Juniper-networks J-Series Manuale Utente

J-series™ Services RouterAdministration GuideRelease 9.1Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.

Part 2 Monitoring a Services RouterChapter 7 Monitoring the Router and Routing Operations 101Monitoring Terms ...

user@host> ping 192.168.2.2PING 192.168.2.2 (192.168.2.2): 56 data bytes64 bytes from 192.168.2.2: icmp_seq=0 ttl=255 time=8.856 ms64 bytes from 19

Related Topics To use the J-Web interface to ping a host, see “Using the J-Web Ping HostTool” on page 216. For more information about the ping command

80 Displaying DHCP StatisticsJ-series™ Services Router Administration Guide

Chapter 5Configuring AutoinstallationIf you are setting up many J-series Services Routers, autoinstallation can help automatethe configuration process

Table 40: Autoinstallation Terms (continued)DefinitionTermConfiguration that takes place on a Services Router for which you have created ahost-specifi

Table 41: Interfaces and Protocols for IP Address Acqusition During AutoinstallationProtocol for AutoinstallationInterface and Encapsulation TypeDHCP,

2. After the new Services Router acquires an IP address, the autoinstallation processon the router attempts to download a configuration file in the fo

Gigabit Ethernet Serial with HDLC encapsulation If you configure the DHCP server to provide only the TFTP server hostname, addan IP address-to-hos

Table 42: Configuring AutoinstallationCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchy level, enteredit system1.In the

Action From the CLI, enter the show system autoinstallation status command.user@host> show system autoinstallation statusAutoinstallation status:Ma

Chapter 8 Monitoring Events and Managing System Log Files 155System Log Message Terms ...

88 Verifying Autoinstallation StatusJ-series™ Services Router Administration Guide

Chapter 6Automating Network Operations andTroubleshootingJ-series Services Routers support automation of network operations andtroubleshooting tasks u

Generate custom warning messages, system log messages, or error messages.If error messages are generated, the commit operation fails and the candida

Table 43: Enabling Commit ScriptsCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchy level, enteredit system scripts commi

commit completeNOTE: You can later reactivate the commit script using the activate system scriptscommit filename.xsl command.Automating Network Manage

Enabling Operation ScriptsTo enable operation scripts:1. Write an operation script.For information about writing operation scripts, see the JUNOS Conf

user@host# op filename.xslDisabling Operation ScriptsIf you do not want an operation script to run, you can disable it by deleting ordeactivating it i

actions when specific events occur. These actions can either help you diagnose afault or take corrective action.This section contains the following to

Table 45: Configuring Event PoliciesCLI Configuration EditorJ-Web Configuration EditorTaskConfiguring Destination for Uploading Files for AnalysisFrom

Table 45: Configuring Event Policies (continued)CLI Configuration EditorJ-Web Configuration EditorTaskEnterset thenset raise-trap1.Next to Then, click

Downgrading the Software ...185Downgrading the Software with the J-Web Interfac

98 Running Self-Diagnostics with Event PoliciesJ-series™ Services Router Administration Guide

Part 2Monitoring a Services Router Monitoring the Router and Routing Operations on page 101 Monitoring Events and Managing System Log Files on page

100 Monitoring a Services RouterJ-series™ Services Router Administration Guide

Chapter 7Monitoring the Router and RoutingOperationsJ-series Services Routers support a suite of J-Web tools and CLI operational modecommands for moni

You can also monitor the router with CLI operational mode commands. CLI commandoutput appears on the screen of your console or management device, or y

Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued)Corresponding CLI CommandsFunctionMonitor Option Route information show

Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued)Corresponding CLI CommandsFunctionMonitor Option Interfaces—show mpls i

Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued)Corresponding CLI CommandsFunctionMonitor Option show system services d

lines of the configuration that contain address, issue the show configuration commandusing a pipe into the match filter:user@host> show configurati

Using the Monitoring ToolsThis section describes the monitoring tools in detail. It contains the following topics: Monitoring System Properties on pa

Pinging Hosts from the J-Web Interface ...216Using the J-Web Ping Host Tool ...

Table 48: Summary of Key System Properties Output Fields (continued)Additional InformationValuesFieldHostname of the Services Router, as defined with

Table 48: Summary of Key System Properties Output Fields (continued)Additional InformationValuesFieldTotal RAM available on the Services Router.TotalM

Table 48: Summary of Key System Properties Output Fields (continued)Additional InformationValuesFieldPercentage of the installed RAM that is being use

Table 49: Summary of System Process Information Output Fields (continued)Additional InformationValuesFieldSleep state of the process.Sleep stateTime o

Table 50: Summary of Key Chassis Output Fields (continued)Additional InformationValuesFieldJUNOS has system-defined alarms and configurablealarms. Sys

Table 50: Summary of Key Chassis Output Fields (continued)Additional InformationValuesFieldPart number of the chassis component.PartNumberUse this ser

interface. To view interface-specific properties such as administrative state or trafficstatistics in the J-Web interface, select the interface name o

Table 51: Summary of Key Interfaces Output Fields (continued)Additional InformationValuesFieldInterfaces are enabled by default. To disable aninterfac

This section contains the following topics: Monitoring Route Information on page 116 Monitoring BGP Routing Information on page 117 Monitoring OSPF

Table 52: Summary of Key Routing Information Output Fields (continued)Additional InformationValuesFieldIf a next hop is listed as Discard, all traffic

Chapter 14 Configuring RPM Probes 267RPM Terms ...267RPM

Table 53: Summary of Key BGP Routing Output Fields (continued)Additional InformationValuesFieldNumber of unavailable BGP peers.DownPeersAddress of eac

Table 53: Summary of Key BGP Routing Output Fields (continued)Additional InformationValuesFieldNames of any export policies configured on the peer.Exp

Table 54: Summary of Key OSPF Routing Output Fields (continued)Additional InformationValuesFieldNumber of the area that the interface is in.AreaAddres

Table 55: Summary of Key RIP Routing Output Fields (continued)Additional InformationValuesFieldNumber of RIP routes advertised on the logicalinterface

Table 56: Summary of Key DLSw Routing Information Output Fields (continued)Additional InformationValuesFieldDLSw protocol version.VersionnumberFrequen

Table 56: Summary of Key DLSw Routing Information Output Fields (continued)Additional InformationValuesFieldDLSw ReachabilityNumber assigned to the re

Table 57: Summary of Key CoS Interfaces Output FieldsAdditional InformationValuesFieldTo display names of logical interfacesconfigured on this physica

Table 58: Summary of Key CoS Classifier Output Fields (continued)The classifiers are displayed by type: dscp—All classifiers of the DSCP type. dscp ip

Table 59: Summary of Key CoS Value Alias Output FieldsAdditional InformationValuesFieldTo display aliases and bit patterns, click theplus sign (+).Typ

Table 60: Summary of Key CoS RED Drop Profile Output Fields (continued)Additional InformationValuesFieldType of a specific drop profile: interpolated—

About This GuideThis preface provides the following guidelines for using the J-series™ Services RouterAdministration Guide: Objectives on page xv Au

Table 61: Summary of Key CoS Forwarding Class Output FieldsAdditional InformationValuesFieldNames of forwarding classes assigned toqueue numbers. By d

Table 62: Summary of Key CoS Rewrite Rules Output Fields (continued)Additional InformationValuesFieldRewrite rules are applied to CoS values inoutgoin

Table 63: Summary of Key CoS Scheduler Maps Output Fields (continued)Additional InformationValuesFieldDelay buffer size in the queue or the amountof t

Monitoring RSVP Session Information on page 133 Monitoring MPLS RSVP Interfaces Information on page 134Monitoring MPLS InterfacesTo view the interf

Table 65: Summary of Key MPLS LSP Information Output Fields (continued)Additional InformationValuesFieldSource (inbound router) of the session.FromAdm

Table 66: Summary of Key MPLS LSP Statistics Output FieldsAdditional InformationValuesFieldInformation about LSPs on the inbound router.Each session h

Table 67: Summary of Key RSVP Session Information Output Fields (continued)Additional InformationValuesFieldMPLS learns this information by querying R

Table 68: Summary of Key RSVP Interfaces Information Output Fields (continued)Additional InformationValuesFieldState of the interface: Disabled—No tra

Table 69: Summary of Key Service Set Output FieldsAdditional InformationValuesFieldService Set SummaryName of the adaptive services interface on theSe

This section contains the following topics: Monitoring Stateful Firewall Statistics on page 137 Monitoring Stateful Firewall Filters on page 138 Mo

Personnel operating the equipment must be trained and competent; must not conductthemselves in a careless, willfully negligent, or hostile manner; and

Table 70: Summary of Key Stateful Firewall Statistics Output Fields (continued)ValuesFieldNumber of protocol errors detected: IP—Number of IPv4 errors

Table 71: Summary of Key Stateful Firewall Filters Output Fields (continued)ValuesFieldDirection of the flow: I (input) or O (output).DirectionNumber

Table 73 on page 140 summarizes key output fields for stateful firewall filter intrusiondetection.Table 73: Summary of Key Firewall IDS Output FieldsV

Table 74: Summary of Key IPSec Output Fields (continued)ValuesFieldGateway address of the remote system.Remote GatewayDirection of the IPSec tunnel: I

Table 74: Summary of Key IPSec Output Fields (continued)ValuesFieldType of IKE exchange. The IKE exchange type determines the number of messages in th

show services nat poolTable 75 on page 143 summarizes key output fields in NAT displays.Table 75: Summary of Key NAT Output FieldsValuesFieldNAT Pools

Table 76: Summary of DHCP Output Fields (continued)Additional InformationValuesFieldDHCP servers can assign a dynamic binding from a poolof IP address

Monitoring RPM ProbesThe RPM information includes the round-trip time, jitter, and standard deviationvalues for each configured RPM test on the Servic

Table 77: Summary of Key RPM Output Fields (continued)Additional InformationValuesFieldShortest round-trip time from the Services Router tothe remote

Table 77: Summary of Key RPM Output Fields (continued)Additional InformationValuesFieldCumulative Jitter for a ProbeThe Services Router maintains reco

To monitor, diagnose, and manage a router, use the J-Web interface or CLI operationalmode commands.Document ConventionsTable 2 on page xvii defines th

For information about these CLI commands, see the JUNOS Interfaces CommandReference.Monitoring PPPoEThe PPPoE monitoring information is displayed in m

Table 78: Summary of Key PPPoE Output Fields (continued)Additional InformationValuesFieldService Name identifies the type of service providedby the ac

Table 78: Summary of Key PPPoE Output Fields (continued)Additional InformationValuesFieldPackets sent and received during the PPPoEsession, categorize

Table 78: Summary of Key PPPoE Output Fields (continued)Additional InformationValuesFieldThe PPPoE Active Discovery Initiation (PADI) packetis sent to

show tgm dynamic-call-admission-control show tgm fpc slot-number media-gateway-controller show tgm fpc slot-number dsp-capacity show tgm telephony-in

Table 79: Summary of Key Media Gateway Information Output Fields (continued)Additional InformationValuesFieldNumber of voice channels in the low-capac

154 Using the Monitoring ToolsJ-series™ Services Router Administration Guide

Chapter 8Monitoring Events and Managing SystemLog FilesJ-series Services Routers support configuring and monitoring of system log messages(also called

Table 80: System Log Message Terms (continued)DefinitionTermCombination of the facility and severity level of a system log message. By default, priori

The JUNOS system logging utility is similar to the UNIX syslogd utility. Each systemlog message identifies the software process that generated the mes

Table 3: Text and Syntax Conventions (continued)ExamplesDescriptionConvention To configure a stub area, includethe stub statement at the [editprotocol

Table 81: System Logging Facilities (continued)DescriptionFacilityCommands executed in the CLIinteractive-commandsMessages generated by the JUNOS kern

Table 83: Common Regular Expression Operators and the Terms They MatchMatching TermsRegular Expression OperatorOne instance of any character except th

Configuring System Log Messages with a Configuration EditorThis section contains the following topics: Sending System Log Messages to a File on page

Sending System Log Messages to a User TerminalTo direct system log messages to the terminal session of one or more specific users(or all users) when t

and permissions for the specified log file. For configuration details, see the informationabout archiving log files in the JUNOS System Basics Configu

Table 86: Filtering System Log Messages (continued)Your ActionFunctionFieldTo specify events with a specific ID, type itspartial or complete ID—for ex

Viewing System Log MessagesBy default, the View Events page displays the most recent 25 events, with severitylevels highlighted in different colors. A

Chapter 9Configuring and Monitoring AlarmsAlarms on a J-series Services Router alert you to conditions on a network interface,on the router chassis, o

Table 88: Alarm Terms (continued)DefinitionTermAlarm triggered by the state of a physical link on a fixed or installed Physical Interface Module(PIM),

Alarm SeverityAlarms on a Services Router have two severity levels: Major (red)—Indicates a critical situation on the router that has resulted fromon

Table 4: J-series Guides and Related JUNOS Software PublicationsCorresponding JUNOS Software ManualChapter in a J-series GuideGetting Started Guide fo

Table 89: Interface Alarm ConditionsConfigurationOptionDescriptionAlarm ConditionInterfaceaisThe normal T1 traffic signal contained a defectcondition

Table 89: Interface Alarm Conditions (continued)ConfigurationOptionDescriptionAlarm ConditionInterfacehw-downA hardware problem has occurred on the Se

Table 89: Interface Alarm Conditions (continued)ConfigurationOptionDescriptionAlarm ConditionInterfaceaisThe normal T3 traffic signal contained a defe

Table 90: Chassis Alarm Conditions and Corrective ActionsAlarm SeverityCorrective ActionAlarm ConditionsComponentYellow (minor)Typically, the router b

System Alarm Conditions and Corrective ActionsTable 91 on page 172 lists the two preset system alarms, the condition that triggerseach alarm, and the

Table 92: Configuring Interface AlarmsCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchy level, enteredit chassis alarm1.

Table 92: Configuring Interface Alarms (continued)CLI Configuration EditorJ-Web Configuration EditorTask1.Enteredit system login2.Enterset class admin

Table 93: Summary of Key Alarm Output Fields (continued)Additional InformationValuesFieldDate and time when the alarm condition wasdetected.Received a

exz yellow;los red;ylw red;}ds1 {ylw red;}ethernet {link-down red;}serial {loss-of-rx-clock red;loss-of-tx-clock red;dcd-absent yellow;cts-absent yell

Part 3Managing Services Router Software Performing Software Upgrades and Reboots on page 179 Managing Files on page 199Managing Services Router Soft

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, EpilogueTechnolog

Table 4: J-series Guides and Related JUNOS Software Publications (continued)Corresponding JUNOS Software ManualChapter in a J-series Guide JUNOS Syste

178 Managing Services Router SoftwareJ-series™ Services Router Administration Guide

Chapter 10Performing Software Upgrades andRebootsA J-series Services Router is delivered with the JUNOS software preinstalled. Whenyou power on the ro

J-Web interface or the CLI to upgrade, the router downloads the software image,decompresses the image, and installs the decompressed software. Finally

512 MB 1024 MBCompact flash cards with 128 MB storage capacity are not supported.A sample J-series recovery software package name isjunos-jseries-9

1. Using a Web browser, follow the links to the download URL on the JuniperNetworks Web page. Depending on your location, select either Canada and U.S

Table 95: Install Remote SummaryYour ActionFunctionFieldType the full address of the software packagelocation on the FTP or HTTP server—one of thefoll

Installing Software Upgrades with the CLITo install software upgrades on a router with the CLI:1. If your router has 256 MB of flash memory and 256 MB

Downgrading the SoftwareWhen you upgrade the JUNOS software, the router creates a backup image of thesoftware that was previously installed, as well a

router. To downgrade to an earlier version of software, follow the procedure forupgrading, using the JUNOS software image labeled with the appropriate

Figure 16 on page 187 shows the Snapshot page.Figure 16: Snapshot PageERROR: Unresolved graphic fileref="s020261.gif" not found in"\\te

Table 4: J-series Guides and Related JUNOS Software Publications (continued)Corresponding JUNOS Software ManualChapter in a J-series GuideJUNOS System

Table 97: Snapshot Summary (continued)Your ActionFunctionFieldTo create a boot medium to use in the internalcompact flash only, select the check box.O

Configuring a Boot Device for Backup with the CLIUse the request system snapshot CLI command to create a boot device for the ServicesRouter on an alte

Table 98: CLI request system snapshot Command Options (continued)DescriptionOptionPartitions the medium. This option is usually necessary for boot dev

Table 99: CLI set system dump-device Command OptionsDescriptionOptionUses whatever device was booted from as the system software failure memory snapsh

CAUTION: This procedure does not recover any router configuration files. After youreinstall the JUNOS software, all the information on the original in

Recovery software packages are available from the same location as J-series upgradesoftware packages. (See “Downloading Software Upgrades from Juniper

WARNING: that disk is larger than 800 MB! Make sure you're not accidentally overwriting your primary hard disk! Proceeding on

3. Choose the boot device from the Reboot from media list: compact-flash—Reboots from the internal compact flash. This selection isthe default choice

Table 101: CLI Request System Reboot Command Options (continued)DescriptionOptionSpecifies the time at which to reboot the router. You can specify tim

Table 102: CLI Request System Halt Command Options (continued)DescriptionOptionTime at which to stop the software processes on the router. You can spe

For quick and easy problem resolution, Juniper Networks has designed an onlineself-service portal called the Customer Support Center (CSC) that provid

198 Rebooting or Halting a Services RouterJ-series™ Services Router Administration Guide

Chapter 11Managing FilesYou can use the J-Web interface to perform routine file management operations suchas archiving log files and deleting unused l

Rotates log files—All information in the current log files is archived, old archivesare deleted, and fresh log files are created. Deletes log files

Log Files—Lists the log files located in the /var/log directory on the router. Temporary Files—Lists the temporary files located in the /var/tmp dire

Rotates log files—All information in the current log files is archived, old archivesare deleted, and fresh log files are created. Deletes log files

user@host> set file filename nonpersistentFor more information about the nonpersistent option, see the JUNOS NetworkManagement Configuration Guide.

Encrypting Configuration FilesTo encrypt configuration files on a Services Router:1. Enter operational mode in the CLI.2. To configure an encryption k

user@host# set encrypt-configuration-files7. To begin the encryption process, commit the configuration.user@host# commitcommit completeDecrypting Conf

To modify the encryption key:1. Enter operational mode in the CLI.2. To configure a new encryption key in EEPROM and determine the encryptionprocess,

Part 4Diagnosing Performance and NetworkProblems Using Services Router Diagnostic Tools on page 209 Configuring Packet Capture on page 253 Configur

Part 1Configuring a Services Router forAdministration Managing User Authentication and Access on page 3 Setting Up USB Modems for Remote Management

208 Diagnosing Performance and Network ProblemsJ-series™ Services Router Administration Guide

Chapter 12Using Services Router Diagnostic ToolsJ-series Services Routers support a suite of J-Web tools and CLI operational modecommands for evaluati

Table 104: J-series Diagnostic Terms (continued)DefinitionTermOption in the IP header used to route a packet based on information supplied by the sour

Table 105: J-Web Interface Diagnose and Manage Options (continued)FunctionOptionAllows you to trace a route between the Services Router and a remote h

Table 106: CLI Diagnostic Command SummaryFunctionCommandControlling the CLI EnvironmentConfigures the CLI display.set optionDiagnosis and Troubleshoot

Table 106: CLI Diagnostic Command Summary (continued)FunctionCommandExits the CLI and starts a UNIX shell.startEnters configuration mode.For details,

Table 107: Options for Checking MPLS Connections (continued)Additional InformationPurposeping mpls CommandJ-Web Ping MPLSToolWhen an LDP-signaled LSP

Before You BeginThis section includes the following topics: General Preparation on page 215 Ping MPLS Preparation on page 215General PreparationTo u

Pinging Hosts from the J-Web InterfaceThis section contains the following topics: Using the J-Web Ping Host Tool on page 216 Ping Host Results and O

Table 108: J-Web Ping Host Field Summary (continued)Your ActionFunctionField To suppress the display of the hop hostnames,select the check box. To dis

2 Configuring a Services Router for AdministrationJ-series™ Services Router Administration Guide

Ping Host Results and Output SummaryTable 109 on page 218 summarizes the output in the ping host display. If the ServicesRouter receives no ping respo

For more information about ICMP, see RFC 792, Internet Control Message Protocol.Checking MPLS Connections from the J-Web InterfaceUse the J-Web ping M

Table 110: J-Web Ping MPLS Field Summary (continued)Your ActionFunctionFieldType the source IP address—a valid addressconfigured on a Services Router

Table 110: J-Web Ping MPLS Field Summary (continued)Your ActionFunctionFieldInstance to which this connection belongsType the name of the VPN to ping.

Table 110: J-Web Ping MPLS Field Summary (continued)Your ActionFunctionFieldType the source IP address—a valid addressconfigured on a Services Router

The host is not operational. There are network connectivity problems between the Services Router and thehost. The host might be configured to igno

The Services Router sends a total of three traceroute packets to each router alongthe path and displays the round-trip time for each traceroute operat

Table 112: Traceroute Field Summary (continued)Your ActionFunctionField To display the AS numbers, select the checkbox. To suppress the display of the

For more information about ICMP, see RFC 792, Internet Control Message Protocol.Capturing and Viewing Packets with the J-Web InterfaceYou can use the

To stop capturing packets and return to the Packet Capture page, click OK.Figure 24: Packet Capture PageERROR: Unresolved graphic fileref="s020

Chapter 1Managing User Authentication and AccessYou can use either J-Web Quick Configuration or a configuration editor to managesystem functions, incl

Table 114: Packet Capture Field Summary (continued)Your ActionFunctionField To display absolute TCP sequence numbers inthe packet headers, select this

Table 114: Packet Capture Field Summary (continued)Your ActionFunctionField To save the captured packet headers to a file,select this check box. To de

Table 115: J-Web Packet Capture Results and Output Summary (continued)DescriptionFieldSize of the packet (in bytes).data sizeUsing CLI Diagnostic Comm

Table 116: CLI ping Command Options (continued)DescriptionOption(Optional) Sends the ping requests on the interface you specify. If you do not include

Table 116: CLI ping Command Options (continued)DescriptionOption(Optional) Sets the time-to-live (TTL) value for the ping request packet. Specify a va

The ping mpls commands diagnose the connectivity of MPLS and VPN networks inthe following ways: Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs on p

The fields in the display are the same as those displayed by the J-Web ping MPLSdiagnostic tool. For information, see “Ping MPLS Results and Output” o

Pinging Layer 2 VPNsEnter the ping mpls l2vpn command with the following syntax. Table 119 on page 235 describes the ping mpls l2vpn command options.u

Reply for seq 5, return code: Egress-ok--- lsping statistics ---5 packets transmitted, 5 packets received, 0% packet lossThe fields in the display are

Tracing Unicast Routes from the CLIUse the CLI traceroute command to display a list of routers between the ServicesRouter and a specified destination

User Authentication OverviewThis section contains the following topics: User Authentication on page 4 User Accounts on page 4 Login Classes on page

Table 121: CLI traceroute Command Options (continued)DescriptionOption(Optional) Bypasses the routing tables and sends the traceroute packets only to

To quit the traceroute monitor command, press Q.Table 122: CLI traceroute monitor Command OptionsDescriptionOptionSends traceroute packets to the host

Table 123: CLI traceroute monitor Command Output SummaryDescriptionFieldHostname or IP address of the Services Router issuing the traceroute monitor c

the Services Router. The mtrace monitor command monitors and displays multicasttrace operations.This section contains the following topics. For more i

Table 124: CLI mtrace from-source Command Options (continued)DescriptionOption(Optional) Forces the responses to use multicast.multicast-response(Opti

Table 125: CLI mtrace from-source Command Output SummaryDescriptionFieldNumber of the hop (router) along the path.hop-numberHostname, if available, or

This example displays only mtrace queries. When the Services Router captures anmtrace response, the display is similar, but the complete mtrace respon

Monitoring Interfaces and Traffic from the CLIThis section contains the following topics: Using the monitor interface Command on page 245 Using the

Table 128: CLI monitor interface traffic Output Control Keys (continued)ActionKeyDisplays the Delta column instead of the rate column—in bps or packe

Enter the monitor traffic command with the following syntax. Table 129 on page 247describes the monitor traffic command options.user@host> monitor

password that the JUNOS software encrypts using MD5-style encryption beforeentering it in the password database. If you configure the plain-text-passw

Table 129: CLI monitor traffic Command Options (continued)DescriptionOption(Optional) Displays minimum packet header information. This isthe default.b

Table 130: CLI monitor traffic Match Conditions (continued)DescriptionMatch ConditionMatches packet headers that contain the specified address or host

Table 130: CLI monitor traffic Match Conditions (continued)DescriptionMatch ConditionMatches all TCP packets.tcpMatches all UDP packets.udpTable 131:

Table 132: CLI monitor traffic Arithmetic, Binary, and Relational Operators (continued)DescriptionOperatorA match occurs if the first expression is no

252 Using CLI Diagnostic CommandsJ-series™ Services Router Administration Guide

Chapter 13Configuring Packet CapturePacket capture is a tool that helps you to analyze network traffic and troubleshootnetwork problems. On a J-series

Table 133: Packet Capture TermsDefinitionTermPacket sampling method used by packet capture, in which entire IPv4 packets flowing in theinput or output

NOTE: You can enable packet capture and port mirroring simultaneously on a ServicesRouter.For more information about traffic sampling, see the JUNOS P

the performance of the Services Router. You can control the number of packetscaptured on an interface with firewall filters and specify various criter

For more details about analyzing packet capture files, see Verifying CapturedPackets on page 264.Before You BeginBefore you begin configuring packet c

Table 7: Permission Bits for Login ClassesAccessPermission BitCan view user account information in configuration mode and with the show configurationc

Table 134: Enabling Packet CaptureCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchy level, enteredit forwarding-options1

Configuring Packet Capture on an Interface (Required)To capture all transit and host-bound packets on an interface and specify the directionof the tra

1. Navigate to the top of the configuration hierarchy in either the J-Web or CLIconfiguration editor.2. Perform the configuration tasks described in T

NOTE: If you apply a firewall filter on the loopback interface, it affects all traffic toand from the Routing Engine. If the firewall filter has a sam

To delete a packet capture file:1. Disable packet capture following the steps in “Disabling PacketCapture” on page 261.2. Using the CLI, delete the pa

user@host> start shell%b. Navigate to the directory where packet capture files are stored:% cd /var/tmp%c. Rename the latest packet capture file fo

}Meaning Verify that the output shows the intended file configuration for capturing packets.Related Topics For more information about the format of a

Name (tools-server:user):remoteuser331 Password required for remoteuser.Password:230 User remoteuser logged in.Remote system type is UNIX.Using binary

Meaning Verify that the output shows the intended packets.266 Verifying Captured PacketsJ-series™ Services Router Administration Guide

Chapter 14Configuring RPM ProbesJ-series Services Routers support a tool that allows network operators and theircustomers to accurately measure the pe

Table 7: Permission Bits for Login Classes (continued)AccessPermission BitCan view general routing, routing protocol, and routing policy configuration

Table 138: RPM Terms (continued)DefinitionTermRemote network endpoint, identified by an IP address or URL, to which the Services Routersends a real-ti

UDP and TCP probe types require that the remote server be configured as an RPMreceiver so that it generates responses to the probes.RPM TestsEach prob

RPM StatisticsAt the end of each test, the Services Router collects the statistics for packet round-triptime, packet inbound and outbound times (for I

Table 139: RPM Statistics (continued)DescriptionRPM StatisticsPercentage of probes sent for which a response was not receivedLoss percentageRPM Thresh

Figure 26: Main Quick Configuration Page for RPMERROR: Unresolved graphic fileref="s020257.gif" not found in"\\teamsite1\default\main\T

Table 140: RPM Quick Configuration Summary (continued)Your ActionFunctionFieldType the routing instance name. The routinginstance applies only to pro

Table 140: RPM Quick Configuration Summary (continued)Your ActionFunctionFieldTo enable timestamping, select the check box.Enables timestamping of RP

Table 140: RPM Quick Configuration Summary (continued)Your ActionFunctionFieldType a number between 0 and 60,000,000(microseconds).Sets the maximum a

Table 140: RPM Quick Configuration Summary (continued)Your ActionFunctionField To enable SNMP traps for this condition,select the check box. To disab

probe for Customer B uses HTTP packets and sets thresholds and correspondingSNMP traps to catch excessive lost probes. To configure these RPM probes:1

End User License AgreementREAD THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING,INS

When you configure local user templates and a user logs in, the JUNOS softwareissues a request to the authentication server to authenticate the user&a

Table 141: Configuring Basic RPM Probes (continued)CLI Configuration EditorJ-Web Configuration EditorTask1.From the [edit] hierarchy level, enteredit

Table 141: Configuring Basic RPM Probes (continued)CLI Configuration EditorJ-Web Configuration EditorTask1.From the [edit] hierarchy level, enteredit

packets to the forwarding plane. Classified packets are sent to the output queue onthe output interface specified by the CoS scheduler map configured

Table 142: Configuring TCP and UDP Probes (continued)CLI Configuration EditorJ-Web Configuration EditorTask1.From the [edit] hierarchy level, enteredi

Table 142: Configuring TCP and UDP Probes (continued)CLI Configuration EditorJ-Web Configuration EditorTaskEnterset probe-server udp port 500371.Next

Table 143: Tuning RPM Probes (continued)CLI Configuration EditorJ-Web Configuration EditorTaskEnterset probe-interval 15In the Probe interval box, typ

To check the configuration, see “Verifying an RPM Configuration” on page 285.Table 144: Configuring RPM Probes to Monitor BGP NeighborsCLI Configura

Directing RPM Probes to Select BGP RoutersIf a Services Router has a large number of BGP neighbors configured, you can direct(filter) the RPM probes t

Verifying RPM ServicesPurpose Verify that the RPM configuration is within the expected values.Action From configuration mode in the CLI, enter the sho

Minimum Rtt: 1093 usec, Maximum Rtt: 1372 usec, Average Rtt: 1231 usec, Jitter Rtt: 279 usec, Stddev Rtt: 114 usec Probes sent: 3, Probes re

To cancel your entries and return to the Users Quick Configuration page,click Cancel.Table 8: Users Quick Configuration for RADIUS Servers SummaryYo

Verifying RPM Probe ServersPurpose Verify that the Services Router is configured to receive and transmit TCP and UDPRPM probes on the correct ports.Ac

Part 5Index Index on page 291Index 289

290 IndexJ-series™ Services Router Administration Guide

IndexSymbols#, comments in configuration statements...xviii( ), in syntax descriptions...xviii.gz

Alarms Summary page...174alert logging severity...158alias,

change-log logging facility...157CHAP (Challenge Handshake Authentication Protocol),enabling on dialer interfac

CPU usagePIM (in FPC summary)...113CPU usage, displaying...109crash

SNMP health monitor...49system logs...155system operati

event policiesCommon Criteria information...89configuration editor...95overview

overriding for SNMP (Quick Configuration)...51pinging (CLI)...230pinging (J-Web)...

Table 9: Users Quick Configuration for TACACS+ Servers SummaryYour ActionFunctionFieldTACACS+ ServerType the TACACS+ server’s 32-bit IP address, indot

JUNOS Internet softwarerelease notes, URL...xvJUNOS softwareautoinstallation...

diagnosing problems from...210monitoring from...102recovering root passwo

system logs...244system process information...110system properties.

Ppacket captureconfiguring...259configuring (J-Web)...

Ping Host page...216field summary...216result

secret (configuration editor)...13secret (Quick Configuration)...9specifying for authen

overview...268See also RPM probespreparation...

serial numberchassis components...113Services Router...107ser

show system services dhcp bindingcommand...76, 143explanation...

RPM, monitoring...145RPM, verifying...286statusadminist

Adding New UsersYou can use the Users Quick Configuration page for user information to add newusers to a Services Router. For each account, you define

telnet command...25options...25

upgradesdownloading...181installing (CLI)...184i

versionhardware, displaying...112PPPoE, information about...150software, displ

Table 10: Add a User Quick Configuration Page Summary (continued)Your ActionFunctionFieldType the login password for this user. The login password mus

4. Go on to one of the following procedures: To specify a system authentication order, see “Configuring AuthenticationOrder” on page 15. To configur

To configure TACACS+ authentication:1. Navigate to the top of the configuration hierarchy in either the J-Web or CLIconfiguration editor.2. Perform th

Configuring Authentication OrderThe procedure provided in this section configures the Services Router to attemptuser authentication with the local pas

Controlling User AccessThis section contains the following topics: Defining Login Classes on page 16 Creating User Accounts on page 17Defining Login

Table 14: Defining Login Classes (continued)CLI Configuration EditorJ-Web Configuration EditorTaskSet the name of the login class andthe ability to us

7. Ownership. Juniper and Juniper's licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to t

To create user accounts:1. Navigate to the top of the configuration hierarchy in either the J-Web or CLIconfiguration editor.2. Perform the configurat

Creating a Remote Template AccountYou can create a remote template that is applied to users authenticated by RADIUSor TACACS+ that do not belong to a

Creating a Local Template AccountYou can create a local template that is applied to users authenticated by RADIUS orTACACS+ that are assigned to the l

Recovering the Root PasswordIf you forget the root password for the router, you can use the password recoveryprocedure to reset the root password.NOTE

Figure 6: Connecting to the Console Port on the J4350 or J6350 Services Router6. Turn on the power to the management device.7. On the management devic

12.At the following prompt, enter recovery to start the root password recoveryprocedure.Enter full pathname of shell or 'recovery' for root

In a Common Criteria environment, you must disable the console port. For moreinformation, see the Secure Configuration Guide for Common Criteria andJU

To escape from the Telnet session to the Telnet command prompt, press Ctrl-]. Toexit from the Telnet session and return to the CLI command prompt, ent

Table 20: CLI ssh Command Options (continued)DescriptionOptionOpen an SSH connection to a host on the specified interface. If you do not include thiso

Table 21: Configuring Password Retry Limits for Telnet and SSH AccessCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchyle

Abbreviated Table of ContentsAbout This Guide xvPart 1 Configuring a Services Router for AdministrationChapter 1 Managing User Authentication and Acce

28 Configuring Password Retry Limits for Telnet and SSH AccessJ-series™ Services Router Administration Guide

Chapter 2Setting Up USB Modems for RemoteManagementJ-series Services Routers support the use of USB modems for remote management.You can use Telnet or

Table 22: USB Modem TerminologyDefinitionTermTelephone number of the caller on the remote end of a USB modemconnection, used to dial in and also to id

The dialer interface must be configured to use PPP encapsulation. You cannotconfigure Cisco High-Level Data Link Control (HDLC) or Multilink PPP (ML

Table 23: J-series Default Modem Initialization Commands (continued)DescriptionModem CommandDisables data compression.%C0When the Services Router appl

Before You BeginBefore you configure USB modems, you need to perform the following tasks: Install Services Router hardware. For more information, see

1. Navigate to the top of the interfaces configuration hierarchy in either the J-Webor CLI configuration editor.2. Perform the configuration tasks des

Configuring a Dialer Interface (Required)The dialer interface (dl) is a logical interface configured to establish USB modemconnectivity. You can confi

Table 26: Adding a Dialer Interface to a Services Router (continued)CLI Configuration EditorJ-Web Configuration EditorTask1.Enteredit unit 02.Enterset

3. If you are finished configuring the router, commit the configuration.4. To verify that the network interface is configured correctly, see “Verifyin

vi J-series™ Services Router Administration Guide

1. Navigate to the top of the configuration hierarchy in either the J-Web or CLIconfiguration editor.2. Perform the configuration tasks described in T

Connecting to the Services Router from the User EndNOTE: These instructions describe connecting to the Services Router from a remotePC or laptop compu

The Connect USB-modem-connect page is displayed.11. If CHAP is configured on the dialer interface used for the USB modem interfaceat the router end, t

Modifying USB Modem Initialization CommandsNOTE: These instructions use Hayes-compatible modem commands to configure themodem. If your modem is not Ha

Table 29: Modifying USB Modem Initialization Commands (continued)CLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit interfaces umd0]

Verifying a USB Modem InterfacePurpose Verify that the USB modem interface is correctly configured and display the statusof the modem.Action From the

In the J-Web configuration editor, clear the Disable check box on theInterfaces>interface-name page. The physical link is Up. A link state of Do

Link flags : Keepalives Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unsp

The physical interface is Enabled. If the interface is shown as Disabled, do eitherof the following: In the CLI configuration editor, delete the di

Chapter 3Configuring SNMP for NetworkManagementThe Simple Network Management Protocol (SNMP) enables the monitoring of networkdevices from a central l

Table of ContentsAbout This Guide xvObjectives ...x

Communication between the agent and the manager occurs in one of the followingforms: Get, GetBulk, and GetNext requests—The manager requests informat

clients, you can control exactly which SNMP managers have access to a particularagent.SNMP TrapsThe get and set commands that SNMP uses are useful for

sampling interval is greater than this threshold, the SNMP health monitor generatesan alarm. After the falling alarm, the health monitor cannot genera

To apply the configuration and stay on the Quick Configuration page forSNMP, click Apply. To apply the configuration and return to the Quick Config

Table 30: SNMP Quick Configuration Summary (continued)Your ActionFunctionField To generate traps for authenticationfailures, select Authentication. T

Table 30: SNMP Quick Configuration Summary (continued)Your ActionFunctionFieldSelect the check box to enable the healthmonitor and configure options.

Configuring SNMP with a Configuration EditorTo configure SNMP on a Services Router, you must perform the following tasksmarked (Required). For informa

Table 32: Configuring Basic System Identification (continued)CLI Configuration EditorJ-Web Configuration EditorTaskSet the contact information:set con

Table 33: Configuring SNMP Agents and CommunitiesCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchy level, enteredit snmp

3. If you are finished configuring the network, commit the configuration.4. To check the configuration, see “Verifying the SNMP Configuration” on page

Accessing Remote Devices with the CLI ...24Using the telnet Command ...

Table 35: Configuring SNMP ViewsCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchy level,enteredit snmp1.In the J-Web int

Get requests: 44942, Get nexts: 190371, Set requests: 10712, Get responses: 0, Traps: 0, Silent drops: 0, Proxy drops: 0, Commit pending dro

Interface daemon 3340 active SNMP daemon 4412 active MIB2 daemon

rising threshold crossed—Variable value has crossed the upper thresholdlimit.Verify that any rising threshold values are greater than the configured

62 Verifying SNMP Health Monitor ConfigurationJ-series™ Services Router Administration Guide

Chapter 4Configuring the Router as a DHCP ServerA Dynamic Host Configuration Protocol (DHCP) server can automatically allocate IPaddresses and also de

Table 36: DHCP TermsDefinitionTermCollection of configuration parameters, including at least an IP address, assigned by a DHCPserver to a DHCP client.

Store, manage, and provide client configuration parameters.As a DHCP server, a Services Router can provide temporary IP addresses from anIP address

DHCP is not supported on interfaces that are part of a virtual private network (VPN).Before You BeginBefore you begin configuring the Services Router

Figure 8: DHCP Quick Configuration Main PageConfiguring the DHCP Server with Quick Configuration 67Chapter 4: Configuring the Router as a DHCP Serve

Chapter 4 Configuring the Router as a DHCP Server 63DHCP Terms ...

Figure 9: DHCP Quick Configuration Pool Page68 Configuring the DHCP Server with Quick ConfigurationJ-series™ Services Router Administration Guide

Figure 10: DHCP Quick Configuration Static Binding PageTo configure the DHCP server with Quick Configuration:1. In the J-Web interface, select Configu

3. Enter information into the DHCP Quick Configuration pages, as described inTable 37 on page 70.4. Click one of the following buttons on the DHCP Qui

Table 37: DHCP Server Quick Configuration Pages Summary (continued)Your ActionFunctionFieldType the IP address of the Services Router. Ifyou do not sp

Table 37: DHCP Server Quick Configuration Pages Summary (continued)Your ActionFunctionFieldDo either of the following: To add an IP address, type it n

Table 38: Sample DHCP Server Configuration Settings (continued)Sample Value or ValuesSettings192.168.2.0/24Address pool subnet address192.168.2.254Hig

Table 39: Configuring the DHCP ServerCLI Configuration EditorJ-Web Configuration EditorTaskFrom the [edit] hierarchy level, enteredit system services

Table 39: Configuring the DHCP Server (continued)CLI Configuration EditorJ-Web Configuration EditorTaskSet the DNS server IP address:set pool 192.168.

[edit]user@host# show system services dhcppool 192.168.2.0/24 {address-range low 192.168.2.2 high 192.168.2.254;exclude-address {192.168.2.33;}maximum

IP Address Hardware Address Type Lease expires at192.168.2.2 02:04:06:08:0A:0C dynamic 2005-02-07 8:48:59 PDT192.168.2.50 01:03:0