Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1, NETWORK AND SECURITY MANAGER 2010.3 User Manual

Network and Security Manager

M-series and MX-series Devices Guide

Release

2010.3

Published: 2010-08-18

Revision 1

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net

This productincludes the Envoy SNMP Engine, developed by Epilogue Technology,an Integrated Systems Company.Copyright ©1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Network and Security Manager M-series and MX-series Devices

Writing: Merisha Wazna and Remya Naroth Editing: Joanne McClintock Cover Design: Edmonds Design

Revision History August 2010—Revision 1

The information in this document is current as of the date listed in the revision history.

END USER LICENSE AGREEMENT

READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE.

BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER)CONSENT TO BE BOUNDBY THIS AGREEMENT.IF YOUDO NOTOR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (ifthe Customer’sprincipal officeis located outsidethe Americas) (such applicable entitybeing referred to herein as“Juniper”),and (ii) the person or organization thatoriginally purchased from Juniperor an authorized Juniperreseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades and new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.

3. License Grant. Subject topayment of the applicablefees and the limitations and restrictions set forth herein, Juniper grants toCustomer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limitsto Customer’s useof the Software. Suchlimits may restrictuse to amaximum numberof seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software,in any form, toany thirdparty; (d)remove any proprietarynotices, labels,or marks on orin any copy of the Softwareor any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold inthe secondhand market; (f)use any ‘locked’ orkey-restricted feature,function, service, application, operation, orcapability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the

Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.

7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statementthat accompaniesthe Software (the“Warranty Statement”).Nothing inthis Agreement shallgive riseto any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTSOR PROCUREMENTOF SUBSTITUTEGOODS ORSERVICES,OR FOR ANY SPECIAL,INDIRECT,OR CONSEQUENTIALDAMAGES ARISING OUTOF THIS AGREEMENT,THE SOFTWARE,OR ANY JUNIPEROR JUNIPER-SUPPLIEDSOFTWARE. INNO EVENT SHALLJUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.

10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this Section shall survive termination or expiration of this Agreement.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS

227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Softwareand any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in itsown name asif it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL

at http://www.gnu.org/licenses/lgpl.html .

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

Table of Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Part 1 Getting Started

Chapter 1 Getting Started with NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Introduction to Network and Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Installing NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Role-Based Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 2 Understanding the JUNOS CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

NSM and Device Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Understanding the CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Comparing the CLI To the NSM UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

NSM Services Supported for M-series and MX-series Devices . . . . . . . . . . . . . . . . 10

How NSM Works with the CLI and Distributed Data Collection . . . . . . . . . . . . . . . . 11

Device Schemas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Communication Between a Device and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 3 Before You Begin Adding M-series and MX-series Devices . . . . . . . . . . . . . . 15

M-series and MX-series Devices Supported by NSM . . . . . . . . . . . . . . . . . . . . . . . 15

Considering the Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Configuring a Deployed M-series or MX-series Device for Importing to NSM . . . . 16

Configure an IP Address and a User with Full Administrative Privileges for

the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Check Network Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Check Connectivity to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Configure a Static Route to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Establish a Telnet or an SSHv2, and a NETCONF protocol over SSH

Connection to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Part 2 Integrating M-series and MX-series Devices

Chapter 4 Adding M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . . . 23

About Device Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Supported Add Device Workflows for M-series and MX-series Devices . . . . . . . . 24

M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 29

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 41

Chapter 7 Configuring Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Importing Devices Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Modeling Devices Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Adding Multiple Devices Using Automatic Discovery (JUNOS Software Devices

Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Adding Device Groups Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

About Updating M-series and MX-series Devices . . . . . . . . . . . . . . . . . . . . . . . . . 29

How the Update Process Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Job Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Tracking Updated Devices Using Job Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Reviewing Job Information Displayed in Job Manager . . . . . . . . . . . . . . . . . . . . . . 33

Device States Displayed in Job Manager During Update . . . . . . . . . . . . . . . . . . . . 34

Understanding Updating Errors Displayed in the Job Manager . . . . . . . . . . . . . . . 35

About Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

M-series and MX-series Device Configuration Settings Supported in NSM . . . . . . 42

Configuring Device Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Example: Configuration of Interfaces for MPLS in the CLI and NSM . . . . . . . . . . . 45

Configuring Address-Assignment Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . 47

Configuring Access Address Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 50

Configuring Access Group Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 51

Configuring the LDAP Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Configuring the LDAP Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Configuring Access Profiles for L2TP or PPP Parameters (NSM Procedure) . . . . 54

Configuring Access Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 55

Configuring Accounting Parameters for Access Profiles (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Configuring the Accounting Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . 56

Configuring the Authentication Order (NSM Procedure) . . . . . . . . . . . . . . . . 57

Configuring the Authorization Order (NSM Procedure) . . . . . . . . . . . . . . . . . . 57

Configuring the L2TP Client (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 58

Configuring the Client Filter Name (NSM Procedure) . . . . . . . . . . . . . . . . . . . 59

Configuring the LDAP Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 60

Configuring the LDAP Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 61

Configuring the Provisioning Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . 62

Configuring RADIUS Parameters for AAA Subscriber Management (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Configuring the RADIUS Parameters (NSM Procedure) . . . . . . . . . . . . . . . . . 66

Configuring the RADIUS for Subscriber Access Management, L2TP, or PPP

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring Session Limit (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring the RADIUSfor SubscriberAccessManagement, L2TP,or PPP(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Configuring the SecurID Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 69

Table of Contents

Configuring the Access Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Chapter 8 Configuring Accounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Configuring Accounting Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 71

Configuring Class Usage Profiles (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 71

Configuring a Log File (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Configuring the Filter Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring the Interface Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 74

Configuring the Policy Decision Statistics Profile (NSM Procedure) . . . . . . . . 75

Configuring the MIB Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 76

Configuring the Routing Engine Profile (NSM Procedure) . . . . . . . . . . . . . . . . 77

Chapter 9 Configuring Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Configuring the Application and Application Set (NSM Procedure) . . . . . . . . . . . 79

Chapter 10 Configuring Bridge Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Configuring Bridge Domains Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . 81

Configuring a Bridge Domain (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 81

Configuring Layer 2Learning and ForwardingProperties for aBridge Domain

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Configuring Forwarding Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 84

Configuring Logical Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 85

Configuring Multicast Snooping Options (NSM Procedure) . . . . . . . . . . . . . . 86

Configuring IGMP Snooping (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 89

Configuring VLAN ID (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Chapter 11 Configuring Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Configuring Aggregated Devices (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 97

Configuring Chassis Alarms (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Configuring Container Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 99

Configuring Chassis FPC (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Configuring a T640 Router on a Routing Matrix (NSM Procedure) . . . . . . . . . . . 105

Configuring Routing Engine Redundancy (NSM Procedure) . . . . . . . . . . . . . . . . . 110

Configuring a Routing Engine to Reboot or Halt on Hard Disk Errors (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Chapter 12 Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Configuring RADIUS Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 113

Configuring TACACS+ Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . 114

Configuring Authentication Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 115

Configuring User Access (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Configuring Login Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Configuring Template Accounts (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 117

Creating a Remote Template Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Creating a Local Template Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Chapter 13 Configuring Class of Service Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Configuring CoS Classifiers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Configuring CoS Code Point Aliases (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 124

Configuring CoS Drop Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 125

M-series and MX-series Devices

Chapter 14 Configuring Event Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Chapter 15 Configuring Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Chapter 16 Configuring Forwarding Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Configuring CoS Forwarding Classes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 127

Configuring CoS Forwarding Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 129

Configuring CoS Fragmentation Maps (NSM Procedure) . . . . . . . . . . . . . . . . . . . 130

Configuring CoS Host Outbound Traffic (NSM Procedure) . . . . . . . . . . . . . . . . . . 131

Configuring CoS Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Configuring CoS Routing Instances (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 138

Configuring CoS Schedulers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Configuring CoS and Applying Scheduler Maps (NSM Procedure) . . . . . . . . . . . . 141

Configuring CoS Restricted Queues (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 142

Configuring Tracing Operations (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 143

Configuring CoS Traffic Control Profiles (NSM Procedure) . . . . . . . . . . . . . . . . . 144

Configuring CoS Translation Table (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 145

Configuring Destinations for File Archiving (NSM Procedure) . . . . . . . . . . . . . . . . 151

Configuring Event Script (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Generating Internal Events (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Configuring Event Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Configuring Event Policy Tracing Operations (NSM Procedure) . . . . . . . . . . . . . . 157

Configuring the Firewall Filter for Any Family Type (NSM Procedure) . . . . . . . . . 159

Configuring the Firewall Filter for Bridge Family Type (NSM Procedure) . . . . . . . 161

Configuring the Firewall Filter for Ccc Family Type (NSM Procedure) . . . . . . . . . 163

Configuring Filters for inet Family Type (NSM Procedure) . . . . . . . . . . . . . . . . . . 165

Configuring Firewall Filter for inet Family Type (NSM Procedure) . . . . . . . . . 165

Configuring Prefix-specific Actions (NSM Procedure) . . . . . . . . . . . . . . . . . . 167

Configuring Service Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 168

Configuring Simple Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 169

Configuring Filters for inet6 Family Type (NSM Procedure) . . . . . . . . . . . . . . . . . 170

Configuring Firewall Filter for inet6 Family Type (NSM Procedure) . . . . . . . . 171

Configuring Service Filters for inet6 (NSM Procedure) . . . . . . . . . . . . . . . . . . 173

Configuring the Firewall Filter for MPLS Family Type (NSM Procedure) . . . . . . . 174

Configuring the Firewall Filter for VPLS Family Type (NSM Procedure) . . . . . . . . 177

Configuring a Policer for a Firewall Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Configuring Accounting Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 183

Configuring the Extended DHCP Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . 185

Configuring Authentication Support for the DHCP Relay Agent (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Configuring Group (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Overriding the Default Configuration Settings for the Extended DHCP Relay

Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Configuring Relay Option 60 Information for Forwarding Client Traffic to

Specific DHCP Servers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 189

Configuring Relay Option 82 for a DHCP Server (NSM Procedure) . . . . . . . 190

Specifying the Name of a Group of DHCP Server Addresses for Use by the

Extended DHCP Relay Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . 191

Table of Contents

Configuring Operations for Extended DHCP Relay Agent Processes (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Specifying Address Family for Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 193

Configuring Load Balancing Using Hash Key (NSM Procedure) . . . . . . . . . . . . . . 194

Configuring Helpers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Configuring a Router or Interface to Act as a Bootstrap Protocol Relay

Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Enabling DNS Request Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Configuring a Port for a DHCP or BOOTP Relay Agent . . . . . . . . . . . . . . . . . 201

Configuring Tracing Operations for BOOTP, DNS, and TFTP Packet

Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Configuring Per-Flow and Per-Prefix Load Balancing (NSM Procedure) . . . . . . 203

Configuring Port Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Chapter 17 Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Configuring Interfaces on the Routing Platform (NSM Procedure) . . . . . . . . . . . 207

Configuring Interface Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 207

Damping Interface Transitions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 208

Configuring Receive Bucket Properties on Interfaces (NSM Procedure) . . . 209 Configuring Tracing Operations of an Individual Router Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Configuring Transmit Leaky Bucket Properties (NSM Procedure) . . . . . . . . . 211

Configuring Logical Interface Properties (NSM Procedure) . . . . . . . . . . . . . . 212

Configuring Logical Unit Properties (NSM Procedure) . . . . . . . . . . . . . . 212

Configuring an IP Demux Underlying Interface (NSM Procedure) . . . . . 213

Configuring the Logical Demux Source Family Type on the IP Demux

Underlying Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 214

Configuring Epd Threshold for the Logical Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Configuring Protocol Family Information for the Logical Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Configuring Protocol Family (Ccc) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Configuring Protocol Family (Inet) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Configuring Protocol Family (Inet6)Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Configuring Protocol Family (ISO) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Configuring Protocol Family (MPLS) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

Configuring Protocol Family (TCC) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Configuring the Traffic Shaping Profile (NSM Procedure) . . . . . . . . . . . . . . . 232

Configuring Interface set on the Routing Platform (NSM Procedure) . . . . . . . . . 234

Configuring Trace Options on the Routing Platform (NSM Procedure) . . . . . . . . 235

Chapter 18 Configuring Multicast Snooping Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Configuring Multicast Snooping Options (NSM Procedure) . . . . . . . . . . . . . . . . . 237

M-series and MX-series Devices

Chapter 19 Configuring Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Chapter 20 Configuring Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Configuring an AS Path in a BGP Routing Policy (NSM Procedure) . . . . . . . . . . . 241

Configuring an AS Path Group in a BGP Routing Policy (NSM Procedure) . . . . . 242

Configuring a Community for use in BGP Routing Policy Conditions(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Configuring a BGP Export Policy Condition (NSM Procedure) . . . . . . . . . . . . . . . 244

Configuring Flap Dampingto Reduce the Number of BGP UpdateMessages(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Configuring a Routing Policy Statement (NSM Procedure) . . . . . . . . . . . . . . . . . 247

Configuring Prefix List (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Configuring the BFD Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Configuring BGP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Configuring the ILMI Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 255

Configuring Layer 2 Address Learning and Forwarding Properties (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Configuring Layer 2 Circuit (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Configuring Local Interface Switching (NSM Procedure) . . . . . . . . . . . . . . . 257

Configuring the Neighbor Interface for the Layer 2 Circuit (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Tracing Layer 2 Circuit Creation and Changes (NSM Procedure) . . . . . . . . . 261

Configuring Layer 2 Protocol Tunneling and BPDU Protection (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Configuring Label Distribution Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . 264

Configuring Link Management Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . 275

Configuring MPLS Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Enabling MPLS on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 279

Configuring Administrative Group (NSM Procedure) . . . . . . . . . . . . . . . . . . 282

Configuring Administrative Groups (NSM Procedure) . . . . . . . . . . . . . . . . . 282

Configuring Bandwidth for the Reroute Path (NSM Procedure) . . . . . . . . . . 283

Configuring DiffServ-Aware Traffic Engineering (NSM Procedure) . . . . . . . 284

Configuring MPLS on Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 285

Configure a Label Switched Path (LSP) to Use in Dynamic MPLS . . . . . . . . 287

Configuring Label Switched Path (NSM Procedure) . . . . . . . . . . . . . . . 287

Configuring Administrative Group (NSM Procedure) . . . . . . . . . . . . . . . 290

Configuring Automatic Bandwidth Allocation for LSPs (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Configuring Bandwidth for the Reroute Path (NSM Procedure) . . . . . . 292

Configuring Fast Reroute (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 293

Adding LSP-Related Routes to the inet.3 Routing Table (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Configuring MPLS LSPs for GMPLS (NSM Procedure) . . . . . . . . . . . . . 295

Configuring BFD for MPLS IPv4 LSPs (NSM Procedure) . . . . . . . . . . . . 296

Configuring the Primary Point-to-Multipoint LSP (NSM Procedure) . . 298

Configuring Policers for LSPs (NSM Procedure) . . . . . . . . . . . . . . . . . . 299

Configuring Primary Paths for an LSP (NSM Procedure) . . . . . . . . . . . 300

Configuring Secondary Paths for an LSP (NSM Procedure) . . . . . . . . . 305

Table of Contents

Configuring System Log Messages and SNMP Traps for LSPs (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Configuring BFD for MPLS IPv4 LSPs (NSM Procedure) . . . . . . . . . . . . . . . . 314

Configuring Named Paths (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 316

Configuring MTU Signaling in RSVPs (NSM Procedure) . . . . . . . . . . . . . . . . 317

Configuring static LSPs on the Ingress Router (NSM Procedure) . . . . . . . . . 318

Configuring MPLS Statistics (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 319

Tracing MPLS Packets and Operations (NSM Procedure) . . . . . . . . . . . . . . 320

Configuring MSDP Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Configuring MSDP on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . 321

Configuring the MSDP Active Source Limit (NSM Procedure) . . . . . . . . . . . 322

Configuring Export Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 323

Configuring MSDP Peer Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Configuring MSDP Peer Group (NSM Procedure) . . . . . . . . . . . . . . . . . 324

Configuring MSDP Peers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 325

Configuring a Routing Table Group with MSDP (NSM Procedure) . . . . 327

Configuring Per-Source Active Source Limit (NSM Procedure) . . . . . . . 328

Configuring MSDP Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . 328

Configuring MSTP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Configuring OSPF (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Configuring RIP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Configuring RIPng Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Configuring RIPng on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . 337

Configuring Graceful Restart for RIPng (NSM Procedure) . . . . . . . . . . . . . . 338

Configuring Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Configuring Group-Specific RIPng Properties (NSM Procedure) . . . . . 339

Applying Policies to Routes Exported by RIPng (NSM Procedure) . . . . . 341

Applying Policies to Routes Imported by RIPng (NSM Procedure) . . . . 341

Configuring RIPng Neighbor Properties . . . . . . . . . . . . . . . . . . . . . . . . . 342

Enable or Disable Receiving of Update Messages (NSM Procedure) . . . . . . 345

Configuring RIPng Send Update Messages (NSM Procedure) . . . . . . . . . . . 345

Configuring RIPng Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 346

Configuring Router Advertisement (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 347

Configuring ICMP Router Discovery (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 350

Configuring RSVP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Configuring VRRP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Configuring VSTP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Chapter 21 Configuring Routing Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Configuring Confederation (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Configuring Dynamic Tunnels (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 363

Configuring Fate Sharing (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Configuring Flow Route (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Configuring Forwarding Table (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 368

Configuring Generated Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 369

Configuring Instance Export (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Configuring Instance Import (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Configuring Interface Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Configuring Martian Addresses (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 373

M-series and MX-series Devices

Chapter 22 Configuring Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Chapter 23 Configuring Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

Configuring Maximum Paths (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Configuring Maximum Prefixes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 375

Configuring Multicast (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Configuring Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Configuring Routing Tables (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

Configuring Routing Table Groups (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 383

Configuring Source Routing (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Configuring Static Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Configuring Topologies (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Configuring Authentication Key Updates (NSM Procedure) . . . . . . . . . . . . . . . . 389

Configuring Adaptive Services PICs (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 391

Configuring Border Signaling Gateways (NSM Procedure) . . . . . . . . . . . . . . . . . 392

Configuring Gateway Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 392

Configuring Gateway (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 393

Configuring an Admission Controller (NSM Procedure) . . . . . . . . . . . . 393

Configuring Session Policy Decision Function (NSM Procedure) . . . . . 394

Configuring Service Point (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 396

Configuring SIP Policies and Timers (NSM Procedure) . . . . . . . . . . . . . 397

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 407

Configuring Class of Service (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

Configuring Intrusion Detection Service (NSM Procedure) . . . . . . . . . . . . . . . . . . 415

Tracing Services PIC Operations (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 419

Configuring Network Address Translation (NSM Procedure) . . . . . . . . . . . . . . . 420

Configuring PGCP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Configuring Gateway (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Configuring a Virtual Border Gateway Function on the Router (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Configuring Data Inactivity Detection (NSM Procedure) . . . . . . . . . . . . 427

Configuring Gateway Controller (NSM Procedure) . . . . . . . . . . . . . . . . 428

Configuring Graceful Restart (NSM Procedure) . . . . . . . . . . . . . . . . . . . 429

Configuring H248 Options Properties (NSM Procedure) . . . . . . . . . . . . . . . 430

Configuring H248 Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 430

Changing Encoding Defaults (NSM Procedure) . . . . . . . . . . . . . . . . . . . 431

Configuring Service Change (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 431

Configuring H248 Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 436

Configuring Application Data Inactivity Detection (NSM Procedure) . . 437

Configuring Base Root (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 437

Configuring Differentiated Services (NSM Procedure) . . . . . . . . . . . . . 440

Configuring Event Timestamp Notification (NSM Procedure) . . . . . . . . 441

Hanging Termination Detection (NSM Procedure) . . . . . . . . . . . . . . . . . 441

Configuring Inactivity Timer (NSM Procedure) . . . . . . . . . . . . . . . . . . . 442

Configuring Notification Behavior (NSM Procedure) . . . . . . . . . . . . . . . 443

Configuring Segmentation (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 444

Table of Contents

Configuring Traffic Management (NSM Procedure) . . . . . . . . . . . . . . . 445

Configuring H248 Timers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 447

Configuring the Monitor (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 448

Configuring Overload Control (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 449

Configuring Session Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 450

Configuring Media Service (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 450

Configuring a Rule (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Configuring Rule Set (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Configuring Session Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 452

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 453

Configuring Virtual Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 454

Configuring Service Interface Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 455

Configuring a Service Set (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Configuring Stateful Firewall (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 460

Chapter 24 Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Configuring Basic System Identification for SNMP (NSM Procedure) . . . . . . . . 463

Configuring SNMP Communities (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 464

Configuring SNMP Trap Groups (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 466

Configuring SNMP Views (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Part 4 Managing M-series and MX-series Devices

Chapter 25 Managing M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . 471

Managing M-series and MX-series Device Software Versions . . . . . . . . . . . . . . . 471

Chapter 26 Viewing the M-series and MX-series Device Inventory in NSM and the

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Viewing and Reconciling Device Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Comparing Device Inventory in NSM and the CLI . . . . . . . . . . . . . . . . . . . . . . . . . 474

Viewing Device Inventory in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Viewing Device Inventory from the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Chapter 27 Topology Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Overview of the NSM Topology Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Requisites for a Topology Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

About the NSM Topology Manager Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Part 5 Monitoring M-series and MX-series Devices

Chapter 28 Real Time Monitoring of M-series and MX-series . . . . . . . . . . . . . . . . . . . . . 485

About the Realtime Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

Viewing Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Viewing Device Monitor Alarm Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Setting the Polling Interval For Device Alarm Status . . . . . . . . . . . . . . . . . . . . . . 489

Part 6 Index

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

M-series and MX-series Devices

List of Figures

Part 1 Getting Started

Chapter 2 Understanding the JUNOS CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 1: Overview of the User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Figure 2: NSM Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Part 2 Integrating M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 29

Figure 3: Job Information Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Figure 4: Failed Update Job Information Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . 36

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 41

Figure 5: MPLS Configuration in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Figure 6: MPLS Configuration in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Part 4 Managing M-series and MX-series Devices

Chapter 26 Viewing the M-series and MX-series Device Inventory in NSM and the

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Figure 7: The Device Inventory Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Figure 8: Viewing the Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Figure 9: Viewing the Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

M-series and MX-series Devices

List of Tables

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii

Table 2: Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii

Table 3: Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

Table 4: Network and Security Manager Publications . . . . . . . . . . . . . . . . . . . . . xxix

Part 1 Getting Started

Chapter 3 Before You Begin Adding M-series and MX-series Devices . . . . . . . . . . . . . . 15

Table 5: M-series Internet Routers and MX-series Internet Service Routers . . . . . . 15

Part 2 Integrating M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 29

Table 6: Device States During Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 41

Table 7: The JUNOS Configuration Hierarchy and the NSM Configuration

Chapter 7 Configuring Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Table 8: Address Assignment Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 48

Table 9: Access Address Pool Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 51

Table 10: Access Group Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 51

Table 11: LDAP Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Table 12: LDAP Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Table 13: Access Profile Properties Configuration Details . . . . . . . . . . . . . . . . . . . . 55

Table 14: Accounting Parameter Configuration Details . . . . . . . . . . . . . . . . . . . . . 56

Table 15: Accounting Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Table 16: Authentication Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 57

Table 17: Authorization Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 58

Table 18: Client Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Table 19: Client Filter Name Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 60

Table 20: Ldap Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Table 21: Ldap Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 22: Provisioning Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 23: RADIUS Parameter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 63

Table 24: RADIUS Parameters Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 66

Table 25: RADIUS Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Table 26: Session Limit Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

M-series and MX-series Devices

Chapter 8 Configuring Accounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Chapter 9 Configuring Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Chapter 10 Configuring Bridge Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Chapter 11 Configuring Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Chapter 12 Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Chapter 13 Configuring Class of Service Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Table 27: RADIUS Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Table 28: SecurID Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Table 29: Access Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Table 30: Class Usage Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 31: Log File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Table 32: Filter Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Table 33: Interface Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Table 34: Policy Decision Statistics Profile Configuration Details . . . . . . . . . . . . . 76

Table 35: MIB Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Table 36: Routing Engine Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . 78

Table 37: Applications Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Table 38: Bridge Domain Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Table 39: Bridge Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Table 40: Forwarding Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 84

Table 41: Logical Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Table 42: Multicast Snooping Options Configuration Details . . . . . . . . . . . . . . . . . 87

Table 43: Igmp Snooping Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Table 44: VLAN ID Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Table 45: Aggregated Devices Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 98

Table 46: Chassis Alarms Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Table 47: Container Interfaces Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 99

Table 48: FPC Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Table 49: Lcc Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Table 50: Chassis Redundancy Configuration Details . . . . . . . . . . . . . . . . . . . . . . 110

Table 51: Chassis Routing Engine Configuration Details . . . . . . . . . . . . . . . . . . . . . 112

Table 52: RADIUS Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . 113

Table 53: TACACS+ Authentication Configuration Details . . . . . . . . . . . . . . . . . . . 114

Table 54: Login Class Authentication Configuration Details . . . . . . . . . . . . . . . . . 116

Table 55: User Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 117

Table 56: Remote Template Account Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Table 57: Local Template Account Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Table 58: Configuring and Applying Behavior Aggregate Classifiers . . . . . . . . . . . 122

Table 59: Configuring Code Point Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Table 60: Drop Profile Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Table 61: Assigning Forwarding Classes to Output Queues . . . . . . . . . . . . . . . . . 128

Table 62: Forwarding Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 129

Table 63: Fragmentation Maps Configuration Details . . . . . . . . . . . . . . . . . . . . . . 131

Table 64: Host Outbound Traffic Configuration Details . . . . . . . . . . . . . . . . . . . . 132

Table 65: Interfaces Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

List of Tables

Table 66: Routing Instances Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 138

Table 67: Configuring Schedulers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Table 68: Assigning Forwarding Classes to Output Queues . . . . . . . . . . . . . . . . . 141

Table 69: Restricted Queue Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 143

Table 70: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Table 71: Traffic Control profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . 145

Table 72: Translation Table Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 146

Chapter 14 Configuring Event Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Table 73: Destination Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Table 74: Event Script Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Table 75: Generate Event Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Table 76: Configure Event Policy Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Table 77: Event Options Traceoptions Configuration Details . . . . . . . . . . . . . . . . 158

Chapter 15 Configuring Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Table 78: Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Table 79: Bridge Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Table 80: Ccc Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Table 81: Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Table 82: Prefix Actions Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Table 83: Service Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Table 84: Simple Filter Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Table 85: Inet6 Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 171

Table 86: inet6 Service Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 173

Table 87: MPLS Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 175

Table 88: VPLS Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 178

Table 89: Configuring a Policer for a Firewall Filter . . . . . . . . . . . . . . . . . . . . . . . . 180

Chapter 16 Configuring Forwarding Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Table 90: Accounting Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . 183

Table 91: Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Table 92: Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Table 93: Overrides Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Table 94: Relay Option 60 Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 189

Table 95: Relay option 82 Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Table 96: Sever Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Table 97: DHCP Relay Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . 192

Table 98: Address Family Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Table 99: Load Balance Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Table 100: BOOTP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Table 101: DNS and TFTP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Table 102: Port Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Table 103: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Table 104: Load Balancing Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 204

Table 105: Port Mirroring Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Chapter 17 Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Table 106: Interface Properties Configuration Details . . . . . . . . . . . . . . . . . . . . . 208

Table 107: Hold Time Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

M-series and MX-series Devices

Chapter 18 Configuring Multicast Snooping Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Chapter 19 Configuring Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Chapter 20 Configuring Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Table 108: Receive Bucket Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 210

Table 109: Trace Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Table 110: Transmit Bucket Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 212

Table 111: Logical Unit Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Table 112: IP Demux Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Table 113: IP Demux Source Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 214

Table 114: Epd Threshold Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Table 115: Ccc Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Table 116: Inet Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Table 117: Inet6 Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Table 118: Iso Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

Table 119: MPLS Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Table 120: TCC Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Table 121: Traffic Shaping Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Table 122: Interface Set Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Table 123: Traceoption Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Table 124: Multicast Snooping Options Configuration Details . . . . . . . . . . . . . . . 238

Table 125: AS Path Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Table 126: AS Path Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Table 127: Community Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Table 128: Condition Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Table 129: Damping Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Table 130: Configuring Policy Statement Fields . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Table 131: Configuring Prefix List Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Table 132: Configuring Bfd Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Table 133: BGP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Table 134: Trace Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Table 135: L2 Learning Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Table 136: Local Switching Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 258

Table 137: Neighbor Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 259

Table 138: Layer2 Circuit Traceoption Configuration Details . . . . . . . . . . . . . . . . . 261

Table 139: Layer2 Circuit Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Table 140: LDP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Table 141: Link Management Protocol Configuration Details . . . . . . . . . . . . . . . . 276

Table 142: MPLS Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Table 143: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . 282

Table 144: Administrative Groups Configuration Details . . . . . . . . . . . . . . . . . . . 283

Table 145: Automatic Policers Configuration Details . . . . . . . . . . . . . . . . . . . . . . 284

Table 146: Diffserv-Aware Traffic Engineering Configuration Details . . . . . . . . . 285

Table 147: Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Table 148: LSP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Table 149: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . . 291

Table 150: Automatic Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . 292

Table 151: Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

List of Tables

Table 152: Fast Reroute Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Table 153: Install Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Table 154: Lsp Attributes Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Table 155: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Table 156: P2mp Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Table 157: Policer Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Table 158: Primary Paths Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Table 159: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . 302

Table 160: Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Table 161: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Table 162: Secondary Paths Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 306

Table 163: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . 308

Table 164: Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Table 165: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Table 166: Egress Router Address Configuration Details . . . . . . . . . . . . . . . . . . . . 312

Table 167: LSP Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 312

Table 168: Log Updown Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Table 169: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Table 170: Named Path Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Table 171: Path MTU Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Table 172: Static Path Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Table 173: MPLS Statistics Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 320

Table 174: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Table 175: MSDP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Table 176: Active Source Limit Configuration Details . . . . . . . . . . . . . . . . . . . . . . 323

Table 177: Export Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Table 178: Peer Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Table 179: MSDP Peer Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

Table 180: Rib Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Table 181: Active Source Limit Configuration Details . . . . . . . . . . . . . . . . . . . . . . 328

Table 182: MSDP Traceoption Configuration Details . . . . . . . . . . . . . . . . . . . . . . 329

Table 183: MSTP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Table 184: OSPF Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Table 185: RIP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

Table 186: RIPng Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Table 187: Graceful Restart Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 339

Table 188: Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Table 189: RIPng Export Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . 341

Table 190: Import Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Table 191: Neighbor Properties Configuration Details . . . . . . . . . . . . . . . . . . . . . . 343

Table 192: Import Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Table 193: Receive Message Update Configuration Details . . . . . . . . . . . . . . . . . 344

Table 194: Send Update Message Configuration Details . . . . . . . . . . . . . . . . . . . 345

Table 195: Receive Message Update Configuration Details . . . . . . . . . . . . . . . . . 345

Table 196: RIPng Send Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346

Table 197: RIPng Traceoption Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 347

Table 198: Router Advertisement Configuration Details . . . . . . . . . . . . . . . . . . . 348

Table 199: Router Discovery Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 350

Table 200: RSVP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

M-series and MX-series Devices

Chapter 21 Configuring Routing Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Chapter 22 Configuring Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Chapter 23 Configuring Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

Table 201: VRRP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Table 202: VSTP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

Table 203: Confederation Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Table 204: Dynamic Tunnels Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 363

Table 205: Fate Sharing Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Table 206: Flow Route Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Table 207: Forwarding Table Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Table 208: Generated Routes Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Table 209: Interface Routes Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Table 210: Configuring Martian Address Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Table 211: Configuring Maximum Paths Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Table 212: Configuring Maximum Prefixes Fields . . . . . . . . . . . . . . . . . . . . . . . . . 376

Table 213: Configuring Multicast Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Table 214: Configuring Options Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

Table 215: Rib Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

Table 216: Rib Group Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Table 217: Source Routing Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Table 218: Static Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Table 219: Topology Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Table 220: Traceoption Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Table 221: Security Authentication Key Configuration Details . . . . . . . . . . . . . . . 390

Table 222: Adaptive Services Pics Configuration Details . . . . . . . . . . . . . . . . . . . 392

Table 223: Gateway Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

Table 224: Admission Controller Configuration Details . . . . . . . . . . . . . . . . . . . . 394

Table 225: Session Policy Decision Configuration Details . . . . . . . . . . . . . . . . . . 395

Table 226: Service Point Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

Table 227: Message Manipulate Rules Configuration Details . . . . . . . . . . . . . . . . 398

Table 228: New Call Usage Policy Configuration Details . . . . . . . . . . . . . . . . . . . 400

Table 229: New Call Usage Policy Set Configuration Details . . . . . . . . . . . . . . . . 403

Table 230: Transaction Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . 404

Table 231: Transaction Policy Set Configuration Details . . . . . . . . . . . . . . . . . . . 406

Table 232: Timers Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Table 233: Traceoption BSG Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 408

Table 234: CoS Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Table 235: IDS Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Table 236: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Table 237: NAT Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

Table 238: Virtual BGF Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Table 239: Data Inactivity Detection Configuration Details . . . . . . . . . . . . . . . . . 428

Table 240: Gateway Controller Configuration Details . . . . . . . . . . . . . . . . . . . . . 429

Table 241: Graceful Restart Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 430

Table 242: H248 Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Table 243: Encoding Defaults Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 431

Table 244: Context indication Configuration Details . . . . . . . . . . . . . . . . . . . . . . 432

List of Tables

Table 245: Control Association Configuration Details . . . . . . . . . . . . . . . . . . . . . 434

Table 246: Virtual Interface Indications Configuration Details . . . . . . . . . . . . . . . 436

Table 247: Data Inactivity Detection Configuration Details . . . . . . . . . . . . . . . . . 437

Table 248: Base Root Package Configuration Details . . . . . . . . . . . . . . . . . . . . . 439

Table 249: Diffserv Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Table 250: Event Timestamp Notification Configuration Details . . . . . . . . . . . . . 441

Table 251: Hanging Termination Detection Configuration Details . . . . . . . . . . . . 442

Table 252: Inactivity Timer Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 443

Table 253: Notification Behavior Configuration Details . . . . . . . . . . . . . . . . . . . . 444

Table 254: Segmentation Package Configuration Details . . . . . . . . . . . . . . . . . . 445

Table 255: Traffic Management Configuration Details . . . . . . . . . . . . . . . . . . . . . 446

Table 256: H248 Timers Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 448

Table 257: Monitor Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

Table 258: Overload Control Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 449

Table 259: Session Mirroring Configuring Details . . . . . . . . . . . . . . . . . . . . . . . . . 450

Table 260: Media Service Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Table 261: Configuring Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Table 262: Configuring Rule Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Table 263: Session Mirroring Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 453

Table 264: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 454

Table 265: Virtual Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 455

Table 266: Service Interface Pools Configuration Details . . . . . . . . . . . . . . . . . . 456

Table 267: Service Set Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Table 268: Stateful Firewall Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 461

Chapter 24 Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Table 269: Basic System Identification Details . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Table 270: Configuring Community Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

Table 271: Configuring SNMP Trap Group Fields . . . . . . . . . . . . . . . . . . . . . . . . . . 466

Table 272: Configuring SNMP View Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

Part 5 Monitoring M-series and MX-series Devices

Chapter 28 Real Time Monitoring of M-series and MX-series . . . . . . . . . . . . . . . . . . . . . 485

Table 273: Device Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

M-series and MX-series Devices

About This Guide

•

Objectives on page xxvii

•

Audience on page xxvii

•

Documentation Conventions on page xxvii

•

Documentation on page xxix

•

Requesting Technical Support on page xxx

Objectives

Juniper Networks Network and Security Manager (NSM) is a software application that centralizescontrol and management of your Juniper Networksdevices. With NSM, Juniper Networks delivers integrated, policy-based security and network management for all devices.

M-series and MX-series devices are routers that run JUNOS software using the command-line interface (CLI) for installation and configuration.

This guide provides the information you need to understand, configure, and maintain an M-series or MX-series device using NSM. This guide explains how to use basic NSM functionality, includingadding newdevices, deploying newdevice configurations, updating device firmware, and monitoringthe status of your M-series or MX-series device. Use this guide in conjunction with the NSM Online Help,which provides step-by-step instructions that complement the information in this guide.

NOTE: If the information in the latest NSM Release Notes differs from the information

in this guide, follow the NSM Release Notes.

Audience

This guide is for the system administrator responsible for configuring the M-series and MX-series devices.

Documentation Conventions

The sample screens used throughout this guide are representations of the screens that appear when you install and configure the NSM software. The actual screens may differ.

M-series and MX-series Devices

Table 1: Notice Icons

All examples show default file paths. If you do not accept the installation defaults, your paths will vary from the examples.

Table 1 on page xxviii defines notice icons used in this guide.

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardware damage.Caution

Alerts you to the risk of personal injury or death.Warning

Table 2 on page xxviii defines text conventions used in this guide.

Table 2: Text Conventions

Bold typeface like this

fixed-width font

Keynames linkedwith a plus (+) sign

Alerts you to the risk of personal injury from a laser.Laser warning

•

Represents commands and keywords in text.

•

Represents keywords

•

Represents UI elements

Represents information as displayed on the terminal screen.

keys simultaneously.

ExamplesDescriptionConvention

•

Issue the clock source command.

•

Specify the keyword exp-msg.

•

Click User Objects

user inputRepresents text that the user must type.Bold typeface like this

host1#

show ip ospf

Routing Process OSPF 2 with Router ID 5.5.0.250 Router is an area Border Router (ABR)

Ctrl + dIndicates that you must press two or more

Italics

The angle bracket (>)

•

Emphasizes words

•

Identifies variables

Indicates navigation paths through the UI by clicking menu options and links.

•

The product supports two levels of access, user and privileged.

•

clusterID, ipAddress.

Object Manager > User Objects > Local Objects

Table 3 on page xxix defines syntax conventions used in this guide.

Table 3: Syntax Conventions

About This Guide

ExamplesDescriptionConvention

terminal lengthRepresent keywordsWords in plain text

mask, accessListNameRepresent variablesWords in italics

Words separated by the pipe ( | ) symbol

Words enclosed in brackets followed by and asterisk ( [ ]*)

Documentation

Table 4 on page xxix describes documentation for the NSM.

Table 4: Network and Security Manager Publications

Network and Security Manager Installation Guide

variable to the left or right of this symbol. The keywordor variable canbe optional or required.

can be entered more than once.

Represent required keywords or variables.Words enclosed in braces ( { } )

DescriptionBook

Describes the steps to install the NSM management system on a single server or on separate servers. It also includes information on how to install and run the NSMuser interface.This guideis intended for IT administrators responsible for the installation or upgrade of NSM.

diagnostic | lineRepresent a choice to select one keyword or

[ internal | external ]Represent optional keywords or variables.Words enclosed in brackets ( [ ] )

[ level1 | level2 | 11 ]*Represent optional keywords or variables that

{ permit | deny } { in |out } { clusterId | ipAddress }

Network and Security Manager Administration Guide

Network and Security Manager Configuring ScreenOS and IDP Devices Guide

Describes how to use and configure key management features in the NSM. Itprovides conceptual information, suggested workflows, and examples. This guide is best used in conjunction with the NSM Online Help,which provides step-by-step instructions for performing management tasks in the NSM UI.

This guide is intended for application administrators or those individuals responsible for owning the server and security infrastructure and configuring the product for multi-user systems. It is also intended for device configuration administrators, firewall and VPN administrators, and network security operation center administrators.

Provides details about configuring the device features for all supported ScreenOS and IDP platforms.

M-series and MX-series Devices

Table 4: Network and Security Manager Publications (continued)

DescriptionBook

Network and Security Manager Online Help

Network and Security Manager API Guide

Network and Security Manager Release Notes

Configuring Infranet Controllers Guide

Configuring Secure Access Devices Guide

Configuring EX-series Switches Guide

Configuring J-series Services Routers and SRX-series Services Gateways Guide

Provides procedures for basic tasks in the NSM user interface. It also includes a brief overview of the NSM system and a description of the GUI elements.

Provides complete syntax and description of the SOAP messaging interface to NSM.

Provides the latest information about features, changes, known problems, resolved problems, and system maximum values. If the information in the Release Notesdiffers from the information found in the documentation set, follow the Release Notes.

Release notes are included on the corresponding software CD and are available on the Juniper Networks Website.

Provides details about configuring the device features for all supported Infranet Controllers.

Provides details about configuring the device features for all supported Secure Access Devices.

Provides details about configuring the device features for all supported EX-series platforms .

Provides details about configuring the device features for all supported J-series Services Routers and SRX-series Services Gateways.

M-series and MX-series Devices Guide

Requesting Technical Support

Technical productsupport is availablethrough theJuniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

•

JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .

•

Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/ .

•

JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.

Provides details about configuring the device features for M-series and MX-series platforms.

+ 500 hidden pages

Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1, NETWORK AND SECURITY MANAGER 2010.3 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual