[Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]

8/16/2019 [Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]

1/509

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

Part Number: 530-008935-01, Revision 1

JUNOS™Internet Software

Configuration Guide

Gett ing St art ed

Release 5.6


2/509

•••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

i i

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright ©1986–1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the publicdomain.

This product includes memory allocation software developed by Mark Moraes, copyright©1988, 1989, 1993, University of Toronto.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and softwareincluded in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by The Regents of the University of California. Copyright©1979, 1980, 1983, 1986, 1988,1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright ©1995, The Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 byCornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol.Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright ©1988, Regents of theUniversity of California. All rights reserved. Portions of the GateD software copyright ©1991, D. L. S. Associates.

This product includes software developed by Maker Communications, Inc., Copyright ©1996, 1997, Maker Communications, Inc.

Juniper Networks is registered in the U.S. Patent and Trademark Office and in other countries as a trademark of Juniper Networks, Inc. Broadband CableProcessor, ERX, ESP, G10, Internet Processor, JUNOS, JUNOScript, M5, M10, M20, M40, M40e, M160, MRX, M-series, NMC-RX, SDX, ServiceGuard, T320,

T640, T-series, UMC, and Unison are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered servicemarks are the property of their respective owners. All specifications are subject to change without notice.

JUNOS Internet Software Configuration Guide: Getti ng Started , Release 5.6Copyright ©2002, Juniper Networks, Inc.All rights reserved. Printed in USA.

Writers: Margaret Jones, John Gilbert ChanEditors: Cathy Steinberg, Cris MorrisCovers and template design: Edmonds Design

Revision History27 December 2002—First edition.

The information in this document is current as of the date listed in the revision history above.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer orotherwise revise this publication without notice.

Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.

Products made or sold by Juniper Networks (including the M5, M10, M20, M40, M40e, and M160 routers, T320 router, T640 routing node, and the JUNOSsoftware) or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. PatentNos. 5,473,599, 5,905,725, 5,909,440, 6,333,650, 6,359,479, and 6,406,312.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year2038. However, the NTP application is known to have some difficulty in the year 2036.

SOFTWARE LICENSE

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to theextent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, youindicate that you understand and agree to be bound by those terms and conditions.

Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certainuses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.

For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.


3/509

••••••••

••••••••••••••

••••••••••••••••••••••••••

Abbreviated Table of Contents i i i

Abbreviated Table of ContentsAbout this Manual

Part 1Overview

Chapter 1Product Archit ecture .............................................................................................3

Chapter 2JUNOS Software Overview .................................................................................9

Chapter 3Complete Configuration ModeCommands and Statements ............................................................................35

Part 2Sof tware Instal lat ion and Upgrade

Chapter 4Installat ion Overview ..........................................................................................83

Chapter 5Configure the Sof tware Init ially ..................................................................89

Chapter 6Reinstall t he Sof tware .......................................................................................93

Chapter 7Upgrade Software Packages .........................................................................97


4/509


5/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Abbreviated Table of Contents v

Chapter 19Conf igure Basic System Management ...................................................243

Chapter 20Configure System Authentication.............................................................251

Chapter 21Configure User Access .....................................................................................263

Chapter 22Conf igure Time .......................................................................................................277

Chapter 23System Log Messages Overview ...............................................................283

Chapter 24Conf igure Miscel laneous System Management Features ........295

Chapter 25Summary of System ManagementConf iguration Statements..............................................................................305

Part 5Access

Chapter 26Access Conf igurat ion Guidel ines ..............................................................339

Part 6Securit y Services

Chapter 27Securit y Services Overview ..........................................................................347

Chapter 28Security Services Configuration Guidelines ......................................351

Chapter 29Summary of Security Services


6/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedvi

Conf iguration Statements .............................................................................379

Part 7Rout er Chassis

Chapter 30Router Chassis Conf igurat ion Guidel ines ..........................................399

Chapter 31Summary of Router Chassis Configuration Statements ............ 417

Part 8Appendix

Appendix AGlossary .....................................................................................................................435

Part 9Index

IndexIndex ............................................................................................................................457

IndexIndex of Statements and Commands ..................................................... 471


7/509

••••••••

••••••••••••••

••••••••••••••••••••••••••

Table of Contents vi i

Table of ContentsAbout this Manual

Objectives......................................................................................................... xxviiAudience.......................................................................................................... xxviiiDocument Organization................................................................................... xxviiiPart Organization................................................................................................xxx

Using the Indexes..............................................................................................xxxiDocumentation Conventions ............................................................................ xxxiiGeneral Conventions ................................................................................ xxxiiConventions for Software Commands and Statements..............................xxxii

List of Technical Publications........................................................................... xxxivDocumentation Feedback................................................................................. xxxvHow to Request Support................................................................................... xxxv

Part 1Overview

Chapter 1Product Archit ecture .............................................................................................3

Hardware Overview................................................................................................3Product Architecture...............................................................................................4

Packet Forwarding Engine ..............................................................................5Packet Flow through an M-Series Router ..................................................5Packet Flow through a T-series Router......................................................6

Routing Engine ...............................................................................................7

Chapter 2JUNOS Software Overview .................................................................................9

Routing Engine Software Components....................................................................9Routing Protocol Process...............................................................................10

Routing Protocols (IPv4).........................................................................10Routing Protocols (IPv6).........................................................................12Routing and Forwarding Tables..............................................................12Routing Policy .......................................................................................13

VPNs..............................................................................................................14Interface Process...........................................................................................14


8/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedv i i i

Chassis Process.............................................................................................14SNMP and MIB II Processes...........................................................................14Management Process....................................................................................15Routing Engine Kernel...................................................................................15

Software Installation Overview.............................................................................15 Tools for Accessing and Controlling the Software.................................................15Software Configuration Overview.........................................................................16

Methods of Configuring the Software ............................................................16Configuring the Software...............................................................................16Activating a Configuration.............................................................................17

Software Monitoring Tools....................................................................................17Router Security.....................................................................................................17

JUNOS Default Settings..................................................................................18Router Access................................................................................................19User Authentication.......................................................................................19Routing Protocol Security Features................................................................20Firewall Filters...............................................................................................20Auditing for Security......................................................................................20

Supported Software Standards..............................................................................21Supported Internet RFCs and Drafts..............................................................21

ATM.......................................................................................................21BGP........................................................................................................21CHAP .....................................................................................................22Frame Relay...........................................................................................22GMPLS....................................................................................................22GRE and IP-IP Encapsulation..................................................................23IP Multicast............................................................................................23IPSec and IKE.........................................................................................24IPv6........................................................................................................24IS-IS........................................................................................................26LDP........................................................................................................26MIBs ......................................................................................................26MPLS......................................................................................................29OSPF......................................................................................................30PPP ........................................................................................................30RIP ........................................................................................................30RSVP......................................................................................................30SSL.........................................................................................................31 TCP/IP v4...............................................................................................31VPNs......................................................................................................32

Supported ISO Standards...............................................................................32IS-IS........................................................................................................32

Supported SDH and SONET Standards..........................................................32Other Supported Standards...........................................................................33

ATM.......................................................................................................33

Ethernet.................................................................................................33Frame Relay...........................................................................................34 T3..........................................................................................................34


9/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Table of Contents ix

Chapter 3Complete Configuration ModeCommands and Statements ............................................................................35

Complete Configuration Mode Commands...........................................................35Complete Configuration Statement Hierarchy.......................................................36

[edit access] Hierarchy Level .........................................................................37[edit accounting-options] Hierarchy Level......................................................37[edit chassis] Hierarchy Level ........................................................................38[edit class-of-service] Hierarchy Level ...........................................................39[edit firewall] Hierarchy Level........................................................................40[edit forwarding-options] Hierarchy Level......................................................41[edit groups] Hierarchy Level.........................................................................42[edit interfaces] Hierarchy Level....................................................................43[edit policy-options] Hierarchy Level .............................................................49[edit protocols] Hierarchy Level.....................................................................50

[edit routing-instances] Hierarchy Level.........................................................66[edit routing-options] Hierarchy Level............................................................71[edit security] Hierarchy Level.......................................................................74[edit snmp] Hierarchy Level ..........................................................................75[edit system] Hierarchy Level ........................................................................76

Part 2Sof tware Instal lat ion and Upgrade

Chapter 4Installat ion Overview

..........................................................................................83

JUNOS Software Distribution ................................................................................83Software Release Names ..............................................................................84Package Names.............................................................................................84

Storage Media ......................................................................................................86Boot Devices.........................................................................................................86Boot Sequence......................................................................................................87

Chapter 5Configure the Sof tware Init ially ..................................................................89

Chapter 6Reinstall t he Sof tware .......................................................................................93

Prepare to Reinstall the JUNOS Software..............................................................93Reinstall the JUNOS Software................................................................................93Reconfigure the JUNOS Software..........................................................................94


10/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx

Chapter 7Upgrade Sof tware Packages ........................................................................97

Upgrade All Software Packages.............................................................................98Upgrade Individual Software Packages...............................................................101Copy a Configuration to a PC Card or LS-120MB Floppy Disk.............................102

Chapter 8Upgrade to Release 5.0 or Downgrade from Release 5.0 ......... 103

Part 3Command-Line Interf ace

Chapter 9Command-Line Interface Overview ..........................................................109

CLI Modes...........................................................................................................109CLI Command Hierarchy....................................................................................110

Chapter 10Command-Line Interface Operational Mode........................................ 111

Use the CLI.........................................................................................................112Get Help About Commands.........................................................................113

Examples: Get Help About Commands.................................................113Have the CLI Complete Commands.............................................................114

Examples: Use CLI Command Completion...........................................115CLI Messages...............................................................................................115Move around and Edit the Command Line..................................................116How Output Appears on the Screen............................................................117

Display Output One Screen at a Time..................................................117Filter Command Output ......................................................................119

Place Command Output in a File...................................................120Search for a String in the Output...................................................120Compare Configuration Changes with a Prior Version...................123

Count the Number of Lines in the Output .....................................124Display All Output at Once............................................................124Retain the Output after the Last Screen.........................................125Display Additional Information about the Configuration ..............125Filter Command Output Multiple Times........................................127

Set the Current Date and Time...........................................................................127Set Date and Time from NTP Servers .................................................................128Display CLI Command History............................................................................128Monitor Who Uses the CLI..................................................................................129


11/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Table of Contents x i

Chapter 11Control the CLI Environment ........................................................................131

Set the Terminal Type.........................................................................................132Set the Screen Length.........................................................................................132Set the Screen Width ..........................................................................................132Set the CLI Prompt..............................................................................................132Set the Idle Timeout............................................................................................132Set CLI to Prompt after a Software Upgrade........................................................133Set Command Completion..................................................................................133Display CLI Settings............................................................................................133Example: Control the CLI Environment...............................................................133

Chapter 12Configure the Router with the CLI ............................................................135

Configuration Statement Hierarchy.....................................................................136How the Configuration Is Stored ........................................................................138Enter Configuration Mode...................................................................................139

Using the Configure Command....................................................................140Using the Configure Exclusive Command ...................................................140Using the Configure Private Command........................................................141

Update the Configure Private Configuration .........................................143Configuration Mode Prompt................................................................................144Configuration Mode Banner................................................................................144Configuration Statements and Identifiers............................................................145Get Help about Configuration Mode Commands,

Statements, and Identifiers..........................................................................147Use Command Completion in Configuration Mode......................................147

Examples: Use Command Completion in Configuration Mode.............147Get Help Based on a String in a Statement Name........................................149

Example: Get Help Based on a String Contained in aStatement Name...........................................................................149

Create and Modify the Configuration..................................................................150Examples: Create and Modify the Configuration..........................................151

Move among Levels of the Hierarchy..................................................................153Move Down to a Specific Level ...................................................................154Move Back Up to Your Previous Level..........................................................154Move Up One Level .....................................................................................154Move Directly to the Top of the Hierarchy...................................................155Warning Messages When Moving Up...........................................................155Issue Relative Configuration Commands .....................................................155

Exit Configuration Mode.....................................................................................156Display the Current Configuration.......................................................................156

Examples: Display the Current Configuration..............................................157Display Users Currently Editing the Configuration ..............................................158Remove a Statement from the Configuration......................................................159

Examples: Remove a Statement from the Configuration .............................160Copy a Statement in the Configuration...............................................................161

Example: Copy a Statement in the Configuration ........................................161Rename an Identifier..........................................................................................162

Example: Rename an Identifier...................................................................162Insert a New Identifier........................................................................................162


12/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx i i

Examples: Insert a New Identifier................................................................162Run an Operational Mode CLI Command from Configuration Mode...................164

Example: Run an Operational Mode CLI Commandfrom Configuration Mode.....................................................................164

Display Configuration Mode Command History..................................................165Verify a Configuration.........................................................................................165Commit a Configuration.....................................................................................165

Commit a Configuration and Exit Configuration Mode................................167Activate a Configuration but Require Confirmation .....................................167Schedule a Commit .....................................................................................168

Synchronize Routing Engines.............................................................................169Example: Apply Groups Re0 and Re1..........................................................170Example: Set Apply Groups Re0 and Re1....................................................170

Save a Configuration to a File ...........................................................................171Load a Configuration .........................................................................................171

Examples: Load a Configuration from a File................................................172Return to a Previously Committed Configuration................................................174

Example: Return to a Previously Committed Version of the Configuration..175

Configuration Mode Error Messages...................................................................175Deactivate and Reactivate Statements and Identifiers in a Configuration ...........176

Examples: Deactivate and Reactivate Statements andIdentifiers in aConfiguration................................................................176

Add Comments in a Configuration......................................................................177Examples: Include Comments in Configurations.........................................178

Have Multiple Users Configure the Software.......................................................179Example: Using the CLI to Configure the Router ................................................179

Shortcut.......................................................................................................180Longer Configuration Example....................................................................180

Additional Details about Specifying Statements and Identifiers ..........................185How to Specify Statements .........................................................................185How the CLI Performs Type-Checking.........................................................187

Chapter 13Conf igurat ion Groups ........................................................................................189

Overview............................................................................................................189Inheritance Model .......................................................................................190

Configuration Groups Configuration Statements.................................................190Configuration Groups Configuration Guidelines..................................................190

Create a Configuration Group......................................................................191Apply a Configuration Group.......................................................................191

Example: Configure and Apply Configuration Groups...........................192Display Inherited Values..............................................................................193

Use Wildcards .............................................................................................194Example: Use Wildcards.......................................................................196

Examples: Configuration Groups........................................................................197Configure Sets of Statements.......................................................................197Configure Interfaces....................................................................................199Configure Peer Entities................................................................................201Establish Regional Configurations................................................................203Select Wildcard Names................................................................................204

Summary of Configuration Group Statements....................................................205apply-groups................................................................................................205groups.........................................................................................................206


13/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Table of Contents x i i i

Chapter 14Summary of CLI Environment Commands............................................207

set cli complete-on-space....................................................................................207set cli idle-timeout ..............................................................................................208set cli prompt......................................................................................................208set cli restart-on-upgrade....................................................................................208set cli screen-length............................................................................................209set cli screen-width.............................................................................................209set cli terminal....................................................................................................209set date...............................................................................................................210set date ntp ........................................................................................................210show cli ..............................................................................................................210show cli history...................................................................................................211

Chapter 15Summary of CLI Configuration Mode Commands ...........................213

activate...............................................................................................................213annotate.............................................................................................................214commit...............................................................................................................215copy....................................................................................................................216deactivate...........................................................................................................216delete .................................................................................................................217edit .....................................................................................................................217exit .....................................................................................................................218help ....................................................................................................................218insert ..................................................................................................................219load ....................................................................................................................219quit.....................................................................................................................220rename...............................................................................................................220rollback...............................................................................................................221run......................................................................................................................221save....................................................................................................................222set.......................................................................................................................223show...................................................................................................................223status..................................................................................................................223top......................................................................................................................224up.......................................................................................................................224

Chapter 16Summary of CLI Operat ional Mode Commands................................225

clear....................................................................................................................225configure............................................................................................................225file .....................................................................................................................225monitor ..............................................................................................................226ping....................................................................................................................226update................................................................................................................226| (pipe)................................................................................................................227quit.....................................................................................................................227


14/509


15/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Table of Contents x v

Chapter 20Configure System Authentication.............................................................251

Configure RADIUS Authentication ......................................................................251Configure Juniper Networks-Specific RADIUS Attributes..............................252

Configure TACACS+ Authentication ..................................................................253Configure Juniper Networks-Specific TACACS+ Attributes ..........................254

Configure Template Accounts for RADIUS and TACACS+ Authentication ..........255Remote Template Accounts.........................................................................255Local User Template Accounts.....................................................................256

Local User Template Example:.............................................................256Configure the Authentication Order ...................................................................258

Example: Remove an Ordered Set from the Authentication Order ..............258Example: Insert an Order Set in the Authentication Order...........................258

Examples: Configure System Authentication ......................................................259Local User Fallback Mechanism...................................................................260

Example1: Insert Password into the Authentication Order ...................261Example 2: Default to Local User Password Authentication, TACACS +.....261

Example 3: Default to Local User Password Authentication, RADIUS ...261Example 4: Default to Local User Password Authentication, TACACS + and

RADIUS.........................................................................................262

Chapter 21Configure User Access .....................................................................................263

Define Login Classes ..........................................................................................263Configure Access Privilege Levels ................................................................264

Example: Configure Access Privilege Levels .........................................266Deny or Allow Individual Commands..........................................................267

Operational Mode Commands..............................................................267Example 1: Define Access Privileges to Individual Operational Mode

Commands............................................................................268Example 2: Define Access Privileges to Individual Operational Mode

Commands............................................................................269Configuration Mode Commands...........................................................269

Example 3: Define Access Privileges to Individual Configuration ModeCommands............................................................................271

Example 4: Configure Access Privileges to Individual ConfigurationMode Commands...................................................................272

Configure the Timeout Value for Idle Login Sessions ...................................272Configure User Accounts ....................................................................................273

Example: Configure User Accounts..............................................................274


16/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx vi

Chapter 22Conf igure Time ......................................................................................................277

Set the Time Zone..............................................................................................277Examples: Set the Time Zone......................................................................277

Configure the Network Time Protocol.................................................................278Configure the NTP Boot Server....................................................................279Configure the NTP Time Server and Time Services......................................279

Configure the Router to Operate in Client Mode...................................280Configure the Router to Operate in Symmetric Active Mode................280Configure the Router to Operate in Broadcast Mode............................281

Configure NTP Authentication Keys ............................................................281Configure the Router to Listen for Broadcast Messages...............................282Configure the Router to Listen for Multicast Messages.................................282

Chapter 23System Log Messages Overview ...............................................................283

System Logging Configuration Guidelines...........................................................284Minimum System Logging Configuration............................................................285Direct Messages to a Log File..............................................................................287Direct Messages to a User Terminal....................................................................287Direct Messages to the Console..........................................................................288Archive System Logs...........................................................................................288Direct Messages to a Remote Machine................................................................289

Assign an Alternate Facility.........................................................................289Examples: Assign an Alternate Facility..........................................290

Prepend a Prefix..........................................................................................291Example: Prepend a Prefix............................................................291

Examples: Configure System Logging..........................................................292...........................................................................................................................293

Chapter 24Conf igure Miscellaneous System Management Features ........295

Configure Console and Auxiliary Port Properties ...............................................295Disable the Sending of Redirect Messages on the Router....................................296Configure the Source Address for Locally Generated TCP/IP Packets..................296Configure the Router or Interface to Act as a

DHCP/BOOTP Relay Agent..........................................................................297Configure System Services..................................................................................297

Configure Finger Service.............................................................................297Configure FTP Service.................................................................................298Configure rlogin Service..............................................................................298Configure ssh Service..................................................................................298

Configure Root Login............................................................................299Configure ssh Protocol Version.............................................................299

Configure telnet Service ..............................................................................300Configure a System Login Message.....................................................................300Configure JUNOS Software Processes .................................................................300

Disable JUNOS Software Processes .............................................................300


17/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Table of Contents xv i i

Configure Failover to Backup Media if a Software Process Fails ..................301Configure a Password on the Diagnostics Port....................................................301Core Dump Files.................................................................................................301Configure a Router to Transfer its Configuration to an Archive Site ....................302

Configure the Transfer Interval....................................................................302Configure Transfer on Commit....................................................................302Configure Archive Sites................................................................................303

Chapter 25Summary of System ManagementConf iguration Statements..............................................................................305

allow-commands................................................................................................305allow-configuration ............................................................................................306archive-sites........................................................................................................306

authentication.....................................................................................................307authentication-key..............................................................................................308authentication-order ..........................................................................................308auxiliary .............................................................................................................309backup-router .....................................................................................................309boot-server .........................................................................................................310broadcast............................................................................................................310broadcast-client..................................................................................................311class....................................................................................................................311compress-configuration-files...............................................................................312configuration......................................................................................................312console ..............................................................................................................313default-address-selection.....................................................................................313deny-commands.................................................................................................313

deny-configuration..............................................................................................314diag-port-authentication......................................................................................314domain-name.....................................................................................................315domain-search....................................................................................................315full-name............................................................................................................315host-name...........................................................................................................316idle-timeout ........................................................................................................316load-key-file........................................................................................................316location...............................................................................................................317login ...................................................................................................................318message..............................................................................................................318mirror-flash-on-disk ............................................................................................319multicast-client ...................................................................................................319name-server........................................................................................................320no-redirects.........................................................................................................320no-saved-core-context.........................................................................................320ntp......................................................................................................................321peer....................................................................................................................321permissions........................................................................................................322port.....................................................................................................................322ports...................................................................................................................322processes............................................................................................................323protocol-version..................................................................................................324radius-server.......................................................................................................324retry....................................................................................................................325


18/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedxv i i i

root-authentication.............................................................................................325root-login............................................................................................................326secret..................................................................................................................326server .................................................................................................................327

services..............................................................................................................328single-connection................................................................................................329static-host-mapping............................................................................................329syslog.................................................................................................................330system................................................................................................................331tacplus-server .....................................................................................................332timeout...............................................................................................................332time-zone...........................................................................................................333transfer-interval..................................................................................................335transfer-on-commit.............................................................................................335trusted-key .........................................................................................................335uid......................................................................................................................336user ...................................................................................................................336

Part 5Access

Chapter 26Access Conf igurat ion Guideli nes ..............................................................339

Configure Challenge Handshake Authentication Protocol....................................340Example: PPP Challenge Handshake Authentication Protocol......................340

Configure the Authentication Order....................................................................341

Trace Access Processes.......................................................................................342Summary of Access Configuration Statements ...................................................343

authentication-order....................................................................................343profile..........................................................................................................343traceoptions................................................................................................344

Part 6Securit y Services

Chapter 27Security Services Overview ..........................................................................347

IPSec Overview...................................................................................................347Security Associations..........................................................................................348IPSec Security.....................................................................................................348

Host-to-Host Protection ...............................................................................348Gateway-to-Gateway Protection...................................................................348

IKE .....................................................................................................................349


19/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Table of Contents x ix

Chapter 28Security Services Configuration Guidelines ......................................351

Minimum IPSec Configuration............................................................................353Minimum Manual SA Configuration.............................................................353Minimum Dynamic SA Configuration..........................................................353

Configure Global IPSec Properties.......................................................................354Configure IPSec Proposal Properties...................................................................354Configure Security Associations..........................................................................355

IPSec Security..............................................................................................355Host-to-Host Security............................................................................356Gateway-to-Gateway Security...............................................................356

Configure IPSec Mode..................................................................................356Configure Manual Security Associations.......................................................357

Configure Direction..............................................................................357Configure the Protocol..........................................................................358

Configure a Security Parameter Index (SPI)..........................................359Configure the Auxiliary Security Parameter Index................................359Configure Authentication......................................................................360Configure Encryption ...........................................................................360

Configure Dynamic Security Associations....................................................361Configure IKE (Dynamic SAs Only).....................................................................362

IKE Global Properties...................................................................................362IKE Proposal Properties...............................................................................363Configure an IKE Proposal...........................................................................363

Configure an IKE Authentication Algorithm..........................................363Configure an IKE Authentication Method..............................................364Configure an IKE Diffie-Hellman Group................................................364Configure an IKE Encryption Algorithm................................................364Configure IKE Lifetime.........................................................................365

Example: IKE Proposal Configuration...................................................365Configure an IKE Policy......................................................................................365

Configure IKE Policy Mode..........................................................................366Configure IKE Policy Proposal .....................................................................366Configure IKE Policy Preshared Key............................................................367

Example: Configure IKE Policy.............................................................367Configure an IPSec Proposal ...............................................................................368

Configure an Authentication Algorithm........................................................368Configure an Encryption Algorithm.............................................................368Configure IPSec Lifetime..............................................................................369Configure Protocol for Dynamic SA.............................................................369

Configure an IPSec Policy ...................................................................................370Configure Perfect Forward Secrecy..............................................................370Example: IPSec Policy Configuration...........................................................371

Configure Trace Options.....................................................................................372Configure the ES PIC...........................................................................................372

Example: ES PIC Configuration....................................................................373Configure Traffic.................................................................................................373

Traffic Overview..........................................................................................374Example 1: Configure Outbound Traffic Filter .............................................375Example 2: Apply Outbound Traffic Filter....................................................376Example 3: Configure Inbound Traffic Filter for Policy Check......................376Example 4: Apply Inbound Traffic Filter to ES PIC for Policy Check.............377

Configure an ES Tunnel Interface for a Layer 3 VPN...........................................378Configure JUNOScript XNM-SSL Service..............................................................378


20/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x

Chapter 29Summary of Security ServicesConf iguration Statements .............................................................................379

authentication.....................................................................................................379auxiliary-spi........................................................................................................380authentication-algorithm.....................................................................................380

authentication-algorithm (IKE).....................................................................380authentication-algorithm (IPSec)..................................................................381

authentication-method .......................................................................................381certificates..........................................................................................................381dh-group.............................................................................................................382direction.............................................................................................................382dynamic.............................................................................................................383encryption..........................................................................................................384encryption-algorithm..........................................................................................385

ike......................................................................................................................385ipsec...................................................................................................................386lifetime-seconds..................................................................................................387manual ...............................................................................................................387mode..................................................................................................................388

mode (IPSec)...............................................................................................388mode (IKE)..................................................................................................388

perfect-forward-secrecy......................................................................................389policy..................................................................................................................389

policy (IPSec)...............................................................................................389policy (IKE)..................................................................................................390

pre-shared-key....................................................................................................390proposal .............................................................................................................391

proposal (IKE)..............................................................................................391

proposal (IPSec)...........................................................................................391protocol..............................................................................................................392

protocol (manual SA)...................................................................................392protocol (dynamic SA).................................................................................392

security-association ............................................................................................393spi ......................................................................................................................394traceoptions........................................................................................................395

Part 7Rout er Chassis

Chapter 30Router Chassis Conf igurat ion Guidel ines ..........................................399

Minimum Chassis Configuration.........................................................................400Configure Aggregated Devices ...........................................................................401Configure ATM Cell-Relay Accumulation Mode...................................................401Configure Conditions That Trigger Alarms .........................................................402

Chassis Conditions That Trigger Alarms .....................................................403Silence External Devices .............................................................................404

Configure SONET/SDH Framing .........................................................................404


21/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

Table of Contents x x i

Configure Sparse DLCIS Mode............................................................................405Configure Channelized PIC Operation ................................................................405

Concatenated and Nonconcatenated Mode..................................................406Channelized DS-3 to DS-0 Naming......................................................................406

Channelized E1 Naming......................................................................................408Channelized STM-1 Interface Virtual Tributary Mapping.....................................409Configure the Drop Policy for Traffic with Source-Route Constraints .................410Configure Redundancy.......................................................................................410

Configure Routing Engine Redundancy ......................................................410Copy a Configuration File from One Routing Engine to the Other .......411Load a Package from the Other Routing Engine ..................................413Change over to the Backup Routing Engine .........................................413

Default Routing Engine Redundancy Behavior.............................................414Configure SFM Redundancy.........................................................................414Configure SSB Redundancy.........................................................................415

Configure Packet Scheduling...............................................................................415

Chapter 31Summary of Router Chassis Configuration Statements............417

aggregated-devices .............................................................................................417alarm .................................................................................................................418atm-cell-relay-accumulation................................................................................418ce1......................................................................................................................419channel-group.....................................................................................................419chassis ...............................................................................................................419ct3......................................................................................................................420device-count.......................................................................................................420e1.......................................................................................................................420

ethernet..............................................................................................................421failover on-loss-of-keepalives..............................................................................421fpc .....................................................................................................................422framing ..............................................................................................................423keepalive-time....................................................................................................423no-concatenate ..................................................................................................424packet-scheduling ..............................................................................................425pic .....................................................................................................................426port.....................................................................................................................426redundancy ........................................................................................................427routing-engine ...................................................................................................427sfm.....................................................................................................................428sonet...................................................................................................................428source-route .......................................................................................................429

ssb .....................................................................................................................429sparse-dlcis.........................................................................................................430t1........................................................................................................................430timeslots.............................................................................................................430vtmapping..........................................................................................................431


22/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x i i

Part 8Appendix

Appendix AGlossary .....................................................................................................................435

Part 9Index

IndexIndex ............................................................................................................................457

IndexIndex of Statements and Commands ..................................................... 471


23/509

••••••••

••••••••••••••

••••••••••••••••••••••••••

List of Figures x x i i i

List of FiguresList of Figures

Figure 1: Product Architecture.............................................................................5Figure 2: CLI Command Hierarchy Example....................................................110Figure 3: Configuration Mode Hierarchy of Statements...................................137Figure 4: Commands for Storing and Modifying the Router Configuration.......138

Figure 5: Confirm a Configuration ...................................................................168Figure 6: Example 1: Load a Configuration from a File....................................172Figure 7: Example 2: Load a Configuration from a File....................................173Figure 8: Example 3: Load a Configuration from a File....................................173Figure 9: Example 4: Load Configuration from a File.......................................174Figure 10: Example: IPSec Tunnel Connecting Security Gateways.....................374


24/509

List of Figures

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x i v


25/509

••••••••

••••••••••••••

••••••••••••••••••••••••••

List of Tables List of Tables x x v

List of TablesList of Tables

Table 1: Juniper Networks Technical Documentation..................................xxxiv Table 2: Release 5.x Device Names..................................................................86 Table 3: CLI Keyboard Sequences .................................................................116 Table 4: ---More--- Prompt Keyboard Sequences ............................................118

Table 5: Common Regular Expression Operators...........................................120 Table 6: Configuration Mode Top-Level Statements .......................................146 Table 7: CLI Configuration Input Types .........................................................187 Table 8: Juniper Networks–Specific RADIUS Attributes ..................................252 Table 9: Juniper Networks-Specific TACACS+ Attributes................................254 Table 10: Login Class Permission Bits...............................................................265 Table 11: Default System Login Classes ...........................................................266 Table 12: Operational Mode Commands—Common Regular Expression

Operators..........................................................................................268 Table 13: Configuration Mode Commands—Common Regular Expression

Operators..........................................................................................271 Table 14: Mininum Configuration Statements for System Logging...................285 Table 15: System Logging Facilities..................................................................286 Table 16: System Log Message Severity Levels.................................................286

Table 17: Facilities for the facility-override Statement .....................................290 Table 18: Configurable PIC Alarm Conditions ..................................................402 Table 19: Chassis Component Alarm Conditions .............................................403 Table 20: Ranges for Channelized DS-3 to DS-0 Configuration.........................407 Table 21: Ranges for Channelized E1 Configuration ........................................409


26/509

List of Tables

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedxxv i


27/509

••••••••

••••••••••••••

••••••••••••••••••••••••••

About this Manual xxv i i

About this Manual

This chapter provides a high-level overview of the JUNOS Internet Software Confi gurati onGuide: Getti ng Star ted :

! Objectives on pagexxvii

! Audience on pagexxviii

! Document Organization on pagexxviii

! Part Organization on pagexxx

! Using the Indexes on pagexxxi

! Documentation Conventions on pagexxxii

! List of Technical Publications on pagexxxiv

! Documentation Feedback on pagexxxv

! How to Request Support on pagexxxv

Objectives

This manual provides an overview of the JUNOS Internet software and describes how toinstall and upgrade the software. This manual also describes how to configure systemmanagement functions and how to configure the chassis, including user accounts,passwords, and redundancy.

This manual documents Release 5.6 of the JUNOS Internet software. To obtain additionalinformation about the JUNOS software—either corrections to information in this manual orinformation that might have been omitted from this manual—refer to the software release

notes.

To obtain additional information about the JUNOS software—either corrections toinformation in this manual or information that might have been omitted from thismanual—refer to the printed software release notes that accompany your router.


28/509


29/509

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

About this Manual x x i x

Document Organization

! Chapter 6, “Reinstall the Software,” describes how to reinstall the JUNOS software.

! Chapter 7, “Upgrade Software Packages,” describes how to upgrade softwarepackages.

! Chapter 8, “Upgrade to Release 5.0 or Downgrade from Release 5.0,” describeshow to upgrade to Release 5.0 or downgrade from Release 5.0.

! Part3, “Command-Line Interface,” describes the interface that you use to configure andmonitor the JUNOS software. The command-line interface (CLI) is the interface you usewhen you access the router.

! Chapter 9, “Command-Line Interface Overview,” provides an overview of thefunctions of the CLI.

! Chapter 10, “Command-Line Interface Operational Mode,” describes theoperational mode of the CLI.

! Chapter 11, “Control the CLI Environment,” describes how to configure the CLIenvironment.

! Chapter 12, “Configure the Router with the CLI,” describes the configuration modeof the CLI.

! Chapter 13, “Configuration Groups,” describes configuration groups.

! Chapter 14, “Summary of CLI Environment Commands,” explains each of the CLIenvironment commands.

! Chapter 15, “Summary of CLI Configuration Mode Commands,” explains each ofthe CLI configuration mode commands.

! Chapter 16, “Summary of CLI Operational Mode Commands,” explains each of theCLI operational mode commands.

! Part 4, “System Management,” describes how to use the CLI to manage the router.

! Chapter17, “System Management Overview,” provides background information forconfiguring system management functions.

! Chapter 18, “System Management Configuration Statements,” lists all thestatements available at the [edit system] hierarchy level.

! Chapter 19, “Configure Basic System Management,” describes how to configurebasic system management functions.

! Chapter20, “Configure System Authentication,” describes how to configure RADIUSand TACACS+ authentication.

! Chapter 21, “Configure User Access,” describes how to configure user access.

! Chapter22, “Configure Time,” describes how to set the time zone and configure theNetwork Time Protocol, which provides mechanisms to synchronize time andcoordinate time distribution in a large, diverse network.

! Chapter 23, “System Log Messages Overview,” describes how to control systemlogging and how much information the system should log.


30/509

Part Organization

••••

••••••••••••••

•••••••••••••••••••••••••••

•••••••••••••

JUNOS 5.6 Internet Software Configuration Guide: Getting Startedx x x

! Chapter 24, “Configure Miscellaneous System Management Features,” describeshow to configure various system management functions, such as console andauxiliary port properties and the source address for locally generated TCP/IPpackets.

! Chapter 25, “Summary of System Management Configuration Statements,”explains each of the system management configuration statements.

! Part 5, “Access,” describes how to configure access services

! Chapter 26, “Access Configuration Guidelines,” describes how to configure access.and explains each of the access configuration statements.

! Part 6, “Security Services,” describes how to configure security services.

! Chapter 27, “Security Services Overview,” provides background information forconfiguring security services.

! Chapter 28, “Security Services Configuration Guidelines,” describes how toconfigure security service properties.

! Chapter 29, “Summary of Security Services Configuration Statements,” explainseach of the security services configuration statements.

! Part 7, “Router Chassis,” covers the configuration of router chassis properties.

! Chapter 30, “Router Chassis Configuration Guidelines,” describes how to configurerouter chassis properties.

! Chapter 31, “Summary of Router Chassis Configuration Statements,” provides adetailed listing of all configuration statements used in router chassis configuration.

This manua

Documents

[Juniper][JUNOS Internet Software Configuration Guide.getting Start.release 5.6 - 2002]