Juniper Networks J-Series Network Router User Manual
Contents
1. 171 alarms displaying s sce iet e see 111 component part numbers sessssse 115 component serial numbers 115 environment displaying 112 FPC PIM summary displaying 115 identifiers displaying 112 MONTONE ED LEE 111 PIM FPC summary displaying 113 power manageMent eect ees 111 temperature MONILOTING 0 ees 112 CIT Culte DESW Si dees eoe ebd cepi eterni 122 Glassiflers Cobra cree recti RH VOI DURO 124 Gl an Up Files page sien ees 200 cleanitg up filessica sacs ctr ti teta 199 201 clear system services dhcp binding command 77 clear system services dhcp conflicts command 65 CLI configuration editor a toinstallatiori za see tte een CHAP on dialer interfaces controlling user access DEGCP S6IV6biss datio dei be 3 enabling commit scripts ssssssssss enabling operation scripts ssssssssses 95 event policies o cette Renee 95 interface alarms eee ete reb etes 172 RADIUS authentications appia 12 iM 276 SNMP scit ts ette et i ttiv ir aet eto eta 54 system log messages sending to a file 160 system log messages sending to a terminal 161 TACACS authentication 15 USB modem connections ssssssssssse 55 code point aliases COS 125 comments in configuration statements xviii commit2. 76 verifying DHCP server operation 77 verifying dialer interfaces eens 44 verifying RPM probe servers 288 verifying RPM statistics sse 286 verifying USB modem interfaces 45 viewing active alar MS 174 diagnostic commands iisraeli ea a i 211 dial in USB modem configuration editor 56 See also dialer interface for USB modem dial up modem connection configuring router erg a sce ttre stet ied erit 55 CORfIguring setr erd esce att tree rient 59 c rinectirig TOULer Grid eastern ey Nera 55 contiecting ser end eee E eter eee 40 dialer interface for USB modem adding configuration editor ees 55 See also USB modem connections CHAP for PPP configuration editor 37 dial in configuration editor ces 36 Jirr tatiotis teer ter recedet 50 naming convention sssssssssse eee teens 50 Wsiisg os oa E 30 VETUVING eco ore ni rr LOC RECTORE ROS 44 dialer pools for USB modems ssssss 54 See also dialer interface for USB modem dictionary attacks preventing 26 DiffServ code points bits for RPM probes 275 disabling cormit SCHpLISu octets orien ARS 91 CONSOLE POM 1 de MILI bl s ee LAUR E dee zx 24 Operation SCEIDIS oet e e tr red 94 packet capture eee rettet RR 261 root login to console port 24 SYSTE NT JOBS s et To este te RARE esp er pest 162 discarded packets nette peto etr e
3. Samples Total number of probes used for the data set The Services Router maintains records of the most recent 50 probes for each configured test These 50 probes are used to generate RPM statistics for a particular test Earliest System time when the first probe in the sample was Sample received Latest System time when the last probe in the sample was Sample received Mean Value Average round trip time for the 50 probe sample Standard Standard deviation of the round trip times for the Deviation 50 probe sample Lowest Shortest round trip time from the Services Router to Value the remote server as measured over the 50 probe sample Time of System time when the lowest value in the 50 probe Lowest sample was received Sample Highest Longest round trip time from the Services Router to Value the remote server as measured over the 50 probe sample Time of System time when the highest value in the 50 probe Highest sample was received Sample 146 Using the Monitoring Tools Table 77 Summary of Key RPM Output Fields continued Chapter 7 Monitoring the Router and Routing Operations Field Values Additional Information Cumulative Jitter for a Probe Samples Total number of probes used for the data set The Services Router maintains records of the most recent 50 probes for each configured test These 50 probes are used to generate RPM statistics for a particular
4. 24274 round trip times description 270 round trip times VieWiING 0 cece 146 SNMP traps Quick Configuration 275 source address setting 285 TCP configuration editor 279 See also TCP RPM probes 304 m Index TCP server port est intervals ud cre E eer eee ens est intervals setting Quick Configuration 2 OSE target dose dete ee tu NEED EE E Eae 2 hreshold values description 2 hreshold values setting Quick Configuratio erennere ete iate etiem starsat 2 imestamps See RPM probe timestamps UMNE eien A en o et de ton ORT E units 2 UDP configuration editor eee 2 See also UDP RPM probes UDP server prb Avent epe perra eg aed 2 verifying TCP and UDP probe servers 2 RSVP Resource Reservation Protocol interfaces monitoring 1 sessions MONILOTING eee 1 RTT See RPM probes round trip times S samples alarm corifiguratioTi nt att itte etes 1 basic RPM probesiii s eer ee deines 2 DHCP server configuration local template ACCOUNL eects REM prO DEE 5n dre ert RR RO RON Se 2 RPM test graplis ii eaetes ee poteet pa 1 ICP and UDP Probess vj ute oed eg dd es 2 USET Account on List teste Jel lt epe ed ts scheduler maps COS 1 scheduling a reboot With Webs s ccm erret reo como TORRE E 1 WIG THES GI cutter ote Met stets 1 scripts See commit scripts operation scripts SEACH IDSosaescbapte en te e tude
5. Monitor Option Function Corresponding CLI Commands System Displays Services Router system properties such as the system m show system uptime identification and uptime users and resource usage m show system users For details see Monitoring System Properties on page 107 m Show system storage m show system processes Chassis Displays active chassis alarms environment and hardware m showchassis alarms information and status of Physical Interface Modules PIMs a Show shassis environment For details see Monitoring the Chassis on page 111 a gt show chassiSifpe m show chassis hardware Interfaces Hierarchically displays all Services Router physical and logical m show interfaces terse interfaces including state and configuration information For detai L show interfaces detail Is see Monitoring the Interfaces on page 113 show inleraces inferidcesame 102 1H Monitoring Overview Chapter 7 Monitoring the Router and Routing Operations Table 47 J Web Monitor Options and Corresponding CLI show Commands continued Monitor Option Function Corresponding CLI Commands Routing Displays routing information through the following options m Route information m Route Information Information about the routes in a routing m show route terse table including destination protocol state and parameter m show route detail information You can narrow the list of routes displayed by OSPF inf spe
6. 115 117 Q Quick Configuration Add a RADIUS Server page 8 Add a TACACS Server page 9 Adda USEL page setate mote et tdt 11 adding USERS coe vet a ea ea Ve Re e Ret 11 authentication method serienn 10 DHCP M in page scere tette rte ir 67 DHCP pool pag ero eee 68 DHCP static binding page ees 69 Packet Capture page 227 Packet Capture results page 229 RADIUS SELVER tede os on RO RO ERE snedy apdaders 8 REM pabesia colis eM o ome ese 272 SNMP Dag6 iii et ete hc ed ug note Pete 50 TACAGS F SEVE yiilik e eode best ted eda 9 USEF managementa ie eser ect fe emere ea 8 Users page View Events page R RADIUS adding a server Quick Configuration 8 authentication configuration editor 12 Common Criteria information 5 order of user authentication configuration editor sss tege erat e eu er e 15 secret configuration editor 15 secret Quick Configuration 9 specifying for authentication Quick Configuration x de eed eerie e edet 10 random early detection RED drop profiles CoS 126 RARP for autoinstallation sssssss 86 RBBL reported BBE mid tt tret b dae 152 reachability DUS Wis idit dee irt d en rere ipae 125 See also host reachability read or write error Routing Engine 171 read only login class permissions 5 real time performance monitoring See RPM reboot immediately With Web tenete E
7. 160 Common Criteria information 155 GEStINALONS nities ial n ad 157 displaying at a terminal configuration editoE sd eE cnt entes peat tts 159 161 event VIEWED ve assess e nie enn es rer ei 162 FACULTIES P 157 filtering Quick Configuration 162 monitoring Quick Configuration 162 OVELVICW D 156 preparati E 159 regular expressions for filtering 158 sending messages to a file configuration CCILOD s conce tret eR e PIRE 160 sending messages to a terminal configuration editor hti oot edet eq e dA 161 Severity levels rene rettet eit 158 viewing Quick Configuration 164 system logs ARCHIVING se eco ettet aber petes Common Criteria information destinations for log files disabling etes pedes i displaying siZe i eee eere ue event triggers for SNMP traps setting in event DOolicleS c kr rer t iig 97 tile cleanup CLL diee be t ote pls 201 file cleanup J Web ssssssssR 199 Jue einio qe 156 logging facilities eter ete 157 Index logging severity levels eects 158 messages See system log messages monitoring OVERVIEWS 35 ol esd cdi ah shay pei DA A regular expressions for filtering 158 system management iirimaa e 3 automating coe nios cette tein eb tates Deb go tes 89 See also commit scripts event policies operation scripts displaying log and trace file contents 244
8. 92 superuser privileges required for s 95 operational mode filtering command output 105 operator login class permissions operators arithmetic binary and relational operators 250 logical ve contis ace borse 250 OSPF Open Shortest Path First MONTON nie csset eet tete redeo Pitt dn 119 SLAUISTICS S esee tte ein rae oec te PR ra 120 OSPF interfaces display IAE eere tree aser eee TOO HU EIUS 119 StA tSS aaa ahg ESE ASS E E A EE A PEES TEEN EE DES OSPF neighbors displaying dhd Leder Mee des starter a ments ot 119 Status santet bee urere rte ed ee 119 OSPF routing information sssssssse 119 outbound time See RPM probes P packet capture COnfiguririg t papse ced e beso gas 259 configuring J Web sssssssss 226 configuring on an interface ees 259 disabling oe Rr odere 261 disabling before changing encapsulation on WML CDLAC ES iu cetus m p Re rp phe 262 displaying configurations 263 displaying firewall filter for 1 264 erablitig cuente edito atten tives eben e e 257 encapsulation on interfaces disabling before MOGIIYING clas asset tates obe eei tena Pap mnes 262 files See packet capture files firewall filters configuring eee 259 firewall filters OVErViCW cece eens 255 TEWeb to0l 34 5 Soils tee rete 226 OVETVICW ah reote eit ethene ete cise 254 overview J Web sssssssss He 226 preparations ue ern on s
9. Se NOTE These instructions use Hayes compatible modem commands to configure the modem If your modem is not Hayes compatible see the documentation for your modem and enter equivalent modem commands You can use the J Web or CLI configuration editor to override the value of an initialization command configured on the USB modem or configure additional commands for initializing USB modems NOTE If you modify modem initialization commands when a call is in progress the new initialization sequence is applied on the modem only when the call ends In this example you override the value of the SO O command in the initialization sequence configured on the modem and add the L2 command To modify the initialization commands on a USB modem 1 Navigate to the top of the interfaces configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 29 on page 41 3 If you are finished configuring the router commit the configuration 4 To verify that the initialization commands are configured correctly see Verifying the USB Modem Configuration on page 42 Table 29 Modifying USB Modem Initialization Commands Task J Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the 1 Inthe J Web interface select From the edit hierarchy level enter configuration hierarchy Configuration gt View and Edit gt Edit Configur
10. 57 eIterpFise onn c o PR ARR RU 48 standardi caesi ehre tte e b td 48 system identification configuration editor 54 URLS fOr downloads ene crest arce tbe 48 views configuration editor 57 Microsoft Windows XP commands connecting to router from a management device 59 minor yellow alarms action FequlEed s eT odora ete iege 175 alternative boot device 171 GESCHIPHOM te DE 167 iriternal compact flaslis oe tette tt 171 Routing ERgIne nni is E ete I oes 171 modem connection to router USB port See USB modem connections modem connection to user management device See USB modem connections monitor interface command ssssssss 245 controlling OUTPUE ss coa op tete 245 Index monitor interface traffic command 245 controlling QUEtDUL iet eit renes monitor list command monitor start command monitor stop command monitor traffic command sss 247 ODEHOHS 2 inp be rele dt loud ctus 247 performance impact aet Ni teta fees 246 monitor traffic matching command 248 arithmetic binary and relational operators 250 logical Operators net ot ete tbt tcs 250 match conditionis ese re pee 248 monitoring alarms ant prt abd ebbe 174 Avaya VOIR vermar i rana eee ere 151 BGP iiia da a aaa a Malas Toe as 117 BGP neighbors with RPM probes 285 ULRti roe 111 CLI commands and corresponding J Web options DHCP cerasi D
11. Configure the DHCP server to provide a hostname conf filename to each new Services Router Each router uses its hostname conf filename to request a configuration file from the TFTP server Copy the necessary hostname conf configuration files to the TFTP server m Create a default configuration file named network conf and copy it to the TFTP server This file contains IP address to hostname mapping entries If the DHCP server does not send a hostname conf filename to a new router the Services Router uses network conf to resolve its hostname based on its IP address Alternatively you can add the IP address to hostname mapping entry for the new Services Router to a DNS database file The router uses the hostname to request a hostname conf file from the TFTP server Configuring Autoinstallation with a Configuration Editor No configuration is required on a Services Router on which you are performing autoinstallation because it is an automated process However to simplify the process on a router you can specify one or more interfaces protocols and configuration servers to be used for autoinstallation To configure autoinstallation 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 42 on page 86 If you are using the J Web interface click Commit to view a summary of your changes then click OK to commit the configuration
12. RADIUS Server Address required Identifies the IP address of the RADIUS Type the RADIUS server s 32 bit IP address in server dotted decimal notation RADIUS Server Secret required The secret password of the RADIUS Type the secret password of the RADIUS server server Secrets can contain spaces The secret used must match that used by the RADIUS server Verify RADIUS Server Secret required Verifies the secret password of the Retype the secret of the RADIUS server RADIUS server is entered correctly Adding a TACACS Server for Authentication You can use the Users Quick Configuration page for TACACS servers to configure a TACACS server for system authentication This Quick Configuration page allows you to specify the IP address and secret of the TACACS server Figure 2 on page 9 shows the Users Quick Configuration page for TACACS servers Figure 2 Users Quick Configuration Page for TACACS Servers ERROR Unresolved graphic fileref 5020242 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To configure a TACACS server with Quick Configuration 1 2 3 In the J Web interface select Configuration Quick Configuration Users Under TACACS servers click Add to configure a TACACS server Enter information into the Users Quick Configuration page for TACACS 4 servers as described in Table 9 on page 10 Click one of the following buttons on
13. 271 setting up on local and remote Services Router configuration editor eee 283 BGP Sessions Stats ipee ee ode n 118 binary operators for multicast traffic 250 boot dEViICES C oe taste haben me er s 186 contiguring CLDuc dedos de eed eben 189 configuring J WeB iaeiei ais ap ai 186 selecting CLD cade ated ten 196 197 Selecting PWED ra ee meter teen 195 storing memory snapshots sssssssssssese 190 See also compact flash USB boot operations DHCP ace b m rebut 71 BOOTP for autoinstallation ssee 86 braces in configuration statements xviii brackets angle in syntax descriptions xviii square in configuration statements xviii brute force attacks preventing 26 buffer space for PIM in FPC summary 115 built in Ethernet ports See Ethernet ports management interfaces bytes transmitted ure eee Here iere ec i 115 c cables console port connecting 21 Ethernet rollover Connecting 21 caller ID for dial in over USB modems 56 See also dialer interface for USB modem capturing packets See packet capture Challenge Handshake Authentication Protocol enabling ort dialerdnterfaces uc eere os imer etes 37 change log logging facility 157 CHAP Challenge Handshake Authentication Protocol enabling on dialer interfaces eee 37 chassis alarm condition indicator eee 175 alarm conditions and remedies
14. Optional Specifies the value of the forwarding class to be used in the MPLS ping packets countnumber Optional Limits the number of ping requests to send Specify a count from O through 1 000 000 The default value is 5 If you do not specify a count ping requests are continuously sent until you press Ctrl C source source address Optional Uses the source address that you specify in the ping request packet detail Optional Displays detailed output about the echo requests sent and received Detailed output includes the MPLS labels used for each request and the return codes for each request Following is sample output from a ping mpls I3vpn command userGhost gt ping mpls 13vpn vpnl prefix 10 255 245 122 32 sping statistics 5 packets transmitted 5 packets received 0 packet loss The fields in the display are the same as those displayed by the J Web ping MPLS diagnostic tool For information see Ping MPLS Results and Output on page 222 234 Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Pinging Layer 2 VPNs Enter the ping mpls I2vpn command with the following syntax Table 119 on page 255 describes the ping mpls I2vpn command options user host gt ping mpls 12vpn interface interface name instance 2vpn instance name local site id Jocal site id number remote site id remote site id number bottom label ttl exp forwarding class count number
15. Select Diagnose Ping Host from the task bar Next to Advanced options click the expand icon see Figure 20 on page 216 Enter information into the Ping Host page as described in Table 108 on page 216 The Remote Host field is the only required field Click Start The results of the ping operation are displayed in the main pane see Figure 21 on page 217 If no options are specified each ping response is in the following format bytes bytes from ip address icmp seq number ttl number time time Table 109 on page 218 summarizes the output fields of the display To stop the ping operation before it is complete click OK Figure 20 Ping Host Page ERROR Unresolved graphic fileref 5020255 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Table 108 J Web Ping Host Field Summary Field Function Your Action Remote Host Identifies the host to ping Type the hostname or IP address of the host to ping Advanced Options 216 1H Pinging Hosts from the J Web Interface Table 108 J Web Ping Host Field Summary continued Chapter 12 Using Services Router Diagnostic Tools Field Function Your Action Don t Resolve Determines whether to display hostnames of the m Tosuppress the display of the hop hostnames Addresses hops along the path select the check box m To display the hop hostnames clear the check box Interface Specifies the interfac
16. The terminal emulation screen on your management device displays the router s boot sequence When the following prompt appears press the Spacebar to access the router s bootstrap loader command prompt Hit Enter to boot immediately or space bar for command prompt Booting kernel in 9 seconds At the following prompt enter boot s to start up the system in single user mode ok boot s 22 1H Recovering the Root Password 13 14 16 17 18 19 20 Chapter 1 Managing User Authentication and Access At the following prompt enter recovery to start the root password recovery procedure Enter full pathname of shell or recovery for root password recovery or RETURN for bin sh recovery Enter configuration mode in the CLI Set the root password For example user host set system root authentication plain text password For more information about configuring the root password see the JUNOS System Basics Configuration Guide At the following prompt enter the new root password For example New password juniperl Retype new password At the second prompt reenter the new root password If you are finished configuring the network commit the configuration root host commit commit complete Exit configuration mode in the CLI Exit operational mode in the CLI At the prompt enter y to reboot the router Reboot the system y n y Securing the Console Port You can use
17. teamsite 1 default main TechPubsWorkInProgress STAGING images To install software upgrades from a remote server 1 Download the software package as described in Downloading Software Upgrades from Juniper Networks on page 181 2 Inthe J Web interface select Manage gt Software gt Install Package 3 On the Install Remote page enter information into the fields described in Table 95 on page 183 4 Click Fetch and Install Package The software is activated after the router has rebooted Installing Software Upgrades with the J Web Interface Table 95 Install Remote Summary Chapter 10 Performing Software Upgrades and Reboots Field Function Your Action Package Location Specifies the FTP or HTTP server file path and Type the full address of the software package required software package name location on the FTP or HTTP server one of the following ftp hostname pathname package name http hostname pathname package name User Specifies the username if the server requires Type the username one Password Specifies the password if the server requires Type the password one Reboot If Required If this box is checked the router is automatically rebooted when the upgrade is complete Check the box if you want the router to reboot automatically when the upgrade is complete Installing Software Upgrades by Uploading Files You can use the J Web interface to install sof
18. 159 show services ipsec vpn ike command 140 show services ipsec vpn ipsec command 140 show services ipsec vpn ipsec security associations command pangeran ian de tesi due show services nat pool command show services rpm active servers command explanation 2 nier reper etra duet show services rpm probe results command explanation ete er termed ei verbe dere e show services service sets memory usage COITIImard ester te D RD Res 135 show services service sets summary command 135 show services stateful firewall conversations commandi sestina UN 138 show services stateful firewall flows command 158 show snmp health monitor command 59 show snmp statistics command ssssssssssse 58 show system alarms command sssssssss 174 show system autoinstallation status command 87 show system processes command 110 157 Index mM 305 J series Services Router Administration Guide show system services dhcp binding COMMIMGING 2 ei cotes e e chet taal ALIE A 76 145 explanation show system services dhcp binding detail COIQIDATI cs tate teo ec eset teste 76 explanatio i icd dore EA pter anaes 77 show system services dhcp command sss 75 show system services dhcp conflict command soit easier a e a etd 65 76 143 eXplanatioris anye rt E AEI 77 show
19. Click OK Next to Permissions click Add new entry In the Value list select view Ov Bin SV PS Click OK Creating User Accounts User accounts provide one way for users to access the Services Router Users can access the router without accounts if you configured RADIUS or TACACS servers as described in Setting Up RADIUS Authentication on page 12 and Setting Up TACACS Authentication on page 13 The procedure provided in this section creates a sample user named cmartin with the following characteristics m The user cmartin belongs to the superuser login class m The user cmartin uses an encrypted password 1 14c5 sBopasdFFdssdfFFdsdfsO Managing User Authentication with a Configuration Editor MN 17 J series Services Router Administration Guide To create user accounts 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 15 on page 18 5 If you are finished configuring the network commit the configuration Table 15 Creating User Accounts Task J Web Configuration Editor CLI Configuration Editor Navigate to the System Login level in the configuration hierarchy 1 In the J Web interface select Configuration View and Edit Edit Configuration 2 Next to System click Configure or Edit 5 Next to Login click Configure or Edit From the edit hierarchy l
20. Compatibility with Autoinstallation Services Router DHCP server functions are compatible with the autoinstallation feature The DHCP server automatically checks any autoinstallation settings for conflicts and gives the autoinstallation settings priority over corresponding DHCP settings For example an IP address set by autoinstallation takes precedence over an IP address set by the DHCP server To configure autoinstallation see Configuring Autoinstallation on page 81 Conflict Detection and Resolution A client that receives an IP address from the Services Router operating as a DHCP server performs a series of Address Resolution Protocol ARP tests to verify that the address is available and no conflicts exist If the client detects an address conflict it informs the DHCP server about the conflict and can request another IP address from the DHCP server The Services Router maintains a log of all client detected conflicts and removes addresses with conflicts from the DHCP address pool To display the conflicts list you use the show system services dhcp conflict command The addresses in the conflicts list remain excluded until you use the clear system services dhcp conflict command to manually clear the list Interface Restrictions The Services Router supports DHCP client requests received on Fast Ethernet interfaces only However DHCP requests received from a relay agent are supported on all interface types DHCP Overview
21. DHCP Server DNS Servers dec Primary WINS Server Secondary WINS Server Lease Obtained Lease Expires Meaning Verify the following The client returns a ping response my pc mycompany net Hybrid No No mycompany net mylab net mycompany net mylab net 10 100 LAN Fast Ethernet Card 02 04 06 08 0A 0C Yes Yes 192 168 2 2 255 255 254 0 192 168 10 3 192 168 2 1 192 168 10 2 192 168 10 4 192 168 10 5 Monday January 24 2005 8 48 59 AM Monday February 7 2005 8 48 59 AM The client IP configuration displayed contains the configured values For example for the DHCP configuration in Configuring the DHCP Server with a Configuration Editor on page 72 you can verify the following settings DNS Suffix Search List is correct IP address is within the IP address pool you configured DHCP Server is the primary IP address of the Services Router interface on which the DHCP message exchange occurs If you include the server identifier statement in your configuration the DHCP server IP address specified in this statement is displayed Lease Obtained and Lease Expires times are correct The ipconfig command also displays other DHCP client settings that can be configured on the Services Router including the client s hostname default gateways and WINS servers 78 Verifying DHCP Server Operation Related Topics Chapter 4 Configuring the Router as a
22. Enabling Packet Capture Required on page 257 Commit the configuration Changing Encapsulation on Interfaces with Packet Capture Configured Before modifying the encapsulation on a Services Router interface that is configured for packet capture you must disable packet capture and rename the latest packet capture file Otherwise packet capture saves the packets with different encapsulations in the same packet capture file Packet files containing packets with different encapsulations are not useful because packet analyzer tools like tcpdump cannot analyze such files After modifying the encapsulation you can safely reenable packet capture on the router To change the encapsulation on packet capture configured interfaces 1 Disable packet capture following the steps in Disabling Packet Capture on page 261 Commit the configuration Using the CLI rename the latest packet capture file on which you are changing the encapsulation with the chdsl extension a From CLI operational mode access the local UNIX shell 262 1H Changing Encapsulation on Interfaces with Packet Capture Configured Chapter 13 Configuring Packet Capture user host gt start shell b Navigate to the directory where packet capture files are stored cd var tmp c Rename the latest packet capture file for the interface on which you are changing the encapsulation for example fe 0 0 0 mv pcap file fe 0 0 0 pcap file fe 0
23. Go on to one of the following procedures m To configure a RADIUS server see Setting Up RADIUS Authentication on page 12 m To configure a TACACS server see Setting Up TACACS Authentication on page 13 m To configure a system authentication order see Configuring Authentication Order on page 15 Table 17 Creating a Local Template Account Task J Web Configuration Editor CLI Configuration Editor Navigate to the System Login 1 Inthe J Web interface select From the edit hierarchy level level in the configuration Configuration View and Edit Edit enter hierarchy Configuration 2 Next to System click Configure or Edit pale system login 3 Next to Login click Configure or Edit Create a user named admin who belongs to the superuser login class 1 Next to User click Add new entry Set the username and the login class for the user 2 Inthe User name box type admin 5 In the Class box type superuser set user admin class superuser 4 Click OK 20 m Managing User Authentication with a Configuration Editor Chapter 1 Managing User Authentication and Access Recovering the Root Password If you forget the root password for the router you can use the password recovery procedure to reset the root password NOTE You need console access to recover the root password To recover the root password 1 2 Power off the router by pressing the power button on the fro
24. Option Description ttl number Optional Sets the time to live TTL value for the ping request packet Specify a value from O through 255 wait seconds Optional Sets the maximum time to wait after sending the last ping request packet If you do not specify this option the default delay is 10 seconds If you use this option without the count option the Services Router uses a default count of 5 packets detail Optional Displays the interface on which the ping response was received verbose Optional Displays detailed output Following is sample output from a ping command user host gt ping host3 count 4 PING host3 site net 176 26 232 111 56 data bytes 64 bytes from 176 26 232 111 icmp seq 0 ttl 122 time 0 661 ms 64 bytes from 176 26 232 111 icmp seq 1 ttl 122 time 0 619 ms 64 bytes from 176 26 232 111 icmp seq 2 ttl 122 time 0 621 ms 64 bytes from 176 26 232 111 icmp seq 3 ttl 122 time 0 634 ms host3 site net ping statistics 4 packets transmitted 4 packets received 0 packet loss round trip min avg max stddev 0 619 0 634 0 661 0 017 ms The fields in the display are the same as those displayed by the J Web ping host diagnostic tool For information see Ping Host Results and Output Summary on page 218 Checking MPLS Connections from the CLI Use the ping mpls commands to diagnose the state of LSPs Layer 2 and Layer 5 VPNs and Layer 2 circuits When you issue a command
25. Table 52 Summary of Key Routing Information Output Fields Field Values Additional Information n Number of destinations for which there are routes in destinations the routing table n routes Number of routes in the routing table active Number of routes that are active m X holddown Number of routes that are in hold down state neither advertised nor updated before being declared inactive m Xhidden Number of routes not used because of routing policies configured on the Services Router Destination Destination address of the route Protocol Protocol from which the route was learned Static The route preference is used as one of the route Preference Direct Local or the name of a particular protocol selection criteria The preference is the individual preference value for the route 116 1H Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 52 Summary of Key Routing Information Output Fields continued Field Values Additional Information Next Hop Network layer address of the directly reachable If a next hop is listed as Discard all traffic with that neighboring system if applicable and the interface destination address is discarded rather than routed used to reach it This value generally means that the route is a static route for which the discard attribute has been set If a next hop is listed as Reject all traffic with that destinati
26. This section contains the following topics m Downgrading the Software with the J Web Interface on page 185 m Downgrading the Software with the CLI on page 185 Downgrading the Software with the J Web Interface You can downgrade the software from the J Web interface For the changes to take effect you must reboot the router To downgrade software 1 Inthe J Web interface select Manage Software Downgrade The image of the previous software version if any is displayed on this page eo NOTE After you perform this operation you cannot undo it 2 Select Downgrade to downgrade to the previous version of the software or Cancel to cancel the downgrade process 3 When the downgrade process is complete for the new software to take effect select Manage gt Reboot from the J Web interface to reboot the router After you downgrade the software the previous release is loaded and you cannot reload the running version of software again To downgrade to an earlier version of software follow the procedure for upgrading using the JUNOS software image labeled with the appropriate release Downgrading the Software with the CLI You can revert to the previous version of software using the request system software rollback command in the CLI For the changes to take effect you must reboot the Downgrading the Software m 185 J series Services Router Administration Guide router To downgrade to an earlier version of soft
27. Type a numeric value in kilobytes The default value is the boot device s physical memory minus the config data and swap partitions 188 m Configuring Boot Devices Chapter 10 Performing Software Upgrades and Reboots Configuring a Boot Device for Backup with the CLI Use the request system snapshot CLI command to create a boot device for the Services Router on an alternate medium to replace the primary boot device or serve as a backup Enter the command with the following syntax user host gt request system snapshot lt as primary gt config size size data size Size factory media type partition root size size swap size size Table 98 on page 189 describes the request system snapshot command options Default values are in megabytes but you can alternatively enter values in kilobytes by appending k to the number For example config size 10 specifies a config partition of 10 MB but config size 10k specifies a config partition of 10 KB Table 98 CLI request system snapshot Command Options Option Description as primary On an external compact flash or USB storage device only creates a snapshot for use as the primary boot medium Use the as primary option to replace the medium in the internal compact flash slot or to replicate it for use in another Services Router This process also partitions the boot medium NOTE After the boot device is created as an internal compact flash it ca
28. bypass routing Optional Bypasses the routing tables and sends the traceroute packets only to hosts on directly attached interfaces If the host is not on a directly attached interface an error message is returned Use this option to display a route to a local system through an interface that has no route through it gateway address i Optional Uses the gateway you specify to route through inet Optional Forces the traceroute packets to an IPv4 destination inet6 Optional Forces the traceroute packets to an IPv6 destination no resolve Optional Suppresses the display of the hostnames of the hops along the path routing instance routing instance name Optional Uses the routing instance you specify for the traceroute Source address Optional Uses the source address that you specify in the traceroute packet tos number Optional Sets the type of service TOS value in the IP header of the traceroute packet Specify a value from O through 255 ttl number Optional Sets the time to live TTL value for the traceroute packet Specify a hop count from O through 128 wait seconds Optional Sets the maximum time to wait for a response Following is sample output from a traceroute command user host gt traceroute host2 traceroute to 173 24 232 66 172 24 230 41 30 hops max 40 byte packets 1 173 18 42 253 173 18 42 253 0 482 ms 0 346 ms 0 318 ms host4 sitel n
29. rpm probe results command user host gt show services rpm probe results Owner customerA Test icmp test Probe type icmp ping timestamp Minimum Rtt 312 usec Maximum Rtt 385 usec Average Rtt 331 usec Jitter Rtt 73 usec Stddev Rtt 27 usec Minimum egress time 0 usec Maximum egress time 0 usec Average egress time 0 usec Jitter egress time 0 usec Stddev egress time 0 usec Minimum ingress time O0 usec Maximum ingress time 0 usec Average ingress time 0 usec Jitter ingress time 0 usec Stddev ingress time 0 usec Probes sent 5 Probes received 5 Loss percentage 0 Owner customerB Test http test Target address 192 176 17 4 Target URL http customerB net Probe type http get Verifying RPM Services Meaning Related Topics Chapter 14 Configuring RPM Probes Minimum Rtt 1093 usec Maximum Rtt 1372 usec Average Rtt 1231 usec Jitter Rtt 279 usec Stddev Rtt 114 usec Probes sent 3 Probes received 3 Loss percentage 0 Owner Rpm Bgp Owner Test Rpm Bgp Test 1 Target address 10 209 152 37 Probe type icmp ping Test size 5 probes Routing Instance Name LR1 RI1 Probe results Response received Fri Oct 28 05 20 23 2005 Rtt 662 usec Results over current test Probes sent 5 Probes received 5 Loss percentage 0 Measurement Round trip time Minimum 529 usec Maximum 662 usec Average 585 usec Jitter 133 usec Stddev 53 usec Results over all tests Probes sent 5 Probes received 5
30. ssssssse 157 Monitoring Stateful Firewall Filters sssss 158 Monitoring Firewall Intrusion Detection Services IDS 159 Monitoring IPSEC TUNNELS 52er trt sepas d tute 140 Monitoring NAT Po0lS rr eee mee tede P RF etd e ete 142 Mon toring DHCP 5 occ e roe Hte eia dia eee et Hee edet 145 Monitoring RPM Probes ier e eee e CO T S en oe RU s 145 Monitoring RRP iet tente cui vbt ree ei beste Suse ec OO hte tete det ts 147 Monitoring PPPOE eet c erg rete ap UR ER re sabe Las ute es 148 Monitoring the TGM550 Media Gateway VOIP sssssm 151 Chapter 8 Chapter 9 Part 3 Chapter 10 Table of Contents Monitoring Events and Managing System Log Files System Log Message Terms aee eter editado eee andes yas System Log Messages Overview sssssssssssssssss tee e eee tetee teeter teenies System Log Message Destinations 00 22 20 eee tee eeeeeeeeeeees System Log Facilities and Severity Levels ee eeeeeeeeees Reg lar EXpressioris uen ei OR ne RO det Peedetesit pig ew oed emend Bere YOU BOOM es tette E om setae tus tte Configuring System Log Messages with a Configuration Editor Sending System Log Messages to a File l Sending System Log Messages to a User Terminal sssse ArChiving Syster LOES ireren ben ehe exe o rr e RR OE PRIMER ERR Disabling System LOGS i inania diede ec e erepti eon Monitoring System Log Messages with
31. 2 Next to World readable select Yes Click OK Enter set packet capture file world readable 258 m Configuring Packet Capture with a Configuration Editor Configuring Packet Capture on an Interface Required Chapter 13 Configuring Packet Capture To capture all transit and host bound packets on an interface and specify the direction of the traffic to capture inbound outbound or both 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 155 on page 259 5 If you are finished configuring the router commit the configuration 4 Goonto one of the following procedures Table 135 Configuring Packet Capture on an Interface To configure a firewall filter see Configuring a Firewall Filter for Packet Capture Optional on page 259 To check the configuration see Verifying Packet Capture on page 2635 Task J Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the configuration hierarchy and select an interface for packet capture for example fe 0 0 1 1 In the J Web interface select Configuration gt View and Edit gt Edit Configuration From the edit hierarchy level enter edit interfaces fe 0 0 1 2 Next to Interfaces click Configure or Edit See the interface naming conventions in the J series Services 5 Inthe Interface
32. 264 Veritying Captured Packets ucinet eb d o breit e etm nte etat 264 Table of Contents W xiii J series Services Router Administration Guide Chapter 14 Part 5 xiv Table of Contents Configuring RPM Probes 267 RPM CTGEGIUS since boi ette qo ocu ete hala aede d te retta de tds eRe des 267 RPM COVSEVIGW hra Sonae ea aor an a eter serere Mp e tlla e e beta eleg des 268 RPMPIODES istis deis tese itg te lbs tegit hee times 268 REM CSUs ata tases tir rete MOM shal Sedeucs sin dun o T de 269 Probe and Test Intervals 3 5 1 estet dete pe e redet 269 Jitter Measurement with Hardware Timestamping eccerre 269 RPM Statistics acest iotetsse ini eee ee Sad E roce cer esce ttd ne 270 RPM Thresholds and Traps ssssssssss e 271 RPMzTor BGP MONICOLING euo tes ete tior te esposto ETER S 271 BEFOFe Y OU BOG esr me pennant pneter idee e e dtu qu A eM ede Aa eon tie acl saute es 271 Configuring RPM with Quick Configuration ssssssss 271 Configuring RPM with a Configuration Editor 00 eects 276 Configuring Basic RPM Probes cedet ne rene cee 276 Configuring TCP and UDP Probes sssssssssss 279 Tuning RPMPEOD6S ueber e peat cauli tr ves a ee tes detis 282 Configuring RPM Probes to Monitor BGP Neighbors ec 285 Configuring RPM Probes for BGP Monitoring eeen 285 Directing RPM Probes to Select BGP Routers 0 0 0 0 285 Verifying an RPM Configuratii ases ete pe Bod dente ber tee dtes te ate do ds 285 ven
33. 49 threshold values for RPM probes See RPM probes time to live See TTL TIMEZONE displaying rdeca e ett de ea 108 timestamps for RPM probes See RPM probe timestamps suppressing in packet headers in captured packets doter Daten bes 228 suppressing in packet headers in traffic THOFUEtOELITIE 22 settee bot tiis AE Eas Eur 247 trace files Taonitorng ees tdeo eire rd fetus 244 multicast monitoring ssssss 245 traceroute CLINSCOMIMANG e 237 indications cooper e idco 225 308 m index J Web tool results s biis traceroute command OPONE 2 sse t de ene bed db d Ee Re traceroute monitor CL command vare oet beiterbodelien 258 traceroute monitor command ssssssn 258 ODUOTSo s Take ttis epe teint Sexe dte sed UR E ina etl 259 PESUCS DR 240 Traceroute PASO ven osos tete e b EA AE AETA 224 feld SUmmaryzt dee rt Oo En 224 traffic analyzing with packet capture 255 multicast tracking 241 tracking with J Web traceroute 225 tracking with the traceroute command 237 transmission speed displaying 115 traps See SNMP traps triggers for SNMP traps setting in event policies 97 Trivial File Transfer Protocol TFTP for autoinstallatiOri ecce cato ettet ted utes ftem tate 85 troubleshooting automating with event policies 94 Operation SCEIpISz irse eter ierra eg 92 See also diagnosis operation scripts packet capture for analysis 255 See also diagn
34. Contact sysContact System location SysLocation System description sysDescr System name override sysName To configure basic system identification for SNMP i Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor To configure basic system information using SNMP perform the configuration tasks described in Table 32 on page 54 If you are finished configuring the network commit the configuration To check the configuration see Verifying the SNMP Configuration on page 58 Table 32 Configuring Basic System Identification Task J Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the 1 Inthe J Web interface select From the edit hierarchy level configuration hierarchy Configuration gt View and Edit Edit enter Configuration 2 Next to Snmp click Configure or Edit edit snmp 54 NW Configuring SNMP with a Configuration Editor Chapter 3 Configuring SNMP for Network Management Table 32 Configuring Basic System Identification continued Task J Web Configuration Editor CLI Configuration Editor Configure the system contact information such as a name and phone number In the Contact box type the contact information as a free form text string Set the contact information Set contact contact information Configure the system location information such as a lab
35. Host that provides an IP address and configuration settings to a DHCP client The Services Router is a DHCP server Dynamic Host Configuration Protocol DHCP Configuration management protocol you can use to supervise and automatically distribute IP addresses and deliver configuration settings to client hosts from a central DHCP server An extension of BOOTP DHCP is defined in RFC 2151 Dynamic Host Configuration Protocol DHCP gateway router Router that passes DHCP messages between DHCP clients and DHCP servers A gateway router is sometimes referred to as a relay agent IP address pool Collection of IP addresses maintained by the DHCP server for assignment to DHCP clients The address pool is associated with a subnet on either a logical or physical interface lease Period of time during which an IP address is allocated or bound to a DHCP client A lease can be temporary dynamic binding or permanent static binding router solicitation address IP address to which a DHCP client can transmit router solicitation requests Windows Name Service WINS server Server running the Microsoft Windows name resolution service for network basic input output system NetBIOS names WINS is used by hosts running NetBIOS over TCP IP NetBT to register NetBIOS names and to resolve NetBIOS names to IP addresses DHCP Overview 64 m DHCP is based on BOOTP a bootstrap protocol that allows a client to
36. In the configuration editor hierarchy select Forwarding options From the edit hierarchy level enter edit forwarding options Specify in bytes the maximum size of each packet to capture in each file for example 500 The range is between 68 and 1500 and the default is 68 bytes 1 From the Sampling or packet capture list select Packet capture Next to Packet capture click Configure In the Maximum capture size box type 500 Enter set packet capture maximum capture size 500 Specify the target filename for the packet capture file for example pcap file For each physical interface the interface name is automatically suffixed to the filename for example pcap file fe 0 0 1 See the interface naming conventions in the J series Services Router Basic LAN and WAN Access Configuration Guide In the Filename box type pcap file Enter set packet capture file filename pcap file Specify the maximum number of files to capture for example 100 The range is between 2 and 10 000 and the default is 10 files In the Files box type 100 Enter set packet capture file files 100 Specify the maximum size of each file in bytes for example 1024 The range is between 1 024 and 104 857 600 and the default is 512 000 bytes In the Size box type 1024 Enter set packet capture file size 1024 Specify if all users have permission to read the packet capture files I
37. Using CLI Diagnostic Commands M 251 J series Services Router Administration Guide 252 Using CLI Diagnostic Commands Chapter 13 Configuring Packet Capture Packet capture is a tool that helps you to analyze network traffic and troubleshoot network problems On a J series Services Router the packet capture tool captures real time data packets traveling over the network for monitoring and logging Packets are captured as binary data without modification You can read the packet information offline with a packet analyzer such as Ethereal or tcpdump If you need to quickly capture packets destined for or originating from the Routing Engine and analyze them online you can use the J Web packet capture diagnostic tool For more information see Capturing and Viewing Packets with the J Web Interface on page 226 eS NOTE j series Services Routers can capture IPv4 packets only The packet capture tool does not support IPv6 packet capture You can use either the J Web configuration editor or CLI configuration editor to configure packet capture For more information about packet capture see the JUNOS Policy Framework Configuration Guide This chapter contains the following topics m Packet Capture Terms on page 255 m Packet Capture Overview on page 254 m Before You Begin on page 257 m Configuring Packet Capture with a Configuration Editor on page 257 m Changing Encapsulation on Interfaces with Packet Capture Configured on pag
38. brs Number of neighbors on this interface OSPF Statistics Packet Type of OSPF packet Type Total Sent Total Received Total number of packets sent and received Last 5 Total number of packets sent and received in the last seconds 5 seconds Sent Last 5 seconds Received Receive Number and type of receive errors errors Monitoring RIP Routing Information To view RIP routing information select Monitor Routing RIP Information or enter the following CLI commands m show rip statistics m show rip neighbors Table 55 on page 120 summarizes key output fields in the RIP routing display Table 55 Summary of Key RIP Routing Output Fields Field Values Additional Information RIP Statistics Rip info nformation about RIP on the specified interface including UDP port number hold down interval during which routes are neither advertised nor updated and imeout interval Logical ame of the logical interface on which RIP is interface configured Routes umber of RIP routes learned on the logical interface learned 120 1m Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 55 Summary of Key RIP Routing Output Fields continued Field Values Additional Information Routes Number of RIP routes advertised on the logical advertised interface RIP Neighbors Neighbor Name of the RIP neighbor This value is the
39. dcd absent yellow cts absent yellow Meaning The sample output in this section displays the following alarm settings in order Verify that the output shows the intended configuration of the alarms m 73 alarms m DSi alarms m Ethernet alarms m Serial alarms Related Topics For more information about the format of a configuration file see the J series Services Router Basic LAN and WAN Access Configuration Guide 176 1H Displaying Alarm Configurations Part 3 Managing Services Router Software m Performing Software Upgrades and Reboots on page 179 m Managing Files on page 199 Managing Services Router Software m 177 J series Services Router Administration Guide 178 Hm Managing Services Router Software Chapter 10 Performing Software Upgrades and Reboots A J series Services Router is delivered with the JUNOS software preinstalled When you power on the router it starts boots up using its primary boot device All Services Routers support a secondary boot device that allows you to back up your primary boot device and configuration As new features and software fixes become available you must upgrade your software to use them Before an upgrade we recommend that you back up your primary boot device On a Services Router you can initialize the primary or secondary boot device with a snapshot of the running configuration default factory configuration or rescue configuration You can also replicate the configu
40. show class of service scheduler map command 129 show dlsw capabilities command show dlsw circuits command A show dlsw peers command show dlsw reachability command 121 show firewall filter dest all command 264 show interfaces detail command 114 show interfaces dl0 extensive command 44 show interfaces interface name command 114 show interfaces ppO command 148 show interfaces terse command ssssssssss 114 show interfaces umdO extensive command 45 explanation for USB modem interfaces 45 show log commarid 52 act deter gl show mpls interface command show mpls lsp command siaina ra show mpls statistics command sssssssssss show ospf interfaces command show ospf neighbors command show ospf statistics command show ppp address pool command show ppp interface command show ppp statistics command show ppp summary command eee show pppoe interfaces command show pppoe statistics command show pppoe version command ssese show rip neighbors command sssssss show rip statistics command rerne show route detail command sssssssss show route terse command ssssss show services ids destination table command 139 show services ids pair table command 139 show services ids source table command
41. source source address gt detail To quit the ping mpls I2vpn command press Ctrl C Alternatively you can use the J Web interface See Checking MPLS Connections from the J Web Interface on page 219 Table 119 CLI ping mpls I2vpn Command Options Option Description I2vpn interface interface name Sends ping requests out the specified interface configured for the Layer 2 VPN on the outbound egress PE router I2vpn instance I2vpn instance name local site id local site id number remote site id remote site id number Pings on a combination of the Layer 2 VPN routing instance name the local site identifier and the remote site identifier testing the integrity of the Layer 2 VPN circuit specified by the identifiers between the inbound ingress and outbound PE routers bottom label ttl Optional Displays the time to live TTL value for the bottom label in the MPLS label stack exp forwarding class Optional Specifies the value of the forwarding class to be used in the MPLS ping packets countnumber Optional Limits the number of ping requests to send Specify a count from O through 1 000 000 The default value is 5 If you do not specify a count ping requests are continuously sent until you press Ctrl C source source address Optional Uses the source address that you specify in the ping request packet detail Optional Displays detailed output about the echo request
42. Configure one or two procurement protocols for each interface The router uses the protocols to send a request for an IP address for the interface m BOOTP Sends requests over all interfaces m RARP Sends requests over Ethernet interfaces m SLARP Sends requests over serial interfaces 1 Next to the interface name click Edit 2 Select one or two protocols to be used by autoinstallation over the interface for example Bootp and Rarp 5 Click OK To set BOOTP and RARP on an Ethernet interface enter set autoinstallation interfaces ge 0 0 0 bootp rarp Verifying Autoinstallation To verify that a Services Router is configured for autoinstallation perform the following task Verifying Autoinstallation Status Purpose 86 m Verifying Autoinstallation Display the status of the autoinstallation feature on a Services Router Chapter 5 Configuring Autoinstallation Action From the CLI enter the show system autoinstallation status command user host gt show system autoinstallation status Autoinstallation status Master state Active Last committed file None Configuration server of last committed file 10 25 100 1 Interface Name ge 0 0 0 State Configuration Acquisition Acquired Address 192 168 124 75 Hostname host ge 000 Hostname source DNS Configuration filename router ge 000 conf Configuration filename server 10 25 100 3 Address acquisition Protocol DHCP Client Acquired add
43. JUNOS System Basics Configuration Guide Interfaces Overview Configuring DS1 DS3 Ethernet and Serial Interfaces Configuring Channelized T1 E1 ISDN PRI Interfaces Configuring Digital Subscriber Line Interfaces Configuring Point to Point Protocol over Ethernet Configuring ISDN JUNOS Network Interfaces Configuration Guide JUNOS Interfaces Command Reference Configuring Link Services Interfaces JUNOS Services Interfaces Configuration Guide JUNOS System Basics and Services Command Reference Configuring VoIP JUNOS Network Interfaces Configuration Guide JUNOS Interfaces Command Reference Configuring uPIMs as Ethernet Switches JUNOS Network Interfaces Configuration Guide JUNOS System Basics Configuration Guide JUNOS System Basics and Services Command Reference Routing Overview Configuring Static Routes Configuring a RIP Network Configuring an OSPF Network Configuring the IS IS Protocol Configuring BGP Sessions JUNOS Routing Protocols Configuration Guide JUNOS Routing Protocols and Policies Command Reference J series Services Router Advanced WAN Access Configuration Guide Multiprotocol Label Switching Overview Configuring Signaling Protocols for Traffic Engineering Configuring Virtual Private Networks Configuring CLNS VPNs JUNOS MPLS Applications Configuration Guide JUNOS Routing Protocols and Policies Command Reference JUNOS VPNs Configuration
44. Loss percentage 0 Measurement Round trip time Minimum 529 usec Maximum 662 usec Average 585 usec Jitter 133 usec Stddev 53 usec The output shows the probe results for the RPM tests configured on the Services Router Verify the following information m Each configured test is displayed Results are displayed in alphabetical order sorted first by owner name and then by test name m The round trip times fall within the expected values for the particular test The minimum round trip time is displayed as Minimum Rtt the maximum round trip time is displayed as Maximum Rtt and the average round trip time is displayed as Average Rtt A high average round trip time might mean that performances problems exist within the network A high maximum round trip time might result in high jitter values m The egress outbound trip times fall within the expected values for the particular test The minimum outbound time is displayed as Minimum egress time the maximum outbound time is displayed as Maximum egress time and the average outbound time is displayed as Average egress time m The ingress inbound trip times fall within the expected values for the particular test The minimum inbound time is displayed as Minimum ingress time the maximum inbound time is displayed as Maximum ingress time and the average inbound time is displayed as Average ingress time m The number of probes sent and received is expected Lost probes might in
45. Remote IP address of the remote DLSw peer DLSw address Monitoring Class of Service Performance The J Web interface provides information about the class of service CoS performance on a router You can view information about the current status of CoS components classifiers CoS value aliases red drop profiles forwarding classes rewrite rules and scheduler maps You can also see the interfaces to which these components are assigned In addition you can display the entire CoS configuration including system chosen defaults by entering the following CLI command show class of service This section contains the following topics m Monitoring CoS Interfaces on page 123 Monitoring CoS Classifiers on page 124 m Monitoring CoS Value Aliases on page 125 m Monitoring CoS RED Drop Profiles on page 126 m Monitoring CoS Forwarding Classes on page 127 m Monitoring CoS Rewrite Rules on page 128 m Monitoring CoS Scheduler Maps on page 129 Monitoring CoS Interfaces To display details about the physical and logical interfaces and the CoS components assigned to them select Monitor Class of Service Interfaces in the J Web interface or enter the following CLI command show class of service interface interface Table 57 on page 124 summarizes key output fields for CoS interfaces Using the Monitoring Tools m 123 J series Services Router Administration Guide Table 57 Summary of Key CoS Interfaces Output Fi
46. Telephony Interface Module See TGM550 Telnet accessing remote accounts CLI 24 setting login retry Ji mits erepti 26 Index mM 307 J series Services Router Administration Guide telnet command 2025 OPONE A veh Latte 2D Telriet SESSION aces see cte oa 2d temperature Chassis rnonitoring 2 i cc ptr ede edes 112 PIM Ir FEC SUMIMALY s recap epo ge er ette 115 Routing Engine too warm 171 template accounts CESCLIPTON Ss deret e ee dtd tones 7 local accounts configuration editor 20 remote accounts configuration editor 19 temporary files cleaning up CUD sae seid ie ote etes 201 clearing up J Web i iet ere 199 displaying SIZe eite rete 110 downloading J Web sssssss 200 for ipacket Ccapt re oc ee ee ente 256 terminal session sending system log messages diagnostics oec oe dotate ote E T sh ts MOMONA E iene eem pcne ette packet capture RPM ted itvatirieibest e ped be SVStEMNMO GS eis oh abt eS Ad tod uoi DEAE haa USB nod tms sco eter dee oe tempesta user authentication csssssssss 5 tests See RPM TFTP for autoinstallavion ins eire rente 85 TGM550 dynamic call admission control CAC Information steer e e NU re tutt 152 Media Gateway Controller MGC list 152 MOMOE A eee Or or ree ets 151 threshold fallifigz s ie eL d d e o Re E 49 LISIDBur se eere qon etta EN USENET OR E 49 SNMP health monitor
47. This chapter contains the following topics For more information about DHCP see the JUNOS System Basics Configuration Guide m DHCP Terms on page 65 m DHCP Overview on page 64 m Before You Begin on page 66 m Configuring the DHCP Server with Quick Configuration on page 66 m Configuring the DHCP Server with a Configuration Editor on page 72 m Verifying a DHCP Server Configuration on page 75 Before configuring the DHCP server on J series Services Routers become familiar with the terms defined in Table 56 on page 64 DHCP Terms m 63 J series Services Router Administration Guide Table 36 DHCP Terms Term Definition binding Collection of configuration parameters including at least an IP address assigned by a DHCP server to a DHCP client A binding can be dynamic temporary or static permanent Bindings are stored in the DHCP server s binding database conflict Problem that occurs when an address within the IP address pool is being used by a host that does not have an associated binding in the DHCP server s database Addresses with conflicts are removed from the pool and logged in a conflicts list until you clear the list DHCP client Host that uses DHCP to obtain an IP address and configuration settings DHCP options Configuration settings sent within a DHCP message from a DHCP server to a DHCP client For a list of DHCP options see RFC 2152 DHCP Options and BOOTP Vendor Extensions DHCP server
48. ingress or outbound egress direction or in both directions Tunnel interfaces can support packet capture in the outbound direction only Use the J Web configuration editor or CLI configuration editor to specify maximum packet size the filename to be used for storing the captured packets maximum file size maximum number of packet capture files and the file permissions See Configuring Packet Capture on an Interface Required on page 259 eo NOTE For packets captured on T1 T3 El E3 serial and ISDN interfaces in the p p outbound egress direction the size of the packet captured might be 1 byte less than the maximum packet size configured because of the packet loss priority PLP bit To modify encapsulation on an interface that has packet capture configured you must first disable packet capture For more information see Changing Encapsulation on Interfaces with Packet Capture Configured on page 262 Firewall Filters for Packet Capture When you enable packet capture on a Services Router all packets flowing in the direction specified in packet capture configuration inbound outbound or both are captured and stored Configuring an interface to capture all packets might degrade Packet Capture Overview M 255 J series Services Router Administration Guide the performance of the Services Router You can control the number of packets captured on an interface with firewall filters and specify various criteria to cap
49. messages Lists the names of all the system log files that you configure By default a log file messages is included in the var log directory For information about how to configure system log files see Sending System Log Messages to a File on page 160 162 1H Monitoring System Log Messages with the J Web Event Viewer Chapter 8 Monitoring Events and Managing System Log Files Table 86 Filtering System Log Messages continued Field Function Your Action Event ID Specifies the Event ID for which you want to display the messages Allows you to type part of the ID and completes the remaining automatically An event ID also known as system log message code uniquely identifies a system log message It begins with a prefix that indicates the generating software process or library To specify events with a specific ID type its partial or complete ID for example TFTPD AF ERR Text in Event Specifies text from the description of events that you want to To specify events with a specific description Description display type a text string from the description with regular expression Allows you to use regular expression to match text from the event description For example type lnitial to display all messages with lines beginning with the term NOTE The regular expression matching is case sensitive Initial For more information about using regular expressions see R
50. 0 Configure port 50000 as the TCP port to which the RPM probes are sent In the Destination port box type 50000 Enter set test tcp test destination port 50000 Router B Configuration Navigate to the Services RPM level in the configuration hierarchy 1 Inthe J Web interface select Configuration View and Edit Edit Configuration 2 Next to Services click Configure or Edit 3 Next to Rpm select the Yes check box 4 Click Configure From the edit hierarchy level enter edit services rpm Configure Router B to act as a TCP server using port 50000 to send and receive TCP probes 1 Next to Probe server click Configure 2 Inthe Tcp box click Configure 5 In the Port box type 50000 4 Click OK Enter set probe server tcp port 50000 Configuring RPM with a Configuration Editor m 281 J series Services Router Administration Guide Table 142 Configuring TCP and UDP Probes continued Task J Web Configuration Editor CLI Configuration Editor Configure Router B to act as a UDP 1 Next to Probe server click Edit Enter server using port 50057 to send and receive UDP probes In the Udp box click Configure Z set probe server udp port 50037 5 Inthe Port box type 50037 4 Click OK Tuning RPM Probes After configuring an RPM probe you can set parameters to control probe functions such as the interval between probes the total number of conc
51. 0 0 chdsl d Return to the CLI operational mode exit user host gt 4 Change the encapsulation on the interface using the J Web or CLI configuration editor See instructions for configuring interfaces in the J series Services Router Basic LAN and WAN Access Configuration Guide 5 Commit the configuration 6 Reenable packet capture following the steps in Enabling Packet Capture Required on page 257 7 Commit the configuration Verifying Packet Capture To verify packet capture perform these tasks m Displaying a Packet Capture Configuration on page 265 m Displaying a Firewall Filter for Packet Capture Configuration on page 264 m Verifying Captured Packets on page 264 Displaying a Packet Capture Configuration Purpose Verify the packet capture configuration Action From the J Web interface select Configuration View and Edit View Configuration Text Alternatively from configuration mode in the CLI enter the show forwarding options command edit user host show forwarding options packet capture file filename pcap file files 100 size 1024 maximum capture size 500 Verifying Packet Capture m 263 J series Services Router Administration Guide Meaning Verify that the output shows the intended file configuration for capturing packets Related Topics For more information about the format of a configuration file see the information about viewing configuration text in the J series Services Rout
52. 0 1 32 qid 2a83aa packet from 192 1 30 2 to 224 0 0 2 from 192 1 30 2 to 192 1 4 1 via group 224 1 1 1 mxhop 60 Mtrace query at Apr 21 16 00 57 by 192 1 30 2 resp to 224 0 1 32 qid 25dc17 packet from 192 1 30 2 to 224 0 0 2 from 192 1 30 2 to 192 1 4 1 via group 224 1 1 1 mxhop 60 Mtrace query at Apr 21 16 01 00 by 192 1 30 2 resp to same qid 20e046 packet from 192 1 30 2 to 224 0 0 2 from 192 1 30 2 to 192 1 4 1 via group 224 1 1 1 mxhop 60 Mtrace query at Apr 21 16 01 10 by 192 1 30 2 resp to same qid 1d25ad packet from 192 1 30 2 to 224 0 0 2 from 192 1 30 2 to 192 1 4 1 via group 224 1 1 1 mxhop 60 Using CLI Diagnostic Commands m 243 J series Services Router Administration Guide This example displays only mtrace queries When the Services Router captures an mtrace response the display is similar but the complete mtrace response is also displayed exactly as it is displayed in mtrace from source command output Table 126 on page 244 summarizes the output fields of the display Table 126 CLI mtrace monitor Command Output Summary Field Description Mtrace operation type at time of day m operation type Type of multicast trace operation query or response m time of day Date and time the multicast trace query or response was captured by IP address of the host issuing the query resp to address address Response destination address gid qid gid Query ID number packet fro
53. 10 10 10 dotted decimal notation set community community name clients 5 Click OK 10 10 10 10 Allow community access to a 1 Next to Clients click Add new entry 1 Configure client access for the IP roup of clients for example all address 10 10 10 0 24 capa within the 2 In the Prefix box type the IP address 10 10 10 0 24 prefix except prefix 10 10 10 0724 and CICKOR set community community name those within the 10 10 10 10 29 3 Next to Clients click Add new entry clients 10 10 10 0 24 prefix 7 4 Inthe Prefix box type the IP address 2 Configure client access to restrict prefix 10 10 10 10 29 the IP addresses 10 10 10 10 29 5 Select the Restrict check box set community community name 6 Click OK clients 10 10 10 10 29 restrict Managing SNMP Trap Groups Required SNMP traps are unsolicited notifications that are generated by conditions on the Services Router When events trigger a trap a notification is sent to the configured clients for that particular trap group To manage a trap group you must create the group specify the types of traps that are included in the group and define one or more targets to receive the trap notifications To configure SNMP trap groups 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 To configure SNMP trap groups perform the configuration tasks described in Table 54 on page 57 56 m Configuring SNMP with a C
54. 111 J Web Ping MPLS Results and Output Summary Field Description Exclamation point 7 Echo reply was received Period Echo reply was not received within the timeout period x Echo reply was received with an error code Errored packets are not counted in the received packets count and are accounted for separately number packets transmitted number Number of ping requests probes sent to a host number packets received number Number of ping responses received from a host percentage packet loss percentage Number of ping responses divided by the number of ping requests specified as a percentage time For Layer 2 circuits only the number of milliseconds required for the ping packet to reach the destination This value is approximate because the packet has to reach the Routing Engine If the Services Router does not receive ping responses from the destination host the output shows a packet loss of 100 percent one of the following explanations might apply 222 HN Checking MPLS Connections from the J Web Interface Chapter 12 Using Services Router Diagnostic Tools m The host is not operational m There are network connectivity problems between the Services Router and the host m The host might be configured to ignore echo requests m The host might be configured with a firewall filter that blocks echo requests or echo responses m The size of the echo request packet exceeds the MTU
55. 13429 seconds Call direction Dialin Baud rate 33600 bps Most recent error code NO CARRIER Logical interface umd0 0 Index 2 SNMP ifIndex 34 Generation 1 Flags Point To Point SNMP Traps Encapsulation PPP Subordinate Meaning The output shows a summary of interface information and displays the modem status Verify the following information m The physical interface is Enabled If the interface is shown as Disabled do either of the following a Inthe CLI configuration editor delete the disable statement at the edit interfaces interface name level of the configuration hierarchy Verifying a USB Modem Interface m 43 J series Services Router Administration Guide Related Topics m Inthe J Web configuration editor clear the Disable check box on the Interfaces interface name page a The physical link is Up A link state of Down indicates a problem with the interface module interface port or physical connection link layer errors m The Last Flapped time is an expected value The Last Flapped time indicates the last time the physical interface became unavailable and then available again Unexpected flapping indicates likely link layer errors m The traffic statistics reflect expected input and output rates Verify that the number of inbound and outbound bytes and packets matches expected throughput for the physical interface To clear the statistics and see only new changes use the clear interfaces statisti
56. 156 Monitoring IPSec Tunnels on page 140 Monitoring NAT Pools on page 142 m Monitoring DHCP on page 143 m Monitoring RPM Probes on page 145 m Monitoring PPP on page 147 m Monitoring PPPoE on page 148 m Monitoring the TGM550 Media Gateway VoIP on page 151 Monitoring System Properties The system properties include everything from the name and IP address of the Services Router to the resource usage on the Routing Engine To view these system properties select Monitor System in the J Web interface or enter the following CLI show commands m Show system uptime m Show system users m Show system storage Table 48 on page 107 summarizes key output fields in system properties displays Table 48 Summary of Key System Properties Output Fields Field Additional Information System Identification Serial Serial number for the J series Services Router Number JUNOS Version of JUNOS software active on the Services Export software is for use outside of the U S and Software Router including whether the software is for domestic Canada Version or export use Using the Monitoring Tools m 107 J series Services Router Administration Guide Table 48 Summary of Key System Properties Output Fields continued Field Values Additional Information Router Hostname of the Services Router as defined with the Hostname set system hostname command Router IP IP address in dotted decimal notation
57. 5 on page 10 shows the Users Quick Configuration page Figure 3 Users Quick Configuration Page ERROR Unresolved graphic fileref s020243 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To configure system authentication with Quick Configuration 1 Inthe J Web interface select Configuration gt Quick Configuration gt Users 2 Under Authentication Servers select the check box next to each authentication method the router must use when users log in m RADIUS m TACACS m Local Password 3 Click one of the following buttons on the Users Quick Configuration page m To apply the configuration and stay in the Users Quick Configuration page click Apply m To apply the configuration and return to the Quick Configuration page click OK m To cancel your entries and return to the Quick Configuration page click Cancel 10 m Managing User Authentication with Quick Configuration Adding New Users Chapter 1 Managing User Authentication and Access You can use the Users Quick Configuration page for user information to add new users to a Services Router for the user and specify a Figure 4 on page 11 show For each account you define a login name and password login class for access privileges s the Quick Configuration page for adding a user Figure 4 Add a User Quick Configuration Page ERROR Unresolved graphic fileref 5020244 gif not found in teamsite 1 default
58. Address Specifies the source address of the ping request packet Type the source IP address Time to Live Specifies the time to live TTL hop count for the ping request packet From the list select the TTL Bypass Routing Determines whether ping requests are routed by means of the routing table If the routing table is not used ping requests are sent only to hosts on the interface specified in the Interface box If the host is not on that interface ping responses are not sent m To bypass the routing table and send the ping requests to hosts on the specified interface only select the check box m Toroute the ping requests using the routing table clear the check box Figure 21 Ping Host Results Page ERROR Unresolved graphic fileref 5020254 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Pinging Hosts from the J Web Interface m 217 J series Services Router Administration Guide Ping Host Results and Output Summary Table 109 on page 218 summarizes the output in the ping host display If the Services Router receives no ping responses from the destination host review the list after Table 109 on page 218 for a possible explanation Table 109 J Web Ping Host Results and Output Summary Ping Host Result Description bytes bytes from ip address m Xbytes Size of ping response packet which is equal to the value you entered in the Packe
59. Administration Guide Table 10 Add a User Quick Configuration Page Summary continued Field Function Your Action Login Password required The login password for this Type the login password for this user The login password must user meet the following criteria m The password must be at least 6 characters long You can include most character classes in a password alphabetic numeric and special characters except control characters m The password must contain at least one change of case or character class Verify Login Password required Verifies the login password Retype the login password for this user for this user Managing User Authentication with a Configuration Editor This section contains the following topics m Setting Up RADIUS Authentication on page 12 m Setting Up TACACS Authentication on page 15 m Configuring Authentication Order on page 15 m Controlling User Access on page 16 m Setting Up Template Accounts on page 18 Setting Up RADIUS Authentication 12 To use RADIUS authentication you must configure at least one RADIUS server The procedure provided in this section identifies the RADIUS server specifies the secret password of the RADIUS server and sets the source address of the Services Router s RADIUS requests to the loopback address of the router The procedure uses the following sample values m The RADIUS server s IP address is 172 16 98 1 m The RADIUS serv
60. Dial In Required To enable connections to the USB modem from a remote location you must configure the dialer interfaces set up for USB modem use to accept incoming calls You can configure a dialer interface to accept all incoming calls or accept only calls from one or more caller IDs If the dialer interface is configured to accept only calls from a specific caller ID the Services Router matches the incoming call s caller ID against the caller IDs configured on its dialer interfaces If an exact match is not found and the incoming call s caller ID has more digits than the configured caller IDs the Services Router performs a right to left match of the incoming call s caller ID with the configured caller IDs and accepts the incoming call if a match is found For example if the incoming call s caller ID is 4085550115 and the caller ID configured on a dialer interface is 5550115 the incoming call is accepted Each dialer interface accepts calls from only callers whose caller IDs are configured on it To configure a dialer interface for dial in 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 27 on page 37 36 1H Configuring USB Modem Interfaces with a Configuration Editor Chapter 2 Setting Up USB Modems for Remote Management 5 If you are finished configuring the router commit the configuration 4 To verify that the networ
61. El CS i e erre Rit tiere eta toate 79 dialer interfaces one e eg te edes 44 firewall filter for packet capture 264 host reachability ED tte dte th tetto 250 host reachability J Web 00 cee 216 ESPS 9 WebY ttt packet capture RPM configuration RPM probe servers RPM statistics SNMB1 6 t Ahaha anid the cse A SNMP health monitor raceroute command dd ote tern 257 raceroute monitor command 257 racing multicast paths 241 USB modem interfaces 45 Index mM 309 J series Services Router Administration Guide version hardware displaying ssssse PPPOE information about software displaying ssssssss VIEW EVENTS PAGO cx ste RESO m tau gas field summary filtering log messages 162 field summary viewing log messages 164 VIEWS SNMP id edere tni n enne vini 58 VoIP voice over IP monitoring ee 151 VPNs virtual private networks DHCP support on INET LACES s oett cte so cutie ib bp detta 66 Ww warning logging SeVErity ec eee eeeeeneees 158 WinZip utility for compact flash recovery 192 world readable statement sss 161 X XML See commit scripts operation scripts XSLT See commit scripts operation scripts Y yellow alarms See minor alarms 310 m index
62. Gateway Controllers MGCs configured on the TGM550 To display TGM550 information select Monitor Media Gateway in the J Web interface Alternatively enter the following commands in the CLI operational mode Using the Monitoring Tools m 151 J series Services Router Administration Guide m Show tgm dynamic call admission control m Show tgm fpc slot number media gateway controller m Show tgm fpc slot number dsp capacity m Show tgm telephony interace module status Table 79 on page 152 summarizes key output fields in media gateway information displays Table 79 Summary of Key Media Gateway Information Output Fields Field Values Additional Information Dynamic Call Admission Control Information Reported Bearer Bandwidth Limit Maximum bandwidth available for voice traffic on the Services Router If dynamic CAC is configured on more than one active interface the TGM550 reports the bearer bandwidth limit BBL of the active interface with the highest activation priority If more than one active interface has the same activation priority the BBL is reported as the number of those interfaces times their lowest BBL For example if two interfaces with the same activation priority have BBLs of 2000 Kbps and 1500 Kbps the RBBL is 5000 Kbps 2 x 1500 Kbps Interface Name Name of interface on which dynamic CAC is configured See the interface naming conventions in the J series Servi
63. Inthe Next server box type 192 168 2 5 From the edit hierarchy level enter edit system services dhcp edit system services dhcp next server 192 168 2 5 Define the IP address pool 1 Next to Pool click Add new entry 2 Inthe Subnet address box type 192 168 2 0 24 5 Next to Address range select the check box Next to Address range click Configure In the High box type 192 168 2 254 In the Low box type 192 168 2 2 DOWN SUN rs Click OK Set the IP address pool range set pool 192 168 2 0 24 address range low 192 168 2 2 high 192 168 2 254 Define the default and maximum lease times in seconds From the Default lease time list select Enter Specific Value 2 Inthe Length box type 1209600 5 From the Maximum lease time list select Enter Specific Value 4 Next to Maximum lease time type 2419200 Set the default and maximum lease times set pool 192 168 2 0 24 default lease time 1209600 maximum lease time 2419200 Define the domain search suffixes to be used by the clients 1 Next to Domain search click Add new entry 2 In the Suffix box type mycompany net 5 Click OK 4 Next to Domain search click Add new entry 5 Inthe Suffix box type mylab net 6 Click OK Set the domain search suffixes set pool 192 168 2 0 24 domain search mycompany net set pool 192 168 2 0 24 domain search mylab net Exclude addresses from the IP address p
64. M 65 J series Services Router Administration Guide Before You Begin DHCP is not supported on interfaces that are part of a virtual private network VPN Before you begin configuring the Services Router as a DHCP server complete the following tasks Determine the IP address pools and the lease durations to use for each subnet Obtain the MAC addresses of the clients that require permanent IP addresses Determine the IP addresses to use for these clients List the IP addresses that are available for the servers and routers on your network DNS NetBIOS servers boot servers and gateway routers for example Determine the DHCP options required by the subnets and clients in your network Configuring the DHCP Server with Quick Configuration 66 Before You Begin The DHCP Quick Configuration pages allow you to configure DHCP pools for subnets and static bindings for DHCP clients If DHCP pools or static bindings are already configured you can use the Configure Global DHCP Parameters Quick Configuration page to add settings for these pools and static bindings Settings that have been previously configured for DHCP pools or static bindings are not overridden when you use the Configure Global DHCP Parameters Quick Configuration page Figure 8 on page 67 through Figure 10 on page 69 show the DHCP Quick Configuration pages Chapter 4 Configuring the Router as a DHCP Server Figure 8 DHCP Quick Configuration Main Page ROUTE
65. PPPoE sessions Using the Monitoring Tools m 149 J series Services Router Administration Guide Table 78 Summary of Key PPPoE Output Fields continued Field Values Additional Information Packet Type Packets sent and received during the PPPoE session categorized by packet type and packet error m PADI PPPOE Active Discovery Initiation packets m PADO PPPOE Active Discovery Offer packets m PADR PPPOE Active Discovery Request packets m PADS PPPOE Active Discovery Session Confirmation packets m PADT PPPOE Active Discovery Terminate packets m Service Name Error Packets for which the Service Name request could not be honored m AC System Error Packets for which the access concentrator experienced an error in processing the host request For example the host had insufficient resources to create a virtual circuit W Generic Error Packets that indicate an unrecoverable error occurred m Malformed Packet Malformed or short packets that caused the packet handler to disregard the frame as unreadable m X Unknown Packet Unrecognized packets Sent Number of the specific type of packet sent from the PPPOE client Received Number of the specific type of packet received by the PPPoE client Timeout Information about the timeouts that occurred during the PPPoE session m PADI Number of timeouts that occurred for the PADI packet m PADO Number of timeouts t
66. Peers Peer Address of each BGP peer InPkt Number of packets received from the peer OutPkt Number of packets sent to the peer Flaps Number of times a BGP session has changed state from A high number of flaps might indicate a problem with Down to Up the interface on which the BGP session is enabled Last Last time that a session became available or If the BGP session is unavailable this time might be Up Down unavailable since the neighbor transitioned to or from useful in determining when the problem occurred the established state State A multipurpose field that displays information about BGP peer sessions The contents of this field depend upon whether a session is established m If a peer is not established the field shows the state of the peer session Active Connect or Idle m Ifa BGP session is established the field shows the number of active received and damped routes that are received from a neighbor For example 2 4 0 indicates two active routes four received routes and no damped routes BGP Neighbors Peer Address of the BGP neighbor AS AS number of the peer Type Type of peer Internal or External State Current state of the BGP session Generally the most common states are Active which xa BINE TCP LA indicates a problem establishing the BGP conenction cave BGP ds iitiatinga eae inan and Established which indicates a successful session een See n Spese VRE CONNECHON IS setup The o
67. RADIUS and Terminal Access Controller Access Control System Plus TACACS With local password authentication you configure a password for each user allowed to log into the Services Router RADIUS and TACACS are authentication methods for validating users who attempt to access the router using Telnet Both are distributed client server systems the RADIUS and TACACS clients run on the router and the server runs on a remote network system You can configure the router to use RADIUS or TACACS authentication or both to validate users who attempt to access the router If you set up both authentication methods you also can configure which the router will try first User accounts provide one way for users to access the Services Router Users can access the router without accounts if you configured RADIUS or TACACS servers as described in Managing User Authentication with Quick Configuration on page 8 and Managing User Authentication with a Configuration Editor on page 12 After you have created an account the router creates a home directory for the user An account for the user root is always present in the configuration For information about configuring the password for the user root see the Getting Started Guide for your router For each user account you can define the following m Username Name that identifies the user It must be unique within the router Do not include spaces colons or commas in the username m U
68. Router When a Services Router is powered on for the first time it performs the following autoinstallation tasks 1 The new Services Router sends out DHCP BOOTP RARP or SLARP requests on each connected interface simultaneously to obtain an IP address If a DHCP server responds it provides the router with some or all of the following information An IP address and subnet mask for the autoinstallation interface The location of the TFTP typically Hypertext Transfer Protocol HTTP or FTP server on which the configuration file is stored The name of the configuration file to be requested from the TFTP server The IP address or hostname of the TFTP server If the DHCP server provides only the hostname a DNS server must be available on the network to resolve the name to an IP address The IP address of an intermediate router if the configuration server is on a different LAN segment from the new router Autoinstallation Overview m 83 J series Services Router Administration Guide Before You Begin 84 m Before You Begin After the new Services Router acquires an IP address the autoinstallation process on the router attempts to download a configuration file in the following ways a If the DHCP server specifies the host specific configuration file boot file hostname conf the router uses that filename in the TFTP server request In the filename hostname is the hostname of the new router The autoinstallatio
69. See the interface naming conventions in the J series Services Router Basic LAN and WAN Access Configuration Guide From the list select the Services Router interface on which ping requests are sent If you select any the ping requests are sent on all interfaces Source Address Specifies the source address of the ping request packet Type the source IP address a valid address configured on a Services Router interface Count Specifies the number of ping requests to send From the list select the number of ping requests to send The default is 5 requests Detailed Output Requests the display of extensive rather than brief ping output Select the check box to display detailed output 220 HN Checking MPLS Connections from the J Web Interface Table 110 J Web Ping MPLS Field Summary continued Chapter 12 Using Services Router Diagnostic Tools Field Function Your Action Instance to which this connection belongs Layer 2VPN Identifies the Layer 2 VPN to ping Type the name of the VPN to ping Name Remote Site Specifies the remote site identifier of the Layer 2 Type the remote site identifier for the VPN Identifier VPN to ping Source Address Specifies the source address of the ping request packet Type the source IP address a valid address configured on a Services Router interface Local Site Specifies the local site identifier of the Layer 2 VPN Type the l
70. Services Router Administration Guide 98 1H Running Self Diagnostics with Event Policies Part 2 Monitoring a Services Router m Monitoring the Router and Routing Operations on page 101 m Monitoring Events and Managing System Log Files on page 155 m Configuring and Monitoring Alarms on page 165 Monitoring a Services Router MN 99 J series Services Router Administration Guide 100 1H Monitoring a Services Router Chapter 7 Monitoring the Router and Routing Operation J S series Services Routers support a suite of J Web tools and CLI operational mode commands for monitoring system health and performance Monitoring tools and commands display the current state of the router This chapter contains the following topics For complete descriptions of CLI operational mode commands see the JUNOS System Basics and Services Command Reference the JUNOS Interfaces Command Reference and the JUNOS Routing Protocols and Policies Command Reference Monitoring Terms on page 101 Monitoring Overview on page 101 m Before You Begin on page 106 m Using the Monitoring Tools on page 107 Monitoring Terms Before monitoring J series Services Routers become familiar with the terms defined in Table 46 on page 101 Table 46 J series Monitoring Terms Term Definition autonomous system AS Network of nodes that route packets based on a shared map of the network topology stored in their local databases Inte
71. Set Select a service set to display information for only the set Alternatively enter the following CLI show commands m Show services ids destination table m Show services ids source table m Show services ids pair table Using the Monitoring Tools MN 139 J series Services Router Administration Guide Table 75 on page 140 summarizes key output fields for stateful firewall filter intrusion detection Table 73 Summary of Key Firewall IDS Output Fields Field Values Source Address Source address for the event Destination address Destination address for the event Time Total time the information has been in the IDS table Bytes Total number of bytes sent from the source to the destination address in thousands k or millions m Packets Total number of packets sent from the source to the destination address in thousands k or millions m Flows Total number of flows of packets sent from the source to the destination address in thousands k or millions m Anomalies Total number of anomalies in the anomaly table in thousands k or millions m Application Configured application such as FTP or Telnet Monitoring IPSec Tunnels IPSec tunnel information includes information about active IPSec tunnels configured on the Services Router as well as traffic statistics through the tunnels To view IPSec tunnel information select Monitor IPSec in the J Web interface or
72. The remote endpoint of the connection has failed A FERF differs from a yellow alarm because the failure can be any failure not just an out of frame OOF or loss of signal LOS failure ferf Idle alarm The Idle signal is being received from the remote endpoint idle Line code violation Either the line encoding along the T5 link is corrupted or a mismatch between the encoding at the local and remote endpoints of a T5 connection occurred Icv Loss of frame An out of frame OOF or loss of signal LOS condition has existed for 10 seconds The loss of frame LOF failure is cleared when no OOF or LOS defects have occurred for 20 seconds A LOF failure is also called a red failure lof Loss of signal No remote T3 signal is being received at the T3 interface los Phase locked loop out of lock The clocking signals for the local and remote endpoints no longer operate in lock step pll Yellow alarm The remote endpoint is in red alarm failure This condition is also known as a far end alarm failure ylw 170 m Chassis Alarm Conditions and Corrective Actions Table 90 on page 171 lists chassis components with preset alarms the conditions that can trigger an alarm the alarm severity and the action you take to correct the condition Alarm Overview Chapter 9 Configuring and Monitoring Alarms Table 90 Chassis Alarm Conditions and Corrective Actions Component A
73. To delete a commit script 1 From configuration mode in the CLI enter the following command user host delete system scripts commit filename xsl 2 Commit the configuration user host commit commit complete To deactivate a commit script 1 From configuration mode in the CLI enter the following command user host deactivate system scripts commit filename xsl 2 Commit the configuration user host commit Defining and Enforcing Configuration Rules with Commit Scripts M 91 J series Services Router Administration Guide commit complete Se NOTE You can later reactivate the commit script using the activate system scripts commit filename xs command Automating Network Management and Troubleshooting with Operation Scripts Operation scripts are scripts that you write to automate network management and troubleshooting tasks They can perform any function available through JUNOScript remote procedure calls RPCs This section contains the following topics m Operation Script Overview on page 92 m Enabling Operation Scripts on page 95 m Executing Operation Scripts on page 95 m Disabling Operation Scripts on page 94 Operation Script Overview You can execute operation scripts from the JUNOS CLI or from within an event policy For information about event policies see Running Self Diagnostics with Event Policies on page 94 Operation scripts allow you to perform various actions including the follo
74. Total request varbinds 227084 Total set varbinds 67 Verifying the SNMP Configuration Meaning Related Topics Chapter 3 Configuring SNMP for Network Management Get requests 44942 Get nexts 190371 Set requests 10712 Get responses 0 Traps O Silent drops 0 Proxy drops 0 Commit pending drops 0 Throttle drops 0 V3 Input Unknown security models 0 Invalid messages 0 Unknown pdu handlers 0 Unavailable contexts 0 Unknown contexts 0 Unsupported security levels 1 Not in time windows 0 Unknown user names 0 Unknown engine ids 44 Wrong digests 23 Decryption errors 0 Output Packets 246093 Too bigs 0 No such names 31561 Bad values 0 General errors 2 Get requests 0 Get nexts 0 Set requests O0 Get responses 246025 Traps 0 The output shows a list of the SNMP statistics including details about the number and types of packets transmitted Verify the following information The number of requests and traps is increasing as expected with the SNMP client configuration Under Bad community names the number of bad invalid communities is not increasing A sharp increase in the number of invalid community names generally means that one or more community strings are configured incorrectly For a complete description of show snmp statistics output see the JUNOS System Basics and Services Command Reference Verifying SNMP Health Monitor Configuration Verify that the SNMP health
75. and click Edit 4 Next to Filter click Configure 5 In the Output box type dest all 6 Click OK until you return to the Interfaces page Enter set interfaces fe 0 0 1 unit O family inet filter output dest all 260 m Configuring Packet Capture with a Configuration Editor Chapter 13 Configuring Packet Capture NOTE If you apply a firewall filter on the loopback interface it affects all traffic to and from the Routing Engine If the firewall filter has a sample action packets to and from the Routing Engine are sampled If packet capture is enabled then packets to and from the Routing Engine are captured in the files created for the input and output interfaces Disabling Packet Capture You must disable packet capture before opening the packet capture file for analysis or transferring the file to an external device Disabling packet capture ensures that the internal file buffer is flushed and all the captured packets are written to the file To disable packet capture 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 157 on page 261 5 If you are finished configuring the router commit the configuration Table 137 Disabling Packet Capture Task J Web Configuration Editor CLI Configuration Editor Navigate to the Forwarding options 1 Inthe J Web interface select From the edit hierarchy level
76. as an encrypted value in the configuration database In the Secret box type the shared secret of the TACACS server Tacacssecret1 Set the shared secret of the TACACS server set tacplus server 172 16 98 24 secret Tacacssecret1 Specify the source address to be included in the TACACS server requests by the router In most cases you can use the loopback address of the router In the Source address box type the loopback address of the router 10 0 0 1 Set the router s loopback address as the source address set tacplus server 172 16 98 24 source address 10 0 0 1 14 m Managing User Authentication with a Configuration Editor Chapter 1 Managing User Authentication and Access Configuring Authentication Order The procedure provided in this section configures the Services Router to attempt user authentication with the local password first then with the RADIUS server and finally with the TACACS server To configure authentication order 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 13 on page 15 If you are finished configuring the network commit the configuration To completely set up RADIUS or TACACS authentication you must configure at least one RADIUS or TACACS server and create user template accounts Go on to one of the following procedures m To configure a RADIUS se
77. carrier signal EO Disables the display on the local terminal of commands issued to the modem from he local terminal QO Enables the display of result codes amp Q8 Enables Microcom Networking Protocol MNP error control mode USB Modem Overview M 31 J series Services Router Administration Guide Table 23 J series Default Modem Initialization Commands continued Modem Command Description CO Disables data compression When the Services Router applies the modem AT commands in the initcommand string command or the default sequence of initialization commands to the modem it compares them to the initialization commands already configured on the modem and makes the following changes m If the commands are the same the router overrides existing modem values that do not match For example if the initialization commands on the modem include SO 0 and the router s init command string command includes SO 2 the Services Router applies SO 2 m If the initialization commands on the modem do not include a command in the router s initcommand string command the router adds it For example if the init command string command includes the command L2 but the modem commands do not include it the router adds L2 to the initialization commands configured on the modem USB Modem Connection and Configuration Overview To use USB modems to remotely manage a Services Router you perform the tasks listed in Table 24 on page 52 Fo
78. contains the following topics m Defining Login Classes on page 16 m Creating User Accounts on page 17 Defining Login Classes You can define any number of login classes You then apply one login class to an individual user account as described in Creating User Accounts on page 17 and Setting Up Template Accounts on page 18 The procedure provided in this section creates a sample login class named operator and boot with the following privileges m Theoperator and boot login class can reboot the Services Router using the request system reboot command m The operator and boot login class can also use commands defined in the clear network reset trace and view permission bits For more information see Permission Bits on page 5 To define login classes 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 14 on page 16 5 If you are finished configuring the network commit the configuration 4 Goon to one of the following procedures m To create user accounts see Creating User Accounts on page 17 m To create shared user accounts see Setting Up Template Accounts on page 18 Table 14 Defining Login Classes Task J Web Configuration Editor CLI Configuration Editor Navigate to the System Login level in the configuration hierarchy 1 Inthe J Web interface select Configuration gt View F
79. dialer interface 1 Next to Ppp options click Enter and specify a unique profile name Configure containing a client list and access parameters for example usb modem access profile 5 Inthe Access profile box type usb modem access profile set ppp options chap access profile N h lick fi R exto Chaps cier Conhigure usb modem access profile NOTE Do not configure the passive option from the edit interfaces dlO unit 4 Click OK O ppp options chap hierarchy level 38 1H Configuring USB Modem Interfaces with a Configuration Editor Chapter 2 Setting Up USB Modems for Remote Management Connecting to the Services Router from the User End a NOTE These instructions describe connecting to the Services Router from a remote PC or laptop computer running Microsoft Windows XP If your remote PC or laptop computer does not run Microsoft Windows XP see the documentation for your operating system and enter equivalent commands This section contains the following topics m Configuring a Dial Up Modem Connection at the User End on page 39 m Connecting to the Services Router from the User End on page 40 Configuring a Dial Up Modem Connection at the User End To remotely connect to the USB modem connected to the USB port on the Services Router you must configure a dial up modem connection on the PC or laptop computer at your remote location Configure the dial up modem connection properties to disable IP header compres
80. display Table 54 Summary of Key OSPF Routing Output Fields Field Values Additional Information OSPF Neighbors Address Address of the neighbor Interface Interface through which the neighbor is reachable State State of the neighbor Attempt Down Exchange ExStart X Generally only the Down state indicating a failed OSPF Full Init Loading or 2way adjacency and the Full state indicating a functional adjacency are maintained for more than a few seconds The other states are transitional states that a neighbor is in only briefly while an OSPF adjacency is being established ID Router ID of the neighbor Priority Priority of the neighbor to become the designated router Dead Number of seconds until the neighbor becomes unreachable OSPF Interfaces Interface Name of the interface running OSPF State State of the interface BDR Down DR DRother Loop The Down state indicating that the interface is not PtToPt or Waiting functioning and PtToPt state indicating that a point to point connection has been established are the most common states Using the Monitoring Tools m 119 J series Services Router Administration Guide Table 54 Summary of Key OSPF Routing Output Fields continued Field Values Additional Information Area Number of the area that the interface is in DR ID Address of the area s designated router BDR ID Address of the area s backup designated router
81. display 5 Doone ofthe following m To stop capturing the packets and stay on the same page while the decoded packet headers are being displayed click Stop Capturing Capturing and Viewing Packets with the J Web Interface Chapter 12 Using Services Router Diagnostic Tools m Tostop capturing packets and return to the Packet Capture page click OK Figure 24 Packet Capture Page ERROR Unresolved graphic fileref 5020267 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Table 114 Packet Capture Field Summary Field Function Your Action Interface Specifies the interface on which the packets are captured If you select default packets on the Ethernet management port 0 are captured From the list select an interface for example ge 0 0 0 Detail level Specifies the extent of details to be displayed for the packet headers m Brief Displays the minimum packet header information This is the default m Detail Displays packet header information in moderate detail m Extensive Displays the maximum packet header information From the list select Detail Packets Specifies the number of packets to be captured Values range from 1 to 1000 Default is 10 Packet capture stops capturing packets after this number is reached From the list select the number of packets to be captured for example 10 Addresses Specifies the addre
82. display the session status for PPPoE interfaces cumulative statistics for all PPPoE interfaces on the Services Router and the PPPoE version configured on the Services Router select Monitor gt PPPoE in the J Web interface To view interface specific properties in the J Web interface select the interface name on the PPPoE page Alternatively enter the following CLI commands m Show pppoe interfaces m show pppoe statistics m Show pppoe version Table 78 on page 148 summarizes key output fields in PPPoE displays You can also view status information about the PPPoE interface by selecting Monitor gt Interfaces gt ppO Alternatively enter the show interfaces ppO command For more information about key output fields see Monitoring the Interfaces on page 115 Table 78 Summary of Key PPPoE Output Fields Field Values Additional Information PPPoE Interfaces Interface Name of the PPPoE interface Click the interface name to display PPPoE information for the interface See the interface naming conventions in the J series Services Router Basic LAN and WAN Access Configuration Guide State State of the PPPoE session on the interface Session ID Unique session identifier for the PPPoE session To establish a PPPoE session first the Services Router acting as a PPPoE client obtains the Ethernet address of the PPPoE server or access concentrator and then the client and the server negotiate a unique sessi
83. e tsp ed 194 wWithuthe CLM yx So Atte denian ttt ees 195 rebooting WILDL JEW ED iu PEE ESEE SAET 194 with the CLl nsu tecti eg tene Paper hetero etas 195 recovering compact flash See compact flash recovery red alarms See major alarms red Alarms indicator in J Web sssssssssses 174 RED dtEop profiles C69 5 ee retirer erbe t 126 registration form for software upgrades 179 181 regular expressions for filtering system logs 158 relational operators for multicast traffic 250 release notes URL XV remote accounts accessing with SSH CLD sssssssss 25 accessing with Telnet CLD ssssse 24 remote template accounts sssssssssse 19 remote connection to router connecting USB modem to router 55 See also USB modem connections connecting USB modem to user management devi edere stasis ree rto E Reed tortue degute 39 See also USB modem connections remote management with USB modems 29 See also USB modem connections USB modems remote monitoring RMON See SNMP health monitor remote server upgrading from 182 remote template ACCOUNTS errereen 19 reported BBE RBBIJ 1 egest ettet tet eit e 152 request interface modem reset umd0 command 42 request system halt commandi assise 196 ojeinlo g ue M D 196 request system reboot command 195 ODLOFS cicer tegat erboy equ fe fece esate 195 request sys
84. encryption key juniperone Verifying EEPROM stored encryption key 4 Atthe second prompt reenter the new encryption key 206 1H Encrypting and Decrypting Configuration Files Part 4 Diagnosing Performance and Network Problems m Using Services Router Diagnostic Tools on page 209 m Configuring Packet Capture on page 255 m Configuring RPM Probes on page 267 Diagnosing Performance and Network Problems m 207 J series Services Router Administration Guide 208 1H Diagnosing Performance and Network Problems Chapter 12 Using Services Router Diagnostic Tools Diagnostic Terms J series Services Routers support a suite of J Web tools and CLI operational mode commands for evaluating system health and performance Diagnostic tools and commands test the connectivity and reachability of hosts in the network This chapter contains the following topics For complete descriptions of CLI operational mode commands see the JUNOS System Basics and Services Command Reference the JUNOS Interfaces Command Reference and the JUNOS Routing Protocols and Policies Command Reference m Diagnostic Terms on page 209 m Diagnostic Tools Overview on page 210 m Before You Begin on page 215 m Pinging Hosts from the J Web Interface on page 216 m Checking MPLS Connections from the J Web Interface on page 219 m Tracing Unicast Routes from the J Web Interface on page 225 m Capturing and Viewing Packets with the J Web Interface on page 226 m Using
85. enter the monitor interface interface name command are determined by the interface you specify user host gt monitor interface traffic Interface Link Input packets Cpps Output packets Cpps fe 0 0 0 Up 42334 5 23306 3 fe 0 0 1 Up 587525876 12252 589621478 12891 Using the monitor traffic Command Use the CLI monitor traffic command to display packet headers transmitted through network interfaces Li NOTE Using the monitor traffic command can degrade Services Router performance We recommend that you use filtering options such as count and matching to minimize the impact to packet throughput on the Services Router 246 Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Enter the monitor traffic command with the following syntax Table 129 on page 247 describes the monitor traffic command options userGhost gt monitor traffic lt absolute sequence gt count number interface interface name layer2 headers matching expression lt no domain names gt lt no promiscuous gt lt no resolve gt no timestamp print ascii lt print hex gt lt size bytes gt lt brief detail extensive gt To quit the monitor traffic command and return to the command prompt press Ctrl C If you want to capture and view packet headers using the J Web interface see Capturing and Viewing Packets with the J Web Interface on page 226 Table 129 CLI monitor traffic Co
86. error or failure m Type Category to which the message belongs condition that might require corrective m Severity Level of severity action m Event Indicates a condition or occurrence that does not generally require corrective action Event Displays a more detailed explanation of the message Description Severity Severity level of a message is indicated by different colors A severity level indicates how seriously the Unknown Gray Indicates no severity level is specified Debug Info Notice Green Indicates conditions that are not errors but are of interest or might warrant special handling m Warning Yellow Indicates conditions that warrant monitoring m Error Blue Indicates standard error conditions that generally have less serious consequences than errors in the emergency alert and critical levels m Critical Pink Indicates critical conditions such as hard drive errors m Alert Orange Indicates conditions that require immediate correction such as a corrupted system database m Emergency Red Indicates system panic or other conditions that cause the routing platform to stop functioning triggering event affects routing platform functions When you configure a location for logging a facility you also specify a severity level for the facility Only messages from the facility that are rated at that level or higher are logged to the specified file 164 1H Monitoring System Log Mes
87. for a Services Router configured for autoinstallation The autoinstallation process begins anytime a Services Router is powered on and cannot locate a valid configuration file in the compact flash Typically a configuration file is unavailable when a Services Router is powered on for the first time or if the configuration file is deleted from the compact flash The autoinstallation feature enables you to deploy multiple Services Routers from a central location in the network For the autoinstallation process to work you must store one or more host specific or default configuration files on a configuration server in the network and have a service available typically Dynamic Host Configuration Protocol DHCP to assign an IP address to the Services Router Autoinstallation takes place automatically when you connect an Ethernet or serial port on a new router to the network and power on the router To simplify the process you can explicitly enable autoinstallation on a router and specify a configuration server an autoinstallation interface and a protocol for IP address acquisition This overview contains the following topics m Supported Autoinstallation Interfaces and Protocols on page 82 m Typical Autoinstallation Process on a New Services Router on page 85 llation Interfaces and Protocols Before autoinstallation on a Services Router can take place the router must acquire an IP address The protocol or protocols you choose for IP addr
88. format of a configuration file see the J series Services Router Basic LAN and WAN Access Configuration Guide Verifying the DHCP Binding Database 76 m Purpose Action Verify that the DHCP binding database reflects your DHCP server configuration From operational mode in the CLI to display all active bindings in the database enter the show system services dhcp binding command To display all bindings in the database including their current binding state enter the show system services dhcp binding detail command To display more information about a client including its DHCP options enter the show system services dhcp binding ip address detail command replacing ip address with the IP address of the client The DHCP binding database resulting from the configuration defined in Configuring the DHCP Server with a Configuration Editor on page 72 is displayed in the following sample output To clear the DHCP binding database enter the clear system services dhcp binding command To remove a specific entry from the DHCP binding database enter the clear system services dhcp binding ip address command replacing ip address with the IP address of the client You can also use the J Web interface to view information in the DHCP binding database For more information see Monitoring DHCP on page 143 user host gt show system services dhcp binding Verifying the DHCP Binding Database Meaning Related Topics Chapter 4 C
89. from a Services Router operating as the inbound node at the entry point of an LSP or VPN the router sends probe packets into the LSP or VPN Based on how the LSP or VPN outbound node at the remote endpoint of the connection replies to the probes you can determine the connectivity of the LSP or VPN Each probe is an echo request sent to the LSP or VPN exit point as an MPLS packet with a UDP payload If the outbound node receives the echo request it checks the contents of the probe and returns a value in the UDP payload of the response packet If the Services Router receives the response packet it reports a successful ping response Responses that take longer than 2 seconds are identified as failed probes Alternatively you can use the J Web ping MPLS tool For more information see Checking MPLS Connections from the J Web Interface on page 219 Before using ping mpls commands in your network read Ping MPLS Preparation on page 215 232 Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools The ping mpls commands diagnose the connectivity of MPLS and VPN networks in the following ways m Pinging RSVP Signaled LSPs and LDP Signaled LSPs on page 233 m Pinging Layer 5 VPNs on page 254 m Pinging Layer 2 VPNs on page 255 m Pinging Layer 2 Circuits on page 256 Pinging RSVP Signaled LSPs and LDP Signaled LSPs Enter the ping mpls command with the following syntax Table 117 on page 255 describes the ping
90. is not available the router is unable to boot and does not come back online This situation can occur if the power fails during a JUNOS software upgrade and the physical or logical storage media on the router are corrupted If the primary storage medium becomes corrupted and no secondary medium is in place you can reload the JUNOS software image onto the corrupted compact flash with a desktop or laptop computer running either a UNIX Microsoft Windows 2000 or Windows XP operating system Recovering Primary Boot Devices m 191 J series Services Router Administration Guide A CAUTION This procedure does not recover any router configuration files After you reinstall the JUNOS software all the information on the original internal compact flash is lost Recommended Recovery Hardware and Software Before configuring compact flash recovery assemble the equipment and software listed in Table 100 on page 192 Table 100 Recommended Recovery Hardware and Software Recommended Hardware and Software Examples Recovery Hardware Host system Desktop or laptop PC equipped with a PCMCIA controller or USB port Adapter appropriate for your system m For systems with PCMCIA controllers a compact flash to PCMCIA adapter for example a Macally PCM CF compact flash PCMCIA adapter m For systems with a USB port a USB to compact flash adapter For example m SIIGUSB 2 0 Card Reader model US2274 part number J
91. local engine ID contains a prefix and a suffix The prefix is formatted according to specifications defined in RFC 5411 The suffix is defined by the local engine ID Generally the local engine ID suffix is the MAC address of Ethernet management port O Type the MAC address of Ethernet management port O System Location Free form text string that specifies the location of the system Type any location information for the system lab name or rack name for example System Name Override Free form text string that overrides the system hostname Type the name of the system Communities Click Add Community Name Specifies the name of the SNMP community Type the name of the community being added Authorization Specifies the type of authorization either read only or read write for the SNMP community being configured Select the desired authorization either read only or read write from the list Traps Click Add Trap Group Name Specifies the name of the SNMP trap group being configured Type the name of the SNMP trap group being configured Configuring SNMP with Quick Configuration M 521 J series Services Router Administration Guide Table 30 SNMP Quick Configuration Summary continued Field Function Your Action Categories Specifies which trap categories are added to the trap group being configured To generate traps for authentication fai
92. log Any files that are not currently being written to are deleted m Deletes temporary files in var tmp Any files that have not been accessed within two days are deleted m Deletes all crash files in var crash Any core files that the router has written during an error are deleted m Deletes all software images tgz files in var sw pkg Any software images copied to this directory during software upgrades are deleted Figure 18 on page 200 shows the Clean Up Files page Figure 18 Clean Up Files Page ERROR Unresolved graphic fileref 5020245 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To rotate log files and delete unnecessary files with the J Web interface 1 Inthe J Web interface select Manage gt Files 2 Inthe Clean Up Files section click Clean Up Files The router rotates log files and identifies the files that can be safely deleted The J Web interface displays the files that you can delete and the amount of space that will be freed on the file system 3 Click one of the following buttons on the confirmation page m To delete the files and return to the Files page click OK m Tocancel your entries and return to the list of files in the directory click Cancel You can use the J Web interface to download a copy of an individual file from the Services Router When you download a file it is not deleted from the file system Figure 19 on page 200 shows the J We
93. log files and delete unnecessary files with the CLI 1 Enter operational mode in the CLI 2 To rotate log files and identify the files that can be safely deleted enter the following command user host gt request system storage cleanup The router rotates log files and displays the files that you can delete 5 Enter yes at the prompt to delete the files NOTE You can issue the request system storage cleanup dry run command to review the list of files that can be deleted with the request system storage cleanup command without actually deleting the files Managing Accounting Files If you configure your system to capture accounting data in log files set the location for accounting files to the DRAM The default location for accounting files is the cfs var log directory on the compact flash The nonpersistent option minimizes the read write traffic to your compact flash We recommend that you use the nonpersistent option for all accounting files configured on your system To store accounting log files in DRAM instead of the compact flash 1 Enter the configuration mode in the CLI 2 To create an accounting data log file in DRAM enter the following command replacing filename with the name of the file userGhost gt edit accounting options file filename 3 To store accounting log files in the DRAM file enter the following command 202 m Managing Accounting Files Chapter 11 Managing Files userGhost gt set f
94. loginksclasses sister pc utt tee este seas 5 16 preparation estere eque este eS pe 8 Quick Configuration 8 System logs i tpud ter e 155 template accounts ssssssssss errire reene 7 18 USED accounts oett Oe d tere eed 4 17 user authentication 4 system process information displaying 111 system storage displaying 110 System time displaying sie ecd eee 108 T T1 ports alarm conditions and configuration options 168 configuring alarms on ssssssse 172 T5 ports alarm condition indicator eee 175 alarm conditions and configuration options 170 configuring alarms on ssssssse 172 TACACS adding a server Quick Configuration 9 authentication configuration editor 15 Common Criteria information 5 order of user authentication configuration Cieilrog me vatae 15 secret configuration editor eee 14 secret Quick Configuration 10 specifying for authentication Quick Configuration cete tre E nre 10 TCP RPM probes CoS classification destination interface reQuiteltieri ecce or ir cre e Ea 279 CoS classification use with caution 280 deSerIpLOLis e Aer peas obe eater cree SCLVEL POLE et cetodtiteta SECURE ce treten verifying servers technical support GontactingA FAC 4 ieu so iA eA s d ex xxi hardware information for 112 Telephony Gateway Module See TGM550
95. m Using the monitor traffic Command on page 246 m Displaying Log and Trace Files from the CLI on page 244 ping Determines the reachability of a remote network host For details see Pinging Hosts from the CLI on page 250 ping mpls Determines the reachability of an MPLS endpoint using various options For details see MPLS Connection Checking on page 215 test Tests the configuration and application of policy filters and AS path regular expressions traceroute Traces the route to a remote network host For details see Tracing Unicast Routes from the CLI on page 237 Connecting to Other Network Systems ssh Opens secure shell connections For details see Using the ssh Command on page 25 telnet Opens Telnet sessions to other hosts on the network For details see Using the telnet Command on page 24 Management copy Copies files from one location on the Services Router to another from the router to a remote system or from a remote system to the router restart option Restarts the various JUNOS software processes including the routing protocol interface and SNMP processes request Performs system level operations including stopping and rebooting the Services Router and loading JUNOS software images 212 m Diagnostic Tools Overview Chapter 12 Using Services Router Diagnostic Tools Table 106 CLI Diagnostic Command Summary continued Comm
96. match for the t1 3 0 0 interface SNMP TRAP LINK DOWN interface name 4 Inthe To event attribute value box equals t1 3 0 0 1 Execute the show interfaces type t1 3 0 0 t1 3 0 0 and show configuration 2 Enter interfaces t1 3 0 0 commands 5 Click OK 2 Upload the output of the show 6 Next to Then click Configure edit then execute commands commands in a text file named 7 Next to Execute commands click 3 Set the commands to be executed config txt to a server named Configure when the configured event occurs bsd2 8 In the Destination box type bsd2 set Gommiande show interfaces NOTE Do not include spaces the 9 Inthe Output filename box type t1 3 0 0 slash or the percent sign 96 in the filename config txt From the Output format list select text ext to Commands click Add new entry In the Command box type show interfaces t1 3 0 0 Click OK ext to Commands click Add new entry In the Command box type show configuration interfaces t1 3 0 0 Click OK set commands show configuration interfaces t1 3 0 0 4 Setthe name and format of the file in which the output of the executed commands is to be uploaded to a destination server set output filename config txt output format text 5 Setthe name of the server to which the file containing the command output is to be uploaded set destination bsd2 Running Self Diagnostics with Event Policies m 97 J series
97. modify the expression composed from the match conditions you specified The match conditions you specify for Addresses for Addresses Protocols and Ports If you change Protocols and Ports are displayed in expression the match conditions specified for Addresses format in this field Protocols and Ports again packet capture overwrites your changes with the new match conditions Packet Size Specifies the number of bytes to be displayed for Type the number of bytes you want to capture for each packet If a packet header exceeds this size the display is truncated for the packet header The default value is 96 bytes each packet header for example 256 Don t Resolve Addresses Specifies that IP addresses are not to be resolved into hostnames in the packet headers displayed m To prevent packet capture from resolving IP addresses to hostnames select this check box m Toresolve IP addresses into hostnames clear this check box No Timestamp Suppresses the display of packet header timestamps m To stop displaying timestamps in the captured packet headers select this check box m To display the timestamp in the captured packet headers clear this check box 228 mm Capturing and Viewing Packets with the J Web Interface Table 114 Packet Capture Field Summary continued Chapter 12 Using Services Router Diagnostic Tools Field Function Your Action Write Packet Capture File Writes the ca
98. monitor thresholds are set correctly and that the health monitor is operating properly Purpose Action From the CLI enter the show snmp health monitor command user host gt show snmp health monitor Alarm Index Variable description Value State 32768 Health Monitor root file system utilization jnxHrStoragePercentUsed 1 70 active 32769 Health Monitor config file system utilization jnxHrStoragePercentUsed 2 0 active 32770 Health Monitor RE O CPU utilization jnxOperatingCPU 9 1 0 0 20 active 32772 Health Monitor RE O memory utilization jnxOperatingBuffer 9 1 0 0 95 rising threshold 32774 Health Monitor jkernel daemon memory usage Init daemon 912 active Chassis daemon 93356 active Firewall daemon 2244 active Verifying SNMP Health Monitor Configuration M 59 J series Services Router Administration Guide Interface daemon 3340 active SNMP daemon 4412 active MIB2 daemon 3920 active VRRP daemon 2724 active Alarm daemon 1868 active PFE daemon 2656 active CRAFT daemon 2064 active Traffic sampling control daemon 3320 active Remote operations daemon 3020 active CoS daemon 3044 active Inet daemon 1304 active Syslog daemon 1344 active Web management daemon 3264 active USB Supervise Daemon 1100 active PPP daemon 2076 active DLSWD daemon 10240 active 32775 Health Monitor jroute daemon memory usage Routing protocol daemon 8952 active Management daemon 14516 active Management daemon 14556 active Mana
99. mpls command options user host gt ping mpls ldp fec lsp end point prefix name rsvp sp name exp forwarding class count number source source address detail To quit the ping mpls command press Ctrl C Alternatively you can use the J Web interface See Checking MPLS Connections from the J Web Interface on page 219 Table 117 CLI ping mpls Idp and ping mpls Isp end point Command Options Option Description Idp fec Pings an LDP signaled LSP identified by the forwarding equivalence class FEC prefix and length Isp end point prefix name Pings an LSP endpoint using either an LDP FEC or a RSVP LSP endpoint address rsvp Isp name Pings an RSVP signaled LSP identified by the specified LSP name exp forwarding class Optional Specifies the value of the forwarding class to be used in the MPLS ping packets countnumber Optional Limits the number of ping requests to send Specify a count from O through 1 000 000 The default value is 5 If you do not specify a count ping requests are continuously sent until you press Ctrl C Source source address Optional Uses the source address that you specify in the ping request packet detail Optional Displays detailed output about the echo requests sent and received Detailed output includes the MPLS labels used for each request and the return codes for each request Following is sample output from a ping mpls comman
100. of Ethernet Address management port O ge 0 0 0 for example as defined with the set interfaces ge 0 0 0 command Loopback IP address in dotted decimal notation of the loopback Addresses address as defined with the set interfaces loO command Domain IP addresses in dotted decimal notation of the Name domain name servers as defined with the set system Servers name server command Time Zone Time zone of the Services Router as defined with the set system time zone command System Time Current Current system time in Coordinated Universal Time Time UTO System Date and time when the router was last booted and Booted how long it has been running Time Protocol Date and time when the routing protocols were last Started started and how long they have been running Time Last Date and time when a configuration was last Configured committed This field also shows the name of the user Time who issued the last commit command through either the J Web interface or the CLI Users User Username of any user logged in to the Services Router TTY Terminal through which the user is logged in From System from which the user has logged in A hyphen indicates that the user is logged in through the console Login Time Time when the user logged in This is the LOGIN field in show system users command output Idle Time How long the user has been idle Command Processes that the us
101. of Key CoS Value Alias Output Fields Field Values Additional Information CoS Value Type Type of the CoS value m dscp Examines Layer 3 packet headers for IP packet classification m dQscpipv6 Examines Layer 3 packet m exp Examines Layer 2 packet headers for MPLS packet classification m ieee802 1 Examines Layer 2 packet header for packet classification m inetprecedence Examines Layer 5 packet headers for IP packet classification headers for IPv6 packet classification To display aliases and bit patterns click the plus sign CoS Value Alias Name given to a set of bits for example af11 is a name for 001010 bits Bit Pattern Set of bits associated with an alias Monitoring CoS RED Drop Profiles To display data point information for each CoS random early detection RED drop profile currently on a system select Monitor Class of Service RED Drop Profiles in the J Web interface or enter the following CLI command show class of service drop profile Table 60 on page 126 summarizes key output fields for CoS RED drop profiles Table 60 Summary of Key CoS RED Drop Profile Output Fields Field Values Additional Information RED Drop Profile Name Name of the RED drop profile A drop profile consists of pairs of values between 0 and 100 one for queue buffer fill level and one for drop probability that determine the relationship between a buffer s ful
102. of a host along the path m The outbound node at the remote endpoint is not configured to handle MPLS packets m The remote endpoint s loopback address is not configured to 127 0 0 1 Tracing Unicast Routes from the J Web Interface You can use the traceroute diagnostic tool to display a list of routers between the Services Router and a specified destination host The output is useful for diagnosing a point of failure in the path from the Services Router to the destination host and addressing network traffic latency and throughput problems The Services Router generates the list of routers by sending a series of ICMP traceroute packets in which the time to live TTL value in the messages sent to each successive router is incremented by 1 The TTL value of the first traceroute packet is set to 1 In this manner each router along the path to the destination host replies with a Time Exceeded packet from which the source IP address can be obtained Alternatively you can use the CLI traceroute command to generate the list This section contains the following topics m Using the J Web Traceroute Tool on page 225 m Traceroute Results and Output Summary on page 225 Using the J Web Traceroute Tool To use the traceroute tool 1 Select Diagnose Traceroute 2 Next to Advanced options click the expand icon see Figure 23 on page 224 5 Enter information into the Traceroute page as described in Table 112 on page 224 The Remote
103. or not allowed by a permission bit You use local user template accounts when you need different types of templates Each template can define a different set of permissions appropriate for the group of users who use that template These templates are defined locally on the Services Router and referenced by the TACACS and RADIUS authentication servers User Authentication Overview M 7 J series Services Router Administration Guide Before You Begin When you configure local user templates and a user logs in the JUNOS software issues a request to the authentication server to authenticate the user s login name If a user is authenticated the server returns the local username to the router which then determines whether a local username is specified for that login name local username for TACACS Juniper Local User for RADIUS If so the router selects the appropriate local user template locally configured on the router If a local user template does not exist for the authenticated user the router defaults to the remote template For more information see Setting Up Template Accounts on page 18 Before you perform any system management tasks you must perform the initial Services Router configuration described in the Getting Started Guide for your router Managing User Authentication with Quick Configuration This section contains the following topics m Adding a RADIUS Server for Authentication on page 8 m Adding a TACACS
104. or UDP port The sample probe uses TCP port 50000 To configure RPM probes on a Services Router to monitor BGP neighbors with a configuration editor 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 144 on page 284 5 If you are finished configuring the router commit the configuration 4 Goonto one of the following tasks m Tosend probes to specific routers see Directing RPM Probes to Select BGP Routers on page 285 Configuring RPM with a Configuration Editor m 283 J series Services Router Administration Guide m To check the configuration see Verifying an RPM Configuration on page 285 Table 144 Configuring RPM Probes to Monitor BGP Neighbors Task J Web Configuration Editor CLI Configuration Editor Navigate to the Services RPM BGP level in the configuration hierarchy 1 In the J Web interface select Configuration View and Edit Edit Configuration 2 ext to Services click Configure or Edit 5 ext to Rpm select the Yes check box and click Configure or Edit 4 ext to Bgp click Configure From the edit hierarchy level enter edit services rpm bgp Specify a hexadecimal value the range is between 1 and 2048 characters that you want to use for the data portion of the RPM probe for example ABCD123 In the Data fill box type ABCD123 En
105. page 194 shows the Reboot page for the router Figure 17 Reboot Page ERROR Unresolved graphic fileref 5020262 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To reboot or halt the router with the J Web interface 1 In the J Web interface select Manage gt Reboot 2 Select one of the following options Reboot Immediately Reboots the router immediately Reboot in number of minutes Reboots the router in the number of minutes from now that you specify Reboot when the system time is hour minute Reboots the router at the absolute time that you specify on the current day You must select a 2 digit hour in 24 hour format and a 2 digit minute Halt Immediately Stops the router software immediately After the router software has stopped you can access the router through the console port only Rebooting or Halting a Services Router Chapter 10 Performing Software Upgrades and Reboots 5 Choose the boot device from the Reboot from media list compact flash Reboots from the internal compact flash This selection is the default choice a removable compact flash Reboots from the optional external compact flash This selection is available on J2320 J2350 J4300 and J6300 Services Routers only m usb Reboots from the USB storage device 4 Optional In the Message box type a message to be displayed to any users on the router before the reboot occurs 5 Click S
106. page 54 m Verifying the SNMP Configuration on page 58 SNMP Architecture Use SNMP to determine where and when a network failure is occurring and to gather statistics about network performance in order to evaluate the overall health of the network and identify bottlenecks Because SNMP is a client server protocol SNMP nodes can be classified as either clients SNMP managers or servers SNMP agents SNMP managers also called network management systems NMSs occupy central points in the network and actively query and collect messages from SNMP agents in the network SNMP agents are individual processes running on network nodes that gather information for a particular node and transfer the information to SNMP managers as queries are processed The agent also controls access to the agent s Management Information Base MIB the collection of objects that can be viewed or changed by the SNMP manager Because SNMP agents are individual SNMP processes running on a host multiple agents can be active on a single network node at any given time SNMP Architecture m 47 J series Services Router Administration Guide Communication between the agent and the manager occurs in one of the following forms m Get GetBulk and GetNext requests The manager requests information from the agent and the agent returns the information in a Get response message m Set requests The manager changes the value of a MIB object controlled by the agent and
107. power supplies removed for instance and environmental alarms The values for these alarms are defined within JUNOS Configurable alarms are set in either of the following ways m In the J Web configuration editor on the Chassis gt Alarm gt interface type page m In the CLI configuration editor with the alarm statement at the edit chassis level of the configuration hierarchy For details see Configuring and Monitoring Alarms on page 165 Alarm Description A brief synopsis of the alarm Environment Information Name Chassis component For J series Services Routers the chassis components are the Routing Engine and the fans Gauge Status of the temperature gauge on the specified Status hardware component Temperature Temperature of the air flowing past the hardware component Fan Status X Status of the fans that are regulated by the JUNOS software m OK m Testing when the router is powered on m Failed m Absent Fan Speed Speed of the fans normal or high speed Speed is adjusted automatically according to the current temperature Hardware Summary Name Chassis component For J series Services Routers On J series Services Routers an FPC and a PIM are the the chassis components are the Routing Engine the same physical unit The PIM number is always 0 Physical Interface Module PIM slot number identified in the display as an FPC and the PIM number identified in
108. probe configured for the specified test Following are valid probe types L http get u http get metadata nu icmp ping L icmp ping timestamp m tcpping nu udp ping Target IP address or URL of the remote server that is being Address probed by the RPM test Source Explicitly configured source address that is included If no source address is configured the RPM probe Address in the probe packet headers packets use the outgoing interface as the source address and the Source Address field is empty Using the Monitoring Tools m 145 J series Services Router Administration Guide Table 77 Summary of Key RPM Output Fields continued Field Values Additional Information Minimum Shortest round trip time from the Services Router to RTT he remote server as measured over the course of he test Maximum Longest round trip time from the Services Router to RTT he remote server as measured over the course of he test Average Average round trip time from the Services Router to RTT he remote server as measured over the course of he test Standard Standard deviation of round trip times from the Deviation Services Router to the remote server as measured RTT over the course of the test Probes Sent Total number of probes sent over the course of the test Loss Percentage Percentage of probes sent for which a response was not received Round Trip Time for a Probe
109. receive a PADS packet for the PADR packet sent This timeout doubles for each successive PADR packet sent The PPPoE Active Discovery Request PADR packet is sent to the access concentrator in response to a PADO packet and to obtain the PPPoE session ID Typically the access concentrator responds to a PADR packet with a PPPoE Active Discovery Session Confirmation PADS packet which contains the session ID If the access concentrator does not send a PADS packet the Services Router sends the PADR packet again after the PADR Resend Timeout period is elapsed The PADR Resend Timeout doubles for each successive PADR packet sent Maximum Resend Timeout Maximum value in seconds that the PADI or PADR resend timer can accept for example 64 seconds The maximum value is 64 Maximum Configured AC Timeout Time in seconds within which the configured access concentrator must respond Monitoring the TGM550 Media Gateway VoIP J4350 and J6350 Services Routers support voice over IP VoIP routing through an Avaya TGM550 Telephony Gateway Module and one or more Telephony Interface Modules TIMs installed in the router From the J Web interface or the JUNOS CLI you can monitor the vp pim 0 0 interface to the TGM550 see Monitoring the Interfaces on page 115 In addition you can monitor dynamic call admission control CAC operation if it is configured on the router WAN interfaces and also the list of Media
110. show configuration command admin control Can view user accounts and configure them at the edit system login hierarchy level access Can view the access configuration in configuration mode and with the show configuration operational mode command access control Can view and configure access information at the edit access hierarchy level all Has all permissions clear Can clear delete information learned from the network that is stored in various network databases using the clear commands configure Can enter configuration mode using the configure command and commit configurations using the commit command control Can perform all control level operations all operations configured with the control permission bits field Reserved for field debugging support firewall Can view the firewall filter configuration in configuration mode firewall control Can view and configure firewall filter information at the edit firewall hierarchy level floppy Can read from and write to the removable media interface Can view the interface configuration in configuration mode and with the show configuration operational mode command interface control Can view chassis class of service groups forwarding options and interfaces configuration information Can configure chassis class of service groups forwarding options and interfaces at the edit hierarchy m
111. specify IP address to hostname mappings for routers on the network or router conf to provide just enough configuration for your subsequent Telnet access hostname conf Host specific configuration file for autoinstallation on a Services Router that contains all the configuration information necessary for the router In the filename hostname is replaced with the hostname you are assigning to the router Autoinstallation Terms M 821 J series Services Router Adm inistration Guide Table 40 Autoinstallation Terms continued Term Definition host specific configuration Configuration that takes place on a Services Router for which you have created a host specific configuration file for autoinstallation called hostname conf The hostname conf file contains all the information necessary to configure the router For he router to use hostname conf it must be able to determine its own hostname from he network network conf Default configuration file for autoinstallation in which you specify IP addresses and associated hostnames for Services Routers on the network router conf Default configuration file for autoinstallation with a minimum configuration sufficient for you to telnet to the Services Router and configure it manually Autoinstallation Overview Supported Autoinsta Autoinstallation provides automatic configuration for a new Services Router that you connect to the network and turn on or
112. sssssss Installing Software Upgrades from a Remote Server ssss Installing Software Upgrades by Uploading Files ssssss Installing Software Upgrades with the CLI ssssssss Table of Contents xi J series Services Router Administration Guide Downgrading the Software ssssssssssssss eee eee 185 Downgrading the Software with the J Web Interface sssssse 185 Downgrading the Software with the CLI ssssss 185 Configuring Boot DEVICES x t derent eee pet a e m ae elec adt 186 Configuring a Boot Device for Backup with the J Web Interface 186 Configuring a Boot Device for Backup with the CLI 00 0 0 189 Configuring a Boot Device to Receive Software Failure Memory SNaPSMOts s tees ee Eder b dt e ede e te b eee te a pe dd 190 Recovering Primary BOO DEVICES iiit dete uet i duosdlee tege een akg leat 191 Why Compact Flash Recovery Might Be Necessary cecce 191 Recommended Recovery Hardware and Software sss 192 Configuring Internal Compact Flash Recovery eccerre 192 Rebooting or Halting a Services Router sssssssssss aine 194 Rebooting or Halting a Services Router with the J Web Interface 194 Rebooting a Services Router with the CLI oo cece cree 195 Halting a Services Router with the CLI weet eeeeeeeeeees 196 Chapter 11 Managing Files 199 BELOFE VOU Begleiter debba t ERU S SUR EIC be S Ro ee 199 Managing Files
113. statistics BrOdps Spplied veran intertace RSVP Sessions show rsvp session m LSP Information Information about LSP sessions currently r MOL 3 RSVP Interfaces show rsvp active on the Services Router including inbound ingress and int rface outbound egress addresses LSP state and LSP name m LSP Statistics Statistics for LSP sessions currently active on the Services Router including the total number of packets and bytes forwarded through an LSP m RSVP Sessions Information about RSVP signaled LSP sessions currently active on the Services Router including inbound ingress and outbound egress addresses LSP state and LSP name m RSVP Interfaces Information about the interfaces on which RSVP is enabled including the interface name total bandwidth through the interface and total current reserved and reservable available bandwidth on the interface For details see Monitoring MPLS Traffic Engineering Information on page 130 Service Sets Displays information about configured service sets m show services service sets summary For details see Monitoring Service Sets on page 155 m show services service sets memory usage Firewall Displays firewall and intrusion detection service IDS information m Stateful firewall information hrough the following options m show services stateful firewall m Stateful Firewall Displays the stateful firewall configuration conversations m IDS Information Displays information abou
114. stops writing messages to a log file when the file reaches 128 KB in size It closes the file and adds a numerical suffix then opens and directs messages to a new file with the original name By default the logging utility creates up to 10 files before it begins overwriting the contents of the oldest file The logging utility by default also limits the users who can read log files to the root user and users who have the JUNOS maintenance permission To enable all users to read log files include the world readable statement at the edit system syslog archive hierarchy level To restore the default permissions include the no world readable statement You can include the archive statement at the edit system syslog file filename hierarchy level to configure the number of files file size Configuring System Log Messages with a Configuration Editor m 161 J series Services Router Administration Guide and permissions for the specified log file For configuration details see the information about archiving log files in the JUNOS System Basics Configuration Guide Disabling System Logs To disable logging of the messages from a facility use the facility none configuration statement This statement is useful when for example you want to log messages of the same severity level from all but a few facilities Instead of including a configuration statement for each facility you want to log you can configure the any level statement and then a fa
115. system services dhcp pool command 75 143 show system services dhcp statistics COMUMAING xL Sc is A ss ch eL Eu Age hg M 79 145 EX Plan ati ON iy oot Leere delete 79 show system storage COMMANG cette 107 show system uptime command 107 show system users command sssss 107 show tgm fpc command 151 show tgm telephony interface module status comman Gs M ETT 151 show forwarding options command ss 265 Simple Network Management Protocol See SNMP SLARP for autoinstallation ssssse 86 slots PIM monitoring in FPC summary T5 SMI Structure of Management Information 48 Snapshot page 187 snapshots configuring for failure snapshot storage 190 to replace internal compact flash for multiple FOUEGIS CEDz orean aian n nA ei 189 to replace primary compact flash for multiple routers dJ Web snoer rea rta aa irae 188 SNMP Simple Network Management Protocol agents See SNMP agents architecturen oe m 47 communities See SNMP communities controlling access configuration editor 57 58 get TEQUESIS sl tee et eer 48 health monitor See SNMP health monitor MAN ASSIS scudo ieget heit Eb eei 47 MIBs See MIBs on Gigabit Ethernet interfaces 47 sias eas 47 preparatiOT i on eslatar a Rasse M to e est cot 50 Quick Configuration ssssssssss an 50 Set TEQUESUS stie egt 48 spoofed traps censeo Cd eat aah lee 4
116. the User name and Password boxes For information about configuring CHAP on dialer interfaces see Configuring CHAP on Dialer Interfaces Optional on page 57 Click Properties The USB modem connect Properties page is displayed In the Networking tab select Internet Protocol TCP IP and then click Properties The Internet Protocol TCP IP Properties page is displayed Click Advanced The Advanced TCP IP Settings page appears Clear the Use IP header compression check box Connecting to the Services Router from the User End To remotely connect to the Services Router through a USB modem connected to the USB port on the router 1 On the PC or laptop computer at your remote location select Start gt Settings gt Control Panel gt Network Connections The Network Connections page is displayed Double click the USB modem connect dial up connection configured in Configuring a Dial Up Modem Connection at the User End on page 39 The Connect USB modem connect page is displayed Click Dial to connect to the Services Router When the connection is complete you can use Telnet or SSH to connect to the router Administering USB Modems 40 m This section contains the following topics Modifying USB Modem Initialization Commands on page 41 Resetting USB Modems on page 42 Administering USB Modems Chapter 2 Setting Up USB Modems for Remote Management Modifying USB Modem Initialization Commands
117. the Users Quick Configuration page for TACACS servers To apply the configuration and return to the Users Quick Configuration page click OR m To cancel your entries and return to the Users Quick Configuration page click Cancel Managing User Authentication with Quick Configuration MN 9 J series Services Router Administration Guide Table 9 Users Quick Configuration for TACACS Servers Summary Field Function Your Action TACACS Server TACACS Server Address Identifies the IP address of the Type the TACACS server s 32 bit IP address in required TACACS server dotted decimal notation TACACS Server Secret The secret password of the TACACS Type the secret password of the TACACS required server server Secrets can contain spaces The secret used must match that used by the TACACS server Verify TACACS Server Secret Verifies the secret password of the Retype the secret of the TACACS server required TACACS server is entered correctly Configuring System Authentication On the Users Quick Configuration page you can configure the authentication methods the Services Router uses to verify that a user can gain access For each login attempt the router tries the authentication methods in order starting with the first one until the password matches If you do not configure system authentication users are verified based on their configured local passwords Figure
118. the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 84 on page 160 If you are finished configuring the network commit the configuration Table 84 Sending System Log Messages to a File Task J Web Configuration Editor CLI Configuration Editor Navigate to the Syslog levelin the 1 configuration hierarchy In the J Web interface select Configuration gt View and Edit gt Edit From the edit hierarchy level enter Configuration 2 ext to System click Configure or Edit edit system syslog 3 ext to Syslog click Configure or Edit Create a file named security and 1 ext to File click Add new entry Set the filename and the facility send log messages of the 2 heti b and severity level authorization class at the severity v nghe pie Rae oe Type Security level info to the file 5 ext to Contents click Add new entry set file security authorization info 4 Inthe Facility list select authorization 5 Inthe Level list select info 160 m Configuring System Log Messages with a Configuration Editor Sending System Log Chapter 8 Monitoring Events and Managing System Log Files Messages to a User Terminal To direct system log messages to the terminal session of one or more specific users or all users when they are logged into the local Routing Engine specify one or more JUNOS usernames Separate multiple values
119. the configuration process by loading configuration files onto new or existing routers automatically over the network You can use either the J Web configuration editor or CLI configuration editor to configure a Services Router for autoinstallation The J Web interface does not include Quick Configuration pages for autoinstallation This chapter contains the following topics Autoinstallation Terms on page 81 Autoinstallation Overview on page 82 Before You Begin on page 84 Configuring Autoinstallation with a Configuration Editor on page 85 Verifying Autoinstallation on page 86 Autoinstallation Terms Before configuring autoinstallation become familiar with the terms defined in Table 40 on page 81 Table 40 Autoinstallation Terms Term Definition autoinstallation Automatic configuration of a Services Router over the network from a preexisting configuration file that you create and store on a configuration server typically a Trivial File Transfer Protocol TFTP server Autoinstallation takes place on a router that is powered on without a valid configuration boot file or is configured specifically for autoinstallation Autoinstallation is useful for deploying multiple Services Routers in a network default configuration Configuration that takes place on a Services Router unable to locate a configuration boot file You can set up two default configuration files for autoinstallation on the router network conf to
120. the console port on the Services Router to connect to the Routing Engine through an RJ 45 serial cable From the console port you can use the CLI to configure the router By default the console port is enabled To secure the console port you can configure the Services Router to do the following Log out the console session when you unplug the serial cable connected to the console port Disable root login connections to the console Disable the console port We recommend disabling the console port to prevent unauthorized access to the Services Router especially when the router is used as customer premises equipment CPE Securing the Console Pot om 23 J series Services Router Administration Guide In a Common Criteria environment you must disable the console port For more information see the Secure Configuration Guide for Common Criteria and JUNOS FIPS To secure the console port I configuration editor Table 18 Securing the Console Port Navigate to the top of the configuration hierarchy in either the J Web or CLI Perform the configuration tasks described in Table 18 on page 24 If you are finished configuring the network commit the configuration Task J We b Configuration Editor CLI Configuration Editor Navigate to the 1 Console level in the configuration In the J Web interface select Configuration gt View From the edit hierarchy level enter and Edit Edit Configuration edit sys
121. the filter click OK messages Monitoring System Log Messages with the J Web Event Viewer mH 163 J series Services Router Administration Guide Viewing System Log Messages By default the View Events page displays the most recent 25 events with severity levels highlighted in different colors After you specify the filters Event Summary displays the events matching the specified filters Click First Next Prev and Last links to navigate through messages Table 87 on page 164 describes the Event Summary fields Table 87 Viewing System Log Messages Field Function Additional Information Time Displays the time at which the message was logged Process Displays the name and ID of the process that generated the system log message Event ID Displays a code that uniquely identifies the message The event ID begins with a prefix that indicates the generating software process The prefix on each code identifies the message source and the rest of the code indicates the specific event or error Some processes on a Services Router do not use codes This field might be blank in a Displays context sensitive help that provides more information message generated from such a process about the event Help Short d m fth An Event can belong to one of the following m elp Short description of the message Type categories m Description More detailed explanation of the message tack th m Error indicates an
122. time For details see Monitoring RPM Probes on page 145 PPPoE Displays the following PPPoE information m PPPoE interfaces show pppoe nm interfaces m PPPoE Interfaces Session specific information about the n interfaces on which PPPOE is enabled m PPPOE statistics show pppoe T a statistics m PPPOE Statistics Statistics for PPPoE sessions currently active m PPPoE version show pppoe m PPPoE Version Information about the PPPoE protocol PEDIS currently configured on the router For details see Monitoring PPPoE on page 148 Media Gateway Displays the following TGM550 Media Gateway information m Dynamic call admission control information show tgm m Dynamic Call Admission Control Information Displays RCNH AL UN maximum bandwidth available for voice traffic and the dynamic call admission control CAC properties configured m Telephony Gateway Module on the router WAN interfaces information show tgm fpc lot b m Telephony Gateway Module Information Displays NM toowinellarandishiow information about TGM550 connectivity and digital signal mif g it y bord it processor DSP capacity EITHIBE SOE UMDEr tis prospantty m Telephony Gateway Module m Telephony Interface Module Information Displays the online and offline status of telephony interface modules TIMs installed in a J series router For details see Monitoring the TGM550 Media Gateway VoIP on page 151 status show tgm telephony interfac
123. to what remains after other scheduler buffer allocations Priority Scheduling priority of a queue m high Packets in this queue are ransmitted first ow Packets in this queue are ransmitted last m medium high Packets in this queue are ransmitted after high priority packets m medium ow Packets in this queue are ransmitted before low priority packets Drop Profiles Name and index of a drop profile that is assigned to a specific loss priority and protocol pair Loss Priority Packet loss priority corresponding to a drop profile m low Packet has a low loss priority m high Packet has a high loss priority m medium ow Packet has a medium low loss priority m medium high Packet has a medium high loss priority Protocol Transport protocol corresponding to a drop profile Drop Profile Name Name of the drop profile Monitoring MPLS Traffic Engineering Information The J Web interface provides information about Multiprotocol Label Switching MPLS traffic engineering This section contains the following topics m Monitoring MPLS Interfaces on page 131 m Monitoring MPLS LSP Information on page 131 m Monitoring MPLS LSP Statistics on page 132 130 1H Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Monitoring RSVP Session Information on page 155 m Monitoring MPLS RSVP Interfaces Information on page 154 Monitoring MPLS Interf
124. uses the remote template account when The authenticated user does not exist locally on the Services Router The authenticated user s record in the RADIUS or TACACS server specifies local user or the specified local user does not exist locally on the router The procedure provided in this section creates a sample user named remote that belo Toc 5 ngs to the operator login class reate a remote template account Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 16 on page 19 If you are finished configuring the network commit the configuration To completely set up RADIUS or TACACS authentication you must configure at least one RADIUS or TACACS server and specify a system authentication order Go on to one of the following procedures m To configure a RADIUS server see Setting Up RADIUS Authentication on page 12 m To configure a TACACS server see Setting Up TACACS Authentication on page 15 a Order on page 15 Table 16 Creating a Remote Template Account To specify a system authentication order see Configuring Authentication Task J Web Configuration Editor CLI Configuration Editor Navigate to the System Login level in the configuration hierarchy 1 Inthe J Web interface select Configuration gt View and Edit gt Edit Configuration 2 Next to System cl
125. warranty JTAC Hours of Operation The JTAC centers have resources available 24 hours a day 7 days a week 565 days a year Self Help Online Tools and Resources Documentation Feedback W xxi J series Services Router Administration Guide xxii For quick and easy problem resolution Juniper Networks has designed an online self service portal called the Customer Support Center CSC that provides you with the following features m Find CSC offerings http www juniper net customers support m Search for known bugs http www2 juniper net kb m Find product documentation http www juniper net techpubs m Find solutions and answer questions using our Knowledge Base http kb juniper net m Download the latest versions of software and review release notes http www juniper net customers csc software m Search technical bulletins for relevant hardware and software notifications https www juniper net alerts m Join and participate in the Juniper Networks Community Forum http www juniper net company communities m Open a case online in the CSC Case Manager http www juniper net cm To verify service entitlement by product serial number use our Serial Number Entitlement SNE Tool located at https tools juniper net SerialNumberEntitlementSearch Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone m Use the Case Manager tool in the CSC at http www juniper net cm m
126. with spaces or use the asterisk to indicate all users who are logged into the local Routing Engine For the list of logging facilities and severity levels see Table 81 on page 157 and Table 82 on page 158 The procedure provided in this section sends any critical messages to the terminal of the sample user frank if he is logged in To send messages to a user terminal 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 85 on page 161 5 If you are finished configuring the network commit the configuration Table 85 Sending Messages to a User Terminal Task J Web Configuration Editor CLI Configuration Editor Navigate to the Syslog level in the configuration hierarchy 1 In the J Web interface select Configuration gt View From the edit hierarchy level and Edit Edit Configuration enter lick fi it 2 ext to System click Configure or Edit edit system sysl g 5 ext to Syslog click Configure or Edit Send all critical messages to the user frank 1 ext to User click Add new entry Set the filename and the facility and severity level In the User name box type frank ext to Contents click Add new entry set user frank any critical In the Facility list select any EE eile D In the Level list select critical Archiving System Logs By default the JUNOS logging utility
127. with the J Web Interface ssssssssssH i 199 Cleaning Up File tisch e e t tet mettre 199 DownloadingzFIesc cecinere retten f reete oed edet 200 Deleting the Backup Software Image onteien n ae EE 201 cleaning Up Files with the CLI ote te er prete m ain e pe e aede ea 201 Managing Accountimg FUES a ciet eet tt tU t eb uode fete tat 202 Encrypting and Decrypting Configuration Files sesssss 205 Encrypting Configuration Files ssssssssss ee 204 Decrypting Configuration Files ssssssssss e 205 Modifying the Encryption Key sareei ena aeia e eiS 205 Part 4 Diagnosing Performance and Network Problems Chapter 12 Using Services Router Diagnostic Tools 209 Diagnostic Perms iir et E E E E EEEE E EE 209 Diagnostic Tools Overview aaa etna a u eaa a er e aa renha 210 J Web Diagnostic Tools Overview ssssssss 210 CLI Diagnostic Commands Overview ssssssss 211 MPLS Connection CHEChing tei teuer tare el Doe erbe Bei ted cs 215 BeIore VOU BESIM vestem shape eec ott Heat A toes ot suu 215 Gernefal Preparationie etu sleet ded solute e elec bete nes 215 Pine MELS Preparation x noe e rt re ORG S 215 MPLS Enabled ene P OH certes A ttem 215 Poopback Address uo oett f hos USE A d RU d toe ms 215 Source Address Tor Probes uoc edente re ettet tes 215 xii MW Table of Contents Chapter 13 Table of Contents Pinging Hosts from the J Web Interface oiseleur h AS 216 Usin
128. 0 8b5d 4543 51e6 0100 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 01 12 36 279793 Out 0 5 85 c8 f6 d1 gt 0 5 85 c4 e3 d1 ethertype IPv4 length 98 tos OxO ttl 63 id 41227 offset 0 flags none proto length 84 15 1 1 1 14 1 1 1 ICMP echo reply seq O length 64 0005 85c4 e3d1 0005 85c8 f6d1 0800 4500 0054 alOb 0000 3f01 bb9a Of01 0101 0e01 0101 0000 445a 981e 0000 8b5d 4543 51e6 0100 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 root server Verifying Captured Packets 0x0800 ICMP 1 0x0800 ICMP 1 m 265 J series Services Router Administration Guide Meaning Verify that the output shows the intended packets 266 1H Verifying Captured Packets Chapter 14 Configuring RPM Probes RPM Terms Table 138 RPM Terms E series Services Routers support a tool that allows network operators and their customers to accurately measure the performance between two network endpoints With the real time performance monitoring RPM feature you configure and send probes to a specified target and monitor the analyzed results to determine packet loss round trip time and jitter This chapter contains the following topics For more information about RPM see the JUNOS Services Interfaces Configuration Guide RPM Terms on page 267 RPM Overview on page 2
129. 0115 to be accepted on the dialer a specific caller ID for example interface 4085550115 You can configure a 6 Click OK maximum of 15 caller IDs per dialer 7 Repeat Steps 4 through 6 for interface The same caller ID must not be configured on different dialer interfaces However you can configure caller IDs with more or fewer digits on different dialer interfaces For example you can configure the caller IDs 14085550115 4085550115 and 5550115 on different dialer interfaces each caller ID to be accepted on the dialer interface Configuring CHAP on Dialer Interfaces Optional You can optionally configure dialer interfaces to support the PPP Challenge Handshake Authentication Protocol CHAP When you enable CHAP on a dialer interface the Services Router can authenticate the remote locations connecting to the USB modem For more information about CHAP see the J series Services Router Basic LAN and WAN Access Configuration Guide and the JUNOS Network Interfaces Configuration Guide To configure CHAP on the dialer interface Configuring USB Modem Interfaces with a Configuration Editor a 37 J series Services Router Administration Guide 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 28 on page 58 5 If you are finished configuring the router commit the configuration 4 To verify the CHAP conf
130. 2320 J2350 J4300 and J6300 Services Routers only m usb Copies software to the device connected to the USB port Factory Copies only default files that were loaded onthe To copy only the default factory configuration internal compact flash when it was shipped from plus a rescue configuration if one exists select the factory plus the rescue configuration ifone the check box has been set NOTE After a boot device is created with the default factory configuration it can operate only in an internal compact flash slot Partition Partitions the medium This process is usually To partition the medium that you are copying necessary for boot devices that do not already have software installed on them the snapshot to select the check box Configuring Boot Devices m 187 J series Services Router Administration Guide Table 97 Snapshot Summary continued Field Function Your Action As Primary Media On an external compact flash or USB storage device only creates a snapshot for use as the primary boot medium Use this feature to replace the medium in the internal compact flash slot or to replicate it for use in another Services Router This process also partitions the boot medium NOTE After the boot device is created as an internal compact flash it can operate only in an internal compact flash slot To create a boot medium to use in the internal compact flash only select the check box
131. 27 19 or FAR 52 227 14 ALT III as applicable 15 Interface Information To the extent required by applicable law and at Customer s written request Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program on payment of applicable fee if any Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available 14 Third Party Software Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in or services are accessed by the Software shall be a third party beneficiary with respect to this Agreement and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper In addition certain third party software may be provided with the Software and is subject to the accompanying license s if any of its respective owner s To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available such as the GNU General Public License GPL or the GNU Library General Public License LGPL Juniper will make such source code portions including Juniper modifica
132. 33 J series Services Router Administration Guide 1 Navigate to the top of the interfaces configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 25 on page 54 5 Goonto Configuring a Dialer Interface Required on page 55 Table 25 Configuring a USB Modem Interface Task J Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the configuration hierarchy 1 Inthe J Web interface select Configuration View and Edit Edit Configuration 2 ext to Interfaces click Configure or Edit Create the new interface umdO 1 ext to Interface click Add new entry 2 Inthe Interface name box type the name of the new interface umdO 5 Click OK From the edit hierarchy level enter edit interfaces umdO Configure dialer options m Name the dialer pool configured on the dialer interface you want to use for USB modem connectivity for example usb modem dialer pool For more information see Configuring a Dialer Interface Required on page 55 m Set the dialer pool priority for example 25 Dialer pool priority has a range from 1 to 255 with 1 designating lowest priority interfaces and 255 designating the highest priority interfaces 1 Inthe Encapsulation column next o the new interface click Edit 2 ext to Dialer options select Yes and then click Configure 3 ex
133. 43 Tuning RPM Probes continued Chapter 14 Configuring RPM Probes Task J Web Configuration Editor CLI Configuration Editor Set the time between probe transmissions to 15 seconds In the Probe interval box type 15 Enter set probe interval 15 Set the number of probes within atest In the Probe count box type 10 Enter to 10 set probe count 10 Set the source address for each probe 1 Inthe Source address box type Enter packet to 192 168 2 9 192 168 2 9 2 Click OK set source address 192 168 2 9 If you do not explicitly configure a source address the address on the outgoing interface through which the probe is sent is used as the source address Configuring RPM Probes to Monitor BGP Neighbors By default the Services Router is not configured to send RPM probes to its BGP neighbors You must configure the BGP parameters under RPM configuration to send RPM probes to BGP neighbors You can also direct the probes to a particular group of BGP neighbors This section contains the following topics m Configuring RPM Probes for BGP Monitoring on page 283 m Directing RPM Probes to Select BGP Routers on page 285 Configuring RPM Probes for BGP Monitoring This sample use of RPM for BGP monitoring uses a TCP probe To use TCP or UDP probes you must configure both the probe server Services Router and the probe receiver the remote Services Router to transmit and receive RPM probes on the same TCP
134. 68 Before You Begin on page 271 Configuring RPM with Quick Configuration on page 271 Configuring RPM with a Configuration Editor on page 276 Verifying an RPM Configuration on page 285 Before configuring and monitoring RPM on J series Services Routers become familiar with the terms defined in Table 158 on page 267 Term Definition egress Outbound Characterizing packets exiting a Services Router ingress Inbound Characterizing packets entering a Services Router jitter Difference in relative transmit time between two consecutive packets in a stream which can cause quality degradation in some real time applications such as voice over IP VoIP and video probe An action taken or an object used to learn something about the state of the network Real time performance monitoring RPM uses several types of requests to probe a network probe interval Time in seconds between probe packets real time performance monitoring RPM Monitoring tool that measures the performance of a network between two endpoints by collecting statistics on packet loss round trip time and jitter RPM Terms M 267 J series Services Router Administration Guide Table 138 RPM Terms continued Term Definition RPM target Remote network endpoint identified by an IP address or URL to which the Services Router sends a real time performance monitoring RPM probe RPM test A collection of real time performance moni
135. 9 system identification configuration editor 54 traps See SNMP traps views configuration editor 57 SNMP agents norte entes Pontes uteris site ie reps 47 configuring configuration editor 55 VeTITVIng cce eto Te tele S LO tenen 58 306 Hm Index SNMP communities creating configuration editor 55 CESCHIPLION cs so rip Rp Quick Configuration SNMP health monitor description sui s sd eld e let e 49 QUICK Configuration nesate eee ste tret tas elendi 50 VeFIFVATIB icis ote deese Ru e ege sor tad Het 59 SNMP managers cre ote tetra rua eases 47 SNMP Page ioter te re eer E derer haee 50 SNMP traps automating response to with event policies 94 creating groups for configuration editor 56 initiation by event policy overview 95 initiation by event policy setting configuration editor tob ocn tr atlas etri eis 97 OVEEVIGM 2 5 28 Sick osea Ea Le edere b ER ERR Eme hk 49 performance monitoring See RPM probes Quick CorfIguratlQIils s esee ditas herpes 51 spoofed trapss scitote utendo etat tbe 49 software halting immediately CLD ctt te tens 196 halting immediately J Web i s 194 upgrades See upgrades version displayitig step rte ete qe 107 version DLSw software images cleaning UP CDD ei n ee 201 cleaning up J WeD ie ict t ttn 199 downloading J Web ssssssss 200 Speed fans monitoLing ecet
136. CHR AR 92 rule enforcement with commit scripts 89 upgrading CL necesse eene etes 184 upgrading J WeD xis sicnt edid 182 configuration database displaying size 110 configuration files decryptlng Listed en eet 199 encEVpLllgus ac cnet oe eth et o IRR o ode eed 199 configuration management automating 89 See also commit scripts operation scripts console port adaptebz i sed eoa e a ete dee epe 21 disabling niens tette eo RR etre fd dpue 24 in a Common Criteria environment 24 Eis ubinam US 25 controlling user access 16 conventions how to use this guide xvi NOUCE ICONS ta a EO xvii tez and SVDEaXcc naaa we eee arie groaned xvii CoS class of service classiflens scat oats psn e tnr E Ge rea nens CoS value aliases forwarding classes interfaces s iste ii loss priority packet loss priority RED drop profile Smia rig A p cote TEWE TUIGS eranen eu M e Nee men RPM probe classification 279 See also TCP RPM probes UDP RPM probes Scheduler aps sese Fx ede totns 129 Index m 293 J series Services Router Administration Guide CPU usage PIM in FPC summary 115 CPU usage displaying crash files cleaning up GLD ieie ior en tt eia das 201 cleaning up GJ WebY s ici ortatik 199 displaying SIZe niei ttt e e 110 downloading J Web ssssssss 200 critical l
137. CII format print hex Optional Displays each packet header except link layer headers in hexadecimal format size bytes Optional Displays the number of bytes for each packet that you specify If a packet header exceeds this size the displayed packet header is truncated The default value is 96 Using CLI Diagnostic Commands m 247 J series Services Router Administration Guide Table 129 CLI monitor traffic Command Options continued Option Description brief Optional Displays minimum packet header information This is the default detail Optional Displays packet header information in moderate detail For some protocols you must also use the size option to see detailed information extensive Optional Displays the most extensive level of packet header information For some protocols you must also use the size option to see extensive information To limit the packet header information displayed by the monitor traffic command include the matching expression option An expression consists of one or more match conditions listed in Table 150 on page 248 enclosed in quotation marks You can combine match conditions by using the logical operators listed in Table 151 on page 250 shown in order of highest to lowest precedence For example to display TCP or UDP packet headers enter the following command userGhost gt monitor traffic matching tcp udp To compare the followin
138. CLI Diagnostic Commands on page 250 Before diagnosing J series Services Routers become familiar with the terms defined in Table 104 on page 209 Table 104 J series Diagnostic Terms Term Definition Don t Fragment DF bit Bit in the IP header that instructs routers not to fragment a packet You might set this bit if the destination host cannot reassemble the packet or if you want to test the path maximum transmission unit MTU for a destination host routing instance Collection of routing tables interfaces and routing protocol interfaces The set of interfaces belongs to the routing tables and the routing protocol parameters control the information in the routing tables loose source routing Option in the IP header used to route a packet based on information supplied by the source A gateway or host must route the packet using the routers specified by this information but the packet can use other routers along the way Diagnostic Terms m 209 J series Services Router Administration Guide Table 104 J series Diagnostic Terms continued Term Definition strict source routing Option in the IP header used to route a packet based on information supplied by the source A gateway or host must route the packet exactly as specified by this information time to live TTL Value octet in the IP header that is usually decremented by 1 for each hop the packet passes through If the field
139. Call 1 888 314 JTAC 1 888 514 5822 toll free in the USA Canada and Mexico For international or direct dial options in countries without toll free numbers visit us at http www juniper net support requesting support html Requesting Technical Support Part 1 Configuring a Services Router for Administration m Managing User Authentication and Access on page 5 m Setting Up USB Modems for Remote Management on page 29 m Configuring SNMP for Network Management on page 47 m Configuring the Router as a DHCP Server on page 63 mw Configuring Autoinstallation on page 81 m Automating Network Operations and Troubleshooting on page 89 Configuring a Services Router for Administration MN 1 J series Services Router Administration Guide 2 HW Configuring a Services Router for Administration Chapter 1 Managing User Authentication and Access You can use either J Web Quick Configuration or a configuration editor to manage system functions including RADIUS and TACACS servers and user login accounts This chapter contains the following topics For more information about system management see the JUNOS System Basics Configuration Guide If the router is operating in a Common Criteria environment see the Secure Configuration Guide for Common Criteria and JUNOS FIPS User Authentication Terms on page 5 User Authentication Overview on page 4 Before You Begin on page 8 Managing User Authentication with Quick Configuration on pa
140. Conflict Detection and Resolution sssssssssss 65 Materace Rest COONS s fesses do ttd dena erede AD t o e Ceo ERR ey 65 BelorexY ou DEAR vene eria eee qe ede ta vede Pec ep ena edet rd dens 66 Configuring the DHCP Server with Quick Configuration 0 0 0 0 66 Configuring the DHCP Server with a Configuration Editor ssssss 72 Verifying a DHCP Server Configuration sssssssss eee 75 Displaying a DHCP Server Configuration sssse 75 Verifying the DHCP Binding Database sssssss He 76 Verifying DHCP Server Operation testen te deter stre o Ee Fede ug 77 Displaying DHCP Statistics vues eec d dee reet Aa eee e dus 79 Configuring Autoinstallation 81 Autoinstallati n Terms o dede sheet ast tro sete rtu uttectte Lote tae tete tuas 81 Autoinstallation OVerVIeW s veces m eec eoe qe Pp one ee au C Ree ges 82 Supported Autoinstallation Interfaces and Protocols sssssssss 82 Typical Autoinstallation Process on a New Services Router 85 Belore YOUIBOBlIl ssec niet aea eate estas teg Latro nde Neq et Ed e ee ptum Pete den 84 Configuring Autoinstallation with a Configuration Editor sssss 85 Verifying AutolnstallatiOB ns etie n rete orte n afe Re eU 86 Verifying Autoinstallation Status Goierriri a aE AR He 86 Automating Network Operations and Troubleshooting 89 Defining and Enforcing Configuration Rules with Commit Scripts 89 Co
141. DHCP Server To use the J Web interface to ping a host see Using the J Web Ping Host Tool on page 216 For more information about the ping command see Pinging Hosts from the CLI on page 250 or the JUNOS System Basics and Services Command Reference Displaying DHCP Statistics Purpose Action Meaning Related Topics Display DHCP statistics including lease times packets dropped and DHCP and BOOTP messages received and sent to verify normal operation Enter the show system services dhcp statistics command to display the DHCP statistics user host gt show system services dhcp statistics Packets dropped Total 0 Messages received BOOTREQUEST 0 DHCPDECLINE 0 DHCPDISCOVER 0 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 78 Messages sent BOOTREPLY 0 DHCPOFFER 0 DHCPACK 78 DHCPNAK 0 Verify the following m The default settings displayed are consistent with your DHCP server configuration m The number of dropped packets and errors is small m DHCPREQUEST messages have been received and DHCPACK messages have been sent For complete descriptions of the show system services dhcp statistics command and output see the JUNOS System Basics and Services Command Reference Displaying DHCP Statistics m 79 J series Services Router Administration Guide 80 1m Displaying DHCP Statistics Chapter 5 Configuring Autoinstallation If you are setting up many J series Services Routers autoinstallation can help automate
142. Data Size Specifies the size of the data partition in kilobytes The data partition is mounted on data This space is not used by the router and can be used for extra storage This selection also partitions the boot medium Type a numeric value in kilobytes The default value is 0 KB Swap Size Specifies the size of the swap partition in kilobytes The swap partition is used for swap files and software failure memory snapshots Software failure memory snapshots are saved to the boot medium only if it is specified as the dump device For information about the setting the dump device see Configuring a Boot Device to Receive Software Failure Memory Snapshots on page 190 This selection also partitions the boot medium Type a numeric value in kilobytes The default value is one third of the physical memory on a boot medium larger than 128 000 KB or 0 KB on a smaller boot device Config Size Specifies the size of the config partition in kilobytes The config partition is mounted on config The configuration files are stored in this partition This selection also partitions the boot medium Type a numeric value in kilobytes The default value is 10 percent of physical memory on the boot medium Root Size Specifies the size of the root partition in kilobytes The root partition is mounted on and does not include configuration files This selection also partitions the boot medium
143. Domain search suffixes mycompany net mylab net Address to exclude from the pool 192 168 2 33 DNS server address 192 168 10 2 Identifier code for router solicitation address option 32 Type choice for router solicitation address option Ip address IP address for router solicitation address option 192 168 2 33 DHCP MAC Address Configuration Static binding MAC address 01 03 05 07 09 0B Fixed address 192 168 2 50 To configure the Services Router as a DHCP server for a subnet and a single client J configuration editor Configuration on page 75 Navigate to the top of the configuration hierarchy in either the J Web or CLI Perform the configuration tasks described in Table 39 on page 74 If you are finished configuring the router commit the configuration To verify DHCP server configuration and operation see Verifying a DHCP Server Configuring the DHCP Server with a Configuration Editor m 73 J series Services Router Administration Guide Table 39 Configuring the DHCP Server Task J Web Configuration Editor CLI Configuration Editor Navigate to the Dhcp server level in the configuration hierarchy 1 Inthe J Web interface select Configuration View and Edit Edit Configuration 2 Next to System click Configure or Edit 5 Next to Services make sure the check box is selected and click Configure or Edit 4 Next to Dhcp click Configure or Edit 5
144. End Upper address in the NAT pool address range Port High Upper port in the NAT pool port range Port Low Lower port in the NAT pool port range Ports In Use Number of ports allocated in this NAT pool Monitoring DHCP A Services Router can operate as a DHCP server To view information about dynamic and static DHCP leases conflicts pools and statistics select Monitor DHCP in the J Web interface or enter the following CLI commands m Show system services dhcp binding m Show system services dhcp conflict m Show system services dhcp pool m Show system services dhcp statistics In addition you can display the globally configured DHCP settings by using the show system services global command from the CLI Table 76 on page 145 summarizes the output fields in DHCP displays Table 76 Summary of DHCP Output Fields Field Values Additional Information DHCP Leases Allocated List of IP addresses the DHCP server has assigned to Address clients MAC Corresponding media access control MAC address Address of the client Using the Monitoring Tools m 143 J series Services Router Administration Guide Table 76 Summary of DHCP Output Fields continued Field Values Additional Information Binding Type of binding assigned to the client dynamic or DHCP servers can assign a dynamic binding from a pool Type static of IP addresses or a static binding to one or more specific IP addresses Lease Date a
145. Fields continued Field Values Additional Information Version DLSw protocol version number Initial Frequency at which packets are sent pacing window Version Juniper Networks software version information string DLSw Circuits Circuit id DLSw circuit ID Local MAC address of the local DLSw peer Address LSAP umber of the local service access point Remote MAC address of the remote DLSw peer address DSAP umber of the destination service access point State or Connectivity status disconnected or connected circuit state Peer or IP address of the remote DLSw peer remote peer address DLSw Peers Peer IP address of the remote DLSw peer State Status of the connection Circuits Number of circuits on the DLSw network Local IP address of the local DLSw peer address Created Time of circuit creation time Connected Length of time that the connection is active time Receive Size of the inital pacing frame initial pacing No circuits Length of time before a circuit becomes inactive timeout 122 gm Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 56 Summary of Key DLSw Routing Information Output Fields continued Field Values Additional Information DLSw Reachability MAC index Number assigned to the remote DLSw peer MAC MAC address of the remote DLSw peer address
146. Figure 10 DHCP Quick Configuration Static Binding Page ROUTER J4300 Diagnose Manage Events jed Help About Logout Quick Configuration Add a DHCP Static Binding DHCP Static Binding Information BEEN Boot Options ssts S DHCP MAC Address F Boot File Fixed IP Address Boot Server Host Name F Client Identifier t Hexadecimal Client Identifier 1 Server Information Server Identifier F Domain Name H Domain Search t Add Delete DNS Name Servers t ag ibas Gateway Routers ial ibas WINS Servers Aaa bows BERNESE quu wot To configure the DHCP server with Quick Configuration 1 Inthe J Web interface select Configuration Quick Configuration DHCP 2 Access a DHCP Quick Configuration page m To configure a DHCP pool for a subnet click Add in the DHCP Pools box m To configure a static binding for a DHCP client click Add in the DHCP Static Binding box m To globally configure settings for existing DHCP pools and static bindings click Configure Global DHCP Parameters Configuring the DHCP Server with Quick Configuration m 69 J series Services Router Administration Guide Enter information into the DHCP Quick Configuration pages as described in Table 57 on page 70 Click one of the following buttons on the DHCP Quick Configuration page m To apply the configuration and return to the Quick Configuration page cli
147. Guide Related Juniper Networks Documentation Mm Xix J series Services Router Administration Guide Table 4 J series Guides and Related JUNOS Software Publications continued Chapter in a J series Guide Corresponding JUNOS Software Manual Configuring IPSec for Secure Packet Exchange JUNOS System Basics Configuration Guide JUNOS Services Interfaces Configuration Guide JUNOS System Basics and Services Command Reference Multicast Overview Configuring a Multicast Network JUNOS Multicast Protocols Configuration Guide JUNOS Routing Protocols and Policies Command Reference Configuring Data Link Switching JUNOS Services Interfaces Configuration Guide JUNOS System Basics and Services Command Reference Policy Framework Overview m JUNOS Policy Framework Configuration Guide m JUNOS Routing Protocols and Policies Command Reference Configuring Routing Policies Configuring NAT m JUNOS Network Interfaces Configuration Guide m JUNOS Policy Framework Configuration Guide Configuring Stateful Firewall Filters and NAT m _JUNOS Services Interfaces Configuration Guide Configuring Stateless Firewall Filters m Secure Configuration Guide for Common Criteria and JUNOS FIPS JUNOS System Basics and Services Command Reference m JUNOS Routing Protocols and Policies Command Reference Class of Service Overview Configuring Class of Service JUNOS Class of Service Configuration Guide JUNOS Sy
148. Host field is the only required field 4 Click Start The results of the traceroute operation are displayed in the main pane If no options are specified each line of the traceroute display is in the following format hop number host ip address as number timel time2 time3 Tracing Unicast Routes from the J Web Interface m 223 J series Services Router Administration Guide The Services Router sends a total of three traceroute packets to each router along the path and displays the round trip time for each traceroute operation If the Services Router times out before receiving a Time Exceeded message an asterisk is displayed for that round trip time Table 115 on page 225 summarizes the output fields of the display 5 Tostop the traceroute operation before it is complete click OK while the results of the traceroute operation are being displayed Figure 23 Traceroute Page ERROR Unresolved graphic fileref 5020256 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Table 112 Traceroute Field Summary Field Function Your Action Remote Host Identifies the destination host of the traceroute Type the hostname or IP address of the destination host Advanced Options Don t Resolve Determines whether hostnames of the hops along m To suppress the display of the hop hostnames Addresses the path are displayed in addition to IP addresses select the chec
149. If the source IP address is not one of the router s assigned addresses the packet uses the outgoing interface s address as its Source 272 HW Configuring RPM with Quick Configuration Table 140 RPM Quick Configuration Summary continued Chapter 14 Configuring RPM Probes Field Function Your Action Routing Instance Particular routing instance over which the probe is sent Type the routing instance name The routing instance applies only to probes of type icmp and icmp timestamp The default routing instance is inet O History Size Number of probe results saved in the probe history Type a number between 0 and 255 The default history size is 50 probes Request Information Probe Type required Specifies the type of probe to send as part of the test Select the desired probe type from the list http get http get metadata icmp ping icmp ping timestamp tcp ping udp ping Interval Sets the wait time in seconds between each probe transmission Type a number between 1 and 255 seconds Test Interval required Sets the wait time in seconds between tests Type a number between 0 and 86400 seconds Probe Count Sets the total number of probes to be sent for each test Type a number between 1 and 15 Destination Port Specifies the TCP or UDP port to which probes are sent To use TCP or UDP probes you must configure the remote server as a prob
150. If you are using the CLI commit the configuration by entering the commit command To check the configuration see Verifying Autoinstallation on page 86 Configuring Autoinstallation with a Configuration Editor m 85 J series Services Router Administration Guide Table 42 Configuring Autoinstallation Task J Web Configuration Editor CLI Configuration Editor Navigate to the System level in the configuration hierarchy 1 Inthe J Web interface select Configuration gt View and Edit gt Edit Configuration 2 Next to System click Configure or Edit From the edit hierarchy level enter edit system Enable autoinstallation Select Autoinstallation and then click Configure Specify the URL address of one or more servers from which to obtain configuration files For example tftp tftpconfig sp com ftp user password sftpconfig sp com 1 Next to Configuration servers click Add new entry 2 Type the location of the configuration server in the Url box 5 Ifa password is required for server access type it into the Password box 4 Click OK to return to the Autoinstallation page Enter set autoinstallation configuration servers url Configure one or more Ethernet or serial interfaces to perform autoinstallation 1 Next to Interfaces click Add new entry 2 Type the name of the interface into the Interface name box for example ge 0 0 0 5 Click OK
151. J series Services Router Administration Guide Release 9 1 Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale California 94089 USA 408 745 2000 www juniper net Part Number 530 023932 01 Revision 1 This product includes the Envoy SNMP Engine developed by Epilogue Technology an Integrated Systems Company Copyright 9 1986 1997 Epilogue Technology Corporation All rights reserved This program and its documentation were developed at private expense and no part of them is in the public domain This product includes memory allocation software developed by Mark Moraes copyright 9 1988 1989 1995 University of Toronto This product includes FreeBSD software developed by the University of California Berkeley and its contributors All of the documentation and software included in the 4 4BSD and 4 4BSD Lite Releases is copyrighted by the Regents of the University of California Copyright 1979 1980 1985 1986 1988 989 1991 1992 1995 1994 The Regents of the University of California All rights reserved GateD software copyright 1995 the Regents of the University All rights reserved Gate Daemon was originated and developed through release 5 0 by Cornell University and its collaborators Gated is based on Kirton s EGP UC Berkeley s routing daemon routed and DCN s HELLO routing protocol Development of Gated has been supported in part by the National Science Foundation Portions of the GateD software copy
152. NOS software request system set encryption key algorithm des Sets the encryption key and specifies configuration file encryption by DES request system set encryption key unique Sets the encryption key and enables default configuration file encryption with a unique encryption key that includes the chassis serial number of the Services Router Configuration files encrypted with the unique key can be decrypted only on the current router You cannot copy such configuration files to another router and decrypt them request system set encryption key unique des Sets the encryption key and specifies configuration file encryption by DES with a unique encryption key For example user host gt request system set encryption key Enter EEPROM stored encryption key At the prompt enter the encryption key The encryption key must have at least 6 characters Enter EEPROM stored encryption key juniperl Verifying EEPROM stored encryption key At the second prompt reenter the encryption key Enter configuration mode in the CLI To enable configuration file encryption to take place enter the following commands userGhost edit system 204 1H Encrypting and Decrypting Configuration Files Chapter 11 Managing Files userGhost set encrypt configuration files 7 To begin the encryption process commit the configuration user host commit commit complete Decrypting Configuration Files To disable the encryptio
153. NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN THEN A DO NOT DOWNLOAD INSTALL OR USE THE SOFTWARE AND B YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS 1 The Parties The parties to this Agreement are Juniper Networks Inc and its subsidiaries collectively Juniper and the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license s for use of the Software Customer collectively the Parties 2 The Software In this Agreement Software means the program modules and features of the Juniper or Juniper supplied software and updates and releases of such software for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller Embedded Software means Software which Juniper has embedded in the Juniper equipment 5 License Grant Subject to payment of the applicable fees and the limitations and restrictions set forth herein Juniper grants to Customer a non exclusive and non transferable license without right to sublicense to use the Software in executable form only subject to the following use restrictions a Customer shall use the Embedded Software solely as embedded in and for execution on Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller b Customer shall use the Software on a single hardware chassis having a single processing unit or as many chas
154. Network Management and Troubleshooting with Operation Scripts MN 93 J series Services Router Administration Guide userGhost op filename xsl Disabling Operation Scripts If you do not want an operation script to run you can disable it by deleting or deactivating it in the configuration Deleting an operation script permanently removes it from the configuration To run the script later you must reenable the script as described in Enabling Operation Scripts on page 95 Deactivating an operation script disables the script until you activate it later To delete an operation script do the following 1 From configuration mode in the CLI enter the following command userGhost delete system scripts op filename xsl 2 Commit the configuration user host commit commit complete To deactivate an operation script 1 From configuration mode in the CLI enter the following command user host deactivate system scripts op filename xsl 2 Commit the configuration user host commit commit complete NOTE You can later reactivate the operation script using the activate system scripts op filename xs command Running Self Diagnostics with Event Policies 94 To diagnose a fault or error condition on a routing platform you need relevant information about the state of the platform You can derive state information from event notifications Event notifications are system log messages and Simple Network Management Proto
155. Option Number of packets dropped due to the inspection of the IP options field of the packet TCP SYN Defense Number of packets dropped due to the SYN defender which prevents denial of service DoS attacks NAT Ports Exhausted Number of packets dropped because the router has no available NAT ports to assign for a given source address For more information about these match conditions see the J series Services Router Advanced WAN Access Configuration Guide and the JUNOS Services Interfaces Configuration Guide Using the Monitoring Tools m 137 J series Services Router Administration Guide Table 70 Summary of Key Stateful Firewall Statistics Output Fields continued Field Values Errors Number of protocol errors detected IP Number of IPv4 errors for example Minimum IP header length check failures TCP Number of TCP errors for example Source or destination port number is zero m UDP Number of UDP errors for example IP data length less than minimum UDP header length 8 bytes ICMP Number of ICMP errors for example Duplicate ping sequence number m Non P Packets Number of errors in packets that are not IPv4 packets ALG Number of application level gateway ALG errors For a complete list of protocol errors that are counted see the description of the show services stateful firewall statistics command in the JUNOS System Basics and Services Command Reference Monitoring Stateful Fir
156. Process Information ssssee 110 Monitoring the Chassis ecd fente ro eee a e i a P gere e en 111 Monitoring the Interfaces cie tee Deere EM e bt eame ete td 115 Monitoring Routing Information ssssss ee 115 Monitoring Route Information sescent ais 116 Monitoring BGP Routing Information sssssssssse 117 Monitoring OSPF Routing Information sss 119 Monitoring RIP Routing Information ssssssss 120 Monitoring DLSw Routing Information s 121 Monitoring Class of Service Performance sssssss 125 Monitoring CoS Interfaces ssssssssssss He 125 Monitoring CoS Classiflers metere e bep ten des 124 Monitoring CoS Value Aliases yeten rona ere a iS 125 Monitoring CoS RED Drop Profiles sssssssss 126 Monitoring CoS Forwarding Classes ssssssR 127 Monitoring CoS Rewrite Rules sss 128 Monitoring CoS Scheduler Maps ssssss 129 Monitoring MPLS Traffic Engineering Information 0 0 eee 130 Monitoring MPLS Interfaces soninn A E A 131 Monitoring MPLS LSP Information sssss 131 Monitoring MPLS LSP Statistics iie hei ii bie 152 Monitoring RSVP Session Information eerren 155 Monitoring MPLS RSVP Interfaces Information sssssssss 154 MonitorinS Service Sets xi metes petet e RR D ql EP Deni Enos 155 MONTONE Firewalls sas miesni t RR bt e ated A 156 Monitoring Stateful Firewall Statistics
157. R J4300 Monitor Diagnose e E Help About View and Edit Quick Configuration mea a AE E AE A ES A Rescue Global DHCP Parameters Use the button below to configure global DHCP server parameters These parameters will be inherited by any pools or static bindings that you set up This option is useful if you have many pools or static bindings and wish to only specify this shared information once Configure Global DHCP Parameters DHCP Pools DHCP is not configured to listen on any subnets DHCP Static Binding DHCP is not configured to listen for any MAC addresses URP ALAAN NAS Configuring the DHCP Server with Quick Configuration W 67 J series Services Router Administration Guide Figure 9 DHCP Quick Configuration Pool Page amp Juniper ROUTER 24300 Quick Configuration DHCP Add 8 DHCP Pool DHCP Pool Information Lease Time DHCP Subnet gt Maximum Lease Time Seconds D Address Range Low t Default Lease Time Seconds t Address Range High gt Exclude Addresses 1 Bu jos Server information Boot Options Server Identifier t Boot File 1 Domain Name Boot Server E Domain Search Aad Delete DNS Name Servers a Deine Gateway Routers a reus WINS Servers Ada eie ze eese Jualper your Not 68 Configuring the DHCP Server with Quick Configuration Chapter 4 Configuring the Router as a DHCP Server
158. RE IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER SUPPLIED SOFTWARE EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE WHETHER EXPRESS IMPLIED STATUTORY OR OTHERWISE INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE WILL OPERATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort including negligence breach of warranty or otherwise exceed the price paid by Customer for the Software that gave rise to the claim or if the Software is embedded in another Juniper product the price paid by Customer for such other product Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein that the same reflect an allocation of risk between the Parties including the risk that a contract remedy may fail of its essential purpose and cause consequential loss and that the same form an essential basis of the bargain between the Parties 9
159. S SeGtebs oti ola sete OP eds 9 retry WMS fiat estt rtt Net ha baden 26 root password recovering 21 setting login retry limits 26 TAOACS F SEGLET roseo o mgeredeo reet 10 paths multicast tracing usas cte thee et 240 PC See management device PCAP See packet capture peers BGP See BGP neighbors BGP RPM probes peers DLSw connection information 122 IPzaddEess 25e ette sei AM did tet as td us 121 reachability information 125 performance monitoring See RPM permission bits for login classes 6 permissions denying and allowing commands sss 7 predefiried dod rer ote ue Marcas fee cee 5 physdiskwrite utility for compact flash recovery 192 physical interfaces COS itp ti ee 125 PIC See PIMs PIMs Physical Interface Modules checking power and heat status 111 CPU usage in FPC summary 115 DRAM available in FPC summary 115 failufe o iib costes tit eee te Peas ett utente 171 heap and buffer space used in FPC Cisigdiqg 1n 115 major red alam eer etd 171 PIM number always 0 112 slot number in FPC summary sess 115 slot status in FPC summary 115 emperature in FPC summary sssssse 115 ping host reachability CL iasaiten 250 host reachability J Web ssssssssse 216 CMP proDesa euet toe 276 iridi CATIONS sisi tiie ps eerte rere Bet Hee rne 218 RPM probes See RPM probes TCP nd UDP DprOD6S neo ea
160. SW poroista Nie eaba aa AE E Ei health of the router See SNMP health monitor DSinformation o i isesi i a E n 139 RE SSO CUPIEY E eE E EEE A utri d 140 KE security associations 141 intertaces i oe e a eed a nete tetds 115 245 PSEC TUNNE S ossi ec Ae e LEA tas 140 J Web options and corresponding CLI COMMIMANGS se detener e ee nera 102 Layer 2 Cif CUIUS ste pee eet re its 219 Layer 2 VPNS vc a tenuti eie pec tot EA s 219 Layer VPNS diet RARE PER E EEEE 219 MPLS traffic engineering 150 151 152 155 154 Multicast paths ruriri rete traer Ea 240 NAT POOS utain e STAR ed 142 network interface traffic 246 POTTS E 115 PPP GED tto Mitte M ettet tes bateltods 147 PPPOE id ulshan tein ase scott ud mre gs 148 preparatiotl ete pee et eater 106 215 ninm 120 router health See SNMP health monitor routing informatior tec sete code ce eer 115 routing tables ei se eot ce ABD coos ds 116 RPM Probes 4 haec e teet 145 SELVICE SelS souder ODE 155 SERVICES IDLerfates iei eR deett tes tent 155 SNMP health monitor See SNMP health monitor stateful firewall filters system log messages Index mM 299 J series Services Router Administration Guide Systerm logs cii f Ple tb re s 244 system process information 110 system properties TGMP550 45 o tnde RR EC erp poe err PR p E RLS MACE Bless pev s e eee ed tas MOURA scone dud a ML ee E sess i Er Lue MPLS Multiprotocol Label Switching connections ch
161. Server for Authentication on page 9 m Configuring System Authentication on page 10 m Adding New Users on page 11 Adding a RADIUS Server for Authentication 8 m Before You Begin You can use the Users Quick Configuration page for RADIUS servers to configure a RADIUS server for system authentication This Quick Configuration page allows you to specify the IP address and secret password of the RADIUS server Figure 1 on page 8 shows the Users Quick Configuration page for RADIUS servers Figure 1 Users Quick Configuration Page for RADIUS Servers ERROR Unresolved graphic fileref s020241 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To configure a RADIUS server with Quick Configuration 1 In the J Web interface select Configuration gt Quick Configuration gt Users 2 Under RADIUS servers click Add to configure a RADIUS server 3 Enter information into the Users Quick Configuration page for RADIUS servers as described in Table 8 on page 9 4 Click one of the following buttons on the Users Quick Configuration page for RADIUS servers m To apply the configuration and return to the Users Quick Configuration page click OK Chapter 1 Managing User Authentication and Access m Tocancel your entries and return to the Users Quick Configuration page click Cancel Table 8 Users Quick Configuration for RADIUS Servers Summary Field Function Your Action RADIUS Server
162. Specifies the port on which the Services Router isto Type the number 7 a standard TCP or UDP receive and transmit UDP probes port number or a port number from 49152 through 65555 Configuring RPM with a Configuration Editor To configure the Services Router to perform real time performance tests you perform the following tasks For information about using the J Web and CLI configuration editors see the J series Services Router Basic LAN and WAN Access Configuration Guide a Configuring Basic RPM Probes on page 276 m Configuring TCP and UDP Probes on page 279 m Tuning RPM Probes on page 282 m Configuring RPM Probes to Monitor BGP Neighbors on page 285 Configuring Basic RPM Probes To configure basic RPM probes you must configure the probe owner the test and the specific parameters of the RPM probe For ICMP ping ICMP ping timestamp UDP ping and UDP ping timestamp probes you can also set a timestamp to improve the measurement of latency or jitter The probe is timestamped by the router originating the probe the RPM client In this sample use of RPM basic probes are configured for two customers Customer A and Customer B The probe for Customer A uses ICMP timestamp packets and sets RPM thresholds and corresponding SNMP traps to catch lengthy inbound times The 276 HW Configuring RPM with a Configuration Editor Table 141 Configuring Basic RPM Probes Chapter 14 Configuring RPM Probes probe for Customer B uses H
163. TTP packets and sets thresholds and corresponding SNMP traps to catch excessive lost probes To configure these RPM probes 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 141 on page 277 If you are finished configuring the network commit the configuration Go on to one of the following procedures m To configure a TCP or UDP probe see Configuring TCP and UDP Probes on page 279 m To tune a probe see Tuning RPM Probes on page 282 m To check the configuration see Verifying an RPM Configuration on page 285 Task J Web Configuration Editor CLI Configuration Editor Navigate to the Services gt RPM levelin 1 Inthe J Web interface select From the edit hierarchy level enter the configuration hierarchy Configuration View and Edit Edit Configuration edit services rpm 2 Next to Services click Configure or Edit 3 Next to Rpm select the Yes check box 4 Click Configure Configure the RPM owners customerA 1 Inthe Probe box click Add new 1 Enter and customerB entry 2 Inthe Owner box type customerA SE Probe customerA Click OK Ge TERIS 4 Repeat the previous steps and add set probe customerB an RPM probe owner for customerB Configuring RPM with a Configuration Editor WM 277 J series Services Router Administration Guide Table 141 Configuring Basic RPM Prob
164. Technical Support on page xxi m Ifthe router has an air filter check the air filter and replace it if it appears clogged See the Getting Started Guide for your router Routing Engine fan has failed Replace the failed fan To contact JTAC see Requesting Technical Support on page xxi Red major Alarm Overview WM 171 J series Services Router Administration Guide System Alarm Conditions and Corrective Actions Table 91 on page 172 lists the two preset system alarms the condition that triggers each alarm and the action you take to correct the condition Table 91 System Alarm Conditions and Corrective Actions Alarm Type Alarm Condition Corrective Action Configuration The rescue configuration is not set Set the rescue configuration For instructions see the J series Services Router Basic LAN and WAN Access Configuration Guide License You have configured at least one software feature that requires a feature license but no valid license for the feature is currently installed NOTE This alarm indicates that you are in violation of the software license agreement You must install a valid license key to be in compliance with all agreements Install a valid license key For instructions see the Getting Started Guide for your router Before You Begin Before you begin configuring and monitoring alarms complete the following tasks Establish basic conn
165. Termination Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein Upon such termination Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer s possession or control 10 Taxes All license fees for the Software are exclusive of taxes withholdings duties or levies collectively Taxes Customer shall be responsible for paying Taxes arising from the purchase of the license or importation or use of the Software 11 Export Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority and not to export or re export the Software or any direct product thereof in violation of any such restrictions laws or regulations or without all necessary approvals Customer shall be liable for any such violations The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer s ability to export the Software without an export license 12 Commercial Computer Software The Software is commercial computer software and is provided with restricted rights Use duplication or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227 7201 through 227 7202 4 FAR 12 212 FAR 27 405 b 2 FAR 52 2
166. This section contains the following topics a Monitoring Stateful Firewall Statistics on page 157 a Monitoring Stateful Firewall Filters on page 158 Monitoring Firewall Intrusion Detection Services IDS on page 159 Monitoring Stateful Firewall Statistics To view stateful firewall filter statistics in the J Web interface select Monitor Firewall Statistics Summary Alternatively enter the CLI command show services stateful firewall statistics Table 70 on page 157 summarizes key output fields for stateful firewall filter statistics Table 70 Summary of Key Stateful Firewall Statistics Output Fields Field Values Interface ame of the services interface on which the service set is applied Service Set ame of the service set Accept umber of packets accepted by all rules defined in the service set Discard umber of packets discarded by all rules defined in the service set Reject umber of packets rejected by all rules defined in the service set New flows umber of packets matching rules defined in new flows Accept Number of packets accepted Discards Number of packets discarded Rejects Number of packets rejected Existing flows Number of packets matching rules defined in existing flows Accept Number of packets accepted Discards Number of packets discarded Rejects Number of packets rejected Drops Number of packets dropped due to the following match conditions IP
167. U CF0122 m MediaGear USB 2 0 Combo 9 in 4 model MGTR100 m AVP USB 8 in 1 Card Reader model UC 28 m Inland Multi Plus Card Reader part number 08510 m HummingBird Multi Card Reader HCR 81 Recovery Software Software appropriate for your system UNIX with PCMCIA drivers Windows 2000 or Windows XP Systems running Windows require additional m WinZip gzip or a similar compression utility software m A utility such as the following that allows you to write files to unformatted devices m Norton Ghost m dd utility from the Cygwin package m physdiskwrite utility Configuring Internal Compact Flash Recovery To recover an internal compact flash with a corrupt or missing operating system you must remove the corrupt internal compact from the J series Services Router plug it into a PC with a PCMIA adapter or USB card reader copy the JUNOS recovery software package onto it and reinstall on the router For instructions about how to remove and install an internal compact flash see the Getting Started Guide for your router 192 1H Recovering Primary Boot Devices Chapter 10 Performing Software Upgrades and Reboots Recovery software packages are available from the same location as J series upgrade software packages See Downloading Software Upgrades from Juniper Networks on page 181 To recover an internal compact flash 1 Plug the compact flash into a PCMCIA adapter or USB card reader 2 Plug the PCMCIA adapter or USB
168. Weta a o ated as 214 USING c resti c at teste MENT 221 Locate LSP using interface name descriptione coetu Eee 214 WSIFIgas eic o tu RAE LL LE t desee 220 log files archiVitig ios dae ete Hr agua pear dye 199 deleting unused TES tiie ne tette 199 LOCATING i usse eter un stet heir cec dae cete e eve 199 Log Files page Download 200 log messages See system log messages logging facilities oscar E bar etin hs 157 logging severity levels esee pore ette d 158 logical interfaces COS 125 logical operators for multicast traffic 250 login classes Common Criteria information 5 defining configuration editor 0 16 perrmissior bDItsitOL ant n eee eter tg ie 6 predefined permissions 5 specifying Quick Configuration 11 login retry limits Settitlg sesd oec erue pet cents 26 logii time displaying sc ssscecte eaedem 108 logs See system logs loopback address displaying 108 loss priority C05 ot cetetie me e cde eret 150 LSPs label switched paths information about oro cie 152 monitoring with ping MPLS eee 219 SEatistICS eo eed erupit ede e etd eie 155 M MAC media access control addresses configured displaying nescio roi metes 115 hardware displaying eti tiaa eaea 115 major red alarms action required scu ee ot A eds 175 descriptor Je ete better te rp to 167 PIM Ss uero oso dtt ite heidi tpeseduat ats 171 Routine EDglrie d uec tte ve ote 171 management device c
169. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant The JUNOS software has no known time related limitations through the year 2058 However the NTP application is known to have some difficulty in the year 2056 SOFTWARE LICENSE The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or to the extent applicable to any reseller agreement or end user purchase agreement executed between you and Juniper Networks By using this software you indicate that you understand and agree to be bound by those terms and conditions Generally speaking the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses The software license may state conditions under which the license is automatically terminated You should consult the license for further details For complete product documentation please see the Juniper Networks Web site at www juniper net techpubs End User License Agreement READ THIS END USER LICENSE AGREEMENT AGREEMENT BEFORE DOWNLOADING INSTALLING OR USING THE SOFTWARE BY DOWNLOADING INSTALLING OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN YOU AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER AS A REPRESENTATIVE AGENT AUTHORIZED TO BIND THE CUSTOMER CONSENT TO BE BOUND BY THIS AGREEMENT IF YOU DO
170. a Yellow alarm is detected on a T1 DS1 link 1 Inthe Dst field click Configure 2 From the the Ylw list select red 5 Click OK Enter set ds1 ylw red Configure the system to generate a red interface alarm when a link down failure is detected on an Ethernet link 1 Inthe Ethernet field click Configure 2 From the Link down list select red 5 Click OK Enter set ethernet link down red Configure the system to generate the following interface alarms on a serial link m Yellow alarm when no CTS signal is detected m Yellow alarm when no DCD signal is detected m Red alarm when the receiver clock is not detected m Red alarm when the transmission clock is not detected 1 Inthe Serial field click Configure 2 From the Cts absent list select yellow 5 From the Dcd absent list select yellow 4 From the Loss of rx clock list select red 5 From the Loss of tx clock list select red 6 Click OK 1 Enter set serial cts absent yellow 2 Enter set serial dcd absent yellow 5 Enter set serial loss of rx clock red 4 Enter Set serial loss of tx clock red Configure the system to generate the following interface alarms on a T5 link m Red alarm when the remote endpoint is experiencing a Red failure m Yellow alarm when the upstream bit stream has more consecutive zeros than are permitted m Red alarm when there is a loss of signal on
171. aces To view the interfaces on which MPLS is configured select Monitor gt MPLS gt Interfaces or enter the following CLI command show mpls interface Table 64 on page 131 summarizes key output fields in the MPLS interface information display Table 64 Summary of Key MPLS Interface Information Output Fields Field Values Additional Information Interface Name of the interface on which MPLS is configured State State of the specified interface Up or Dn down Administrative groups Administratively assigned colors of the MPLS link configured on the interface Monitoring MPLS LSP Information To view all label switched paths LSPs configured on the Services Router including all inbound ingress outbound egress and transit LSP information select Monitor gt MPLS gt LSP Information or enter the following CLI command show mpls Isp Table 65 on page 131 summarizes key output fields in the MPLS LSP information display Table 65 Summary of Key MPLS LSP Information Output Fields Field Values Additional Information Ingress LSP Information about LSPs on the inbound router Each session has one line of output Egress LSP Information about the LSPs on the outbound MPLS learns this information by querying RSVP router Each session has one line of output which holds all the transit and outbound session information Transit LSP Number of LSPs on the transit routers and the MPLS learns t
172. aintenance Can perform system maintenance including starting a local shell on the router and becoming the superuser in the shell by issuing the su root command and can halt and reboot the router using the request system commands network Can access the network by entering the ping ssh telnet and traceroute commands reset Can restart software processes using the restart command and can configure whether software processes are enabled or disabled at the edit system processes hierarchy level rollback Can use the rollback command to return to a previously committed configuration other than the most recently committed one routing Can view general routing routing protocol and routing policy configuration information in configuration and operational modes 6 m User Authentication Overview Chapter 1 Managing User Authentication and Access Table 7 Permission Bits for Login Classes continued Permission Bit Access routing control Can view general routing routing protocol and routing policy configuration information and configure general routing at the edit routing options hierarchy level routing protocols at the edit protocols hierarchy level and routing policy at the edit policy options hierarchy level secret Can view passwords and other authentication keys in the configuration secret control Can view passwords and other authentication keys in the configuration
173. alues Additional Information Interface Summary Interface Name of interface Name See the interface naming conventions in the j series Services Router Basic LAN and WAN Access Configuration Guide Click an interface name to see more information about the interface Channelized interfaces appear as two interfaces which can both be monitored For example m If ce1 3 0 0 is configured as a clear channel you can monitor ce1 3 0 0 and e1 3 0 0 m Ifct1 3 0 1 is channelized you can monitor ct1 3 0 1 and ds 3 0 1 1 Oper State Link state of the interface Up or Down The operational state is the physical state of the interface If the interface is physically operational even if it is not configured the operational state is Up An operational state of Down indicates a problem with the physical interface Admin State Whether the interface is enabled up Up or disabled Down Interfaces are enabled by default To disable an interface m Inthe J Web configuration editor select the Disable check box on the Interfaces gt interfaces name page m Inthe CLI configuration editor add the disable statement at the edit interfaces interfaces name level of the configuration hierarchy Description Configured description for the interface Interface interface name State Link state of the interface Up or Down The operational state is the physical state of the interface If the interface
174. an SNMP manager next queries that agent SNMP traps are unsolicited notifications that are triggered by events on the host When you configure a trap you specify the types of events that can trigger trap messages and you configure a set of targets to receive the generated messages SNMP traps enable an agent to notify a network management system NMS of significant events You can configure an event policy action that uses system log messages to initiate traps for events The traps enable an SNMP trap based application to be notified when an important event occurs You can convert any system log message that has no corresponding traps into a trap This feature helps you to use NMS traps rather than system log messages to monitor the network Spoofing SNMP Traps You can use the request snmp spoof trap operational mode command to mimic SNMP trap behavior The contents of the traps the values and instances of the objects carried in the trap can be specified on the command line or they can be spoofed automatically This feature is useful if you want to trigger SNMP traps from routers and ensure they are processed correctly within your existing network management infrastructure but find it difficult to simulate the error conditions that trigger many of the traps on the router For more information see the JUNOS System Basics and Services Command Reference SNMP Health Monitor The SNMP health monitor feature uses existing SNMP remote monitorin
175. and Function start Exits the CLI and starts a UNIX shell configuration Enters configuration mode For details see the Getting Started Guide for your router quit Exits the CLI and returns to the UNIX shell MPLS Connection Checking Use either the J Web ping MPLS diagnostic tool or the CLI ping mpls command to diagnose the state of label switched paths LSPs Layer 2 and Layer 5 virtual private networks VPNs and Layer 2 circuits When you use the ping MPLS feature from a Services Router operating as the inbound ingress node at the entry point of an LSP or VPN the router sends probe packets into the LSP or VPN Based on how the LSP or VPN outbound egress node at the remote endpoint of the connection replies to the probes you can determine the connectivity of the LSP or VPN Each probe is an echo request sent to the LSP or VPN exit point as an MPLS packet with a UDP payload If the outbound node receives the echo request it checks the contents of the probe and returns a value in the UDP payload of the response packet If the Services Router receives the response packet it reports a successful ping response Responses that take longer than 2 seconds are identified as failed probes Table 107 on page 215 summarizes the options for using either the J Web ping MPLS diagnostic tool or the CLI ping mpls command to display information about MPLS connections in VPNs and LSPs Table 107 Options for Checki
176. and analyze them offline using packet analyzers such as Ethereal J Web packet capture does not capture transient traffic Alternatively you can use the CLI monitor traffic command to capture and display packets matching a specific criteria For details see Using the monitor traffic Command on page 246 To capture transient traffic and entire IPv4 data packets for offline analysis you must configure packet capture with the J Web or CLI configuration editor For details see Configuring Packet Capture on page 253 This section contains the following topics m Using J Web Packet Capture on page 226 m Packet Capture Results and Output Summary on page 229 Using J Web Packet Capture 226 m To use J Web packet capture 1 Select Diagnose Packet Capture 2 Enter information into the Packet Capture page Figure 24 on page 227 as described in Table 114 on page 227 The sample configuration in Table 114 on page 227 captures the next 10 TCP packets originating from the IP address 10 1 40 48 on port 25 and passing through the Gigabit Ethernet interface ge 0 0 0 3 To save the captured packets to a file or specify other advanced options click the expand icon next to Advanced options and enter information as described in Table 114 on page 227 4 Click Start The captured packet headers are decoded and displayed in the Packet Capture display see Figure 25 on page 229 Table 115 on page 229 summarizes the output fields of the
177. and can modify them in configuration mode security Can view security configuration in configuration mode and with the show configuration operational mode command security control Can view and configure security information at the edit security hierarchy level shell Can start a local shell on the router by entering the start shell command snmp Can view SNMP configuration information in configuration and operational modes snmp control Can view SNMP configuration information and configure SNMP at the edit snmp hierarchy level system Can view system level information in configuration and operational modes system control Can view system level configuration information and configure it at the edit system hierarchy level trace Can view trace file settings in configuration and operational modes trace control Can view trace file settings and configure trace file properties view Can use various commands to display current systemwide routing table and protocol specific values and statistics Template Accounts Denying or Allowing Individual Commands By default all top level CLI commands have associated access privilege levels Users can execute only those commands and view only those statements for which they have access privileges For each login class you can explicitly deny or allow the use of operational and configuration mode commands that are otherwise permitted
178. and report the Celsius temperature of PIMs CPU Total Total percentage of CPU being used by the Utilization FPC or PIM processor 76 Interrupt Of the total CPU being used by the FPC or PIM processor the percentage being used for interrupts Memory Total DRAM in megabytes available to the FPC or DRAM MB PIM processor Utilization Heap Percentage of heap space dynamic memory If the heap space utilization exceeds 80 percent a 76 being used by the FPC or PIM processor memory leak might be occurring Buffer Percentage of buffer space being used by the FPC or PIM processor for buffering internal messages Monitoring the Interfaces The interface information is divided into multiple parts To view general interface information such as available interfaces operation states of the interfaces and descriptions of the configured interfaces select Monitor Interfaces in the J Web Using the Monitoring Tools m 113 J series Services Router Administration Guide interface To view interface specific properties such as administrative state or traffic statistics in the J Web interface select the interface name on the Interfaces page Alternatively enter the following CLI show commands m show interfaces terse m show interfaces detail m show interfaces interface name Table 51 on page 114 summarizes key output fields in interfaces displays Table 51 Summary of Key Interfaces Output Fields Field V
179. anne iasan a 172 console port SECULIN E iison ei a Netto 25 DHCP interface restrictions 65 individual port types monitoring sisse eth deg power management chassis PPP Point to Point Protocol CHAP on dialer interfaces mni irosei Siia 37 monitoring CED deseos eset roo a a i 147 PPPOE Point to Point Protocol over Ethernet irte Ff aCes c tue eel ot go et edis 148 MONITORE E ED ME bala dans nae 148 SESSION Status ciis tice th ree rat ERE EE E nah 148 302 m index SEatISLICS orte ecdstab n E vane Ped OR eei ede ERG 149 version information sssssssss 150 printf statements onere ne e prre AE E edi oes 92 probe loss MONLONN Go se E E arat e de tes 146 threshold Setting ansni eee ees 274 probes monitoring stet ta ote seer 145 148 See also RPM probes process command displaying 110 process ID displaying sss 110 process information system monitoring 110 process owner displaying 110 process sleep state displaying 111 process start time displaying ees 111 process status displaying sssssssss 110 process terminal displaying 110 properties system monitoring ee 107 protocol version DLS Wuori erp san E 122 protocols DHCP See DHCP DLSW MONILOTING eerren pani cs E E ETTER T EES 121 originating displaying 116 OSPF monitoring PPP monitoring RIP monitoring routing protocols monitoring
180. ap file fe 0 0 1 is renamed pcap file fe 0 0 1 0 This process continues until the maximum number of files is exceeded and the oldest file is overwritten The pcap file fe 0 0 1 file is always the latest file Packet capture files are not removed even after you disable packet capture on an interface Analysis of Packet Capture Files 256 m Packet capture files are stored in libpcap format in the var tmp directory You can specify user or administrator privileges for the files Packet capture files can be opened and analyzed offline with tcpdump or any packet analyzer that recognizes the libpcap format You can also use FTP or the Session Control Protocol SCP to transfer the packet capture files to an external device NOTE Disable packet capture before opening the file for analysis or transferring the file to an external device with FTP or SCP Disabling packet capture ensures that the internal file buffer is flushed and all the captured packets are written to the file To disable packet capture on an interface see Disabling Packet Capture on page 261 Packet Capture Overview Chapter 13 Configuring Packet Capture For more details about analyzing packet capture files see Verifying Captured Packets on page 264 Before You Begin Before you begin configuring packet capture complete the following tasks m Establish basic connectivity See the Getting Started Guide for your router m Configure network interfaces See th
181. appears in red After you view the alarms Alarms returns to white If new alarms become active Alarms is red until you again display the View Alarms page Figure 15 on page 174 shows the View Alarms summary page Click an alarm in the list of active alarms to display a detailed alarm message Figure 13 J Web View Alarms Summary Page ERROR Unresolved graphic fileref s020252 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Table 93 on page 174 summarizes the output fields on the alarms page Table 93 Summary of Key Alarm Output Fields Field Values Additional Information Alarm Summary New Viewed status of the alarm either Yes a new alarm After you have once displayed the View Alarms page or No a previously viewed alarm any new alarms that appear on the page during the same J Web session are identified as previously viewed 174 1H Checking Active Alarms Table 93 Summary of Key Alarm Output Fields continued Chapter 9 Configuring and Monitoring Alarms Field Values Additional Information Received at Date and time when the alarm condition was detected Severity Alarm severity either major red or minor yellow A major red alarm condition requires immediate action A minor yellow condition requires monitoring or maintenance Subject Brief synopsis of the alarm Clicking the alarm subject displays a detailed alarm message D
182. ask J Web Configuration Editor CLI Configuration Editor Navigate to the Retry options level in the configuration hierarchy i In the J Web interface select Configuration View and Edit Edit Configuration From the edit hierarchy level enter edit system login 2 Next to System click Edit retry options 5 Next to Login click Configure or Edit 4 Next to Retry options click Configure or Edit Configure password retry limits for Telnet and SSH access 1 In the Tries before disconnect 1 Enter A box type 4 m Tries Maximum number of consecutive password sat retries before a SSH or Telnet sessions is disconnected 2 In the Backoff threshold box tries before disconnect The default number is 10 but you can set a number type 2 A between 1 and 10 5 In the Backoff factor box type m Backoffthreshold Threshold number of password 5 2 Enter retries after which a delay is introduced between two consecutive password retries The default number is 4 In the Minimum time box type set backoff threshold 2 but you can set a number between 1 and 3 40 2 m XBackoff factor Delay in seconds between 5 Click OK 5 Enter consecutive password retries after the threshold number of password retries The default delay is in set backoff factor 5 multiples of 5 seconds but you can set a delay between 5 and 10 seconds 4 Enter m Minimum time Minimum length of time in seconds during which a Tel
183. ate of the router when it failed After you reboot the system the dump device is checked for a snapshot as part of the operating system boot process If a snapshot is found it is written to the crash dump directory on the router var crash The customer support team can examine this memory snapshot to help determine the cause of the system software failure NOTE If the swap partition on the dump device medium is not large enough for a system memory snapshot either a partial snapshot or no snapshot is written into the crash dump directory Enter the set system dump device CLI command with the following syntax userGhost gt set system dump device boot device compact flash removable compact flash usb Table 99 on page 191 describes the set system dump device command options 190 Configuring Boot Devices Chapter 10 Performing Software Upgrades and Reboots Table 99 CLI set system dump device Command Options Option Description boot device Uses whatever device was booted from as the system software failure memory snapshot device compact flash Uses the internal compact flash as the system software failure memory snapshot device removable compact flash Uses the compact flash on the front of the router J4500 and J6300 only as the system software failure memory snapshot device usb Uses the device attached to the USB port as the system software failure memory snapshot device Recoveri
184. ation edit interfaces umdO 2 Next to Interfaces click Configure or Edit Administering USB Modems M 41 J series Services Router Administration Guide Table 29 Modifying USB Modem Initialization Commands continued Task J Web Configuration Editor CLI Configuration Editor Configure the modem AT commands to initialize the USB modem For example m The command SO 2 configures the modem to automatically answer calls on the second ring m The command L2 configures medium speaker volume on the modem You can insert spaces between commands When you configure modem commands in the CLI configuration editor you must follow these conventions m Use the newline character M to indicate the end of a command sequence m Enclose the command string in double quotation marks 1 Next to Modem options click Configure 2 Inthe Init command string box type AT SO 2 L2 5 Click OK From the edit interfaces umdO hierarchy enter set modem options init command string AT SO 2 L2 Nn Resetting USB Modems If the USB modem does not respond you can reset the modem AN CAUTION If you reset the modem when a call is in progress the call is terminated To reset the USB modem 1 Enter operational mode in the CLI 2 To reset the USB modem enter the following command userGhost gt request interface modem reset umdO Verifying the USB Modem Configuration To verify a USB mod
185. b page from which you can download log files Figure 19 Log Files Page Download ERROR Unresolved graphic fileref s020246 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To download files with the J Web interface 1 In the J Web interface select Manage gt Files 2 Inthe Download and Delete Files section click one of the following file types 200 m Managing Files with the J Web Interface Chapter 11 Managing Files Log Files Lists the log files located in the var log directory on the router Temporary Files Lists the temporary files located in the var tmp directory on the router Old JUNOS Software Lists the software images tgz files in the var sw pkg directory on the router m Crash Core Files Lists the core files located in the var crash directory on the router The J Web interface displays the files located in the directory 5 To download an individual file click Download 4 Choose a location for the browser to save the file The file is downloaded Deleting the Backup Software Image J series software keeps a backup image of the software that was previously installed so that you can downgrade to that version of the software if necessary You can use the J Web interface to delete this backup image If you delete this image you cannot downgrade to this particular version of the software To delete the backup software image 1 Inthe J Web int
186. before the router reboots Halting a Services Router with the CLI You can use the request system halt CLI command to halt the Services Router userGhost gt request system halt at time in minutes media type message text gt When the router is halted all software processes stop and you can access the router through the console port only Reboot the router by pressing any key on the keyboard CS NOTE If you cannot connect to the router through the console port shut down the router by pressing and holding the power button on the front panel until the POWER LED turns off After the router has shut down you can power on the router by pressing the power button again The POWER LED lights during startup and remains steadily green when the router is operating normally Table 102 on page 196 describes the request system halt command options Table 102 CLI Request System Halt Command Options Option Description none Same as at now stops software processes on the router immediately 196 1H Rebooting or Halting a Services Router Chapter 10 Performing Software Upgrades and Reboots Table 102 CLI Request System Halt Command Options continued Option Description at time Time at which to stop the software processes on the router You can specify time in one of the following ways m now Stops the software processes immediately This is the default minutes Stops the software proces
187. c Tools m JUNOS System Basics and Services Command Reference m JUNOS Interfaces Command Reference m JUNOS Routing Protocols and Policies Command Reference Configuring Packet Capture JUNOS Services Interfaces Configuration Guide Configuring RPM Probes JUNOS System Basics and Services Command Reference Documentation Feedback We encourage you to provide feedback comments and suggestions so that we can improve the documentation You can send your comments to techpubs comments juniper net or fill out the documentation feedback form at http www juniper net techpubs docbug docbugreport html If you are using e mail be sure to include the following information with your comments Document name Document part number Page number Software release version not required for NetworR Operations Guides NOGs Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center JTAC If you are a customer with an active J Care or JNASC support contract or are covered under warranty and need postsales technical support you can access our tools and resources online or open a case with JTAC JTAC policies For a complete understanding of our JTAC procedures and policies review the JTAC User Guide located at http www juniper net customers support downloads 710059 pdf Product warranties For product warranty information visit http www juniper net support
188. card reader into the host PC and verify that the compact flash is recognized by the operating system 5 Select the appropriate recovery software package according to the size of your compact flash The uncompressed package must have the same size as the target compact flash capacity 128 MB 256 MB 512 MB or 1024 MB The recovery software package name indicates the size of the package For information about recovery software package names see Upgrade and Downgrade Overview on page 179 4 Copy the software package to a temporary directory on the host PC and uncompress it with a compression utility such as WinZip 5 Copy the uncompressed software package from the temporary directory to the compact flash with one of the following commands CAUTION You must use the correct target device name Failure to do so might damage other storage devices connected to the host PC m On a UNIX PC use the command dd if filename ofz dev device name Replace filename with the name of the uncompressed image and device name with the name of the unformatted PCMCIA card device For example root dd if junos jseries 7 0 20041028 0 export cf128 of dev hde 25036840 records in25036840 records out Ona Windows 2000 or Windows XP PC use the Norton Ghost dd or physdiskwrite utility The following example shows the use of physdiskwrite C gt physdiskwrite u junos jseries 7 0 20041028 0 export cf512 physdiskwrite v0 5 by Manuel Kasper Sear
189. cast path from a source to 240 m Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools the Services Router The mtrace monitor command monitors and displays multicast trace operations This section contains the following topics For more information about mtrace commands see the JUNOS System Basics and Services Command Reference m Using the mtrace from source Command on page 241 m Using the mtrace monitor Command on page 245 Using the mtrace from source Command To display information about a multicast path from a source to the Services Router enter the mtrace from source command with the following syntax Table 124 on page 241 describes the mtrace from source command options userGhost gt mtrace from source source host extra hops number group address gt interval seconds max hops number max queries number response host routing instance routing instance name ttl number wait time seconds loop multicast response unicast response gt lt no resolve gt no router alert brief detail Table 124 CLI mtrace from source Command Options Option Description Source host Traces the path to the specified hostname or IP address extra hops number Optional Sets the number of extra hops to trace past nonresponsive routers Specify a value from O through 255 group address Optional Traces the path for the specified group address The de
190. ce fe 1 0 0 0 Request for seq 1 to interface 69 labels 100000 100208 Reply for seq 1 return code Egress ok time 0 439 ms The fields in the display are the same as those displayed by the J Web ping MPLS diagnostic tool For information see Ping MPLS Results and Output on page 222 236 Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Tracing Unicast Routes from the CLI Use the CLI traceroute command to display a list of routers between the Services Router and a specified destination host This command is useful for diagnosing a point of failure in the path from the Services Router to the destination host and addressing network traffic latency and throughput problems The Services Router generates the list of routers by sending a series of ICMP traceroute packets in which the time to live TTL value in the messages sent to each successive router is incremented by 1 The TTL value of the first traceroute packet is set to 1 In this manner each router along the path to the destination host replies with a Time Exceeded packet from which the source IP address can be obtained Alternatively you can use the J Web interface See Tracing Unicast Routes from the J Web Interface on page 225 The traceroute monitor command combines ping and traceroute functionality to display real time monitoring information about each router between the Services Router and a specified destination host This
191. ces Router Basic LAN and WAN Access Configuration Guide State Link state of the interface Up or Down The operational state is the physical state of the interface If the interface is physically operational even if it is not configured the operational state is Up An operational state of Down indicates a problem with the physical interface Activation Priority Activation priority configured on the interface Bearer Bandwidth Limit Kbps Maximum bandwidth available for voice traffic on the interface Telephony Gateway Module Information Media Gateway Controller MGC List IP addresses of the MGCs configured in the MGC list for the TGM550 Slot state Online and offline status of the telephony interface modules TIMS Offline Reason Reason for offline status Busy Out or Out of resources 152 m Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 79 Summary of Key Media Gateway Information Output Fields continued Field Values Additional Information DSP Capacity Number of voice channels in the low capacity DSP Using the Monitoring Tools m 153 J series Services Router Administration Guide 154 1H Using the Monitoring Tools Chapter 8 Monitoring Events and Managing System Log Files J series Services Routers support configuring and monitoring of system log messages also called syslog messages You can configure f
192. ces dhcp conflict command does not display any conflicts For complete descriptions of show system services dhcp binding and show system services dhcp conflict commands and output see the JUNOS System Basics and Services Command Reference Verifying DHCP Server Operation Purpose Action Verify that the DHCP server is operating as configured Take the following actions m Use the ping command to verify that a client responds to ping packets containing the destination IP address assigned by the Services Router m Display the IP configuration on the client For example on a PC running Microsoft Windows enter ipconfig all at the command prompt to display the PC s IP configuration Verifying DHCP Server Operation m 77 J series Services Router Administration Guide userQhost ping 192 168 2 2 PING 192 168 2 2 192 168 2 2 56 data bytes 64 bytes from 192 168 2 2 icmp seq 0 ttl 255 time 8 856 ms 64 bytes from 192 168 2 2 icmp seq 1 ttl 255 time 11 543 ms 64 bytes from 192 168 2 2 icmp seq 2 ttl 255 time 10 315 ms C Documents and Settings user gt ipconfig all Windows 2000 IP Configuration Ethernet adapter Local Area Connection 2 Host Name ni Primary DNS Suffix Node Type IP Routing Enabled WINS Proxy Enabled DNS Suffix Search List Connection specific DNS Suffix Description Physical Address DHCP Enabled ly RE Autoconfiguration Enabled IP Address Subnet Mask Default Gateway
193. chedule The J Web interface requests confirmation to perform the reboot or halt 6 Click OK to confirm the operation m If the reboot is scheduled to occur immediately the router reboots You cannot access the J Web interface until the router has restarted and the boot sequence is complete After the reboot is complete refresh the browser window to display the J Web interface login page m Ifthe reboot is scheduled to occur in the future the Reboot page displays the time until reboot You have the option to cancel the request by clicking Cancel Reboot on the J Web interface Reboot page m Ifthe router is halted all software processes stop and you can access the router through the console port only Reboot the router by pressing any key on the keyboard eS NOTE If you cannot connect to the router through the console port shut down the router by pressing and holding the power button on the front panel until the POWER LED turns off After the router has shut down you can power on the router by pressing the power button again The POWER LED lights during startup and remains steadily green when the router is operating normally Rebooting a Services Router with the CLI You can use the request system reboot CLI command to schedule a reboot of the Services Router user host gt request system reboot at time in minutes media type message text Table 101 on page 195 describes the request system reboot command option
194. ching for physical drives Information for NN NPhysicalDriveO Windows cyl 2432 tpc 255 spt 63 C H S 16383 16 63 Model HITACHI DK23DA 20 Serial number 123ABC Firmware rev 00J2A0GO Information for PhysicalDrivel Windows cyl 125 tpc 255 spt 63 Which disk do you want to write 0 1 1 Recovering Primary Boot Devices m 193 J series Services Router Administration Guide WARNING that disk is larger than 800 MB Make sure you re not accidentally overwriting your primary hard disk Proceeding on your own risk About to overwrite the contents of disk 1 with new data Proceed y n y 511451136 511451136 bytes written in total oe NOTE The copy process can take several minutes After copying the software package to the compact flash you can use it as the internal compact flash in any J series Services Router For installation instructions see the Getting Started Guide for your router Rebooting or Halting a Services Router Reboot or halt a Services Router with either the J Web interface or the CLI This section contains the following topics m Rebooting or Halting a Services Router with the J Web Interface on page 194 m Rebooting a Services Router with the CLI on page 195 m Halting a Services Router with the CLI on page 196 Rebooting or Halting a Services Router with the J Web Interface 194 m You can use the J Web interface to schedule a reboot or halt the Services Router Figure 17 on
195. cified Speed Unspecified Device flags Present Running Interface flags SNMP Traps Link type Full Duplex Verifying Dialer Interface Configuration Chapter 2 Setting Up USB Modems for Remote Management Link flags Keepalives Physical info Unspecified Hold times Up 0 ms Down 0 ms Current address Unspecified Hardware address Unspecified Alternate link address Unspecified Last flapped Never Statistics last cleared Never Traffic statistics Input bytes 13859 0 bps Output bytes 0 0 bps Input packets 317 0 pps Output packets 0 0 pps Input errors Errors 0 Drops 0 Framing errors 0 Runts 0 Giants 0 Policed discards 0 Resource errors 0 Output errors Carrier transitions 0 Errors 0 Drops 0 MTU errors 0 Resource errors 0 Logical interface d10 0 Index 70 SNMP ifIndex 75 Generation 146 Description USB modem remote management Flags Point To Point SNMP Traps 0x4000 LinkAddress 23 0 Encapsulation PPP Dialer State Active Dial pool usb modem dialer pool Dial strings 220 Subordinate interfaces umdO Index 64 Activation delay 0 Deactivation delay 0 Initial route check delay 120 Redial delay 3 Callback wait period 5 Load threshold 0 Load interval 60 Bandwidth 115200 Traffic statistics Input bytes 24839 Output bytes 17792 Input packets 489 Output packets 340 Local statistics Input bytes 10980 Output bytes 17792 Input packets 172 Output pac
196. cifying search criteria oration m OSPFInformation Summary of OSPF neighbors interfaces m lt Show ospt neighbors and statistics m show ospf interfaces m BGP Information Summary of BGP routing and neighbor m show ospf statistics inf ion i perce m BGP information RIP Information Summary of RIP neighbors and statistics a show bgp summary m DLSw Information Summary of DLSw circuits and peers E show bgp neighbor For details see Monitoring Routing Information on page 115 amp RIP information E show rip statistics m show rip neighbors m DLSw information a show dlsw capabilities m show dlsw circuits 8 show dlsw peers a show dlsw reachability Class of Service Displays information about the performance of class of serviceon m Interfaces show class of service CoS a router through the following options interface m Interfaces Displays the physical and logical interfaces inthe Classifiers show class of service system and provides details about the CoS components classifier assigned to these interfaces m CoS value aliases show m Classifiers Displays the forwarding classes and loss priorities class of service code pointaliases that incoming packets are assigned to based on the packet s RED drop profiles show CoS values class of service drop profile m CoS Value Aliases Displays the CoS value aliases that the m Forwarding classes show system is using to represent Differentiated Services code point class
197. cility none statement for each facility you do not want to log For configuration details see the information about disabling logging in the JUNOS System Basics Configuration Guide Monitoring System Log Messages with the J Web Event Viewer You can use the J Web interface to filter and view system log messages on a Services Router To view system log messages click Events in the J Web taskbar To view system log messages with the CLI use the show log command Figure 12 on page 162 shows the Filter and Event Summary sections in the View Events page To monitor system log messages with an Event Viewer perform the following tasks m Filtering System Log Messages on page 162 m Viewing System Log Messages on page 164 Figure 12 View Events Page ERROR Unresolved graphic fileref 5020265 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Filtering System Log Messages You can use filters to display relevant events Table 86 on page 162 describes the different filters their functions and the associated actions You can apply any ora combination of the described filters to view the messages that you want to view Table 86 Filtering System Log Messages Field Function Your Action System Log Specifies the name of a system log file for which you want to To specify events recorded in a particular file File display the recorded events select the system log filename from the list for example
198. ck OR m To cancel your entries and return to the Quick Configuration page click Cancel Go on to one of the following procedures m To display the configuration see Displaying a DHCP Server Configuration on page 75 m To verify DHCP operation see Verifying a DHCP Server Configuration on page 75 Table 37 DHCP Server Quick Configuration Pages Summary Field Function Your Action DHCP Pool Information DHCP Subnet required Specifies the subnet on which DHCP is configured Type an IP address prefix Address Range Low required Specifies the lowest address in the IP address pool range Type an IP address that is part of the subnet specified in DHCP Subnet Address Range High required Specifies the highest address in the IP address pool range Type an IP address that is part of the subnet specified in DHCP Subnet This address must be greater than the address specified in Address Range Low Exclude Addresses Specifies addresses to exclude from the IP address pool Do either of the following m To add an excluded address type the address next to the Add button and click Add m To delete an excluded address select the address in the Exclude Addresses box and click Delete Lease Time Maximum Lease Time Seconds Specifies the maximum length of time a client can hold a lease Dynamic BOOTP lease lengths can exceed this maximum ti
199. ck Configure Configure the RPM owner customerC 1 Inthe Probe box click Add new Enter entry t C 2 Inthe Owner box type customerC per pony customer 5 Click OK 280 1H Configuring RPM with a Configuration Editor Table 142 Configuring TCP and UDP Probes continued Chapter 14 Configuring RPM Probes Task J Web Configuration Editor CLI Configuration Editor Configure the RPM test tcp test for the RPM owner customerC The sample RPM test is a TCP probe with a test interval probe frequency of 5 a probe type of tcp ping and a target address of 192 162 45 6 1 Onthe Rpm page select customerC 2 Inthe Test box click Add new entry 3 Inthe Name box type tcp test 4 In the Test interval box type 5 5 Inthe Probe type box select tcp ping 1 From the edit hierarchy level enter edit services rpm probe customerC 2 Enter et Set test tcp test probe frequency 5 5 Enter Set test tcp test probe type tcp ping 6 Inthe Target box select the Yes 4 Enter check box and click Configure 7 n the Target type box select Set test tcp test target address Address 192 162 45 6 8 Inthe Address box type 192 162 45 6 9 Click OK Configure the destination interface In the Destination interface box type Enter NOTE On Services Routers the destination interface must be an It services interface It0 0 0 Set test tcp test destination interface It 0 0
200. ck OK Controlling Access to MIBs Optional By default an SNMP community is granted access to all MIBs To control the MIBs to which a particular community has access configure SNMP views that include the MIBs you want to explicitly grant or deny access to To configure SNMP views 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 To configure SNMP views perform the configuration tasks described in Table 55 on page 58 5 If you are finished configuring the network commit the configuration 4 Tocheckthe configuration see Verifying the SNMP Configuration on page 58 Configuring SNMP with a Configuration Editor m 57 J series Services Router Administration Guide Table 35 Configuring SNMP Views Task J Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the configuration hierarchy 1 Inthe J Web interface select Configuration gt View and Edit Edit Configuration 2 ext to Snmp click Configure or Edit From the edit hierarchy level enter edit snmp Create a view 1 ext to View click Add new entry 2 Inthe Name box type the name of the view as a free form text string Create a view set view view name Configure the view to include a MIB for example pingMIB 1 ext to Oid click Add new entry 2 In the Name box type the OID of the pingMIB in either dotted int
201. clear the check box Egress Standard Deviation Exceeded Generates SNMP traps when the threshold for standard deviation in outbound times is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Egress Time Exceeded Generates SNMP traps when the threshold for maximum outbound time is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Ingress Jitter Exceeded Generates SNMP traps when the threshold for jitter in inbound time is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Ingress Standard Deviation Exceeded Generates SNMP traps when the threshold for standard deviation in inbound times is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Ingress Time Exceeded Generates traps when the threshold for maximum inbound time is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Jitter Exceeded Generates traps when the threshold for jitter in round trip time is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Probe Failure Generates traps when the
202. click Enter RPM probes to BGP neighbors within the Add new entry routing instance set routing instances RI1 2 Inthe Routing instance name box ype RI1 5 Click OK Verifying an RPM Configuration To verify an RPM configuration perform these tasks m Verifying RPM Services on page 286 m Verifying RPM Statistics on page 286 m Verifying RPM Probe Servers on page 288 Verifying an RPM Configuration MN 285 J series Services Router Administration Guide Verifying RPM Services Purpose Action Meaning Verify that the RPM configuration is within the expected values From configuration mode in the CLI enter the show services rpm command user host show services rpm probe test test customerA probe type icmp ping target address 192 178 16 5 probe count 15 probe interval 1 hardware timestamp H test customerB probe type icmp ping timestamp target address 192 178 16 5 probe count 15 probe interval 1 hardware timestamp test customerC probe type udp ping target address 192 178 16 5 probe count 15 probe interval 1 destination port 50000 hardware timestamp The output shows the values that are configured for RPM on the Services Router Verifying RPM Statistics 286 m Purpose Action Verify that the RPM probes are functioning and that the RPM statistics are within expected values From the J Web interface select Monitor RPM From the CLI enter the show services
203. col SNMP traps Timely diagnosis and intervention can correct error conditions and keep the routing platform in operation Event policies allow you to automatically initiate self diagnostic Running Self Diagnostics with Event Policies Chapter 6 Automating Network Operations and Troubleshooting actions when specific events occur These actions can either help you diagnose a fault or take corrective action This section contains the following topics m Event Policy Overview on page 95 m Configuring Event Policies on page 95 Event Policy Overview In response to events event policies can execute the following actions m Ignore the event Do not generate a system log message for this event and do not process any further policy instructions for this event m Raise a trap Initiate an SNMP trap to notify SNMP trap based applications when the event occurs m Upload a file Upload a file to a specified destination You can specify a transfer delay so that on receipt of an event the upload process begins after the configured transfer delay For example a transfer delay can ensure that a core file has been completely generated before being uploaded m Execute CLI operational mode commands Execute commands when an event occurs The output of these commands is stored in a file which is then uploaded to a specified URL m Execute operation scripts Execute operation scripts when an event occurs The output of the operation sc
204. computer You can also encrypt the configuration files with the CLI configuration editor to prevent unauthorized users from viewing sensitive configuration information This chapter contains the following topics For more information about system management see the JUNOS System Basics Configuration Guide m Before You Begin on page 199 m Managing Files with the J Web Interface on page 199 m Deleting the Backup Software Image on page 201 m Cleaning Up Files with the CLI on page 201 m Managing Accounting Files on page 202 m Encrypting and Decrypting Configuration Files on page 205 Before you perform any file management tasks you must perform the initial Services Router configuration described in the Getting Started Guide for your router Managing Files with the J Web Interface Cleaning Up Files This section contains the following topics m Cleaning Up Files on page 199 Downloading Files on page 200 You can use the J Web interface to rotate log files and delete unnecessary files on the Services Router If you are running low on storage space the file cleanup procedure quickly identifies files that can be deleted The file cleanup procedure performs the following tasks Before You Begin m 199 J series Services Router Administration Guide Downloading Files m Rotates log files AIl information in the current log files is archived old archives are deleted and fresh log files are created Deletes log files in var
205. cs interface name command m The modem initialization command string has a nonzero value for the SO n modem command A nonzero value is required to configure the modem to automatically answer calls For example the command SO 2 configures the modem to automatically answer calls on the second ring For more information see Modifying USB Modem Initialization Commands on page 41 m The modem initialization status is Ok If the initialization status is shown as Error or Not Initialized do the following 1 Verify that the modem initialization commands are valid If the modem initialization sequence includes invalid commands correct them as described in Modifying USB Modem Initialization Commands on page 41 2 Ifthe modem initialization commands are valid reset the modem For more information see Resetting USB Modems on page 42 Determine the following information m The call status m The duration of the call For a complete description of show interfaces extensive output see the JUNOS Interfaces Command Reference Verifying Dialer Interface Configuration 44 m Purpose Action Verify that the dialer interface is correctly configured From the CLI enter the show interfaces extensive command user host gt show interfaces d10 extensive Physical interface dl0 Enabled Physical link is Up Interface index 128 SNMP ifIndex 24 Generation 129 Type 27 Link level type PPP MTU 1504 Clocking Unspe
206. d userQ host ping mpls rsvp count 5 1XXX lsping statistics 5 packets transmitted 2 packets received 60 packet loss 3 packets received with error status not counted as received Using CLI Diagnostic Commands m 233 J series Services Router Administration Guide The fields in the display are the same as those displayed by the J Web ping MPLS diagnostic tool For information see Ping MPLS Results and Output on page 222 Pinging Layer 3 VPNs Enter the ping mpls I3vpn command with the following syntax Table 118 on page 254 describes the ping mpls I3vpn command options userGhost gt ping mpls 13vpn prefix prefix name 13vpn name bottom label ttl exp forwarding class count number source source address detail To quit the ping mpls I3vpn command press Ctrl C Alternatively you can use the J Web interface See Checking MPLS Connections from the J Web Interface on page 219 Table 118 CLI ping mpls I3vpn Command Options Option Description I3vpn prefix prefix name Pings the remote host specified by the prefix to verify that the prefix is present in the PE router s VPN routing and forwarding VRF table This option does not test the connectivity between a PE router and a CE router I3vpn name Optional Layer 5 VPN name bottom label ttl Optional Displays the time to live TTL value for the bottom label in the MPLS label stack exp forwarding class
207. d 256 MB of RAM see the special instructions in the J series Services Router Release Notes 2 Download the software package as described in Downloading Software Upgrades from Juniper Networks on page 181 5 If you are installing the software package from a local directory on the router copy the JUNOS software package to the router We recommend that you copy it to the var tmp directory 4 Install the new package on the Services Router entering the following command in operational mode in the CLI user host gt request system software add unlink no copy source Replace source with one of the following paths m Fora software package that is installed from a local directory on the router use pathname package name for example var tmp junos j series8 5R2 1 tar gz m For software packages that are downloaded and installed from a remote location use one of the following paths m ftp hostname pathname package name or m http hostname pathname package name By default the request system software add command uses the validate option to validate the software package against the current configuration as a prerequisite to adding the software package This validation ensures that the router can reboot successfully after the software package is installed This is the default behavior when you are adding a software package The unlink option removes the package at the earliest opportunity so that the router has enough room
208. d MIB Simioni de ite lettere 48 USB universal serial bus COTIfIgUritig 5o pe Fe reta edad 189 configuring for failure snapshot storage 190 USB modem connections AGING AN Interface eee iere s 55 CHAP on dialer interfaces configuration ECILOD rU 57 configuring dial up modem at user end 59 configuring router end IS connecting dial up modem at user end 40 connecting router end EU connecting to user end 99 dial in configuration editor 56 dialer interface See dialer interface USB modem interface naming conventions eee 50 OVELVIEW a inaano ty ent reri pire Pe epa eh 52 TE QUIFETNENUS a i Aee te eb ep e CH ENSE 55 USB modem interface types 50 verifying dialer interfac s sete tet 44 verifying USB modem interfaces 45 USB modem interfaces CHAP on dialer interfaces configuration Editor ispa e MERERETUR E 37 dial in configuration editor 56 dialer interface See dialer interface USB modem iriterface types cu onere ete Dt Rete Pes 50 verifying USB modem interfaces 45 USB modems ACIMUIMISCETIN Gsiadonie bases eec ac n t e weceteran e de a 40 AT commands etes etae epe nens 51 AT commands Modifying 41 configuration overview eae connecting at router end 129 connecting at user end 2199 default modem initialization commands 3 default modem initialization commands Modify E pel ou reete donde ite ttt e irte eodd 41 ini
209. d Options continued Option Description partition Partitions the medium This option is usually necessary for boot devices that do not have software already installed on them root size size Specifies the size of the root partition in megabytes The default value is the boot device s physical memory minus the config data and swap partitions The root partition is mounted on and does not include configuration files This option also partitions the boot medium swap size size Specifies the size of the swap partition in megabytes The default value is one third of the physical memory on a boot medium larger than 128 MB or 0 MB on a smaller boot device The swap partition is used for swap files and software failure memory snapshots Software failure memory snapshots are saved to the boot medium only if it is specified as the dump device For information about the setting the dump device see Configuring a Boot Device to Receive Software Failure Memory Snapshots on page 190 NOTE This option also partitions the boot medium Configuring a Boot Device to Receive Software Failure Memory Snapshots You can use the set system dump device CLI command to specify the medium to use for the Services Router to store system software failure memory snapshots In this way when the operating system fails if you have specified a system dump device in the configuration the operating system preserves a snapshot of the st
210. d alarm triggered by a physical condition on the router such as a power supply failure excessive component temperature or media failure Alarm Term m 165 J series Services Router Administration Guide Table 88 Alarm Terms continued Term Definition interface alarm Alarm triggered by the state of a physical link on a fixed or installed Physical Interface Module PIM such as a link failure or a missing signal Interface alarms are triggered by conditions on a T1 DS1 Fast Ethernet serial or T5 DS5 physical interface or by conditions on the sp 0 0 0 adaptive services interface for stateful firewall filter Network Address Translation NAT intrusion detection service IDS or IP Security IPSec services To enable an interface alarm you must explicitly set an alarm condition system alarm Predefined alarm triggered by a missing rescue configuration or failure to install a license for a licensed software feature Alarm Overview Services Router alarms warn you about conditions that can prevent the router from operating normally When an alarm condition triggers an alarm the Services Router lights the yellow amber ALARM LED on the front panel When the condition is corrected the light turns off NOTE The ALARM LED on the Services Router lights yellow whether the alarm condition is major red or minor yellow Alarm Types 166 m Alarm Overview This section contains the fol
211. d output Ping LDP signaled LSP FEC Prefix Identifies the LSP to ping Type the forwarding equivalence class FEC prefix and length of the LSP to ping Source Address Specifies the source address of the ping request packet Type the source IP address a valid address configured on a Services Router interface Count Specifies the number of ping requests to send From the list select the number of ping requests to send The default is 5 requests Detailed Output Requests the display of extensive rather than brief ping output Select the check box to display detailed output Ping LSP to Layer 3 VPN prefix Layer 5 VPN Identifies the Layer 5 VPN to ping Type the name of the VPN to ping Name Count Specifies the number of ping requests to send From the list select the number of ping requests to send The default is 5 requests Detailed Output Requests the display of extensive rather than brief ping output Select the check box to display detailed output VPN Prefix Identifies the IP address prefix and length of the Layer 5 VPN to ping Type the IP address prefix and length of the VPN to ping Source Address Specifies the source address of the ping request packet Type the source IP address a valid address configured on a Services Router interface Locate LSP using interface name Interface Specifies the interface on which the ping requests are sent
212. d prompt Thaws the display resuming the update of the statistics and delta counters Table 128 CLI monitor interface traffic Output Control Keys Key Action Displays the statistics in units of bytes and bytes per second bps Clears returns to 0 the delta counters in the Delta column The statistics counters are not cleared Using CLI Diagnostic Commands m 245 J series Services Router Administration Guide Table 128 CLI monitor interface traffic Output Control Keys continued Key Action d Displays the Delta column instead of the rate column in bps or packets per second pps p Displays the statistics in units of packets and packets per second pps q or ESC Quits the command and returns to the command prompt r Displays the rate column in bps and pps instead of the Delta column Following are sample displays from the monitor interface command user host gt monitor interface fe 0 0 0 hosti Seconds 11 Time 16 47 49 Delay 0 0 0 Interface fe 0 0 0 Enabled Link is Up Encapsulation Ethernet Speed 100mbps Traffic statistics Current delta Input bytes 381588589 11583 Output bytes 9707279 6542 Input packets 4064553 145 Output packets 66683 25 Error statistics Input errors 0 0 Input drops 0 0 Input framing errors 0 0 Carrier transitions 0 0 Output errors 0 0 Output drops 0 0 C NOTE The output fields displayed when you
213. de commands xvi W Howto Use This Guide About This Guide To monitor diagnose and manage a router use the J Web interface or CLI operational mode commands Document Conventions Table 2 on page xvii defines the notice icons used in this guide Table 2 Notice Icons Icon Meaning Description og Informational note Indicates important features or instructions A Caution Indicates a situation that might result in loss of data or hardware damage A Warning Alerts you to the risk of personal injury or death EN Laser warning Alerts you to the risk of personal injury from a laser Table 5 on page xvii defines the text and syntax conventions used in this guide Table 3 Text and Syntax Conventions Convention Description Examples Bold text like this Represents text that you type To enter configuration mode type the configure command user host gt configure Fixed width text like this Represents output that appears on the user host gt show chassis alarms terminal screen No alarms currently active Italic text like this m Introduces important new terms m A policy term is a named structure Identifies book names that defines match conditions and xs actions Identifies RFC and Internet draft i titles m JUNOS System Basics Configuration Guide m RFC 1997 BGP Communities Attribute Italic text like this Represents variables options for which Configure the machine s domain name you subs
214. dicate packet loss through the network Packet losses can occur if the remote server is flapping If the RPM probe type is TCP or UDP complete probe loss might indicate a mismatch in TCP or UDP RPM port number m For Type each peer is configured as the correct type either internal or external For a complete description of show services rpm probe results output see the JUNOS System Basics and Services Command Reference Verifying RPM Statistics m 287 J series Services Router Administration Guide Verifying RPM Probe Servers 288 m Purpose Action Meaning Related Topics Verify that the Services Router is configured to receive and transmit TCP and UDP RPM probes on the correct ports From the CLI enter the show services rpm active servers command userQhost show services rpm active servers Protocol TCP Port 50000 Protocol UDP Port 50037 The output shows a list of the protocols and corresponding ports for which the Services Router is configured as an RPM server For a complete description of show services rpm active servers output see the JUNOS System Basics and Services Command Reference Verifying RPM Probe Servers Part 5 Index m Index on page 291 Index m 289 J series Services Router Administration Guide 290 m index Index Symbols comments in configuration statements xviii in syntax descriptions xviii gz jc file extension See file encryption cflva
215. discover its own IP address the IP address of a server host and the name of a bootstrap file DHCP servers can handle requests from BOOTP clients but provide additional capabilities beyond BOOTP such as the automatic allocation of reusable IP addresses and additional configuration options NOTE You cannot configure the Services Router as both a DHCP server and a BOOTP relay agent DHCP Overview DHCP provides two primary functions Allocate temporary or permanent IP addresses to clients DHCP Options Chapter 4 Configuring the Router as a DHCP Server m Store manage and provide client configuration parameters As a DHCP server a Services Router can provide temporary IP addresses from an IP address pool to all clients on a specified subnet a process known as dynamic binding Services Routers can also perform static binding assigning permanent IP addresses to specific clients based on their media access control MAC addresses Static bindings take precedence over dynamic bindings In addition to its primary DHCP functions you can also configure the Services Router to send configuration settings like the following to clients through DHCP m IP address of the DHCP server Services Router m List of Domain Name System DNS and NetBIOS servers m List of gateway routers m IP address of the boot server and the filename of the boot file to use m DHCP options defined in RFC 2132 DHCP Options and BOOTP Vendor Extensions
216. e Customer s right to use the Software expires 50 days after download installation or use of the Software Customer may operate the Software after the 50 day trial period only if Customer pays for a license to do so Customer may not extend or create an additional trial period by re installing the Software after the 50 day trial period e The Global Enterprise Edition of the Steel Belted Radius software may be used by Customer only to manage access to Customer s enterprise network Specifically service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel Belted Radius software to support any commercial network access services The foregoing license is not transferable or assignable by Customer No license is granted herein to any user who did not originally purchase the applicable license s for the Software from Juniper or an authorized Juniper reseller 4 Use Prohibitions Notwithstanding the foregoing the license provided herein does not permit the Customer to and Customer agrees not to and shall not a modify unbundle reverse engineer or create derivative works based on the Software b make unauthorized copies of the Software except as necessary for backup purposes c rent sell transfer or grant any rights in and to any copy of the Software in any form to any third party d remove any proprietary notices labels or marks on or in any copy of the Software or any product in which the Sof
217. e processes The management process starts the command line interface CLI which is the primary tool used to control and monitor the JUNOS software It also starts all the software processes and the CLI when the router starts up If a software process terminates the management process attempts to restart it For more information about processes see the JUNOS Software Installation and Upgrade Guide process ID Identifier uniquely identifying a process The process ID is displayed in a system log message along with the name of the process that generates the event regular expressions Set of key combinations that allow you to have control over what you are searching You can use regular expressions to filter system log messages by specifying a text string that must or must not appear in a message for the message to be logged For more information see Regular Expressions on page 158 severity level Measure of how seriously a triggering event affects Services Router functions For a list of severity levels that you can specify see Table 82 on page 158 System Log Messages Overview The JUNOS software generates system log messages to record events that occur on the Services Router including the following m Routine operations such as creation of an Open Shortest Path First OSPF protocol adjacency or a user login into the configuration database m Failure and error conditions such as failure to access a configuration f
218. e 112 Traceroute Field Summary continued Field Function Your Action Resolve AS Determines whether the autonomous system AS m To display the AS numbers select the check Numbers number of each intermediate hop between the box router and the destination host is displayed m To suppress the display of the AS numbers clear the check box Traceroute Results and Output Summary Table 115 on page 225 summarizes the output in the traceroute display If the Services Router receives no responses from the destination host review the list after Table 115 on page 225 for a possible explanation Table 113 J Web Traceroute Results and Output Summary Field Description hop number Number of the hop router along the path host Hostname if available or IP address of the router If the Don t Resolve Addresses check box is selected the hostname is not displayed ip address IP address of the router as number AS number of the router time1 Round trip time between the sending of the first traceroute packet and the receiving of the corresponding Time Exceeded packet from that particular router time2 Round trip time between the sending of the second traceroute packet and the receiving of the corresponding Time Exceeded packet from that particular router time3 Round trip time between the sending of the third traceroute packet and the receiving of the corresponding Time Exceeded packet from that particular route
219. e 262 m Verifying Packet Capture on page 263 Packet Capture Terms Before configuring packet capture on a Services Router become familiar with the terms defined in Table 133 on page 254 Packet Capture Terms WM 253 J series Services Router Administration Guide Table 133 Packet Capture Terms Term Definition interface sampling Packet sampling method used by packet capture in which entire IPv4 packets flowing in the input or output direction or both directions are captured for analysis libpcap An implementation of the pcap application programming interface libpcap may be used by a program to capture packets traveling over a network packet capture 1 Packet sampling method available only on J series routers in which entire IPv4 packets flowing through a router are captured for analysis Packets are captured in the Routing Engine and stored as libpcap formatted files in the var tmp directory on the router Packet capture files can be opened and analyzed offline with packet analyzers such as tcpdump or Ethereal To avoid performance degradation on the router implement packet capture with firewall filters that capture only selected packets See also traffic sampling 2 Packet sampling method available from the J Web interface for capturing the headers of packets destined for or originating from the Routing Engine See Capturing and Viewing Packets with the J Web Interface on page 226 packet
220. e Gateway Gateway address of the remote system ESP Encrypted Bytes o al number of bytes encrypted by the local system across the IPSec tunnel ESP Decrypted Bytes otal number of bytes decrypted by the local system across the IPSec tunnel AH Input Bytes otal number of bytes received by the local system across the IPSec tunnel AH Output Bytes otal number of bytes transmitted by the local system across the IPSec tunnel IKE Security Remote Address Responder s address State State of the IKE security association m Matured IKE security association is established m Not matured IKE security association is in the process of negotiation Initiator Cookie Random number sent to the remote node when the IKE negotiation is triggered This number is generated by means of an algorithm and information shared during the IKE negotiation Cookies provide a basic form of authenticity protection to help prevent denial of service DoS attacks Responder Cookie Random number generated by the remote node when it receives the initiator cookie The remote node sends the cookie back to the IKE initiator as verification that the negotiation packets were received Using the Monitoring Tools m 141 J series Services Router Administration Guide Table 74 Summary of Key IPSec Output Fields continued Field Values Exchange Type Type of IKE exchange The IKE exchange typ
221. e J series Services Router Basic LAN and WAN Access Configuration Guide m If you do not already have an understanding of the packet capture feature see Packet Capture Overview on page 254 Configuring Packet Capture with a Configuration Editor To configure packet capture on a Services Router you must perform the following tasks marked Required m Enabling Packet Capture Required on page 257 m Configuring Packet Capture on an Interface Required on page 259 m Configuring a Firewall Filter for Packet Capture Optional on page 259 m Disabling Packet Capture on page 261 m Deleting Packet Capture Files on page 261 Enabling Packet Capture Required To enable packet capture on the router 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 154 on page 258 5 Goonto Configuring Packet Capture on an Interface Required on page 259 Before You Begin M 257 J series Services Router Administration Guide Table 134 Enabling Packet Capture Task J Web Configuration Editor CLI Configuration Editor Navigate to the Forwarding options level in the configuration hierarchy In the J Web interface select Configuration View and Edit Edit Configuration Next to Forwarding options click Configure or Edit Nex Edit o Scripts click Configure or Nex Edit o Commits click Configure or
222. e attached modem Modem setup requires that you connect and configure the USB modem at the router and the modem at the user end of the network m USB Modem Interfaces on page 30 m How a Services Router Initializes USB Modems on page 51 m USB Modem Connection and Configuration Overview on page 32 USB Modem Interfaces You configure two types of interfaces for USB modem connectivity a physical interface and a logical interface called the dialer interface wm The USB modem physical interface uses the naming convention umdO The Services Router creates this interface when a USB modem is connected to the USB port m The dialer interface din is a logical interface for configuring dialing properties for USB modem connections See the interface naming conventions in the J series Services Router Basic LAN and WAN Access Configuration Guide The following rules apply when you configure dialer interfaces for USB modem connections 30 HN USB Modem Overview Chapter 2 Setting Up USB Modems for Remote Management m The dialer interface must be configured to use PPP encapsulation You cannot configure Cisco High Level Data Link Control HDLC or Multilink PPP MLPPP encapsulation on dialer interfaces m The dialer interface cannot be configured as a constituent link in a multilink bundle m Ifyou are using the same dialer interface for ISDN connections and USB modem connections the dialer interface cannot be configured simultaneou
223. e determines the number of messages in the exchange and the payload types contained in each message Each exchange type provides a particular set of security services such as anonymity of the participants perfect forward secrecy of the keying material and authentication of the participants J series Services Routers support the following types of IKE exchanges m Main IKE exchange is done with six messages The Main exchange type encrypts the payload protecting the identity of the neighbor m Aggressive IKE exchange is done with three messages The Aggressive exchange type does not encrypt the payload leaving the identity of the neighbor unprotected Role Role of the router in the IKE exchange Initiator or Responder Authentication Method Method used for IKE authentication The type of authentication determines which payloads are exchanged and when they are exchanged J series Services Routers support only the pre shared keys authentication type Local Address Prefix and port number of the local tunnel endpoint Remote Address Prefix and port number of the remote tunnel endpoint Lifetime Number of seconds remaining until the IKE security association expires Algorithm Authentication Type of authentication algorithm used for the security association md5 or sha1 Algorithm Encryption Type of encryption algorithm used for the security association des cbc 3des cbc or None Algori
224. e module status Filtering Command Output For operational commands that display output such as the show commands you can redirect the output into a filter or a file When you display help about these commands one of the options listed is called a pipe which allows you to filter the command output For example if you enter the show configuration command the complete Services Router configuration is displayed on the screen To limit the display to only those m 105 Monitoring Overview J series Services Router Administration Guide lines of the configuration that contain address issue the show configuration command using a pipe into the match filter user host gt show configuration match address address range low 192 168 3 2 high 192 168 3 254 address range low 192 168 71 71 high 192 168 71 254 address 192 168 71 70 21 address 192 168 2 1 24 address 127 0 0 1 32 For a complete list of the filters type a command followed by the pipe followed by a question mark user host gt show configuration Possible completions compare Compare configuration changes with prior version count Count occurrences display Show additional kinds of information except Show only text that does not match a pattern find Search for first occurrence of pattern hold Hold text without exiting the More prompt last Display end of output only match Show only text that matches a pattern no more Don t paginate outpu
225. e nenei i to etre edes 246 MONINE COS de anna pend 123 monitoring PPPOE su crt E i 148 monitoring RSVP 300 m index packet capture configuring On 259 packet capture disabling before changing encaps lation s eicere Rte packet capture supported on services alarm conditions and configuration ODLtIOIIS audes cud fee Reha aig caspian Mes cams leis 169 Statistic Senasa than e t tette Pc dte 245 network managemierit 2 etm taedet ens 47 automating with operation scripts sssss 92 diagnosis and problem solving with scripts 92 See also SNMP network management system NMS 49 network performance See RPM network conf file default for autoinstallation 84 85 next hop displaying ssssssss 117 NMS network management system 49 no world readable statement 161 Norton Ghost utility for compact flash recovery 192 NOHCE ICONS Sikes ase dre eR Pete prr er epe aes xvii notice logging severity 158 notifications See event policies system log messages SNMP traps o object identifiers OIDS m soroen a aa ea 48 OIDs Object identifiers e e ee o peus 48 OD COnmiandc i e AU e das eer ases 95 Open Shortest Path First See OSPF operation scripts lIvarldb scripts op directory 95 disablifg a e ne roro e pe EE Eod es 94 ertablittgz ou ies inte t RR ESRA 95 executing from the LI 6 eri e eerta 95 executing within an event policy 94 OVEIVICW
226. e on which the ping requests From the list select the interface on which ping are sent requests are sent If you select any the ping requests are sent on all interfaces Count Specifies the number of ping requests to send From the list select the number of ping requests to send Don t Fragment Specifies the Don t Fragment DF bit in the IP header of the ping request packet To set the DF bit select the check box To clear the DF bit clear the check box Record Route Sets the record route option in the IP header of the ping request packet The path of the ping request packet is recorded within the packet and displayed in the main pane m Torecord and display the path of the packet select the check box m To suppress the recording and display of the path of the packet clear the check box Type of Service Specifies the type of service TOS value in the IP header of the ping request packet From the list select the decimal value of the TOS field Routing Instance Name of the routing instance for the ping attempt From the list select the routing instance name Interval Specifies the interval in seconds between the From the list select the interval transmission of each ping request Packet Size Specifies the size of the ping request packet Type the size in bytes of the packet The size can be from 0 through 65468 The router adds 8 bytes of ICMP header to the size Source
227. e receiver Both the probe server Services Router and the remote server must be Juniper Networks routers configured to receive and transmit RPM probes on the same TCP or UDP port Type the number 7 a standard TCP or UDP port number or a port number from 49152 through 65555 DSCP Bits Specifies the Differentiated Services code point DSCP bits This value must be a valid 6 bit pattern The default is 000000 For information about DSCPs and their use within class of service CoS features see the J series Services Router Advanced WAN Access Configuration Guide Type a valid 6 bit pattern Data Size Specifies the size of the data portion of the ICMP probes Type a size in bytes between 0 and 65507 Data Fill Specifies the contents of the data portion of the ICMP probes Type a hexadecimal value between 1 and 800h to use as the contents of the ICMP probe data Configuring RPM with Quick Configuration m 273 J series Services Router Administration Guide Table 140 RPM Quick Configuration Summary continued Field Function Your Action Hardware Enables timestamping of RPM probe messages On To enable timestamping select the check box Timestamp J series Services Routers you can timestamp the following RPM probes to improve the measurement of latency or jitter ICMP ping ICMP ping timestamp UDP ping destination port UDP ECHO port 7 only m UDP ping timestamp destination p
228. eb interface or enter the following CLI command show class of service forwarding class Table 61 on page 128 summarizes key output fields for CoS forwarding classes Using the Monitoring Tools m 127 J series Services Router Administration Guide Table 61 Summary of Key CoS Forwarding Class Output Fields Field Values Additional Information Forwarding Class Names of forwarding classes assigned to queue numbers By default the following forwarding classes are assigned to queues 0 through 5 m besteffort Provides no special CoS handling of packets Loss priority is typically not carried in a CoS value and RED drop profiles are more aggressive m expedited forwarding Provides low loss low delay low jitter assured bandwidth and end to end service m assuredforwarding Provides high assurance for packets within specified service profile Excess packets are dropped m networkcontrol Packets can be delayed but not dropped Queue Queue number corresponding to the forwarding class name By default four queues 0 through 5 are assigned to forwarding classes Monitoring CoS Rewrite Rules To display information about CoS value rewrite rules which are based on the forwarding class and loss priority select Monitor Class of Service Rewrite Rules in the J Web interface or enter the following CLI command show class of service rewrite rules Table 62 on page 128 summar
229. ecking ertet 219 PSPS setutes Stet ie oil e E A Dist tte een 152 monitoring iNterfaCES nsi oiiaii trii 131 monitoring LSP information 151 monitoring LSP statistics 152 155 monitoring MPLS interfaces 151 monitoring RSVP interfaces 154 monitoring RSVP Sessions 155 154 monitoring traffic engineering 130 mtrace monitor COMMANGAL cece eect eees 243 MTU maximum transmission unit displaying 115 multicast trace operations displaying 245 tracing patlis iecit ritenere d eee e 241 MultiModem recommended for USB modem CONNECTIONS 25 eet oce Eie t Eat e 29 multiple routers deploying See autoinstallation multiple routers using snapshots to replicate configurations oM DE 189 J Web isses ettet nete tot 188 Multiprotocol Label Switching See MPLS N name of network interfaces displaying 114 NAT Network Address Translation displaying podlS man etre 145 monitoring pools 142 neighbors BGP See BGP neighbors BGP RPM probes network interfaces active alart s i edente ttl reis 115 administrative states sss 114 alarm conditions and configuration options 168 configuration displaying ees 114 configuring alatis One aont tret etes 172 integrated services alarm conditions and configuration options 168 MONILO E oeste tee qu ee ete 115 245 monitoring MPLS traffic engineering 151 rriori toring traffic onr
230. ectivity See the Getting Started Guide for your router Configure network interfaces See the J series Services Router Basic LAN and WAN Access Configuration Guide Configuring Alarms with a Configuration Editor 172 nm Before You Begin To configure interface alarms on a Services Router you must select the network interface on which to apply an alarm and the condition you to trigger the alarm For a list of conditions see Interface Alarm Conditions on page 167 To configure interface alarms 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 92 on page 173 If you are finished configuring the network commit the configuration To verify the alarms configuration see Displaying Alarm Configurations on page 175 To check the status of active alarms see Checking Active Alarms on page 174 Table 92 Configuring Interface Alarms Chapter 9 Configuring and Monitoring Alarms Task J Web Configuration Editor CLI Configuration Editor Navigate to the Alarm level in the configuration hierarchy 1 Inthe J Web interface select Configuration View and Edit Edit Configuration 2 ext to Chassis click Configure or Edit 5 ext to Alarm click Configure or Edit From the edit hierarchy level enter edit chassis alarm Configure the system to generate a red interface alarm when
231. edes sample 8rapliSs oque ARAR U StatistlCS incite tr Re TRA TRU E ER RON saute Statistics VerIIVIRIg ui eee ees TCP probes configuration editor See also TCP RPM probes tests VIGWITIg stein dete Coo sutor tae threshold values da ieii oiii dea ivinda tuming PrODES piile eN E EE UDP probes configuration editor See also UDP RPM probes verifying probe Servers RPM page Sensu eren teet sederet e Meet cea field SUI marty aie a ar E corre RPM probe timestamps OVERVIEW 5 testes pe a DE ver d eoe re setting configuration editor RPM probes basic configuration editor BGP neighbors See BGP RPM probes curulative Tibter e tec reete ra te CUIPFEN EMESIS ette t a a tet DSCP bits Quick Configuration ssss graph esults erret dt pte tete te ICMP configuration editor inbound times s oett eec p t e eb jitter tFiresholds 2t tates HR esters d rend Inonitormng zi ueteri topi med ete Outbound times dedu dee data ge probe count setting Quick Configuration probe count tuning nee cetero probDe cotlts c veo ore RD Reset teehee probe iriterVals 4 i tem ote lad s probe intervals setting Quick Configuration isst sederet teinte probe intervals tuning probe loss Counti nesen tah Probe OWNER Acie aN anA age probe type setting Quick Configuration probe TYPES a oai eet Ie e dne 268 round trip time threshold
232. ee hat 115 disconnection of console cable for console logout 24 dl rs tt oen ex tbe eme ots SL et o as 50 DLSw data link switching CIP GUIS DE sibs AE Mant EE ent E Shee comments 122 initial pacing window 122 MONON E otare oe 2a peer information be cote d Matec eS 122 peer IP dddtess ote teet ots 121 protocol VersiOD ee telo etie dun 122 reachability i eee eee eres 125 SoftWare VEUSION i5 te Pet pto Rt ERE aA 122 Vendor Danet g ee date prd Aven tases 121 Index DLSw routing information eee teers 121 DNS Domain Name System server address displayirig s see iere iet tete eo I IET 108 documentation set COTirents oris son eerte te b esti xxi Domain Name System address displaying 108 downgrading Software With P WED aid ot erbe rates 185 SOltware with the CLI v2 0 ete ea eset ets 185 download URL 455 erdt EUR eor in 181 downloading configuration with autoinstallation 84 crash files WED mics ob pl da ee d oes 200 logfiles J Web tet e pite 200 software images J Web ssssssssssee 200 software upgrades e ctee tine ore retten 181 temporary files JAWED raei ind aauina aas 200 DRAM for PIM in FPC summary 115 drop probabilities 05 c eed Dr ens 126 drop profiles CoS eriin t rtr edo edoedtt eis 126 dropped paCcKets iru denn pni 115 DS1 ports See T1 ports DS3 ports See E3 ports T3 ports DSCPs DiffServ code points bi
233. eger or subtree name format 3 Inthe View action box select include from the list and click OK Set the pingMIB OID value and mark it for inclusion set view view name oid 1 3 6 1 2 1 80 include Configure the view to exclude a MIB for example jnxPingMIB 1 Next to Oid click Add new entry 2 Inthe Name box type the OID of the jnxPingMIB in either dotted integer or subtree name format 5 Inthe View action box select exclude from the list and click OK twice Set the jnxPingMIB OID value and mark it for exclusion set view view name oid jnxPingMIB exclude Associate the view with a community 1 Onthe Snmp page under Community click the name of the community to which you want to apply the view 2 Inthe View box type the view name 5 Click OK Set the community view set community community name view view name Verifying the SNMP Configuration To verify the SNMP configuration perform the following verification task Verifying SNMP Agent Configuration Purpose transmitted Action user host gt show snmp statistics SNMP statistics 58 m Input Verify that SNMP is running and that requests and traps are being properly From the CLI enter the show snmp statistics command Packets 246213 Bad versions 12 Bad community names 12 Bad community uses 0 ASN parse errors 96 Too bigs 0 No such names 0 Bad values 0 Read onlys 0 General errors 0
234. egular Expressions on page 158 Process Specifies the name of the process generating the events you To specify events generated by a process type want to display the name of the process To view all the processes running on your system enter the For example type mgd to list all messages CLI command show system processes generated by the management process For more information about processes see the JUNOS Software Installation and Upgrade Guide Start Time Specifies the time period in which the events you want To specify the time period displayed are generated D 8 m Click the box next to Start Time and End Time Displays a calendar that allows you to select the year month Selectithe year Month date and P A d time for example 02 10 2006 11 52 day and time It also allows you to select the local time m Click the box next to End Time and By default the messages generated in the last one hour are select the year month date and displayed End Time shows the current time and Start Time time for example 02 10 2006 5 52 shows the time one hour before end time To select the current time as the start time select local time Number of Specifies the number of events to be displayed on the View To view a specified number of events select Events to Events page the number from the list for example 50 Display By default the View Events page displays 25 events OK Applies the specified filter and displays the matching To apply
235. elds Field Values Additional Information Interface Name of a physical interface to which CoS components are assigned To display names of logical interfaces configured on this physical interface click the plus sign Scheduler Map ame of the scheduler map associated with his interface Queues Supported umber of queues you can configure on the interface Queues in Use umber of queues currently configured Logical Interface ame of a logical interface on the physical interface to which CoS components are assigned Object Category of an object for example classifier scheduler map or rewrite Name Name that you have given to an object for example ba classifier Type Type of an object for example dscp or exp for a classifier Index Index of this interface or the internal index of a specific object Monitoring CoS Classifiers To display the mapping of incoming CoS value to forwarding class and loss priority for each classifier select Monitor gt Class of Service gt Classifiers in the J Web interface or enter the following CLI command show class of service classifier Table 58 on page 124 summarizes key output fields for CoS classifiers Table 58 Summary of Key CoS Classifier Output Fields Classifier Name Name of a classifier To display classifier assignments click the plus sign 124 1H Usingthe Monitoring Tools Cha
236. em configuration perform the following tasks m Verifying a USB Modem Interface on page 43 m Verifying Dialer Interface Configuration on page 44 42 m Verifying the USB Modem Configuration Chapter 2 Setting Up USB Modems for Remote Management Verifying a USB Modem Interface Purpose Verify that the USB modem interface is correctly configured and display the status of the modem Action From the CLI enter the show interfaces extensive command userGhost gt show interfaces umd0 extensive Physical interface umdO Enabled Physical link is Up Interface index 64 SNMP ifIndex 33 Generation 1 Type Async Serial Link level type PPP Subordinate MTU 1504 Clocking Unspecified Speed MODEM Device flags Present Running Interface flags Point To Point SNMP Traps Internal 0x4000 Link flags None Hold times Up 0 ms Down 0 ms Last flapped Never Statistics last cleared Never Traffic statistics Input bytes 21672 Output bytes 22558 Input packets 1782 Output packets 1832 Input errors Errors 0 Drops 0 Framing errors 0 Runts 0 Giants 0 Policed discards 0 Resource errors 0 Output errors Carrier transitions 63 Errors 0 Drops 0 MTU errors 0 Resource errors 0 MODEM status Modem type LT V 92 1 0 MT5634ZBA USB V92 Data Fax Modem Dual Config Version 2 27m Initialization command string ATSO 2 Initialization status Ok Call status Connected to 4085551515 Call duration
237. em log message when the value of a sampled indicator is decreasing For example if the falling threshold is 80 the default SNMP generates an event when the value of any key indicator falls back to 80 percent or less Enter a value between O and 100 The default value is 80 NOTE The falling threshold value must be less than the rising threshold value Configuring SNMP with Quick Configuration m 53 J series Services Router Administration Guide Configuring SNMP with a Configuration Editor To configure SNMP on a Services Router you must perform the following tasks marked Required For information about using the J Web and CLI configuration editors see the J series Services Router Basic LAN and WAN Access Configuration Guide Defining System Identification Information Required on page 54 Configuring SNMP Agents and Communities Required on page 55 Managing SNMP Trap Groups Required on page 56 Controlling Access to MIBs Optional on page 57 Defining System Identification Information Required Basic system identification information for a Services Router can be configured with SNMP and stored in various MIBs This information can be accessed through SNMP requests and either queried or reset Table 51 on page 54 identifies types of basic system identification and the MIB object into which each type is stored Table 31 System Identification Information and Corresponding MIB Objects System Information
238. enter level in the configuration hierarchy Configuration View and Edit Edit Configuration edit forwarding options 2 Next to Forwarding options click Configure or Edit Disable packet capture 1 Next to Packet capture click Edit Enter set packet capture disable 2 Next to Disable select Yes 5 Click OK until you return to the Configuration page Deleting Packet Capture Files Deleting packet capture files from the var tmp directory only temporarily removes the packet capture files Packet capture files for the interface are automatically created again the next time a packet capture configuration change is committed You must follow the procedure given in this section to delete packet capture files Configuring Packet Capture with a Configuration Editor m 261 J series Services Router Administration Guide To delete a packet capture file Ja Disable packet capture following the steps in Disabling Packet Capture on page 261 Using the CLI delete the packet capture file for the interface a From CLI operational mode access the local UNIX shell user host gt start shell b Navigate to the directory where packet capture files are stored cd var tmp c Delete the packet capture file for the interface for example pcap ile fe 0 0 0 rm pcap file fe 0 0 0 96 d Return to the CLI operational mode exit user host gt Reenable packet capture following the steps in
239. enter quit Table 19 on page 25 describes the telnet command options For more information see the JUNOS System Basics and Services Command Reference Table 19 CLI telnet Command Options Option Description 8bit Use an 8 bit data path bypass routing Bypass the routing tables and open a Telnet session only to hosts on directly attached interfaces If the host is not on a directly attached interface an error message is returned host Open a Telnet session to the specified hostname or IP address inet Force the Telnet session to an IPv4 destination interface source interface Open a Telnet session to a host on the specified interface If you do not include this option all interfaces are used no resolve Suppress the display of symbolic names port port Specify the port number or service name on the host routing instance routing instance name Use the specified routing instance for the Telnet session Source address Use the specified source address for the Telnet session Using the ssh Command You can use the CLI ssh command to use the secure shell SSH program to open a connection to a remote device userGhost gt ssh host bypass routing inet interface interface name gt routing instance routing instance name source address vl v2 Table 20 on page 25 describes the ssh command options For more information see the JUNOS System Bas
240. enter the following CLI show commands m show services ipsec vpn ipsec statistics m Show services ipsec vpn ipsec security associations m Show services ipsec vpn ike security associations Table 74 on page 140 summarizes key output fields in IPSec displays Table 74 Summary of Key IPSec Output Fields Field Values IPSec Tunnels Service Set Name of the service set for which the IPSec tunnel is defined Rule Name of the rule set applied to the IPSec tunnel Term Name of the IPSec term applied to the IPSec tunnel Local Gateway Gateway address of the local system 140 1m Usingthe Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 74 Summary of Key IPSec Output Fields continued Field Values Remote Gateway Gateway address of the remote system Direction Direction of the IPSec tunnel Inbound or Outbound Protocol Protocol supported either Encapsulation Security Protocol ESP or Authentication Header and ESP AH ESP Tunnel Index Numeric identifier of the IPSec tunnel Tunnel Local Identity Prefix and port number of the local endpoint of the IPSec tunnel Tunnel Remote Identity Prefix and port number of the remote endpoint of the IPSec tunnel IPSec Statistics Service Set Name of the service set for which the IPSec tunnel is defined Local Gateway Gateway address of the local system Remot
241. equest packet in bytes Keys Help Displays the help for the CLI commands Press H to display the help Display mode Toggles the display mode Press D to toggle the display mode Restart statistics Restarts the traceroute monitor command Press R to restart the traceroute monitor command Order of fields Sets the order of the displayed fields Press O to set the order of the displayed fields quit Quits the traceroute monitor command Press Q to quit the traceroute monitor command Packets number Number of the hop router along the route to the final destination host Host Hostname or IP address of the router at each hop Loss 6 Percent of packet loss The number of ping responses divided by the number of ping requests specified as a percentage Pings Snt Number of ping requests sent to the router at this hop Last Most recent round trip time in milliseconds to the router at this hop Avg Average round trip time in milliseconds to the router at this hop Best Shortest round trip time in milliseconds to the router at this hop Wrst Longest round trip time in milliseconds to the router at this hop StDev Standard deviation of round trip times in milliseconds to the router at this hop Tracing Multicast Routes from the CLI Use CLI mtrace commands to trace information about multicast paths The mtrace from source command displays information about a multi
242. er configuration editor 72 conflict detection and resolution ss 65 CONTIGS i senses tert pata 144 DHCP binding database verifying 76 interface restrictions 09 lirmitatiotis ete e 65 InonltoFlnig J Abb ellie sda We ate is 143 OPUON Sis oreste Huet le bett eo 65 OVELVIe W cesta secu e n E La ees dieran 64 See also DHCP leases DHCP pages DHCP pools DHCP server Quick Configuratio s a ie aee c Et pp Rd 66 294 m Index server function VERIFICATION ssh o ttes PU Lec es DHCP leases configuring Quick Configuration 70 MONTON O e eode aee tco aded 145 DHCP pages field Surarmary unsers as Ned betae es 70 INVA spine bids veh ades oup vows us tenes inh ces PET 67 pool information reet re St ettet ies 68 Static binding page c ertet eet 69 DHCP pools configuring Quick Configuration 70 FOODItOEIDEs Loses zd ce ec a Ab suam 144 DHCP server boot operations Quick Configuration 71 configuring configuration editor 72 displaying configurations 75 information Quick Configuration 70 monitoring operations ese treten 145 preparation c eee e uae e Re bait Ee UL 66 Quick Configuration 66 sample configuration tede 72 static bindings Quick Configuration 71 SCAS CS e E 79 subnet and single client 74 subnet for configuration Quick Configuration ies eer utbs pe ec eas 70 verifying a Configuratio
243. er Basic LAN and WAN Access Configuration Guide Displaying a Firewall Filter for Packet Capture Configuration Purpose Verify the firewall filter for packet capture configuration Action From the J Web interface select Configuration View and Edit View Configuration Text Alternatively from configuration mode in the CLI enter the show firewall filter destall command edit user host show firewall filter dest all term dest term from destination address 192 168 1 1 32 then sample accept Meaning Verify that the output shows the intended configuration of the firewall filter for capturing packets sent to the destination address 192 168 1 1 32 Related Topics For more information about the format of a configuration file see the information about viewing configuration text in the J series Services Router Basic LAN and WAN Access Configuration Guide Verifying Captured Packets Purpose Verify that the packet capture file is stored under the var tmp directory and the packets can be analyzed offline Action Take the following actions m Disable packet capture See Disabling Packet Capture on page 261 m Perform these steps to transfer a packet capture file for example 126b fe 0 0 1 to a server where you have installed packet analyzer tools for example tools server using FTP 1 From the CLI configuration mode connect to tools server using FTP user host run ftp tools server Connected
244. er configuration provides the following configuration settings for a particular subnet on a Services Router interface An IP address pool with one address excluded from the pool Default and max imum lease times Domain search suffixes These suffixes specify the domain search list used by a client when resolving hostnames with DNS See RFC 5597 Dynamic Host Configuration Protocol DHCP Domain Search Option for more information A DNS name server A DHCP option Router solicitation address option option 32 The IP address excluded from the IP address pool is reserved for this option In addition the DHCP server might assign a static address to at least one client on the subnet Table 58 on page 72 provides the settings and values for the sample DHCP server configuration used in this section Table 38 Sample DHCP Server Configuration Settings Settings Sample Value or Values DHCP Subnet Configuration Configuring the DHCP Server with a Configuration Editor Chapter 4 Configuring the Router as a DHCP Server Table 38 Sample DHCP Server Configuration Settings continued Settings Sample Value or Values Address pool subnet address 192 168 2 0 24 High address in the pool range 192 168 2 254 Low address in the pool range 192 168 2 2 Address pool default lease time in seconds 1 209 600 14 days Address pool maximum lease time in seconds 2 419 200 28 days
245. er is running This is the WHAT field in show system users command output Memory Usage 108 1H Usingthe Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 48 Summary of Key System Properties Output Fields continued Field Values Additional Information Total Total RAM available on the Services Router Memory Available Total Total RAM currently being consumed by processes Memory actively running on the Services Router displayed Used both as a quantity of memory and as a percentage of the total RAM on the router Process ID Process identifier This is the PID field in show system processes command output Process Name of the process owner Owner Process Command that is currently running Individual processes on the Services Router are listed Name here Because each process within JUNOS operates in a protected memory environment you can diagnose whether a particular process is consuming abnormally high amounts of resources If a software process is using too much CPU or memory you can restart the process by entering the restart command from the CLI CPU Usage Percentage of the CPU that is being used by the process Memory Percentage of the installed RAM that is being used by Usage the process CPU Usage Total CPU Sum of CPU usages by all processes expressed as a Used percentage of total CPU available Process ID Process identifier This is
246. er s secret is Radiussecret1 m The loopback address of the router is 10 0 0 1 To configure RADIUS authentication 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 11 on page 15 5 If you are finished configuring the network commit the configuration To completely set up RADIUS authentication you must create user template accounts and specify a system authentication order Managing User Authentication with a Configuration Editor Chapter 1 Managing User Authentication and Access 4 Goonto one of the following procedures m To specify a system authentication order see Configuring Authentication Order on page 15 m To configure a remote user template account see Creating a Remote Template Account on page 19 m Toconfigure local user template accounts see Creating a Local Template Account on page 20 Table 11 Setting Up RADIUS Authentication Task J Web Configuration Editor CLI Configuration Editor Navigate to the System level in the configuration hierarchy T In the J Web interface select Configuration View and Edit Edit Configuration From the edit hierarchy level enter edit system 2 Next to System click Configure or Edit Add a new RADIUS server 1 Inthe Radius server box click Add Set the IP address of the RADIUS new entry server 2 Inthe Address box
247. erence System Log Facilities and Severity Levels When specifying the destination for system log messages you can specify the class facility of messages to log and the minimum severity level level of the message for each location Each system log message belongs to a facility which is a group of messages that are either generated by the same software process or concern a similar condition or activity Table 81 on page 157 lists the system logging facilities and Table 82 on page 158 lists the system logging severity levels For more information about system log messages see the JUNOS System Log Messages Reference Table 81 System Logging Facilities Facility Description any Any facility authorization Any authorization attempt change log Any change to the configuration cron Cron scheduling process daemon Various system processes System Log Messages Overview WM 157 J series Services Router Administration Guide Table 81 System Logging Facilities continued Facility Description interactive commands Commands executed in the CLI kernel Messages generated by the JUNOS kernel user Messages from random user processes Table 82 System Logging Severity Levels Severity Level from Highest to Lowest Severity Description emergency System panic or other conditions that cause the routing platform to stop functioning alert Conditions that must be corrected
248. erence from top to bottom Do either of the following m To adda DNS server type an IP address next to the Add button and click Add m To remove a DNS server select the IP address in the DNS Name Servers box and click Delete Gateway Routers Defines a list of relay agents on the subnet in order of preference from top to bottom Do either of the following m To adda relay agent type an IP address next to the Add button and click Add m Toremove a relay agent select the IP address in the Gateway Routers box and click Delete WINS Servers Defines a list of NetBIOS name servers in order of preference from top to bottom Do either of the following m To add a NetBIOS name server type an IP address next to the Add button and click Add m Toremove a NetBIOS name server select the IP address in the WINS Servers box and click Delete Boot Options Boot File Specifies the path and filename of the initial boot file to be used by the client Type a path and filename Boot Server Specifies the TFTP server that provides the initial boot file to the client Type the IP address or hostname of the TFTP server DHCP Static Binding Information DHCP MAC Address required Specifies the MAC address of the client to be permanently assigned a static IP address Type the hexadecimal MAC address of the client Configuring the DHCP Server with Quick Configurati
249. erface select Manage Files 2 In the Delete Backup JUNOS Package section review the backup image information listed 5 To delete the backup image click the Delete backup JUNOS package link 4 Click one of the following buttons on the confirmation page m To delete the backup image and return to the Files page click OK m To cancel the deletion of the backup image and return to the Files page click Cancel Cleaning Up Files with the CLI You can use the request system storage cleanup command to rotate log files and delete unnecessary files on the Services Router If you are running low on storage space the file cleanup procedure quickly identifies files that can be deleted The file cleanup procedure performs the following tasks Deleting the Backup Software Image m 201 J series Services Router Administration Guide m Rotates log files AIl information in the current log files is archived old archives are deleted and fresh log files are created Deletes log files in var log Any files that are not currently being written to are deleted m Deletes temporary files in var tmp Any files that have not been accessed within two days are deleted m Deletes all crash files in var crash Any core files that the router has written during an error are deleted m Deletes all software images tgz files in var sw pkg Any software images copied to this directory during software upgrades are deleted To rotate
250. es continued Task J Web Configuration Editor CLI Configuration Editor Configure the RPM test icmp test for the RPM owner customerA The sample RPM test is an ICMP probe with a test interval probe frequency of 15 seconds a probe type of icmp ping timestamp a probe timestamp and a target address of 192 178 16 5 1 Onthe Rpm page select customerA 2 Inthe Test box click Add new entry 5 Inthe Name box type icmp test 4 Inthe Test interval box type 15 5 In the Probe type box select icmp ping timestamp 6 Select the Hardware timestamp check box 7 Inthe Target box select the Yes check box and click Configure 8 Inthe Target type box select 1 From the edit hierarchy level enter edit services rpm probe customerA 2 Enter set test icmp test probe frequency 15 3 Enter Set test icmp test probe type icmp ping timestamp 4 Enter set test icmp test hardware timestamp Address 5 Enter 9 Inthe Address box type set test icmp test target address 192 178 16 5 192 178 16 5 10 Click OK Configure RPM thresholds and 1 On the Probe page select 1 Enter corresponding SNMP traps to catch ingress inbound times greater than 3000 microseconds icmp test 2 In the Thresholds box select the Yes check box and click Configure 5 Inthe Ingress time box type 3000 4 Click OK 5 Inthe Traps box click Add new entry 6 Inthe Value box select ingress t
251. es or alarms ais Yellow alarm The remote endpoint is in red alarm failure This condition is also known as a far end alarm failure yw Ethernet Link is down The physical link is unavailable link down Integrated services Hardware or software failure On the adaptive services module either the hardware associated with the module or the software that drives the module has failed failure Serial Clear to Send signal absent The remote endpoint of the serial link is not ing a CTS signal The CTS signal must be present before data can be transmitted across a transmit serial link cts absent Data Carrier Detect signal absent The remote endpoint of the serial link ing a DCD signal Because the DCD signal transmits the state of the router no signal probably indicates that the remote endpoint of the serial link transmit is unavai lable is not dcd absent Data Set Ready signal absent The remote endpoint of the serial link transmit ing a DSR signal The DSR sig is not nal indicates that the remote endpoint is ready to receive and transmit data across the serial link dsr absent Loss of receive clock The clock signal from the remote endpoint is not present Serial connections require clock signals to be transmitted from one endpoint and received by the other endpoint of the link loss of rx clock Loss of transmit clock The
252. ess acquisition determine the router interface to connect to the network for autoinstallation The router detects the connected interface and requests an IP address with a protocol appropriate for the interface Autoinstallation is supported over an Ethernet LAN interface or a serial LAN or WAN interface Table 41 on page 83 lists the protocols that the router can use on these interfaces for IP address acquisition 82 gm Autoinstallation Overview Chapter 5 Configuring Autoinstallation Table 41 Interfaces and Protocols for IP Address Acqusition During Autoinstallation Interface and Encapsulation Type Protocol for Autoinstallation Ethernet LAN interface with High level Data Link Control HDLC DHCP BOOTP or Reverse Address Resolution Protocol RARP Serial WAN interface with HDLC Serial Line Address Resolution Protocol SLARP Serial WAN interface with Frame Relay BOOTP If the server with the autoinstallation configuration file is not on the same LAN segment as the new Services Router or if a specific router is required by the network you must configure an intermediate router directly attached to the new router through which the new router can send Trivial File Transfer Protocol TFTP BOOTP and Domain Name System DNS requests In this case you specify the IP address of the intermediate router as the location to receive TFTP requests for autoinstallation Typical Autoinstallation Process on a New Services
253. et 173 18 253 5 0 401 ms 0 435 ms 0 359 ms host5 sitel net 173 18 253 5 0 401 ms 0 360 ms 0 357 ms 173 24 232 65 173 24 232 65 0 420 ms 0 456 ms 0 378 ms 173 24 232 66 173 24 232 66 0 830 ms 0 779 ms 0 834 ms UAWN The fields in the display are the same as those displayed by the J Web traceroute diagnostic tool For information see Traceroute Results and Output Summary on page 225 Using the traceroute monitor Command To display real time monitoring information about each router between the Services Router and a specified destination host enter the traceroute monitor command with the following syntax Table 122 on page 239 describes the traceroute monitor command options user host gt traceroute monitor host lt count number gt lt inet inet6 gt lt interval seconds gt lt no resolve gt lt size bytes gt lt source source address gt lt summary gt 238 1H Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools To quit the traceroute monitor command press Q Table 122 CLI traceroute monitor Command Options Option Description host Sends traceroute packets to the hostname or IP address you specify count number Optional Limits the number of ping requests in packets to send in summary mode If you do not specify a count ping requests are continuously sent until you press O inet Optional Forces the traceroute packets to an IPv4 destination inet6 Opti
254. et support csc swdist ww 2 Login to the Juniper Networks Web site using the username generally your e mail address and password supplied by Juniper Networks representatives 5 Usingthe J Web interface or the CLI select the appropriate junos j series software package for your application For information about JUNOS software packages see Upgrade and Downgrade Overview on page 179 4 Download the software to a local host or to an internal software distribution site NOTE For downloads to J series Services Routers with 256 MB of flash memory see the series Services Router Release Notes for special instructions and ensure that you download the package to your router s var tmp upgrade directory Installing Software Upgrades with the J Web Interface You can use the J Web interface to install software upgrades from a remote server using FTP or HTTP or by uploading the file to the router This section contains the following topics m Installing Software Upgrades from a Remote Server on page 182 m Installing Software Upgrades by Uploading Files on page 185 Installing Software Upgrades from a Remote Server 182 m You can use the J Web interface to install software packages on the Services Router that are retrieved with FTP or HTTP from the location specified Figure 14 on page 182 shows the Install Remote page for the router Figure 14 Install Remote Page ERROR Unresolved graphic fileref 5020259 gif not found in
255. etailed Alarm Message Received at Date and time when the failure was detected Severity Alarm severity either major red or minor yellow A major red alarm condition requires immediate action A minor yellow condition requires monitoring or maintenance Alarm Type Category of the alarm Chassis Indicates an alarm condition on the chassis typically an environmental alarm such as temperature Configuration Indicates that no rescue configuration is set ETHER Indicates an alarm condition on an Ethernet interface DS3 Indicates an alarm condition on a DS5 interface License Indicates a software license infringement Serial Indicates an alarm condition on a serial interface Services Indicates an alarm condition on the services module Verifying the Alarms Configuration To verify alarms configuration perform the following task Displaying Alarm Configurations Purpose Action From the J Web interface select Verify the configuration of the alarms Configuration View and Edit View Configuration Text Alternatively from configuration mode in the CLI enter the show chassis alarms command edit user host show chassis alarms t3 Verifying the Alarms Configuration MN 175 J series Services Router Administration Guide exz yellow los red ylw red ds1 ylw red ethernet link down red serial loss of rx clock red loss of tx clock red
256. etails see MPLS Connection Checking on page 215 210 1H Diagnostic Tools Overview Chapter 12 Using Services Router Diagnostic Tools Table 105 J Web Interface Diagnose and Manage Options continued Option Function Traceroute Allows you to trace a route between the Services Router and a remote host You can configure advanced options for the traceroute operation For details see Tracing Unicast Routes from the J Web Interface on page 223 Packet Capture Allows you to capture and analyze router control traffic For details see Capturing and Viewing Packets with the J Web Interface on page 226 Manage Options Files Allows you manage log temporary and core files on the Services Router For details see Managing Files with the J Web Interface on page 199 Upgrade Allows you to upgrade and manage Services Router software packages For details see Performing Software Upgrades and Reboots on page 179 Licenses Displays a summary of the licenses needed and used for each feature that requires a license Allows you to add licenses For details see the Getting Started Guide for your router Reboot Allows you to reboot the Services Router at a specified time For details see Rebooting or Halting a Services Router with the J Web Interface on page 194 CLI Diagnostic Commands Overview The CLI commands available in operational mode allow you to perform the same monitoring troub
257. eteneetee tette 112 spoofed SNMP traps usse ette lec roter ec reete 49 SSH accessing remote accounts CLI 25 setting login retry limits ee rette 26 SSM COMMANA oee reet tei Reit dre 25 o 6 5 0 S ME hs ae Ale MEE TEE ER 25 stateful firewall filters displaying i Ee eL e eee 158 il EU 158 FOODItODIg se cu oer rU PO EO TR 156 static binding DHCP See DHCP DHCP leases DHCP server statistics DHCP server interfaces see oett RPM monitoring RPM verifying ue beet d bees status administrative link state eee 114 autoiristallatioris ed sre ieee 87 BGPs ie Ai iA leis ts caa ie Lr s oe 118 dI lS c eel Des ap beet M ete etate edens fetus 112 link states network interfaces 114 link states TGM550 VoIP 152 OSPE IBICETACOS n eie dide t nt aD reU UR 119 OSPE neighbors 4 5 dapttenioieee tt ehem te 119 RIP neighbors uu teni este e e e eet 121 slot in FPC summary 115 stateful firewall filters 158 storage media configuring boot devices 186 recovering internal compact flash 191 Structure of Management Information SMI 48 super user login class permissions 5 superuser login class permissions 5 support technical See technical support SYNTAX conventioris nsectetur xvii syslog See system logs system identification displaying 107 system log messages Ivarllog directory eoe etr aR ai 160 capturing in a file configuration editor
258. ette nt b Te 257 router interfaces supported 255 verifying captured packets 264 verifying configuration sse 265 verifying firewall filter for 264 packet capture files analyzing s Uu c Mh hic ls Sled dette dda Salat hice Mle ode 256 lIBPCAP format erreen rue t tp ee ri Pee cee 265 OVETVIO Wi sss cs eedem EN EDT Iai 256 renaming before modifying encapsulation on interfaces s tede Ed ete eter tre eins 262 Packet Capture page field summary CESS s teo dn monitus packet loss priority COS 150 packets CAP LULA sais sii c ed S OG eet rens 255 capturing with J Web packet capture 226 discarded cedere t t ene ul etus 115 dOP pI sedere tede LO edes 145 MOMOE JITE T s one al cedit tere des 147 monitoring packet loss 146 monitoring round trip times ssssssess 146 multicast tracking sssssss 241 Packet Capture dms tee es tet resi oa 255 packet capture Web asiasi ie ian 226 tracking MPLES iet pte pc etr egets 222 tracking with J Web traceroute 223 tracking with the traceroute command 237 parentheses in syntax descriptions xviii part NUMMDL docte prete pee Tete Seep hice 115 partitioning a boot Medium 189 password retry limits SEINS crinoid eita 27 Index passwords for downloading software upgrades 182 local password method for user authentication Quick Configuration 10 See also local password RADIU
259. evel enter edit system login Create a user named cmartin who belongs to the superuser login class 1 Next to User click Add new entry In the User name box type cmartin In the Class box type superuser Ha A he Click OK Set the username and the login class for the user set user cmartin class superuser Define the encrypted password for cmartin 1 Next to Authentication click Configure 2 Inthe Encrypted password box type 1 14c5 sBopasdFFdssdfFFdsdfsO 5 Click OK Set the encrypted password for cmartin set user cmartin authentication encrypted password 1 14c5 sBopasdFFdssdfFFdsdfsO Setting Up Template Accounts You can create template accounts that are shared by a set of users when you are using RADIUS or TACACS authentication When a user is authenticated by a template account the CLI username is the login name and the privileges file ownership and effective user ID are inherited from the template account This section contains the following topics m Creating a Remote Template Account on page 19 m Creating a Local Template Account on page 20 18 m Managing User Authentication with a Configuration Editor Chapter 1 Managing User Authentication and Access Creating a Remote Template Account You can create a remote template that is applied to users authenticated by RADIUS or TACACS that do not belong to a local template account By default the JUNOS software
260. ewall Filters To view stateful firewall filter information in the J Web interface select Monitor Firewall Stateful Firewall To display stateful firewall filter information for a particular address prefix port or other characteristic type or select information in one or more of the Narrow Search boxes and click OK Alternatively enter the following CLI show commands m Show services stateful firewall conversations m Show services stateful firewall flows Table 71 on page 158 summarizes key output fields for stateful firewall filters Table 71 Summary of Key Stateful Firewall Filters Output Fields Field Values Protocol Protocol used for the specified stateful firewall flow Source IP Source prefix of the stateful firewall flow Source Port Source port number of stateful firewall flow Destination IP Destination prefix of the stateful firewall flow Destination Port Destination port number of the stateful firewall flow Flow State Status of the stateful firewall flow m X Drop Drop all packets in the flow without response m Forward Forward the packet in the flow without inspecting it m Reject Drop all packets in the flow with response m Watch Inspect packets in the flow 138 1H Usingthe Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 71 Summary of Key Stateful Firewall Filters Output Fields continued Field Values Direction Direction of t
261. fault value is 0 0 0 0 interval seconds Optional Sets the interval between statistics gathering The default value is 10 max hops number Optional Sets the maximum number of hops to trace toward the source Specify a value from O through 255 The default value is 32 max queries number Optional Sets the maximum number of query attempts for any hop Specify a value from 1 through 32 The default value is 3 response host Optional Sends the response packets to the specified hostname or IP address By default the response packets are sent to the Services Router routing instance routing instance name Optional Traces the routing instance you specify ttl number Optional Sets the time to live TTL value in the IP header of the query packets Specify a hop count from O through 255 The default value for local queries to the all routers multicast group is 1 Otherwise the default value is 127 wait time seconds Optional Sets the time to wait for a response packet The default value is 3 seconds loop Optional Loops indefinitely displaying rate and loss statistics To quit the mtrace command press Ctrl C Using CLI Diagnostic Commands M 241 J series Services Router Administration Guide Table 124 CLI mtrace from source Command Options continued Option Description multicast response Optional Forces the responses to use multicast un
262. for MPLS probes must be a valid address on the Services Router To use the ping MPLS tool 1 Select Diagnose Ping MPLS from the task bar 2 Nextto the ping MPLS option you want to use click the expand icon see Figure 22 on page 219 3 Enter information into the Ping MPLS page as described in Table 110 on page 219 4 Click Start Table 111 on page 222 summarizes the output fields of the display 5 To stop the ping operation before it is complete click OK Figure 22 Ping MPLS Page ERROR Unresolved graphic fileref 5020255 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Table 110 J Web Ping MPLS Field Summary Field Function Your Action Ping RSVP signaled LSP LSP Name Identifies the LSP to ping Type the name of the LSP to ping Checking MPLS Connections from the J Web Interface m 219 J series Services Router Administration Guide Table 110 J Web Ping MPLS Field Summary continued Field Function Your Action Source Address Specifies the source address of the ping request packet Type the source IP address a valid address configured on a Services Router interface Count Specifies the number of ping requests to send From the list select the number of ping requests to send The default is 5 requests Detailed Output Requests the display of extensive rather than brief ping output Select the check box to display detaile
263. g RMON alarms and traps to monitor a select set of Services Router characteristics object instances like the CPU usage memory usage and file system usage The health monitor feature also monitors the CPU usage of the J series Services Router forwarding process also called a daemon for example the chassis process and forwarding process microkernel You can configure the SNMP health monitor options rising threshold falling threshold and interval using the SNMP Quick Configuration page A threshold is a test of some SNMP variable against some value with a report when the threshold value is exceeded The rising threshold is the upper threshold for a monitored variable When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold the SNMP health monitor generates an alarm After the rising alarm the health monitor cannot generate another alarm until the sampled value falls below the rising threshold and reaches the falling threshold The falling threshold is the lower threshold for the monitored variable When the current sampled value is less than or equal to this threshold and the value at the last SNMP Architecture M 49 J series Services Router Administration Guide Before You Begin sampling interval is greater than this threshold the SNMP health monitor generates an alarm After the falling alarm the health monitor cannot generate another a
264. g th J Web Ping Host TOO erret epe rr reet ens 216 Ping Host Results and Output Summary ssssssss 218 Checking MPLS Connections from the J Web Interface 0 0 0 219 Using the J Web Ping MPLS Tool sssss ee 219 Ping MPLS Results and Output sssssssss eee 222 Tracing Unicast Routes from the J Web Interface crcr 225 Using the J Web Traceroute T oloceiienrincer iriiri oiei 225 Traceroute Results and Output Summary sss 225 Capturing and Viewing Packets with the J Web Interface ssssssss 226 Using J Web Packet Capture rics e rns EE ERO e e et eot ERU ds 226 Packet Capture Results and Output Summary sss 229 Using CLI Diagnostic COMMANGS scuto sace beth hoe e ERR EE D TI UR hd tente 250 Pinging Hosts from tlie CET aere oce e he eh ver rero erg 250 Checking MPLS Connections from the CLI sssssss 232 Pinging RSVP Signaled LSPs and LDP Signaled LSPs 233 Pinging Layer 3 VENS se gutes teles eti tette iegel e pedi enel 254 Pinging Layer 2 VPNS eie c xe regir ere er legit etd 255 Pinging Layer 2 CITCUllS reete eee ER SE ee pee Hae dr ette 256 Tracing Unicast Routes from the CLI ssssssss 257 Using the traceroute Command oeeie ieies eee e 257 Using the traceroute monitor Command ssssse 258 Tracing Multicast Routes from the CLI medarna iiaia 240 Using the mtrace from source Command sse 241 Using the mt
265. g types of expressions use the relational operators listed in Table 152 on page 250 listed from highest to lowest precedence m Arithmetic Expressions that use the arithmetic operators listed in Table 152 on page 250 m Binary Expressions that use the binary operators listed in Table 152 on page 250 m Packet data accessor Expressions that use the following syntax protocol byte offset size Replace protocol with any protocol in Table 150 on page 248 Replace byte offset with the byte offset from the beginning of the packet header to use for the comparison The optional size parameter represents the number of bytes examined in the packet header 1 2 or 4 bytes For example the following command displays all multicast traffic userQhost monitor traffic matching ether 0 amp 1 0 Table 130 CLI monitor traffic Match Conditions Match Condition Description Entity Type 248 1H Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Table 130 CLI monitor traffic Match Conditions continued Match Condition Description host address hostname Matches packet headers that contain the specified address or hostname You can preprend any of the following protocol match conditions followed by a space to host arp ip rarp or any of the Directional match conditions network address Matches packet headers with source or destination addresses contai
266. ge 8 Managing User Authentication with a Configuration Editor on page 12 Recovering the Root Password on page 21 Securing the Console Port on page 25 Accessing Remote Devices with the CLI on page 24 Configuring Password Retry Limits for Telnet and SSH Access on page 26 User Authentication Terms Before performing system management tasks become familiar with the terms defined in Table 5 on page 5 Table 5 System Management Terms Term Definition Remote Authentication Dial In User Authentication method for validating users who attempt to access one or more Service RADIUS Services Routers by means of Telnet RADIUS is a multivendor IETF standard whose features are more widely accepted than those of TACACS 4 or other proprietary systems All one time password system vendors support RADIUS Terminal Access Controller Access Authentication method for validating users who attempt to access one or more Control System Plus TACACS Services Routers by means of Telnet User Authentication Terms M 3 J series Services Router Administration Guide User Authentication Overview User Authentication User Accounts This section contains the following topics m User Authentication on page 4 m User Accounts on page 4 m Login Classes on page 5 m Template Accounts on page 7 The JUNOS software supports three methods of user authentication local password authentication Remote Authentication Dial In User Service
267. gement daemon 14556 active Command line interface 10312 active Command line interface 10312 active Periodic Packet Management daemon 1640 active Bidirectional Forwarding Detection daemon 1912 active L2 Address Learning daemon 2080 active 32776 Health Monitor jcrypto daemon memory usage IPSec Key Management daemon 5672 active 32778 Health Monitor FWDD Micro Kernel threads total CPU Utilization jnxFwddMi croKernelCPUUsage 0 0 active 32779 Health Monitor FWDD Real Time threads total CPU Utilization jnxFwddRtThreadsCPUUsage 0 15 active 32780 Health Monitor FWDD DMA Memory utilization jnxFwddDmaMemUsage 0 16 active 32781 Health Monitor FWDD Heap utilization jnxFwddHeapUsage 0 54 active more Meaning The output shows a summary of SNMP health monitor alarms and corresponding log entries m Alarm Index Alarm identifier m Variable description Object instance being monitored m Value Current value of the monitored variable in the most recent sample interval m State Status of the alarm For example m active Entry is fully configured and activated m falling threshold crossed Variable value has crossed the lower threshold limit 60 1m verifying SNMP Health Monitor Configuration Related Topics Chapter 3 Configuring SNMP for Network Management m rising threshold crossed Variable value has crossed the upper threshold limit Verify that any rising threshold values are greater than the configured r
268. ghts yellow whether alarm is minor OP IMA OL d 166 compact flash recovery does not recover configuration MeS s ve e stt a 192 DHCP BOOTP agent and DHCP server cannot COEXIST in FOULED cece cece cere creer 64 DHCP no support for IPv6 addresses DNS updates DHCP failover class Configuratio uere crece nee rena 65 DHCP no support on VPN interfaces 66 MPLS no LSP statistics on outbound router 152 mtrace from source packet statistics always O E EE E tato eec eet i t E epu utr et Ed 242 performance degradation with monitor traffic COMMAN A sen i ehna ecce e ts e Pes orte 246 PPP no J Web monitoring information available tiet entente teme thats 147 SNMP not supported on Gigabit Ethernet interfaces su d desea crei ie ptu eodd o 47 software downgrade cannot be undone 185 link states network interfaces ies me eet eue 114 TGM5950 VoIP ict tle sre i eee aye Bayles 152 298 m Index local password default authentication method for system 10 method for user authentication Quick GConfig ratlon a e e dre teet 10 order of user authentication configuration Edito ined E EE 15 OVGIVI W i siden teet ec o epar metered shaken 4 local template accounts sssssssss 20 Locate LSP from interface name ef xredieji ol M 214 USINE oet stir e S DAE IA UEM Plebe eee ka0s 221 Locate LSP from virtual circuit information GESCIIPLION 2 5 0 2 Meza
269. gure TACACS authentication 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 12 on page 14 5 If you are finished configuring the network commit the configuration To completely set up TACACS authentication you must create user template accounts and specify a system authentication order 4 Goonto one of the following procedures m To specify a system authentication order see Configuring Authentication Order on page 15 m To configure a remote user template account see Creating a Remote Template Account on page 19 m Toconfigure local user template accounts see Creating a Local Template Account on page 20 Table 12 Setting Up TACACS Authentication Task J Web Configuration Editor CLI Configuration Editor Navigate to the System level in the configuration hierarchy 1 In the J Web interface select Configuration View and Edit Edit Configuration From the edit hierarchy level enter edit system 2 Next to System click Configure or Edit Add a new TACACS server 1 Inthe Tacplus server box click Add Set the IP address of the TACACS new entry server 2 Inthe Address box type the IP address of the TACACS server 172 16 98 24 set tacplus server address 172 16 98 24 Specify the shared secret password of the TACACS server The secret is stored
270. h holds all the transit and outbound session information To Destination outbound router of the session From Source inbound router of the session State State of the path Up Down or AdminDn AdminDn indicates that the LSP is being taken down gracefully Rt Number of active routes prefixes installed in the For inbound RSVP sessions the routing table is routing table the primary IPv4 table inet O For transit and outbound RSVP sessions the routing table is the primary MPLS table mpls O Style RSVP reservation style This field consists of two This field is used for outbound and transit LSPs parts The first is the number of active only reservations The second is the reservation style which can be FF fixed filter SE shared explicit or WF wildcard filter Labelin Incoming label for this RSVP session Labelout Outgoing label for this RSVP session LSPname Configured name of the LSP Total Total number of RSVP sessions displayed for the particular type ingress inbound egress outbound or transit Monitoring MPLS RSVP Interfaces Information To view the interfaces on which RSVP is running select Monitor MPLS RSVP Interfaces or enter the following CLI command show rsvp interface Table 68 on page 154 summarizes key output fields in the RSVP interfaces information display Table 68 Summary of Key RSVP Interfaces Information Output Fields Field Values Additional Information RSVP In
271. hat occurred for the PADO packet This value is always O and is not supported m PADR Number of timeouts that occurred for the PADR packet Sent Number of the timeouts that occurred for PADI PADO and PADR packets PPPoE Version Maximum Sessions Maximum number of active PPPoE sessions the Services Router can support The default is 256 sessions 150 1H Using the Monitoring Tools Table 78 Summary of Key PPPoE Output Fields continued Chapter 7 Monitoring the Router and Routing Operations Field Values Additional Information PADI Resend Initial time in seconds the Services Router waits The PPPoE Active Discovery Initiation PADI packet Timeout to receive a PADO packet for the PADI packet is sent to the access concentrator to initiate a PPPOE sent for example 2 seconds This timeout doubles for each successive PADI packet sent session Typically the access concentrator responds to a PADI packet with a PPPoE Active Discovery Offer PADO packet If the access concentrator does not send a PADO packet the Services Router sends the PADI packet again after timeout period is elapsed The PADI Resend Timeout doubles for each successive PADI packet sent For example if the PADI Resend Timeout is 2 seconds the second PADI packet is sent after 2 seconds the third after 4 seconds the fourth after 8 seconds and so on PADR Resend Timeout Initial time in seconds the Services Router waits to
272. he Monitoring Tools Monitoring RPM Probes Chapter 7 Monitoring the Router and Routing Operations The RPM information includes the round trip time jitter and standard deviation values for each configured RPM test on the Services Router To view these RPM properties select Monitor RPM in the J Web interface or enter the following CLI show command show services rpm probe results In addition to the RPM statistics for each RPM test the J Web interface displays the round trip times and cumulative jitter graphically Figure 11 on page 145 shows sample graphs for an RPM test Figure 11 Sample RPM Graphs ERROR Unresolved graphic fileref s020039 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images In Figure 11 on page 145 the round trip time and jitter values are plotted as a function of the system time Large spikes in round trip time or jitter indicate a slower outbound egress or inbound ingress time for the probe sent at that particular time Table 77 on page 145 summarizes key output fields in RPM displays Table 77 Summary of Key RPM Output Fields Field Values Additional Information Currently Running Tests Graph Click the Graph link to display the graph if it is not already displayed or to update the graph for a particular test Owner Configured owner name of the RPM test Test Name Configured name of the RPM test Probe Type Type of RPM
273. he flow input or O output Frames Number of frames in the flow Monitoring Firewall Intrusion Detection Services IDS To view intrusion detection service IDS information for stateful firewall filters select Monitor Firewall IDS Information Click one of the following criteria to order the display accordingly m Bytes received bytes m Packets received packets m Flows m Anomalies To limit the display of IDS information type or select information in one or more of the Narrow Search boxes listed in Table 72 on page 159 and click OK Table 72 IDS Search Narrowing Characteristics Narrow Search Box Entry or Selection Destination Address Type a destination address prefix to display IDS informatio n for only that prefix IDS Table Select one of the following m Destination Displays information for an address under attack m Pair Displays information for a suspected attack sou m Source Displays information for an address that is a ce and destination pair suspected attacker Number of IDS Entries to Display Select a number between 25 and 500 to display only a par icular number of entries Threshold Type a number to display events with only that number of bytes packets flows or anomalies whichever you selected to order the display For example to display all events with more than 100 flows click Flows and then type 100 in the Threshold box Service
274. he session State State of the path Up Down or AdminDn AdminDn indicates that the LSP is being taken down gracefully Packets Total number of packets received on the LSP from the upstream neighbor Bytes Total number of bytes received on the LSP from the upstream neighbor LSPname Configured name of the LSP Total Total number of LSPs displayed for the particular type ingress inbound egress outbound or transit Monitoring RSVP Session Information To view currently active RSVP session information select Monitor gt MPLS gt RSVP Sessions or enter the following CLI command show rsvp session Table 67 on page 133 summarizes key output fields in the RSVP session information display Table 67 Summary of Key RSVP Session Information Output Fields Field Values Additional Information Ingress LSP Information about inbound RSVP sessions Each session has one line of output Egress LSP Information about outbound RSVP sessions Each MPLS learns this information by querying RSVP session has one line of output which holds all the transit and outbound session information Using the Monitoring Tools m 133 J series Services Router Administration Guide Table 67 Summary of Key RSVP Session Information Output Fields continued Field Values Additional Information Transit LSP Information about transit RSVP sessions MPLS learns this information by querying RSVP whic
275. hic fileref s020248 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To configure SNMP features with Quick Configuration 1 Inthe J Web user interface select Configuration gt Quick Configuration gt SNMP 2 Enter information into the Quick Configuration page for SNMP as described in Table 30 on page 51 3 From the SNMP Quick Configuration page click one of the following buttons Chapter 3 Configuring SNMP for Network Management m To apply the configuration and stay on the Quick Configuration page for SNMP click Apply m To apply the configuration and return to the Quick Configuration SNMP page click OK m To cancel your entries and return to the Quick Configuration for SNMP page click Cancel 4 Tocheckthe configuration see Verifying the SNMP Configuration on page 58 Table 30 SNMP Quick Configuration Summary Field Function Your Action Identification Contact Information Free form text string that specifies an administrative contact for the system Type any contact information for the administrator of the system such as name and phone number System Description Free form text string that specifies a description for the system Type any system information that describes the system 4500 with 4 PIMs for example Local Engine ID Provides an administratively unique identifier of an SNMPv5 engine for system identification The
276. his information by querying RSVP state of these paths which holds all the transit and outbound session information To Destination outbound router of the session Using the Monitoring Tools m 131 J series Services Router Administration Guide Table 65 Summary of Key MPLS LSP Information Output Fields continued Field Values Additional Information From Source inbound router of the session State State of the path It can be Up Down or AdminDn AdminDn indicates that the LSP is being taken down gracefully Rt Number of active routes prefixes installed in the For inbound RSVP sessions the routing table is routing table the primary IPv4 table inet O For transit and outbound RSVP sessions the routing table is the primary MPLS table mpls O Active Path Name of the active path Primary or Secondary This field is used for inbound LSPs only P An asterisk in this column indicates that the This field is used for inbound LSPs only LSP is a primary path LSPname Configured name of the LSP Style RSVP reservation style This field consists of two This field is used for outbound and transit LSPs parts The first is the number of active only reservations The second is the reservation style which can be FF fixed filter SE shared explicit or WF wildcard filter Labelin Incoming label for this LSP Labelout Outgoing label for this LSP Total Total number of LSPs displayed f
277. hy in either the J Web or CLI configuration editor 2 To configure SNMP communities perform the configuration tasks described in Table 55 on page 56 5 If you are finished configuring the network commit the configuration 4 Tocheckthe configuration see Verifying the SNMP Configuration on page 58 Configuring SNMP with a Configuration Editor W 55 J series Services Router Administration Guide Table 33 Configuring SNMP Agents and Communities Task J Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the configuration hierarchy 1 In the J Web interface select Configuration gt View and Edit gt Edit Configuration From the edit hierarchy level enter edit snmp 2 Next to Snmp click Configure or Edit Create and name a community 1 Next to Community click Add new entry Create a community 2 Inthe Community box type the name of the community as a free form text string set community community name Grant read write access to the community In the Authorization box select read write from the list Set the authorization to read write set community community name authorization read write Allow community access to a client at a particular IP Next to Clients click Add new entry Configure client access for the IP address 10 10 10 10 address for example at IP 2 Inthe Prefix box type the IP address in imal ion address 10
278. icast response Optional Forces the response packets to use unicast no resolve Optional Does not display hostnames no router alert Optional Does not use the router alert IP option in the IP header brief Optional Does not display packet rates and losses detail Optional Displays packet rates and losses if a group address is specified Following is sample output from the mtrace from source command userQhost mtrace from source source 192 1 4 1 group 224 1 1 1 Mtrace from 192 1 4 1 to 192 1 30 2 via group 224 1 1 1 Querying full reverse path 0 192 1 30 2 1 192 1 30 1 PIM thresh 1 2 routerC mycompany net 192 1 40 2 PIM threshA 1 3 hostA mycompany net 192 1 4 1 Round trip time 22 ms total ttl of 2 required Waiting to accumulate statistics Results after 10 seconds Source Response Dest Overall Packet Statistics For Traffic From 192 1 4 1 192 1 30 2 Packet 192 1 4 1 To 224 1 1 1 v rtt 16 ms Rate Lost Sent Pct Rate 192 168 195 37 192 1 40 2 routerC mycompany net v ttl 2 0 0 0 pps 192 1 40 1 192 1 30 1 v NX ttl 3 0 0 pps 192 1 30 2 192 1 30 2 Receiver Query Source Each line of the trace display is usually in the following format depending on the options selected and the responses from the routers along the path hop number host ip address protocolttl Table 125 on page 245 summarizes the output fields of the display NOTE The
279. ick Configure or Edit 3 Next to Login click Configure or Edit From the edit hierarchy level enter edit system login Create a user named remote who belongs to the operator login class 1 Next to User click Add new entry In the User name box type remote In the Class box type operator Click OK zB EE Set the username and the login class for the user set user remote class operator Managing User Authentication with a Configuration Editor m 19 J series Services Router Administration Guide Creating a Local Template Account You can create a local template that is applied to users authenticated by RADIUS or TACACS that are assigned to the local template account You use local template accounts when you need different types of templates Each template can define a different set of permissions appropriate for the group of users who use that template The procedure provided in this section creates a sample user named admin that belongs to the superuser login class To create a local template account J Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 17 on page 20 If you are finished configuring the network commit the configuration To completely set up RADIUS or TACACS authentication you must configure at least one RADIUS or TACACS server and specify a system authentication order
280. ics and Services Command Reference Table 20 CLI ssh Command Options Option Description bypass routing Bypass the routing tables and open an SSH connection only to hosts on directly attached interfaces If the host is not on a directly attached interface an error message is returned host Open an SSH connection to the specified hostname or IP address inet Force the SSH connection to an IPv4 destination Accessing Remote Devices with the CLI m 25 J series Services Router Administration Guide Table 20 CLI ssh Command Options continued Option Description interface source interface Open an SSH connection to a host on the specified interface If you do not include this option all interfaces are used routing instance routing instance name Use the specified routing instance for the SSH connection Source address Use the specified source address for the SSH connection vi Force SSH to use version 1 for the connection v2 Force SSH to use version 2 for the connection Configuring Password Retry Limits for Telnet and SSH Access To prevent brute force and dictionary attacks the Services Router takes the following actions for Telnet or SSH sessions by default Disconnects a session after a maximum of 10 consecutive password retries After the second password retry introduces a delay in multiples of 5 seconds between subsequent password retries For exa
281. ight be configured to ignore ICMP echo requests m The host might be configured with a firewall filter that blocks ICMP echo requests or ICMP echo responses m The size of the ICMP echo request packet exceeds the MTU of a host along the path m The value you selected in the Time to Live box was less than the number of hops in the path to the host in which case the host might reply with an ICMP error message 218 Pinging Hosts from the J Web Interface Chapter 12 Using Services Router Diagnostic Tools For more information about ICMP see RFC 792 Internet Control Message Protocol Checking MPLS Connections from the J Web Interface Use the J Web ping MPLS diagnostic tool to diagnose the state of label switched paths LSPs Layer 2 and Layer 5 VPNs and Layer 2 circuits Alternatively you can use the CLI commands ping mpls ping mpls I2circuit ping mpls I2vpn and ping mpls I3vpn For more information see Pinging Hosts from the CLI on page 250 Before using the J Web ping MPLS tool in your network read Ping MPLS Preparation on page 215 This section contains the following topics m Using the J Web Ping MPLS Tool on page 219 m Ping MPLS Results and Output on page 222 Using the J Web Ping MPLS Tool Before using the ping MPLS feature make sure that the receiving interface on the VPN or LSP remote endpoint has MPLS enabled and that the loopback interface on the outbound node is configured as 127 0 0 1 The source address
282. iguration see Verifying the USB Modem Configuration on page 42 Table 28 Configuring CHAP on Dialer Interfaces Task J Web Configuration Editor CLI Configuration Editor Define a CHAP access profile for 1 In the J Web interface select 1 From the edit hierarchy level example usb modem access profile with Configuration gt View and enter a client username named Edit gt Edit Configuration usb modem user and the secret i 2 Next to Access click Configure or edit access password my secret Edit 2 Enter 5 Next to Profile click Add new entry set profile usb modem access profile client usb modem user chap secret 4 Inthe Profile name box type my secret usb modem access profile 5 Repeat Step 2 for each client to be 5 Next to Client click Add new included in the CHAP profile entry 6 Inthe Name box type usb modem user 7 Inthe Chap secret box type my secret 8 Click OK 9 Repeat Steps 5 through 8 for each client to be included in the CHAP profile 10 Click OK until you return to the Configuration page Navigate to the appropriate dialer 1 On the Configuration page next to From the edit hierarchy level enter interface level in the configuration Interfaces click Edit hierarchy for example dlO unit O it i i y P 2 Inthe Interface name column click edit int rfacos dl9 nit Q dlo 5 Under Unit in the Interface unit number column click 0 Configure CHAP on the
283. iguration Guide Loopback Address The loopback address loO on the outbound node must be configured as 127 0 0 1 If this interface address is not configured correctly the outbound node does not have this forwarding entry It drops the incoming request packets and returns a host unreachable message to the Services Router If the outbound node is a Services Router see the J series Services Router Advanced WAN Access Configuration Guide to configure the loopback address Source Address for Probes The source IP address you specify for a set of probes must be an address configured on one of the Services Router interfaces If it is not a valid Services Router address the ping request fails with the error message Can t assign requested address Before You Begin m 215 J series Services Router Administration Guide Pinging Hosts from the J Web Interface This section contains the following topics Using the J Web Ping Host Tool on page 216 Ping Host Results and Output Summary on page 218 Using the J Web Ping Host Tool You can ping a host to verify that the host can be reached over the network The output is useful for diagnosing host and network connectivity problems The Services Router sends a series of ICMP echo ping requests to a specified host and receives ICMP echo responses Alternatively you can use the CLI ping command See Pinging Hosts from the CLI on page 250 To use the ping host tool 1 2 5
284. ike traffic sampling on the Services Router except that it captures entire packets including the Layer 2 header rather than packet headers and saves the contents to a file in the libpcap format Packet capture also captures IP fragments Unlike traffic sampling there are no tracing operations for packet capture 254 Packet Capture Overview Chapter 13 Configuring Packet Capture NOTE You can enable packet capture and port mirroring simultaneously on a Services Router For more information about traffic sampling see the JUNOS Policy Framework Configuration Guide This overview contains the following topics m Packet Capture on Router Interfaces on page 255 m Firewall Filters for Packet Capture on page 255 m Packet Capture Files on page 256 m Analysis of Packet Capture Files on page 256 Packet Capture on Router Interfaces Packet capture is supported on the T1 T5 E1 E3 serial Fast Ethernet ADSL G SHDSL PPPoE and ISDN interfaces To capture packets on an ISDN interface configure packet capture on the dialer interface To capture packets on a PPPoE interface configure packet capture on the PPPOE logical interface Packet capture supports PPP Cisco HDLC Frame Relay and other ATM encapsulations Packet capture also supports Multilink PPP MLPPP Multilink Frame Relay end to end MLFR and Multilink Frame Relay UNI NNI MFR encapsulations You can capture all IPv4 packets flowing on an interface in the inbound
285. ile filename nonpersistent For more information about the nonpersistent option see the JUNOS Network Management Configuration Guide A CAUTION If log files for accounting data are stored on DRAM these files are lost when the router reboots Therefore we recommend that you back up these files periodically Encrypting and Decrypting Configuration Files Configuration files contain sensitive information such as IP addresses By default the Services Router stores configuration files in unencrypted format on an external compact flash This storage method is considered a security risk because the compact flash can easily be removed from the Services Router To prevent unauthorized users from viewing sensitive information in configuration files you can encrypt them If your router runs the Canada and U S version of the JUNOS software the configuration files can be encrypted with the Advanced Encryption Standard AES or Data Encryption Standard DES encryption algorithms If your router runs the international version of the JUNOS software the files can be encrypted only with DES To prevent unauthorized access the encryption key is stored in the Services Router s EEPROM You can copy the encrypted configuration files to another router and decrypt them if that router has the same encryption key To prevent encrypted configuration files from being copied to another router and decrypted you can set a unique encryption key that contains
286. ile or unexpected closure of a connection to a child or peer process m Emergency or critical conditions such as router power off due to excessive temperature 156 HN System Log Messages Overview Chapter 8 Monitoring Events and Managing System Log Files The JUNOS system logging utility is similar to the UNIX syslogd utility Each system log message identifies the software process that generated the message and briefly describes the operation or error that occurred Reboot requests are recorded to the system log files which you can view with the show log command Also you can view the names of any processes running on your system with the show system processes command System Log Message Destinations You can send system logging information to one or more destinations The destinations can be one or more files one or more remote hosts the terminals of one or more users if they are logged in and the system console m To direct messages to a named file in a local file system see Sending System Log Messages to a File on page 160 m To direct messages to the terminal session of one or more specific users or all users when they are logged into the router see Sending System Log Messages to a User Terminal on page 161 m To direct messages to the router console see the JUNOS System Log Messages Reference m Todirect messages to a remote machine that is running the UNIX syslogd utility see the JUNOS System Log Messages Ref
287. iles to log system messages and also assign attributes such as severity levels to messages The View Events page on the J Web interface enables you to filter and view system log messages This chapter contains the following topics For more information about system log messages see the JUNOS System Log Messages Reference If the router is operating in a Common Criteria environment see the Secure Configuration Guide for Common Criteria and JUNOS FIPS m System Log Message Terms on page 155 m System Log Messages Overview on page 156 m Before You Begin on page 159 mw Configuring System Log Messages with a Configuration Editor on page 160 m Monitoring System Log Messages with the J Web Event Viewer on page 162 System Log Message Terms Before configuring and monitoring system log messages on Services Routers become familiar with the terms defined in Table 80 on page 155 Table 80 System Log Message Terms Term Definition event Condition that occurs on a Services Router at a particular time An event can include routine failure error emergency or critical conditions event ID System log message code that uniquely identifies a system log message The code begins with a prefix indicating the software process or library that generates the event facility Group of messages that either are generated by the same software process such as accounting statistics or concern a similar condition or activity such as authenticatio
288. ime exceeded 7 Click OK set probe customerA test icmp test thresholds ingress time 3000 2 Enter set probe customerA test icmp test traps ingress time exceeded 278 m Configuring RPM with a Configuration Editor Table 141 Configuring Basic RPM Probes continued Chapter 14 Configuring RPM Probes Task J Web Configuration Editor CLI Configuration Editor Configure the RPM test http test for the RPM owner customerB 1 On the Rpm page select I customerB From the edit hierarchy level enter edit services rpm probe customerB n the Test box click Add new The sample RPM test is an HTTP probe 2 nt with a test interval probe frequency of ny 2 Enter 50 seconds a probe type of http get and 3 In the Name box type http test a target URL of http customerB net set test http test probe frequency 30 4 Inthe Test interval box type 30 z Enter 5 Inthe Probe type box select http get set test http test probe type http get 6 Inthe Target box select the Yes 4 Enter check box and click Configure 7 Inthe Target type box select Url set test http test target url http customerB net 8 In the Url box type http customerB net 9 Click OK Configure RPM thresholds and 1 On the Probe page select http test 1 Enter corresponding SNMP traps to catch 5 or more successive lost probes and total 2 Ab Du E He set probe customerB test icmp test lost probes of 10 or
289. immediately such as a corrupted system database critical Critical conditions such as hard drive errors error Standard error conditions that generally have less serious consequences than errors in the emergency alert and critical levels warning Conditions that warrant monitoring notice Conditions that are not error conditions but are of interest or might warrant special handling info Informational messages This is the default debug Software debugging messages Regular Expressions On the J Web View Events page you can use regular expressions to filter and display a set of messages for viewing JUNOS supports POSIX Standard 1003 2 for extended modern UNIX regular expressions Table 85 on page 159 specifies some of the commonly used regular expression operators and the terms matched by them A term can match either a single alphanumeric character or a set of characters enclosed in square brackets parentheses or braces For information about how to use regular expression to filter sytem log messages see Filtering System Log Messages on page 162 D NOTE On the J Web View Events page the regular expression matching is case sensitive 158 HN System Log Messages Overview Chapter 8 Monitoring Events and Managing System Log Files Table 83 Common Regular Expression Operators and the Terms They Match Regular Expression Operator Matching Terms period One instance of any character e
290. in case of an unsuccessful upgrade During a successful upgrade the upgrade package completely reinstalls the existing software It retains configuration files log files and similar information from the previous version Use either the J Web interface or the CLI to back up the primary boot device on one of the secondary storage devices listed in Table 94 on page 181 Table 94 Secondary Storage Devices for Backup Storage Device Available on Routers Minimum Storage Required External compact flash J4300 and J6300 256 MB USB storage device All Services Routers 256 MB After a successful upgrade remember to back up the new current configuration to the secondary device For instructions about how to back up your system using the J Web Interface see Configuring a Boot Device for Backup with the J Web Interface on page 186 For instructions about how to back up your system using the CLI see Configuring a Boot Device for Backup with the CLI on page 189 Downloading Software Upgrades from Juniper Networks Follow these steps to download software upgrades from Juniper Networks Before You Begin m 181 J series Services Router Administration Guide 1 Using a Web browser follow the links to the download URL on the Juniper Networks Web page Depending on your location select either Canada and U S Version or Worldwide Version m https www juniper net support csc swdist domestic m https www juniper n
291. ing USB modems and their supporting dialer interfaces become familiar with the terms defined in Table 22 on page 50 USB Modem Terms M 29 J series Services Router Administration Guide Table 22 USB Modem Terminology Term Definition caller ID Telephone number of the caller on the remote end of a USB modem connection used to dial in and also to identify the caller Multiple caller IDs can be configured on a dialer interface During dial in the router matches the incoming call s caller ID against the caller IDs configured on its dialer interfaces Each dialer interface accepts calls from only callers whose caller IDs are configured on it dialer interface dl Logical interface for configuring dialing properties for a USB modem connection dial in Feature that enables J series Services Routers to receive calls from the remote end of a USB modem connection The remote end of the USB modem call might be a service provider a corporate central location Or a customer premises equipment CPE branch office All incoming calls can be verified against caller IDs configured on the router s dialer interface Microcom Networking Protocol MNP Protocol that provides error correction and data compression for asynchronous modem transmission USB Modem Overview A USB modem connects to a Services Router through modem interfaces that you configure The router applies its own modem AT commands to initialize th
292. ing end point of LSP ping mpls Isp end point Checks the operability of an LSP endpoint The Services Router pings an LSP endpoint using either an LDP FEC prefix or an RSVP LSP endpoint address 214 m Diagnostic Tools Overview Chapter 12 Using Services Router Diagnostic Tools Before You Begin This section includes the following topics m General Preparation on page 215 m Ping MPLS Preparation on page 215 General Preparation To use the J Web interface and CLI operational tools you must have the appropriate access privileges For more information about configuring access privilege levels see Adding New Users on page 11 and the JUNOS System Basics Configuration Guide Ping MPLS Preparation Before using the ping MPLS feature make sure that the receiving interface on the VPN or LSP remote endpoint has MPLS enabled and that the loopback interface on the outbound node is configured as 127 0 0 1 The source address for MPLS probes must be a valid address on the Services Router MPLS Enabled To process ping MPLS requests the remote endpoint of the VPN or LSP must be configured appropriately You must enable MPLS on the receiving interface of the outbound node for the VPN or LSP If MPLS is not enabled the remote endpoint drops the incoming request packets and returns an ICMP host unreachable message to the Services Router To enable MPLS on an interface see the J series Services Router Advanced WAN Access Conf
293. ingle message not in individual messages for each ping request By default five ping requests are sent before the results are reported To change the number of requests include the count option record route Optional For IPv4 sets the record route option in the IP header of the ping request packet The path of the ping request packet is recorded within the packet and displayed on the screen routing instance routing instance name Optional Uses the routing instance you specify for the ping request size bytes Optional Sets the size of the ping request packet Specify a size from O through 65 468 The default value is 56 bytes which is effectively 64 bytes because 8 bytes of ICMP header data are added to the packet Source source address Optional Uses the source address that you specify in the ping request packet strict Optional For IPv4 sets the strict source routing option in the IP header of the ping request packet strict source hosts Optional For IPv4 sets the strict source routing option in the IP header of the ping request packet and uses the list of hosts you specify for routing the packet tos number Optional Sets the type of service TOS value in the IP header of the ping request packet Specify a value from O through 255 Using CLI Diagnostic Commands m 231 J series Services Router Administration Guide Table 116 CLI ping Command Options continued
294. is physically operational even if it is not configured the operational state is Up An operational state of Down indicates a problem with the physical interface 114 1H Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 51 Summary of Key Interfaces Output Fields continued Field Values Additional Information Admin Whether the interface is enabled up Up or disabled Interfaces are enabled by default To disable an State Down interface m Inthe J Web configuration editor select the Disable check box on the Interfaces interfaces name page m In the CLI configuration editor add the disable statement at the edit interfaces interfaces name level of the configuration hierarchy MTU Maximum transmission unit MTU size on the physical interface Speed Speed at which the interface is running Current Configured media access control MAC address Address Hardware Hardware MAC address Address Last Date time and how long ago the interface changed Flapped state from Down to Up Active List of any active alarms on the interface Configure alarms on interfaces as follows Alarms m Inthe J Web configuration editor on the Chassis Alarm interface type page u In the CLI configuration editor with the alarm statement at the edit chassis level of the configuration hierarchy Traffic Number of packets and bytes received and transmitted Statistics on the
295. ising threshold and that any falling threshold values are less than the configured falling threshold For a complete description of show snmp health monitor output see the JUNOS System Basics and Services Command Reference Verifying SNMP Health Monitor Configuration M 621 J series Services Router Administration Guide 62 1m verifying SNMP Health Monitor Configuration Chapter 4 Configuring the Router as a DHCP Server A Dynamic Host Configuration Protocol DHCP server can automatically allocate IP addresses and also deliver configuration settings to client hosts on a subnet DHCP is particularly useful for managing a pool of IP addresses among hosts An IP address can be leased to a host for a limited period of time allowing the DHCP server to share a limited number of IP addresses among a group of hosts that do not need permanent IP addresses The Services Router acts as the DHCP server providing IP addresses and settings to hosts such as PCs that are connected to router interfaces The DHCP server is compatible with the DHCP servers of other vendors on the network DHCP Terms NOTE Currently the DHCP server does not support IPv6 address assignment user class specific configuration DHCP failover protocol or dynamic Domain Name System DNS updates You cannot use DHCP for virtual private network VPN connections You can use either J Web Quick Configuration or a configuration editor to configure the DHCP server
296. it 5 Next to Destinations click Add new entry From the edit hierarchy level enter edit event options destinations Enter the destination name for example bsd2 You can reference the destination in an event policy In the Destination name box type bsd2 Configure the archive site for example ftp ftp robot net event_analyze where you want the output of commands executed by the event policy to be uploaded in a file for analysis and the password for example eventadmin for accessing the archive site NOTE You can specify the archive site as a Hypertext Transfer Protocol HTTP URL FTP URL or secure copy SCP style remote file specification URLs of the type file are also supported NOTE When you specify the archive site do not add a slash to the end of the URL For example do not specify the archive site as ftp ftp robot net event_analyze 1 Next to Archive sites click Add new entry 2 In the Url box type ftp ftp robot net event_analyze 5 In the Password box type eventadmin 4 Click OK Set the destination name the archive site location and the password for accessing the archive site set bsd2 archive sites ftp ftp robot net event analyze password eventadmin Configuring Event Policy Navigate to the Policy level in the configuration hierarchy and enter the policy name for example eventi 1 Onthe main Configuration page next to E
297. izes key output fields for CoS rewrite rules Table 62 Summary of Key CoS Rewrite Rules Output Fields Field Values Additional Information Rewrite Rule Name Names of rewrite rules CoS Value Type Rewrite rule type To display forwarding classes loss priorities and rewritten CoS values click the plus sign m dscp For IPv4 DiffServ traffic m dscp ipv6 For IPv6 DiffServ traffic m exp For MPLS traffic m ieee 802 1 For Layer 2 traffic m inetprecedence For IPv4 traffic Index Internal index for this particular rewrite rule 128 1H Usingthe Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 62 Summary of Key CoS Rewrite Rules Output Fields continued Field Values Additional Information Forwarding Class Forwarding class that in combination with Rewrite rules are applied to CoS values in loss priority is used to determine CoS values outgoing packets based on forwarding class for rewriting and loss priority setting Loss Priority Loss priority that in combination with forwarding class is used to determine CoS values for rewriting Rewrite CoS Value To Value that the CoS value is rewritten to Monitoring CoS Scheduler Maps To display assignments of CoS forwarding classes to schedulers select Monitor gt Class of Service Scheduler Maps in the J Web interface or enter the following CLI command show class of service schedu
298. k box m To display the hop hostnames clear the check box Gateway Specifies the IP address of the gateway to route Type the gateway IP address through Source Address Specifies the source address of the outgoing traceroute packets Type the source IP address Bypass Routing Determines whether traceroute packets are routed by means of the routing table If the routing table is not used traceroute packets are sent only to hosts on the interface specified in the Interface box If the host is not on that interface traceroute responses are not sent m To bypass the routing table and send the traceroute packets to hosts on the specified interface only select the check box m Toroute the traceroute packets by means of the routing table clear the check box Interface Specifies the interface on which the traceroute From the list select the interface on which packets are sent raceroute packets are sent If you select any the raceroute requests are sent on all interfaces Time to Live Specifies the maximum time to live TTL hop count From the list select the TTL for the traceroute request packet ype of Service Specifies the type of service TOS value to include in the IP header of the traceroute request packet From the list select the decimal value of the TOS field 224 m Tracing Unicast Routes from the J Web Interface Chapter 12 Using Services Router Diagnostic Tools Tabl
299. k interface is configured correctly see Verifying the USB Modem Configuration on page 42 Table 27 Configuring the Dialer Interface for Dial In Task J Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the configuration hierarchy and select a dialer interface for example dlO I In the J Web interface select Configuration View and Edit Edit Configuration From the edit hierarchy level enter edit interfaces dlO 2 Next to Interfaces click Edit 5 Next to dlO click Edit On logical interface O configure the incoming 1 Inthe Unit section for logical 1 Enter map options for the dialer interface unit number O click Dialer y options under Nested edit unit O m acceptall Dialer interface accepts all Configuration incoming calls 2 Enter You can configure the acceptall option for Pi Nest to Incoming map click only one of the dialer interfaces associated Configure edit dialer options with a USB modem physical interface The 3 From the Caller type menu 2 denis router uses the dialer interface with the select Caller accept all option configured only if the incoming call s caller ID does not match 4 Next to Caller click Add new set incoming Map Calley the caller IDs configured on other dialer entry MAS interfaces 5 In the Caller id box type 4 Repeat Step 5 for each caller ID m caller Dialer interface accepts calls from 408555
300. kets 340 Transit statistics Input bytes 13859 0 bps Output bytes 0 0 bps Input packets 317 0 pps Output packets 0 0 pps LCP state Opened NCP state inet Opened inet6 Not configured iso Not configured mpls Not configured CHAP state Success Protocol inet MTU 1500 Generation 136 Route table 0 Flags None Addresses Flags Is Preferred Is Primary Destination 172 20 10 1 Local 172 20 10 2 Broadcast Unspecified Generation 134 Meaning The output shows a summary of dialer interface information Verify the following information Verifying Dialer Interface Configuration m 45 J series Services Router Administration Guide 46 m Related Topics The physical interface is Enabled If the interface is shown as Disabled do either of the following a Inthe CLI configuration editor delete the disable statement at the edit interfaces interface name level of the configuration hierarchy m In the J Web configuration editor clear the Disable check box on the Interfaces interface name page The physical link is Up A link state of Down indicates a problem with the interface module interface port or physical connection link layer errors The Last Flapped time is an expected value The Last Flapped time indicates the last time the physical interface became unavailable and then available again Unexpected flapping indicates possible link layer errors The traffic statistics reflect expected input and out
301. larm until the sampled value rises above the falling threshold and reaches the rising threshold The interval represents the period of time in seconds over which the object instance is sampled and compared with the rising and falling thresholds At present you do not have to configure a separate trap for the SNMP health monitor because it uses the already existing RMON traps For more information about RMON events and alarms see the JUNOS Network Management Configuration Guide To display the information collected by the SNMP health monitor use the following CLI show snmp health monitor commands m show snmp health monitor m show snmp health monitor alarms m show snmp health monitor alarms detail m Show snmp health monitor logs For more information see the JUNOS System Basics and Services Command Reference Before you begin configuring SNMP complete the following tasks m Establish basic connectivity See the Getting Started Guide for your router m Configure network interfaces See the J series Services Router Basic LAN and WAN Access Configuration Guide Configuring SNMP with Quick Configuration 50 m Before You Begin J Web Quick Configuration allows you to define system identification information create SNMP communities create SNMP trap groups and configure health monitor options Figure 7 on page 50 shows the Quick Configuration page for SNMP Figure 7 Quick Configuration Page for SNMP ERROR Unresolved grap
302. larm Conditions Corrective Action Alarm Severity Alternative boot media The Services Router boots from an alternative boot device Typically the router boots from the internal compact flash If you configured your router to boot from an alternative boot device ignore this alarm condition Yellow minor If you did not configure the router to boot from an alternative boot device contact JTAC See Requesting Technical Support on page xxi PIM A PIM has failed When a PIM fails it attempts to reboot If the Routing Engine detects that a PIM is rebooting too often it shuts down the PIM Replace the failed PIM See the Getting Started Guide for your router Red major Routing Engine An error occurred during the process of reading or writing compact flash Reformat the compact flash and install a bootable image See Performing Software Upgrades and Reboots on page 179 Yellow minor If this remedy fails you must replace the failed Routing Engine To contact JTAC see Requesting Technical Support on page xxi Routing Engine temperature is too warm m Check the room temperature See the Getting Started Guide for your router Yellow minor m Check the air flow See the Getting Started Guide for your router m Check the fans See the Getting Started Guide for your router If you must replace a fan or the Routing Engine contact JTAC See Requesting
303. ler map Table 65 on page 129 summarizes key output fields for CoS scheduler maps Table 63 Summary of Key CoS Scheduler Maps Output Fields Field Values Additional Information Scheduler Map Name of a scheduler map For details click the plus sign Index Index of a specific object scheduler maps schedulers or drop profiles Scheduler Name Name of a scheduler Forwarding Class Forwarding classes this scheduler is assigned to Transmit Rate Configured transmit rate of the scheduler in bits per second bps The rate value can be either of the following m A percentage The scheduler receives the specified percentage of the total interface bandwidth m remainder The scheduler receives the remaining bandwidth of the interface after allocation to other schedulers Rate Limit Rate limiting configuration of the queue m none No rate limiting m exact The queue transmits at only the configured rate Using the Monitoring Tools m 129 J series Services Router Administration Guide Table 63 Summary of Key CoS Scheduler Maps Output Fields continued Field Values Additional Information Buffer Size Delay buffer size in the queue or the amount of transmit delay in milliseconds The buffer size can be either of the following m A percentage The buffer is a percentage of the total buffer allocation m remainder The buffer is sized according
304. les from the CLI on page 244 m Monitoring Interfaces and Traffic from the CLI on page 245 Pinging Hosts from the CLI Use the CLI ping command to verify that a host can be reached over the network This command is useful for diagnosing host and network connectivity problems The Services Router sends a series of ICMP echo ping requests to a specified host and receives ICMP echo responses Alternatively you can use the J Web interface See Using the J Web Ping Host Tool on page 216 Enter the ping command with the following syntax Table 116 on page 250 describes the ping command options user host gt ping host interface source interface gt lt bypass routing gt count number lt do not fragment gt inet inet6 gt interval seconds loose source hosts gt lt no resolve gt pattern string rapid lt record route gt routing instance routing instance name size bytes source source address strict strict source hosts gt tos number ttl number wait seconds detail lt verbose gt To quit the ping command press Ctrl C Table 116 CLI ping Command Options Option Description host Pings the hostname or IP address you specify 230 1H Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Table 116 CLI ping Command Options continued Option Description interface source interface Optional Sends the ping requests on
305. leshooting and management tasks you can perform with the J Web interface Instead of invoking the tools through a graphical interface you use operational mode commands to perform the tasks Because the CLI is a superset of the J Web interface you can perform certain tasks only through the CLI For example you can use the mtrace command to display trace information about a multicast path from a source to a receiver which is a feature available only through the CLI To view a list of top level operational mode commands type a question mark at the command line prompt See the Getting Started Guide for your router At the top level of operational mode are the broad groups of CLI diagnostic commands listed in Table 106 on page 212 Diagnostic Tools Overview M 211 J series Services Router Administration Guide Table 106 CLI Diagnostic Command Summary Command Function Controlling the CLI Environment set option Configures the CLI display Diagnosis and Troubleshooting clear Clears statistics and protocol database information mtrace Traces information about multicast paths from source to receiver For details see Tracing Multicast Routes from the CLI on page 240 monitor Performs real time debugging of various software components including the routing protocols and interfaces For details see the following sections m Using the monitor interface Command on page 245
306. lness and the likelihood it will drop packets To display profile values click the plus sign Graph RED Profile Link to a graph of a RED curve that the system uses to determine the drop probability based on queue buffer fullness The x axis represents the queue buffer fill level and the y axis represents the drop probability 126 1H Usingthe Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 60 Summary of Key CoS RED Drop Profile Output Fields continued Field Values Additional Information Type Type of a specific drop profile m interpolated The two coordinates x and y of the graph are interpolated to produce a smooth profile m Segmented The two coordinates x and y of the graph are represented by line fragments to produce a segmented profile For information about types of drop profiles see the JUNOS Class of Service Configuration Guide Index Internal index of this drop profile Fill Level Percentage fullness of a buffer queue This value is the x coordinate of the RED drop profile graph Drop Probability Drop probability of a packet corresponding to a specific queue buffer fill level This value is the y coordinate of the RED drop profile graph Monitoring CoS Forwarding Classes To view the current assignment of CoS forwarding classes to queue numbers on the system select Monitor Class of Service Forwarding Classes in the J W
307. local clock signal is not present Serial connections require clock signals to be transmitted from one endpoint and received by the other endpoint of the link loss of tx clock 168 m Alarm Overview Table 89 Interface Alarm Conditions continued Chapter 9 Configuring and Monitoring Alarms Interface Alarm Condition Description Configuration Option Services Services module hardware down A hardware problem has occurred on the Services Router s services module This error typically means that one or more of the CPUs on the module has failed hw down Services link down The link between module is unavai he Services Router and its services able linkdown Services module held in reset The Services Rou er s services modu e is stuck in reset mode If the services module fails to start up five or more times in a row the serv held in reset mod of time from CPU 500 seconds e Startup fails whe release to CPU hal ices module is n the amount is less than pic hold reset Services module reset The Services Rou er s services modu e is resetting The module resets after it crashes or is reset from the CLI or when it takes longer than 60 seconds to start up pic reset Services module software down A software problem has occurred on the Services Router s services module sw down E3 Alarm indication signal The normal E3
308. loss priority PLP bit Bit used to identify packets that have experienced congestion or are from a transmission that exceeded a service provider s customer service license agreement This bit can be used as part of a router s congestion control mechanism and can be set by the interface or by a filter port mirroring The process of sending a copy of a packet from the router to an external host address For more information about port mirroring see the JUNOS Policy Framework Configuration Guide tcpdump A command line utility for debugging computer network problems tcpdump allows the user to display the contents of TCP IP and other packets captured on a network interface On UNIX and most other operating systems a user must have superuser privileges to use tcpdump due to its use of promiscuous mode traffic sampling Packet sampling method in which the sampling key based on the IPv4 header is sent to the Routing Engine There the key is placed in a file or cflowd packets based on the key and are sent to a cflowd server for analysis See also packet capture Packet Capture Overview Packet capture is used by network administrators and security engineers for the following purposes m Monitor network traffic and analyze traffic patterns m Identify and troubleshoot network problems m Detect security breaches in the network such as unauthorized intrusions spyware activity or ping scans Packet capture operates l
309. lowing topics m Alarm Types on page 166 m Alarm Severity on page 167 m Alarm Conditions on page 167 The Services Router supports three types of alarms m Interface alarms indicate a problem in the state of the physical links on fixed or installed PIMs To enable interface alarms you must configure them m Chassis alarms indicate a failure on the router or one of its component Chassis alarms are preset and cannot be modified m System alarms indicate a missing rescue configuration or software license where valid System alarms are preset and cannot be modified although you can configure them to appear automatically in the J Web or CLI display Alarm Severity Alarm Conditions Chapter 9 Configuring and Monitoring Alarms Alarms on a Services Router have two severity levels a Major red Indicates a critical situation on the router that has resulted from one of the following conditions A red alarm condition requires immediate action m One or more hardware components have failed m One or more hardware components have exceeded temperature thresholds m Analarm condition configured on an interface has triggered a critical warning a Minor yellow Indicates a noncritical condition on the router that if left unchecked might cause an interruption in service or degradation in performance A yellow alarm condition requires monitoring or maintenance A missing rescue configuration or software license generates a yellow s
310. luated value of the enclosed term Parentheses are used to indicate the order of evaluation in the regular expression For example dev ice matches messages with dev or device Before You Begin Before you begin configuring and monitoring system log messages complete the following tasks Establish basic connectivity See the Getting Started Guide for your router Configure network interfaces See the J series Services Router Basic LAN and WAN Access Configuration Guide Before You Begin M 159 J series Services Router Administration Guide Configuring System Log Messages with a Configuration Editor This section contains the following topics Sending System Log Messages to a File on page 160 Sending System Log Messages to a User Terminal on page 161 Archiving System Logs on page 161 Disabling System Logs on page 162 Sending System Log Messages to a File You can direct system log messages to a file on the compact flash The default directory for log files is var log To specify a different directory on the compact flash include the complete pathname For the list of logging facilities and severity levels see Table 81 on page 157 and Table 82 on page 158 For information about archiving log files see Archiving System Logs on page 161 The procedure provided in this section sends all security related information to the sample file named security To send messages to a file M Navigate to the top of
311. lure and generates a system log message Type a number between 0 and 60 000 000 microseconds Jitter Egress Time Sets the total outbound time jitter in microseconds for a test that triggers a probe failure and generates a system log message Type a number between 0 and 60 000 000 microseconds Jitter Ingress Time Sets the total inbound time jitter in microseconds for a test that triggers a probe failure and generates a system log message Type a number between 0 and 60 000 000 microseconds Egress Standard Sets the maximum allowable standard deviation of Type a number between 0 and 60 000 000 Deviation outbound times in microseconds for a test which microseconds if exceeded triggers a probe failure and generates a system log message 274 W Configuring RPM with Quick Configuration Table 140 RPM Quick Configuration Summary continued Chapter 14 Configuring RPM Probes Field Function Your Action Ingress Standard Sets the maximum allowable standard deviation of Type a number between 0 and 60 000 000 Deviation inbound times in microseconds for a test which if microseconds exceeded triggers a probe failure and generates a system log message Traps Egress Jitter Exceeded Generates SNMP traps when the threshold for jitter in outbound time is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps
312. lures select Authentication To generate traps for chassis and environment notifications select Chassis To generate traps for configuration changes select Configuration To generate traps for link related notifications up down transitions select Link To generate traps for remote operation notifications select Remote operations To generate traps for remote network monitoring RMON select RMON alarm To generate traps for routing protocol notifications select Routing To generate traps on system warm and cold starts select Startup To generate traps on Virtual Router Redundancy Protocol VRRP events such as new master or authentication failures select VRRP events Targets One or more hostnames or IP addresses that specify the systems to receive SNMP traps generated by the trap group being configured Enter the hostname or IP address in dotted decimal notation of the target system to receive the SNMP traps Click Add Health Monitoring 52 1H Configuring SNMP with Quick Configuration Chapter 3 Configuring SNMP for Network Management Table 30 SNMP Quick Configuration Summary continued Field Function Your Action Enable Health Monitoring Enables the SNMP health monitor on the router The health monitor periodically the time you specify in the interval field checks the following key indicators of router health Percentage of file s
313. m source to destination m Ssource IP address of the source of the query or response m destination P address of the destination of the query or response from source to destination m Ssource IP address of the multicast source m destination IP address of the multicast destination via group address address Group address being traced mxhop number number Maximum hop setting Displaying Log and Trace Files from the CLI 244 m You can enter the monitor start command to display real time additions to system logs and trace files user host gt monitor start filename When the Services Router adds a record to the file specified by filename the record is displayed on the screen For example if you have configured a system log file named system log by including the syslog statement at the edit system hierarchy level you can enter the monitor start system log command to display the records added to the system log To display a list of files that are being monitored enter the monitor list command To stop the display of records for a specified file enter the monitor stop filename command Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Monitoring Interfaces and Traffic from the CLI This section contains the following topics m Using the monitor interface Command on page 245 m Using the monitor traffic Command on page 246 Using the monitor interface C
314. main TechPubsWorkInProgress STAGING images To configure users with Quick Configuration 1 In the J Web interface select Configuration gt Quick Configuration gt Users 2 Under Users click Add to add a new user 3 Enter information into the Add a User Quick Configuration page as described in Table 10 on page 1 1 4 Click one of the following buttons on the Add a User Quick Configuration page m To apply the configuration and return to the Users Quick Configuration page click OK m To cancel your entries and return to the Users Quick Configuration page click Cancel Table 10 Add a User Quick Configuration Page Summary Field Function Your Action User Information Username required Name that identifies the user i Type the username It must be unique within the router Do not nclude spaces colons or commas in the username Full Name The user s full name i Type the user s full name If the full name contains spaces enclose t in quotation marks Do not include colons or commas Login Class required Defines the user s access From the list select the user s login class rivilege 8 m operator m read only m super user superuser m unauthorized This list also includes any user defined login classes For more i nformation see Login Classes on page 5 Managing User Authentication with Quick Configuration WI 11 J series Services Router
315. me Type a number between 60 and 4 294 967 295 seconds You can also type infinite to specify a least that never expires Default Lease Time Seconds Specifies the length of time a client can hold a lease for clients that do not request a specific lease length Type a number between 60 and 2 147 483 647 seconds You can also type infinite to specify a least that never expires Server Information 70 m Configuring the DHCP Server with Quick Configuration Chapter 4 Configuring the Router as a DHCP Server Table 37 DHCP Server Quick Configuration Pages Summary continued Field Function Your Action Server Identifier Specifies the IP address of the DHCP server reported to a client Type the IP address of the Services Router If you do not specify a server identifier the primary address of the interface on which the DHCP exchange occurs is used Domain Name Specifies the domain name that clients must use to resolve hostnames Type the name of the domain Domain Search Specifies the order from top to bottom in which clients must append domain names when resolving hostnames using DNS Do either of the following m Toadda domain name type the name next to the Add button and click Add m Todelete a domain name select the name in the Domain Search box and click Delete DNS Name Servers Defines a list of DNS servers the client can use in order of pref
316. mmand Options Option Description absolute sequence Optional Displays the absolute TCP sequence numbers count number Optional Displays the specified number of packet headers Specify a value from O through 100 000 The command quits and exits to the command prompt after this number is reached interface interface name Optional Displays packet headers for traffic on the specified interface If an interface is not specified the lowest numbered interface is monitored layer2 headers Optional Displays the link layer packet header on each line matching expression Optional Displays packet headers that match an expression enclosed in quotation marks Table 130 on page 248 through Table 152 on page 250 list match conditions logical operators and arithmetic binary and relational operators you can use in the expression no domain names Optional Suppresses the display of the domain name portion of the hostname no promiscuous Optional Specifies not to place the monitored interface in promiscuous mode In promiscuous mode the interface reads every packet that reaches it In nonpromiscuous mode the interface reads only the packets addressed to it no resolve Optional Suppresses the display of hostnames no timestamp Optional Suppresses the display of packet header timestamps print ascii Optional Displays each packet header in AS
317. mmit SCript OVerVIeW a athe ath er Pope diede eux ER nuege de bee dds 89 Enabling Corit ScblpEs 5st tes tbe ete etat sd tae tiet s 90 Disabling Commit SCEIptS ccc err e ROA ee b v e xtd so red A 91 Automating Network Management and Troubleshooting with Operation SETIDUS o teg cte pee de e ge Dad te o c i erede doge ce pee eed hate ee eleme TS 92 Op ration Script OVERVIEW rete itt tei v ette t a be tete tese 92 Enabling Op ration SCEDptES eee eie eee e elc E RAE 95 Executing Operation Scripts o eic rent Re ERE A 95 Disabling Operation Scripts sicot eget We Eee a ge coe sweeties 94 Running Self Diagnostics with Event Policies sssssssee 94 Event Policy OVeIVIEW 4s tede n reet hore tw dee b exe re e ge IAS 95 Configuring Event Policies en ie totale se erect e 95 Table of Contents W ix J series Services Router Administration Guide Part 2 Chapter 7 x Table of Contents Monitoring a Services Router Monitoring the Router and Routing Operations 101 Monitorning Terms c speci eae a en esgic ee vede ee ted 101 Monitoring OVerview i ceto Oda et tale rhe Sed ife 101 Monitoring Tools OVerview e deett e ie Fede tee en aes 102 Filtering Command OWP iicet reet ettet D estet prre tete cte 105 Belore YOU BEBIN sta cescibde ies den Petre e Rh pet ee aay eo eed 106 Using the Monitoring TOols etit rne E tet Ute e ee o oboe 107 Monitoring System Properties eee tg e e En eniti des 107 Monitoring System
318. modem for the PC or laptop computer at the remote location from where you want to connect to the Services Router Order a public switched telephone network PSTN line from your telecommunications service provider Contact your service provider for more information If you do not already have a basic understanding of physical and logical interfaces and Juniper Networks interface conventions see the J series Services Router Basic LAN and WAN Access Configuration Guide Connecting the USB Modem to the Services Router s USB Port eS NOTE J4350 and J6350 Services Routers have two USB ports However you can connect only one USB modem to the USB ports on these routers If you connect USB modems to both ports the router detects only the first modem connected To connect the USB modem to the USB port on the router 1 2 Plug the modem into the USB port Connect the modem to your telephone network Configuring USB Modem Interfaces with a Configuration Editor To configure USB modem interfaces perform the following tasks marked Required Perform other tasks if needed on your network Configuring a USB Modem Interface Required on page 55 Configuring a Dialer Interface Required on page 55 Configuring Dial In Required on page 56 Configuring CHAP on Dialer Interfaces Optional on page 57 Configuring a USB Modem Interface Required To configure a USB modem interface for the Services Router Before You Begin M
319. more hresholds successive loss 3 Configure 3 In the Successive loss box type 3 T Entel 4 In the Total loss box type 10 set probe customerB test icmp test 5 Click OK hresholds total loss 10 Enter 6 Inthe Traps box click Add new entry Ty set probe customerB test icmp test 7 Inthe Value box select raps probe failure probe failure 4 Enter 8 Click OK 9 Inthe Traps box click Add new set probe customerB test icmp test raps test failure entry 10 Inthe Value box select test failure Click OK Configuring TCP and UDP Probes To configure RPM using TCP and UDP probes in addition to the basic RPM properties you must configure both the host Services Router and the remote Services Router to act as TCP and UDP servers If you are using class of service CoS and want to classify probes you must also set a destination interface The destination interface is the output interface for sending Configuring RPM with a Configuration Editor m 279 J series Services Router Administration Guide packets to the forwarding plane Classified packets are sent to the output queue on the output interface specified by the CoS scheduler map configured on the interface For information about CoS see the J series Services Router Advanced WAN Access Configuration Guide CAUTION Use probe classification with caution because improper configuration can cause packets to be dropped The destination interface must suppo
320. mple the Services Router introduces a delay of 5 seconds between the third and fourth password retry a delay of 10 seconds between the fourth and fifth password retry and so on Enforces a minimum session time of 20 seconds during which a session cannot be disconnected Configuring the minimum session time prevents malicious users from disconnecting sessions before the password retry delay goes into effect and attempting brute force and dictionary attacks with multiple logins You can configure the password retry limits for Telnet and SSH access In this example you configure the Services Router to take the following actions for Telnet and SSH sessions Allow a maximum of 4 consecutive password retries before disconnecting a session Introduce a delay in multiples of 5 seconds between password retries that occur after the second password retry Enforce a minimum session time of 40 seconds during which a session cannot be disconnected To configure password retry limits for Telnet and SSH access 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 21 on page 27 If you are finished configuring the network commit the configuration 26 HW Configuring Password Retry Limits for Telnet and SSH Access Chapter 1 Managing User Authentication and Access Table 21 Configuring Password Retry Limits for Telnet and SSH Access T
321. n 75 verifying operation cette eee teen ens 77 verifying the DHCP binding database 76 diagnosis alarm configurations ssssssse 175 automating with event policies 94 See also event policies CASSIS AE 171 CLI command SUMMATY issii 211 DHCP COMICS 4i deterret etre prts 144 DHCP StatlstiCS etera e ree E eres 79 displaying DHCP server configurations 75 displaying firewall filter for 264 displaying packet capture configurations 265 hardWarezz ceste ns te bee et 171 interfaCcesca osos dte tet edens Pied tts 168 245 J Web tools OVeEVIQW iertare cot bts 210 license infringement bete ree 172 monitoring network performance 267 MPLS connections J Web sssssssssese 219 multicast patflis oiedebu i p tee est haero ttts 240 hetWOEK TALC ore ee e e tel ets 246 packet capture i us Ls te ei A oes 255 packet capture JAW eb tregi aaa 226 ping command issen at ea dea eee 250 ping host J Web itoni neni eto aaia 216 ping MPLS Web ined vct tocius 219 jg c t 168 DEGDaFratiQE s rre retis THU EAT 106 215 SNMP health monitor system JOES oirisem system operation nesies traceroute J Web ssssss 7 traceroute command dst a s traceroute monitor command traffic analysis with packet capture 255 verifying captured packets 264 verifying DHCP binding database
322. n attempts For a list of system logging facilities see Table 81 on page 157 System Log Message Terms WM 155 J series Services Router Administration Guide Table 80 System Log Message Terms continued Term Definition priority Combination of the facility and severity level of a system log message By default priority information is not included in system log messages but you can configure the JUNOS software to include it For more information see the JUNOS System Log Messages Reference See also facility severity level process Software program also known as a daemon that controls router functionality The following are some key JUNOS processes m Routing protocol process Controls the routing protocols that run on a Services Router It starts the configured routing protocols handles all routing messages maintains routing tables and implements the routing policy m Interface process Allows you to configure and control the physical and logical interfaces present in a Services Router It also enables the JUNOS software to track the status and condition of the router s interfaces m Chassis process Allows you to configure and control the physical properties of a Services Router including conditions that trigger alarms m SNMP Simple Network Management Protocol which helps administrators monitor the state of a router m Management process Controls processes that start and monitor all the other softwar
323. n me RPM EEVEE oe eei e D DR le o d REG 286 Verifying RRM Statistics siitesdecrte tacit led te eee veiba eade 286 Verifying RPM Probe Servera acr Aarena kaia ern 288 Index Han E 291 About This Guide Objectives Audience This preface provides the following guidelines for using the J series Services Router Administration Guide m Objectives on page xv m Audience on page xv m How to Use This Guide on page xvi wm Document Conventions on page xvii m Related Juniper Networks Documentation on page xviii m Documentation Feedback on page xxi m Requesting Technical Support on page xxi This guide contains instructions for managing users and operations monitoring network performance upgrading software and diagnosing common problems on J series Services Routers J series Services Router operations are controlled by the JUNOS software You direct the JUNOS software through either a Web browser or a command line interface CLI NOTE This guide documents Release 9 1 of the JUNOS software For additional information about J series Services Routers either corrections to or omissions from this guide see the J series Services Router Release Notes at http www juniper net This guide is designed for anyone who installs and sets up a J series Services Router or prepares a site for Services Router installation The guide is intended for the following audiences m Customers with technical knowledge of and experience with netwo
324. n of configuration files on a Services Router and make them readable to all 1 Enter operational mode in the CLI 2 To verify your permission to decrypt configuration files on this router enter the following command and the encryption key for the router user host gt request system set encryption key Enter EEPROM stored encryption key Verifying EEPROM stored encryption key 5 Atthe second prompt reenter the encryption key 4 Enter configuration mode in the CLI 5 To enable configuration file decryption enter the following commands user Ghost edit system userGhost set no encrypt configuration files 6 To begin the decryption process commit the configuration user host commit commit complete Modifying the Encryption Key When you modify the encryption key the configuration files are decrypted and then reencrypted with the new encryption key Encrypting and Decrypting Configuration Files m 205 J series Services Router Administration Guide To modify the encryption key 1 Enter operational mode in the CLI 2 To configure a new encryption key in EEPROM and determine the encryption process enter one of the request system set encryption key commands described in Table 105 on page 204 For example user host gt request system set encryption key Enter EEPROM stored encryption key 5 Atthe prompt enter the new encryption key The encryption key must have at least 6 characters Enter EEPROM stored
325. n operate only in an internal compact flash slot config size size Specifies the size of the config partition in megabytes The default value is 10 percent of physical memory on the boot medium The config partition is mounted on config The configuration files are stored in this partition This option also partitions the boot medium data size size Specifies the size of the data partition in megabytes The default value is 0 MB The data partition is mounted on data This space is not used by the router and can be used for extra storage This option also partitions the boot medium factory Copies only default files that were loaded on the internal compact flash when it was shipped from the factory plus the rescue configuration if one has been set NOTE After the boot medium is created with the factory option it can operate in only the internal compact flash slot media type Specifies the boot device the software snapshot is copied to m compactflash Copies software to the internal compact flash removable compact flash Copies software to the external compact flash This option is available on J2320 J2350 J4300 and J6300 Services Routers only m usb Copies software to the device connected to the USB port NOTE You cannot copy software to the active boot device Configuring Boot Devices m 189 J series Services Router Administration Guide Table 98 CLI request system snapshot Comman
326. n process on the new router makes three unicast TFTP requests for hostname conf If these attempts fail the router broadcasts three requests to any available TFTP server for the file If the new router cannot locate hostname conf the autoinstallation process unicasts or broadcasts TFTP requests for a default router configuration file called network conf which contains hostname to IP address mapping information to attempt to find its hostname If network conf contains no hostname entry for the new Services Router the autoinstallation process sends out a DNS request and attempts to resolve the new router s IP address to a hostname If the new Services Router can determine its hostname it sends a TFTP request for the hostname conf file If the new Services Router is unable to map its IP address to a hostname it sends TFTP requests for the default configuration file router conf After the new Services Router locates a configuration file on a TFTP server autoinstallation downloads the file installs the file on the router and commits the configuration To configure a network for Services Router autoinstallation complete the following tasks Configure a DHCP server on your network to meet your network requirements You can configure a Services Router to operate as a DHCP server For more information see Configuring the Router as a DHCP Server on page 65 Create one of the following configuration files and store it on a TFTP se
327. naging User Authentication with Quick Configuration 8 Adding a RADIUS Server for Authentication eccerre ern 8 Adding a TACACS Server for Authentication seereis eicel 9 Configuring System Authentication sssssssssse 10 Adding NEW USERS x prt Pt tede re etes eite ep ee se uses 11 Managing User Authentication with a Configuration Editor sse 12 Setting Up RADIUS Authentication sssssssss 12 Setting Up TACACS Authentication ssssssss 15 Configuring Authentication Order sssssssssssse 15 Coritrollitig User ACCESS ceo cuero heo nl ues e RR Ra RE ees 16 Defining Eogin Classes sse adole baute e toe D te denen 16 Creating User ACCOUNTS Hic corre e ec e ro eee e erga 17 Setting Up Template Accounts ettet etuer i eee Fede reset 18 Creating a Remote Template Account sssssssss 19 Creating a Local Template Account esiteini aee aa 20 Recovering the Root Password seian aaoi eere 21 securing the Console Port eeen petuo ea ierat t m eei gest 25 Table of Contents WI Vii J series Services Router Administration Guide Chapter 2 Chapter 3 viii Table of Contents Accessing Remote Devices with the CLI ssssssssss iaa 24 Using the telnet Command a i eese ei der tet eei get 24 Using the Ssh Command oeste rt ee pe RR ha e eee tbe ise Ee entes 25 Configuring Password Retry Limits for Telnet and SSH Access 26 Setting Up USB Modems f
328. name and a rack name In the Location box type the location information as a free form text string Set the location information set location location information Configure the system description 4300 with 4 PIMs for example In the Description box type the description information as a free form text string Set the description information set description description information Configure a system name to override the system hostname defined in the Getting Started Guide for your router In the System Name box type the system name as a free form text string Set the system name set name name Configure the local engine ID to use the MAC address of Ethernet management port O as the engine ID suffix 1 Select Engine id 2 Inthe Engine id choice box select Use mac address from the list 5 Click OK Set the engine ID to use the MAC address set engine id use mac address Configuring SNMP Agents and Communities Required To configure the SNMP agent you must enable and authorize the network management system access to the Services Router by configuring one or more communities Each community has a community name an authorization which determines the kind of access the network management system has to the router and when applicable a list of valid clients that can access the router To configure SNMP communities 1 Navigate to the top of the configuration hierarc
329. name box click Router Basic LAN and WAN Access fe 0 0 1 Configuration Guide Configure the direction of the traffic 1 In the Interface unit number box Enter for which you are enabling packet click 0 capture on the logical interface for set unit O family inet sampling input output example inbound and outbound 2 Next to Inet select Yes and click Edit 5 Next to Sampling click Configure 4 Next to Input select Yes 5 Next to Output select Yes 6 Click OK until you return to the Interface page D NOTE Packets originating from the host router are not captured unless you have configured and applied a firewall filter on the interface in the output direction Configuring a Firewall Filter for Packet Capture Optional To configure a firewall filter and apply it to the logical interface Configuring Packet Capture with a Configuration Editor mH 259 J series Services Router Administration Guide 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 156 on page 260 5 If you are finished configuring the router commit the configuration 4 To check the configuration see Verifying Packet Capture on page 263 Table 136 Configuring a Firewall Filter for Packet Capture Task J Web Configuration Editor CLI Configuration Editor Navigate to the Firewall level in the configura
330. name of the interface on which RIP is enabled The name is set in either of the following ways m Inthe J Web configuration editor on the Protocols RIP Group group name Neighbor page u In the CLI configuration editor with the neighbor neighbor name statement at the edit protocols rip group group name level of the configuration hierarchy State State of the RIP connection Up or Dn Down Source Local source address This value is the configured address of the interface on Address which RIP is enabled Destination Destination address This value is the configured address of the immediate Address RIP adjacency In Met Value of the incoming metric configured for the RIP neighbor Monitoring DLSw Routing Information To view DLSw routing information select Monitor gt Routing gt DLSw Information or enter the following CLI commands m show dlsw capabilities m Show dlsw circuits m Show dlsw peers m show dlsw reachability Table 56 on page 121 summarizes key routing information output fields in the DLSw routing display Table 56 Summary of Key DLSw Routing Information Output Fields Field Values Additional Information DLSw Capabilities Peer IP address of the peer DLSw router Vendor ID Numerical value assigned to Juniper Networks Using the Monitoring Tools m 121 J series Services Router Administration Guide Table 56 Summary of Key DLSw Routing Information Output
331. narrowing characteristics 159 IKE security associations monitoring 141 inbound time See RPM probes info logging severity ovt pas Ee eie etm E 158 ingress See RPM probes inbound times init ccommand string command ssssee 51 initial pacing window DLSw ssssssseeee 122 Install Remote page scsi tartans ente taedet 182 field SUMUMALY en En 185 187 installation software upgrades CLD sssssssseee 184 software upgrades from a remote server 182 software upgrades uploading 185 Instance to which this connection belongs description cce t te dette deri teed ox 214 USING s aud REEL oc AU A E ES Rei 221 interactive commands logging facility 158 interfaces See management interfaces network interfaces ports internal compact flash See compact flash Internet Key Exchange IKE security associations MONTONE A e sheesh yeas tug YIEE 141 intervals probe and test See RPM probes intrusion detection service See IDS TOCONTIS COMMTMANG a iie ot etate eet eot tu te lg petet 77 explanation 78 IPSec IP Security InORItOEIng i su isses rete tct editos 140 SCALI SEIC S S ss dub Aik sette ec m ANUS 141 tunnels displaying iie tete des 140 Index J UGSCIICS ik LOSS Aaa mU Mer s att NR 199 alabmso cun uteti em edo fe o haved m pem ets 165 autoinstallation sssssssse e 81 automating operations
332. nd time the lease expires or never for leases Expires that do not expire DHCP Conflicts Detection Date and time the client detected the conflict Time Detection How the conflict was detected Only client detected conflicts are displayed Method Address IP address where the conflict occurs The addresses in the conflicts list remain excluded until you use the clear system services dhcp conflict command to manually clear the list DHCP Pools Pool Name Subnet on which the IP address pool is defined Low Lowest address in the IP address pool Address High Highest address in the IP address pool Address Excluded Addresses excluded from the address pool Addresses DHCP Statistics Default Lease time assigned to clients that do not request a ease time specific lease time Minimum Minimum time a client can retain an IP address lease ease time X on the server Maximum Maximum time a client can retain an IP address lease ease time X on the server Packets Total number of packets dropped and the number of dropped packets dropped due to a particular condition Messages Number of BOOTREQUEST DHCPDECLINE received DHCPDISCOVER DHCPINFORM DHCPRELEASE and DHCPREQUEST messages sent from DHCP clients and received by the DHCP server Messages Number of BOOTREPLY DHCPACK DHCPOFFER sent and DHCPNAK messages sent from the DHCP server to DHCP clients 144 1H Using t
333. net or SSH session cannot be disconnected The default is 20 seconds but you can set a time between 20 and 60 seconds set minimum time 40 Configuring Password Retry Limits for Telnet and SSH Access m 27 J series Services Router Administration Guide 28 Configuring Password Retry Limits for Telnet and SSH Access Chapter 2 Setting Up USB Modems for Remote Management J series Services Routers support the use of USB modems for remote management You can use Telnet or SSH to connect to the router from a remote location through two modems over a telephone network The USB modem is connected to the USB port on the Services Router and a second modem is connected to a remote management device such as a PC or laptop computer C NOTE We recommend using a Multi Tech MultiModem MT5654ZBA USB V92 USB modem with J series Services Routers You use either the J Web configuration editor or CLI configuration editor to configure the USB modem and its supporting dialer interfaces This chapter contains the following topics USB Modem Terms USB Modem Terms on page 29 USB Modem Overview on page 50 Before You Begin on page 55 Connecting the USB Modem to the Services Router s USB Port on page 55 Configuring USB Modem Interfaces with a Configuration Editor on page 55 Connecting to the Services Router from the User End on page 59 Administering USB Modems on page 40 Verifying the USB Modem Configuration on page 42 Before configur
334. nete 279 ping command ctetu ea eet etes 250 DHCP Server operatione sees seiten ie tec reete Tf DHCP server operation explanation 78 OPONSE 5 der m tea e eae avs Ee 250 Ping end point of LSP descriptio Nes oti o tec ed tenter tst 214 USNE noo catia edd ctt to dents doute 221 ping host IESUItS da c nam Ad ete ccr AL 218 Index mM 301 J series Services Router Administration Guide PING H st page iste esed field summary RESUS xotueres octeptespe ceptis RISO USt Ping LDP signaled LSP descriptiori csse e poete mne ets 214 Ping LSP to Layer 5 VPN prefix CESCLIPHOMN ERE NIE 214 ping MPLS J Web iridicatiofis eu erae tei ep RU Layer 2 CIRCUITS 2 ope rr ret eee neas kayer 2 VBINSu LE is bL Aat Es Layer 5 VPINSsdhL AN at cui etie pute utra SPSS LAGS ti cs Ro soi dail d E etie ojepilo atece M UE requirements s i etd Sided aede eid tesultSca ceste re etti resulte eros Eee ewe E e toe Pine MELS pages iere eh le duet ht ER field Sunmar oe eret ette TeSUlt8 s ira a nd Sh tete Dudes results ute ees fea ete M Erbe eese tits Ping RSVP signaled LSP GeSCETDEHOTE serit ete tope o ete tete tut re dene 215 USING M 219 pipe command to filter output 105 Point to Point Protocol See PPP Point to Point Protocol over Ethernet See PPPoE ports alarm conditions and configuration options 168 configuration displaying 114 configuring alarms Osis us
335. nfiguration consistency Ensure that every T1 interface configured at the edit interfaces hierarchy level is also configured at the edit protocols rip hierarchy level Enforce network design rules For example suppose your network design requires every interface on which the International Organization for Standardization ISO family of protocols is enabled to also have Multiprotocol Label Switching MPLS enabled At commit time a commit script inspects the configuration and issues an error if this requirement is not met This error causes the commit operation to fail and forces the user to update the configuration to comply Instead of an error the commit script can issue a warning about the configuration problem and then automatically correct it by changing the configuration to enable MPLS on all interfaces A system log message can also be generated indicating that corrective action was taken The scripting language you use for writing commit scripts is Extensible Stylesheet Language Transformations XSLT XSLT commit scripts are based on JUNOScript Extensible Markup Language XML Enabling Commit Scripts 90 To enable commit scripts 1 Write a commit script For information about writing commit scripts see the JUNOS Configuration and Diagnostic Automation Guide Copy the script to the var db scripts commit directory Only users with superuser privileges can access and edit files in the var db scripts commit directo
336. ng Individual Commands on page 7 a How long a login session can be idle before it times out and the user is logged off You then apply one login class to an individual user account The software contains a few predefined login classes which are listed in Table 6 on page 5 The predefined login classes cannot be modified Table 6 Predefined Login Classes Login Class Permission Bits Set operator clear network reset trace view read only view super user and superuser all unauthorized None Permission Bits Each top level command line interface CLI command and each configuration statement has an access privilege level associated with it Users can execute only those commands and configure and view only those statements for which they have access privileges The access privileges for each login class are defined by one or more permission bits see Table 7 on page 6 Two forms for the permissions control the individual parts of the configuration m Plain form Provides read only capability for that permission type An example is interface m Form that ends in control Provides read and write capability for that permission type An example is interface control User Authentication Overview WM 5 J series Services Router Administration Guide Table 7 Permission Bits for Login Classes Permission Bit Access admin Can view user account information in configuration mode and with the
337. ng MPLS Connections J Web Ping MPLS Tool ping mpls Command Purpose Additional Information Ping RSVP signaled LSP ping mpls rsvp Checks the operability of an LSP that has been set up by the Resource Reservation Protocol RSVP The Services Router pings a particular LSP using the configured LSP name When an RSVP signaled LSP has several paths the Services Router sends the ping requests on the path that is currently active m 213 Diagnostic Tools Overview J series Services Router Administration Guide Table 107 Options for Checking MPLS Connections continued J Web Ping MPLS Tool ping mpls Command Purpose Additional Information Ping LDP signaled LSP ping mpls Idp Checks the operability of an LSP that has been set up by the Label Distribution Protocol LDP The Services Router pings a particular LSP using the forwarding equivalence class FEC prefix and length When an LDP signaled LSP has several gateways the Services Router sends the ping requests through the first gateway Ping requests sent to LDP signaled LSPs use only the master routing instance Ping LSP to Layer 3 VPN prefix ping mpls I3vpn Checks the operability of the connections related to a Layer 5 VPN The Services Router tests whether a prefix is present in a provider edge PE router s VPN routing and forwarding VRF table by means of a Layer 5 VPN destination prefix The Services Route
338. ng Primary Boot Devices All Services Routers use a compact flash to store the JUNOS software router configuration files and log files The internal compact flash is not hot swappable and is accessible only after you remove the cover on the back panel of the router chassis In addition to the internal compact flash J4300 and J6300 Services Routers have a slot in the front of the chassis for external flash media All Services Routers also support externally pluggable USB storage devices If the primary storage medium becomes corrupted and no secondary medium is in place you can reload the JUNOS recovery software package onto the corrupted compact flash card with a desktop or laptop computer running either a UNIX Microsoft Windows 2000 or Windows XP operating system This section contains the following topics m Why Compact Flash Recovery Might Be Necessary on page 191 m Recommended Recovery Hardware and Software on page 192 m Configuring Internal Compact Flash Recovery on page 192 Why Compact Flash Recovery Might Be Necessary For media redundancy we recommend that you keep a secondary storage medium attached and updated at all times Use the request system snapshot command to perform the update For instructions see Configuring Boot Devices on page 186 If the internal compact flash fails at startup the Services Router automatically boots itself from the external compact flash or USB storage device When a redundant storage medium
339. ng SNMP for Network Management 47 SNMP ArChRIGCUUTE oce e D plecti ret een dee s No Pate sesst 47 Management Information Base sssssssssss eee 48 SNMP Cormnmu nities oci imet get beet te o Eee redde dert 48 SNMP MAPS d oe eot teo der terr sese e a roa te eee det ee 49 Spoofirng SNMP 7LIEaps uie testen td Peter e Dutest ta E itat ella du denn 49 SNMP Ele ath Monitor remana ane dacs das do tl AM hehe tut ose rina aa 49 BeloreY ou BEIM wat tales ardt de etude seated vcre tes usta edet rod deat 50 Configuring SNMP with Quick Configuration ssssss 50 Configuring SNMP with a Configuration Editor sss 54 Defining System Identification Information Required 54 Configuring SNMP Agents and Communities Required ssss 55 Managing SNMP Trap Groups Required ssssssR 56 Controlling Access to MIBs Optional norisei e 57 Verifying the SNMP Configuration sinss asrar etast reei ene 58 Verifying SNMP Agent Configuration sssssssss He 58 Verifying SNMP Health Monitor Configuration eccere 59 Chapter 4 Chapter 5 Chapter 6 Table of Contents Configuring the Router as a DHCP Server 63 DHCP TETMS pete tert oe te pete esae qr etat adu te sce eT o ia 65 DH GP OVEIVIEW Cassette tet ra Ne Ment dote rete ae 64 DHGPrOptlons c c sbscbaciaakiase tette tee tbe tot eoa t et Gao PMER de br veto a 65 Compatibility with Autoinstallation sssses e 65
340. ning the specified network address network address mask mask Matches packet headers containing the specified network address and subnet mask port port number port name Matches packet headers containing the specified source or destination TCP or UDP port number or port name Directional Directional match conditions can be prepended to any Entity Type match conditions followed by a space destination Matches packet headers containing the specified destination source Matches packet headers containing the specified source source and destination Matches packet headers containing the specified source and destination Source or destination Matches packet headers containing the specified source or destination Packet Length less bytes Matches packets with lengths less than or equal to the specified value in bytes greater bytes Matches packets with lengths greater than or equal to the specified value in bytes Protocol arp Matches all ARP packets ether Matches all Ethernet frames ether broadcast multicast Matches broadcast or multicast Ethernet frames This match condition can be prepended with source or destination ether protocol address arp Nip Warp Matches Ethernet frames with the specified address or protocol type The arguments arp ip and rarp are also independent match conditions so they must be preceded with a backslash
341. niper As such Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer s internal business purposes 7 Ownership Juniper and Juniper s licensors respectively retain ownership of all right title and interest including copyright in and to the Software associated documentation and all copies of the Software Nothing in this Agreement constitutes a transfer or conveyance of any right title or interest in the Software or associated documentation or a sale of the Software associated documentation or copies of the Software 8 Warranty Limitation of Liability Disclaimer of Warranty The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software the Warranty Statement Nothing in this Agreement shall give rise to any obligation to support the Software Support services may be purchased separately Any such support shall be governed by a separate written support services agreement TO THE MAXIMUM EXTENT PERMITTED BY LAW JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS LOSS OF DATA OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES OR FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT THE SOFTWARE OR ANY JUNIPER OR JUNIPER SUPPLIED SOFTWA
342. ns XSLT See commit scripts operation scripts F facility none statement 162 failures PIM troublesAooting s cmcgl arinira 171 Routing Engine fan troubleshooting 171 fans failure troubleshooting 171 Speed MONITORING ou u ceed edt tan et 112 status MOT ON E y aie e eset nas 112 file encryption 97 6 Hle ExtenslOnissse net tace eh bns 205 decrypting configuration files 205 dire CtOPleS cie ier recte tete 205 encrypting configuration files 204 encryption algorithms required for JUNOS MOI I 205 encryption Keys sn eerte t titt 205 OVERVIEW iis ae us lec ea a raa oap 205 superuser privileges required for 205 file management backup software image cere 201 configuration P S keinet A E NE 199 Crash files CLN eiea ena t E D e 201 Crash files q Web iate eet en rs 199 encryption decryption See file encryption log files eset ber ben eset fed 199 log files CED ses sug fea alee ea eese debug 201 log files Web rent rentes 199 packet capture file creation 256 software images CLI 4 eerte edes 201 software images J Web sssssssss 199 temporary TES CDD saspi ey e s 201 temporary files JAWED icenian ag 199 filtering command output sssssssse 105 system log messages 162 system log messages regular expressions TOT dict entr ere a ereidide aule ves 158 filters See firewall filters stateful firewall filters firewall filters for
343. nt panel Turn off the power to the management device such as a PC or laptop computer that you want to use to access the CLI Plug one end of the Ethernet rollover cable supplied with the router into the RJ 45 to DB 9 serial port adapter supplied with the router see Figure 5 on page 21 and Figure 6 on page 22 Plug the RJ 45 to DB 9 serial port adapter into the serial port on the management device see Figure 5 on page 21 and Figure 6 on page 22 Connect the other end of the Ethernet rollover cable to the console port on the router see Figure 5 on page 21 and Figure 6 on page 22 Figure 5 Connecting to the Console Port on the J2300 Services Router Serial port Console port 9003517 RJ 45 rollover cable Recovering the Root Password MN 21 J series Services Router Administration Guide Figure 6 Connecting to the Console Port on the J4350 or J6350 Services Router Serial port RJ 45 rollover cable Turn on the power to the management device On the management device start your asynchronous terminal emulation application such as Microsoft Windows Hyperterminal and select the appropriate COM port to use for example COM1 Configure the port settings as follows m Bits per second 9600 m Data bits 8 m Parity None m Stop bits 1 m Flow control None Power on the router by pressing the power button on the front panel Verify that the POWER LED on the front panel turns green
344. oBgirg severity snnt tette Tu eere 158 CroridJogging facility ertet ve ette 157 curly braces in configuration statements xviii c stomer Support css ate tt bee Ln e ems xxi contactng TAG us do debe e MS xxi hardware information for 112 Cygwin for compact flash recovery 192 D daemon logging facility 157 Data Encryption Standard DES See DES encryption dd utility for compact flash recovery 192 deactivate system scripts commit command 91 deactivate system scripts op command ia debug logging severity decryption configuration files See file encryption default configuration file for autoinstallation 84 delete system scripts commit command OL delete system scripts op command ssssss 94 deleting crash files CLD sssssssssss 202 crash files Web aua ees tat Te tts 200 log fil s CLD siste terti e ente rrt gae Too 202 LOS TIES Web si ei keya tutti dapes 200 software images CLI 202 temporary Tiles Cu soot e rete b centes 202 temporary files J Web ssssssss 200 deleting backup software image sssssssss 201 DES encryption for international JUNOS sssssse 205 SOTA see esi feel enc Curs da ante optar UR TER Erb ed ua 204 destination address displaying 116 DHCP Dynamic Host Configuration Protocol autoinstallation compatibility with 65 configuring the serv
345. ocal site identifier for the VPN Identifier to ping Count Specifies the number of ping requests to send From the list select the number of ping requests to send The default is 5 requests Detailed Output Requests the display of extensive rather than brief ping output Select the check box to display detailed output Locate LSP from interface name Interface Specifies the interface on which the ping requests are sent From the list select the Services Router interface on which ping requests are sent If you select any the ping requests are sent on all interfaces Source Address Specifies the source address of the ping request packet Type the source IP address a valid address configured on a Services Router interface Count Specifies the number of ping requests to send From the list select the number of ping requests to send The default is 5 requests Detailed Output Requests the display of extensive rather than brief ping output Select the check box to display detailed output Locate LSP from virtual circuit information Remote Neighbor Identifies the remote neighbor PE router within the virtual circuit to ping Type the IP address of the remote neighbor within the virtual circuit Circuit Identifier Specifies the virtual circuit identifier for the Layer 2 circuit to ping Type the virtual circuit identifier for the Layer 2 circuit Source Addre
346. of service forwarding class DSCP DSCP IPv6 MPLS experimental EXP and IPv4 R h precedence bits ee ER Los class of service rewrite rule m RED Drop Profiles Displays detailed information about the drop profiles used by the system Also displays a graph of m Scheduler maps show the random early detection RED curve that the system uses class oF service schedulermap to determine the queue fullness and drop probability m Forwarding Classes Displays the assignment of forwarding classes to queue numbers m Rewrite Rules Displays packet CoS value rewrite rules based on the forwarding classes and loss priorities m Scheduler Maps Displays the assignment of forwarding classes to schedulers Schedulers include transmit rate rate limit and buffer size For details see Monitoring Class of Service Performance on page 1235 m 103 Monitoring Overview J series Services Router Administration Guide Table 47 J Web Monitor Options and Corresponding CLI show Commands continued Monitor Option Function Corresponding CLI Commands MPLS Displays information about MPLS label switched paths LSPs and m Interfaces show mpls interface virtual private networks VPNs through the following options LSP information show mpls Isp m Interfaces Information about the interfaces on which MPLS m LSP Statistics show mpls Isp is enabled including operational state and any administrative
347. of the client set static binding 01 03 05 07 09 0B fixed address 192 168 2 50 Verifying a DHCP Server Configuration To verify a DHCP server configuration perform the following tasks m Displaying a DHCP Server Configuration on page 75 m Verifying the DHCP Binding Database on page 76 m Verifying DHCP Server Operation on page 77 m Displaying DHCP Statistics on page 79 Displaying a DHCP Server Configuration Purpose Action Verify the configuration of a DHCP server From the J Web interface select Configuration View and Edit View Configuration Text Alternatively from configuration mode in the CLI enter the show system services dhcp command from the top level You can also view the IP address pool from the CLI in operational mode by entering the show system services dhcp pool command Verifying a DHCP Server Configuration m 75 J series Services Router Administration Guide Meaning Related Topics edit user host show system services dhcp pool 192 168 2 0 24 address range low 192 168 2 2 high 192 168 2 254 exclude address 192 168 2 33 maximum lease time 2419200 default lease time 1209600 name server 192 168 10 2 domain search mycompany net mylab net option 16 ip address 192 168 2 33 static binding 01 03 05 07 09 0b fixed address 192 168 2 50 Verify that the output shows the intended configuration of the DHCP server For more information about the
348. ommand Use the CLI monitor interface command to display real time traffic error alarm and filter statistics about a physical or logical interface Enter the command with the following syntax userGhost monitor interface interface name traffic Replace interface name with the name of a physical or logical interface If you specify the traffic option statistics for all active interfaces are displayed The real time statistics are updated every second The Current delta and Delta columns display the amount the statistics counters have changed since the monitor interface command was entered or since you cleared the delta counters Table 127 on page 245 and Table 128 on page 245 list the keys you use to control the display using the interface name and traffic options The keys are not case sensitive Table 127 CLI monitor interface Output Control Keys Key Action Clears returns to 0 the delta counters in the Current delta column The statistics counters are not cleared Freezes the display halting the update of the statistics and delta counters Displays information about a different interface You are prompted for the name of a specific interface Displays information about the next interface The Services Router scrolls through the physical and logical interfaces in the same order in which they are displayed by the show interfaces terse command q or ESC Quits the command and returns to the comman
349. on m 71 J series Services Router Administration Guide Table 37 DHCP Server Quick Configuration Pages Summary continued Field Function Your Action Fixed IP Addresses Defines a list of IP addresses permanently Do either of the following required assigned to the client A static binding must have at least one fixed address assigned to it 10 Add artip address Ie itnexttothe but multiple addresses are also allowed Add b tton and chek Add m To remove an IP address select it in the Fixed IP Addresses box and click Delete Host Name Specifies the name of the client used in DHCP Type a client hostname messages exchanged b etween the server and the client The name must be unique to the client within the subne resides on which the client Client Identifier Specifies the name of t DHCP server to index i he client used by the s database of address bindings The name must be unique to the client within the subne resides on which the client Type a client identifier in string form Hexadecimal Client Identifier Specifies the name of t he client in hexadecimal used by the DHCP server to index its database of address bindings The name must be unique to the client within the subnet on which the client resides Type a client identifier in hexadecimal form Configuring the DHCP Server with a Configuration Editor 72 m A typical DHCP serv
350. on displaying 112 Hayes compatible modem commands USB modem initialiZatiQI iiec rere rrvee Rc rere tp ceres e end 41 health monitor See SNMP health monitor heap space for PIM in FPC summary 115 heat status Checking help syslog command host reachability PINS Comrmardoa usd e bna ping host J Web host specific configuration file for autoinstallation 84 hostname displaying J Web 5eicetete etos eter 108 monitoring traffic by matching 249 opening an SSH session tO 25 overriding for SNMP configuration editor 55 overriding for SNMP Quick Configuration 51 PINGING CL zi n Let pee A d 250 pinging J Web ee 216 resolving erede te mnes bd SNMP trap target Quick Configuration 52 telneting diro Er 25 tracing a route to CLI ee 257 259 tracing a route to J Web o necerais asinis 224 hostname conf file for autoinstallation 84 how to use his gudens cio serortt rr riri rtt xvi HTTP Hypertext Transfer Protocol RPM probes 268 Hypertext Transfer Protocol RPM probes 268 I ICMP Internet Control Message Protocol RPM probes description 268 RPM probes inbound and outbound times 270 RPM probes Setting s iere eei 276 idl time displaying ace eee metta 108 IDS intrusion detection service information displaying seereis tete teas 140 monitoring iere metet scl BY search
351. on ID This process is refereed as PPPoE active discovery and is made up of four steps initiation offer request and session confirmation The access concentrator generates the session ID for session confirmation and sends it to the PPPoE client in a PPPoE Active Discovery Session Confirmation PADS packet 148 1H Usingthe Monitoring Tools Table 78 Summary of Key PPPoE Output Fields continued Chapter 7 Monitoring the Router and Routing Operations Field Values Additional Information Service Name Type of service required from the access concentrator Service Name identifies the type of service provided by the access concentrator such as the name of the Internet service provider ISP class or quality of service Configured AC Name Configured access concentrator name Session AC Names ame of the access concentrator AC MAC Address Media access control MAC address of the access concentrator Session Uptime umber of seconds the current PPPOE session has been running Auto Reconnect umber of seconds to wait before reconnecting Timeout after a PPPoE session is terminated Idle Timeout umber of seconds a PPPoE session can be idle without disconnecting Underlying ame of the underlying logical Ethernet or ATM Interface interface on which PPPoE is running for example ge 0 0 0 1 PPPoE Statistics Active PPPoE Sessions Total number of active
352. on address is rejected This value generally means that the address is unreachable For example if the address is a configured interface address and the interface is unavailable traffic bound for that address is rejected If a next hop is listed as Local the destination is an address on the host either the loopback address or Ethernet management port 0 address for example Age How long the route has been known State Flags for this route There are many possible flags For a complete description see the JUNOS Interfaces Command Reference AS Path AS path through which the route was learned The letters of the AS path indicate the path origin I IGP E EGP Incomplete Typically the AS path was aggregated Monitoring BGP Routing Information To view BGP routing information select Monitor gt Routing gt BGP Information or enter the following CLI commands m show bgp summary m Show bgp neighbor Table 55 on page 117 summarizes key output fields in the BGP routing display Table 53 Summary of Key BGP Routing Output Fields Field Values Additional Information BGP Summary Groups Number of BGP groups Peers Number of BGP peers Using the Monitoring Tools m 117 J series Services Router Administration Guide Table 53 Summary of Key BGP Routing Output Fields continued Field Values Additional Information Down Number of unavailable BGP peers
353. onal Forces the traceroute packets to an IPv6 destination interval seconds Optional Sets the interval between ping requests in seconds The default value is 1 second no resolve Optional Suppresses the display of the hostnames of the hops along the path size bytes Optional Sets the size of the ping request packet The size can be from O through 65468 bytes The default packet size is 64 bytes source address Optional Uses the source address that you specify in the traceroute packet summary Optional Displays the summary traceroute information Following is sample output from a traceroute monitor command user host gt traceroute monitor host2 My traceroute v0 69 host 0 0 0 0 tos 0x0 psize 64 bitpattern 0x00 Wed Mar 14 23 14 11 2007 Keys Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss Snt Last Avg Best Wrst StDev 1 173 24 232 66 0 0 5 9 4 8 6 4 8 9 9 2 1 2 173 24 232 66 0 0 5 7 9 17 2 7 9 29 4 11 0 3 173 24 232 66 0 0 5 9 9 9 3 8 7 9 9 0 5 4 173 24 232 66 0 0 5 9 9 9 8 9 5 10 0 0 2 Table 123 on page 240 summarizes the output fields of the display Using CLI Diagnostic Commands M 239 J series Services Router Administration Guide Table 123 CLI traceroute monitor Command Output Summary Field Description host Hostname or IP address of the Services Router issuing the traceroute monitor command psizesize Size of ping r
354. onfiguration Editor Chapter 3 Configuring SNMP for Network Management 5 If you are finished configuring the network commit the configuration 4 Tocheckthe configuration see Verifying the SNMP Configuration on page 58 Table 34 Configuring SNMP Trap Groups Task J Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the configuration hierarchy jm In the J Web interface select Configuration View and Edit Edit Configuration From the edit hierarchy level enter 2 Nextto Snmp click Configure or Edit edit snmp Create a trap group 1 Next to Trap group click Add new entry Create a community 2 Inthe Group name box type the name ur ordi na ETSI of the group as a free form text string p group trap group Configure the trap group to send alltrap 1 Next to Targets click Add new entry Set the trap group target to notifications to a target IP address for 192 174 6 6 example to the IP address 192 174 6 6 2 n the Target box type the IP address f 192 174 6 6 and click OK set trap group trap group name targets 192 174 6 6 Configure the trap group to generate 1 Click Categories Configure the trap group categories SNMP notifications on authentication 2 Sel Athenian Chassi d failures environment alarms and i Fede di EU es aSsIS an set trap group trap group name changes in link state for any of the l categories authentication chassis link interfaces 5 Cli
355. onfiguration editor 2 Perform the configuration tasks described in Table 26 on page 55 5 Goonto Configuring Dial In Required on page 56 Table 26 Adding a Dialer Interface to a Services Router Task J Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the configuration hierarchy 1 In the J Web interface select Configuration gt View and Edit gt Edit Configuration From the edit hierarchy level enter edit interfaces 2 Next to Interfaces click Configure or Edit Create the new interface forexample 1 Next to Interface click Add new Create and name the interface dio entry 1 edit dlO ee Inthel f dlo Adding a description can differentiate e ji Tae MECH ace Bande box US 2 set description between different dialer interfaces for 3 In the Description box type USB modem remote management example USB modem remote management USB modem remote management 4 Click OK Configure Point to Point Protocol PPP 1 Inthe Encapsulation column next Enter encapsulation to the new interface click Edit NOTE You cannot configure Cisco 2 From the Encapsulation list select Ser encapsulation PER High Level Data Link Control HDLC ppp or Multilink PPP MLPPP encapsulation on dialer interfaces used in USB modem connections Create the logical unit O 1 Next to Unit click Add new entry Enter NOTE The logical unit number must 2 Inthe Inte
356. onfiguring the Router as a DHCP Server IP Address Hardware Address Type Lease expires at 192 168 2 2 02 04 06 08 0A 0C dynamic 2005 02 07 8 48 59 PDT 192 168 2 50 01 03 05 07 09 0B static never userQhost show system services dhcp binding 192 168 2 2 detail IP address 192 168 2 2 Hardware address 02 04 06 08 0A 0C Pool 192 168 2 0 24 Request received on fe 0 0 0 Lease information Type DHCP Obtained at 2005 01 24 8 48 59 PDT Expires at 2005 02 07 8 48 59 PDT State active DHCP options Name domain name Value mycompany net mylab net Name name server Value 192 168 10 2 Code 16 Type ip address Value 192 168 2 33 user host gt show system services dhcp conflict Verify the following information m For each dynamic binding verify that the IP address is within the range of the configured IP address pool Under Lease Expires verify that the difference between the date and time when the lease expires and the current date and time is less than the maximum configured lease time m For each static binding verify that the IP address corresponds to the MAC address displayed under Hardware Address as defined in the static binding statement in the configuration Under Lease Expires verify that the lease expiration is never m Inthe output displayed by the show system services dhcp binding ip address detail command verify that the options under DHCP options are correct for the subnet m Verify that the show system servi
357. only the IP address of the source is displayed NOTE When a string is defined for the port the packet capture output displays the string instead of the port number destination address Hostname if available or IP address of the packet s destination with the port number If the Don t Resolve Addresses check box is selected only the IP address of the destination and the port are displayed NOTE When a string is defined for the port the packet capture output displays the string instead of the port number protocol Protocol for the packet In the sample output TCP indicates the Layer 4 protocol Capturing and Viewing Packets with the J Web Interface m 229 J series Services Router Administration Guide Table 115 J Web Packet Capture Results and Output Summary continued Field Description data size Size of the packet in bytes Using CLI Diagnostic Commands Because the CLI is a superset of the J Web interface you can perform certain tasks only through the CLI For an overview of the CLI operational mode commands along with instructions for filtering command output see CLI Diagnostic Commands Overview on page 211 This section contains the following topics m Pinging Hosts from the CLI on page 230 m Checking MPLS Connections from the CLI on page 232 m Tracing Unicast Routes from the CLI on page 257 m Tracing Multicast Routes from the CLI on page 240 m Displaying Log and Trace Fi
358. onnecting through the CLI 21 22 connecting to console pot eee 21 22 diagnosing problems from ssssssssss Monitoring FTON ss e ede re Hrs recovering root password from Management Information Bases See MIBs management interface address displaying 108 management interfaces active alarms n ott tlt ese s 115 administrative states 114 alarm conditions and configuration options 168 configuration displaying 114 configuring alarms OMaria 172 MONTONE wists verses ead eee ie RE 113 245 ruris RD Be brea ngs Aircel ecu Mm 245 managing files ode eect eee Loa te eee ted 199 rebOOts c atop eO eter ete t 194 StiapShets s ini E aer ee ll pes Pede gin 186 SOPUWATE veel eee dispo pe ete ep ied tepe ipe n auras 179 user authentication and access 5 manuals COMMENTS Oen MN base EA match conditions for multicast traffic maximum transmission unit MTU displaying 115 media access control See MAC addresses Media Gateway Controller MGC list TGM550 152 memory usage for SERVICE Sets Cape IO P ete Be 156 general aliod etd epos ei cals te eere rtu 108 monitoring PIM DRAM available 113 monitoring PIM heap and buffer space Pil LEE 113 monitoring SNMP See SNMP health monitor messages See system log messages MGC st TGMB50 nh gne od ohana iR e 152 MIBs Management Information Bases controlling access configuration editor
359. ool 1 Next to Exclude address click Add new entry 2 Inthe Address box type 192 168 2 33 5 Click OK Set the address to exclude from the IP address pool set pool 192 168 2 0 24 exclude address 192 168 2 33 74 m Configuring the DHCP Server with a Configuration Editor Table 39 Configuring the DHCP Server continued Chapter 4 Configuring the Router as a DHCP Server Task J Web Configuration Editor CLI Configuration Editor Define a DNS server 1 Next to Name server click Add new entry 2 In the Address box type 192 168 10 2 5 Click OK Set the DNS server IP address set pool 192 168 2 0 24 name server 192 168 10 2 Define DHCP option 32 the router solicitation address option 1 Next to Option click Add new entry 2 Inthe Option identifier code box type 32 3 From the Option type choice list select Ip address 4 Inthe Ip address box type 192 168 2 33 5 Click OK twice Set the router solicitation IP address set pool 192 168 2 0 24 option 32 ip address 192 168 2 33 Assign a static IP address of 192 168 2 50 to MAC address 01 03 05 07 09 0B 1 Next to Static binding click Add new entry 2 In the Mac address box type 01 03 05 07 09 0B 3 Next to Fixed address click Add new entry 4 Inthe Address box type 192 168 2 50 5 Click OK until you return to the Configuration page Associate a fixed IP address with the MAC address
360. or Remote Management 29 USB Modeni TES uet tm ot oi tiat en eed teta la ede esie e terat 29 USB Mod amp rri OVerVIeW oen E nE aedes eee en HR dat e e x deci sane 50 USB Modeni Interlace Sroine na intet dte tatus fte oto 30 How a Services Router Initializes USB Modems s 31 USB Modem Connection and Configuration Overview eccere 32 B fore You Begln 2a te shade ceded hene tn Shad Fei pibe qe ie qepd deci than dagen 55 Connecting the USB Modem to the Services Router s USB Port cc 55 Configuring USB Modem Interfaces with a Configuration Editor 33 Configuring a USB Modem Interface Required ssssssess 55 Configuring a Dialer Interface Required sssssss 55 Configuring Dial In Required veiin is Hee 56 Configuring CHAP on Dialer Interfaces Optional sssseeess 37 Connecting to the Services Router from the User End sssssssss 39 Configuring a Dial Up Modem Connection at the User End 39 Connecting to the Services Router from the User End eee 40 Administering USB Modemls c dee trm ere neg ei ees 40 Modifying USB Modem Initialization Commands sese 41 Resetting USB M dems sete t deeper POR GTI EESTI RE RIT 42 Verifying the USB Modem Configuration sssssss eee 42 Verifying a USB Modem Interface orrera neona riri ian eiri Ee TE EEE 43 Verifying Dialer Interface Configuration ssssss a 44 Configuri
361. or release number for example 7 5 m Z indicates the type of software release For example R indicates released software and B indicates beta level software m x y represents the software build number and spin number for example 1 1 m export indicates that the recovery software package is the exported worldwide software package version m cfnnn indicates the size of the target compact flash in megabytes for example cf256 The following compact flash sizes are supported m 256 MB Upgrade and Downgrade Overview Before You Begin Chapter 10 Performing Software Upgrades and Reboots m 512 MB m 1024 MB Compact flash cards with 128 MB storage capacity are not supported A sample J series recovery software package name is junos jseries 9 0R1 export cf256 gz To download software upgrades you must have a Juniper Networks Web account and a valid support contract To obtain an account complete the registration form at the Juniper Networks Web site https www juniper net registration Register jsp Before an upgrade back up your primary boot device onto a secondary storage device If you have a power failure during an upgrade the primary boot device can fail or become corrupted In either case if a backup device is not available the router is unable to boot and come back online Creating a backup also stores your active configuration files and log files and ensures that you recover to a known stable environment
362. or the particular type ingress inbound egress outbound or transit Monitoring MPLS LSP Statistics To display accounting information about LSPs select Monitor gt MPLS gt LSP Statistics or enter the following CLI command show mpls Isp statistics NOTE Statistics are not available for LSPs on the outbound router because the penultimate router in the LSP sets the label to 0 Also as the packet arrives at the outbound router the hardware removes its MPLS header and the packet reverts to being an IPv4 packet Therefore it is counted as an IPv4 packet not an MPLS packet Table 66 on page 133 summarizes key output fields in the MPLS LSP statistics display 132 m Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 66 Summary of Key MPLS LSP Statistics Output Fields Field Values Additional Information Ingress LSP Information about LSPs on the inbound router Each session has one line of output Egress LSP Information about the LSPs on the outbound MPLS learns this information by querying RSVP router Each session has one line of output which holds all the transit and outbound session information Transit LSP Number of LSPs on the transit routers and the MPLS learns this information by querying RSVP state of these paths which holds all the transit and outbound session information To Destination outbound router of the session From Source inbound router of t
363. ort UDP ECHO port 7 only Maximum Probe Thresholds Successive Lost Probes Sets the total number of probes that must be lost successively to trigger a probe failure and generate a system log message Type a number between 0 and 15 Lost Probes Sets the total number of probes that must be lost to trigger a probe failure and generate a system log message Type a number between 0 and 15 Round Trip Time Sets the total round trip time in microseconds from the Services Router to the remote server that triggers a probe failure and generates a system log message Type a number between 0 and 60 000 000 microseconds Jitter Sets the total jitter in microseconds for a test that triggers a probe failure and generates a system log message Type a number between 0 and 60 000 000 microseconds Standard Deviation Sets the maximum allowable standard deviation in microseconds for a test which if exceeded triggers a probe failure and generates a system log message Type a number between 0 and 60 000 000 microseconds Egress Time Sets the total one way time in microseconds from the Services Router to the remote server that triggers a probe failure and generates a system log message Type a number between 0 and 60 000 000 microseconds Ingress Time Sets the total one way time in microseconds from the remote server to the Services Router that triggers a probe fai
364. osing Performance and Network Problems Using Services Router Diagnostic Tools Configuring Packet Capture Configuring RPM Probes Index Index Abbreviated Table of Contents XV 29 47 63 81 89 101 155 165 179 199 209 253 267 291 J series Services Router Administration Guide vi m Table of Contents About This Guide xv een re nU XV AUGIENICE scott Mattie techn Ct tete petere eres fae Mats dace see all XV How to Use This Guide sis eased t Mie aan atic xvi DOCUMENT Conventions u suse ste eerta thes Potete A TE EERS xvii Related Juniper Networks Documentation sssssss xviii Documentation Feedback eee lisse Pede ette ete bes xxi R questing Technical Support i oct ee t Pee EE E E wane xxi Part 1 Configuring a Services Router for Administration Chapter 1 Managing User Authentication and Access 3 User Authentication Terms sssssssssssss eene eene eene nes 5 User Authentication OVerVIeW 2 55 5 e Vt e eret a eite e oet ie td 4 USER AUTEM Gato ots menores drea Mente a e ettet ier ete Aan 4 User ACCOUNTS s rhetores Lu pede di ter tte dest o EP obe te a Re cote 4 Login Classes oh cete eto Ser ALONE eM edere Re QUU Ra Ee 5 Permission BILS soisi shal come ce Pes boo e dnte itd E inte bet eee 5 Denying or Allowing Individual Commands sse 7 Template Accounts ius RM asetisteniee et A E E p ud 7 Belore YOU BERIT Los oec eo sets eo ts bet or Nun RN eee HE ew 8 Ma
365. osis packet capture root password recovery 21 SNMP health monitor 49 troubleshooting a Services Router hardware components chassis alarm conditions 171 TTL time to live default in multicast path tracking queries 241 in ping requests sees emet 218 increments in traceroute packets 223 threshold in multicast trace results 245 total in multicast trace results 245 TTY displaying nier ee cet eee it d 108 U UDP RPM probes CoS classification destination interface reguirement ynie tot e EOS es tet etae tes 279 CoS classification use with caution 280 JeSCEIDEOT su s rhet fece e te t pup etre totu ta 269 Server DOFL Gs Se bbs el et 276 SELEIIg Lu eei Ies ub katie Lo ao AC e 279 verifying SELVETS 2 0 a tectae ee edt e een 288 LITTICLOS leer PRSE p ME 30 unauthorized login class permissions ssss 5 universal serial bus See USB upgrades downloadirng i e ee es 181 installing CE eranste 4184 installing by uploading 185 installing from remote Server 182 OVOLUIGWEk Ludi took AL A ie MISE ct uS 179 requirerients tates ase alee tte ep tete tees 179 181 Upload package page visi ctv cst ertet 185 field Summary ite tita tette i ea AR 185 URLs Juniper Networks enterprise MIBs 48 RELEASE MOLES ic iced res e e PCR ee xv software downloads sssssss 181 Standar
366. ox m To stop displaying absolute TCP sequence numbers in the packet headers clear this check box Layer 2 Headers Specifies that link layer packet headers are to be displayed m To include link layer packet headers while capturing packets select this check box m Toexclude link layer packet headers while capturing packets clear this check box Non Promiscuous Specifies not to place the interface in promiscuous mode so that the interface reads only packets addressed to it In promiscuous mode the interface reads every packet that reaches it m To read all packets that reach the interface select this check box To read only packets addressed to the interface clear this check box Display Hex Specifies that packet headers except link layer m To display the packet headers in hexadecimal headers are to be displayed in hexadecimal format format select this check box m To stop displaying the packet headers in hexadecimal format clear this check box Display ASCII Specifies that packet headers are to be displayed in m To display the packet headers in ASCII and and Hex hexadecimal and ASCII format hexadecimal formats select this check box m To stop displaying the packet headers in ASCII and hexadecimal formats clear this check box Header Specifies the match condition for the packets to be You can enter match conditions directly in this field Expression captured in expression format or
367. packet capture configuring 259 for packet capture overview sssssssssssssss 255 stateful See stateful firewall filters firewalls See firewall filters stateful firewall filters 296 m index Happing imich adata s font conventions forwarding classes CoS FPC summary See PIMs frar ng errors s ee bel esee edente 115 frequency test See RPM probes test intervals G Jet Tequesls ood hcec ee per Leeds er pec pri rusa 48 glossary Cicwg A E AE 165 autoiristallatiori z uei eda dede et eee 81 DHCP EP IE 65 didgloStie s s eo etre dte patet tne 209 ImnonItOring i d st e ade teet der x ste 101 packet capture e LA ee e pias 255 REM t enceintes eo ue ke UUSUU N 267 SVSELETIC LOSS 7s A e up ve RR 155 USBRIMOGEMISH sete te redacti edat dualle ts 29 user authentiCcatiOF n Pria es eet epi Rs 5 groups BGP displaying ertt est tte ehe te deis 117 for SNMPtraps c este Tode bet ttes 56 gzip utility for compact flash recovery 192 H halting a Services Router WIth Webzine eere d eres 194 Withi tHe CE bte Reb oet ede 196 halting a Services Router immediately SITUE NNNM EP 194 with tHe GEL 4 ater reor rre sce Ove ed 196 hardware alarm conditions and remedies 171 MAC address displaying 115 major red alarm conditions on sss 167 recommended for compact flash recovery 192 imestamp See RPM probe timestamps versi
368. packet statistics gathered from Juniper Networks routers and routing nodes are always displayed as O 242 Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Table 125 CLI mtrace from source Command Output Summary Field Description hop number Number of the hop router along the path host Hostname if available or IP address of the router If the no resolve option was entered in the command the hostname is not displayed ip address IP address of the router protocol Protocol used ttl TTL threshold Round trip time milliseconds ms Total time between the sending of the query packet and the receiving of the response packet total ttl of number required Total number of hops required to reach the source Source Source IP address of the response packet Response Dest Response destination IP address Overall Average packet rate for all traffic at each hop Packet Statistics For Traffic From Number of packets lost number of packets sent percentage of packets lost and average packet rate at each hop Receiver IP address receiving the multicast packets Query Source IP address of the host sending the query packets Using the mtrace monitor Command To monitor and display multicast trace operations enter the mtrace monitor command userQhost mtrace monitor Mtrace query at Apr 21 16 00 54 by 192 1 30 2 resp to 224
369. papeterie 1 secret RADIUS configuration editor RADIUS Quick Configuration TACACS configuration editor TACACS Quick Configuration security ACCESS privileges cbe eee etat 5 configuration file encryption 2 See also file encryption console port Security see ont tete eee etis IDS inittusiort electione e pertes 1 IKE monitoring security associations 1 packet capture for intrusion detection 2 password retry limits WSEN ACCOUNUS user tant tan dites 4 user authentication eret ette serial cable disconnection for console logout Serial Line Address Resolution Protocol SLARP for autoimstallatior eet rper e erar teres 16 serial number chassis components sssssssss 115 Services Router serial ports alarm condition indicator eee 175 alarm conditions and configuration options 168 autoinstallatiOr ON esses estet ret tte 82 configuring alarms ON 172 service sets Monitoring aee a a eee 135 services interfaces See adaptive services interfaces services module alarm condition indicator 175 alarm conditions and configuration options 169 Services Router as a DHCP server 65 autoinistallatiQne etico Dec os dete 81 automating operations and troubleshooting 89 CIASNOSISH rccte eeu HEURE halting CL ais eoe nece deett halting J Web MONTONE ogir toni eher perse t multiple deploying See autoins
370. physical interface Input Errors Input errors on the interface See the following rows of this table for specific error types Drops Number of packets dropped by the output queue If the interface is saturated this number increments once for every packet that is dropped by the Services Router s random early detection RED mechanism Framing Sum of ATM Adaptation Layer AAL5 packets that errors have frame check sequence FCS errors AAL5 packets that have reassembly timeout errors and AAL5 packets that have length errors Policed Number of packets dropped as a result of routing discards policies configured on the interface Monitoring Routing Information The J Web interface provides information about routing tables and routing protocols Using the Monitoring Tools MN 115 J series Services Router Administration Guide This section contains the following topics w Monitoring Route Information on page 116 m Monitoring BGP Routing Information on page 117 Monitoring OSPF Routing Information on page 119 a Monitoring RIP Routing Information on page 120 m Monitoring DLSw Routing Information on page 121 Monitoring Route Information To view the inet O IPv4 routing table in the J Web interface select Monitor Routing Route Information or enter the following CLI commands m Show route terse m show route detail Table 52 on page 116 summarizes key output fields in the routing information display
371. pter 7 Monitoring the Router and Routing Operations Table 58 Summary of Key CoS Classifier Output Fields continued CoS Value Type The classifiers are displayed by type m dscp All classifiers of the DSCP type dscp ipv6 All classifiers of the DSCP IPv6 type m exp All classifiers of the MPLS EXP type m ieee 802 1 4AIl classifiers of the IEEE 802 1 type m inetprecedence All classifiers of the IP precedence type Index Internal index of the classifier Incoming CoS Value CoS value of the incoming packets in bits These values are used for classification Assign to Forwarding Class Forwarding class that the classifier assigns to an incoming packet This class affects the forwarding and scheduling policies that are applied to the packet as it transits the router Assign to Loss Priority Loss priority value that the classifier assigns to the incoming packet based on its CoS value Monitoring CoS Value Aliases To display information about the CoS value aliases that the system is currently using to represent DSCP DSCP IPv6 MPLS EXP and IPv4 precedence bits select Monitor Class of Service CoS Value Aliases in the J Web interface or enter the following CLI command show class of service code point aliases Table 59 on page 126 summarizes key output fields for CoS value aliases Using the Monitoring Tools m 125 J series Services Router Administration Guide Table 59 Summary
372. ptured packets to a file in PCAP format in var tmp The files are named with the prefix jweb pcap and the extension pcap If you select this option the decoded packet headers are not displayed on the packet capture page m Tosave the captured packet headers to a file select this check box m To decode and display the packet headers on the J Web page clear this check box Packet Capture Results and Output Summary Table 115 J Web Packet Capture Results and Output Summary Figure 25 on page 229 shows J Web packet capture output from router1 with the level of detail set to brief Table 115 on page 229 summarizes the output in the packet capture display Figure 25 Packet Capture Results Page ERROR Unresolved graphic fileref 5020268 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Field Description timestamp Time when the packet was captured The timestamp 00 45 40 823971 means 00 hours 12 00 a m 45 minutes and 40 825971 seconds NOTE The time displayed is local time direction Direction of the packet Specifies whether the packet originated from the Routing Engine Out or was destined for the Routing Engine In protocol Protocol for the packet In the sample output IP indicates the Layer 5 protocol source address Hostname if available or IP address and the port number of the packet s origin If the Don t Resolve Addresses check box is selected
373. put rates Verify that the number of inbound and outbound bytes and packets matches expected throughput for the physical interface To clear the statistics and see only new changes use the clear interfaces statistics interface name command The dialer state is Active when a USB modem call is in progress The LCP state is Opened when a USB modem call is in progress An LCP state of Closed or Not Configured indicates a problem with the dialer configuration that needs to be debugged with the monitor traffic interface interface name command For information about the monitor traffic command see Using the monitor traffic Command on page 246 For a complete description of show interfaces dlO extensive output see the JUNOS Interfaces Command Reference Verifying Dialer Interface Configuration Chapter 3 Configuring SNMP for Network Management The Simple Network Management Protocol SNMP enables the monitoring of network devices from a central location You can use either J Web Quick Configuration or a configuration editor to configure SNMP D NOTE SNMP is not supported on Gigabit Ethernet interfaces on J series Services Routers This chapter contains the following topics For more information about SNMP see the JUNOS Network Management Configuration Guide m SNMP Architecture on page 47 m Before You Begin on page 50 m Configuring SNMP with Quick Configuration on page 50 a Configuring SNMP with a Configuration Editor on
374. r If the Services Router does not display the complete path to the destination host one of the following explanations might apply m The host is not operational m There are network connectivity problems between the Services Router and the host m The host or a router along the path might be configured to ignore ICMP traceroute messages m The host or a router along the path might be configured with a firewall filter that blocks ICMP traceroute requests or ICMP time exceeded responses m The value you selected in the Time Exceeded box was less than the number of hops in the path to the host In this case the host might reply with an ICMP error message Tracing Unicast Routes from the J Web Interface m 225 J series Services Router Administration Guide For more information about ICMP see RFC 792 Internet Control Message Protocol Capturing and Viewing Packets with the J Web Interface You can use the J Web packet capture diagnostic tool when you need to quickly capture and analyze router control traffic on a Services Router Packet capture on the J Web interface allows you to capture traffic destined for or originating from the Routing Engine You can use J Web packet capture to compose expressions with various matching criteria to specify the packets that you want to capture You can either choose to decode and view the captured packets in the J Web interface as they are captured or save the captured packets to a file
375. r crash directory See crash files config directory file encryption See file encryption snapshots for boot directories CLI 189 snapshots for boot directories J Web 188 var crash directory See crash files var db config directory See file encryption var db scripts commit directory See commit scripts var db scripts op directory See operation scripts var log directory See system log messages See system logs var sw pkg directory temporary files eot ntt tie 200 var tmp directory See temporary files lt gt in syntax descriptions xviii in configuration statements xviii in configuration statements xviii pipe command pipe in syntax descriptions A access privileges denying and allowing commands s 7 permission DItS fOr xor oci tte ssl ea 5 predefined d eene Te recens 5 specifying Quick Configuration 11 accounts See template accounts user accounts activate system scripts commit command 92 activate system scripts op command ssss 94 active alarms See alarms active active routes displaying eect eees 116 adapters for compact flash recovery 192 adaptive services interfaces alarm conditions and configuration options 168 MONITORE seis scatet rre p eei ge qn Add a RADIUS Server pages o ec esaet beers field SUrimaty s sen rosse Add a TACACS Server page a field Surtmarys a ete e ea
376. r does not test the connection between a PE router and a customer edge CE router Locate LSP using interface name ping mpls I2vpn interface Checks the operability of the connections related to a Layer 2 VPN The Services Router directs outgoing request probes out the specified interface For information about interface names See the interface naming conventions in the J series Services Router Basic LAN and WAN Access Configuration Guide Instance to which this connection belongs ping mpls I2vpn instance Checks the operability of the connections related to a Layer 2 VPN The Services Router pings ona combination of the Layer 2 VPN routing instance name the local site identifier and the remote site identifier to test the integrity of the Layer 2 VPN circuit specified by the identifiers between the inbound and outbound PE routers Locate LSP from interface name ping mpls I2circuit interface Checks the operability of the Layer 2 circuit connections The Services Router directs outgoing request probes out the specified interface Locate LSP from virtual circuit information ping mpls I2circuit virtual circuit Checks the operability of the Layer 2 circuit connections The Services Router pings on a combination of the IPv4 prefix and the virtual circuit identifier on the outbound PE router testing the integrity of the Layer 2 circuit between the inbound and outbound PE routers P
377. r instructions see the cross references in the table Table 24 USB Modem Connection and Configuration Overview Task Instructions Perform prerequisite tasks Before You Begin on page 55 On the Services Router 1 Connect a modem to the router Connecting the USB Modem to the Services Router s USB Port on page 55 2 Configure the modem interfaces on the router Configuring USB Modem Interfaces with a Configuration Editor on page 55 5 Verify the modem configuration on the router Verifying the USB Modem Configuration on page 42 4 Perform administrative tasks as necessary m Modifying USB Modem Initialization Commands on page 41 Resetting USB Modems on page 42 At the User End 1 Configure the modem at your remote location Configuring a Dial Up Modem Connection at the User End on page 59 2 Dial in to the router Connecting to the Services Router from the User End on page 40 32 NM USB Modem Overview Before You Begin Chapter 2 Setting Up USB Modems for Remote Management Before you configure USB modems you need to perform the following tasks Install Services Router hardware For more information see the Getting Started Guide for your router Establish basic connectivity For more information see the Getting Started Guide for your router Order a Multi Tech MultiModem MT5654ZBA USB V92 USB modem from Multi Tech Systems http www multitech com Order a dial up
378. r jitter m ICMP ping m ICMP ping timestamp m UDP ping m UDP ping timestamp ec NOTE The Services Router supports hardware timestamping of UDP ping and UDP pp ping ping ping timestamp RPM probes only if the destination port is UDP ECHO port 7 Timestamping takes place during the forwarding process of the Services Router originating the probe the RPM client but not on the remote router that is the target of the probe the RPM server The supported encapsulations on a Services Router for timestamping are Ethernet including VLAN synchronous PPP and Frame Relay The only logical interface supported is an It services interface RPM Overview M 269 J series Services Router Administration Guide RPM Statistics At the end of each test the Services Router collects the statistics for packet round trip time packet inbound and outbound times for ICMP timestamp probes only and probe loss shown in Table 159 on page 270 Table 139 RPM Statistics RPM Statistics Description Round Trip Times Minimum round trip time Shortest round trip time from the Services Router to the remote server as measured over the course of the test Maximum round trip time Longest round trip time from the Services Router to the remote server as measured over the course of the test Average round trip time Average round trip time from the Services Router to the remote server as measured over the course of the te
379. race monitor Command sss 245 Displaying Log and Trace Files from the CLI sssss 244 Monitoring Interfaces and Traffic from the CLI ou eee 245 Using the monitor interface Command sse 245 Using the monitor traffic Command sss 246 Configuring Packet Capture 253 Packet Capture Terms x eden sete pee e Re et pe e oe ig ee Fay 255 Packet Capture OVeEVI W zx dtt ttt coe ee Ets e e e I sit ete ta 254 Packet Capture on Router Interfaces ssssssssssssssss 255 Firewall Filters for Packet Capture ssssssssseH 255 Pack t Capture Files conet rie e He ed dec e dt 256 Analysis Of Packet Capture FIes s ese tides teieeety i ose tree 256 Before Yoy BEBI jc tees ceto en ee ee GAG aee ev tege edet 257 Configuring Packet Capture with a Configuration Editor ssssss 257 Enabling Packet Capture Required poisia ieii 257 Configuring Packet Capture on an Interface Required sse 259 Configuring a Firewall Filter for Packet Capture Optional 259 Disabling Packet Capture sc escort GR e Cb De NU 261 Deleting Packet Capture Fues optet tee eee es 261 Changing Encapsulation on Interfaces with Packet Capture Configured 262 Verifying Packet CaptIe gesagt Tig crier pl pee Du rien he e edv 265 Displaying a Packet Capture Configuration sssss 265 Displaying a Firewall Filter for Packet Capture Configuration
380. rarchy level edit routing options static route default nexthop address retain J Web GUI Conventions Bold text like this Represents J Web graphical user interface GUI items you click or select m Inthe Logical Interfaces box select All Interfaces m To cancel the configuration click Cancel gt bold right angle bracket Separates levels in a hierarchy of J Web selections In the configuration editor hierarchy select Protocols Ospf Related Juniper Networks Documentation J series Services Routers are documented in multiple guides Although the J series guides provide instructions for configuring and managing a Services Router with the JUNOS CLI they are not a comprehensive JUNOS software resource For complete documentation of the statements and commands described in J series guides see the JUNOS software manuals listed in Table 4 on page xix xviii WI Related Juniper Networks Documentation About This Guide Table 4 J series Guides and Related JUNOS Software Publications Chapter in a J series Guide Corresponding JUNOS Software Manual Getting Started Guide for Your Router Services Router User Interface Overview Establishing Basic Connectivity JUNOS CLI User Guide JUNOS System Basics Configuration Guide J series Services Router Basic LAN and WAN Access Configuration Guide Using Services Router Configuration Tools JUNOS CLI User Guide
381. ration gt Realtime Performance Monitoring 2 Enter information into the Quick Configuration page for RPM as described in Table 140 on page 272 3 From the main RPM Quick Configuration page click one of the following buttons m Toapply the configuration and stay on the Quick Configuration RPM page click Apply m To apply the configuration and return to the Quick Configuration main page Click OK m To cancel your entries and return to the Quick Configuration RPM page click Cancel 4 To check the configuration see Verifying an RPM Configuration on page 285 Table 140 RPM Quick Configuration Summary Field Function Your Action Performance Probe Owners Owner Name Identifies an RPM owner for which one or more RPM required tests are configured In most implementations the owner name identifies a network on which a set of tests is being run a particular customer for example Type the name of the RPM owner Identification Test name required Uniquely identifies the RPM test Type the name of the RPM test Target Address or IP address or URL of probe target URL required Type the IP address in dotted decimal notation or the URL of the probe target If the target is a URL type a fully formed URL that includes http Source Address Explicitly configured IP address to be used as the probe source address Type the source address to be used for the probe
382. ration for use on another J series Services Router or configure the device to receive core dumps for troubleshooting If the router has no secondary boot device configured and the primary boot device becomes corrupted you can reload the JUNOS recovery software package onto the corrupted compact flash with either a UNIX or Microsoft Windows computer This chapter contains the following topics For more information about installing and upgrading JUNOS software see the JUNOS Software Installation and Upgrade Guide m Upgrade and Downgrade Overview on page 179 m Before You Begin on page 181 a Downloading Software Upgrades from Juniper Networks on page 181 a Installing Software Upgrades with the J Web Interface on page 182 m Installing Software Upgrades with the CLI on page 184 m Downgrading the Software on page 185 m Configuring Boot Devices on page 186 m Recovering Primary Boot Devices on page 191 m Rebooting or Halting a Services Router on page 194 Upgrade and Downgrade Overview Typically you upgrade the JUNOS software on a Services Router by downloading a software image to your router from another system on your local network Using the Upgrade and Downgrade Overview m 179 J series Services Router Administration Guide J Web interface or the CLI to upgrade the router downloads the software image decompresses the image and installs the decompressed software Finally you reboot the router at which time it boots from the
383. re special characters each of which must be preceded by a backslash V Table 132 CLI monitor traffic Arithmetic Binary and Relational Operators Operator Description Arithmetic Operator Addition operator Subtraction operator Division operator Binary Operator amp Bitwise AND Bitwise exclusive OR Bitwise inclusive OR Relational Operator lt A match occurs if the first expression is less than or equal to the second gt A match occurs if the first expression is greater than or equal to the second lt A match occurs if the first expression is less than the second gt A match occurs if the first expression is greater than the second A match occurs if the first expression is equal to the second 250 1H Using CLI Diagnostic Commands Chapter 12 Using Services Router Diagnostic Tools Table 132 CLI monitor traffic Arithmetic Binary and Relational Operators continued Operator Description A match occurs if the first expression is not equal to the second Following is sample output from the monitor traffic command user host gt monitor traffic count 4 matching arp detail Listening on fe 0 0 0 capture size 96 bytes 15 04 16 276780 15 04 16 376848 15 04 16 376887 15 04 16 601923 In In In In arp who has 193 1 1 1 tell hostl site2 net arp who has host2 site2 net tell hostl site2 net arp who has 193 1 1 2 tell hostl site2 net arp who has 193 1 1 3 tell hostl site2 net
384. reaches zero the packet is discarded and a corresponding error message is sent to the source of the packet type of service TOS Value octet in the IP header that defines the service the source host requests such as the packet s priority and the preferred delay throughput and reliability Diagnostic Tools Overview Use the J Web Diagnose options to diagnose a Services Router J Web results are displayed in the browser You can also diagnose the router with CLI operational mode commands CLI command output appears on the screen of your console or management device or you can filter the output to a file This section contains the following topics To filter output to a file see Filtering Command Output on page 105 m j Web Diagnostic Tools Overview on page 210 m CLI Diagnostic Commands Overview on page 211 m MPLS Connection Checking on page 215 J Web Diagnostic Tools Overview The J Web diagnostic tools consist of the options that appear when you select Diagnose and Manage in the task bar Table 105 on page 210 describes the functions of the Diagnose and Manage options Table 105 J Web Interface Diagnose and Manage Options Option Function Diagnose Options Ping Host Allows you to ping a remote host You can configure advanced options for the ping operation For details see Using the J Web Ping Host Tool on page 216 Ping MPLS Allows you to ping an MPLS endpoint using various options For d
385. red over the course of the test Probe Counts Probes sent Total number of probes sent over the course of the test Probe responses received Total number of probe responses received over the course of the test 270 Hm RPM Overview Chapter 14 Configuring RPM Probes Table 139 RPM Statistics continued RPM Statistics Description Loss percentage Percentage of probes sent for which a response was not received RPM Thresholds and Traps You can configure RPM threshold values for the round trip times ingress inbound times and egress outbound times that are measured for each probe as well as for the standard deviation and jitter values that are measured for each test Additionally you can configure threshold values for the number of successive lost probes within a test and the total number of lost probes within a test If the result of a probe or test exceeds any threshold the Services Router generates a system log message and sends any Simple Network Management Protocol SNMP notifications traps that you have configured RPM for BGP Monitoring When managing peering networks that are connected using Border Gateway Protocol BGP you might need to find out if a path exists between the Services Router and its configured BGP neighbors You can ping each BGP neighbor manually to determine the connection status but this method is not practical when the Services Router has a large number of BGP neighbor
386. ress None Protocol RARP Client Acquired address None Interface Name ge 0 0 1 State None Address acquisition Protocol DHCP Client Acquired address None Protocol RARP Client Acquired address None Meaning The output shows the settings configured for autoinstallation Verify that the values displayed are correct for the Services Router when it is deployed on the network Verifying Autoinstallation Status WE 87 J series Services Router Administration Guide 88 Verifying Autoinstallation Status Chapter 6 Automating Network Operations and Troubleshooting J series Services Routers support automation of network operations and troubleshooting tasks using commit scripts operation scripts and event policies You can use commit scripts to enforce custom configuration rules Operation scripts allow you to automate network management and troubleshooting tasks You can configure event policies that initiate self diagnostic actions on the occurrence of specific events This chapter contains the following topics For more information about using commit scripts and operation scripts and configuring event policies see the JUNOS Configuration and Diagnostic Automation Guide If the router is operating in a Common Criteria environment see the Secure Configuration Guide for Common Criteria and JUNOS FIPS a Defining and Enforcing Configuration Rules with Commit Scripts on page 89 m Automating Network Management and Troubleshooting
387. rface unit number box serunt be 0 type O 5 Next to Dialer options select Yes and then click Configure Configuring USB Modem Interfaces with a Configuration Editor H 35 J series Services Router Administration Guide Table 26 Adding a Dialer Interface to a Services Router continued Task J Web Configuration Editor CLI Configuration Editor Configure the name of the dialer pool to use for USB modem connectivity for example usb modem dialer pool In the Pool box type usb modem dialer pool Click OK 1 Enter edit unit O 2 Enter set dialer options pool usb modem dialer pool Configure source and destination IP addresses for the dialer interface for example 172 20 10 2 and 172 20 10 1 NOTE If you configure multiple dialer interfaces ensure that the same IP subnet address is not configured on different dialer interfaces Configuring he same IP subnet address on multiple dialer interfaces can result in Select Inet under Family and click Configure Next to Address click Add new entry In the Source box type 172 20 10 2 In the Destination box type 172 20 10 1 Click OK Enter set family inet address 172 20 10 2 destination 172 20 10 1 inconsistency in the route and packet oss The router might route packets hrough another dialer interface with he IP subnet address instead of hrough the dialer interface to which he USB modem call is mapped Configuring
388. right 9 1988 Regents of the University of California All rights reserved Portions of the GateD software copyright 1991 D L S Associates This product includes software developed by Maker Communications Inc copyright 9 1996 1997 Maker Communications Inc uniper Networks the Juniper Networks logo NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries JUNOS and JUNOSe are trademarks of Juniper Networks Inc All other trademarks service marks registered trademarks or registered service marks are the property of their respective owners uniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks U S Patent Nos 5 475 599 5 905 725 5 909 440 6 192 051 6 555 650 6 559 479 6 406 512 6 429 706 6 459 579 6 495 547 6 558 518 6 558 899 6 552 918 6 567 902 6 578 186 and 6 590 785 J series Services Router Administration Guide Release 9 1 Copyright 9 2008 Juniper Networks Inc All rights reserved Printed in USA Revision History April 2008 Revision 1 The information in this document is current as of the date listed in the revision history
389. ripts is stored in a file which is then uploaded to a specified URL For information about operation scripts see Automating Network Management and Troubleshooting with Operation Scripts on page 92 To view a list of the events that can be referenced in an event policy issue the help syslog command user host gt help syslog Possible completions lt sys log tag gt System log tag ACCT_ACCOUNTING_FERROR Error occurred during file processing ACCT_ACCOUNTING_FOPEN_ERROR Open operation failed on file ACCT_ACCOUNTING_SMALL_FILE_SIZE Maximum file size is smaller than record size For information about these events see the JUNOS System Log Messages Reference Configuring Event Policies To configure event policies 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 45 on page 96 3 If you are finished configuring the network commit the configuration Running Self Diagnostics with Event Policies N 95 J series Services Router Administration Guide Table 45 Configuring Event Policies Task J Web Configuration Editor CLI Configuration Editor Configuring Destination for Uploading Files for Analysis Navigate to the Destinations level in the configuration hierarchy 1 Inthe J Web interface select Configuration View and Edit Edit Configuration 2 Next to Event options click Configure or Ed
390. rks and the Internet m Network administrators who install configure and manage Internet routers but are unfamiliar with the JUNOS software m Network administrators who install configure and manage products of Juniper Networks Objectives M XV J series Services Router Administration Guide Personnel operating the equipment must be trained and competent must not conduct themselves in a careless willfully negligent or hostile manner and must abide by the instructions provided by the documentation How to Use This Guide J series documentation explains how to install configure and manage J series routers by providing information about JUNOS implementation specifically on J series routers For comprehensive JUNOS information see the JUNOS software manuals listed in Related Juniper Networks Documentation on page xviii Table 1 on page xvi shows the location of J series information by task type in Juniper Networks documentation Table 1 Location of J series Information J series Tasks Location of Instruction Installing hardware and establishing basic connectivity Getting Started Guide for your router Configuring interfaces and routing protocols such as RIP OSPF BGP series Services Router Basic LAN and WAN Access and IS IS Configuration Guide Configuring advanced features such as virtual private networks VPNs J series Services Router Advanced WAN Access IP Security IPSec multicast rou
391. rnet Control Message Protocol ICMP TCP IP protocol used to send error and information messages routing table Database of routes learned from one or more protocols Monitoring Overview Use the J Web Monitor and Manage options to monitor a Services Router J Web results are displayed in the browser Monitoring Terms m 101 J series Services Router Administration Guide You can also monitor the router with CLI operational mode commands CLI command output appears on the screen of your console or management device or you can filter the output to a file This section contains the following topics Monitoring Tools Overview on page 102 m Filtering Command Output on page 105 Monitoring Tools Overview J Web monitoring tools consist of the options that appear when you select Monitor in the task bar The Monitor options display diagnostic information about the Services Router Alternatively you can enter show commands from the CLI to display the same information and often greater detail CLI show commands display the current configuration and information about interfaces routing protocols routing tables routing policy filters and the chassis Use the CLI clear command to clear statistics and protocol database information Table 47 on page 102 explains what each J Web Monitor option displays and lists the corresponding CLI show commands Table 47 J Web Monitor Options and Corresponding CLI show Commands
392. rocess ssssssss 84 CLI configuration editor cence 85 default configuration file cece 84 establishing seeker pep b eee docu 81 host specific configuration file ee 84 Interfaces oom ve ated ETE ea A 82 IP address procurement process 85 J Web configuration editor ees 85 OVGIVIEW our dhivehi Muon Mus d rebat obest tes shout 82 protocols for procuring an IP address 82 requirements StAtUSA AKE ER epe meget RR Pte EIS TETP SEIVED sc eretetettot EEA Eaa ES VETT cae lobt o sue ee e tete ota autoinstallation compatibility with the DHCP SOLVED i cst deti roten e disons ttti ous 65 automatic configuration See autoinstallation Avaya VoIP MONItOTINg eee cere 151 292 m index B BBL bearer bandwidth limit aVatlable tassscs ted tpe a ep d 152 FeDOFted eee te dace satay ce tele c iex 152 bearer bandwidth limit See BBL BGP Border Gateway Protocol MONTONE i tee ute eL ee qe 117 peers probes to See BGP RPM probes RPM probes to BGP neighbors See BGP RPM probes SEAUISTICS i n 117 SUACUS c corner e p o tete aa EG T d alertness 118 BGP groups displaying n ertet tls 117 BGP neighbors directing RPM probes tO 285 displaying udi tete ehe dest i en 118 monitoring with RPM probes 285 BGP peers See BGP neighbors BGP routing information 117 BGP RPM probes directing to select BGP neighbors configuration CAIO Direito sae rant a ten Uae Mate cad denen 285 pU
393. rom the edit hierarchy level and Edit gt Edit Configuration enter Next to System click Configure or Edit edit system login 5 Next to Login click Configure or Edit 16 m Managing User Authentication with a Configuration Editor Chapter 1 Managing User Authentication and Access Table 14 Defining Login Classes continued Task J Web Configuration Editor CLI Configuration Editor Create a login class named operator and boot with the ability to reboot the router 1 Next to Class click Add new entry Set the name of the login class and the ability to use the request system Type the name of the login class r bodtcomand operatorand Doot set class operator and boot 5 In the Allow commands box type the request system allow commands request system reboot command enclosed in quotation marks reboot request system reboot 4 Click OK Give the operatorand boot 1 Next to Permissions click Add new entry Set the permission bits for the login class operator operator and boot login class privileges 2 Inthe Value list select clear 5 Click OK set class operator and boot f permissions clear network reset 4 Next to Permissions click Add new entry trace view 5 Inthe Value list select network 6 Click OK 7 Next to Permissions click Add new entry 8 Inthe Value list select reset 9 Click OK O Next to Permissions click Add new entry 1 In the Value list select trace
394. rt looping of probe packets to an input interface without adding any encapsulation On a Services Router the destination interface must be an It services interface In this sample use of RPM a probe is configured for one customer Customer C The probe for Customer C uses TCP packets The remote router is configured as an RPM server for both TCP and UDP packets using an It services interface as the destination interface and ports 50000 and 50057 respectively Router A is the host router in this example and Router B is the remote router To configure this RPM probe 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 142 on page 280 5 If you are finished configuring the network commit the configuration 4 Goonto one of the following procedures m To tune a probe see Tuning RPM Probes on page 282 m To check the configuration see Verifying an RPM Configuration on page 285 Table 142 Configuring TCP and UDP Probes Task J Web Configuration Editor CLI Configuration Editor Router A Configuration Navigate to the Services gt RPM levelin 1 Inthe J Web interface select From the edit hierarchy level enter the configuration hierarchy Configuration View and Edit Edit Configuration edit services rpm 2 Next to Services click Configure or Edit 5 Next to Rpm select the Yes check box 4 Cli
395. rver see Setting Up RADIUS Authentication on page 12 m To configure a TACACS server see Setting Up TACACS Authentication on page 13 f m To configure a remote user template account see Creating a Remote Template Account on page 19 f m Toconfigure local user template accounts see Creating a Local Template Account on page 20 Table 13 Configuring Authentication Order Task J Web Configuration Editor CLI Configuration Editor Navigate to the System level in the configuration hierarchy 1 Inthe J Web interface select Configuration View and Edit Edit Configuration From the edit hierarchy level enter edit system 2 Nextto System click Configure or Edit Add RADIUS authentication to the authentication order Insert the radius statement in the authentication order 1 Inthe Authentication order box click Add new entry In the list select radius A ah insert system authentication order radius 5 Click OK after password Add TACACS authenticationto 1 Inthe Authentication Order box click Add Insert the tacplus statement in the the authentication order new entry authentication order In the list select tacplus m 2 P insert system authentication order tacplus 5 Click OK after radius Managing User Authentication with a Configuration Editor m 15 J series Services Router Administration Guide Controlling User Access This section
396. rver in the network A host specific file with the name hostname conf for each Services Router undergoing autoinstallation Replace hostname with the name of a Services Router The hostname conf file typically contains all the configuration information necessary for the router with this hostname A default configuration file named router conf with the minimum configuration necessary to enable you to telnet into the new Services Router for further configuration Physically attach the Services Router to the network using one or more of the following interface types Fast Ethernet Chapter 5 Configuring Autoinstallation m Gigabit Ethernet m Serial with HDLC encapsulation If you configure the DHCP server to provide only the TFTP server hostname add an IP address to hostname mapping entry for the TFTP server to the DNS database file on the DNS server in the network If the new router is not on the same network segment as the DHCP server or other device providing IP address resolution configure an existing router as an intermediate to receive TFTP and DNS requests and forward them to the TFTP server and the DNS server You must configure the LAN or serial interface on the intermediate router with the IP addresses of the hosts providing TFTP and DNS service Connect this interface to the new router If you are using hostname conf files for autoinstallation of host specific configuration files you must also complete the following tasks
397. ry Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor Perform the configuration tasks described in Table 43 on page 91 If you are finished configuring the network commit the configuration Defining and Enforcing Configuration Rules with Commit Scripts Chapter 6 Automating Network Operations and Troubleshooting Table 43 Enabling Commit Scripts Task J Web Configuration Editor CLI Configuration Editor Navigate to the Commit level in the 1 In the J Web interface select From the edit hierarchy level enter configuration hierarchy Configuration View and Edit Edit Configuration edit system scripts commit 2 ext to System click Configure or Edit 5 ext to Scripts click Configure or Edit 4 ext to Commit click Configure or Edit Enable the commit script file for 1 ext to File click Add new entry Set the script file name example commit script xsl 2 Inthe File name box type set file commit script xsl commit script xsl 5 Click OK Disabling Commit Scripts If you do not want a commit script to run you can disable it by deleting or deactivating it in the configuration Deleting a commit script permanently removes it from the configuration To run the script later you must reenable the script as described in Enabling Commit Scripts on page 90 Deactivating a commit script disables the script until you activate it later
398. s Table 101 CLI Request System Reboot Command Options Option Description none Same as at now reboots the router immediately Rebooting or Halting a Services Router M 195 J series Services Router Administration Guide Table 101 CLI Request System Reboot Command Options continued Option Description at time Specifies the time at which to reboot the router You can specify time in one of the following ways m now Reboots the router immediately This is the default minutes Reboots the router in the number of minutes from now that you specify m yymmddhhmm Reboots the router at the absolute time on the date you specify Enter the year month day hour in 24 hour format and minute m X hh mm Reboots the router at the absolute time you specify on the current day Enter the time in 24 hour format using a colon to separate hours from minutes in minutes Specifies the number of minutes from now to reboot the router This option is a synonym for the at minutes option media type Specifies the boot device to boot the router from m compactflash Reboots from the internal compact flash This is the default m removable compactflash Reboots from the optional external compact flash This option is available on J2320 J2350 J4300 and J6500 Services Routers only m usb Reboots from the USB storage device message text Provides a message to display to all system users
399. s round trip time descriptions d uote d S ee RE o Pets 270 See also RPM probes threshold Setting neis ei a rete 274 router conf file for autoinstallation sssss 84 routing MONOD uic c E p E EA experte terere end 115 traceroute I Web tuer ennnen Et Ett tts 225 traceroute COMIMANG vepres 257 traceroute monitor command sssess 257 Routing Engine clogeed sait filten sus tea eode es fart failure odo eo hess ates de fedi ter deed major red alarm minor yellow alarm read or write error temperature ii edet tee ER ce bee oh ded TOO ANaPITWa sace cese pet eter oui ve ERES routing policies export displaying 5 arae n tee 119 import displaying o cette ot eres 119 routing table displaying ceret toot et en tt ente 116 MONTON O earn aeea a tete d boe 116 RPM real time performance monitoring basic probes configuration editor 276 BGP monitoring See BGP RPM probes inbound and outbound times 270 PILLS Ts VIeWIBB zu ser pei d erecti cedi ges 147 roonitoring DIOD6S s tete eter segs 145 Index mM 303 J series Services Router Administration Guide OVGIVIEW us hore etit chien retirees See also RPM probes preparation sese ru ctos ase tore un probe and test intervals xf probe counts Ee o hae ue ets Quick Configuration round trip times description round trip times viewing sssssssee sample configuration noiae i c
400. s 274 JTAC Juniper Networks Technical Assistance Center hardware information for 112 JUNOS CLI access privilege levels 5 automatic command execution with event poliGi8S ideo ser rte nea ires Gh dees 95 denying and allowing commands 7 diagnostic command summary sssss 212 filtering command output 105 monitoring show commands summary 102 Index m 297 J series Services Router Administration Guide JUNOS Internet software release notes URL uu roe ee epe XV JUNOS software autoinstallation ssssssee a EaR 81 encryption See file encryption known problems operation scripts as WOEKarOUfids din eter ted teda 92 Upgrading ern erri bt t eet says 179 USB modems for remote management 29 Version displaying sarrio ariin stet ta et 107 junos jseries package See upgrades JUNOScript Extensible Markup Language XML See commit scripts operation scripts K kernel logging facility temi tne 158 L label switched paths See LSPs laptop See management device latency in RPM probes improving with TIMES TAI PS saves S e tete bett Ep ttu Layer 2 circuits monitoring Layer 2 VPNs monitoring Layer 5 VPNs monitoring 5 libpcap format for packet capture files 265 license infringement alarm condition indicator 175 licenses alarm conditions and remedies 172 limitations ALARM LED li
401. s configured In the Services Router you can configure RPM probes to monitor the BGP neighbors and determine if they are active For BGP configuration information see the J series Services Router Basic LAN and WAN Access Configuration Guide Before You Begin Before you begin configuring RPM complete the following tasks m Establish basic connectivity See the Getting Started Guide for your router m Configure network interfaces See the J series Services Router Basic LAN and WAN Access Configuration Guide m Configure SNMP See Configuring SNMP for Network Management on page 47 Configuring RPM with Quick Configuration J Web Quick Configuration allows you to configure real time performance monitoring RPM parameters Figure 26 on page 272 shows the main Quick Configuration page for RPM Figure 27 on page 272 shows the probe test Quick Configuration page for RPM Before You Begin M 271 J series Services Router Administration Guide Figure 26 Main Quick Configuration Page for RPM ERROR Unresolved graphic fileref s020257 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images Figure 27 Probe Test Quick Configuration Page for RPM ERROR Unresolved graphic fileref 5020258 gif not found in Weamsite 1 default main TechPubsWorkInProgress STAGING images To configure RPM parameters with Quick Configuration 1 In the J Web interface select Configuration gt Quick Configu
402. s sent and received Detailed output includes the MPLS labels used for each request and the return codes for each request Following is sample output from a ping mpls I2vpn command userQhost ping mpls 12vpn instance vpnl remote site id 1 local site id 2 detail Request for seq 1 to interface 68 labels 800001 100176 Reply for seq 1 return code Egress ok Request for seq 2 to interface 68 labels 800001 100176 Reply for seq 2 return code Egress ok Request for seq 3 to interface 68 labels 800001 100176 Reply for seq 3 return code Egress ok Request for seq 4 to interface 68 labels 800001 100176 Reply for seq 4 return code Egress ok Request for seq 5 to interface 68 labels 800001 100176 m 235 Using CLI Diagnostic Commands J series Services Router Administration Guide Reply for seq 5 return code Egress ok sping statistics 5 packets transmitted 5 packets received 0 packet loss The fields in the display are the same as those displayed by the J Web ping MPLS diagnostic tool For information see Ping MPLS Results and Output on page 222 Pinging Layer 2 Circuits Enter the ping mpls I2circuit command with the following syntax Table 120 on page 256 describes the ping mpls I2circuit command options user host gt ping mpls 12circuit interface interface name virtual circuit neighbor prefix name virtual circuit id exp forwarding class count number source
403. sages with the J Web Event Viewer Chapter 9 Configuring and Monitoring Alarms Alarm Terms Table 88 Alarm Terms Alarms on a J series Services Router alert you to conditions on a network interface on the router chassis or in the system software that might prevent the router from operating normally You can set the conditions that trigger alarms on an interface Chassis and system alarm conditions are preset An active alarm lights the ALARM LED on the front panel of the router You can monitor active alarms from the J Web interface or the CLI This chapter contains the following topics For more information about alarms see the JUNOS System Basics Configuration Guide m Alarm Terms on page 165 m Alarm Overview on page 166 m Before You Begin on page 172 w Configuring Alarms with a Configuration Editor on page 172 m Checking Active Alarms on page 174 m Verifying the Alarms Configuration on page 175 Before configuring and monitoring alarms on Services Routers become familiar with the terms defined in Table 88 on page 165 Term Definition alarm Signal alerting you to conditions that might prevent normal operation On a Services Router the alarm signal is the yellow ALARM LED lit on the front of the chassis alarm condition Failure event that triggers an alarm alarm severity Seriousness of the alarm The level of severity can be either major red or minor yellow chassis alarm Predefine
404. scripts var db scripts commit directory ssss 90 disabling une e onc vereri eee 91 ENABLING EE 90 OVERVIEW i ctore eee ipe iden t tr eg dep ep seas 89 superuser privileges required for 90 Common Criteria disabling the console port event logging information event policy information x user account iNformMation eee communities SNMP See SNMP communities compact flash configuring nare Leere re eei eines 189 configuring for failure snapshot storage 190 COITUDEe series cr deep etm ste qe 179 Index displaying size displaying usage internal recovering minor yellow alarm TECOVETING au Sesto eet ehe cunda us See also compact flash recovery compact flash recovery adapter fob eoe eto te toast er renes 192 copying the JUNOS image ees 192 TEASONS LOR iones Loo res quete o PO Eg REP Edo 191 r quirernerits euet teet ru ieu Reset EAA REUS 192 components partnumbets i adire ect eaen oe 115 serial rumbers u pte tet i een 115 configuration alarm condition indicator eee 175 autoinstallation of aie ee eee eed 81 consistency checking with commit scripts 89 downgrading software CLI 185 downgrading software J Web ssssss 185 installation on multiple Services Routers 81 interfaces displaylngl rete ttt tette 114 modification and checking with operation SCRIP US es eet in ote taa ote
405. se specific supported MIBS see the JUNOS Network Management Configuration Guide Enterprise specific MIBs are developed and supported by a specific equipment manufacturer If your network contains devices that have enterprise specific MIBs you must obtain them from the manufacturer and compile them into your network management software To download enterprise MIBs for a Services Router go to http www juniper net techpubs software index_mibs html You can grant access to only specific SNMP managers for particular SNMP agents by creating SNMP communities The community is assigned a name that is unique on the host All SNMP requests that are sent to the agent must be configured with the same community name When multiple agents are configured on a particular host the community name process ensures that SNMP requests are sorted to only those agents configured to handle the requests Additionally communities allow you to specify one or more addresses or address prefixes to which you want to either allow or deny access By specifying a list of Chapter 3 Configuring SNMP for Network Management clients you can control exactly which SNMP managers have access to a particular agent SNMP Traps The get and set commands that SNMP uses are useful for querying hosts within a network However the commands do not provide a means by which events can trigger a notification For instance if a link fails the health of the link is unknown until
406. section contains the following topics For more information about traceroute commands see the JUNOS System Basics and Services Command Reference m Using the traceroute Command on page 257 m Using the traceroute monitor Command on page 258 Using the traceroute Command To display a list of routers between the Services Router and a specified destination host enter the traceroute command with the following syntax Table 121 on page 257 describes the traceroute command options userGhost gt traceroute host interface interface name lt as number 1ookup gt bypass routing gateway address inet inet6 gt lt no resolve gt routing instance routing instance name source source address tos number ttl number wait seconds To quit the traceroute command press Ctrl C Table 121 CLI traceroute Command Options Option Description host Sends traceroute packets to the hostname or IP address you specify interface interface name Optional Sends the traceroute packets on the interface you specify If you do not include this option traceroute packets are sent on all interfaces as number lookup Optional Displays the autonomous system AS number of each intermediate hop between the router and the destination host Using CLI Diagnostic Commands m 237 J series Services Router Administration Guide Table 121 CLI traceroute Command Options continued Option Description
407. ser s full name If the full name contains spaces enclose it in quotation marks Do not include colons or commas m User identifier UID Numeric identifier that is associated with the user account name The identifier must be in the range 100 through 64000 and must be unique within the router If you do not assign a UID to a username the software assigns one when you commit the configuration preferring the lowest available number m User s access privilege You can create login classes with specific permission bits or use one of the default classes listed in Table 6 on page 5 m Authentication method or methods and passwords that the user can use to access the router You can use SSH or an MD5 password or you can enter a plain text 4 User Authentication Overview Chapter 1 Managing User Authentication and Access password that the JUNOS software encrypts using MD5 style encryption before entering it in the password database If you configure the plain text password option you are prompted to enter and confirm the password Login Classes All users who log into the Services Router must be in a login class You can define any number of login classes With login classes you define the following m Access privileges users have when they are logged into the router For more information see Permission Bits on page 5 m Commands and statements that users can and cannot specify For more information see Denying or Allowi
408. service set You must configure IPSec services in a separate service set For more information about using service sets with these features see the J series Services Router Advanced WAN Access Configuration Guide Service set information includes the services interfaces on the Services Router the number of services sets configured on the interfaces and the total CPU used by the service sets To view these service set properties select Monitor Service Sets in the J Web interface or enter the following CLI show commands m Show services service sets summary m Show services service sets memory usage Table 69 on page 156 summarizes key output fields in service sets displays Using the Monitoring Tools m 135 J series Services Router Administration Guide Table 69 S ummary of Key Service Set Output Fields Field Values Additional Information Service Set Summary Interface Name of the adaptive services interface on the Services Router always sp 0 0 0 Service sets Total number of service sets configured on the configured Services Router Bytes used Total number of general purpose memory bytes being A portion of the general purpose memory on a Services used by the service set configuration Router is allocated for storing traffic flows NAT pools and so on Policy Total number of configuration object memory bytes A portion of the general purpose memory on a Services bytes
409. ses in the number of minutes from now that you specify m yymmddhhmm Stops the software processes at the absolute time you specify Enter the year month day hour in 24 hour format and minute m hh mm Stops the software processes at the absolute time that you specify on the current day Enter the time in 24 hour format using a colon to separate hours from minutes in minutes Specifies the number of minutes from now to stop the software processes on the router This option is a synonym for the at minutes option media type Specifies the boot device to boot the router from after the halt compact flash Reboots from the internal compact flash This is the default removable compact flash Reboots from the optional external compact flash This option is available on J2320 J2350 J4300 and J6500 Services Routers only usb Reboots from the USB storage device message text Provides a message to display to all system users before the software processes on the router are stopped Rebooting or Halting a Services Router M 197 J series Services Router Administration Guide 198 1H Rebooting or Halting a Services Router Chapter 11 Managing Files Before You Begin You can use the J Web interface to perform routine file management operations such as archiving log files and deleting unused log files cleaning up temporary files and crash files and downloading log files from the routing platform to your
410. severity yellow See minor alarms Index mM 291 J series Services Router Administration Guide Alarms Summary page alert logging severity alias COS value iere alternative boot media See boot devices USB ambient temperature monitoring sssssssss 112 any level statemient 4 i ie tete ed merear 162 any logging facility a nett ete dett cet 157 archiving system JOBS ii os ertt e tr ense 161 arithmetic operators for multicast traffic 250 AS path displaying en oerte reos 117 AT commands for modem initialization description os dd etel lees e des 31 IrodifVitig i 4 Lis ee o ober ebd 41 attacks brute force preventing eects 26 detecting With IDS tee ile tii de 139 dictionary Preventing eee eteeeees 26 authentication adding a RADIUS server Quick Configuration 8 adding a TACACS server Quick Configuration d vence ster tte eben eot facet local password by default 000 ees lOgitUelassesi ocaecat reves MEKAS M E order of user authentication configuration EGILOTD c aetema eret I a e re RADIUS authentication configuration editor specifying a method Quick Configuration specifying access privileges Quick Configuration 11 TACACS authentication configuration CCILOR eera iip EREE ASEAS Ea e OT 15 User accounts eiecit hcestat octets 4 17 authorization logging facility 157 autoinstallation automatic configuration p
411. sion To configure a dial up modem connection at the user end 1 At your remote location connect a modem to a management device such as a PC or laptop computer 2 Connect the modem to your telephone network 5 Onthe PC or laptop computer select Start gt Settings gt Control Panel gt Network Connections The Network Connections page is displayed 4 Click Create a new connection The New Connection Wizard is displayed 5 Click Next The New Connection Wizard Network Connection Type page is displayed 6 Select Connect to the network at my workplace and then click Next The New Connection Wizard Network Connection page is displayed 7 Select Dial up connection and then click Next The New Connection Wizard Connection Name page is displayed 8 In the Company Name box type the dial up connection name for example USB modem connect and then click Next The New Connection Wizard Phone Number to Dial page is displayed 9 Inthe Phone number box type the telephone number of the PSTN line connected to the USB modem at the router end 10 Click Next twice and then click Finish Connecting to the Services Router from the User End M 39 J series Services Router Administration Guide The Connect USB modem connect page is displayed If CHAP is configured on the dialer interface used for the USB modem interface at the router end type the username and password configured in the CHAP configuration in
412. sis or processing units for which Customer has paid the applicable license fees provided however with respect to the Steel Belted Radius or Odyssey Access Client software only Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors Use of the Steel Belted Radius software on multiple computers requires multiple licenses regardless of whether such computers are physically contained on a single chassis C Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s use of the Software Such limits may restrict use to a maximum number of seats registered endpoints concurrent users sessions calls connections subscribers clusters nodes realms devices links ports or transactions or require the purchase of separate licenses to use particular features functionalities services applications operations or capabilities or provide throughput performance configuration bandwidth interface processing temporal or geographical limits In addition such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software Customer s use of the Software shall be subject to all such limitations and purchase of all applicable licenses d For any trial copy of the Softwar
413. sly in the following modes m As a backup interface and a dialer filter m Asa backup interface and dialer watch interface m As a dialer watch interface and a dialer filter m Asa backup interface for more than one primary interface How a Services Router Initializes USB Modems When you connect the USB modem to the USB port on the Services Router the router applies the modem AT commands configured in the init command string command to the initialization commands on the modem For more information about configuring modem commands for the initcommand string command see Modifying USB Modem Initialization Commands on page 41 If you do not configure modem AT commands for the init command string command the router applies the following default sequence of initialization commands to the modem AT S7 45 SO 0 V1 X4 amp C1 EO QO amp Q8 CO Table 25 on page 31 describes the commands For more information about these commands see the documentation for your modem Table 23 J series Default Modem Initialization Commands Modem Command Description AT Attention Informs the modem that a command follows S7 45 Instructs the modem to wait 45 seconds for a telecommunications service provider carrier signal before terminating the call SO 0 Disables the auto answer feature whereby the modem automatically answers calls V1 Displays result codes as words amp C1 Disables reset of the modem when it loses the
414. source address detail To quit the ping mpls I2circuit command press Ctrl C Alternatively you can use the J Web interface See Checking MPLS Connections from the J Web Interface on page 219 Table 120 CLI ping mpls I2circuit Command Options Option Description I2circuit interface interface name Sends ping requests out the specified interface configured for the Layer 2 circuit on the outbound PE router I2circuit virtual circuit neighbor prefix name virtual circuit id Pings on a combination of the IPv4 prefix and the virtual circuit identifier on the outbound PE router testing the integrity of the Layer 2 circuit between the inbound and outbound PE routers exp forwarding class Optional Specifies the value of the forwarding class to be used in the MPLS ping packets countnumber Optional Limits the number of ping requests to send Specify a count from O through 1 000 000 The default value is 5 If you do not specify a count ping requests are continuously sent until you press Ctrl C source source address Optional Uses the source address that you specify in the ping request packet detail Optional Displays detailed output about the echo requests sent and received Detailed output includes the MPLS labels used for each request and the return codes for each request Following is sample output from a ping mpls I2circuit command userGhost gt ping mpls 12circuit interfa
415. ss Specifies the source address of the ping request packet Type the source IP address a valid address configured on a Services Router interface Count Specifies the number of ping requests to send From the list select the number of ping requests to send Detailed Output Requests the display of extensive rather than brief ping output Select the check box to display detailed output Ping end point of LSP VPN Prefix Identifies the LSP endpoint to ping Type either the LDP FEC prefix and length or the RSVP LSP endpoint address for the LSP to ping Checking MPLS Connections from the J Web Interface m 221 J series Services Router Administration Guide Table 110 J Web Ping MPLS Field Summary continued Field Function Your Action Source Address Specifies the source address of the ping request Type the source IP address a valid address packet configured on a Services Router interface Count Specifies the number of ping requests to send From the list select the number of ping requests to send Detailed Output Requests the display of extensive rather than brief Select the check box to display detailed output ping output Ping MPLS Results and Output Table 111 on page 222 summarizes the output in the ping MPLS display If the Services Router receives no responses from the destination host review the list after Table 111 on page 222 for a possible explanation Table
416. sses to be matched for capturing the packets using a combination of the following parameters m Direction Matches the packet headers for IP address hostname or network address of the source destination or both m Type Specifies if packet headers are matched for host address or network address You can add multiple entries to refine the match criteria for addresses Select address matching criteria For example 1 From the Direction list select source From the Type list select host 2 3 In the Address box type 10 1 40 48 4 Click Add Protocols Matches the protocol for which packets are captured You can choose to capture TCP UDP or ICMP packets or a combination of TCP UDP and ICMP packets From the list select a protocol for example tcp Ports Matches packet headers containing the specified source or destination TCP or UDP port number or port name Select a direction and a port For example 1 From the Type list select src 2 Inthe Port box type 23 Advanced Options Capturing and Viewing Packets with the J Web Interface m 227 J series Services Router Administration Guide Table 114 Packet Capture Field Summary continued Field Function Your Action Absolute TCP Sequence Specifies that absolute TCP sequence numbers are to be displayed for the packet headers m To display absolute TCP sequence numbers in the packet headers select this check b
417. st Standard deviation round trip time Standard deviation of the round trip times from the Services Router to the remote server as measured over the course of the test Jitter Difference between the maximum and minimum round trip times as measured over the course of the test Inbound and Outbound Times ICMP Timestamp Probes Only Minimum egress time Shortest one way time from the Services Router to the remote server as measured over the course of the test Maximum ingress time Shortest one way time from the remote server to the Services Router as measured over the course of the test Average egress time Average one way time from the Services Router to the remote server as measured over the course of the test Average ingress time Average one way time from the remote server to the Services Router as measured over the course of the test Standard deviation egress time Standard deviation of the one way times from the Services Router to the remote server as measured over the course of the test Standard deviation ingress time Standard deviation of the one way times from the remote server to the Services Router as measured over the course of the test Egress jitter Difference between the maximum and minimum outbound times as measured over the course of the test Ingress jitter Difference between the maximum and minimum inbound times as measu
418. stem Basics and Services Command Reference J series Services Router Administration Guide Managing User Authentication and Access JUNOS System Basics Configuration Guide Secure Configuration Guide for Common Criteria and JUNOS FIPS Setting Up USB Modems for Remote Management Configuring SNMP for Network Management JUNOS Network Management Configuration Guide Configuring the Router as a DHCP Server Configuring Autoinstallation JUNOS System Basics Configuration Guide Automating Network Operations and Troubleshooting JUNOS Configuration and Diagnostic Automation Guide Monitoring the Router and Routing Operations JUNOS System Basics and Services Command Reference JUNOS Interfaces Command Reference JUNOS Routing Protocols and Policies Command Reference Monitoring Events and Managing System Log Files JUNOS System Log Messages Reference Secure Configuration Guide for Common Criteria and JUNOS FIPS XX Related Juniper Networks Documentation About This Guide Table 4 J series Guides and Related JUNOS Software Publications continued Chapter in a J series Guide Corresponding JUNOS Software Manual Configuring and Monitoring Alarms JUNOS System Basics Configuration Guide Performing Software Upgrades and Reboots JUNOS Software Installation and Upgrade Guide Managing Files JUNOS System Basics Configuration Guide Using Services Router Diagnosti
419. t request Make system level requests resolve Resolve IP addresses save Save output text to file trim Trim specified number of columns from start of line You can specify complex expressions as an option for the match and except filters For more information about command output filtering and creating match expressions see the JUNOS CLI User Guide NOTE To filter the output of configuration mode commands use the filter commands provided for the operational mode commands In configuration mode an additional filter is supported See the series Services Router Basic LAN and WAN Access Configuration Guide Before You Begin 106 m Before You Begin To use the J Web interface and CLI operational tools you must have the appropriate access privileges For more information about configuring access privilege levels see Adding New Users on page 11 and the JUNOS System Basics Configuration Guide Chapter 7 Monitoring the Router and Routing Operations Using the Monitoring Tools This section describes the monitoring tools in detail It contains the following topics m Monitoring System Properties on page 107 m Monitoring the Chassis on page 111 m Monitoring the Interfaces on page 115 a Monitoring Routing Information on page 115 a Monitoring Class of Service Performance on page 125 a Monitoring MPLS Traffic Engineering Information on page 130 mw Monitoring Service Sets on page 155 m Monitoring Firewalls on page
420. t Size box plus 8 m ip address IP address of destination host that sent the ping response packet icmp_seq O icmp_seq number number Sequence Number field of the ping response packet You can use this value to match the ping response to the corresponding ping request ttl number number Time to live hop count value of the ping response packet time time time Total time between the sending of the ping request packet and the receiving of the ping response packet in milliseconds This value is also called round trip time number packets transmitted number Number of ping requests probes sent to host number packets received number Number of ping responses received from host percentage packet loss percentage Number of ping responses divided by the number of ping requests specified as a percentage round trip min avg max stddev m min ime Minimum round trip time see time time field in this table min time avg time max time std dev m avg time Average round trip time s m maxtime Maximum round trip time m std dev Standard deviation of the round trip times If the Services Router does not receive ping responses from the destination host the output shows a packet loss of 100 percent one of the following explanations might apply m The host is not operational m There are network connectivity problems between the Services Router and the host m The host m
421. t the configured m show services statefuHfirewall IDS flows ee m IDS information For details see Monitoring Firewalls on page 136 m show services ids destination table show services ids source table a show services ids pair table IPSec Displays configured IPSec tunnels and statistics and IKE security m show services ipsec vpn ipsec associations statistics m show services ipsec vpn ipsec For details see Monitoring IPSec Tunnels on page 140 security associations m show services ipsec vpn ike security associations NAT Displays configured NAT pools m show services nat pool For details see Monitoring NAT Pools on page 142 104 m Monitoring Overview Chapter 7 Monitoring the Router and Routing Operations Table 47 J Web Monitor Options and Corresponding CLI show Commands continued Monitor Option Function Corresponding CLI Commands DHCP Displays DHCP dynamic and static leases conflicts pools and m show system services dhcp binding Statistics m show system services dhcp conflict For details see Monitoring DHCP on page 143 8 SHOW System servives uh op Bob m show system services dhcp statistics RPM Displays probe results for all RPM probes configured on the show services rpm probe results Services Router including the round trip times jitter and loss percentage of probes sent Additionally the RPM monitoring page displays a graph that plots the probe results as a function of
422. t to Pool click Add new entry 4 Inthe Pool identifier box type usb modem dialer pool 5 In the Priority box type 25 6 Click OK until you return to the nterface page Enter set dialer options pool usb modem dialer pool priority 25 The SO 0 command in the defaul modem initialization sequence AT S7 45 SO 0 V1 X4 amp C1 EO QO amp Q8 6CO disables the modem from automatically answering calls Configure the modem to automatically answer Calls after a specified number of rings For more information abou modem initialization commands see How a Services Router Initializes USB Modems on page 31 and Modifying USB Modem Initialization Commands on page 41 1 Next to Modem options click Configure 2 Inthe Init command string box type ATSO 2 to configure the modem to automatically answer after two rings 3 Click OK Enter set modem options init command string ATSO 2 n 34 m Configuring USB Modem Interfaces with a Configuration Editor Chapter 2 Setting Up USB Modems for Remote Management Configuring a Dialer Interface Required The dialer interface dl is a logical interface configured to establish USB modem connectivity You can configure multiple dialer interfaces for different functions on the Services Router To configure a logical dialer interface for the Services Router 1 Navigate to the top of the interfaces configuration hierarchy in either the J Web or CLI c
423. tallation network managet ieii a n 47 packet captures etie ee e bet Tuta 253 performance Monitoring eee eens 267 rebooting CDAS aa aanta Oi e 195 rebooting J Web esee 194 serial number displaying 107 Software upgrades reete eedem tein 179 USB modems for remote management 29 sessions BGP peer status details 118 BGP peer status SUMMALY 0c 118 RSVP MONON E 5 sicot ee tre Git 134 Telnet ioco e fi ps d chat ee itia do teda 25 set no encrypt configuration files command 205 SEUTECUESES saat EET E Aso ut te Sat set system dump device command 0 OI NTE ge er TREES severity levels for alarms See alarm severity for systern logs eee t tede tee t 158 show bgp neighbor command ssssss 147 show bgp summary command sssss 117 show chassis alarms command 111 174 175 show chassis environment command 111 show chassis fpc command 111 show chassis hardware command 111 show chassis power ratings command 111 show class of service classifier command 124 show class of service code point aliases commandi ioter pet dete pe cer dete 125 show class of service command sssssssss 125 show class of service drop profile command 126 show class of service forwarding class command 127 show class of service rewrite rules command 128 Index
424. te ee Add a User Quick Configuration page 11 field summary etie ect er pente 11 addresses attacking displaying with IDS 159 destination displaying ees 116 under attack displaying with IDS 139 Advanced Encryption Standard AES See AES encryption AES encryption for Canada and U S JUNOS cece 203 SOUUN Si io sre eb ie creer eon o e p PR ER RITE OR foes 204 agents SNMP See SNMP agents air filter clogged ien tu oon tpe 171 alarm class See alarm severity ALARM CED COLOR rk Arne a e tab tert ets 166 alarm severity action Xequired erect ree Re DRE 175 configuring for an interface 172 displaying de eveniet ee rS e e 175 major red ud edades e edt en Ase 167 See also major alarms rrinor yellow ia etre eoe pem edere 167 See also minor alarms alarms active Checking oce pp teer ede 174 active displaying at login eee 174 conditions in chassis components 171 conditions on an interface eee 168 configurable tt teet rt te deed 168 configuration requirements for interface alartis nest e ERE E eek Od Er I QUSS 172 displaying for chassis 111 displaying for interfaces 115 licens ESen ia a e ER ER 172 major See major alarms minor See minor alarms FOODItORIgs cao creer ette EE eT 174 OVVIE Wo oa ea a r A A tenants eke os 166 red See major alarms ted Web indleator ipe t abes 174 rescue configuration ere est roges 172 severity See alarm
425. tem ports console hierarchy 2 Next to System click Configure or Edit 5 Next to Ports click Configure or Edit 4 Next to Console click Configure or Edit Secure the console 1 Select one of the following check boxes Do one of the following ort Disable Console port is disabled m To disable the console port enter Insecure Root login connections to the set disable console are disabled m To disable root login connections to the m Log out on disconnect Logs out the console console enter session when the serial cable connected to set insecure the console port is unplugged m Tologoutthe console session when the 2 Click OK serial cable connected to the console port is unplugged enter set log out on disconnect Accessing Remote Devices with the CLI This section contains the following topics m Using the telnet Command on page 24 m Using the ssh Command on page 25 Using the telnet Com mand You can use the CLI telnet command to open a Telnet session to a remote device userGhost gt telnet host lt 8bit gt bypass routing inet interface interface name gt lt no resolve gt port port routing instance routing instance name source address gt 24 HW Accessing Remote Devices with the CLI Chapter 1 Managing User Authentication and Access To escape from the Telnet session to the Telnet command prompt press Ctrl To exit from the Telnet session and return to the CLI command prompt
426. tem set encryption key algorithm des command s cec oe det tut etes eoe tes tete sts 204 request system set encryption key command 204 request system set encryption key des unique 204 request system set encryption key unique 204 request system snapshot command 189 ODLIONS Joost MAE ath ra e tester Meee M LAP as 189 request system software add no validate unlink reboot Commands qu ance tt ta aaa n EUM 184 Index request system storage cleanup command 202 request system storage cleanup dry run rescue configuration alarm about Resource Reservation Protocol See RSVP retry limits for passwords 26 Reverse Address Resolution Protocol RARP for utoinstallatiori ion ride ette Ere idea 86 reverting to a previous configuration file J Web 185 rewrite TUES COS servet tee he Opa tirages 128 RIP Routing Information Protocol MONON acd teg epi ette etd 120 Statistic S Essen be eee dist e a iss 120 RIP neighbors displaying dea ue tr iaaa cete qutd pes 121 SCATUS oko dettodtesee tdg e tute e ede debe 121 RIP routing information 120 RJ 45 to DB 9 serial port adapter 21 RMON remote monitoring See SNMP health monitor rolling back a configuration file to downgrade software rollover cable connecting the console port root login to the console disabling root password recovery maea n a ae e rotatitig THES ya caverta tree den ge e pisi ed
427. ter set data fill ABCD123 Specify the data size of the RPM probe in bytes a value from 0 through 65507 for example 1024 In the Data size box type 1024 Enter set data size 1024 Configure port 50000 as the TCP port to which the RPM probes are sent In the Destination port box type 50000 Enter set destination port 50000 Specify the number of probe results to be saved in the probe history for example 25 The range is between O and 255 and the default is 50 In the History size box type 25 Enter Set history size 25 Configure the probe count for example 5 and probe interval for example 1 m Probe count Total number of RPM probes to be sent for each test The range is between 1 and 15 and the default is 1 m Probe interval Wait time in seconds between RPM probes The range is between 1 and 255 and the default is 3 1 In the Probe count box type 5 2 Inthe Probe interval box type 1 Enter set probe count 5 probe interval 1 Specify the type of probe to be sent as part of the test tcp ping NOTE If you do not specify the probe type the default ICMP probes are sent In the Probe type box select tcp ping Enter set probe type tcp ping Configure a value between 0 and 86400 seconds for the interval between tests for example 60 1 In the Test interval box type 60 2 Click OK Enter set test interval 60 284 m Config
428. terface Number of interfaces on which RSVP is active Each interface has one line of output Interface Name of the interface 134 m Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 68 Summary of Key RSVP Interfaces Information Output Fields continued Field Values Additional Information State State of the interface m Disabled No traffic engineering information is displayed Down The interface is not operational m Enabled Displays traffic engineering information m Up The interface is operational Active resv Number of reservations that are actively reserving bandwidth on the interface Subscription User configured subscription factor Static BW Total interface bandwidth in bits per second bps Available BW Amount of bandwidth that RSVP is allowed to reserve in bits per second bps It is equal to static bandwidth X subscription factor Reserved BW Currently reserved bandwidth in bits per second bps Highwater mark Highest bandwidth that has ever been reserved on this interface in bits per second bps Monitoring Service Sets A service set is a group of rules from a stateful firewall filter Network Address Translation NAT intrusion detection service IDS or IP Security IPSec that you apply to a services interface You can configure IDS NAT and stateful firewall filter service rules within the same
429. test Earliest System time when the first probe in the sample was Sample received Latest System time when the last probe in the sample was Sample received Mean Value Average jitter for the 50 probe sample Standard Standard deviation of the jitter values for the Deviation 50 probe sample Lowest Smallest jitter value as measured over the 50 probe Value sample Time of System time when the lowest value in the 50 probe Lowest sample was received Sample Highest Highest jitter value as measured over the 50 probe Value sample Time of System time when the highest jitter value in the Highest 50 probe sample was received Sample Monitoring PPP PPP monitoring information includes PPP address pool information session status for PPP interfaces cumulative statistics for all PPP interfaces and a summary of PPP sessions eS NOTE PPP monitoring information is available only in the CLI The J Web interface does not include pages for displaying PPP monitoring information To display PPP monitoring information enter the following CLI commands m Show ppp address pool pool name m Show ppp interface interface name m Show ppp statistics m show ppp summary Using the Monitoring Tools m 147 J series Services Router Administration Guide Monitoring PPPoE For information about these CLI commands see the JUNOS Interfaces Command Reference The PPPoE monitoring information is displayed in multiple parts To
430. the J Web Event Viewer Filtering System Log Messages ssssssssss Viewing System Log Messages sssssssssssRRHR Configuring and Monitoring Alarms Alarm Terms cs b testes e dettitosvt teni hose sedet Au ft Pu a Lo oe aret trata Alati OVerVie W 2 one terrere de o dete ore qe e a wee EXP eee al ue ages Alanis TVDeSs dote e I ouk A A tM eoe teak OH eb Died Alarm Severlty ze E D NH ee HORS RR Ain EE RP Ta EE Alarm GonditlOB 2o ecnse detto ciues eet btt rp cete ellos Arator Interface Alarm Conditions ssiri i e ia rieni KEE Chassis Alarm Conditions and Corrective Actions ssss System Alarm Conditions and Corrective Actions ss Balore Tou BEGIN neueste rte art Le bastuled dhdatateha celta tanet ert n e aetas Configuring Alarms with a Configuration Editor sssssss Checking ActivecAlarms s cioe c netu e Pe Ene er eee tin Eod Verifying the Alarms Configuration ssssssss e Displaying Alarm Configurations siniestra ieie ee Managing Services Router Software Performing Software Upgrades and Reboots Upgrade and Downgrade Overview ssssssssss Upgrade Software Packages inace irdenas de eie Aatas Ee AEREA Ei Recovery SoftWare Packages enei et pel ete te AN eg Before VOU DEEI shoot i araea a EAA Eai Downloading Software Upgrades from Juniper Networks Installing Software Upgrades with the J Web Interface
431. the PID field in show system processes command output Process Name of the process owner Owner Process Command that is currently running Individual processes on the Services Router are listed Name here Because each process within JUNOS operates in a protected memory environment you can diagnose whether a particular process is consuming an abnormal amount of resources If a software process is using too much CPU or memory you can restart the process by entering the restart command from the CLI CPU Usage Percentage of the CPU that is being used by the process Using the Monitoring Tools m 109 J series Services Router Administration Guide Table 48 Summary of Key System Properties Output Fields continued Field Values Additional Information Memory Percentage of the installed RAM that is being used by Usage the process System Storage Total Flash Total size in megabytes of the primary flash device Size Usable Total usable memory in megabytes of the primary The total usable flash memory is the total memory Flash Size flash device minus the size of the JUNOS image installed on the Services Router Flash Used Total flash memory used in megabytes and as a percentage of the total usable flash size of the primary flash device Log Files Total size in kilobytes of the log files on the Services This is the sum of file sizes in the var log directory Router Temporary Total si
432. the agent indicates status in a Set response message m Traps notification The agent sends traps to notify the manager of significant events that occur on the network device Management Information Base SNMP Communities 48 m SNMP Architecture Agents store information in a hierarchical database called the Structure of Management Information SMI The SMI resembles a file system Information is stored in individual files that are hierarchically arranged in the database The individual files that store the information are known as Management Information Bases MIBs Each MIB contains nodes of information that are stored in a tree structure Information branches down from a root node to individual leaves in the tree and the individual leaves comprise the information that is queried by managers for a given MIB The nodes of information are identified by an object ID OID The OID is a dotted integer identifier 1 3 6 1 2 1 2 for instance or a subtree name such as interfaces that corresponds to an indivisible piece of information in the MIB MIBs are either standard or enterprise specific Standard MIBs are created by the Internet Engineering Task Force IETF and documented in various RFCs Depending on the vendor many standard MIBs are delivered with the NMS software You can also download the standard MIBs from the IETF Web site http www ietf org and compile them into your NMS if necessary For a list of standard and enterpri
433. the chassis serial number of your router Configuration files that are encrypted with a unique encryption key cannot be decrypted on any other router The encryption process encrypts only the configuration files in the config and var db config directories Files in subdirectories under these directories are not encrypted The filenames of encrypted configuration files have the extension z jc for example juniper conf gz jc a NOTE You must have superuser privileges to encrypt or decrypt configuration files This section contains the following topics mw Encrypting Configuration Files on page 204 mw Decrypting Configuration Files on page 205 m Modifying the Encryption Key on page 205 Encrypting and Decrypting Configuration Files m 203 J series Services Router Administration Guide Encrypting Configuration Files To encrypt configuration files on a Services Router le 2 Enter operational mode in the CLI To configure an encryption key in EEPROM and determine the encryption process enter one of the request system set encryption key commands described in Table 105 on page 204 Table 103 request system set encryption key Commands CLI Command Description request system set encryption key Sets the encryption key and enables default configuration file encryption as follows m X AES encryption for the Canada and U S version of the JUNOS software m DES encryption for the international version of the JU
434. the display as a PIC Version Revision level of the specified hardware component Supply the version number when reporting any hardware problems to customer support 112 1H Using the Monitoring Tools Table 50 Summary of Key Chassis Output Fields continued Chapter 7 Monitoring the Router and Routing Operations Field Values Additional Information Part Part number of the chassis component umber Serial Serial number of the chassis component The serial Use this serial number when you need to contact umber number of the backplane is also the serial number customer support about the router chassis of the router chassis Description Brief description of the hardware item For J series PIMs the description lists the number and type of the ports on the PIM identified in the display as a PIC FPC Summary Slot FPC or PIM slot number On J series Services Routers an FPC and a PIM are the same physical unit State State of the slot Dead Held in reset because of errors Diag Slot is being ignored while the FPC or PIM is running diagnostics m Dormant Held in reset m Empty No FPC or PIM is present m Online FPC or PIM is online and running m Probed Probe is complete The FPC is awaiting restart of the Packet Forwarding Engine PFE m Probe wait The FPC is waiting to be probed Temp C Temperature of the air passing by the FPC in degrees J series Services Routers do not monitor
435. the interface 1 Inthe T5 field click Configure From the Ylw list select red From the Exz list select yellow From the Los list select red Or de cO d Click OK 1 Enter set t3 ylw red 2 Enter set t3 exz yellow 5 Enter set t3 los red Configuring Alarms with a Configuration Editor m 173 J series Services Router Administration Guide Table 92 Configuring Interface Alarms continued Task J Web Configuration Editor CLI Configuration Editor Configure the system to display active system alarms whenever a user with the login class admin logs in to the router To define login classes see the JUNOS System Basics Configuration Guide 1 On the main Configuration page next to System click Configure or Edit Next to Login click Configure or Edit In the Class field click Add new entry In the Class name field type admin Select the Login alarms check box Click OK l Enter edit system login Enter set class admin login alarms Checking Active Alarms The alarm information includes alarm type alarm severity and a brief description for each active alarm on the Services Router To view the active alarms select Alarms in the J Web interface or enter the following CLI show commands m Show chassis alarms m Show system alarms NOTE If a Services Router has active alarms and you have not displayed the View Alarms page Alarms in the taskbar
436. the interface you specify If you do not include this option ping requests are sent on all interfaces bypass routing Optional Bypasses the routing tables and sends the ping requests only to hosts on directly attached interfaces If the host is not on a directly attached interface an error message is returned Use this option to ping a local system through an interface that has no route through it countnumber Optional Limits the number of ping requests to send Specify a count from 1 through 2 000 000 000 If you do not specify a count ping requests are continuously sent until you press Ctrl C do not fragment Optional Sets the Don t Fragment DF bit in the IP header of the ping request packet inet Optional Forces the ping requests to an IPv4 destination inet6 Optional Forces the ping requests to an IPv6 destination interval seconds Optional Sets the interval between ping requests in seconds Specify an interval from 0 1 through 10 000 The default value is 1 second oose source hosts Optional For IPv4 sets the loose source routing option in the IP header of the ping request packet no resolve Optional Suppresses the display of the hostnames of the hops along the path pattern string Optional Includes the hexadecimal string you specify in the ping request packet rapid Optional Sends ping requests rapidly The results are reported in a s
437. ther states are transition states and BGP A SONUS Am OPEN MESIE sessions normally do not stay in those states for m Connect BGP is waiting for the TCP connection extended periods of time to become complete m Established The BGP session has been established and the peers are exchanging BGP update messages m ldle This is the first stage of a connection BGP is waiting for a Start event m OpenConfirm BGP has acknowledged receipt of an open message from the peer and is waiting to receive a keepalive or notification message m X OpenSent BGP has sent an open message and is waiting to receive an open message from the peer 118 1H Usingthe Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 53 Summary of Key BGP Routing Output Fields continued Field Values Additional Information Export Names of any export policies configured on the peer Import Names of any import policies configured on the peer Number of Number of times the BGP sessions has changed state A high number of flaps might indicate a problem with flaps from Down to Up the interface on which the session is established Monitoring OSPF Routing Information To view OSPF routing information select Monitor Routing OSPF Information or enter the following CLI commands m Show ospf neighbors m show ospf interfaces m Show ospf statistics Table 54 on page 119 summarizes key output fields in the OSPF routing
438. thm PRF The pseudorandom function that generates highly unpredictable random numbers hmac md5 or hmac sha1 Input Bytes umber of bytes received on the IKE security association Output Bytes umber of bytes transmitted on the IKE security association Input Packets umber of packets received on the IKE security association Output Packets umber of packets transmitted on the IKE security association IPSec Security Associations umber of IPSec security associations that have been created and deleted on the router Only security associations whose negotiations are complete are listed When a security association is taken down it is listed as a deleted security association Phase 2 Negotiations in Progress Number of phase 2 IKE negotiations in progress Monitoring NAT Pools 142 m NAT pool information includes information about the address ranges configured within the pool on the Services Router To view NAT pool information select Monitor NAT in the J Web interface or enter the following CLI show command Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations show services nat pool Table 75 on page 145 summarizes key output fields in NAT displays Table 75 Summary of Key NAT Output Fields Field Values NAT Pools AT Pool Name of the NAT pool Pool Start Address Lower address in the NAT pool address range Pool Address
439. threshold for the number of successive lost probes is reached m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box RTT Exceeded Generates traps when the threshold for maximum round trip time is exceeded m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Configuring RPM with Quick Configuration mH 275 J series Services Router Administration Guide Table 140 RPM Quick Configuration Summary continued Field Function Your Action Standard Deviation Generates traps when the threshold for standard m To enable SNMP traps for this condition Exceeded deviation in round trip times is exceeded select the check box m Todisable SNMP traps clear the check box Test Completion Generates traps when a test is completed m Toenable SNMP traps for this condition select the check box m Todisable SNMP traps clear the check box Test Failure Generates traps when the threshold for the total m To enable SNMP traps for this condition number of lost probes is reached select the check box m Todisable SNMP traps clear the check box Performance Probe Server TCP Probe Server Specifies the port on which the Services Router isto Type the number 7 a standard TCP or UDP receive and transmit TCP probes port number or a port number from 49152 through 65555 UDP Probe Server
440. tialization by router 51 MultiMOGerTti a icesetie ose te eaten 29 OVENI EW eM CREEMOS 50 See also dialer interface for USB modem USB modem connections Index recommended Modemai pi 29 resete ducet Le LE A AIO LA cates A N 42 VETILVIN Gs ic erre ibn 442 user accounts authentication order configuration editor 15 GOTIFETItS sodio bes rd de ben sr Loose 4 creating configuration editor 18 for local Userin eds roe etti adir igs 20 for remote USCIS is nocte etes o RE nutes a 19 predefined login classes 5 templates fOr e testet rt HM 7 18 See also template accounts user logging facility 158 username ONSE G h BLE OI aE EEA dece p tpe 4 displaying ome a a a etes 108 specifying Quick Configuration 11 users ACCESS privileges eee e ee ipd 5 16 accounts See user accounts adding Quick Configuration 11 displayitiB a 5 Rio te ipte desde Tett tate login Classes ee predefined login classes template accounts See template accounts usera ME 5 do rr tre e pe toed ERROR Users Quick Configuration page utilities for compact flash recovery 192 V VeridoE ID DSW moniu eee etr eene a en ee Pre 121 verification alarm Configurations eeina a eE 175 autoinstallatioTu espino eG EEE e 86 captured packets rete ttt EAE 264 destination path J Web ssssssse 225 DHCP binding database eee 76 DHCP server configuration 75 DHCP SErVer operatio Nipper e E 77 DHCP StatlS
441. ting policies firewall filters and class Configuration Guide of service CoS Managing users and operations monitoring performance upgrading _J series Services Router Administration Guide software and diagnosing common problems Using the J Web interface J Web Interface User Guide Using the CLI JUNOS CLI User Guide Typically J series documentation provides both general and specific information for example a configuration overview configuration examples and verification methods Because you can configure and manage J series routers in several ways you can choose from multiple sets of instructions to perform a task To make best use of this information m If you are new to the topic Read through the initial overview information keep the related JUNOS guide handy for details about the JUNOS hierarchy and follow the step by step instructions for your preferred interface m Ifyou are already familiar with the feature Go directly to the instructions for the interface of your choice and follow the instructions You can choose a J Web method the JUNOS CLI or a combination of methods based on the level of complexity or your familiarity with the interface For many J series features you can use J Web Quick Configuration pages to configure the router quickly and easily without configuring each statement individually For more extensive configuration use the J Web configuration editor or CLI configuration mo
442. tion hierarchy 1 Inthe J Web interface select Configuration View and Edit Edit From the edit hierarchy level enter Configuration edit firewall 2 ext to Firewall click Configure or Edit Define a firewall filter destallanda 1 ext to Filter click Add new entry Set the filter and term name and define filter term for example dest term to capture packets with a particular destination address for example 192 168 1 1 32 In the filter name box type destall ext to Term click Add new entry In the Rule name box type dest term ext to From click Configure Or EOL imos Mic rte ext to Destination address click Add new entry 7 Inthe Address box type 192 168 1 1 32 8 Click OK until you return to the Configuration page the match condition and its action set firewall filter dest all term dest term from destination address 192 168 1 1 32 set firewall filter dest all term dest term then sample accept Navigate to the Interfaces level in the configuration hierarchy In the configuration editor hierarchy select Interfaces Apply the destall filter to all the outgoing packets on the interface for example fe 0 0 1 0 See the interface naming conventions in the J series Services Router Basic LAN and WAN Access Configuration Guide 1 Inthe Interface name box click fe 0 0 1 2 Inthe Interface unit number box click 0 3 Next to Inet select Yes
443. tions as appropriate available upon request for a period of up to three years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http www gnu org licenses gpl html and a copy of the LGPL at http www gnu org licenses Igpl html 15 Miscellaneous This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles The provisions of the U N Convention for the International Sale of Goods shall not apply to this Agreement For any disputes arising under this Agreement the Parties hereby consent to the personal and exclusive jurisdiction of and venue in the state and federal courts within Santa Clara County California This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software and supersedes all prior and contemporaneous agreements relating to the Software whether oral or written including any inconsistent terms contained in a purchase order except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing b
444. titute a value in commands or configuration statements edit root set system domain name domain name Document Conventions NW xvii J series Services Router Administration Guide Table 3 Text and Syntax Conventions continued Convention Description Examples Plain text like this Represents names of configuration statements commands files and directories IP addresses configuration hierarchy levels or labels on routing platform components m To configure a stub area include the stub statement at the edit protocols ospf area area id hierarchy level m The console port is labeled CONSOLE angle brackets Enclose optional keywords or variables stub default metric metric pipe symbol Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol The set of choices is often enclosed in parentheses for clarity broadcast multicast string1 string2 string3 pound sign Indicates a comment specified on the same line as the configuration statement to which it applies rsvp Required for dynamic MPLS only square brackets Enclose a variable for which you can substitute one or more values community name members community ids Indention and braces Identify a level in the configuration hierarchy semicolon Identifies a leaf statement at a configuration hie
445. to a target address m UDP ping packets to a target device m UDP timestamp requests to a target address m TCP ping packets to a target device Chapter 14 Configuring RPM Probes UDP and TCP probe types require that the remote server be configured as an RPM receiver so that it generates responses to the probes RPM Tests Each probed target is monitored over the course of a test A test represents a collection of probes sent out at regular intervals as defined in the configuration Statistics are then returned for each test Because a test is a collection of probes that have been monitored over some amount of time test statistics such as standard deviation and jitter can be calculated and included with the average probe statistics Probe and Test Intervals Within a test RPM probes are sent at regular intervals configured in seconds When the total number of probes has been sent and the corresponding responses received the test is complete You can manually set the probe interval for each test to control how the RPM test is conducted After all the probes for a particular test have been sent the test begins again The time between tests is the test interval You can manually set the test interval to tune RPM performance Jitter Measurement with Hardware Timestamping Jitter is the difference in relative transit time between two consecutive probes You can timestamp the following RPM probes to improve the measurement of latency o
446. to complete the installation Optional The no copy option specifies that a software package is installed but a copy of the package is not saved Include this option if you do not have enough space on the compact flash to perform an upgrade that keeps a copy of the package on the router 5 After the software package is installed reboot the router user host gt request system reboot When the reboot is complete the router displays the login prompt 184 gf Installing Software Upgrades with the CLI Chapter 10 Performing Software Upgrades and Reboots Downgrading the Software When you upgrade the JUNOS software the router creates a backup image of the software that was previously installed as well as installs the requested software upgrade To downgrade the software you can use the backup image of the software that was previously installed which is saved on the router If you revert to the previous image this backup image is used and the image of the running software is deleted You can downgrade to only the software release that was installed on the router before the current release with this method Use the procedures as described in Installing Software Upgrades with the J Web Interface on page 182 and Installing Software Upgrades with the CLI on page 184 and specify an older software image as the source image to be upgraded Downgrade the JUNOS software on the Services Router with either the J Web interface or the CLI
447. to tools server mydomain net 220 tools server mydomain net FTP server Version 6 00LS ready 264 1H Displaying a Firewall Filter for Packet Capture Configuration Chapter 13 Configuring Packet Capture Name tools server user remoteuser 331 Password required for remoteuser Password 230 User remoteuser logged in Remote system type is UNIX Using binary mode to transfer files ftp 2 Navigate to the directory where packet capture files are stored on the router ftp Icd var tmp Local directory now cf var tmp 5 Copy the packet capture file that you want to analyze for example 126b fe 0 0 1 to the server ftp gt put 126b fe 0 0 1 local 126b fe 0 0 1 remote 126b fe 0 0 1 200 PORT command successful 150 Opening BINARY mode data connection for 126b fe 0 0 1 10096 1476 00 00 ETA 226 Transfer complete 1476 bytes sent in 0 01 seconds 142 42 KB s 4 Return to the CLI configuration mode ftp bye 221 Goodbye edit user host m Open the packet capture file on the server with tcpdump or any packet analyzer that supports libpcap format root server tcpdump r 126b fe 0 0 1 xevvvv 01 12 36 279769 Out 0 5 85 c4 e3 d1 gt 0 5 85 c8 f6 d1 ethertype IPv4 length 98 tos OxO ttl 64 id 33133 offset 0 flags none proto length 84 14 1 1 1 gt 15 1 1 1 ICMP echo request seq 0 length 64 0005 85c8 f6d1 0005 85c4 e3d1 0800 4500 0054 816d 0000 4001 da38 0e01 0101 Of01 0101 0800 3c5a 981e 000
448. torage used m Percentage of Routing Engine CPU used m Percentage of Routing Engine memory used m Percentage of memory used for each system process m Percentage of CPU used by the forwarding process m Percentage of memory used for emporary storage by the forwarding process Select the check box to enable the health monitor and configure options If you do not select the check box the health monitor is disabled NOTE If you select only the Enable Health Monitoring check box and do not specify the options then SNMP health monitoring is enabled with the default values for the options Interval Determines the sampling frequency in seconds over which the key health indicators are sampled and compared with the rising and falling thresholds For example if you configure the interval as 100 seconds the values are checked every 100 seconds Enter an interval time in seconds between 1 and 2147483647 The default value is 300 seconds 5 minutes Rising Threshold Value at which you want SNMP to generate an event trap and system log message when the value of a sampled indicator is increasing For example if the rising threshold is 90 the default SNMP generates an event when the value of any key indicator reaches or exceeds 90 percent Enter a value between O and 100 The default value is 90 Falling Threshold Value at which you want SNMP to generate an event trap and syst
449. toring RPM probes sent out at regular intervals test interval Time in seconds between RPM tests RPM Overview RPM Probes 268 m RPM Overview Real time performance monitoring RPM allows you to perform service level monitoring When RPM is configured on a Services Router the router calculates network performance based on packet response time jitter and packet loss These values are gathered by Hypertext Transfer Protocol HTTP GET requests Internet Control Message Protocol ICMP requests and TCP and UDP requests depending on the configuration This section contains the following topics m RPM Probes on page 268 m RPM Tests on page 269 m Probe and Test Intervals on page 269 m Jitter Measurement with Hardware Timestamping on page 269 m RPM Statistics on page 270 m RPM Thresholds and Traps on page 271 m RPM for BGP Monitoring on page 271 You gather RPM statistics by sending out probes to a specified probe target identified by an IP address or URL When the target receives the probe it generates responses which are received by the Services Router By analyzing the transit times to and from the remote server the Services Router can determine network performance statistics The Services Router sends out the following probe types m HTTP GET request at a target URL m HTTP GET request for metadata at a target URL m ICMP echo request to a target address the default m ICMP timestamp request
450. traffic signal contained a defect condition and has been replaced by the AIS A transmission interruption occurred at the remote endpoint or upstream of the remote endpoint This all ones signal is transmitted to prevent consequential downstream failures or alarms ais Loss of signal No remote E3 signal is being received at the E3 interface los Out of frame An out of frame OOF condition has existed for 10 seconds This alarm applies only to E3 interfaces configured in frame mode The OOF failure is cleared when no OOF or LOS defects have occurred for 20 seconds oof Remote defect indication An AIS LOS or OOF condition exists This alarm applies only to E3 interfaces configured in frame mode rdi Alarm Overview mH 169 J series Services Router Administration Guide Table 89 Interface Alarm Conditions continued Interface Alarm Condition Description Configuration Option T3 DS5 Alarm indication signal The normal T5 traffic signal contained a defect condition and has been replaced by the AIS A transmission interruption occurred at the remote endpoint or upstream of the remote endpoint This all ones signal is transmitted to prevent consequential downstream failures or alarms ais Excessive number of zeros The bit stream received from the upstream host has more consecutive zeros than are allowed in a T5 frame exz Far end receive failure
451. ts for RPM dynamic binding DHCP See DHCP DHCP leases DHCP server dynamic call admission control CAC information TGMB550 VoIP ttsdeebte erre Hr tege int 152 Dynamic Host Configuration Protocol See DHCP E E3 ports alarm conditions and configuration OpLloHSs cas moet ER t ote ost ee I EU Mte 169 egress See RPM probes outbound times emergency logging Severity eee 158 encapsulation modifying on packet capture enabled interlace Suan ta iet eL p uU ras 262 encryption configuration files See file encryption enforcement of configuration rules eee 89 error logging severity e ede ERR to 158 Ethernet ports alarm condition indicator 175 alarm conditions and configuration options 168 autoiristallatior OD ttt tere eg configuring alarms on Gigabit Ethernet ports SNMP suppport 47 Ethernet rollover cable connecting the router to a management device iere e 21 event notifications automating response to with event policies us e tence ces ele po P De tribas pg 94 See also SNMP traps system log messages Index mM 295 J series Services Router Administration Guide event policies Common Criteria information 89 configuration editor 95 OVGPVIO Ws cesser eene RR A RE EROR AE eR 95 event viewer J Web Common Criteria information 155 OVGLVIO W su tnestiscas tette seta boss eben omes tuba 162 See also system log messages Extensible Stylesheet Language Transformatio
452. ture packets for specific traffic flows You must also configure and apply appropriate firewall filters on the interface if you need to capture packets generated by the host router because interface sampling does not capture packets originating from the host router To configure firewall filters for packet capture see Configuring a Firewall Filter for Packet Capture Optional on page 259 For more information about firewall filters see the J series Services Router Advanced WAN Access Configuration Guide Packet Capture Files When packet capture is enabled on an interface the entire packet including the Layer 2 header is captured and stored in a file You can specify the maximum size of the packet to be captured up to 1500 bytes Packet capture creates one file for each physical interface You can specify the target filename maximum size of the file and maximum number of files File creation and storage take place in the following way Suppose you name the packet capture file pcap file Packet capture creates multiple files one per physical interface suffixing each file with the name of the physical interface for example pcap file fe 0 0 1 for the Fast Ethernet interface fe 0 0 1 When the file named pcap file fe 0 0 1 reaches the maximum size the file is renamed pcap file fe 0 0 1 0 When the file named pcap file fe 0 0 1 reaches the maximum size again the file named pcap file fe O 0 1 0 is renamed pcap file fe 0 0 1 1 and pc
453. tware is embedded e distribute any copy of the Software to any third party including as may be embedded in Juniper equipment sold in the secondhand market f use any locked or key restricted feature function service application operation or capability without first purchasing the applicable license s and obtaining a valid key from Juniper even if such feature function service application operation or capability is enabled without a key g distribute any key for the Software provided by Juniper to any third party h use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller i use the Embedded Software on non Juniper equipment j use the Software or make it available for use on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller k disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper or I use the Software in any manner other than as expressly provided herein 5 Audit Customer shall maintain accurate records as necessary to verify compliance with this Agreement Upon request by Juniper Customer shall furnish such records to Juniper and certify its compliance with this Agreement 6 Confidentiality The Parties agree that aspects of the Software and associated documentation are the confidential property of Ju
454. tware packages uploaded from your computer to the Services Router Figure 15 on page 183 shows the Upload Package page for the router Figure 15 Upload Package Page ERROR Unresolved graphic fileref s020260 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To install software upgrades by uploading files 1 Download the software package as described in Downloading Software Upgrades from Juniper Networks on page 181 2 Inthe J Web interface select Manage gt Software gt Upload Package 3 On the Upload Package page enter information into the fields described in Table 96 on page 183 4 Click Upload Package The software is activated after the router has rebooted Table 96 Upload Package Summary Field Function Your Action File to Upload required Specifies the location of the software package Type the location of the software package or click Browse to navigate to the location Reboot If Required If this box is checked the router is automatically rebooted when the upgrade is complete Select the check box if you want the router to reboot automatically when the upgrade is complete Installing Software Upgrades with the J Web Interface m 183 J series Services Router Administration Guide Installing Software Upgrades with the CLI To install software upgrades on a router with the CLI 1 If your router has 256 MB of flash memory an
455. type the IP address of the RADIUS server 172 16 98 1 set radius server address 172 16 98 1 Specify the shared secret password of the RADIUS server The secret is stored as an encrypted value in the configuration database In the Secret box type the shared secret of the RADIUS server Radiussecret1 Set the shared secret of the RADIUS server set radius server 172 16 98 1 secret Radiussecret1 Specify the source address to be included in the RADIUS server requests by the router In most cases you can use the loopback address of the router In the Source address box type the loopback address of the router 10 0 0 1 Set the router s loopback address as the source address set radius server 172 16 98 1 source address 10 0 0 1 Setting Up TACACS Authentication To use TACACS authentication you must configure at least one TACACS server The procedure provided in this section identifies the TACACS server specifies the secret password of the TACACS server and sets the source address of the Services Router s TACACS requests to the loopback address of the router This procedure uses the following sample values m The TACACS server s IP address is 172 16 98 24 m The TACACS server s secret is Tacacssecret1 m The loopback address of the router is 10 0 0 1 Managing User Authentication with a Configuration Editor m 13 J series Services Router Administration Guide To confi
456. upgraded software All JUNOS software is delivered in signed packages that contain digital signatures Secure Hash Algorithm SHA 1 checksums and Message Digest 5 MD5 checksums For more information about JUNOS software packages see the JUNOS Software Installation and Upgrade Guide Upgrade Software Packages An upgrade software package name is in the following format package name m nZx y distribution tgz m package name is the name of the package for example junosjseries m m n is the software release with m representing the major release number and n representing the minor release number for example 9 0 m Z indicates the type of software release For example R indicates released software and B indicates beta level software m Xy represents the software build number and spin number for example 1 1 m distribution indicates the area for which the software package is provided domestic for the United States and Canada and export for worldwide distribution A sample J series upgrade software package name is junosjseries 9 0R1 domestic tgz Recovery Software Packages 180 m Download a recovery software package also known as an install media package to recover a primary compact flash A recovery software package name is in the following format package name m nZxy export cfnnn gz m package name is the name of the package for example junosjseries m m nisthe software release with m representing the maj
457. uring RPM with a Configuration Editor Chapter 14 Configuring RPM Probes Directing RPM Probes to Select BGP Routers If a Services Router has a large number of BGP neighbors configured you can direct filter the RPM probes to a selected group of BGP neighbors rather than to all the neighbors To identify the BGP routers to receive RPM probes you can configure routing instances The sample RPM configuration in Table 145 on page 285 sends RPM probes to the BGP neighbors in routing instance R1 To direct RPM probes to select BGP neighbors 1 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 2 Perform the configuration tasks described in Table 145 on page 285 5 If you are finished configuring the router commit the configuration 4 To verify the configuration see Verifying an RPM Configuration on page 285 Table 145 Directing RPM Probes to Select BGP Routers Task J Web Configuration Editor CLI Configuration Editor Navigate to the Services RPM BGP 1 Inthe J Web interface select From the edit hierarchy level enter level in the configuration hierarchy Configuration gt View and Edit gt Edit Configuration edit services rpm bgp 2 ext to Services click Configure or Edit 3 ext to Rpm select the Yes check box and click Configure or Edit 4 ext to Bgp click Configure or Edit Configure routing instance RI1 to send 1 ext to Routing instances
458. urrent probes that a system can handle and the source address used for each probe packet This example tunes the ICMP probe set for customer A in Configuring Basic RPM Probes on page 276 To configure tune RPM probes 1 Perform the configuration tasks described in Table 141 on page 277 2 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 5 Perform the configuration tasks described in Table 145 on page 282 4 If you are finished configuring the network commit the configuration 5 Tocheck the configuration see Verifying an RPM Configuration on page 285 Table 143 Tuning RPM Probes Task J Web Configuration Editor CLI Configuration Editor Navigate to the Services gt RPM levelin 1 Inthe J Web interface select From the edit hierarchy level enter the configuration hierarchy Configuration View and Edit Edit Configuration edit services rpm 2 Next to Services click Configure or Edit 3 Next to Rpm select the Yes check box 4 Click Edit Set the maximum number of concurrent 1 In the Probe limit box type 10 Enter probes allowed on the system to 10 2 Click OK I 7 set probe limit 10 Access the ICMP probe of customer A 1 Inthe Owner box click From the edit hierarchy level enter CustomerA edit services rpm probe customerA test 2 Inthe Name box click icmp test icmp test 282 1H Configuring RPM with a Configuration Editor Table 1
459. used being used by routing policies associated with the Router is allocated for storing configuration objects like service set configuration firewall rules routing policies and so on CPU Percentage of the CPU resources being used A high CPU utilization indicates that the router is under utilization heavy load High CPU utilization might cause performance degradation in forwarding or the application of other services Memory Usage Interface Name of the adaptive services interface on the Services Router always sp 0 0 0 Service set Name of a service set Memory Percentage of the memory resources being used by A high CPU utilization indicates that the router is under Utilization the service set heavy load High CPU utilization might cause performance degradation in forwarding or the application of other services Memory Memory zone in which the services interface is zone currently operating Following are valid zones Green All new flows are allowed Yellow Unused memory is reclaimed All new flows are allowed m Orange New flows are only allowed for service sets that are using less than their equal share of memory m Red No new flows are allowed Monitoring Firewalls 136 m The firewall filter information is divided into three parts firewall statistics stateful firewall filters and intrusion detection services Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations
460. user privileges can access and edit files in the var db scripts op directory 5 Navigate to the top of the configuration hierarchy in either the J Web or CLI configuration editor 4 Perform the configuration tasks described in Table 44 on page 95 5 Ifyou are finished configuring the network commit the configuration Table 44 Enabling Operation Scripts Task J Web Configuration Editor CLI Configuration Editor Navigate to the Op level in the 1 configuration hierarchy In the J Web interface select Configuration gt View and Edit gt Edit Configuration ext to System click Configure or Edit ext to Scripts click Configure or Edit ext to Op click Configure or Edit From the edit hierarchy level enter edit system scripts op Enable the operation script file for 1 example op script xsl ext to File click Add new entry In the Name box type op script xsl Click OK Set the script file name set file op script xsl Executing Operation Scripts You can execute the enabled operation scripts from the CLI or from within an event policy For information about event policy see Running Self Diagnostics with Event Policies on page 94 This section describes how you can execute operation scripts from the command line To execute an operation script from the CLI 1 Enter configuration mode in the CLI 2 Execute the script with the following command Automating
461. uter This section contains the following topics m Configuring a Boot Device for Backup with the J Web Interface on page 186 m Configuring a Boot Device for Backup with the CLI on page 189 m Configuring a Boot Device to Receive Software Failure Memory Snapshots on page 190 Configuring a Boot Device for Backup with the J Web Interface You can use the J Web interface to create a boot device for the Services Router on an alternate medium to replace the primary boot device or serve as a backup 186 HN Configuring Boot Devices Chapter 10 Performing Software Upgrades and Reboots Figure 16 on page 187 shows the Snapshot page Figure 16 Snapshot Page ERROR Unresolved graphic fileref 5020261 gif not found in teamsite 1 default main TechPubsWorkInProgress STAGING images To create a boot device 1 Inthe J Web interface select Manage gt Snapshot 2 On the Snapshot page enter information into the fields described in Table 97 on page 187 3 Click Snapshot 4 Click OK Table 97 Snapshot Summary Field Function Your Action Target Media Specifies the boot device to copy the snapshot to NOTE You cannot copy software to the active boot device In the list select a boot device that is not the active boot device m compact flash Copies software to the internal compact flash m removable compact flash Copies software to the external compact flash This option is available on J
462. ve chassis alarms on the Services Router environment measurements a summary of the field replaceable units FRUS and the status of Physical Interface Modules PIMs on the router To view these chassis properties select Monitor Chassis in the J Web interface or enter the following CLI show commands m Show chassis alarms m Show chassis environment m Show chassis fpc m Show chassis hardware A CAUTION Do not install a combination of PIMs in a single chassis that exceeds the maximum power and heat capacity of the chassis If J series power management is enabled PIMs that exceed the maximum power and heat limits remain offline when the chassis is powered on To check PIM power and heat status use the show chassis fpc and show chassis power ratings commands For more information see the Getting Started Guide for your router Table 50 on page 111 summarizes key output fields in chassis displays Table 50 Summary of Key Chassis Output Fields Field Values Additional Information Alarm Summary Alarm Time Date and time the alarm was first recorded Using the Monitoring Tools m 111 J series Services Router Administration Guide Table 50 Summary of Key Chassis Output Fields continued Field Values Additional Information Alarm Class Severity class for this alarm Minor or Major JUNOS has system defined alarms and configurable alarms System defined alarms include FRU detection alarms
463. vent options click Configure or Edit 2 Next to Policy click Add new entry 5 Inthe Policy name box type event1 From the edit hierarchy level enter edit event options policy event Configure the event name for example SNMP TRAP LINK DOWN The SNMP TRAP LINK DOWN event occurs when an interface that is monitored by SNMP becomes unavailable 1 Next to Events click Add new entry In the Event box type SNMP TRAP LINK DOWN 5 Click OK Set the event name set events SNMP TRAP LINK DOWN 96 HN Running Self Diagnostics with Event Policies Chapter 6 Automating Network Operations and Troubleshooting Table 45 Configuring Event Policies continued Task J Web Configuration Editor CLI Configuration Editor Flag the event to initiate an SNMP 1 Nextto Then click Configure Enter trap when it generates a system log message 2 Select the Raise trap checkbox Sthen 5 Click OK set raise trap Define the action to be taken when 1 Next to Attributes match click Add 1 Setthe condition to execute the event the configured event occurs new entry policy only when the 2 In the Condition li tch SNMP_TRAP_LINK_DOWN event occurs For example configure the Services v ENS SAO RE oy SELCCEMAECNES for the t1 3 0 0 interface Router to do the following when the 3 In the From event attribute box type SNMP TRAP LINK DOWN event occurs SNMP TRAP LINK DOWN interface name set attributes
464. ware follow the procedure for upgrading using the JUNOS software image labeled with the appropriate release To downgrade software with the CLI 1 Enter the request system software rollback command to return to the previous JUNOS software version user host gt request system software rollback The previous software version is now ready to become active when you next reboot the router 2 Reboot the router user host gt request system reboot The router is now running the previous version of the software Configuring Boot Devices You can configure a boot device to replace the primary boot device on your Services Router or to act as a backup boot device The backup device must have a storage capacity of at least 256 MB Use either the J Web interface or the CLI to take a snapshot of the configuration currently running on the router or of the original factory configuration and a rescue configuration and save it to an alternate medium Ss NOTE For media redundancy we recommend that you keep a secondary storage medium attached to the Services Router and updated at all times If the primary storage medium becomes corrupted and no backup medium is in place you can recover the primary compact flash from a special JUNOS software image You can also configure a boot device to store snapshots of software failures for use in troubleshooting For information about installing boot devices see the Getting Started Guide for your ro
465. when used in the ether protocol match condition icmp Matches all ICMP packets ip Matches all IP packets ip broadcast multicast Matches broadcast or multicast IP packets ip protocol address Ncmp igrp Ntcp Nudp Matches IP packets with the specified address or protocol type The arguments icmp tcp and udp are also independent match conditions so they must be preceded with a backslash when used in the ip protocol match condition isis Matches all IS IS routing messages rarp Matches all RARP packets m 249 Using CLI Diagnostic Commands J series Services Router Administration Guide Table 130 CLI monitor traffic Match Conditions continued Match Condition Description tcp Matches all TCP packets udp Matches all UDP packets Table 131 CLI monitor traffic Logical Operators Logical Operator Description Logical NOT If the first condition does not match the next condition is evaluated amp amp Logical AND If the first condition matches the next condition is evaluated If the first condition does not match the next condition is skipped ll Logical OR If the first condition matches the next condition is skipped If he first condition does not match the next condition is evaluated 0 Group operators to override default precedence order Parentheses a
466. wing a Automatically diagnose and fix problems in your network by building and running an operational mode command receiving the command output inspecting the output and determining the next appropriate action This process can be repeated until the source of the problem is determined and reported to the CLI m Monitor the overall status of the router by creating a general operation script that periodically checks network warning parameters such as high CPU usage The general operation script can be overridden by user defined scripts m Customize the output of CLI operational mode commands using printf statements m If there is a known problem in the JUNOS software an operation script can ensure your router is configured to avoid or work around the problem m Change your router s configuration in response to a problem The scripting language you use for writing operation scripts is Extensible Stylesheet Language Transformations XSLT XSLT operation scripts are based on JUNOScript Extensible Markup Language XML 92 1 Automating Network Management and Troubleshooting with Operation Scripts Enabling Operation Scripts Chapter 6 Automating Network Operations and Troubleshooting To enable operation scripts 1 Write an operation script For information about writing operation scripts see the JUNOS Configuration and Diagnostic Automation Guide 2 Copy the script to the var db scripts op directory Only users with super
467. with Operation Scripts on page 92 m Running Self Diagnostics with Event Policies on page 94 Defining and Enforcing Configuration Rules with Commit Scripts Being able to restrict network configurations in accordance with custom configuration rules can reduce human error and improve network uptime and reliability Commit scripts allow you to enforce custom configuration rules This section contains the following topics m Commit Script Overview on page 89 m Enabling Commit Scripts on page 90 m Disabling Commit Scripts on page 91 Commit Script Overview Commit scripts run each time a new candidate configuration is committed and inspect the configuration If a candidate configuration does not adhere to your design rules a commit script can instruct the Services Router to perform various actions including the following Defining and Enforcing Configuration Rules with Commit Scripts m 89 J series Services Router Administration Guide Generate custom warning messages system log messages or error messages If error messages are generated the commit operation fails and the candidate configuration remains unchanged Change the configuration in accordance with your rules and then proceed with the commit operation Consider the following examples of actions you can perform with commit scripts Run a basic sanity test Ensure that the edit interfaces and edit protocols hierarchies have not been accidentally deleted Check co
468. with scripts 89 automating troubleshooting with scripts and event policies ee DHCP Server diagnosis managing access managing user authentication 5 MONITO sese certo eee wey irt reri tte dus 101 network managements ede tiene hate ette 47 packet eapture eua t mat 255 performance monitoring 267 release notes URL ti rete trie Rhet Xv software upgrades ssssssssse 179 system log messages 155 USB modems for remote management 29 J Web configuration editor autoinstallatioTir 2 eorr RR 85 CHAP on dialer interfaces eee 37 controlling user access 16 DHCP SeFVOE c citet egentes reote teens 72 enabling commit scripts 90 enabling operation scripts 95 event policies cepe tee prre pep ree qr reds 95 interface alarms 172 RADIUS authentication ssssssse 12 ig 276 SNMP irtad nitentes tibus 54 system log messages sending to a file 160 system log messages sending to a terminal 161 TACACS authentication 000 eee 13 USB modem connections ssssssse 55 J Web interface Diagnose ODEOns ente ote te ner rette 210 EVENT VIEWER o dud etes A de ee vare 162 managing files 199 Monitor Option S eis dete Benson dihel ede ae 102 jitter description s etes then pce as 270 See also RPM probes in RPM probes improving with timestamps 269 IMIONITOMING EP 147 threshold Setting eee ctae fede hee mt
469. xcept the space For example in matches messages with win or windows asterisk Zero or more instances of the immediately preceding term For example tre matches messages with tree tread or trough plus sign One or more instances of the immediately preceding term For example tre matches messages with tree or tread but not trough question mark Zero or one instance of the immediately preceding term For example colou r matches messages with or color or colour pipe One of the terms that appear on either side of the pipe operator For example gre ay matches messages with either grey or gray exclamation point Any string except the one specified by the expression when the exclamation point appears at the start of the expression Use of the exclamation point is specific to JUNOS caret The start of a line when the caret appears outside square brackets For example T matches messages with This line and not with On this line dollar sign Strings at the end of a line For example matches messages with the following and not with 2 00 paired square brackets One instance of one of the enclosed alphanumeric characters To indicate a range of characters use a hyphen to separate the beginning and ending characters of the range For example 0 9 matches messages with any number paired parentheses One instance of the eva
470. y the party to be charged If any portion of this Agreement is held invalid the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement This Agreement and associated documentation has been written in the English language and the Parties agree that the English version will govern For Canada Les parties aux pr sent s confirment leur volont que cette convention de m me que tous les documents y compris tout avis qui s y rattach soient redig s en langue anglaise Translation The parties confirm that this Agreement and all related documentation is and will be in the English language Abbreviated Table of Contents Part 1 Part 2 Part 3 Part 4 Part 5 Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 About This Guide Configuring a Services Router for Administration Managing User Authentication and Access Setting Up USB Modems for Remote Management Configuring SNMP for Network Management Configuring the Router as a DHCP Server Configuring Autoinstallation Automating Network Operations and Troubleshooting Monitoring a Services Router Monitoring the Router and Routing Operations Monitoring Events and Managing System Log Files Configuring and Monitoring Alarms Managing Services Router Software Performing Software Upgrades and Reboots Managing Files Diagn
471. ystem alarm To enable alarms on a Services Router interface you must select an alarm condition and an alarm severity In contrast alarm conditions and severity are preconfigured for chassis alarms and system alarms This section contains the following topics m Interface Alarm Conditions on page 167 m Chassis Alarm Conditions and Corrective Actions on page 170 m System Alarm Conditions and Corrective Actions on page 172 Interface Alarm Conditions Table 89 on page 168 lists the interface conditions sorted by interface type that you can configure for an alarm Each alarm condition can be configured to trigger either a major red alarm or minor a yellow alarm The corresponding configuration option is included For the services stateful firewall filters NAT IDS and IPSec which operate on an internal adaptive services module within a Services Router you can configure alarm conditions on the integrated services and services interfaces Alarm Overview m 167 J series Services Router Administration Guide Table 89 Interface Alarm Conditions Interface Alarm Condition Descript ion Configuration Option DS1 T1 Alarm indication signal The normal T1 traffic signal contained a defect condition and has been replaced by the AIS A transmission interruption occurred at the remote endpoint or upstream of the remote endpoint This all ones signal is transmitted to prevent consequential downstream failur
472. ze in kilobytes of the temporary files on the This is the sum of the file sizes in the var tmp directory Files Services Router Crash Total size in kilobytes of the core files on the Services This is the sum of the file sizes in the var crash Core Files Router directory Database Total size in kilobytes of the configuration database This is the sum of the file sizes in the var db directory Files files on the Services Router Monitoring System Process Information To view the software processes running on the router select Monitor System Process Information in the J Web interface or enter the CLI show system processes commands Table 49 on page 110 summarizes the output fields in the system process information display Table 49 Summary of System Process Information Output Fields Field Values Additional Information Process ID Identifier of the process Effective Owner of the process User Command Command that is currently running Terminal Terminal that is currently running Status Current status of the process 110 1m Using the Monitoring Tools Chapter 7 Monitoring the Router and Routing Operations Table 49 Summary of System Process Information Output Fields continued Field Values Additional Information Sleep state Sleep state of the process Start time Time of day when the process started Monitoring the Chassis The chassis properties include the status of acti
Download Pdf Manuals
Related Search