- Page 1 and 2: Junos ® OS Services Interfaces Con
- Page 3 and 4: END USER LICENSE AGREEMENT READ THI
- Page 5 and 6: 12. Commercial Computer Software. T
- Page 7 and 8: Abbreviated Table of Contents Part
- Page 9 and 10: Chapter 58 Real-Time Performance Mo
- Page 11 and 12: Table of Contents Part 1 Overview A
- Page 13: NetShow . . . . . . . . . . . . . .
- Page 17 and 18: Chapter 11 Summary of Intrusion Det
- Page 19 and 20: Tracing IPsec Operations . . . . .
- Page 21 and 22: maximum-send-window . . . . . . . .
- Page 23 and 24: family . . . . . . . . . . . . . .
- Page 25 and 26: ptsp-rules . . . . . . . . . . . .
- Page 27 and 28: Copyright © 2011, Juniper Networks
- Page 29 and 30: service-interface-pools . . . . . .
- Page 31 and 32: local-ports . . . . . . . . . . . .
- Page 33 and 34: enable-heuristics . . . . . . . . .
- Page 35 and 36: Example: Configuring an Encryption
- Page 37 and 38: Copyright © 2011, Juniper Networks
- Page 39 and 40: version9 . . . . . . . . . . . . .
- Page 41 and 42: source-addresses . . . . . . . . .
- Page 43 and 44: Configuring RPM Timestamping . . .
- Page 45 and 46: Part 9 Index Copyright © 2011, Jun
- Page 47 and 48: List of Figures Part 2 Adaptive Ser
- Page 49 and 50: List of Tables About This Guide . .
- Page 51 and 52: About This Guide This preface provi
- Page 53 and 54: Using the Indexes • MX Series •
- Page 55 and 56: Table 1: Notice Icons Icon Meaning
- Page 57 and 58: or are covered under warranty, and
- Page 59 and 60: PART 1 Overview Copyright © 2011,
- Page 61 and 62: CHAPTER 1 Services Interfaces Overv
- Page 63 and 64: CHAPTER 2 Services Interfaces Confi
- Page 65 and 66:
Copyright © 2011, Juniper Networks
- Page 67 and 68:
Copyright © 2011, Juniper Networks
- Page 69 and 70:
Copyright © 2011, Juniper Networks
- Page 71 and 72:
Copyright © 2011, Juniper Networks
- Page 73 and 74:
Copyright © 2011, Juniper Networks
- Page 75 and 76:
Copyright © 2011, Juniper Networks
- Page 77 and 78:
Copyright © 2011, Juniper Networks
- Page 79 and 80:
Copyright © 2011, Juniper Networks
- Page 81 and 82:
Copyright © 2011, Juniper Networks
- Page 83 and 84:
Copyright © 2011, Juniper Networks
- Page 85 and 86:
Copyright © 2011, Juniper Networks
- Page 87 and 88:
Copyright © 2011, Juniper Networks
- Page 89 and 90:
Copyright © 2011, Juniper Networks
- Page 91 and 92:
Copyright © 2011, Juniper Networks
- Page 93 and 94:
PART 2 Adaptive Services Copyright
- Page 95 and 96:
CHAPTER 3 Adaptive Services Overvie
- Page 97 and 98:
Enabling Service Packages Copyright
- Page 99 and 100:
Table 3: AS and Multiservices PIC S
- Page 101 and 102:
Copyright © 2011, Juniper Networks
- Page 103 and 104:
3. A next-hop service set can be ap
- Page 105 and 106:
Copyright © 2011, Juniper Networks
- Page 107 and 108:
Types of Network Address Translatio
- Page 109 and 110:
Stateful NAT64 Stateful NAT64 is a
- Page 111 and 112:
Currently, a NAT rule configuration
- Page 113 and 114:
IPsec Overview IPsec Security Assoc
- Page 115 and 116:
Layer 2 Tunneling Protocol Overview
- Page 117 and 118:
Copyright © 2011, Juniper Networks
- Page 119 and 120:
match-direction input; term Transla
- Page 121 and 122:
interface-service { service-interfa
- Page 123 and 124:
Copyright © 2011, Juniper Networks
- Page 125 and 126:
} rule vrf-b-output { match-directi
- Page 127 and 128:
CHAPTER 4 Applications Configuratio
- Page 129 and 130:
Table 5: Application Protocols Supp
- Page 131 and 132:
Table 6: Network Protocols Supporte
- Page 133 and 134:
Configuring Source and Destination
- Page 135 and 136:
Table 8: Port Names Supported by Se
- Page 137 and 138:
Configuring a Universal Unique Iden
- Page 139 and 140:
BOOTP DCE RPC Services ONC RPC Serv
- Page 141 and 142:
Table 9: Supported RPC Services Nam
- Page 143 and 144:
SQLNet TFTP Traceroute command. If
- Page 145 and 146:
For each flow, the first line shows
- Page 147 and 148:
RTSP ALG Example The following is a
- Page 149 and 150:
System Log Messages Copyright © 20
- Page 151 and 152:
Copyright © 2011, Juniper Networks
- Page 153 and 154:
Copyright © 2011, Juniper Networks
- Page 155 and 156:
application junos-dcerpc-msexchange
- Page 157 and 158:
} } } Examples: Configuring Applica
- Page 159 and 160:
CHAPTER 5 Summary of Applications C
- Page 161 and 162:
application-set Syntax application-
- Page 163 and 164:
icmp-type Syntax icmp-type value; H
- Page 165 and 166:
protocol Syntax protocol type; Hier
- Page 167 and 168:
snmp-command Syntax snmp-command co
- Page 169 and 170:
CHAPTER 6 Stateful Firewall Service
- Page 171 and 172:
If you configure match-direction in
- Page 173 and 174:
Configuring IP Option Handling You
- Page 175 and 176:
} } } } Copyright © 2011, Juniper
- Page 177 and 178:
Related Documentation Copyright ©
- Page 179 and 180:
CHAPTER 7 Summary of Stateful Firew
- Page 181 and 182:
application-sets Syntax application
- Page 183 and 184:
destination-prefix-list Syntax dest
- Page 185 and 186:
ule Syntax rule rule-name { match-d
- Page 187 and 188:
source-address Syntax source-addres
- Page 189 and 190:
term Syntax term term-name { from {
- Page 191 and 192:
CHAPTER 8 Network Address Translati
- Page 193 and 194:
• Specifying Destination and Sour
- Page 195 and 196:
• The fifth connection is allocat
- Page 197 and 198:
application-sets set-name; applicat
- Page 199 and 200:
NOTE: If you include one of the sta
- Page 201 and 202:
Configuring NAT Rule Sets Copyright
- Page 203 and 204:
user@host# set rule rule-basic-nat4
- Page 205 and 206:
[edit services] user@host# show ada
- Page 207 and 208:
Configuring Trace Options 2. Config
- Page 209 and 210:
Copyright © 2011, Juniper Networks
- Page 211 and 212:
Configuring Dynamic Source Address
- Page 213 and 214:
Copyright © 2011, Juniper Networks
- Page 215 and 216:
Configuring Static Destination Addr
- Page 217 and 218:
Related Documentation • } pool de
- Page 219 and 220:
Copyright © 2011, Juniper Networks
- Page 221 and 222:
Configuring the Service Set for NAT
- Page 223 and 224:
Copyright © 2011, Juniper Networks
- Page 225 and 226:
Related Documentation [edit] user@h
- Page 227 and 228:
Copyright © 2011, Juniper Networks
- Page 229 and 230:
Copyright © 2011, Juniper Networks
- Page 231 and 232:
service-set s1 { nat-rules rule-dyn
- Page 233 and 234:
Copyright © 2011, Juniper Networks
- Page 235 and 236:
Copyright © 2011, Juniper Networks
- Page 237 and 238:
} } } } } } stateful-nat64; Example
- Page 239 and 240:
Step-by-Step Procedure Copyright ©
- Page 241 and 242:
[edit services nat] user@host# set
- Page 243 and 244:
user@host# set then translated tran
- Page 245 and 246:
5. Specify the type of NAT used for
- Page 247 and 248:
Only the device name is needed, bec
- Page 249 and 250:
3. Specify the interface properties
- Page 251 and 252:
} } Example: Assigning Addresses fr
- Page 253 and 254:
} Example: Configuring NAT for Mult
- Page 255 and 256:
The routing instance stage forwards
- Page 257 and 258:
CHAPTER 9 Summary of Network Addres
- Page 259 and 260:
address-range Syntax address-range
- Page 261 and 262:
destination-address-range Syntax de
- Page 263 and 264:
dns-alg-pool Syntax dns-alg-pool dn
- Page 265 and 266:
hint Syntax hint [ hint-strings ];
- Page 267 and 268:
match-direction Syntax match-direct
- Page 269 and 270:
pgcp Syntax pgcp { hint [ hint-stri
- Page 271 and 272:
port Syntax port (automatic | range
- Page 273 and 274:
ule Syntax rule rule-name { match-d
- Page 275 and 276:
source-address Syntax source-addres
- Page 277 and 278:
source-prefix-list Syntax source-pr
- Page 279 and 280:
then Syntax then { no-translation;
- Page 281 and 282:
translation-type translation-type S
- Page 283 and 284:
CHAPTER 10 Intrusion Detection Serv
- Page 285 and 286:
Configuring IDS Rules Copyright ©
- Page 287 and 288:
Configuring Match Conditions in IDS
- Page 289 and 290:
Copyright © 2011, Juniper Networks
- Page 291 and 292:
} Configuring IDS Rule Sets NOTE: I
- Page 293 and 294:
Copyright © 2011, Juniper Networks
- Page 295 and 296:
CHAPTER 11 Summary of Intrusion Det
- Page 297 and 298:
y-destination Syntax by-destination
- Page 299 and 300:
y-source Syntax by-source { hold-ti
- Page 301 and 302:
destination-prefix Syntax destinati
- Page 303 and 304:
from Syntax from { application-sets
- Page 305 and 306:
ule Syntax rule rule-name { match-d
- Page 307 and 308:
session-limit Syntax session-limit
- Page 309 and 310:
source-prefix Syntax source-prefix
- Page 311 and 312:
syslog Syntax syslog; Hierarchy Lev
- Page 313 and 314:
Options term-name—Identifier for
- Page 315 and 316:
threshold Syntax threshold rate; Hi
- Page 317 and 318:
CHAPTER 12 IPsec Services Configura
- Page 319 and 320:
This chapter includes the following
- Page 321 and 322:
NOTE: Both OSPFv2 and OSPFv3 suppor
- Page 323 and 324:
Copyright © 2011, Juniper Networks
- Page 325 and 326:
The key can be one of the following
- Page 327 and 328:
• sha1—Produces a 160-bit diges
- Page 329 and 330:
Example: Configuring an IKE Proposa
- Page 331 and 332:
must match that of its peer. The pr
- Page 333 and 334:
key_id [ values ]; } Example: Confi
- Page 335 and 336:
Configuring the Description for an
- Page 337 and 338:
policy policy-name { description de
- Page 339 and 340:
Related Documentation During the IP
- Page 341 and 342:
Copyright © 2011, Juniper Networks
- Page 343 and 344:
} Copyright © 2011, Juniper Networ
- Page 345 and 346:
anti-replay-window-size can take va
- Page 347 and 348:
Implicit Dynamic Rules Phase 2 of t
- Page 349 and 350:
NOTE: For dynamic peers, the Junos
- Page 351 and 352:
NOTE: RSA certificates are not supp
- Page 353 and 354:
file filename ; flag flag (all |
- Page 355 and 356:
Copyright © 2011, Juniper Networks
- Page 357 and 358:
Configuring a Next-Hop Style Servic
- Page 359 and 360:
Configuring a Next-Hop Style Servic
- Page 361 and 362:
Copyright © 2011, Juniper Networks
- Page 363 and 364:
The following sample output shows t
- Page 365 and 366:
[edit services ipsec-vpn] user@host
- Page 367 and 368:
Copyright © 2011, Juniper Networks
- Page 369 and 370:
CHAPTER 13 Summary of IPsec Service
- Page 371 and 372:
authentication-algorithm authentica
- Page 373 and 374:
ackup-remote-gateway Syntax backup-
- Page 375 and 376:
description Syntax description desc
- Page 377 and 378:
direction Syntax direction (inbound
- Page 379 and 380:
encryption Syntax encryption { algo
- Page 381 and 382:
from Syntax from { destination-addr
- Page 383 and 384:
initiate-dead-peer-detection Syntax
- Page 385 and 386:
local-certificate Syntax local-cert
- Page 387 and 388:
mode Syntax mode (aggressive | main
- Page 389 and 390:
policy policy (IKE) See the followi
- Page 391 and 392:
proposal proposal (IKE) See the fol
- Page 393 and 394:
protocol Syntax protocol (ah | esp
- Page 395 and 396:
ule Syntax rule rule-name { match-d
- Page 397 and 398:
source-address spi Syntax source-ad
- Page 399 and 400:
term Syntax term term-name { from {
- Page 401 and 402:
traceoptions Syntax traceoptions {
- Page 403 and 404:
traceoptions (PKI) Syntax traceopti
- Page 405 and 406:
CHAPTER 14 Layer 2 Tunneling Protoc
- Page 407 and 408:
L2TP Services Configuration Overvie
- Page 409 and 410:
Copyright © 2011, Juniper Networks
- Page 411 and 412:
• L2TP tunnel access profile, whi
- Page 413 and 414:
facility-override facility-name; lo
- Page 415 and 416:
AS PIC Redundancy for L2TP Services
- Page 417 and 418:
} You can specify the following L2T
- Page 419 and 420:
Copyright © 2011, Juniper Networks
- Page 421 and 422:
Copyright © 2011, Juniper Networks
- Page 423 and 424:
CHAPTER 15 Summary of Layer 2 Tunne
- Page 425 and 426:
host Syntax host hostname { service
- Page 427 and 428:
maximum-send-window Syntax maximum-
- Page 429 and 430:
service-interface Syntax service-in
- Page 431 and 432:
services (L2TP System Logging) Synt
- Page 433 and 434:
traceoptions (L2TP) Syntax traceopt
- Page 435 and 436:
Required Privilege Level Copyright
- Page 437 and 438:
tunnel-timeout Syntax tunnel-timeou
- Page 439 and 440:
CHAPTER 16 Link Services IQ Interfa
- Page 441 and 442:
• Multilink Frame Relay (MLFR) en
- Page 443 and 444:
Configure SONET APS, with oc3-0/2/0
- Page 445 and 446:
LSQ redundancy (rlsq) interface in
- Page 447 and 448:
• Since the same interface name i
- Page 449 and 450:
} } coc3-2/0/0 { sonet-options { ap
- Page 451 and 452:
Copyright © 2011, Juniper Networks
- Page 453 and 454:
The following example shows a confi
- Page 455 and 456:
Configuring Scheduler Priority Buff
- Page 457 and 458:
Copyright © 2011, Juniper Networks
- Page 459 and 460:
For link services IQ (lsq-) interfa
- Page 461 and 462:
We recommend avoiding oversubscript
- Page 463 and 464:
If you do not include this statemen
- Page 465 and 466:
Copyright © 2011, Juniper Networks
- Page 467 and 468:
t1-3/0/1 { per-unit-scheduler; } }
- Page 469 and 470:
Copyright © 2011, Juniper Networks
- Page 471 and 472:
Copyright © 2011, Juniper Networks
- Page 473 and 474:
When a packet is removed from a non
- Page 475 and 476:
} nc-scheduler { transmit-rate perc
- Page 477 and 478:
Copyright © 2011, Juniper Networks
- Page 479 and 480:
Copyright © 2011, Juniper Networks
- Page 481 and 482:
Configuring LSQ Interfaces for Sing
- Page 483 and 484:
If you require the queue to transmi
- Page 485 and 486:
transmit-rate percent 50; buffer-si
- Page 487 and 488:
queue is serviced. This implementat
- Page 489 and 490:
Copyright © 2011, Juniper Networks
- Page 491 and 492:
Copyright © 2011, Juniper Networks
- Page 493 and 494:
NOTE: Link services IQ interfaces s
- Page 495 and 496:
To do this, first configure logical
- Page 497 and 498:
• 4-port DS3 ATM2 IQ Virtual circ
- Page 499 and 500:
CHAPTER 17 Summary of Link Services
- Page 501 and 502:
fragment-threshold Syntax fragment-
- Page 503 and 504:
link-layer-overhead Syntax link-lay
- Page 505 and 506:
no-fragmentation Syntax no-fragment
- Page 507 and 508:
primary Syntax primary interface-na
- Page 509 and 510:
warm-standby Syntax warm-standby; H
- Page 511 and 512:
CHAPTER 18 Voice Services Configura
- Page 513 and 514:
} You can configure this statement
- Page 515 and 516:
} } Configuring Encapsulation for V
- Page 517 and 518:
Copyright © 2011, Juniper Networks
- Page 519 and 520:
Copyright © 2011, Juniper Networks
- Page 521 and 522:
CHAPTER 19 Summary of Voice Service
- Page 523 and 524:
compression-device Syntax compressi
- Page 525 and 526:
family Syntax family (inet | mlppp
- Page 527 and 528:
maximum-contexts Syntax maximum-con
- Page 529 and 530:
unit Syntax unit logical-unit-numbe
- Page 531 and 532:
CHAPTER 20 Class-of-Service Configu
- Page 533 and 534:
Configuring CoS Rules To configure
- Page 535 and 536:
You can also include application pr
- Page 537 and 538:
To control the direction in which s
- Page 539 and 540:
Mapping Forwarding-Class Name to Qu
- Page 541 and 542:
CHAPTER 21 Summary of Class-of-Serv
- Page 543 and 544:
application-sets Syntax application
- Page 545 and 546:
destination-prefix-list Syntax dest
- Page 547 and 548:
ftp Syntax ftp { data { dscp (alias
- Page 549 and 550:
ule Syntax rule rule-name { match-d
- Page 551 and 552:
sip Syntax sip { video { dscp (alia
- Page 553 and 554:
term Syntax term term-name { from {
- Page 555 and 556:
voice Syntax voice { dscp (alias |
- Page 557 and 558:
CHAPTER 22 Service Set Configuratio
- Page 559 and 560:
for which you have configured unit
- Page 561 and 562:
Determining Traffic Direction The r
- Page 563 and 564:
Configuring IPsec Service Sets Copy
- Page 565 and 566:
interface-service { service-interfa
- Page 567 and 568:
Configuring Passive-Mode Tunneling
- Page 569 and 570:
log-prefix prefix-value; } } Config
- Page 571 and 572:
handshake; init; interfaces; mib; r
- Page 573 and 574:
Table 14: Adaptive Services Tracing
- Page 575 and 576:
CHAPTER 23 Summary of Service Set C
- Page 577 and 578:
anti-replay-window-size Syntax anti
- Page 579 and 580:
clear-dont-fragment-bit Syntax clea
- Page 581 and 582:
ids-rules Syntax (ids-rules rule-na
- Page 583 and 584:
ipsec-vpn-rules Syntax (ipsec-vpn-r
- Page 585 and 586:
max-flows Syntax max-flows number;
- Page 587 and 588:
next-hop-service Syntax next-hop-se
- Page 589 and 590:
pgcp-rules Syntax (pgcp-rules rule-
- Page 591 and 592:
service-set Syntax service-set serv
- Page 593 and 594:
services services (Hierarchy) See t
- Page 595 and 596:
stateful-firewall-rules Syntax (sta
- Page 597 and 598:
traceoptions Syntax traceoptions {
- Page 599 and 600:
tunnel-mtu Syntax tunnel-mtu bytes;
- Page 601 and 602:
CHAPTER 24 Service Interface Config
- Page 603 and 604:
Services Interface Naming Overview
- Page 605 and 606:
To configure a setting for the inac
- Page 607 and 608:
setting for the tunnel as part of a
- Page 609 and 610:
Copyright © 2011, Juniper Networks
- Page 611 and 612:
Copyright © 2011, Juniper Networks
- Page 613 and 614:
Copyright © 2011, Juniper Networks
- Page 615 and 616:
CHAPTER 25 Summary of Service Inter
- Page 617 and 618:
dial-options Syntax dial-options {
- Page 619 and 620:
family Syntax family inet { address
- Page 621 and 622:
input Syntax input { service-set se
- Page 623 and 624:
output Syntax output { [ service-se
- Page 625 and 626:
edundancy-options Syntax redundancy
- Page 627 and 628:
service-filter Syntax service-filte
- Page 629 and 630:
services-options Syntax services-op
- Page 631 and 632:
unit Syntax unit logical-unit-numbe
- Page 633 and 634:
CHAPTER 26 PGCP Configuration Guide
- Page 635 and 636:
Copyright © 2011, Juniper Networks
- Page 637 and 638:
Copyright © 2011, Juniper Networks
- Page 639 and 640:
CHAPTER 27 Summary of PGCP Configur
- Page 641 and 642:
administrative (Virtual Interface)
- Page 643 and 644:
audit-observed-events-returns Synta
- Page 645 and 646:
gf-core Syntax bgf-core { default t
- Page 647 and 648:
cancel-graceful See the following s
- Page 649 and 650:
context-indications Syntax context-
- Page 651 and 652:
controller-address Syntax controlle
- Page 653 and 654:
default Syntax default trace-level;
- Page 655 and 656:
destination-port Syntax destination
- Page 657 and 658:
disconnect Syntax disconnect { cont
- Page 659 and 660:
dscp Syntax dscp { default (dscp-va
- Page 661 and 662:
failover-warm Syntax failover-warm
- Page 663 and 664:
fast-update-filters Syntax fast-upd
- Page 665 and 666:
flag Syntax flag { default trace-le
- Page 667 and 668:
Copyright © 2011, Juniper Networks
- Page 669 and 670:
down { administrative (forced-905 |
- Page 671 and 672:
gateway-controller Syntax gateway-c
- Page 673 and 674:
graceful graceful (Control Associat
- Page 675 and 676:
h248-options Syntax h248-options {
- Page 677 and 678:
h248-profile Syntax h248-profile {
- Page 679 and 680:
Copyright © 2011, Juniper Networks
- Page 681 and 682:
h248-stack Syntax h248-stack { defa
- Page 683 and 684:
inactivity-delay Syntax inactivity-
- Page 685 and 686:
inactivity-timer Syntax inactivity-
- Page 687 and 688:
ipsec-transport-security-associatio
- Page 689 and 690:
max-burst-size (RTCP Streams) Synta
- Page 691 and 692:
maximum-fuf-percentage Syntax maxim
- Page 693 and 694:
maximum-net-propagation-delay Synta
- Page 695 and 696:
media Syntax media { rtcp; rtp; } H
- Page 697 and 698:
mg-originated-pending-limit Syntax
- Page 699 and 700:
mg-segmentation-timer Syntax mg-seg
- Page 701 and 702:
mgc-originated-pending-limit Syntax
- Page 703 and 704:
mgc-segmentation-timer Syntax mgc-s
- Page 705 and 706:
no-dscp-bit-mirroring Syntax no-dsc
- Page 707 and 708:
normal-mgc-execution-time Syntax no
- Page 709 and 710:
notification-regulation Syntax noti
- Page 711 and 712:
peak-data-rate (RTCP) Syntax peak-d
- Page 713 and 714:
profile-name Syntax profile-name pr
- Page 715 and 716:
econnect Syntax reconnect (disconne
- Page 717 and 718:
equest-timestamp Syntax request-tim
- Page 719 and 720:
ule Syntax rule rule-name { gateway
- Page 721 and 722:
Required Privilege Level Related Do
- Page 723 and 724:
service-change Syntax service-chang
- Page 725 and 726:
service-state service-state (Virtua
- Page 727 and 728:
session-mirroring Syntax session-mi
- Page 729 and 730:
state-loss Syntax state-loss (force
- Page 731 and 732:
sustained-data-rate (RTCP Streams)
- Page 733 and 734:
traceoptions Syntax traceoptions {
- Page 735 and 736:
up Syntax up { cancel-graceful (non
- Page 737 and 738:
virtual-interface Syntax virtual-in
- Page 739 and 740:
virtual-interface-indications Synta
- Page 741 and 742:
CHAPTER 28 Service Interface Pools
- Page 743 and 744:
CHAPTER 29 Summary of Service Inter
- Page 745 and 746:
CHAPTER 30 Border Signaling Gateway
- Page 747 and 748:
Copyright © 2011, Juniper Networks
- Page 749 and 750:
Copyright © 2011, Juniper Networks
- Page 751 and 752:
CHAPTER 31 Summary of Border Signal
- Page 753 and 754:
accelerations Syntax accelerations
- Page 755 and 756:
admission-control (New Transaction
- Page 757 and 758:
Required Privilege Level Related Do
- Page 759 and 760:
committed-burst-size Syntax committ
- Page 761 and 762:
datastore Syntax datastore { data t
- Page 763 and 764:
dialogs Syntax dialogs { maximum-co
- Page 765 and 766:
egress-service-point Syntax egress-
- Page 767 and 768:
file Syntax file ; Hierarchy Le
- Page 769 and 770:
Required Privilege Options The opti
- Page 771 and 772:
Required Privilege Level Related Do
- Page 773 and 774:
from (New Call Usage Policy) Syntax
- Page 775 and 776:
Required Privilege Level Related Do
- Page 777 and 778:
gateway Syntax gateway gateway-name
- Page 779 and 780:
Copyright © 2011, Juniper Networks
- Page 781 and 782:
minimum trace-level; policy trace-l
- Page 783 and 784:
manipulation-rule Syntax manipulati
- Page 785 and 786:
media-type Syntax media-type (any-m
- Page 787 and 788:
maximum-records-in-cache Syntax max
- Page 789 and 790:
minimum Syntax minimum trace-level;
- Page 791 and 792:
new-call-usage-output-policies Synt
- Page 793 and 794:
new-call-usage-policy-set Syntax ne
- Page 795 and 796:
new-transaction-policy Syntax new-t
- Page 797 and 798:
new-transaction-policy-set Syntax n
- Page 799 and 800:
on-3xx-response Syntax on-3xx-respo
- Page 801 and 802:
everse-manipulation Syntax reverse-
- Page 803 and 804:
outing-destinations Syntax routing-
- Page 805 and 806:
Required Privilege servers Level Re
- Page 807 and 808:
service-interface service-interface
- Page 809 and 810:
service-point-type Syntax service-p
- Page 811 and 812:
session-trace Syntax session-trace
- Page 813 and 814:
Required Privilege Level Related Do
- Page 815 and 816:
Copyright © 2011, Juniper Networks
- Page 817 and 818:
sip-header Syntax sip-header header
- Page 819 and 820:
sip-stack Syntax sip-stack { dev-lo
- Page 821 and 822:
term term (New Call Usage Policy) S
- Page 823 and 824:
message-manipulation introduced in
- Page 825 and 826:
then (New Transaction Policy) Synta
- Page 827 and 828:
timer-c Syntax timer-c seconds; Hie
- Page 829 and 830:
Release Information Statement intro
- Page 831 and 832:
CHAPTER 32 PTSP Configuration Guide
- Page 833 and 834:
CHAPTER 33 Summary of PTSP Configur
- Page 835 and 836:
demux Syntax demux (destination-add
- Page 837 and 838:
forward-rule (Including in Rule) Sy
- Page 839 and 840:
local-address Syntax local-address
- Page 841 and 842:
local-ports Syntax local-ports [ po
- Page 843 and 844:
emote-address Syntax remote-address
- Page 845 and 846:
emote-ports Syntax remote-ports [ p
- Page 847 and 848:
ule (Including in Rule Set) Syntax
- Page 849 and 850:
term (Forward Rule) Syntax term pre
- Page 851 and 852:
then (Forward Rule) Syntax then { f
- Page 853 and 854:
Related Documentation Copyright ©
- Page 855 and 856:
CHAPTER 34 Softwire Configuration G
- Page 857 and 858:
Configuring Softwire Rules You conf
- Page 859 and 860:
Configuring a 6rd Concentrator for
- Page 861 and 862:
Copyright © 2011, Juniper Networks
- Page 863 and 864:
Copyright © 2011, Juniper Networks
- Page 865 and 866:
Copyright © 2011, Juniper Networks
- Page 867 and 868:
Copyright © 2011, Juniper Networks
- Page 869 and 870:
CHAPTER 35 Summary of Softwire Conf
- Page 871 and 872:
ule (Softwire) Syntax rule rule-nam
- Page 873 and 874:
term (softwire-rule) Syntax term te
- Page 875 and 876:
ipv6-multicast-interfaces (softwire
- Page 877 and 878:
PART 3 Dynamic Application Awarenes
- Page 879 and 880:
CHAPTER 36 Dynamic Application Awar
- Page 881 and 882:
Related Documentation APPID Overvie
- Page 883 and 884:
The following related operational c
- Page 885 and 886:
Copyright © 2011, Juniper Networks
- Page 887 and 888:
CHAPTER 37 Application Identificati
- Page 889 and 890:
• Tracing APPID Operations on pag
- Page 891 and 892:
Copyright © 2011, Juniper Networks
- Page 893 and 894:
Copyright © 2011, Juniper Networks
- Page 895 and 896:
• index—Application group index
- Page 897 and 898:
Related Documentation Configuring G
- Page 899 and 900:
Configuring APPID Support for Unidi
- Page 901 and 902:
Configuring Access to the Log File
- Page 903 and 904:
Copyright © 2011, Juniper Networks
- Page 905 and 906:
CHAPTER 38 Summary of Application I
- Page 907 and 908:
application application (Defining)
- Page 909 and 910:
application-groups Syntax applicati
- Page 911 and 912:
chain-order Syntax chain-order; Hie
- Page 913 and 914:
disable disable (APPID Application)
- Page 915 and 916:
download Syntax download { automati
- Page 917 and 918:
idle-timeout Syntax idle-timeout se
- Page 919 and 920:
index (Nested Applications) Syntax
- Page 921 and 922:
maximum-transactions Syntax maximum
- Page 923 and 924:
nested-application Syntax nested-ap
- Page 925 and 926:
no-application-system-cache Syntax
- Page 927 and 928:
no-signature-based Syntax no-signat
- Page 929 and 930:
port-range Syntax port-range { tcp
- Page 931 and 932:
ule rule (Configuring) See the foll
- Page 933 and 934:
services Syntax services applicatio
- Page 935 and 936:
signature Syntax signature name { c
- Page 937 and 938:
traceoptions Syntax traceoptions {
- Page 939 and 940:
url Syntax url url; Hierarchy Level
- Page 941 and 942:
CHAPTER 39 Application-Aware Access
- Page 943 and 944:
The match direction is used with re
- Page 945 and 946:
• application—Count the applica
- Page 947 and 948:
Copyright © 2011, Juniper Networks
- Page 949 and 950:
CHAPTER 40 Summary of AACL Configur
- Page 951 and 952:
destination-address Syntax destinat
- Page 953 and 954:
match-direction Syntax match-direct
- Page 955 and 956:
ule-set Syntax rule-set rule-set-na
- Page 957 and 958:
source-prefix-list Syntax source-pr
- Page 959 and 960:
then Syntax then { (accept | discar
- Page 961 and 962:
CHAPTER 41 Local Policy Decision Fu
- Page 963 and 964:
For more information on configuring
- Page 965 and 966:
Tracing L-PDF Operations Copyright
- Page 967 and 968:
CHAPTER 42 Summary of L-PDF Configu
- Page 969 and 970:
aacl-statistics-profile Syntax aacl
- Page 971 and 972:
file Syntax file file-name { archiv
- Page 973 and 974:
policy-decision-statistics-profile
- Page 975 and 976:
traceoptions Syntax traceoptions {
- Page 977 and 978:
PART 4 Encryption Services Copyrigh
- Page 979 and 980:
CHAPTER 43 Encryption Overview Encr
- Page 981 and 982:
CHAPTER 44 Encryption Interfaces Co
- Page 983 and 984:
} } } Configuring Filters for Traff
- Page 985 and 986:
Configuring an Outbound Traffic Fil
- Page 987 and 988:
Example: Configuring an Inbound Tra
- Page 989 and 990:
Example: Configuring ES PIC Redunda
- Page 991 and 992:
CHAPTER 45 Summary of Encryption Co
- Page 993 and 994:
es-options Syntax es-options { back
- Page 995 and 996:
filter Syntax filter { input filter
- Page 997 and 998:
tunnel Syntax tunnel { backup-desti
- Page 999 and 1000:
PART 5 Flow Monitoring and Discard
- Page 1001 and 1002:
CHAPTER 46 Flow Monitoring and Disc
- Page 1003 and 1004:
Copyright © 2011, Juniper Networks
- Page 1005 and 1006:
CHAPTER 47 Flow Monitoring and Disc
- Page 1007 and 1008:
Copyright © 2011, Juniper Networks
- Page 1009 and 1010:
Copyright © 2011, Juniper Networks
- Page 1011 and 1012:
Configuring Traffic Sampling Copyri
- Page 1013 and 1014:
Sampling Once To explicitly sample
- Page 1015 and 1016:
Tracing Traffic Sampling Operations
- Page 1017 and 1018:
Copyright © 2011, Juniper Networks
- Page 1019 and 1020:
Copyright © 2011, Juniper Networks
- Page 1021 and 1022:
Copyright © 2011, Juniper Networks
- Page 1023 and 1024:
Enabling Flow Aggregation source-ad
- Page 1025 and 1026:
Copyright © 2011, Juniper Networks
- Page 1027 and 1028:
The following sections contain addi
- Page 1029 and 1030:
Restrictions The following restrict
- Page 1031 and 1032:
Verification 1. You configure MPLS
- Page 1033 and 1034:
flow-inactive-timeout 30; flow-serv
- Page 1035 and 1036:
Configuring Sampling Instances Copy
- Page 1037 and 1038:
Configuring Inline Flow Monitoring
- Page 1039 and 1040:
Configuring Inline Flow Monitoring
- Page 1041 and 1042:
family inet; output { flow-server 1
- Page 1043 and 1044:
Configuring Port Mirroring Copyrigh
- Page 1045 and 1046:
Configuring Tunnels For more inform
- Page 1047 and 1048:
Restrictions For more information a
- Page 1049 and 1050:
Copyright © 2011, Juniper Networks
- Page 1051 and 1052:
Copyright © 2011, Juniper Networks
- Page 1053 and 1054:
Copyright © 2011, Juniper Networks
- Page 1055 and 1056:
• Firewall filter configuration
- Page 1057 and 1058:
For more information on routing tab
- Page 1059 and 1060:
Enabling Passive Flow Monitoring Co
- Page 1061 and 1062:
Passive Flow Monitoring for MPLS En
- Page 1063 and 1064:
Copyright © 2011, Juniper Networks
- Page 1065 and 1066:
Copyright © 2011, Juniper Networks
- Page 1067 and 1068:
Copyright © 2011, Juniper Networks
- Page 1069 and 1070:
CHAPTER 48 Summary of Flow-Monitori
- Page 1071 and 1072:
address Syntax address address { de
- Page 1073 and 1074:
autonomous-system-type Syntax auton
- Page 1075 and 1076:
cflowd (Flow Monitoring) Syntax cfl
- Page 1077 and 1078:
disable-all-instances Syntax disabl
- Page 1079 and 1080:
extension-service Syntax extension-
- Page 1081 and 1082:
family family (Interfaces) See the
- Page 1083 and 1084:
family (Port Mirroring) Syntax fami
- Page 1085 and 1086:
Description Configure the protocol
- Page 1087 and 1088:
filename Syntax filename filename;
- Page 1089 and 1090:
flow-active-timeout Syntax flow-act
- Page 1091 and 1092:
flow-export-destination Syntax flow
- Page 1093 and 1094:
flow-monitoring Syntax flow-monitor
- Page 1095 and 1096:
forwarding-options Syntax forwardin
- Page 1097 and 1098:
input-interface-index Syntax input-
- Page 1099 and 1100:
instance (Sampling) Syntax instance
- Page 1101 and 1102:
interface See the following section
- Page 1103 and 1104:
interfaces Syntax interfaces { ...
- Page 1105 and 1106:
match Syntax match expression; Hier
- Page 1107 and 1108:
monitoring Syntax monitoring name {
- Page 1109 and 1110:
multiservice-options Syntax multise
- Page 1111 and 1112:
next-hop-group (Port Mirroring) Syn
- Page 1113 and 1114:
option-refresh-rate Syntax option-r
- Page 1115 and 1116:
output (Monitoring) Syntax output {
- Page 1117 and 1118:
NOTE: The inline-jflow statement is
- Page 1119 and 1120:
pop-all-labels Syntax pop-all-label
- Page 1121 and 1122:
port-mirroring Syntax port-mirrorin
- Page 1123 and 1124:
eceive-ttl-exceeded Syntax receive-
- Page 1125 and 1126:
sampling Copyright © 2011, Juniper
- Page 1127 and 1128:
} } instance instance-name { disabl
- Page 1129 and 1130:
size Syntax size bytes; Hierarchy L
- Page 1131 and 1132:
syslog Syntax (syslog | no-syslog);
- Page 1133 and 1134:
template (Services) Syntax template
- Page 1135 and 1136:
unit Syntax unit logical-unit-numbe
- Page 1137 and 1138:
version9 version9 (Forwarding Optio
- Page 1139 and 1140:
version-ipfix See the following sec
- Page 1141 and 1142:
CHAPTER 49 Flow Collection Configur
- Page 1143 and 1144:
Configuring Flow Collection This se
- Page 1145 and 1146:
Configuring Transfer Logs Configuri
- Page 1147 and 1148:
The cflowd records are compressed i
- Page 1149 and 1150:
Copyright © 2011, Juniper Networks
- Page 1151 and 1152:
Copyright © 2011, Juniper Networks
- Page 1153 and 1154:
CHAPTER 50 Summary of Flow Collecti
- Page 1155 and 1156:
collector Syntax collector interfac
- Page 1157 and 1158:
file-specification file-specificati
- Page 1159 and 1160:
Required Privilege Level Copyright
- Page 1161 and 1162:
ftp (Flow Collector Files) Syntax f
- Page 1163 and 1164:
maximum-age Syntax maximum-age minu
- Page 1165 and 1166:
• {year}—In the format YYYY; fo
- Page 1167 and 1168:
etry Syntax retry number; Hierarchy
- Page 1169 and 1170:
username Syntax username user-name;
- Page 1171 and 1172:
CHAPTER 51 Dynamic Flow Capture Con
- Page 1173 and 1174:
Configuring the Capture Group Copyr
- Page 1175 and 1176:
Configuring the Control Source Copy
- Page 1177 and 1178:
Configuring System Logging Configur
- Page 1179 and 1180:
Copyright © 2011, Juniper Networks
- Page 1181 and 1182:
CHAPTER 52 Flow-Tap Configuration G
- Page 1183 and 1184:
Figure 12: Flow-Tap Topology Mediat
- Page 1185 and 1186:
Restrictions on Flow-Tap Services T
- Page 1187 and 1188:
Examples: Configuring Flow-Tap Serv
- Page 1189 and 1190:
CHAPTER 53 Summary of Dynamic Flow
- Page 1191 and 1192:
capture-group Syntax capture-group
- Page 1193 and 1194:
control-source Syntax control-sourc
- Page 1195 and 1196:
flow-tap Syntax flow-tap { (interfa
- Page 1197 and 1198:
g-max-duplicates Syntax g-max-dupli
- Page 1199 and 1200:
interface Syntax interface sp-fpc/p
- Page 1201 and 1202:
no-syslog Syntax no-syslog; Hierarc
- Page 1203 and 1204:
services Syntax services dynamic-fl
- Page 1205 and 1206:
source-addresses ttl Syntax source-
- Page 1207 and 1208:
PART 6 Link and Multilink Services
- Page 1209 and 1210:
CHAPTER 54 Link and Multilink Servi
- Page 1211 and 1212:
Copyright © 2011, Juniper Networks
- Page 1213 and 1214:
CHAPTER 55 Link and Multilink Servi
- Page 1215 and 1216:
You must configure a link before it
- Page 1217 and 1218:
To configure a physical T1 link for
- Page 1219 and 1220:
• Configuring the Sequence Header
- Page 1221 and 1222:
By default, compression of the inne
- Page 1223 and 1224:
mrru bytes; You can include this st
- Page 1225 and 1226:
You can configure multicast support
- Page 1227 and 1228:
Copyright © 2011, Juniper Networks
- Page 1229 and 1230:
Table 18: Link Services Physical In
- Page 1231 and 1232:
The disable-tx option disables tran
- Page 1233 and 1234:
number of high-priority traffic flo
- Page 1235 and 1236:
Copyright © 2011, Juniper Networks
- Page 1237 and 1238:
} } term default { then { log; forw
- Page 1239 and 1240:
pic-type atm2; vpi 12; } unit 2 { e
- Page 1241 and 1242:
Example: Configuring a Link Service
- Page 1243 and 1244:
Example: Configuring a Link Service
- Page 1245 and 1246:
Copyright © 2011, Juniper Networks
- Page 1247 and 1248:
Copyright © 2011, Juniper Networks
- Page 1249 and 1250:
Copyright © 2011, Juniper Networks
- Page 1251 and 1252:
CHAPTER 56 Summary of Multilink and
- Page 1253 and 1254:
action-red-differential-delay Synta
- Page 1255 and 1256:
destination Syntax destination dest
- Page 1257 and 1258:
drop-timeout Syntax drop-timeout mi
- Page 1259 and 1260:
encapsulation (Physical Interface)
- Page 1261 and 1262:
fragment-threshold Syntax fragment-
- Page 1263 and 1264:
interleave-fragments Syntax interle
- Page 1265 and 1266:
mlfr-uni-nni-bundle-options Syntax
- Page 1267 and 1268:
mtu Syntax mtu bytes; Hierarchy Lev
- Page 1269 and 1270:
n393 Syntax n393 number; Hierarchy
- Page 1271 and 1272:
t392 Syntax t392 number; Hierarchy
- Page 1273 and 1274:
yellow-differential-delay Syntax ye
- Page 1275 and 1276:
PART 7 Real-Time Performance Monito
- Page 1277 and 1278:
CHAPTER 57 Real-Time Performance Mo
- Page 1279 and 1280:
CHAPTER 58 Real-Time Performance Mo
- Page 1281 and 1282:
• [edit protocols bgp group group
- Page 1283 and 1284:
Configuring RPM Probes Copyright ©
- Page 1285 and 1286:
Copyright © 2011, Juniper Networks
- Page 1287 and 1288:
Configuring RPM Receiver Servers Th
- Page 1289 and 1290:
Example: Configuring RPM Timestampi
- Page 1291 and 1292:
Copyright © 2011, Juniper Networks
- Page 1293 and 1294:
Related Documentation • } } } } E
- Page 1295 and 1296:
Copyright © 2011, Juniper Networks
- Page 1297 and 1298:
} } } } Copyright © 2011, Juniper
- Page 1299 and 1300:
CHAPTER 59 Summary of Real-Time Per
- Page 1301 and 1302:
client-list Syntax client-list list
- Page 1303 and 1304:
destination-interface Syntax destin
- Page 1305 and 1306:
dscp-code-point Syntax dscp-code-po
- Page 1307 and 1308:
inactivity-timeout Syntax inactivit
- Page 1309 and 1310:
maximum-connections-per-client Synt
- Page 1311 and 1312:
one-way-hardware-timestamp Syntax o
- Page 1313 and 1314:
probe Syntax probe owner { test tes
- Page 1315 and 1316:
probe-limit Syntax probe-limit limi
- Page 1317 and 1318:
outing-instance Syntax routing-inst
- Page 1319 and 1320:
server Syntax server { client-list
- Page 1321 and 1322:
target tcp Syntax target (url url |
- Page 1323 and 1324:
test-interval Syntax test-interval
- Page 1325 and 1326:
traps Syntax traps traps; Hierarchy
- Page 1327 and 1328:
udp Syntax udp { destination-interf
- Page 1329 and 1330:
PART 8 Tunnel Services Copyright ©
- Page 1331 and 1332:
CHAPTER 60 Tunnel Services Overview
- Page 1333 and 1334:
Table 21: Tunnel Interface Types (c
- Page 1335 and 1336:
CHAPTER 61 Tunnel Interfaces Config
- Page 1337 and 1338:
it to be one larger than the number
- Page 1339 and 1340:
Specifying an MTU Setting for the T
- Page 1341 and 1342:
Related Documentation Copyright ©
- Page 1343 and 1344:
Connecting Logical Systems To conne
- Page 1345 and 1346:
Table 22: Methods for Configuring E
- Page 1347 and 1348:
Configuring IPv4-over-IPv6 Tunnels
- Page 1349 and 1350:
Copyright © 2011, Juniper Networks
- Page 1351 and 1352:
Configuration on Router 2 family in
- Page 1353 and 1354:
Related Documentation • Configuri
- Page 1355 and 1356:
CHAPTER 62 Summary of Tunnel Servic
- Page 1357 and 1358:
destination See the following secti
- Page 1359 and 1360:
dynamic-tunnels Syntax dynamic-tunn
- Page 1361 and 1362:
keepalive-time key Syntax keepalive
- Page 1363 and 1364:
eassemble-packets Syntax reassemble
- Page 1365 and 1366:
source Syntax source source-address
- Page 1367 and 1368:
tunnel Syntax tunnel { allow-fragme
- Page 1369 and 1370:
unit Syntax unit logical-unit-numbe
- Page 1371 and 1372:
PART 9 Index Copyright © 2011, Jun
- Page 1373 and 1374:
Index Symbols #, comments in config
- Page 1375 and 1376:
automatic statement................
- Page 1377 and 1378:
IDS................................
- Page 1379 and 1380:
database (tracing flag)............
- Page 1381 and 1382:
H H.248 properties.620, 638, 639, 6
- Page 1383 and 1384:
example configuration..............
- Page 1385 and 1386:
manuals comments on................
- Page 1387 and 1388:
nested-application-settings stateme
- Page 1389 and 1390:
post-service-filter statement......
- Page 1391 and 1392:
scheduler map CoS configuration exa
- Page 1393 and 1394:
match conditions...................
- Page 1395 and 1396:
transport-details statement........
- Page 1397 and 1398:
Index of Statements and Commands A
- Page 1399 and 1400:
NAT................................
- Page 1401 and 1402:
instance statement port mirroring..
- Page 1403 and 1404:
no-signature-based statement.......
- Page 1405 and 1406:
service-interface statement........
- Page 1407 and 1408:
unit statement encryption..........