Main
J-series Services Router
Administration Guide
Release 9.1
ii
End User License Agreement
iii
iv
Abbreviated Table of Contents
Page
Table of Contents
Part 1 Configuring a Services Router for Administration
Page
Page
Part 2 Monitoring a Services Router
Part 3 Managing Services Router Software
Part 4 Diagnosing Performance and Network Problems
Page
Part 5 Index
About This Guide
Objectives
Audience
How to Use This Guide
To monitor, diagnose, and manage a router, use the J-Web interface or CLI operational mode commands.
Document Conventions
Table 2 on page xvii defines the notice icons used in this guide.
Table 2: Notice Icons
Table 3 on page xvii defines the text and syntax conventions used in this guide.
Table 3: Text and Syntax Conventions
Related Juniper Networks Documentation
xviii
Table 4: J-series Guides and Related JUNOS Software Publications
Table 4: J-series Guides and Related JUNOS Software Publications (continued)
xx
Documentation Feedback
Requesting Technical Support
Page
Part 1
Configuring a Services Router for Administration
Page
Chapter 1
Managing User Authentication and Access
User Authentication Terms
User Authentication Overview
User Authentication
User Accounts
Login Classes
Permission Bits
Table 7: Permission Bits for Login Classes
6
Table 7: Permission Bits for Login Classes (continued)
Denying or Allowing Individual Commands
Template Accounts
Managing User Authentication with Quick Configuration
Adding a RADIUS Server for Authentication
Adding a TACACS+ Server for Authentication
Configuring System Authentication
Adding New Users
Managing User Authentication with a Configuration Editor
Setting Up RADIUS Authentication
Setting Up TACACS+ Authentication
Page
Configuring Authentication Order
Controlling User Access
Defining Login Classes
Creating User Accounts
To create user accounts:
Setting Up Template Accounts
18
Creating a Remote Template Account
Creating a Local Template Account
Recovering the Root Password
Page
Securing the Console Port
1.
2. 3. 4.
1.
Accessing Remote Devices with the CLI
Using the telnet Command
You can use the CLI telnet command to open a Telnet session to a remote device:
24
Table 19: CLI telnet Command Options
Using the ssh Command
Table 20: CLI ssh Command Options
Configuring Password Retry Limits for Telnet and SSH Access
Table 21: Configuring Password Retry Limits for Telnet and SSH Access
2. 3.
5.
4.
3.
Page
Chapter 2
Setting Up USB Modems for Remote Management
USB Modem Terms
USB Modem Overview
USB Modem Interfaces
How a Services Router Initializes USB Modems
USB Modem Connection and Configuration Overview
Connecting the USB Modem to the Services Router's USB Port
Configuring USB Modem Interfaces with a Configuration Editor
Configuring a USB Modem Interface (Required)
1. Navigate to the top of the interfaces configuration hierarchy in either the J-Web
or CLI configuration editor.
2.
1.
2.
1.
Configuring a Dialer Interface (Required)
or CLI configuration editor.
Configuring Dial-In (Required)
USB Modem Configuration on page 42.
Table 27: Configuring the Dialer Interface for Dial-In
2. 3.
3.
Configuring CHAP on Dialer Interfaces (Optional)
Configuration on page 42.
38
Connecting to the Services Router from the User End
Configuring a Dial-Up Modem Connection at the User End
Connecting to the Services Router from the User End
Administering USB Modems
Modifying USB Modem Initialization Commands
Table 29: Modifying USB Modem Initialization Commands (continued)
1.
2.
Resetting USB Modems
1. Enter operational mode in the CLI. 2. To reset the USB modem, enter the following command:
Verifying the USB Modem Configuration
To verify a USB modem configuration, perform the following tasks:
42
Verifying a USB Modem Interface
Chapter 2: Setting Up USB Modems for Remote Management
Purpose Verify that the USB modem interface is correctly configured and display the status
of the modem.
Action From the CLI, enter the show interfaces extensive command.
Verifying Dialer Interface Configuration
Meaning The output shows a summary of dialer interface information. Verify the following
Chapter 2: Setting Up USB Modems for Remote Management
information:
Verifying Dialer Interface Configuration 45
Page
Chapter 3
Configuring SNMP for Network Management
SNMP Architecture
Management Information Base
SNMP Communities
SNMP Traps
Spoofing SNMP Traps
SNMP Health Monitor
Configuring SNMP with Quick Configuration
SNMP, click Apply.
click OK.
click Cancel.
Table 30: SNMP Quick Configuration Summary (continued)
1.
52
Table 30: SNMP Quick Configuration Summary (continued)
Configuring SNMP with a Configuration Editor
Defining System Identification Information (Required)
Configuring SNMP Agents and Communities (Required)
Table 33: Configuring SNMP Agents and Communities
2.
1. 2.
1.
Managing SNMP Trap Groups (Required)
2. To configure SNMP trap groups, perform the configuration tasks described in
Table 34 on page 57.
56
Controlling Access to MIBs (Optional)
Table 35 on page 58.
Table 35: Configuring SNMP Views
1.
2.
Verifying the SNMP Configuration
To verify the SNMP configuration, perform the following verification task.
Verifying SNMP Agent Configuration
Purpose Verify that SNMP is running and that requests and traps are being properly
transmitted.
Verifying SNMP Health Monitor Configuration
Meaning The output shows a summary of SNMP health monitor alarms and corresponding
log entries:
limit.
60
Page
Page
Chapter 4
Configuring the Router as a DHCP Server
DHCP Terms
Table 36: DHCP Terms
DHCP Overview
64
DHCP Options
Compatibility with Autoinstallation
Conflict Detection and Resolution
Interface Restrictions
Configuring the DHCP Server with Quick Configuration
Page
Page
Page
3. Enter information into the DHCP Quick Configuration pages, as described in
Table 37 on page 70.
4. Click one of the following buttons on the DHCP Quick Configuration page:
OK.
Cancel.
5. Go on to one of the following procedures:
Table 37: DHCP Server Quick Configuration Pages Summary (continued)
Configuring the DHCP Server with a Configuration Editor
Table 38: Sample DHCP Server Configuration Settings (continued)
To configure the Services Router as a DHCP server for a subnet and a single client:
Configuration on page 75.
74
Table 39: Configuring the DHCP Server (continued)
1.
2.
1. 2. 3.
Verifying a DHCP Server Configuration
To verify a DHCP server configuration, perform the following tasks:
Displaying a DHCP Server Configuration
Purpose Verify the configuration of a DHCP server. Action From the J-Web interface, select
Verifying the DHCP Binding Database
Verifying DHCP Server Operation
Page
Displaying DHCP Statistics
Page
Chapter 5
Configuring Autoinstallation
Autoinstallation Terms
Autoinstallation Overview
Supported Autoinstallation Interfaces and Protocols
Typical Autoinstallation Process on a New Services Router
Page
Configuring Autoinstallation with a Configuration Editor
Table 42: Configuring Autoinstallation
2.
1.
2.
Verifying Autoinstallation
To verify that a Services Router is configured for autoinstallation, perform the following task.
Verifying Autoinstallation Status
Purpose Display the status of the autoinstallation feature on a Services Router.
86
displayed are correct for the Services Router when it is deployed on the network.
Verifying Autoinstallation Status 87
Page
Chapter 6
Automating Network Operations and Troubleshooting
Defining and Enforcing Configuration Rules with Commit Scripts
Commit Script Overview
Enabling Commit Scripts
Disabling Commit Scripts
Automating Network Management and Troubleshooting with Operation Scripts
Operation Script Overview
Enabling Operation Scripts
Executing Operation Scripts
Disabling Operation Scripts
Running Self-Diagnostics with Event Policies
Event Policy Overview
Configuring Event Policies
Table 45: Configuring Event Policies
2.
4.
96
Page
Page
Part 2
Monitoring a Services Router
Page
Chapter 7
Monitoring the Router and Routing Operations
Monitoring Terms
Monitoring Overview
Monitoring Tools Overview
Page
104
Filtering Command Output
Page
Using the Monitoring Tools
Monitoring System Properties
108
Page
Monitoring System Process Information
show system processes commands.
Table 49 on page 110 summarizes the output fields in the system process information
Table 49: Summary of System Process Information Output Fields
110
Monitoring the Chassis
Table 50: Summary of Key Chassis Output Fields (continued)
112
Table 50: Summary of Key Chassis Output Fields (continued)
Monitoring the Interfaces
Table 51 on page 114 summarizes key output fields in interfaces displays.
Table 51: Summary of Key Interfaces Output Fields
114
Table 51: Summary of Key Interfaces Output Fields (continued)
Monitoring Routing Information
The J-Web interface provides information about routing tables and routing protocols.
Monitoring Route Information
Table 52 on page 116 summarizes key output fields in the routing information display.
Table 52: Summary of Key Routing Information Output Fields
116
Table 52: Summary of Key Routing Information Output Fields (continued)
Monitoring BGP Routing Information
Table 53 on page 117 summarizes key output fields in the BGP routing display.
Table 53: Summary of Key BGP Routing Output Fields
Table 53: Summary of Key BGP Routing Output Fields (continued)
118
Table 53: Summary of Key BGP Routing Output Fields (continued)
Monitoring OSPF Routing Information
Table 54 on page 119 summarizes key output fields in the OSPF routing display.
Table 54: Summary of Key OSPF Routing Output Fields
Table 54: Summary of Key OSPF Routing Output Fields (continued)
Monitoring RIP Routing Information
Table 55 on page 120 summarizes key output fields in the RIP routing display.
Table 55: Summary of Key RIP Routing Output Fields
120
Table 55: Summary of Key RIP Routing Output Fields (continued)
Monitoring DLSw Routing Information
Table 56 on page 121 summarizes key routing information output fields in the DLSw routing display.
Table 56: Summary of Key DLSw Routing Information Output Fields
Table 56: Summary of Key DLSw Routing Information Output Fields (continued)
122
Monitoring Class-of-Service Performance
Monitoring CoS Interfaces
Table 57: Summary of Key CoS Interfaces Output Fields
Monitoring CoS Classifiers
show class-of-service classifier
Table 58 on page 124 summarizes key output fields for CoS classifiers.
Table 58: Summary of Key CoS Classifier Output Fields
124
Monitoring CoS Value Aliases
show class-of-service code-point-aliases
Table 59 on page 126 summarizes key output fields for CoS value aliases.
Table 59: Summary of Key CoS Value Alias Output Fields
Monitoring CoS RED Drop Profiles
show class-of-service drop-profile
Table 60 on page 126 summarizes key output fields for CoS RED drop profiles.
Table 60: Summary of Key CoS RED Drop Profile Output Fields
126
Monitoring CoS Forwarding Classes
show class-of-service forwarding-class
Table 61 on page 128 summarizes key output fields for CoS forwarding classes.
Table 61: Summary of Key CoS Forwarding Class Output Fields
Monitoring CoS Rewrite Rules
show class-of-service rewrite-rules
Table 62 on page 128 summarizes key output fields for CoS rewrite rules.
Table 62: Summary of Key CoS Rewrite Rules Output Fields
128
Monitoring CoS Scheduler Maps
show class-of-service scheduler-map
Table 63 on page 129 summarizes key output fields for CoS scheduler maps.
Table 63: Summary of Key CoS Scheduler Maps Output Fields
Table 63: Summary of Key CoS Scheduler Maps Output Fields (continued)
Monitoring MPLS Traffic Engineering Information
130
Monitoring MPLS Interfaces
Monitoring MPLS LSP Information
Table 65: Summary of Key MPLS LSP Information Output Fields (continued)
Monitoring MPLS LSP Statistics
show mpls lsp statistics
132
Table 66: Summary of Key MPLS LSP Statistics Output Fields
Monitoring RSVP Session Information
show rsvp session
Table 67 on page 133 summarizes key output fields in the RSVP session information
Table 67: Summary of Key RSVP Session Information Output Fields
Table 67: Summary of Key RSVP Session Information Output Fields (continued)
Monitoring MPLS RSVP Interfaces Information
show rsvp interface
Table 68 on page 134 summarizes key output fields in the RSVP interfaces information
Table 68: Summary of Key RSVP Interfaces Information Output Fields
134
Monitoring Service Sets
Table 69: Summary of Key Service Set Output Fields
Monitoring Firewalls
136
Monitoring Stateful Firewall Statistics
services stateful-firewall statistics.
Table 70 on page 137 summarizes key output fields for stateful firewall filter statistics.
Table 70: Summary of Key Stateful Firewall Statistics Output Fields
Table 70: Summary of Key Stateful Firewall Statistics Output Fields (continued)
Monitoring Stateful Firewall Filters
Table 71 on page 138 summarizes key output fields for stateful firewall filters.
Table 71: Summary of Key Stateful Firewall Filters Output Fields
138
Monitoring Firewall Intrusion Detection Services (IDS)
Table 73 on page 140 summarizes key output fields for stateful firewall filter intrusion detection.
Table 73: Summary of Key Firewall IDS Output Fields
Monitoring IPSec Tunnels
Table 74 on page 140 summarizes key output fields in IPSec displays.
Table 74: Summary of Key IPSec Output Fields
140
Page
Table 74: Summary of Key IPSec Output Fields (continued)
Monitoring NAT Pools
142
Table 75 on page 143 summarizes key output fields in NAT displays.
Monitoring DHCP
In addition, you can display the globally configured DHCP settings by using the
Table 76 on page 143 summarizes the output fields in DHCP displays.
Table 76: Summary of DHCP Output Fields (continued)
144
Monitoring RPM Probes
Table 77: Summary of Key RPM Output Fields (continued)
146
Table 77: Summary of Key RPM Output Fields (continued)
Monitoring PPP
Monitoring PPPoE
Page
150
Monitoring the TGM550 Media Gateway (VoIP)
Table 79 on page 152 summarizes key output fields in media gateway information displays.
Table 79: Summary of Key Media Gateway Information Output Fields
152
Page
Page
Chapter 8
Monitoring Events and Managing System Log Files
System Log Message Terms
Table 80: System Log Message Terms (continued)
System Log Messages Overview
protocol adjacency or a user login into the configuration database
unexpected closure of a connection to a child or peer process
temperature
156
System Log Message Destinations
System Log Facilities and Severity Levels
Regular Expressions
Table 83: Common Regular Expression Operators and the Terms They Match
Before you begin configuring and monitoring system log messages, complete the following tasks:
Access Configuration Guide.
Configuring System Log Messages with a Configuration Editor
Sending System Log Messages to a File
Sending System Log Messages to a User Terminal
Archiving System Logs
Disabling System Logs
Monitoring System Log Messages with the J-Web Event Viewer
Filtering System Log Messages
Table 86: Filtering System Log Messages (continued)
Viewing System Log Messages
Table 87: Viewing System Log Messages
164
Chapter 9
Configuring and Monitoring Alarms
Alarm Terms
Alarm Overview
Alarm Types
Alarm Severity
Alarm Conditions
Interface Alarm Conditions
Table 89: Interface Alarm Conditions
168
Page
Table 89: Interface Alarm Conditions (continued)
Chassis Alarm Conditions and Corrective Actions
170
Table 90: Chassis Alarm Conditions and Corrective Actions
System Alarm Conditions and Corrective Actions
Configuring Alarms with a Configuration Editor
Page
Table 92: Configuring Interface Alarms (continued)
1.
2.
3.
Checking Active Alarms
Figure 13: J-Web View Alarms Summary Page
ERROR: Unresolved graphic fileref="s020252.gif" not found in
Table 93 on page 174 summarizes the output fields on the alarms page.
Table 93: Summary of Key Alarm Output Fields
Verifying the Alarms Configuration
To verify alarms configuration, perform the following task.
Displaying Alarm Configurations
Purpose Verify the configuration of the alarms. Action From the J-Web interface, select
[edit] user@host# show chassis alarms t3 {
Page
Page
Page
Chapter 10
Performing Software Upgrades and Reboots
Upgrade and Downgrade Overview
Upgrade Software Packages
Recovery Software Packages
Downloading Software Upgrades from Juniper Networks
Installing Software Upgrades with the J-Web Interface
Installing Software Upgrades from a Remote Server
Table 95: Install Remote Summary
Installing Software Upgrades by Uploading Files
Figure 15: Upload Package Page
ERROR: Unresolved graphic fileref="s020260.gif" not found in
To install software upgrades by uploading files:
1. Download the software package as described in Downloading Software Upgrades
Installing Software Upgrades with the CLI
Downgrading the Software
Downgrading the Software with the J-Web Interface
Downgrading the Software with the CLI
Configuring Boot Devices
Configuring a Boot Device for Backup with the J-Web Interface
Figure 16 on page 187 shows the Snapshot page.
Figure 16: Snapshot Page
ERROR: Unresolved graphic fileref="s020261.gif" not found in
To create a boot device:
Table 97 on page 187.
188
Configuring a Boot Device for Backup with the CLI
Table 98: CLI request system snapshot Command Options
Configuring a Boot Device to Receive Software Failure Memory Snapshots
Recovering Primary Boot Devices
Why Compact Flash Recovery Might Be Necessary
Recommended Recovery Hardware and Software
Table 100: Recommended Recovery Hardware and Software
Configuring Internal Compact Flash Recovery
192
Page
Rebooting or Halting a Services Router
Rebooting or Halting a Services Router with the J-Web Interface
Rebooting a Services Router with the CLI
Table 101: CLI Request System Reboot Command Options (continued)
Halting a Services Router with the CLI
You can use the request system halt CLI command to halt the Services Router:
Table 102: CLI Request System Halt Command Options
196
Table 102: CLI Request System Halt Command Options (continued)
Page
Chapter 11
Managing Files
Managing Files with the J-Web Interface
Cleaning Up Files
Downloading Files
Deleting the Backup Software Image
Cleaning Up Files with the CLI
Managing Accounting Files
Encrypting and Decrypting Configuration Files
Encrypting Configuration Files
Decrypting Configuration Files
Modifying the Encryption Key
Page
Page
Page
Chapter 12
Using Services Router Diagnostic Tools
Diagnostic Terms
Diagnostic Tools Overview
J-Web Diagnostic Tools Overview
CLI Diagnostic Commands Overview
Table 106: CLI Diagnostic Command Summary
212
MPLS Connection Checking
Table 107: Options for Checking MPLS Connections (continued)
214
General Preparation
Ping MPLS Preparation
MPLS Enabled
Loopback Address
Source Address for Probes
Pinging Hosts from the J-Web Interface
Using the J-Web Ping Host Tool
Table 108: J-Web Ping Host Field Summary (continued)
Figure 21: Ping Host Results Page
ERROR: Unresolved graphic fileref="s020254.gif" not found in
Ping Host Results and Output Summary
Checking MPLS Connections from the J-Web Interface
Using the J-Web Ping MPLS Tool
220
Page
Ping MPLS Results and Output
Table 111: J-Web Ping MPLS Results and Output Summary
222
Tracing Unicast Routes from the J-Web Interface
Using the J-Web Traceroute Tool
5. To stop the traceroute operation before it is complete, click OK while the results
of the traceroute operation are being displayed.
Figure 23: Traceroute Page
ERROR: Unresolved graphic fileref="s020256.gif" not found in
Table 112: Traceroute Field Summary
224
Traceroute Results and Output Summary
Capturing and Viewing Packets with the J-Web Interface
Using J-Web Packet Capture
Figure 24: Packet Capture Page
ERROR: Unresolved graphic fileref="s020267.gif" not found in
Table 114: Packet Capture Field Summary
1. 2. 3. 4.
1. 2.
Table 114: Packet Capture Field Summary (continued)
228
Table 114: Packet Capture Field Summary (continued)
Packet Capture Results and Output Summary
Figure 25: Packet Capture Results Page
ERROR: Unresolved graphic fileref="s020268.gif" not found in
Table 115: J-Web Packet Capture Results and Output Summary
Using CLI Diagnostic Commands
Pinging Hosts from the CLI
Table 116: CLI ping Command Options (continued)
Checking MPLS Connections from the CLI
Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs
Pinging Layer 3 VPNs
Pinging Layer 2 VPNs
Table 119: CLI ping mpls l2vpn Command Options
Following is sample output from a ping mpls l2vpn command:
Pinging Layer 2 Circuits
Tracing Unicast Routes from the CLI
Using the traceroute Command
Table 121: CLI traceroute Command Options (continued)
Following is sample output from a traceroute command:
Using the traceroute monitor Command
238
To quit the traceroute monitor command, press Q.
Table 122: CLI traceroute monitor Command Options
Following is sample output from a traceroute monitor command:
Table 123 on page 240 summarizes the output fields of the display.
Table 123: CLI traceroute monitor Command Output Summary
Tracing Multicast Routes from the CLI
Use CLI mtrace commands to trace information about multicast paths. The
from-source command displays information about a multicast path from a source to 240
Using the mtrace from-source Command
Table 124: CLI mtrace from-source Command Options
Table 124: CLI mtrace from-source Command Options (continued)
DescriptionOption (Optional) Forces the responses to use multicast.
multicast-response
Following is sample output from the mtrace from-source command:
242
Table 125: CLI mtrace from-source Command Output Summary
Using the mtrace monitor Command
To monitor and display multicast trace operations, enter the mtrace monitor command:
Displaying Log and Trace Files from the CLI
Monitoring Interfaces and Traffic from the CLI
Using the monitor interface Command
Table 128: CLI monitor interface traffic Output Control Keys (continued)
ActionKey Displays the Delta column instead of the rate columnin bps or packets per second (pps).
r
Using the monitor traffic Command
246
Table 129: CLI monitor traffic Command Options
Page
Page
Table 130: CLI monitor traffic Match Conditions (continued)
Table 131: CLI monitor traffic Logical Operators
Table 132: CLI monitor traffic Arithmetic, Binary, and Relational Operators
250
Table 132: CLI monitor traffic Arithmetic, Binary, and Relational Operators (continued)
DescriptionOperator A match occurs if the first expression is not equal to the second.
Following is sample output from the monitor traffic command:
Page
Chapter 13
Configuring Packet Capture
Packet Capture Terms
Table 133: Packet Capture Terms
1.
2.
Packet Capture Overview
Packet capture is used by network administrators and security engineers for the following purposes:
254
Packet Capture on Router Interfaces
Firewall Filters for Packet Capture
Packet Capture Files
Analysis of Packet Capture Files
Configuring Packet Capture with a Configuration Editor
Enabling Packet Capture (Required)
Table 134: Enabling Packet Capture
2.
3.
258
Configuring Packet Capture on an Interface (Required)
Capture (Optional) on page 259.
Configuring a Firewall Filter for Packet Capture (Optional)
To configure a firewall filter and apply it to the logical interface:
260
Disabling Packet Capture
Deleting Packet Capture Files
Changing Encapsulation on Interfaces with Packet Capture Configured
Verifying Packet Capture
Displaying a Packet Capture Configuration
Displaying a Firewall Filter for Packet Capture Configuration
Verifying Captured Packets
that supports libpcap format.
Page
Chapter 14
Configuring RPM Probes
RPM Terms
RPM Overview
RPM Probes
RPM Tests
Probe and Test Intervals
Jitter Measurement with Hardware Timestamping
RPM Statistics
Table 139: RPM Statistics
270
RPM Thresholds and Traps
RPM for BGP Monitoring
Configuring RPM with Quick Configuration
Page
Page
274
Page
Configuring RPM with a Configuration Editor
Configuring Basic RPM Probes
Probes on page 279.
278
Configuring TCP and UDP Probes
Page
Page
Tuning RPM Probes
282
Configuring RPM Probes to Monitor BGP Neighbors
Configuring RPM Probes for BGP Monitoring
Table 144: Configuring RPM Probes to Monitor BGP Neighbors
2.
4.
284
Directing RPM Probes to Select BGP Routers
Verifying an RPM Configuration
Verifying RPM Services
Meaning The output shows the values that are configured for RPM on the Services Router.
Verifying RPM Statistics
Purpose Verify that the RPM probes are functioning and that the RPM statistics are within
expected values.
Page
Verifying RPM Probe Servers
Page
Page
Index
Symbols
A
B
C
292
Page
D
294
E
F
G
H
296
I
J
K
L
M
298
Page
N
O
300
P
Q
R
302
Page
S
304
Page
306
T
U
308
V
W
X
Y
310