Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1, M-series, MX-series User Manual

Network and Security Manager

M-series and MX-series Devices Guide

Release

2010.4

Published: 2010-11-17

Revision 1

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net

This productincludes the Envoy SNMP Engine, developed by Epilogue Technology,an Integrated Systems Company.Copyright ©1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Network and Security Manager M-series and MX-series Devices

Revision History November 2010—Revision 1

The information in this document is current as of the date listed in the revision history.

END USER LICENSE AGREEMENT

READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE.

BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER)CONSENT TO BE BOUNDBY THIS AGREEMENT.IF YOUDO NOTOR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (ifthe Customer’sprincipal officeis located outsidethe Americas) (such applicable entitybeing referred to herein as“Juniper”),and (ii) the person or organization thatoriginally purchased from Juniperor an authorized Juniperreseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades and new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.

3. License Grant. Subject topayment of the applicablefees and the limitations and restrictions set forth herein, Juniper grants toCustomer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limitsto Customer’s useof the Software. Suchlimits may restrictuse to amaximum numberof seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software,in any form, toany thirdparty; (d)remove any proprietarynotices, labels,or marks on orin any copy of the Softwareor any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold inthe secondhand market; (f)use any ‘locked’ orkey-restricted feature,function, service, application, operation, orcapability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the

Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.

7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statementthat accompaniesthe Software (the“Warranty Statement”).Nothing inthis Agreement shallgive riseto any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTSOR PROCUREMENTOF SUBSTITUTEGOODS ORSERVICES,OR FOR ANY SPECIAL,INDIRECT,OR CONSEQUENTIALDAMAGES ARISING OUTOF THIS AGREEMENT,THE SOFTWARE,OR ANY JUNIPEROR JUNIPER-SUPPLIEDSOFTWARE. INNO EVENT SHALLJUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.

10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this Section shall survive termination or expiration of this Agreement.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS

227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Softwareand any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in itsown name asif it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL

at http://www.gnu.org/licenses/lgpl.html .

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

Table of Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv

Part 1 Getting Started

Chapter 1 Getting Started with NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Introduction to Network and Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Installing NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Role-Based Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 2 Understanding the JUNOS CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

NSM and Device Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Understanding the CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Comparing the CLI To the NSM UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

NSM Services Supported for M-series and MX-series Devices . . . . . . . . . . . . . . . . 10

How NSM Works with the CLI and Distributed Data Collection . . . . . . . . . . . . . . . . 11

Device Schemas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Communication Between a Device and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 3 Before You Begin Adding M-series and MX-series Devices . . . . . . . . . . . . . . 15

M-series and MX-series Devices Supported by NSM . . . . . . . . . . . . . . . . . . . . . . . 15

Considering the Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Configuring a Deployed M-series or MX-series Device for Importing to NSM . . . . . 17

Configure an IP Address and a User with Full Administrative Privileges for

the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Check Network Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Check Connectivity to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Configure a Static Route to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Establish a Telnet or an SSHv2, and a NETCONF protocol over SSH

Connection to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Part 2 Integrating M-series and MX-series Devices

Chapter 4 Adding M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . . . 25

About Device Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Supported Add Device Workflows for M-series and MX-series Devices . . . . . . . . 26

M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 31

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 43

Chapter 7 Configuring Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Importing Devices Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Modeling Devices Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Adding Multiple Devices Using Automatic Discovery (JUNOS Software Devices

Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Adding Device Groups Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

About Updating M-series and MX-series Devices . . . . . . . . . . . . . . . . . . . . . . . . . . 31

How the Update Process Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Job Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Tracking Updated Devices Using Job Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Reviewing Job Information Displayed in Job Manager . . . . . . . . . . . . . . . . . . . . . . 35

Device States Displayed in Job Manager During Update . . . . . . . . . . . . . . . . . . . . 36

Understanding Updating Errors Displayed in the Job Manager . . . . . . . . . . . . . . . 37

About Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

M-series and MX-series Device Configuration Settings Supported in NSM . . . . . 44

Configuring Device Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Example: Configuration of Interfaces for MPLS in the CLI and NSM . . . . . . . . . . . 47

Configuring Address-Assignment Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . 49

Configuring Access Address Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 52

Configuring Access Group Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 53

Configuring the LDAP Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Configuring the LDAP Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Configuring Access Profiles for L2TP or PPP Parameters (NSM Procedure) . . . . 56

Configuring Access Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 57

Configuring Accounting Parameters for Access Profiles (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Configuring the Accounting Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . 58

Configuring the Authentication Order (NSM Procedure) . . . . . . . . . . . . . . . . 59

Configuring the Authorization Order (NSM Procedure) . . . . . . . . . . . . . . . . . 59

Configuring the L2TP Client (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 60

Configuring the Client Filter Name (NSM Procedure) . . . . . . . . . . . . . . . . . . . 61

Configuring the LDAP Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 62

Configuring the LDAP Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 63

Configuring the Provisioning Order (NSM Procedure) . . . . . . . . . . . . . . . . . . 64

Configuring RADIUS Parameters for AAA Subscriber Management (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Configuring the RADIUS Parameters (NSM Procedure) . . . . . . . . . . . . . . . . . 68

Configuring the RADIUS for Subscriber Access Management, L2TP, or PPP

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Configuring Session Limit (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Configuring the RADIUSfor SubscriberAccessManagement, L2TP,or PPP(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Configuring the SecurID Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Table of Contents

Configuring the Access Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Chapter 8 Configuring Accounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring Accounting Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring Class Usage Profiles (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 73

Configuring a Log File (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Configuring the Filter Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 75

Configuring the Interface Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 76

Configuring the Policy Decision Statistics Profile (NSM Procedure) . . . . . . . . 77

Configuring the MIB Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 78

Configuring the Routing Engine Profile (NSM Procedure) . . . . . . . . . . . . . . . . 79

Chapter 9 Configuring Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Configuring the Application and Application Set (NSM Procedure) . . . . . . . . . . . 81

Chapter 10 Configuring Bridge Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Configuring Bridge Domains Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . 83

Configuring a Bridge Domain (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 83

Configuring Layer 2Learning and ForwardingProperties for aBridge Domain

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Configuring Forwarding Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 86

Configuring Logical Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 87

Configuring Multicast Snooping Options (NSM Procedure) . . . . . . . . . . . . . . 88

Configuring IGMP Snooping (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 91

Configuring VLAN ID (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Chapter 11 Configuring Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Configuring Aggregated Devices (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 99

Configuring Chassis Alarms (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Configuring Container Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 101

Configuring Chassis FPC (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Configuring a T640 Router on a Routing Matrix (NSM Procedure) . . . . . . . . . . . 107

Configuring Routing Engine Redundancy (NSM Procedure) . . . . . . . . . . . . . . . . . 112

Configuring a Routing Engine to Reboot or Halt on Hard Disk Errors (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Chapter 12 Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Configuring RADIUS Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 115

Configuring TACACS+ Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . 116

Configuring Authentication Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 117

Configuring User Access (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Configuring Login Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Configuring Template Accounts (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 119

Creating a Remote Template Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Creating a Local Template Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Chapter 13 Configuring Class of Service Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Configuring CoS Classifiers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Configuring CoS Code Point Aliases (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 126

Configuring CoS Drop Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 127

M-series and MX-series Devices

Chapter 14 Configuring Event Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Chapter 15 Configuring Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Chapter 16 Configuring Forwarding Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Configuring CoS Forwarding Classes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 129

Configuring CoS Forwarding Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 131

Configuring CoS Fragmentation Maps (NSM Procedure) . . . . . . . . . . . . . . . . . . . 132

Configuring CoS Host Outbound Traffic (NSM Procedure) . . . . . . . . . . . . . . . . . . 133

Configuring CoS Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Configuring CoS Routing Instances (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 140

Configuring CoS Schedulers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Configuring CoS and Applying Scheduler Maps (NSM Procedure) . . . . . . . . . . . 143

Configuring CoS Restricted Queues (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 144

Configuring Tracing Operations (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 145

Configuring CoS Traffic Control Profiles (NSM Procedure) . . . . . . . . . . . . . . . . . 146

Configuring CoS Translation Table (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 147

Configuring Destinations for File Archiving (NSM Procedure) . . . . . . . . . . . . . . . 153

Configuring Event Script (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Generating Internal Events (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Configuring Event Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Configuring Event Policy Tracing Operations (NSM Procedure) . . . . . . . . . . . . . . 159

Configuring the Firewall Filter for Any Family Type (NSM Procedure) . . . . . . . . . 161

Configuring the Firewall Filter for Bridge Family Type (NSM Procedure) . . . . . . . 163

Configuring the Firewall Filter for Ccc Family Type (NSM Procedure) . . . . . . . . . 165

Configuring Filters for inet Family Type (NSM Procedure) . . . . . . . . . . . . . . . . . . 167

Configuring Firewall Filter for inet Family Type (NSM Procedure) . . . . . . . . . 167

Configuring Prefix-specific Actions (NSM Procedure) . . . . . . . . . . . . . . . . . . 169

Configuring Service Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 170

Configuring Simple Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Configuring Filters for inet6 Family Type (NSM Procedure) . . . . . . . . . . . . . . . . . 172

Configuring Firewall Filter for inet6 Family Type (NSM Procedure) . . . . . . . . 173

Configuring Service Filters for inet6 (NSM Procedure) . . . . . . . . . . . . . . . . . . 175

Configuring the Firewall Filter for MPLS Family Type (NSM Procedure) . . . . . . . 176

Configuring the Firewall Filter for VPLS Family Type (NSM Procedure) . . . . . . . . 179

Configuring a Policer for a Firewall Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Configuring Accounting Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 185

Configuring the Extended DHCP Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . 187

Configuring Authentication Support for the DHCP Relay Agent (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Configuring Group (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Overriding the Default Configuration Settings for the Extended DHCP Relay

Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Configuring Relay Option 60 Information for Forwarding Client Traffic to

Specific DHCP Servers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 191

Configuring Relay Option 82 for a DHCP Server (NSM Procedure) . . . . . . . . 192

Specifying the Name of a Group of DHCP Server Addresses for Use by the

Extended DHCP Relay Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . 193

Table of Contents

Configuring Operations for Extended DHCP Relay Agent Processes (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Specifying Address Family for Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 195

Configuring Load Balancing Using Hash Key (NSM Procedure) . . . . . . . . . . . . . . 196

Configuring Helpers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Configuring a Router or Interface to Act as a Bootstrap Protocol Relay

Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Enabling DNS Request Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Configuring a Port for a DHCP or BOOTP Relay Agent . . . . . . . . . . . . . . . . . 203

Configuring Tracing Operations for BOOTP, DNS, and TFTP Packet

Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Configuring Per-Flow and Per-Prefix Load Balancing (NSM Procedure) . . . . . . 205

Configuring Port Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Chapter 17 Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Configuring Interfaces on the Routing Platform (NSM Procedure) . . . . . . . . . . . 209

Configuring Interface Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . 209

Damping Interface Transitions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 211

Configuring Receive Bucket Properties on Interfaces (NSM Procedure) . . . . 212

Configuring Tracing Operations of an Individual Router Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Configuring Transmit Leaky Bucket Properties (NSM Procedure) . . . . . . . . . 213

Configuring Logical Interface Properties (NSM Procedure) . . . . . . . . . . . . . . 214

Configuring Logical Unit Properties (NSM Procedure) . . . . . . . . . . . . . . 214

Configuring an IP Demux Underlying Interface (NSM Procedure) . . . . . 215

Configuring the Logical Demux Source Family Type on the IP Demux

Underlying Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 216

Configuring Epd Threshold for the Logical Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Configuring Protocol Family Information for the Logical Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Configuring Protocol Family (Ccc) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Configuring Protocol Family (Inet) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Configuring Protocol Family (Inet6)Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Configuring Protocol Family (ISO) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Configuring Protocol Family (MPLS) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Configuring Protocol Family (TCC) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Configuring the Traffic Shaping Profile (NSM Procedure) . . . . . . . . . . . . . . 234

Configuring Interface set on the Routing Platform (NSM Procedure) . . . . . . . . . 236

Configuring Trace Options on the Routing Platform (NSM Procedure) . . . . . . . . 237

Chapter 18 Configuring Multicast Snooping Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Configuring Multicast Snooping Options (NSM Procedure) . . . . . . . . . . . . . . . . 239

M-series and MX-series Devices

Chapter 19 Configuring Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Chapter 20 Configuring Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Configuring an AS Path in a BGP Routing Policy (NSM Procedure) . . . . . . . . . . . 243

Configuring an AS Path Group in a BGP Routing Policy (NSM Procedure) . . . . . 244

Configuring a Community for use in BGP Routing Policy Conditions(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Configuring a BGP Export Policy Condition (NSM Procedure) . . . . . . . . . . . . . . 246

Configuring Flap Dampingto Reduce the Number of BGP UpdateMessages(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Configuring a Routing Policy Statement (NSM Procedure) . . . . . . . . . . . . . . . . . 249

Configuring Prefix List (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Configuring the BFD Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 253

Configuring BGP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Configuring the ILMI Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Configuring Layer 2 Address Learning and Forwarding Properties (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Configuring Layer 2 Circuit (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Configuring Local Interface Switching (NSM Procedure) . . . . . . . . . . . . . . . 259

Configuring the Neighbor Interface for the Layer 2 Circuit (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Tracing Layer 2 Circuit Creation and Changes (NSM Procedure) . . . . . . . . . 263

Configuring Layer 2 Protocol Tunneling and BPDU Protection (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Configuring Label Distribution Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . 266

Configuring Link Management Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . 277

Configuring MPLS Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Enabling MPLS on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 281

Configuring Administrative Group (NSM Procedure) . . . . . . . . . . . . . . . . . . 284

Configuring Administrative Groups (NSM Procedure) . . . . . . . . . . . . . . . . . 284

Configuring Bandwidth for the Reroute Path (NSM Procedure) . . . . . . . . . . 285

Configuring DiffServ-Aware Traffic Engineering (NSM Procedure) . . . . . . . 286

Configuring MPLS on Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 287

Configure a Label Switched Path (LSP) to Use in Dynamic MPLS . . . . . . . . 289

Configuring Label Switched Path (NSM Procedure) . . . . . . . . . . . . . . . 289

Configuring Administrative Group (NSM Procedure) . . . . . . . . . . . . . . . 292

Configuring Automatic Bandwidth Allocation for LSPs (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Configuring Bandwidth for the Reroute Path (NSM Procedure) . . . . . . 293

Configuring Fast Reroute (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 294

Adding LSP-Related Routes to the inet.3 Routing Table (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Configuring MPLS LSPs for GMPLS (NSM Procedure) . . . . . . . . . . . . . 296

Configuring BFD for MPLS IPv4 LSPs (NSM Procedure) . . . . . . . . . . . . 297

Configuring the Primary Point-to-Multipoint LSP (NSM Procedure) . . 299

Configuring Policers for LSPs (NSM Procedure) . . . . . . . . . . . . . . . . . . 300

Configuring Primary Paths for an LSP (NSM Procedure) . . . . . . . . . . . . 301

Configuring Secondary Paths for an LSP (NSM Procedure) . . . . . . . . . 306

Table of Contents

Configuring System Log Messages and SNMP Traps for LSPs (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Configuring BFD for MPLS IPv4 LSPs (NSM Procedure) . . . . . . . . . . . . . . . . 315

Configuring Named Paths (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 317

Configuring MTU Signaling in RSVPs (NSM Procedure) . . . . . . . . . . . . . . . . 318

Configuring static LSPs on the Ingress Router (NSM Procedure) . . . . . . . . . 319

Configuring MPLS Statistics (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 320

Tracing MPLS Packets and Operations (NSM Procedure) . . . . . . . . . . . . . . . 321

Configuring MSDP Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Configuring MSDP on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . 322

Configuring the MSDP Active Source Limit (NSM Procedure) . . . . . . . . . . . 323

Configuring Export Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 324

Configuring MSDP Peer Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Configuring MSDP Peer Group (NSM Procedure) . . . . . . . . . . . . . . . . . 325

Configuring MSDP Peers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 326

Configuring a Routing Table Group with MSDP (NSM Procedure) . . . . 328

Configuring Per-Source Active Source Limit (NSM Procedure) . . . . . . . 329

Configuring MSDP Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . 329

Configuring MSTP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Configuring OSPF (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Configuring RIP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

Configuring RIPng Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Configuring RIPng on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . 338

Configuring Graceful Restart for RIPng (NSM Procedure) . . . . . . . . . . . . . . 339

Configuring Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Configuring Group-Specific RIPng Properties (NSM Procedure) . . . . . 340

Applying Policies to Routes Exported by RIPng (NSM Procedure) . . . . . 341

Applying Policies to Routes Imported by RIPng (NSM Procedure) . . . . 342

Configuring RIPng Neighbor Properties . . . . . . . . . . . . . . . . . . . . . . . . . 343

Enable or Disable Receiving of Update Messages (NSM Procedure) . . . . . . 345

Configuring RIPng Send Update Messages (NSM Procedure) . . . . . . . . . . . 346

Configuring RIPng Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 346

Configuring Router Advertisement (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 347

Configuring ICMP Router Discovery (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 349

Configuring RSVP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Configuring VRRP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Configuring VSTP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Chapter 21 Configuring Routing Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Configuring Confederation (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Configuring Dynamic Tunnels (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 363

Configuring Fate Sharing (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Configuring Flow Route (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Configuring Forwarding Table (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 368

Configuring Generated Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 369

Configuring Instance Export (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Configuring Instance Import (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Configuring Interface Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Configuring Martian Addresses (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 373

M-series and MX-series Devices

Chapter 22 Configuring Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Configuring Maximum Paths (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Configuring Maximum Prefixes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 375

Configuring Multicast (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Configuring Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Configuring Routing Tables (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

Configuring Routing Table Groups (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 383

Configuring Source Routing (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Configuring Static Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Configuring Topologies (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Configuring Authentication Key Updates (NSM Procedure) . . . . . . . . . . . . . . . . 389

Configuring Certificates (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Configuring Certification Authority (NSM Procedure) . . . . . . . . . . . . . . . . . . 391

Configuring the Local Certificate (NSM Procedure) . . . . . . . . . . . . . . . . . . . 392

Configuring Firewall Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 392

Configuring a Flow (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

Configuring a Bridge (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

Configuring the TCP MSS Option (NSM Procedure) . . . . . . . . . . . . . . . . . . . 395

Configuring the TCP Session Option (NSM Procedure) . . . . . . . . . . . . . . . . 396

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 397

Configuring File Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 398

Configuring Flag Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 399

Configuring Packet Filter Options (NSM Procedure) . . . . . . . . . . . . . . . 399

Configuring Forwarding Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 400

Configuring IKE (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

Configuring a Gateway (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

Configuring a Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

Configuring a Respond Bad SPI (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 406

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 406

Configuring the File Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . 407

Configuring Flag Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 408

Configuring IPsec (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Configuring a Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 410

Configuring a VPN (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

Configuring VPN Monitor Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . 413

Configuring a PKI (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

Configuring Auto Re-enrollment (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 414

Configuring a CA Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Configuring the File Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . 418

Configuring Flag Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 419

Configuring NAT (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Configuring a Destination (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 420

Configuring the Destination Nat (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 421

Configuring the Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 422

Configuring a Proxy Address Resolution Protocol (NSM Procedure) . . . . . . 424

Table of Contents

Configuring a Source (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 428

Configuring the File Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . 429

Configuring Flag Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 429

Chapter 23 Configuring Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Configuring Adaptive Services PICs (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 431

Configuring Border Signaling Gateways (NSM Procedure) . . . . . . . . . . . . . . . . . 432

Configuring Gateway Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 432

Configuring Gateway (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 433

Configuring an Admission Controller (NSM Procedure) . . . . . . . . . . . . 433

Configuring Session Policy Decision Function (NSM Procedure) . . . . . 434

Configuring Service Point (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 436

Configuring SIP Policies and Timers (NSM Procedure) . . . . . . . . . . . . . 437

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 447

Configuring Class of Service (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Configuring Intrusion Detection Service (NSM Procedure) . . . . . . . . . . . . . . . . . 454

Tracing Services PIC Operations (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 458

Configuring Network Address Translation (NSM Procedure) . . . . . . . . . . . . . . . 459

Configuring PGCP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Configuring Gateway (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Configuring a Virtual Border Gateway Function on the Router (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Configuring Data Inactivity Detection (NSM Procedure) . . . . . . . . . . . . 465

Configuring Gateway Controller (NSM Procedure) . . . . . . . . . . . . . . . . 466

Configuring Graceful Restart (NSM Procedure) . . . . . . . . . . . . . . . . . . . 467

Configuring H248 Options Properties (NSM Procedure) . . . . . . . . . . . . . . . 468

Configuring H248 Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 468

Changing Encoding Defaults (NSM Procedure) . . . . . . . . . . . . . . . . . . 469

Configuring Service Change (NSM Procedure) . . . . . . . . . . . . . . . . . . . 469

Configuring H248 Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 474

Configuring Application Data Inactivity Detection (NSM Procedure) . . 475

Configuring Base Root (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 475

Configuring Differentiated Services (NSM Procedure) . . . . . . . . . . . . . 478

Configuring Event Timestamp Notification (NSM Procedure) . . . . . . . 478

Hanging Termination Detection (NSM Procedure) . . . . . . . . . . . . . . . . 479

Configuring Inactivity Timer (NSM Procedure) . . . . . . . . . . . . . . . . . . . 480

Configuring Notification Behavior (NSM Procedure) . . . . . . . . . . . . . . . 481

Configuring Segmentation (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 482

Configuring Traffic Management (NSM Procedure) . . . . . . . . . . . . . . . 483

Configuring H248 Timers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 485

Configuring the Monitor (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Configuring Overload Control (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 487

Configuring Session Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 488

Configuring Media Service (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 488

Configuring a Rule (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Configuring Rule Set (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Configuring Session Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 490

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 491

M-series and MX-series Devices

Chapter 24 Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

Chapter 25 Configuring System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531

Configuring Virtual Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 492

Configuring Service Interface Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 493

Configuring a Service Set (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

Configuring Stateful Firewall (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Configuring Captive Portal (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

Configuring Custom Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 501

Configuring the Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 502

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 503

Configuring File Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 503

Configuring Flag Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 504

Configuring Mobile IP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

Configuring Access Type (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 505

Configuring the Authenticate Mechanism (NSM Procedure) . . . . . . . . . . . . 506

Configuring Dynamic Home Assignment (NSM Procedure) . . . . . . . . . . . . . 507

Configuring the Home Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 507

Configuring Enable Service (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 508

Configuring Pool Match Order (NSM Procedure) . . . . . . . . . . . . . . . . . 509

Configuring the Virtual Network (NSM Procedure) . . . . . . . . . . . . . . . . 509

Configuring the Peer (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 513

Configuring File (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Configuring Flag (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

Configuring RPM (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

Configuring BGP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516

Configuring Routing Instances (NSM Procedure) . . . . . . . . . . . . . . . . . . 517

Configuring Probe (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

Configuring Probe Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 521

Configuring Unified Access Control (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 522

Configuring Infranet Controller (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 522

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 523

Configuring Basic System Identification for SNMP (NSM Procedure) . . . . . . . . . 525

Configuring SNMP Communities (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 526

Configuring SNMP Trap Groups (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 528

Configuring SNMP Views (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529

Configuring Accounting (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531

Configuring Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532

Configuring Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534

Configuring Traceoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534

Configuring Archival (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535

Configuring ARP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536

Configuring Auto Configuration (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 537

Configuring a Backup Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 539

Configuring a Commit (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540

Configuring Diag Port Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . 540

Table of Contents

Configuring a Domain Search (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 541

Configuring Extensions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541

Configuring Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542

Configuring Resource Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542

Configuring an Inet6 Backup Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 544

Configuring Internet Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 545

Configuring Location (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548

Configuring Login (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549

Configuring Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

Configuring Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551

Configuring Retry Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552

Configuring User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553

Configuring a Name Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 554

Configuring PIC Console Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . 555

Configuring Ports (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

Configuring RADIUS Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 556

Configuring RADIUS Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 557

Configuring Root Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 558

Configuring Static Host Mapping (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 559

Configuring TACACS+ Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 560

Configuring TACACS+ Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 561

Part 4 Managing M-series and MX-series Devices

Chapter 26 Managing M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 565

Managing M-series and MX-series Device Software Versions . . . . . . . . . . . . . . . 565

Chapter 27 Viewing the M-series and MX-series Device Inventory in NSM and the

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

Viewing and Reconciling Device Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

Comparing Device Inventory in NSM and the CLI . . . . . . . . . . . . . . . . . . . . . . . . . 568

Viewing Device Inventory in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568

Viewing Device Inventory from the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570

Chapter 28 Topology Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

Overview of the NSM Topology Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

Requisites for a Topology Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

About the NSM Topology Manager Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Part 5 Monitoring M-series and MX-series Devices

Chapter 29 Real Time Monitoring of M-series and MX-series . . . . . . . . . . . . . . . . . . . . . 579

About the Realtime Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579

Viewing Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580

Viewing Device Monitor Alarm Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582

Setting the Polling Interval For Device Alarm Status . . . . . . . . . . . . . . . . . . . . . . 583

Part 6 Index

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587

M-series and MX-series Devices

List of Figures

Part 1 Getting Started

Chapter 2 Understanding the JUNOS CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 1: Overview of the User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Figure 2: NSM Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Part 2 Integrating M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 31

Figure 3: Job Information Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Figure 4: Failed Update Job Information Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . 38

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 43

Figure 5: MPLS Configuration in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Figure 6: MPLS Configuration in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Part 4 Managing M-series and MX-series Devices

Chapter 27 Viewing the M-series and MX-series Device Inventory in NSM and the

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

Figure 7: The Device Inventory Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568

Figure 8: Viewing the Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

Figure 9: Viewing the Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

M-series and MX-series Devices

List of Tables

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii

Table 2: Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii

Table 3: Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii

Table 4: Network and Security Manager Publications . . . . . . . . . . . . . . . . . . . . xxxiii

Part 1 Getting Started

Chapter 3 Before You Begin Adding M-series and MX-series Devices . . . . . . . . . . . . . . 15

Table 5: M Series Multiservice Edge Routers and MX Series Ethernet Services

Part 2 Integrating M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 31

Table 6: Device States During Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 43

Table 7: The JUNOS Configuration Hierarchy and the NSM Configuration

Chapter 7 Configuring Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Table 8: Address Assignment Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 50

Table 9: Access Address Pool Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 53

Table 10: Access Group Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 53

Table 11: LDAP Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Table 12: LDAP Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Table 13: Access Profile Properties Configuration Details . . . . . . . . . . . . . . . . . . . . 57

Table 14: Accounting Parameter Configuration Details . . . . . . . . . . . . . . . . . . . . . 58

Table 15: Accounting Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 59

Table 16: Authentication Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . 59

Table 17: Authorization Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 60

Table 18: Client Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Table 19: Client Filter Name Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 20: Ldap Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 21: Ldap Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Table 22: Provisioning Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 64

Table 23: RADIUS Parameter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 65

Table 24: RADIUS Parameters Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 68

Table 25: RADIUS Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

M-series and MX-series Devices

Chapter 8 Configuring Accounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Chapter 9 Configuring Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Chapter 10 Configuring Bridge Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Chapter 11 Configuring Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Chapter 12 Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Chapter 13 Configuring Class of Service Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Table 26: Session Limit Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Table 27: RADIUS Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Table 28: SecurID Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 29: Access Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 30: Class Usage Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 74

Table 31: Log File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Table 32: Filter Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Table 33: Interface Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Table 34: Policy Decision Statistics Profile Configuration Details . . . . . . . . . . . . . 78

Table 35: MIB Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Table 36: Routing Engine Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . 80

Table 37: Applications Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Table 38: Bridge Domain Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Table 39: Bridge Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Table 40: Forwarding Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 86

Table 41: Logical Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Table 42: Multicast Snooping Options Configuration Details . . . . . . . . . . . . . . . . 89

Table 43: Igmp Snooping Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Table 44: VLAN ID Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Table 45: Aggregated Devices Configuration Details . . . . . . . . . . . . . . . . . . . . . . 100

Table 46: Chassis Alarms Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Table 47: Container Interfaces Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 101

Table 48: FPC Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Table 49: Lcc Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Table 50: Chassis Redundancy Configuration Details . . . . . . . . . . . . . . . . . . . . . . 112

Table 51: Chassis Routing Engine Configuration Details . . . . . . . . . . . . . . . . . . . . . 113

Table 52: RADIUS Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . 115

Table 53: TACACS+ Authentication Configuration Details . . . . . . . . . . . . . . . . . . . 116

Table 54: Login Class Authentication Configuration Details . . . . . . . . . . . . . . . . . 118

Table 55: User Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 119

Table 56: Remote Template Account Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Table 57: Local Template Account Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Table 58: Configuring and Applying Behavior Aggregate Classifiers . . . . . . . . . . . 124

Table 59: Configuring Code Point Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Table 60: Drop Profile Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Table 61: Assigning Forwarding Classes to Output Queues . . . . . . . . . . . . . . . . . 130

Table 62: Forwarding Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 131

Table 63: Fragmentation Maps Configuration Details . . . . . . . . . . . . . . . . . . . . . . 133

Table 64: Host Outbound Traffic Configuration Details . . . . . . . . . . . . . . . . . . . . 134

List of Tables

Table 65: Interfaces Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Table 66: Routing Instances Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 140

Table 67: Configuring Schedulers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Table 68: Assigning Forwarding Classes to Output Queues . . . . . . . . . . . . . . . . . 143

Table 69: Restricted Queue Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 145

Table 70: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Table 71: Traffic Control profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . 147

Table 72: Translation Table Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 148

Chapter 14 Configuring Event Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Table 73: Destination Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Table 74: Event Script Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Table 75: Generate Event Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Table 76: Configure Event Policy Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Table 77: Event Options Traceoptions Configuration Details . . . . . . . . . . . . . . . . 160

Chapter 15 Configuring Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Table 78: Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Table 79: Bridge Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Table 80: Ccc Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Table 81: Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Table 82: Prefix Actions Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Table 83: Service Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Table 84: Simple Filter Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Table 85: Inet6 Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 173

Table 86: inet6 Service Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 175

Table 87: MPLS Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 177

Table 88: VPLS Firewall Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . 180

Table 89: Configuring a Policer for a Firewall Filter . . . . . . . . . . . . . . . . . . . . . . . . 182

Chapter 16 Configuring Forwarding Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Table 90: Accounting Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . 185

Table 91: Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Table 92: Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Table 93: Overrides Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Table 94: Relay Option 60 Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Table 95: Relay option 82 Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Table 96: Sever Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Table 97: DHCP Relay Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . 194

Table 98: Address Family Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Table 99: Load Balance Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Table 100: BOOTP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Table 101: DNS and TFTP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Table 102: Port Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Table 103: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Table 104: Load Balancing Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 206

Table 105: Port Mirroring Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Chapter 17 Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Table 106: Interface Properties Configuration Details . . . . . . . . . . . . . . . . . . . . . . 210

M-series and MX-series Devices

Chapter 18 Configuring Multicast Snooping Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Chapter 19 Configuring Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Chapter 20 Configuring Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Table 107: Hold Time Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Table 108: Receive Bucket Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Table 109: Trace Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Table 110: Transmit Bucket Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 214

Table 111: Logical Unit Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Table 112: IP Demux Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Table 113: IP Demux Source Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 216

Table 114: Epd Threshold Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Table 115: Ccc Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Table 116: Inet Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Table 117: Inet6 Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Table 118: Iso Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Table 119: MPLS Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Table 120: TCC Family Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Table 121: Traffic Shaping Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Table 122: Interface Set Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Table 123: Traceoption Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Table 124: Multicast Snooping Options Configuration Details . . . . . . . . . . . . . . . 240

Table 125: AS Path Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Table 126: AS Path Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Table 127: Community Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Table 128: Condition Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Table 129: Damping Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Table 130: Configuring Policy Statement Fields . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Table 131: Configuring Prefix List Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Table 132: Configuring Bfd Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Table 133: BGP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Table 134: Trace Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Table 135: L2 Learning Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Table 136: Local Switching Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 260

Table 137: Neighbor Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 261

Table 138: Layer2 Circuit Traceoption Configuration Details . . . . . . . . . . . . . . . . 263

Table 139: Layer2 Circuit Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Table 140: LDP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Table 141: Link Management Protocol Configuration Details . . . . . . . . . . . . . . . . 278

Table 142: MPLS Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Table 143: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . 284

Table 144: Administrative Groups Configuration Details . . . . . . . . . . . . . . . . . . . 285

Table 145: Automatic Policers Configuration Details . . . . . . . . . . . . . . . . . . . . . . 286

Table 146: Diffserv-Aware Traffic Engineering Configuration Details . . . . . . . . . . 287

Table 147: Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Table 148: LSP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Table 149: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . 292

Table 150: Automatic Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . 293

List of Tables

Table 151: Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Table 152: Fast Reroute Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Table 153: Install Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Table 154: Lsp Attributes Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Table 155: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Table 156: P2mp Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Table 157: Policer Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Table 158: Primary Paths Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Table 159: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . 303

Table 160: Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Table 161: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Table 162: Secondary Paths Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 307

Table 163: Administrative Group Configuration Details . . . . . . . . . . . . . . . . . . . . 309

Table 164: Bandwidth Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Table 165: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Table 166: Egress Router Address Configuration Details . . . . . . . . . . . . . . . . . . . . 313

Table 167: LSP Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 313

Table 168: Log Updown Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Table 169: Oam Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Table 170: Named Path Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Table 171: Path MTU Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Table 172: Static Path Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Table 173: MPLS Statistics Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Table 174: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Table 175: MSDP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Table 176: Active Source Limit Configuration Details . . . . . . . . . . . . . . . . . . . . . . 324

Table 177: Export Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Table 178: Peer Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Table 179: MSDP Peer Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Table 180: Rib Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Table 181: Active Source Limit Configuration Details . . . . . . . . . . . . . . . . . . . . . . 329

Table 182: MSDP Traceoption Configuration Details . . . . . . . . . . . . . . . . . . . . . . 330

Table 183: MSTP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Table 184: OSPF Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Table 185: RIP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Table 186: RIPng Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Table 187: Graceful Restart Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 339

Table 188: Group Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

Table 189: RIPng Export Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . 342

Table 190: Import Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Table 191: Neighbor Properties Configuration Details . . . . . . . . . . . . . . . . . . . . . . 343

Table 192: Import Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Table 193: Receive Message Update Configuration Details . . . . . . . . . . . . . . . . . 344

Table 194: Send Update Message Configuration Details . . . . . . . . . . . . . . . . . . . 345

Table 195: Receive Message Update Configuration Details . . . . . . . . . . . . . . . . . 346

Table 196: RIPng Send Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346

Table 197: RIPng Traceoption Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 347

Table 198: Router Advertisement Configuration Details . . . . . . . . . . . . . . . . . . . 348

Table 199: Router Discovery Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 350

M-series and MX-series Devices

Chapter 21 Configuring Routing Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Chapter 22 Configuring Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Table 200: RSVP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

Table 201: VRRP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Table 202: VSTP Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

Table 203: Confederation Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Table 204: Dynamic Tunnels Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 363

Table 205: Fate Sharing Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Table 206: Flow Route Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Table 207: Forwarding Table Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Table 208: Generated Routes Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Table 209: Interface Routes Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Table 210: Configuring Martian Address Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Table 211: Configuring Maximum Paths Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Table 212: Configuring Maximum Prefixes Fields . . . . . . . . . . . . . . . . . . . . . . . . . 376

Table 213: Configuring Multicast Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Table 214: Configuring Options Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

Table 215: Rib Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

Table 216: Rib Group Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Table 217: Source Routing Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Table 218: Static Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Table 219: Topology Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Table 220: Traceoption Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Table 221: Security Authentication Key Configuration Details . . . . . . . . . . . . . . . 390

Table 222: Certificates Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Table 223: Certification Authority Configuration Details . . . . . . . . . . . . . . . . . . . . 391

Table 224: Local Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

Table 225: Firewall Authentication Configuration Details . . . . . . . . . . . . . . . . . . 393

Table 226: Flow Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

Table 227: Bridge Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Table 228: TCP MSS Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Table 229: TCP Session Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

Table 230: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Table 231: File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Table 232: Flag Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

Table 233: Packet Filter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

Table 234: Forwarding Options Configuration Details . . . . . . . . . . . . . . . . . . . . . 401

Table 235: Gateway Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

Table 236: Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

Table 237: Respond Bad SPI Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 406

Table 238: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Table 239: File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

Table 240: Flag Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

Table 241: Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Table 242: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

Table 243: VPN Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Table 244: VPN Monitor Options Configuration Details . . . . . . . . . . . . . . . . . . . . 413

Table 245: Auto Re-enrollment Configuration Details . . . . . . . . . . . . . . . . . . . . . 415

List of Tables

Table 246: CA Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Table 247: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

Table 248: File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Table 249: Flag Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Table 250: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Table 251: Destination NAT Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 422

Table 252: Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

Table 253: Proxy ARP Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Table 254: Source Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Table 255: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

Table 256: File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Table 257: Flag Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430

Chapter 23 Configuring Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Table 258: Adaptive Services Pics Configuration Details . . . . . . . . . . . . . . . . . . . 432

Table 259: Gateway Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

Table 260: Admission Controller Configuration Details . . . . . . . . . . . . . . . . . . . . 434

Table 261: Session Policy Decision Configuration Details . . . . . . . . . . . . . . . . . . . 435

Table 262: Service Point Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

Table 263: Message Manipulate Rules Configuration Details . . . . . . . . . . . . . . . 438

Table 264: New Call Usage Policy Configuration Details . . . . . . . . . . . . . . . . . . . 440

Table 265: New Call Usage Policy Set Configuration Details . . . . . . . . . . . . . . . . 442

Table 266: Transaction Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . 443

Table 267: Transaction Policy Set Configuration Details . . . . . . . . . . . . . . . . . . . 446

Table 268: Timers Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Table 269: Traceoption BSG Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 448

Table 270: CoS Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Table 271: IDS Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455

Table 272: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Table 273: NAT Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

Table 274: Virtual BGF Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Table 275: Data Inactivity Detection Configuration Details . . . . . . . . . . . . . . . . . 466

Table 276: Gateway Controller Configuration Details . . . . . . . . . . . . . . . . . . . . . . 467

Table 277: Graceful Restart Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 468

Table 278: H248 Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Table 279: Encoding Defaults Configuration Details . . . . . . . . . . . . . . . . . . . . . . 469

Table 280: Context indication Configuration Details . . . . . . . . . . . . . . . . . . . . . . 470

Table 281: Control Association Configuration Details . . . . . . . . . . . . . . . . . . . . . . 472

Table 282: Virtual Interface Indications Configuration Details . . . . . . . . . . . . . . . 474

Table 283: Data Inactivity Detection Configuration Details . . . . . . . . . . . . . . . . . 475

Table 284: Base Root Package Configuration Details . . . . . . . . . . . . . . . . . . . . . . 477

Table 285: Diffserv Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Table 286: Event Timestamp Notification Configuration Details . . . . . . . . . . . . . 479

Table 287: Hanging Termination Detection Configuration Details . . . . . . . . . . . . 480

Table 288: Inactivity Timer Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 481

Table 289: Notification Behavior Configuration Details . . . . . . . . . . . . . . . . . . . . 482

Table 290: Segmentation Package Configuration Details . . . . . . . . . . . . . . . . . . 483

Table 291: Traffic Management Configuration Details . . . . . . . . . . . . . . . . . . . . . 484

Table 292: H248 Timers Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

M-series and MX-series Devices

Chapter 24 Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

Chapter 25 Configuring System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531

Table 293: Monitor Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Table 294: Overload Control Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 487

Table 295: Session Mirroring Configuring Details . . . . . . . . . . . . . . . . . . . . . . . . . 488

Table 296: Media Service Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Table 297: Configuring Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Table 298: Configuring Rule Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Table 299: Session Mirroring Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 491

Table 300: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 492

Table 301: Virtual Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 493

Table 302: Service Interface Pools Configuration Details . . . . . . . . . . . . . . . . . . 493

Table 303: Service Set Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Table 304: Stateful Firewall Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 499

Table 305: Captive Portal Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 500

Table 306: Custom Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 501

Table 307: Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

Table 308: File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Table 309: Flag Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Table 310: Access Type Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 506

Table 311: Authenticate Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 506

Table 312: Dynamic Home Assignment Configuration Details . . . . . . . . . . . . . . . 507

Table 313: Enable Service Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 508

Table 314: Pool Match Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 509

Table 315: Virtual Network Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 510

Table 316: Peer Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510

Table 317: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Table 318: File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Table 319: Flag Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

Table 320: RPM Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516

Table 321: BGP Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Table 322: Routing Instance Configuration Options . . . . . . . . . . . . . . . . . . . . . . . 518

Table 323: Probe Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

Table 324: Probe Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 521

Table 325: UAC Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522

Table 326: Infranet Controller Configuration Details . . . . . . . . . . . . . . . . . . . . . . 523

Table 327: Traceoptions Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

Table 328: Basic System Identification Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

Table 329: Configuring Community Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

Table 330: Configuring SNMP Trap Group Fields . . . . . . . . . . . . . . . . . . . . . . . . . 528

Table 331: Configuring SNMP View Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530

Table 332: Destination Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532

Table 333: File and Flag Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 535

Table 334: Archival Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536

Table 335: Arp Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537

Table 336: Auto Configuration Traceoptions Details . . . . . . . . . . . . . . . . . . . . . . 538

Table 337: Provider Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542

Table 338: Resource Limits Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 543

List of Tables

Table 339: Inet6 Backup Router Configuration Details . . . . . . . . . . . . . . . . . . . . 545

Table 340: Internet Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 545

Table 341: Location Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548

Table 342: Class Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

Table 343: Password Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551

Table 344: Retry Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 552

Table 345: User Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553

Table 346: Port Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556

Table 347: Radius Option Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 557

Table 348: RADIUS Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 558

Table 349: Root Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . . 559

Table 350: Static Host Mapping Configuration Details . . . . . . . . . . . . . . . . . . . . 560

Table 351: TACACS+ Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 560

Table 352: TACACS+ Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 561

Part 5 Monitoring M-series and MX-series Devices

Chapter 29 Real Time Monitoring of M-series and MX-series . . . . . . . . . . . . . . . . . . . . . 579

Table 353: Device Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580

M-series and MX-series Devices

+ 598 hidden pages

Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1, M-series, MX-series User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual