination-address .....................................................................................157 destination-address-range ...........................................................................158 destination-pool ..........................................................................................158 destination-prefix ........................................................................................159 destination-prefix-list ...................................................................................159 from ............................................................................................................160 hint .............................................................................................................161 ipv6-multicast-interfaces .............................................................................161 match-direction ...........................................................................................162 nat-type .......................................................................................................162 no-translation ..............................................................................................163 overload-pool ..............................................................................................163 overload-prefix ............................................................................................164 pgcp ............................................................................................................164 pool .............................................................................................................165 port .............................................................................................................166 ports-per-session .........................................................................................166 remotely-controlled .....................................................................................167 rule ..............................................................................................................168 rule-set ........................................................................................................169 services .......................................................................................................169 source-address ............................................................................................170 source-address-range ...................................................................................170 source-pool ..................................................................................................171 source-prefix ...............................................................................................171 source-prefix-list ..........................................................................................172 syslog ..........................................................................................................172 term ............................................................................................................173

Table of Contents

xv


then .............................................................................................................174 translated ....................................................................................................175 translation-type ...........................................................................................176 translation-type (Traditional NAT) .........................................................176 translation-type (Twice NAT) .................................................................176 transport .....................................................................................................177 Chapter 10 Intrusion Detection Service Configuration Guidelines 179

Configuring IDS Rules ..................................................................................181 Configuring Match Direction for IDS Rules ............................................182 Configuring Match Conditions in IDS Rules ...........................................183 Configuring Actions in IDS Rules ...........................................................184 Configuring IDS Rule Sets ............................................................................187 Examples: Configuring IDS Rules ................................................................188 Chapter 11 Summary of Intrusion Detection Service Configuration Statements

191

aggregation .................................................................................................191 application-sets ...........................................................................................192 applications .................................................................................................192 by-destination .............................................................................................193 by-pair .........................................................................................................194 by-source ....................................................................................................195 destination-address .....................................................................................196 destination-address-range ...........................................................................196 destination-prefix ........................................................................................197 destination-prefix-ipv6 ................................................................................197 destination-prefix-list ...................................................................................198 force-entry ..................................................................................................198 from ............................................................................................................199 ignore-entry ................................................................................................199 logging ........................................................................................................200 match-direction ...........................................................................................200 mss .............................................................................................................201 rule ..............................................................................................................202 rule-set ........................................................................................................203 services .......................................................................................................203 session-limit ................................................................................................204 source-address ............................................................................................205 source-address-range ...................................................................................205 source-prefix ...............................................................................................206 source-prefix-ipv6 .......................................................................................206 source-prefix-list ..........................................................................................207 syn-cookie ...................................................................................................207 syslog ..........................................................................................................208 term ............................................................................................................209 then .............................................................................................................211 threshold .....................................................................................................212

xvi

Table of Contents

Table of Contents

Chapter 12

IPsec Services Configuration Guidelines

213

Minimum Security Association Configurations ............................................215 Minimum Manual SA Configuration ......................................................215 Minimum Dynamic SA Configuration ...................................................215 Configuring Security Associations ................................................................216 Configuring Manual Security Associations .............................................217 Configuring the Direction for IPsec Processing ...............................217 Configuring the Protocol for a Manual IPsec SA ..............................218 Configuring the Security Parameter Index ......................................219 Configuring the Auxiliary Security Parameter Index .......................219 Configuring Authentication for a Manual IPsec SA ..........................219 Configuring Encryption for a Manual IPSec SA ...............................220 Configuring Dynamic Security Associations ..........................................221 Clearing Security Associations ..............................................................222 Configuring IKE Proposals ...........................................................................222 Configuring the Authentication Algorithm for an IKE Proposal ..............223 Configuring the Authentication Method for an IKE Proposal .................223 Configuring the Diffie-Hellman Group for an IKE Proposal ....................224 Configuring the Encryption Algorithm for an IKE Proposal ...................224 Configuring the Lifetime for an IKE SA .................................................225 Example: Configuring an IKE Proposal .................................................225 Configuring IKE Policies ..............................................................................225 Configuring the Mode for an IKE Policy ................................................227 Configuring the Proposals in an IKE Policy ...........................................227 Configuring the Preshared Key for an IKE Policy ..................................227 Configuring the Local Certificate for an IKE Policy ................................228 Configuring a Certificate Revocation List ........................................228 Configuring the Description for an IKE Policy .......................................229 Configuring Local and Remote IDs for IKE Phase 1 Negotiation ............229 Example: Configuring an IKE Policy ......................................................230 Configuring IPsec Proposals ........................................................................231 Configuring the Authentication Algorithm for an IPsec Proposal ...........231 Configuring the Description for an IPsec Proposal ................................231 Configuring the Encryption Algorithm for an IPsec Proposal .................232 Configuring the Lifetime for an IPsec SA ...............................................232 Configuring the Protocol for a Dynamic SA ...........................................233 Configuring IPsec Policies ............................................................................233 Configuring the Description for an IPsec Policy ....................................234 Configuring Perfect Forward Secrecy ....................................................234 Configuring the Proposals in an IPsec Policy .........................................234 Example: Configuring an IPsec Policy ...................................................235 Configuring IPsec Rules ...............................................................................235 Configuring Match Direction for IPsec Rules .........................................236 Configuring Match Conditions in IPsec Rules ........................................237 Configuring Actions in IPsec Rules ........................................................238 Enabling IPsec Packet Fragmentation .............................................239 Configuring Destination Addresses for Dead Peer Detection ..........239 Disabling IPSec Anti-Replay ............................................................240

Table of Contents

xvii


Enabling System Log Messages ......................................................241 Specifying the MTU for IPsec Tunnels ............................................241 Configuring IPsec Rule Sets .........................................................................241 Configuring Dynamic Endpoints for IPsec Tunnels ......................................241 Authentication Process .........................................................................242 Implicit Dynamic Rules .........................................................................243 Reverse Route Insertion ........................................................................243 Configuring an IKE Access Profile .........................................................244 Referencing the IKE Access Profile in a Service Set ...............................245 Configuring the Interface Identifier .......................................................246 Default IKE and IPsec Proposals ...........................................................246 Tracing IPsec Operations .............................................................................247 Examples: Configuring IPsec Services .........................................................248 Example: Configuring Statically Assigned Tunnels ................................248 Example: Configuring Dynamically Assigned Tunnels ...........................251 Chapter 13 Summary of IPsec Services Configuration Statements 257

authentication .............................................................................................257 authentication-algorithm .............................................................................258 authentication-algorithm (IKE) ..............................................................258 authentication-algorithm (IPsec) ...........................................................258 authentication-method ................................................................................259 auxiliary-spi .................................................................................................259 backup-remote-gateway ..............................................................................260 clear-dont-fragment-bit ................................................................................260 clear-ike-sas-on-pic-restart ...........................................................................261 clear-ipsec-sas-on-pic-restart ........................................................................261 description ..................................................................................................262 destination-address .....................................................................................262 dh-group ......................................................................................................263 direction ......................................................................................................264 dynamic ......................................................................................................265 encryption ...................................................................................................266 encryption-algorithm ...................................................................................267 from ............................................................................................................268 ike ...............................................................................................................269 initiate-dead-peer-detection .........................................................................270 ipsec ............................................................................................................270 ipsec-inside-interface ...................................................................................271 lifetime-seconds ..........................................................................................271 local-certificate ............................................................................................272 local-id ........................................................................................................272 manual ........................................................................................................273 match-direction ...........................................................................................273 mode ...........................................................................................................274 no-anti-replay ..............................................................................................274

xviii

Table of Contents

Table of Contents

perfect-forward-secrecy ...............................................................................275 policy ..........................................................................................................276 policy (IKE) ...........................................................................................276 policy (IPsec) .........................................................................................277 pre-shared-key ............................................................................................277 proposal ......................................................................................................278 proposal (IKE) .......................................................................................278 proposal (IPsec) ....................................................................................279 proposals .....................................................................................................279 protocol .......................................................................................................280 remote-gateway ..........................................................................................280 remote-id ....................................................................................................281 rule ..............................................................................................................282 rule-set ........................................................................................................283 services .......................................................................................................283 source-address ............................................................................................284 spi ...............................................................................................................284 syslog ..........................................................................................................285 term ............................................................................................................286 then .............................................................................................................287 traceoptions ................................................................................................288 tunnel-mtu ..................................................................................................289 Chapter 14 Layer 2 Tunneling Protocol Services Configuration Guidelines 291

L2TP Services Configuration Overview ........................................................293 L2TP Minimum Configuration .....................................................................294 Configuring L2TP Tunnel Groups .................................................................296 Configuring Access Profiles for L2TP Tunnel Groups .............................297 Configuring the Local Gateway Address and PIC ...................................297 Configuring Window Size for L2TP Tunnels ..........................................298 Configuring Timers for L2TP Tunnels ....................................................298 Hiding Attribute-Value Pairs for L2TP Tunnels ......................................299 Configuring System Logging of L2TP Tunnel Activity ............................299 Configuring the Identifier for Logical Interfaces that Provide L2TP Services ................................................................................................300 Example: Configuring Multilink PPP on a Shared Logical Interface .......301 AS PIC Redundancy for L2TP Services .........................................................302 Tracing L2TP Operations .............................................................................303 Examples: Configuring L2TP Services ..........................................................304 Chapter 15 Summary of Layer 2 Tunneling Protocol Configuration Statements

309

facility-override ...........................................................................................309 hello-interval ...............................................................................................310 hide-avps .....................................................................................................310 host .............................................................................................................311 l2tp-access-profile ........................................................................................311 local-gateway address .................................................................................312

Table of Contents

xix


log-prefix .....................................................................................................312 maximum-send-window ..............................................................................313 ppp-access-profile ........................................................................................313 receive-window ...........................................................................................314 retransmit-interval .......................................................................................314 service-interface ..........................................................................................315 services .......................................................................................................316 services (Hierarchy) ..............................................................................316 services (L2TP System Logging) ............................................................317 syslog ..........................................................................................................318 traceoptions ................................................................................................319 tunnel-group ................................................................................................321 tunnel-timeout .............................................................................................322 Chapter 16 Link Services IQ Interfaces Configuration Guidelines 323

Layer 2 Service Package Capabilities and Interfaces ....................................324 Configuring LSQ Interface Redundancy Across Multiple Routers Using SONET APS .......................................................................................................326 Configuring the Association between LSQ and SONET Interfaces .........326 Configuring SONET APS Interoperability with Cisco Systems FRF.16 ....327 Restrictions on APS Redundancy for LSQ Interfaces .............................328 Configuring LSQ Interface Redundancy in a Single Router Using SONET APS .......................................................................................................328 Configuring LSQ Interface Redundancy in a Single Router Using Virtual Interfaces ..............................................................................................328 Configuring Redundant Paired LSQ Interfaces ......................................329 Restrictions on Redundant LSQ Interfaces ............................................330 Configuring Link State Replication for Redundant Link PICs .................331 Examples: Configuring Redundant LSQ Interfaces for Failure Recovery ........................................................................................332 Configuring CoS Scheduling Queues on Logical LSQ Interfaces ...................336 Configuring Scheduler Buffer Size .........................................................338 Configuring Scheduler Priority ..............................................................338 Configuring Scheduler Shaping Rate .....................................................338 Configuring Drop Profiles ......................................................................339 Configuring CoS Fragmentation by Forwarding Class on LSQ Interfaces .....340 Reserving Bundle Bandwidth for Link-Layer Overhead on LSQ Interfaces ....342 Configuring Multiclass MLPPP on LSQ Interfaces .........................................342 Oversubscribing Interface Bandwidth on LSQ Interfaces .............................344 Example: Oversubscribing an LSQ Interface .........................................347 Configuring Guaranteed Minimum Rate on LSQ Interfaces ..........................347 Example: Configuring Guaranteed Minimum Rate ................................350 Configuring Link Services and CoS on Services PICs ....................................351 Configuring Link Services and CoS on J Series Routers ................................354 Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using MLPPP ...........355 Example: Configuring an LSQ Interface as an NxT1 Bundle Using MLPPP ............................................................................................358

xx

Table of Contents

Table of Contents

Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using FRF.16 ...........360 Example: Configuring an LSQ Interface as an NxT1 Bundle Using FRF.16 ...........................................................................................363 Configuring LSQ Interfaces for Single Fractional T1 or E1 Interfaces Using MLPPP and LFI .....................................................................................366 Example: Configuring an LSQ Interface for a Fractional T1 Interface Using MLPPP and LFI .....................................................................368 Configuring LSQ Interfaces for Single Fractional T1 or E1 Interfaces Using FRF.12 ..................................................................................................370 Examples: Configuring an LSQ Interface for a Fractional T1 Interface Using FRF.12 ..................................................................................373 Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using FRF.15 ...........377 Configuring LSQ Interfaces for T3 Links Configured for Compressed RTP over MLPPP ..........................................................................................378 Configuring LSQ Interfaces as T3 or OC3 Bundles Using FRF.12 .................379 Configuring LSQ Interfaces for ATM2 IQ Interfaces Using MLPPP ...............381 Chapter 17 Summary of Link Services IQ Configuration Statements 385

cisco-interoperability ...................................................................................385 forwarding-class ..........................................................................................386 fragment-threshold ......................................................................................387 fragmentation-map .....................................................................................387 fragmentation-maps ....................................................................................388 hot-standby .................................................................................................388 link-layer-overhead ......................................................................................389 lsq-failure-options ........................................................................................389 multilink-class .............................................................................................390 multilink-max-classes ..................................................................................390 no-fragmentation ........................................................................................391 no-termination-request ................................................................................391 per-unit-scheduler .......................................................................................392 preserve-interface .......................................................................................392 primary .......................................................................................................393 redundancy-options ....................................................................................393 secondary ....................................................................................................394 trigger-link-failure ........................................................................................394 warm-standby .............................................................................................395 Chapter 18 Voice Services Configuration Guidelines 397

Configuring Services Interfaces for Voice Services .......................................398 Configuring the Logical Interface Address for the MLPPP Bundle ..........398 Configuring Compression of Voice Traffic .............................................399 Configuring Delay-Sensitive Packet Interleaving ...................................400 Example: Configuring Compression of Voice Traffic .............................400 Configuring Encapsulation for Voice Services ..............................................401

Table of Contents

xxi


Configuring Network Interfaces for Voice Services ......................................401 Configuring Voice Services Bundles with MLPPP Encapsulation ............402 Configuring the Compression Interface with PPP Encapsulation ...........402 Configuring VoIP Routing on J Series Routers ..............................................402 Functional Components ........................................................................403 Configuring the VoIP Interface ..............................................................403 Configuring the Media Gateway Controller List .....................................404 Configuring Dynamic Call Admission Control .......................................405 Examples: Configuring Voice Services .........................................................406 Chapter 19 Summary of Voice Services Configuration Statements 411

activation-priority ........................................................................................411 address ........................................................................................................412 bearer-bandwidth-limit ................................................................................413 bundle .........................................................................................................413 compression ................................................................................................414 compression-device .....................................................................................414 dynamic-call-admission-control ...................................................................415 encapsulation ..............................................................................................416 f-max-period ...............................................................................................416 family ..........................................................................................................417 fragment-threshold ......................................................................................418 interfaces ....................................................................................................418 maximum-contexts .....................................................................................419 port .............................................................................................................419 queues .........................................................................................................420 rtp ...............................................................................................................420 unit .............................................................................................................421 Chapter 20 Class-of-Service Configuration Guidelines 423

Restrictions and Cautions for CoS Configuration on Services Interfaces ......424 Configuring CoS Rules .................................................................................424 Configuring Match Direction for CoS Rules ...........................................425 Configuring Match Conditions In CoS Rules ..........................................426 Configuring Actions in CoS Rules ..........................................................427 Configuring Application Profiles for Use as CoS Rule Actions .........428 Configuring Reflexive and Reverse CoS Rule Actions ......................428 Example: Configuring CoS Rules ...........................................................429 Configuring CoS Rule Sets ...........................................................................429 Examples: Configuring CoS on Services Interfaces ......................................430 Chapter 21 Summary of Class-of-Service Configuration Statements 433

application-profile .......................................................................................433 application-sets ...........................................................................................434 applications .................................................................................................434 destination-address .....................................................................................435

xxii

Table of Contents

Table of Contents

destination-prefix-list ...................................................................................435 dscp ............................................................................................................436 forwarding-class ..........................................................................................436 from ............................................................................................................437 match-direction ...........................................................................................437 (reflexive | reverse) .....................................................................................438 rule ..............................................................................................................439 rule-set ........................................................................................................440 services .......................................................................................................440 sip-text ........................................................................................................441 sip-video ......................................................................................................441 sip-voice ......................................................................................................442 source-address ............................................................................................442 source-prefix-list ..........................................................................................443 syslog ..........................................................................................................443 term ............................................................................................................444 then .............................................................................................................445 Chapter 22 Service Set Configuration Guidelines 447

Configuring Service Sets to be Applied to Services Interfaces ......................448 Configuring Interface Service Sets .........................................................448 Configuring Next-Hop Service Sets ........................................................449 Determining Traffic Direction ...............................................................450 Interface Style Service Sets .............................................................451 Next-Hop Style Service Sets ............................................................451 Configuring Service Rules ............................................................................452 Configuring IPsec Service Sets .....................................................................452 Configuring the Local Gateway Address for IPsec Service Sets ..............453 IKE Addresses in VRF Instances .....................................................453 Configuring IKE Access Profiles for IPsec Service Sets ..........................454 Configuring Certification Authorities for IPsec Service Sets ...................454 Configuring Service Set Limitations .............................................................455 Configuring System Logging for Service Sets ...............................................455 Enabling Services PICs to Accept Multicast Traffic .......................................457 Tracing Services PIC Operations ..................................................................457 Configuring the Adaptive Services Log Filename ...................................458 Configuring the Number and Size of Adaptive Services Log Files ..........458 Configuring Access to the Log File ........................................................458 Configuring a Regular Expression for Lines to Be Logged ......................459 Configuring the Trace Operations .........................................................459 Example: Configuring Service Sets ..............................................................460 Chapter 23 Summary of Service Set Configuration Statements 461

adaptive-services-pics ..................................................................................461 allow-multicast ............................................................................................462 facility-override ...........................................................................................462 host .............................................................................................................463 ids-rules .......................................................................................................463

Table of Contents

xxiii


ike-access-profile .........................................................................................464 interface-service ..........................................................................................464 ipsec-vpn-options ........................................................................................465 ipsec-vpn-rules ............................................................................................465 local-gateway ..............................................................................................466 log-prefix .....................................................................................................466 logging ........................................................................................................467 max-flows ...................................................................................................467 nat-rules ......................................................................................................468 next-hop-service ..........................................................................................469 pgcp-rules ....................................................................................................470 service-interface ..........................................................................................470 service-set ...................................................................................................471 services .......................................................................................................472 services (Hierarchy) ..............................................................................472 services (System Logging) .....................................................................473 stateful-firewall-rules ...................................................................................474 syslog ..........................................................................................................474 tcp-mss .......................................................................................................475 traceoptions ................................................................................................476 trusted-ca ....................................................................................................477 Chapter 24 Service Interface Configuration Guidelines 479

Services Interface Naming Overview ...........................................................480 Configuring the Address and Domain for Services Interfaces ......................481 Configuring Default Timeout Settings for Services Interfaces .......................482 Configuring System Logging for Services Interfaces ....................................483 Enabling Fragmentation on GRE Tunnels ....................................................484 Applying Filters and Services to Interfaces ..................................................485 Configuring Service Filters ....................................................................486 Configuring AS or MultiServices PIC Redundancy ........................................487 Examples: Configuring Services Interfaces ..................................................490 Chapter 25 Summary of Service Interface Configuration Statements 493

address ........................................................................................................493 clear-dont-fragment-bit ................................................................................494 dial-options .................................................................................................495 facility-override ...........................................................................................496 family ..........................................................................................................497 host .............................................................................................................498 inactivity-timeout ........................................................................................498 input ...........................................................................................................499 interfaces ....................................................................................................499 log-prefix .....................................................................................................500 open-timeout ...............................................................................................500 output .........................................................................................................501 post-service-filter .........................................................................................501 primary .......................................................................................................502

xxiv

Table of Contents

Table of Contents

redundancy-options ....................................................................................502 secondary ....................................................................................................503 service .........................................................................................................503 service-domain ............................................................................................504 service-filter ................................................................................................504 service-set ...................................................................................................505 services .......................................................................................................506 services-options ...........................................................................................507 syslog ..........................................................................................................508 unit .............................................................................................................509 Chapter 26 Chapter 27 PGCP Configuration Guidelines for the BGF Feature Summary of PGCP Configuration Statements 511 517

administrative .............................................................................................518 administrative (Control Association) .....................................................518 administrative (Virtual Interface) ...........................................................519 algorithm .....................................................................................................519 application-data-inactivity-detection ............................................................520 audit-observed-events-returns .....................................................................520 base-root .....................................................................................................521 bgf-core .......................................................................................................522 cancel-graceful ............................................................................................523 cancel-graceful (Control Association) .....................................................523 cancel-graceful (Virtual Interface) ..........................................................524 cleanup-timeout ..........................................................................................524 context-indications ......................................................................................525 control-association-indications ....................................................................526 controller-address ........................................................................................526 controller-failure ..........................................................................................527 controller-port .............................................................................................527 data-inactivity-detection ..............................................................................528 default .........................................................................................................529 delivery-function .........................................................................................530 destination-address .....................................................................................530 destination-port ...........................................................................................531 detect ..........................................................................................................531 diffserv ....

Documents

Config Guide Services