Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1 User manual

Network and Security

Manager

M-series and MX-series Devices Guide

Release

2010.3

Published: 2010-08-18

Revision 1

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, California 94089

USA

408-745-2000

www.juniper.net

of them is in the public domain.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation

release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s

HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD

L. S. Associates.

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United

States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other

trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,

transfer, or otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are

owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,

6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

Network and Security Manager M-series and MX-series Devices

Writing: Merisha Wazna and Remya Naroth

Editing: Joanne McClintock

Cover Design: Edmonds Design

Revision History

August 2010—Revision 1

The information in this document is current as of the date listed in the revision history.

END USER LICENSE AGREEMENT

READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE.

BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS

CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO

BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED

HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS

REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or

Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred

to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable

license(s) for use of the Software (“Customer”) (collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for

which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by

Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades

and new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniper

equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.

3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer

a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the

following use restrictions:

a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by

Customer from Juniper or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units

for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access

Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space

and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines

(e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single

chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may

specify limits to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent

users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of

separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput,

performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use

of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software.

Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.

d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the

Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not

extend or create an additional trial period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s

enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the

Steel-Belted Radius software to support any commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase

the applicable license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees

not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized

copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the

Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product

in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper

equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted feature, function, service, application, operation, or capability

without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application,

operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the

Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i)

use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that

the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking

of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly

provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper,

Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper.

As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence,

which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software

for Customer’s internal business purposes.

7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to

the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance

of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies

of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty

statement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support

the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services

agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA,

OR COSTSOR PROCUREMENTOF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES

ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER

BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE.

EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY

AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY

IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES

JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT

ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’

or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid

by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by

Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in

reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between

the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same

form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination

of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related

documentation in Customer’s possession or control.

10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from

the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction

shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All

payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in

connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing

Customer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to

be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with

all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any

liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under

this Section shall survive termination or expiration of this Agreement.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any

applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such

restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the

Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without

an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use,

duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS

227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer

with the interface information needed to achieve interoperability between the Software and another independently created program, on

payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use

such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products

or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement,

and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party

software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent

portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such

portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper

will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three

years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA

94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL

at http://www.gnu.org/licenses/lgpl.html .

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws

principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes

arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal

courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer

with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written

(including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an

authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained

herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing

by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity

of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the

Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de

même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that

this Agreement and all related documentation is and will be in the English language)).

Table of Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Part 1 Getting Started

Chapter 1 Getting Started with NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Introduction to Network and Security Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Installing NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Role-Based Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 2 Understanding the JUNOS CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

NSM and Device Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Understanding the CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Comparing the CLI To the NSM UI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

NSM Services Supported for M-series and MX-series Devices . . . . . . . . . . . . . . . . 10

How NSM Works with the CLI and Distributed Data Collection . . . . . . . . . . . . . . . . 11

Device Schemas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Communication Between a Device and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Chapter 3 Before You Begin Adding M-series and MX-series Devices . . . . . . . . . . . . . . 15

M-series and MX-series Devices Supported by NSM . . . . . . . . . . . . . . . . . . . . . . . 15

Considering the Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Configuring a Deployed M-series or MX-series Device for Importing to NSM . . . . 16

Configure an IP Address and a User with Full Administrative Privileges for

the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Check Network Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Check Connectivity to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Configure a Static Route to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Establish a Telnet or an SSHv2, and a NETCONF protocol over SSH

Connection to the NSM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Part 2 Integrating M-series and MX-series Devices

Chapter 4 Adding M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . . . 23

About Device Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Supported Add Device Workflows for M-series and MX-series Devices . . . . . . . . 24

Importing Devices Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Modeling Devices Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Adding Multiple Devices Using Automatic Discovery (JUNOS Software Devices

Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Adding Device Groups Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 29

About Updating M-series and MX-series Devices . . . . . . . . . . . . . . . . . . . . . . . . . 29

How the Update Process Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Job Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Tracking Updated Devices Using Job Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Reviewing Job Information Displayed in Job Manager . . . . . . . . . . . . . . . . . . . . . . 33

Device States Displayed in Job Manager During Update . . . . . . . . . . . . . . . . . . . . 34

Understanding Updating Errors Displayed in the Job Manager . . . . . . . . . . . . . . . 35

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 41

About Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

M-series and MX-series Device Configuration Settings Supported in NSM . . . . . . 42

Configuring Device Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Example: Configuration of Interfaces for MPLS in the CLI and NSM . . . . . . . . . . . 45

Chapter 7 Configuring Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Configuring Address-Assignment Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . 47

Configuring Access Address Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 50

Configuring Access Group Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 51

Configuring the LDAP Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Configuring the LDAP Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Configuring Access Profiles for L2TP or PPP Parameters (NSM Procedure) . . . . 54

Configuring Access Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 55

Configuring Accounting Parameters for Access Profiles (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Configuring the Accounting Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . 56

Configuring the Authentication Order (NSM Procedure) . . . . . . . . . . . . . . . . 57

Configuring the Authorization Order (NSM Procedure) . . . . . . . . . . . . . . . . . . 57

Configuring the L2TP Client (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 58

Configuring the Client Filter Name (NSM Procedure) . . . . . . . . . . . . . . . . . . . 59

Configuring the LDAP Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 60

Configuring the LDAP Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 61

Configuring the Provisioning Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . 62

Configuring RADIUS Parameters for AAA Subscriber Management (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Configuring the RADIUS Parameters (NSM Procedure) . . . . . . . . . . . . . . . . . 66

Configuring the RADIUS for Subscriber Access Management, L2TP, or PPP

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring Session Limit (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Configuring the RADIUS for Subscriber Access Management, L2TP, or PPP (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Configuring the SecurID Server (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 69

M-series and MX-series Devices

Configuring the Access Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Chapter 8 Configuring Accounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Configuring Accounting Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 71

Configuring Class Usage Profiles (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 71

Configuring a Log File (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Configuring the Filter Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 73

Configuring the Interface Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 74

Configuring the Policy Decision Statistics Profile (NSM Procedure) . . . . . . . . 75

Configuring the MIB Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 76

Configuring the Routing Engine Profile (NSM Procedure) . . . . . . . . . . . . . . . . 77

Chapter 9 Configuring Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Configuring the Application and Application Set (NSM Procedure) . . . . . . . . . . . 79

Chapter 10 Configuring Bridge Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Configuring Bridge Domains Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . 81

Configuring a Bridge Domain (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 81

Configuring Layer 2 Learning and Forwarding Properties for a Bridge Domain

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Configuring Forwarding Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 84

Configuring Logical Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 85

Configuring Multicast Snooping Options (NSM Procedure) . . . . . . . . . . . . . . 86

Configuring IGMP Snooping (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 89

Configuring VLAN ID (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Chapter 11 Configuring Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Configuring Aggregated Devices (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 97

Configuring Chassis Alarms (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Configuring Container Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 99

Configuring Chassis FPC (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Configuring a T640 Router on a Routing Matrix (NSM Procedure) . . . . . . . . . . . 105

Configuring Routing Engine Redundancy (NSM Procedure) . . . . . . . . . . . . . . . . . 110

Configuring a Routing Engine to Reboot or Halt on Hard Disk Errors (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Chapter 12 Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Configuring RADIUS Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 113

Configuring TACACS+ Authentication (NSM Procedure) . . . . . . . . . . . . . . . . . . . 114

Configuring Authentication Order (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 115

Configuring User Access (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Configuring Login Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Configuring User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Configuring Template Accounts (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 117

Creating a Remote Template Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Creating a Local Template Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Chapter 13 Configuring Class of Service Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Configuring CoS Classifiers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Configuring CoS Code Point Aliases (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 124

Configuring CoS Drop Profile (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Table of Contents

Configuring CoS Forwarding Classes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 127

Configuring CoS Forwarding Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 129

Configuring CoS Fragmentation Maps (NSM Procedure) . . . . . . . . . . . . . . . . . . . 130

Configuring CoS Host Outbound Traffic (NSM Procedure) . . . . . . . . . . . . . . . . . . 131

Configuring CoS Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Configuring CoS Routing Instances (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 138

Configuring CoS Schedulers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Configuring CoS and Applying Scheduler Maps (NSM Procedure) . . . . . . . . . . . . 141

Configuring CoS Restricted Queues (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 142

Configuring Tracing Operations (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 143

Configuring CoS Traffic Control Profiles (NSM Procedure) . . . . . . . . . . . . . . . . . 144

Configuring CoS Translation Table (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 145

Chapter 14 Configuring Event Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Configuring Destinations for File Archiving (NSM Procedure) . . . . . . . . . . . . . . . . 151

Configuring Event Script (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Generating Internal Events (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Configuring Event Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Configuring Event Policy Tracing Operations (NSM Procedure) . . . . . . . . . . . . . . 157

Chapter 15 Configuring Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Configuring the Firewall Filter for Any Family Type (NSM Procedure) . . . . . . . . . 159

Configuring the Firewall Filter for Bridge Family Type (NSM Procedure) . . . . . . . 161

Configuring the Firewall Filter for Ccc Family Type (NSM Procedure) . . . . . . . . . 163

Configuring Filters for inet Family Type (NSM Procedure) . . . . . . . . . . . . . . . . . . 165

Configuring Firewall Filter for inet Family Type (NSM Procedure) . . . . . . . . . 165

Configuring Prefix-specific Actions (NSM Procedure) . . . . . . . . . . . . . . . . . . 167

Configuring Service Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 168

Configuring Simple Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 169

Configuring Filters for inet6 Family Type (NSM Procedure) . . . . . . . . . . . . . . . . . 170

Configuring Firewall Filter for inet6 Family Type (NSM Procedure) . . . . . . . . 171

Configuring Service Filters for inet6 (NSM Procedure) . . . . . . . . . . . . . . . . . . 173

Configuring the Firewall Filter for MPLS Family Type (NSM Procedure) . . . . . . . 174

Configuring the Firewall Filter for VPLS Family Type (NSM Procedure) . . . . . . . . 177

Configuring a Policer for a Firewall Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Chapter 16 Configuring Forwarding Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

Configuring Accounting Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 183

Configuring the Extended DHCP Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . 185

Configuring Authentication Support for the DHCP Relay Agent (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Configuring Group (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Overriding the Default Configuration Settings for the Extended DHCP Relay

Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Configuring Relay Option 60 Information for Forwarding Client Traffic to

Specific DHCP Servers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 189

Configuring Relay Option 82 for a DHCP Server (NSM Procedure) . . . . . . . 190

Specifying the Name of a Group of DHCP Server Addresses for Use by the

Extended DHCP Relay Agent (NSM Procedure) . . . . . . . . . . . . . . . . . . . 191

M-series and MX-series Devices

Configuring Operations for Extended DHCP Relay Agent Processes (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Specifying Address Family for Filters (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 193

Configuring Load Balancing Using Hash Key (NSM Procedure) . . . . . . . . . . . . . . 194

Configuring Helpers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Configuring a Router or Interface to Act as a Bootstrap Protocol Relay

Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Enabling DNS Request Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Configuring a Port for a DHCP or BOOTP Relay Agent . . . . . . . . . . . . . . . . . 201

Configuring Tracing Operations for BOOTP, DNS, and TFTP Packet

Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Configuring Per-Flow and Per-Prefix Load Balancing (NSM Procedure) . . . . . . 203

Configuring Port Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Chapter 17 Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Configuring Interfaces on the Routing Platform (NSM Procedure) . . . . . . . . . . . 207

Configuring Interface Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 207

Damping Interface Transitions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 208

Configuring Receive Bucket Properties on Interfaces (NSM Procedure) . . . 209

Configuring Tracing Operations of an Individual Router Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Configuring Transmit Leaky Bucket Properties (NSM Procedure) . . . . . . . . . 211

Configuring Logical Interface Properties (NSM Procedure) . . . . . . . . . . . . . . 212

Configuring Logical Unit Properties (NSM Procedure) . . . . . . . . . . . . . . 212

Configuring an IP Demux Underlying Interface (NSM Procedure) . . . . . 213

Configuring the Logical Demux Source Family Type on the IP Demux

Underlying Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 214

Configuring Epd Threshold for the Logical Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Configuring Protocol Family Information for the Logical Interface (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Configuring Protocol Family (Ccc) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Configuring Protocol Family (Inet) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Configuring Protocol Family (Inet6) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Configuring Protocol Family (ISO) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Configuring Protocol Family (MPLS) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

Configuring Protocol Family (TCC) Information for the Logical Interface

(NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Configuring the Traffic Shaping Profile (NSM Procedure) . . . . . . . . . . . . . . . 232

Configuring Interface set on the Routing Platform (NSM Procedure) . . . . . . . . . 234

Configuring Trace Options on the Routing Platform (NSM Procedure) . . . . . . . . 235

Chapter 18 Configuring Multicast Snooping Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Configuring Multicast Snooping Options (NSM Procedure) . . . . . . . . . . . . . . . . . 237

Table of Contents

Chapter 19 Configuring Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Configuring an AS Path in a BGP Routing Policy (NSM Procedure) . . . . . . . . . . . 241

Configuring an AS Path Group in a BGP Routing Policy (NSM Procedure) . . . . . 242

Configuring a Community for use in BGP Routing Policy Conditions(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Configuring a BGP Export Policy Condition (NSM Procedure) . . . . . . . . . . . . . . . 244

Configuring Flap Damping to Reduce the Number of BGP Update Messages(NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Configuring a Routing Policy Statement (NSM Procedure) . . . . . . . . . . . . . . . . . 247

Configuring Prefix List (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Chapter 20 Configuring Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Configuring the BFD Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Configuring BGP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Configuring the ILMI Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 255

Configuring Layer 2 Address Learning and Forwarding Properties (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Configuring Layer 2 Circuit (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Configuring Local Interface Switching (NSM Procedure) . . . . . . . . . . . . . . . 257

Configuring the Neighbor Interface for the Layer 2 Circuit (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Tracing Layer 2 Circuit Creation and Changes (NSM Procedure) . . . . . . . . . 261

Configuring Layer 2 Protocol Tunneling and BPDU Protection (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Configuring Label Distribution Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . 264

Configuring Link Management Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . 275

Configuring MPLS Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Enabling MPLS on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 279

Configuring Administrative Group (NSM Procedure) . . . . . . . . . . . . . . . . . . 282

Configuring Administrative Groups (NSM Procedure) . . . . . . . . . . . . . . . . . 282

Configuring Bandwidth for the Reroute Path (NSM Procedure) . . . . . . . . . . 283

Configuring DiffServ-Aware Traffic Engineering (NSM Procedure) . . . . . . . 284

Configuring MPLS on Interfaces (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 285

Configure a Label Switched Path (LSP) to Use in Dynamic MPLS . . . . . . . . 287

Configuring Label Switched Path (NSM Procedure) . . . . . . . . . . . . . . . 287

Configuring Administrative Group (NSM Procedure) . . . . . . . . . . . . . . . 290

Configuring Automatic Bandwidth Allocation for LSPs (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Configuring Bandwidth for the Reroute Path (NSM Procedure) . . . . . . 292

Configuring Fast Reroute (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 293

Adding LSP-Related Routes to the inet.3 Routing Table (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Configuring MPLS LSPs for GMPLS (NSM Procedure) . . . . . . . . . . . . . 295

Configuring BFD for MPLS IPv4 LSPs (NSM Procedure) . . . . . . . . . . . . 296

Configuring the Primary Point-to-Multipoint LSP (NSM Procedure) . . 298

Configuring Policers for LSPs (NSM Procedure) . . . . . . . . . . . . . . . . . . 299

Configuring Primary Paths for an LSP (NSM Procedure) . . . . . . . . . . . 300

Configuring Secondary Paths for an LSP (NSM Procedure) . . . . . . . . . 305

M-series and MX-series Devices

Configuring System Log Messages and SNMP Traps for LSPs (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Configuring BFD for MPLS IPv4 LSPs (NSM Procedure) . . . . . . . . . . . . . . . . 314

Configuring Named Paths (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 316

Configuring MTU Signaling in RSVPs (NSM Procedure) . . . . . . . . . . . . . . . . 317

Configuring static LSPs on the Ingress Router (NSM Procedure) . . . . . . . . . 318

Configuring MPLS Statistics (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 319

Tracing MPLS Packets and Operations (NSM Procedure) . . . . . . . . . . . . . . 320

Configuring MSDP Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Configuring MSDP on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . 321

Configuring the MSDP Active Source Limit (NSM Procedure) . . . . . . . . . . . 322

Configuring Export Policy (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 323

Configuring MSDP Peer Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Configuring MSDP Peer Group (NSM Procedure) . . . . . . . . . . . . . . . . . 324

Configuring MSDP Peers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 325

Configuring a Routing Table Group with MSDP (NSM Procedure) . . . . 327

Configuring Per-Source Active Source Limit (NSM Procedure) . . . . . . . 328

Configuring MSDP Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . 328

Configuring MSTP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Configuring OSPF (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Configuring RIP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Configuring RIPng Protocol (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Configuring RIPng on the Router (NSM Procedure) . . . . . . . . . . . . . . . . . . . 337

Configuring Graceful Restart for RIPng (NSM Procedure) . . . . . . . . . . . . . . 338

Configuring Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Configuring Group-Specific RIPng Properties (NSM Procedure) . . . . . 339

Applying Policies to Routes Exported by RIPng (NSM Procedure) . . . . . 341

Applying Policies to Routes Imported by RIPng (NSM Procedure) . . . . 341

Configuring RIPng Neighbor Properties . . . . . . . . . . . . . . . . . . . . . . . . . 342

Enable or Disable Receiving of Update Messages (NSM Procedure) . . . . . . 345

Configuring RIPng Send Update Messages (NSM Procedure) . . . . . . . . . . . 345

Configuring RIPng Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 346

Configuring Router Advertisement (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 347

Configuring ICMP Router Discovery (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 350

Configuring RSVP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Configuring VRRP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Configuring VSTP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Chapter 21 Configuring Routing Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Configuring Confederation (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Configuring Dynamic Tunnels (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 363

Configuring Fate Sharing (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Configuring Flow Route (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Configuring Forwarding Table (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 368

Configuring Generated Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 369

Configuring Instance Export (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Configuring Instance Import (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Configuring Interface Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Configuring Martian Addresses (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 373

Table of Contents

Configuring Maximum Paths (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Configuring Maximum Prefixes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 375

Configuring Multicast (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Configuring Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Configuring Routing Tables (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

Configuring Routing Table Groups (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 383

Configuring Source Routing (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Configuring Static Routes (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Configuring Topologies (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Chapter 22 Configuring Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Configuring Authentication Key Updates (NSM Procedure) . . . . . . . . . . . . . . . . 389

Chapter 23 Configuring Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

Configuring Adaptive Services PICs (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 391

Configuring Border Signaling Gateways (NSM Procedure) . . . . . . . . . . . . . . . . . 392

Configuring Gateway Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 392

Configuring Gateway (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 393

Configuring an Admission Controller (NSM Procedure) . . . . . . . . . . . . 393

Configuring Session Policy Decision Function (NSM Procedure) . . . . . 394

Configuring Service Point (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 396

Configuring SIP Policies and Timers (NSM Procedure) . . . . . . . . . . . . . 397

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 407

Configuring Class of Service (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

Configuring Intrusion Detection Service (NSM Procedure) . . . . . . . . . . . . . . . . . . 415

Tracing Services PIC Operations (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 419

Configuring Network Address Translation (NSM Procedure) . . . . . . . . . . . . . . . 420

Configuring PGCP (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Configuring Gateway (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Configuring a Virtual Border Gateway Function on the Router (NSM

Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Configuring Data Inactivity Detection (NSM Procedure) . . . . . . . . . . . . 427

Configuring Gateway Controller (NSM Procedure) . . . . . . . . . . . . . . . . 428

Configuring Graceful Restart (NSM Procedure) . . . . . . . . . . . . . . . . . . . 429

Configuring H248 Options Properties (NSM Procedure) . . . . . . . . . . . . . . . 430

Configuring H248 Options (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 430

Changing Encoding Defaults (NSM Procedure) . . . . . . . . . . . . . . . . . . . 431

Configuring Service Change (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 431

Configuring H248 Properties (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 436

Configuring Application Data Inactivity Detection (NSM Procedure) . . 437

Configuring Base Root (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 437

Configuring Differentiated Services (NSM Procedure) . . . . . . . . . . . . . 440

Configuring Event Timestamp Notification (NSM Procedure) . . . . . . . . 441

Hanging Termination Detection (NSM Procedure) . . . . . . . . . . . . . . . . . 441

Configuring Inactivity Timer (NSM Procedure) . . . . . . . . . . . . . . . . . . . 442

Configuring Notification Behavior (NSM Procedure) . . . . . . . . . . . . . . . 443

Configuring Segmentation (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 444

M-series and MX-series Devices

Configuring Traffic Management (NSM Procedure) . . . . . . . . . . . . . . . 445

Configuring H248 Timers (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 447

Configuring the Monitor (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . 448

Configuring Overload Control (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 449

Configuring Session Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . 450

Configuring Media Service (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . 450

Configuring a Rule (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Configuring Rule Set (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Configuring Session Mirroring (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 452

Configuring Traceoptions (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 453

Configuring Virtual Interface (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 454

Configuring Service Interface Pools (NSM Procedure) . . . . . . . . . . . . . . . . . . . . 455

Configuring a Service Set (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Configuring Stateful Firewall (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . 460

Chapter 24 Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Configuring Basic System Identification for SNMP (NSM Procedure) . . . . . . . . 463

Configuring SNMP Communities (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . 464

Configuring SNMP Trap Groups (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . 466

Configuring SNMP Views (NSM Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Part 4 Managing M-series and MX-series Devices

Chapter 25 Managing M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . 471

Managing M-series and MX-series Device Software Versions . . . . . . . . . . . . . . . 471

Chapter 26 Viewing the M-series and MX-series Device Inventory in NSM and the

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Viewing and Reconciling Device Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Comparing Device Inventory in NSM and the CLI . . . . . . . . . . . . . . . . . . . . . . . . . 474

Viewing Device Inventory in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Viewing Device Inventory from the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Chapter 27 Topology Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Overview of the NSM Topology Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Requisites for a Topology Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

About the NSM Topology Manager Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Part 5 Monitoring M-series and MX-series Devices

Chapter 28 Real Time Monitoring of M-series and MX-series . . . . . . . . . . . . . . . . . . . . . 485

About the Realtime Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

Viewing Device Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Viewing Device Monitor Alarm Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Setting the Polling Interval For Device Alarm Status . . . . . . . . . . . . . . . . . . . . . . 489

Part 6 Index

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

Table of Contents

M-series and MX-series Devices

List of Figures

Part 1 Getting Started

Chapter 2 Understanding the JUNOS CLI and NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 1: Overview of the User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Figure 2: NSM Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Part 2 Integrating M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 29

Figure 3: Job Information Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Figure 4: Failed Update Job Information Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . 36

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 41

Figure 5: MPLS Configuration in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Figure 6: MPLS Configuration in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Part 4 Managing M-series and MX-series Devices

Chapter 26 Viewing the M-series and MX-series Device Inventory in NSM and the

CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Figure 7: The Device Inventory Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Figure 8: Viewing the Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Figure 9: Viewing the Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

M-series and MX-series Devices

List of Tables

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii

Table 2: Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxviii

Table 3: Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

Table 4: Network and Security Manager Publications . . . . . . . . . . . . . . . . . . . . . xxix

Part 1 Getting Started

Chapter 3 Before You Begin Adding M-series and MX-series Devices . . . . . . . . . . . . . . 15

Table 5: M-series Internet Routers and MX-series Internet Service Routers . . . . . . 15

Part 2 Integrating M-series and MX-series Devices

Chapter 5 Updating M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . . . 29

Table 6: Device States During Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Part 3 Configuring M-series and MX-series Devices

Chapter 6 Configuring M-series and MX-series Devices Overview . . . . . . . . . . . . . . . . . 41

Table 7: The JUNOS Configuration Hierarchy and the NSM Configuration

Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Chapter 7 Configuring Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Table 8: Address Assignment Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 48

Table 9: Access Address Pool Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 51

Table 10: Access Group Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 51

Table 11: LDAP Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Table 12: LDAP Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Table 13: Access Profile Properties Configuration Details . . . . . . . . . . . . . . . . . . . . 55

Table 14: Accounting Parameter Configuration Details . . . . . . . . . . . . . . . . . . . . . 56

Table 15: Accounting Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Table 16: Authentication Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 57

Table 17: Authorization Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 58

Table 18: Client Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Table 19: Client Filter Name Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 60

Table 20: Ldap Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Table 21: Ldap Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 22: Provisioning Order Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 23: RADIUS Parameter Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 63

Table 24: RADIUS Parameters Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 66

Table 25: RADIUS Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Table 26: Session Limit Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Table 27: RADIUS Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Table 28: SecurID Server Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Table 29: Access Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Chapter 8 Configuring Accounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Table 30: Class Usage Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 72

Table 31: Log File Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Table 32: Filter Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Table 33: Interface Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Table 34: Policy Decision Statistics Profile Configuration Details . . . . . . . . . . . . . 76

Table 35: MIB Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Table 36: Routing Engine Profile Configuration Details . . . . . . . . . . . . . . . . . . . . . 78

Chapter 9 Configuring Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Table 37: Applications Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Chapter 10 Configuring Bridge Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Table 38: Bridge Domain Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Table 39: Bridge Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Table 40: Forwarding Options Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 84

Table 41: Logical Interface Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Table 42: Multicast Snooping Options Configuration Details . . . . . . . . . . . . . . . . . 87

Table 43: Igmp Snooping Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Table 44: VLAN ID Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Chapter 11 Configuring Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Table 45: Aggregated Devices Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 98

Table 46: Chassis Alarms Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Table 47: Container Interfaces Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 99

Table 48: FPC Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Table 49: Lcc Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Table 50: Chassis Redundancy Configuration Details . . . . . . . . . . . . . . . . . . . . . . 110

Table 51: Chassis Routing Engine Configuration Details . . . . . . . . . . . . . . . . . . . . . 112

Chapter 12 Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Table 52: RADIUS Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . 113

Table 53: TACACS+ Authentication Configuration Details . . . . . . . . . . . . . . . . . . . 114

Table 54: Login Class Authentication Configuration Details . . . . . . . . . . . . . . . . . 116

Table 55: User Authentication Configuration Details . . . . . . . . . . . . . . . . . . . . . . . 117

Table 56: Remote Template Account Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Table 57: Local Template Account Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Chapter 13 Configuring Class of Service Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Table 58: Configuring and Applying Behavior Aggregate Classifiers . . . . . . . . . . . 122

Table 59: Configuring Code Point Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Table 60: Drop Profile Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Table 61: Assigning Forwarding Classes to Output Queues . . . . . . . . . . . . . . . . . 128

Table 62: Forwarding Policy Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . 129

Table 63: Fragmentation Maps Configuration Details . . . . . . . . . . . . . . . . . . . . . . 131

Table 64: Host Outbound Traffic Configuration Details . . . . . . . . . . . . . . . . . . . . 132

Table 65: Interfaces Configuration Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

M-series and MX-series Devices

Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1, NETWORK AND SECURITY MANAGER 2010.3 User manual

Related papers

Other documents