Juniper Networks J-Series User Manual

J-series™ Services Router

Administration Guide

Release 9.1

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, California 94089

USA

408-745-2000

www.juniper.net

Part Number: 530-023932-01, Revision 1

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

J-series™ Services Router Administration Guide

Revision History April 2008—Revision 1

The information in this document is current as of the date listed in the revision history.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS software has no known time-related limitations through the year

2038. However, the NTP application is known to have some difficulty in the year 2036.

SOFTWARE LICENSE

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details. For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

ii ■

End User License Agreement

READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are Juniper Networks, Inc. and its subsidiaries (collectively “Juniper”), and the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, and updates and releases of such software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller. “Embedded Software” means Software which Juniper has embedded in the Juniper equipment.

3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use the Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius software on multiple computers requires multiple licenses, regardless of whether such computers are physically contained on a single chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use the Embedded Software on non-Juniper equipment; (j) use the Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.

■ iii

7. Ownership. Juniper and Juniper's licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.

10. Taxes. All license fees for the Software are exclusive of taxes, withholdings, duties, or levies (collectively “Taxes”). Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html.

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

iv ■

Abbreviated Table of Contents

About This Guide xv

Part 1 Configuring a Services Router for Administration

Chapter 1 Managing User Authentication and Access 3

Chapter 2 Setting Up USB Modems for Remote Management 29

Chapter 3 Configuring SNMP for Network Management 47

Chapter 4 Configuring the Router as a DHCP Server 63

Chapter 5 Configuring Autoinstallation 81

Chapter 6 Automating Network Operations and Troubleshooting 89

Part 2 Monitoring a Services Router

Chapter 7 Monitoring the Router and Routing Operations 101

Chapter 8 Monitoring Events and Managing System Log Files 155

Chapter 9 Configuring and Monitoring Alarms 165

Part 3 Managing Services Router Software

Chapter 10 Performing Software Upgrades and Reboots 179

Chapter 11 Managing Files 199

Part 4 Diagnosing Performance and Network Problems

Chapter 12 Using Services Router Diagnostic Tools 209

Chapter 13 Configuring Packet Capture 253

Chapter 14 Configuring RPM Probes 267

Part 5 Index

Index 291

Abbreviated Table of Contents ■ v

J-series™ Services Router Administration Guide

vi ■

About This Guide xv

Objectives ......................................................................................................xv

Audience .......................................................................................................xv

How to Use This Guide .................................................................................xvi

Document Conventions ...............................................................................xvii

Related Juniper Networks Documentation ..................................................xviii

Documentation Feedback .............................................................................xxi

Requesting Technical Support ......................................................................xxi

Part 1 Configuring a Services Router for Administration

Chapter 1 Managing User Authentication and Access 3

User Authentication Terms ..............................................................................3

User Authentication Overview .........................................................................4

User Authentication ..................................................................................4

User Accounts ...........................................................................................4

Permission Bits ...................................................................................5

Denying or Allowing Individual Commands .......................................7

Template Accounts ...................................................................................7

Before You Begin .............................................................................................8

Managing User Authentication with Quick Configuration ................................8

Adding a RADIUS Server for Authentication ..............................................8

Adding a TACACS+ Server for Authentication ..........................................9

Configuring System Authentication .........................................................10

Adding New Users ..................................................................................11

Managing User Authentication with a Configuration Editor ...........................12

Setting Up RADIUS Authentication ..........................................................12

Setting Up TACACS+ Authentication ......................................................13

Configuring Authentication Order ...........................................................15

Controlling User Access ..........................................................................16

Defining Login Classes ......................................................................16

Creating User Accounts ....................................................................17

Setting Up Template Accounts ................................................................18

Creating a Remote Template Account ..............................................19

Creating a Local Template Account ..................................................20

Recovering the Root Password ......................................................................21

Securing the Console Port .............................................................................23

Table of Contents ■ vii

J-series™ Services Router Administration Guide

Accessing Remote Devices with the CLI ........................................................24

Using the telnet Command .....................................................................24

Using the ssh Command .........................................................................25

Configuring Password Retry Limits for Telnet and SSH Access ......................26

Chapter 2 Setting Up USB Modems for Remote Management 29

USB Modem Terms .......................................................................................29

USB Modem Overview ..................................................................................30

USB Modem Interfaces ...........................................................................30

How a Services Router Initializes USB Modems ......................................31

USB Modem Connection and Configuration Overview ............................32

Before You Begin ...........................................................................................33

Connecting the USB Modem to the Services Router's USB Port .....................33

Configuring USB Modem Interfaces with a Configuration Editor ....................33

Configuring a USB Modem Interface (Required) ......................................33

Configuring a Dialer Interface (Required) ................................................35

Configuring Dial-In (Required) ................................................................36

Configuring CHAP on Dialer Interfaces (Optional) ...................................37

Connecting to the Services Router from the User End ...................................39

Configuring a Dial-Up Modem Connection at the User End .....................39

Connecting to the Services Router from the User End .............................40

Administering USB Modems ..........................................................................40

Modifying USB Modem Initialization Commands ....................................41

Resetting USB Modems ...........................................................................42

Verifying the USB Modem Configuration .......................................................42

Verifying a USB Modem Interface ...........................................................43

Verifying Dialer Interface Configuration ..................................................44

Chapter 3 Configuring SNMP for Network Management 47

SNMP Architecture ........................................................................................47

Management Information Base ...............................................................48

SNMP Communities ................................................................................48

SNMP Traps ............................................................................................49

Spoofing SNMP Traps .............................................................................49

SNMP Health Monitor .............................................................................49

Before You Begin ...........................................................................................50

Configuring SNMP with Quick Configuration .................................................50

Configuring SNMP with a Configuration Editor ..............................................54

Defining System Identification Information (Required) ...........................54

Configuring SNMP Agents and Communities (Required) .........................55

Managing SNMP Trap Groups (Required) ................................................56

Controlling Access to MIBs (Optional) .....................................................57

Verifying the SNMP Configuration .................................................................58

Verifying SNMP Agent Configuration ......................................................58

Verifying SNMP Health Monitor Configuration ........................................59

viii ■ Table of Contents

Table of Contents

Chapter 4 Configuring the Router as a DHCP Server 63

DHCP Terms .................................................................................................63

DHCP Overview ............................................................................................64

DHCP Options ........................................................................................65

Compatibility with Autoinstallation .........................................................65

Conflict Detection and Resolution ...........................................................65

Interface Restrictions ..............................................................................65

Before You Begin ...........................................................................................66

Configuring the DHCP Server with Quick Configuration ................................66

Configuring the DHCP Server with a Configuration Editor .............................72

Verifying a DHCP Server Configuration .........................................................75

Displaying a DHCP Server Configuration ................................................75

Verifying the DHCP Binding Database ....................................................76

Verifying DHCP Server Operation ...........................................................77

Displaying DHCP Statistics ......................................................................79

Chapter 5 Configuring Autoinstallation 81

Autoinstallation Terms ..................................................................................81

Autoinstallation Overview .............................................................................82

Supported Autoinstallation Interfaces and Protocols ...............................82

Typical Autoinstallation Process on a New Services Router .....................83

Before You Begin ...........................................................................................84

Configuring Autoinstallation with a Configuration Editor ...............................85

Verifying Autoinstallation ..............................................................................86

Verifying Autoinstallation Status .............................................................86

Chapter 6 Automating Network Operations and Troubleshooting 89

Defining and Enforcing Configuration Rules with Commit Scripts .................89

Commit Script Overview .........................................................................89

Enabling Commit Scripts ........................................................................90

Disabling Commit Scripts ........................................................................91

Automating Network Management and Troubleshooting with Operation

Scripts .....................................................................................................92

Operation Script Overview ......................................................................92

Enabling Operation Scripts .....................................................................93

Executing Operation Scripts ....................................................................93

Disabling Operation Scripts ....................................................................94

Running Self-Diagnostics with Event Policies .................................................94

Event Policy Overview ............................................................................95

Configuring Event Policies ......................................................................95

Table of Contents ■ ix

J-series™ Services Router Administration Guide

Part 2 Monitoring a Services Router

Chapter 7 Monitoring the Router and Routing Operations 101

Monitoring Terms ........................................................................................101

Monitoring Overview ...................................................................................101

Monitoring Tools Overview ...................................................................102

Filtering Command Output ...................................................................105

Before You Begin .........................................................................................106

Using the Monitoring Tools ..........................................................................107

Monitoring System Properties ...............................................................107

Monitoring System Process Information .........................................110

Monitoring the Chassis ..........................................................................111

Monitoring the Interfaces ......................................................................113

Monitoring Routing Information ...........................................................115

Monitoring Route Information ........................................................116

Monitoring BGP Routing Information .............................................117

Monitoring OSPF Routing Information ...........................................119

Monitoring RIP Routing Information ..............................................120

Monitoring DLSw Routing Information ...........................................121

Monitoring Class-of-Service Performance ..............................................123

Monitoring CoS Interfaces ..............................................................123

Monitoring CoS Classifiers ..............................................................124

Monitoring CoS Value Aliases .........................................................125

Monitoring CoS RED Drop Profiles .................................................126

Monitoring CoS Forwarding Classes ...............................................127

Monitoring CoS Rewrite Rules ........................................................128

Monitoring CoS Scheduler Maps .....................................................129

Monitoring MPLS Traffic Engineering Information ................................130

Monitoring MPLS Interfaces ............................................................131

Monitoring MPLS LSP Information ..................................................131

Monitoring MPLS LSP Statistics ......................................................132

Monitoring RSVP Session Information ............................................133

Monitoring MPLS RSVP Interfaces Information ...............................134

Monitoring Service Sets ........................................................................135

Monitoring Firewalls .............................................................................136

Monitoring Stateful Firewall Statistics .............................................137

Monitoring Stateful Firewall Filters .................................................138

Monitoring Firewall Intrusion Detection Services (IDS) ...................139

Monitoring IPSec Tunnels .....................................................................140

Monitoring NAT Pools ...........................................................................142

Monitoring DHCP ..................................................................................143

Monitoring RPM Probes ........................................................................145

Monitoring PPP .....................................................................................147

Monitoring PPPoE .................................................................................148

Monitoring the TGM550 Media Gateway (VoIP) .....................................151

x ■ Table of Contents

Table of Contents

Chapter 8 Monitoring Events and Managing System Log Files 155

System Log Message Terms .........................................................................155

System Log Messages Overview ..................................................................156

System Log Message Destinations .........................................................157

System Log Facilities and Severity Levels ..............................................157

Regular Expressions ..............................................................................158

Before You Begin .........................................................................................159

Configuring System Log Messages with a Configuration Editor ....................160

Sending System Log Messages to a File ................................................160

Sending System Log Messages to a User Terminal ................................161

Archiving System Logs ..........................................................................161

Disabling System Logs ..........................................................................162

Monitoring System Log Messages with the J-Web Event Viewer ..................162

Filtering System Log Messages ..............................................................162

Viewing System Log Messages ..............................................................164

Chapter 9 Configuring and Monitoring Alarms 165

Alarm Terms ...............................................................................................165

Alarm Overview ..........................................................................................166

Alarm Types .........................................................................................166

Alarm Severity ......................................................................................167

Alarm Conditions ..................................................................................167

Interface Alarm Conditions .............................................................167

Chassis Alarm Conditions and Corrective Actions ...........................170

System Alarm Conditions and Corrective Actions ...........................172

Before You Begin .........................................................................................172

Configuring Alarms with a Configuration Editor ..........................................172

Checking Active Alarms ...............................................................................174

Verifying the Alarms Configuration .............................................................175

Displaying Alarm Configurations ...........................................................175

Part 3 Managing Services Router Software

Chapter 10 Performing Software Upgrades and Reboots 179

Upgrade and Downgrade Overview .............................................................179

Upgrade Software Packages ..................................................................180

Recovery Software Packages .................................................................180

Before You Begin .........................................................................................181

Downloading Software Upgrades from Juniper Networks ............................181

Installing Software Upgrades with the J-Web Interface ................................182

Installing Software Upgrades from a Remote Server .............................182

Installing Software Upgrades by Uploading Files ...................................183

Installing Software Upgrades with the CLI ...................................................184

Table of Contents ■ xi

J-series™ Services Router Administration Guide

Downgrading the Software ..........................................................................185

Downgrading the Software with the J-Web Interface .............................185

Downgrading the Software with the CLI ................................................185

Configuring Boot Devices ............................................................................186

Configuring a Boot Device for Backup with the J-Web Interface ............186

Configuring a Boot Device for Backup with the CLI ...............................189

Configuring a Boot Device to Receive Software Failure Memory

Recovering Primary Boot Devices ...............................................................191

Why Compact Flash Recovery Might Be Necessary ...............................191

Recommended Recovery Hardware and Software ................................192

Configuring Internal Compact Flash Recovery ......................................192

Rebooting or Halting a Services Router .......................................................194

Rebooting or Halting a Services Router with the J-Web Interface ..........194

Rebooting a Services Router with the CLI .............................................195

Halting a Services Router with the CLI ..................................................196

Snapshots .......................................................................................190

Chapter 11 Managing Files 199

Before You Begin .........................................................................................199

Managing Files with the J-Web Interface ......................................................199

Cleaning Up Files ..................................................................................199

Downloading Files ................................................................................200

Deleting the Backup Software Image ...........................................................201

Cleaning Up Files with the CLI .....................................................................201

Managing Accounting Files ..........................................................................202

Encrypting and Decrypting Configuration Files ...........................................203

Encrypting Configuration Files ..............................................................204

Decrypting Configuration Files ..............................................................205

Modifying the Encryption Key ..............................................................205

Part 4 Diagnosing Performance and Network Problems

Chapter 12 Using Services Router Diagnostic Tools 209

Diagnostic Terms ........................................................................................209

Diagnostic Tools Overview ..........................................................................210

J-Web Diagnostic Tools Overview .........................................................210

CLI Diagnostic Commands Overview ....................................................211

MPLS Connection Checking ..................................................................213

Before You Begin .........................................................................................215

General Preparation ..............................................................................215

Ping MPLS Preparation .........................................................................215

MPLS Enabled ................................................................................215

Loopback Address ..........................................................................215

Source Address for Probes ..............................................................215

xii ■ Table of Contents

Table of Contents

Pinging Hosts from the J-Web Interface .......................................................216

Using the J-Web Ping Host Tool ............................................................216

Ping Host Results and Output Summary ...............................................218

Checking MPLS Connections from the J-Web Interface ................................219

Using the J-Web Ping MPLS Tool ...........................................................219

Ping MPLS Results and Output ..............................................................222

Tracing Unicast Routes from the J-Web Interface ........................................223

Using the J-Web Traceroute Tool ...........................................................223

Traceroute Results and Output Summary .............................................225

Capturing and Viewing Packets with the J-Web Interface ............................226

Using J-Web Packet Capture ..................................................................226

Packet Capture Results and Output Summary .......................................229

Using CLI Diagnostic Commands ................................................................230

Pinging Hosts from the CLI ...................................................................230

Checking MPLS Connections from the CLI ............................................232

Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs ......................233

Pinging Layer 3 VPNs .....................................................................234

Pinging Layer 2 VPNs .....................................................................235

Pinging Layer 2 Circuits ..................................................................236

Tracing Unicast Routes from the CLI .....................................................237

Using the traceroute Command ......................................................237

Using the traceroute monitor Command ........................................238

Tracing Multicast Routes from the CLI ..................................................240

Using the mtrace from-source Command .......................................241

Using the mtrace monitor Command .............................................243

Displaying Log and Trace Files from the CLI .........................................244

Monitoring Interfaces and Traffic from the CLI .....................................245

Using the monitor interface Command ..........................................245

Using the monitor traffic Command ...............................................246

Chapter 13 Configuring Packet Capture 253

Packet Capture Terms .................................................................................253

Packet Capture Overview ............................................................................254

Packet Capture on Router Interfaces .....................................................255

Firewall Filters for Packet Capture ........................................................255

Packet Capture Files .............................................................................256

Analysis of Packet Capture Files ............................................................256

Before You Begin .........................................................................................257

Configuring Packet Capture with a Configuration Editor ..............................257

Enabling Packet Capture (Required) ......................................................257

Configuring Packet Capture on an Interface (Required) .........................259

Configuring a Firewall Filter for Packet Capture (Optional) ...................259

Disabling Packet Capture ......................................................................261

Deleting Packet Capture Files ................................................................261

Changing Encapsulation on Interfaces with Packet Capture Configured ......262

Verifying Packet Capture .............................................................................263

Displaying a Packet Capture Configuration ...........................................263

Displaying a Firewall Filter for Packet Capture Configuration ................264

Verifying Captured Packets ...................................................................264

Table of Contents ■ xiii

J-series™ Services Router Administration Guide

Chapter 14 Configuring RPM Probes 267

RPM Terms .................................................................................................267

RPM Overview ............................................................................................268

RPM Probes ..........................................................................................268

RPM Tests .............................................................................................269

Probe and Test Intervals .......................................................................269

Jitter Measurement with Hardware Timestamping ................................269

RPM Statistics .......................................................................................270

RPM Thresholds and Traps ...................................................................271

RPM for BGP Monitoring .......................................................................271

Before You Begin .........................................................................................271

Configuring RPM with Quick Configuration .................................................271

Configuring RPM with a Configuration Editor ..............................................276

Configuring Basic RPM Probes ..............................................................276

Configuring TCP and UDP Probes .........................................................279

Tuning RPM Probes ..............................................................................282

Configuring RPM Probes to Monitor BGP Neighbors .............................283

Configuring RPM Probes for BGP Monitoring ..................................283

Directing RPM Probes to Select BGP Routers ..................................285

Verifying an RPM Configuration ..................................................................285

Verifying RPM Services .........................................................................286

Verifying RPM Statistics ........................................................................286

Verifying RPM Probe Servers ................................................................288

Part 5 Index

Index ...........................................................................................................291

xiv ■ Table of Contents

About This Guide

This preface provides the following guidelines for using the J-series™ Services Router Administration Guide:

■ Objectives on page xv

■ Audience on page xv

■ How to Use This Guide on page xvi

■ Document Conventions on page xvii

■ Related Juniper Networks Documentation on page xviii

■ Documentation Feedback on page xxi

■ Requesting Technical Support on page xxi

Objectives

This guide contains instructions for managing users and operations, monitoring network performance, upgrading software, and diagnosing common problems on J-series Services Routers.

J-series Services Router operations are controlled by the JUNOS software. You direct the JUNOS software through either a Web browser or a command-line interface (CLI).

Audience

NOTE: This guide documents Release 9.1 of the JUNOS software. For additional information about J-series Services Routers—either corrections to or omissions from this guide—see the J-series Services Router Release Notes at http://www.juniper.net.

This guide is designed for anyone who installs and sets up a J-series Services Router or prepares a site for Services Router installation. The guide is intended for the following audiences:

■ Customers with technical knowledge of and experience with networks and the

Internet

■ Network administrators who install, configure, and manage Internet routers but

are unfamiliar with the JUNOS software

■ Network administrators who install, configure, and manage products of Juniper

Networks

Objectives ■ xv

J-series™ Services Router Administration Guide

Personnel operating the equipment must be trained and competent; must not conduct themselves in a careless, willfully negligent, or hostile manner; and must abide by the instructions provided by the documentation.

How to Use This Guide

J-series documentation explains how to install, configure, and manage J-series routers by providing information about JUNOS implementation specifically on J-series routers. (For comprehensive JUNOS information, see the JUNOS software manuals listed in “Related Juniper Networks Documentation” on page xviii.) Table 1 on page xvi shows the location of J-series information, by task type, in Juniper Networks documentation.

Table 1: Location of J-series Information

Location of InstructionJ-series Tasks

Getting Started Guide for your routerInstalling hardware and establishing basic connectivity

Configuring interfaces and routing protocols such as RIP, OSPF, BGP, and IS-IS

Configuring advanced features such as virtual private networks (VPNs), IP Security (IPSec), multicast, routing policies, firewall filters, and class of service (CoS)

software, and diagnosing common problems

Typically, J-series documentation provides both general and specific information—for example, a configuration overview, configuration examples, and verification methods. Because you can configure and manage J-series routers in several ways, you can choose from multiple sets of instructions to perform a task. To make best use of this information:

■ If you are new to the topic—Read through the initial overview information, keep

the related JUNOS guide handy for details about the JUNOS hierarchy, and follow the step-by-step instructions for your preferred interface.

■ If you are already familiar with the feature—Go directly to the instructions for the

interface of your choice, and follow the instructions. You can choose a J-Web method, the JUNOS CLI, or a combination of methods based on the level of complexity or your familiarity with the interface.

J-series Services Router Basic LAN and WAN Access Configuration Guide

J-series Services Router Advanced WAN Access Configuration Guide

J-series Services Router Administration GuideManaging users and operations, monitoring performance, upgrading

J-Web Interface User GuideUsing the J-Web interface

JUNOS CLI User GuideUsing the CLI

For many J-series features, you can use J-Web Quick Configuration pages to configure the router quickly and easily without configuring each statement individually. For more extensive configuration, use the J-Web configuration editor or CLI configuration mode commands.

xvi ■ How to Use This Guide

To monitor, diagnose, and manage a router, use the J-Web interface or CLI operational mode commands.

Document Conventions

Table 2 on page xvii defines the notice icons used in this guide.

Table 2: Notice Icons

About This Guide

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardware damage.Caution

Table 3 on page xvii defines the text and syntax conventions used in this guide.

Table 3: Text and Syntax Conventions

Bold text like this

Fixed-width text like this

Italic text like this

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Represents text that you type.

Represents output that appears on the terminal screen.

Introduces important new terms.

■

Identifies book names.

■

Identifies RFC and Internet draft

■

titles.

ExamplesDescriptionConvention

To enter configuration mode, type the

configure command:

user@host> configure

user@host> show chassis alarms No alarms currently active

A policy term is a named structure

■

that defines match conditions and actions.

JUNOS System Basics Configuration

■

Guide RFC 1997, BGP Communities

■

Attribute

Italic text like this

Represents variables (options for which you substitute a value) in commands or configuration statements.

Configure the machine’s domain name:

[edit] root@# set system domain-name

domain-name

Document Conventions ■ xvii

J-series™ Services Router Administration Guide

Table 3: Text and Syntax Conventions (continued)

ExamplesDescriptionConvention

Plain text like this

| (pipe symbol)

# (pound sign)

[ ] (square brackets)

Indention and braces ( { } )

; (semicolon)

Represents names of configuration statements, commands, files, and directories; IP addresses; configuration hierarchy levels; or labels on routing platform components.

Enclose optional keywords or variables.< > (angle brackets)

Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol. The set of choices is often enclosed in parentheses for clarity.

Indicates a comment specified on the same line as the configuration statement to which it applies.

Enclose a variable for which you can substitute one or more values.

Identify a level in the configuration hierarchy.

Identifies a leaf statement at a configuration hierarchy level.

To configure a stub area, include

■

the stub statement at the [edit

protocols ospf area area-id]

hierarchy level. The console port is labeled

■

CONSOLE.

stub <default-metric metric>;

broadcast | multicast

(string1 | string2 | string3)

rsvp { # Required for dynamic MPLS only

community name members [ community-ids ]

[edit] routing-options {

static {

route default {

nexthop address; retain;

}

J-Web GUI Conventions

Bold text like this

Represents J-Web graphical user interface (GUI) items you click or select.

> (bold right angle bracket)

Separates levels in a hierarchy of J-Web selections.

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to

techpubs-comments@juniper.net, or fill out the documentation feedback form at http://www.juniper.net/techpubs/docbug/docbugreport.html. If you are using e-mail, be sure

to include the following information with your comments:

■ Document name

■ Document part number

■ Page number

■ Software release version (not required for Network Operations Guides [NOGs])

Requesting Technical Support

JUNOS System Basics and Services Command Reference

■

JUNOS Interfaces Command Reference

■

JUNOS Routing Protocols and Policies Command Reference

■

JUNOS Services Interfaces Configuration Guide“Configuring Packet Capture”

JUNOS System Basics and Services Command Reference“Configuring RPM Probes”

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need postsales technical support, you can access our tools and resources online or open a case with JTAC.

■ JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at

http://www.juniper.net/customers/support/downloads/710059.pdf.

■ Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

■ JTAC Hours of Operation —The JTAC centers have resources available 24 hours

a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

Documentation Feedback ■ xxi

J-series™ Services Router Administration Guide

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

■

Find CSC offerings: http://www.juniper.net/customers/support/

■

Search for known bugs: http://www2.juniper.net/kb/

■

Find product documentation: http://www.juniper.net/techpubs/

■ Find solutions and answer questions using our Knowledge Base:

http://kb.juniper.net/

■ Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

■ Search technical bulletins for relevant hardware and software notifications:

https://www.juniper.net/alerts/

■ Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

■

Open a case online in the CSC Case Manager: http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

■

Use the Case Manager tool in the CSC at http://www.juniper.net/cm/ .

■ Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, visit us at http://www.juniper.net/support/requesting-support.html.

xxii ■ Requesting Technical Support

Part 1

Configuring a Services Router for Administration

■ Managing User Authentication and Access on page 3

■ Setting Up USB Modems for Remote Management on page 29

■ Configuring SNMP for Network Management on page 47

■ Configuring the Router as a DHCP Server on page 63

■ Configuring Autoinstallation on page 81

■ Automating Network Operations and Troubleshooting on page 89

Configuring a Services Router for Administration ■ 1

J-series™ Services Router Administration Guide

2 ■ Configuring a Services Router for Administration

Chapter 1

Managing User Authentication and Access

You can use either J-Web Quick Configuration or a configuration editor to manage system functions, including RADIUS and TACACS+ servers, and user login accounts.

This chapter contains the following topics. For more information about system management, see the JUNOS System Basics Configuration Guide.

If the router is operating in a Common Criteria environment, see the Secure Configuration Guide for Common Criteria and JUNOS-FIPS.

■ User Authentication Terms on page 3

■ User Authentication Overview on page 4

■ Before You Begin on page 8

■ Managing User Authentication with Quick Configuration on page 8

■ Managing User Authentication with a Configuration Editor on page 12

■ Recovering the Root Password on page 21

■ Securing the Console Port on page 23

■ Accessing Remote Devices with the CLI on page 24

■ Configuring Password Retry Limits for Telnet and SSH Access on page 26

User Authentication Terms

Before performing system management tasks, become familiar with the terms defined in Table 5 on page 3.

Table 5: System Management Terms

Remote Authentication Dial-In User Service (RADIUS)

Terminal Access Controller Access Control System Plus (TACACS+)

DefinitionTerm

Authentication method for validating users who attempt to access one or more Services Routers by means of Telnet. RADIUS is a multivendor IETF standard whose features are more widely accepted than those of TACACS+ or other proprietary systems. All one-time-password system vendors support RADIUS.

Authentication method for validating users who attempt to access one or more Services Routers by means of Telnet.

User Authentication Terms ■ 3

J-series™ Services Router Administration Guide

User Authentication Overview

This section contains the following topics:

■ User Authentication on page 4

■ User Accounts on page 4

■ Login Classes on page 5

■ Template Accounts on page 7

User Authentication

The JUNOS software supports three methods of user authentication: local password authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+).

With local password authentication, you configure a password for each user allowed to log into the Services Router.

User Accounts

RADIUS and TACACS+ are authentication methods for validating users who attempt to access the router using Telnet. Both are distributed client/server systems—the RADIUS and TACACS+ clients run on the router, and the server runs on a remote network system.

You can configure the router to use RADIUS or TACACS+ authentication, or both, to validate users who attempt to access the router. If you set up both authentication methods, you also can configure which the router will try first.

User accounts provide one way for users to access the Services Router. Users can access the router without accounts if you configured RADIUS or TACACS+ servers, as described in “Managing User Authentication with Quick Configuration” on page 8 and “Managing User Authentication with a Configuration Editor” on page 12. After you have created an account, the router creates a home directory for the user. An account for the user root is always present in the configuration. For information about configuring the password for the user root, see the Getting Started Guide for your router. For each user account, you can define the following:

■ Username—Name that identifies the user. It must be unique within the router.

Do not include spaces, colons, or commas in the username.

■ User's full name—If the full name contains spaces, enclose it in quotation marks

(“ ”). Do not include colons or commas.

■ User identifier (UID)—Numeric identifier that is associated with the user account

name. The identifier must be in the range 100 through 64000 and must be unique within the router. If you do not assign a UID to a username, the software assigns one when you commit the configuration, preferring the lowest available number.

■ User's access privilege—You can create login classes with specific permission

bits or use one of the default classes listed in Table 6 on page 5.

■ Authentication method or methods and passwords that the user can use to access

the router—You can use SSH or an MD5 password, or you can enter a plain-text

4 ■ User Authentication Overview

Login Classes

Chapter 1: Managing User Authentication and Access

password that the JUNOS software encrypts using MD5-style encryption before entering it in the password database. If you configure the plain-text-password option, you are prompted to enter and confirm the password.

All users who log into the Services Router must be in a login class. You can define any number of login classes. With login classes, you define the following:

■ Access privileges users have when they are logged into the router. For more

information, see “Permission Bits” on page 5.

■ Commands and statements that users can and cannot specify. For more

information, see “Denying or Allowing Individual Commands” on page 7.

■ How long a login session can be idle before it times out and the user is logged

off.

You then apply one login class to an individual user account. The software contains a few predefined login classes, which are listed in Table 6 on page 5. The predefined login classes cannot be modified.

Table 6: Predefined Login Classes

unauthorized

Permission Bits

Each top-level command-line interface (CLI) command and each configuration statement has an access privilege level associated with it. Users can execute only those commands and configure and view only those statements for which they have access privileges. The access privileges for each login class are defined by one or more permission bits (see Table 7 on page 6).

Permission Bits SetLogin Class

clear, network, reset, trace, viewoperator

viewread-only

allsuper-user and superuser

None

Two forms for the permissions control the individual parts of the configuration:

■ "Plain" form—Provides read-only capability for that permission type. An example

is interface.

■

Form that ends in -control—Provides read and write capability for that permission type. An example is interface-control.

User Authentication Overview ■ 5

J-series™ Services Router Administration Guide

Table 7: Permission Bits for Login Classes

AccessPermission Bit

admin

access

all

clear

configure

control

field

firewall

floppy

Can view user account information in configuration mode and with the show configuration command.

Can view user accounts and configure them (at the [edit system login] hierarchy level).admin-control

Can view the access configuration in configuration mode and with the show configuration operational mode command.

Can view and configure access information (at the [edit access] hierarchy level).access-control

Has all permissions.

Can clear (delete) information learned from the network that is stored in various network databases (using the clear commands).

Can enter configuration mode (using the configure command) and commit configurations (using the commit command).

Can perform all control-level operations (all operations configured with the -control permission bits).

Reserved for field (debugging) support.

Can view the firewall filter configuration in configuration mode.

Can view and configure firewall filter information (at the [edit firewall] hierarchy level).firewall-control

Can read from and write to the removable media.

interface

interface-control

maintenance

reset

rollback

routing

Can view the interface configuration in configuration mode and with the show

configuration operational mode command.

Can view chassis, class of service, groups, forwarding options, and interfaces configuration information. Can configure chassis, class of service, groups, forwarding options, and interfaces (at the [edit] hierarchy).

Can perform system maintenance, including starting a local shell on the router and becoming the superuser in the shell (by issuing the su root command), and can halt and reboot the router (using the request system commands).

Can access the network by entering the ping, ssh, telnet, and traceroute commands.network

Can restart software processes using the restart command and can configure whether software processes are enabled or disabled (at the [edit system processes] hierarchy level).

Can use the rollback command to return to a previously committed configuration other than the most recently committed one.

Can view general routing, routing protocol, and routing policy configuration information in configuration and operational modes.

6 ■ User Authentication Overview

Table 7: Permission Bits for Login Classes (continued)

AccessPermission Bit

Chapter 1: Managing User Authentication and Access

routing-control

secret

secret-control

security

snmp

snmp-control

system

system-control

trace

Can view general routing, routing protocol, and routing policy configuration information and configure general routing (at the [edit routing-options] hierarchy level), routing protocols (at the [edit protocols] hierarchy level), and routing policy (at the [edit

policy-options] hierarchy level).

Can view passwords and other authentication keys in the configuration.

Can view passwords and other authentication keys in the configuration and can modify them in configuration mode.

Can view security configuration in configuration mode and with the show configuration operational mode command.

Can view and configure security information (at the [edit security] hierarchy level).security-control

Can start a local shell on the router by entering the start shell command.shell

Can view SNMP configuration information in configuration and operational modes.

Can view SNMP configuration information and configure SNMP (at the [edit snmp] hierarchy level).

Can view system-level information in configuration and operational modes.

Can view system-level configuration information and configure it (at the [edit system] hierarchy level).

Can view trace file settings in configuration and operational modes.

trace-control

view

Template Accounts

Can view trace file settings and configure trace file properties.

Can use various commands to display current systemwide, routing table, and protocol-specific values and statistics.

Denying or Allowing Individual Commands

By default, all top-level CLI commands have associated access privilege levels. Users can execute only those commands and view only those statements for which they have access privileges. For each login class, you can explicitly deny or allow the use of operational and configuration mode commands that are otherwise permitted or not allowed by a permission bit.

You use local user template accounts when you need different types of templates. Each template can define a different set of permissions appropriate for the group of users who use that template. These templates are defined locally on the Services Router and referenced by the TACACS+ and RADIUS authentication servers.

User Authentication Overview ■ 7

J-series™ Services Router Administration Guide

When you configure local user templates and a user logs in, the JUNOS software issues a request to the authentication server to authenticate the user's login name. If a user is authenticated, the server returns the local username to the router, which then determines whether a local username is specified for that login name (local-username for TACACS+, Juniper-Local-User for RADIUS). If so, the router selects the appropriate local user template locally configured on the router. If a local user template does not exist for the authenticated user, the router defaults to the remote template.

For more information, see “Setting Up Template Accounts” on page 18.

Before You Begin

Before you perform any system management tasks, you must perform the initial Services Router configuration described in the Getting Started Guide for your router.

Managing User Authentication with Quick Configuration

This section contains the following topics:

■ Adding a RADIUS Server for Authentication on page 8

■ Adding a TACACS+ Server for Authentication on page 9

■ Configuring System Authentication on page 10

■ Adding New Users on page 11

Adding a RADIUS Server for Authentication

You can use the Users Quick Configuration page for RADIUS servers to configure a RADIUS server for system authentication. This Quick Configuration page allows you to specify the IP address and secret (password) of the RADIUS server.

Figure 1 on page 8 shows the Users Quick Configuration page for RADIUS servers.

Figure 1: Users Quick Configuration Page for RADIUS Servers

ERROR: Unresolved graphic fileref="s020241.gif" not found in

"\\teamsite1\default\main\TechPubsWorkInProgress\STAGING\images\".

To configure a RADIUS server with Quick Configuration:

1. In the J-Web interface, select Configuration>Quick Configuration>Users.

2. Under RADIUS servers, click Add to configure a RADIUS server.

8 ■ Before You Begin

3. Enter information into the Users Quick Configuration page for RADIUS servers,

as described in Table 8 on page 9.

4. Click one of the following buttons on the Users Quick Configuration page for

RADIUS servers:

■ To apply the configuration and return to the Users Quick Configuration page,

click OK.

+ 302 hidden pages