J-series™ Services Router Administration Guide Release 9.1 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.
This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain. This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.
End User License Agreement READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT.
7. Ownership. Juniper and Juniper's licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software. 8. Warranty, Limitation of Liability, Disclaimer of Warranty.
Abbreviated Table of Contents About This Guide Part 1 Configuring a Services Router for Administration Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Part 2 Managing User Authentication and Access Setting Up USB Modems for Remote Management Configuring SNMP for Network Management Configuring the Router as a DHCP Server Configuring Autoinstallation Automating Network Operations and Troubleshooting 3 29 47 63 81 89 Monitoring a Services Router Chapter 7 Chapter 8 Chapter 9 Part 3 Monitori
J-series™ Services Router Administration Guide vi ■
Table of Contents About This Guide xv Objectives ......................................................................................................xv Audience .......................................................................................................xv How to Use This Guide .................................................................................xvi Document Conventions ...............................................................................
J-series™ Services Router Administration Guide Accessing Remote Devices with the CLI ........................................................24 Using the telnet Command .....................................................................24 Using the ssh Command .........................................................................25 Configuring Password Retry Limits for Telnet and SSH Access ......................26 Chapter 2 Setting Up USB Modems for Remote Management 29 USB Modem Terms ...........
Table of Contents Chapter 4 Configuring the Router as a DHCP Server 63 DHCP Terms .................................................................................................63 DHCP Overview ............................................................................................64 DHCP Options ........................................................................................65 Compatibility with Autoinstallation .........................................................
J-series™ Services Router Administration Guide Part 2 Monitoring a Services Router Chapter 7 Monitoring the Router and Routing Operations 101 Monitoring Terms ........................................................................................101 Monitoring Overview ...................................................................................101 Monitoring Tools Overview ...................................................................102 Filtering Command Output ..........................
Table of Contents Chapter 8 Monitoring Events and Managing System Log Files 155 System Log Message Terms .........................................................................155 System Log Messages Overview ..................................................................156 System Log Message Destinations .........................................................157 System Log Facilities and Severity Levels ..............................................157 Regular Expressions ......................
J-series™ Services Router Administration Guide Downgrading the Software ..........................................................................185 Downgrading the Software with the J-Web Interface .............................185 Downgrading the Software with the CLI ................................................185 Configuring Boot Devices ............................................................................186 Configuring a Boot Device for Backup with the J-Web Interface ............
Table of Contents Pinging Hosts from the J-Web Interface .......................................................216 Using the J-Web Ping Host Tool ............................................................216 Ping Host Results and Output Summary ...............................................218 Checking MPLS Connections from the J-Web Interface ................................219 Using the J-Web Ping MPLS Tool ...........................................................219 Ping MPLS Results and Output ..
J-series™ Services Router Administration Guide Chapter 14 Configuring RPM Probes 267 RPM Terms .................................................................................................267 RPM Overview ............................................................................................268 RPM Probes ..........................................................................................268 RPM Tests ........................................................................................
About This Guide This preface provides the following guidelines for using the J-series™ Services Router Administration Guide: ■ Objectives on page xv ■ Audience on page xv ■ How to Use This Guide on page xvi ■ Document Conventions on page xvii ■ Related Juniper Networks Documentation on page xviii ■ Documentation Feedback on page xxi ■ Requesting Technical Support on page xxi Objectives This guide contains instructions for managing users and operations, monitoring network performance, upgradin
J-series™ Services Router Administration Guide Personnel operating the equipment must be trained and competent; must not conduct themselves in a careless, willfully negligent, or hostile manner; and must abide by the instructions provided by the documentation. How to Use This Guide J-series documentation explains how to install, configure, and manage J-series routers by providing information about JUNOS implementation specifically on J-series routers.
About This Guide To monitor, diagnose, and manage a router, use the J-Web interface or CLI operational mode commands. Document Conventions Table 2 on page xvii defines the notice icons used in this guide. Table 2: Notice Icons Icon Meaning Description Informational note Indicates important features or instructions. Caution Indicates a situation that might result in loss of data or hardware damage. Warning Alerts you to the risk of personal injury or death.
J-series™ Services Router Administration Guide Table 3: Text and Syntax Conventions (continued) Convention Description Examples Plain text like this Represents names of configuration statements, commands, files, and directories; IP addresses; configuration hierarchy levels; or labels on routing platform components. ■ < > (angle brackets) Enclose optional keywords or variables.
About This Guide Table 4: J-series Guides and Related JUNOS Software Publications Chapter in a J-series Guide Corresponding JUNOS Software Manual Getting Started Guide for Your Router “Services Router User Interface Overview” ■ JUNOS CLI User Guide ■ JUNOS System Basics Configuration Guide “Establishing Basic Connectivity” J-series Services Router Basic LAN and WAN Access Configuration Guide “Using Services Router Configuration Tools” “Interfaces Overview” ■ JUNOS CLI User Guide ■ JUNOS Syst
J-series™ Services Router Administration Guide Table 4: J-series Guides and Related JUNOS Software Publications (continued) Chapter in a J-series Guide Corresponding JUNOS Software Manual “Configuring IPSec for Secure Packet Exchange” ■ JUNOS System Basics Configuration Guide ■ JUNOS Services Interfaces Configuration Guide ■ JUNOS System Basics and Services Command Reference ■ JUNOS Multicast Protocols Configuration Guide ■ JUNOS Routing Protocols and Policies Command Reference ■ JUNOS Servic
About This Guide Table 4: J-series Guides and Related JUNOS Software Publications (continued) Chapter in a J-series Guide Corresponding JUNOS Software Manual “Configuring and Monitoring Alarms” JUNOS System Basics Configuration Guide “Performing Software Upgrades and Reboots” JUNOS Software Installation and Upgrade Guide “Managing Files” JUNOS System Basics Configuration Guide “Using Services Router Diagnostic Tools” ■ JUNOS System Basics and Services Command Reference ■ JUNOS Interfaces Comman
J-series™ Services Router Administration Guide For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: ■ Find CSC offerings: http://www.juniper.net/customers/support/ ■ Search for known bugs: http://www2.juniper.net/kb/ ■ Find product documentation: http://www.juniper.net/techpubs/ ■ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.
Part 1 Configuring a Services Router for Administration ■ Managing User Authentication and Access on page 3 ■ Setting Up USB Modems for Remote Management on page 29 ■ Configuring SNMP for Network Management on page 47 ■ Configuring the Router as a DHCP Server on page 63 ■ Configuring Autoinstallation on page 81 ■ Automating Network Operations and Troubleshooting on page 89 Configuring a Services Router for Administration ■ 1
J-series™ Services Router Administration Guide 2 ■ Configuring a Services Router for Administration
Chapter 1 Managing User Authentication and Access You can use either J-Web Quick Configuration or a configuration editor to manage system functions, including RADIUS and TACACS+ servers, and user login accounts. This chapter contains the following topics. For more information about system management, see the JUNOS System Basics Configuration Guide. If the router is operating in a Common Criteria environment, see the Secure Configuration Guide for Common Criteria and JUNOS-FIPS.
J-series™ Services Router Administration Guide User Authentication Overview This section contains the following topics: ■ User Authentication on page 4 ■ User Accounts on page 4 ■ Login Classes on page 5 ■ Template Accounts on page 7 User Authentication The JUNOS software supports three methods of user authentication: local password authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control System Plus (TACACS+).
Chapter 1: Managing User Authentication and Access password that the JUNOS software encrypts using MD5-style encryption before entering it in the password database. If you configure the plain-text-password option, you are prompted to enter and confirm the password. Login Classes All users who log into the Services Router must be in a login class. You can define any number of login classes. With login classes, you define the following: ■ Access privileges users have when they are logged into the router.
J-series™ Services Router Administration Guide Table 7: Permission Bits for Login Classes 6 Permission Bit Access admin Can view user account information in configuration mode and with the show configuration command. admin-control Can view user accounts and configure them (at the [edit system login] hierarchy level). access Can view the access configuration in configuration mode and with the show configuration operational mode command.
Chapter 1: Managing User Authentication and Access Table 7: Permission Bits for Login Classes (continued) Permission Bit Access routing-control Can view general routing, routing protocol, and routing policy configuration information and configure general routing (at the [edit routing-options] hierarchy level), routing protocols (at the [edit protocols] hierarchy level), and routing policy (at the [edit policy-options] hierarchy level).
J-series™ Services Router Administration Guide When you configure local user templates and a user logs in, the JUNOS software issues a request to the authentication server to authenticate the user's login name. If a user is authenticated, the server returns the local username to the router, which then determines whether a local username is specified for that login name (local-username for TACACS+, Juniper-Local-User for RADIUS).
Chapter 1: Managing User Authentication and Access ■ To cancel your entries and return to the Users Quick Configuration page, click Cancel. Table 8: Users Quick Configuration for RADIUS Servers Summary Field Function Your Action RADIUS Server Address (required) Identifies the IP address of the RADIUS server. Type the RADIUS server’s 32-bit IP address, in dotted decimal notation. RADIUS Server Secret (required) The secret (password) of the RADIUS server.
J-series™ Services Router Administration Guide Table 9: Users Quick Configuration for TACACS+ Servers Summary Field Function Your Action TACACS+ Server Address (required) Identifies the IP address of the TACACS+ server. Type the TACACS+ server’s 32-bit IP address, in dotted decimal notation. TACACS+ Server Secret (required) The secret (password) of the TACACS+ server. Type the secret (password) of the TACACS+ server. Secrets can contain spaces.
Chapter 1: Managing User Authentication and Access Adding New Users You can use the Users Quick Configuration page for user information to add new users to a Services Router. For each account, you define a login name and password for the user and specify a login class for access privileges. Figure 4 on page 11 shows the Quick Configuration page for adding a user. Figure 4: Add a User Quick Configuration Page ERROR: Unresolved graphic fileref="s020244.
J-series™ Services Router Administration Guide Table 10: Add a User Quick Configuration Page Summary (continued) Field Function Your Action Login Password (required) The login password for this user. Type the login password for this user. The login password must meet the following criteria: Verify Login Password (required) Verifies the login password for this user. ■ The password must be at least 6 characters long.
Chapter 1: Managing User Authentication and Access 4. Go on to one of the following procedures: ■ To specify a system authentication order, see “Configuring Authentication Order” on page 15. ■ To configure a remote user template account, see “Creating a Remote Template Account” on page 19. ■ To configure local user template accounts, see “Creating a Local Template Account” on page 20.
J-series™ Services Router Administration Guide To configure TACACS+ authentication: 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 12 on page 14. 3. If you are finished configuring the network, commit the configuration. To completely set up TACACS+ authentication, you must create user template accounts and specify a system authentication order. 4.
Chapter 1: Managing User Authentication and Access Configuring Authentication Order The procedure provided in this section configures the Services Router to attempt user authentication with the local password first, then with the RADIUS server, and finally with the TACACS+ server. To configure authentication order: 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 13 on page 15. 3.
J-series™ Services Router Administration Guide Controlling User Access This section contains the following topics: ■ Defining Login Classes on page 16 ■ Creating User Accounts on page 17 Defining Login Classes You can define any number of login classes. You then apply one login class to an individual user account, as described in “Creating User Accounts” on page 17 and “Setting Up Template Accounts” on page 18.
Chapter 1: Managing User Authentication and Access Table 14: Defining Login Classes (continued) Task J-Web Configuration Editor CLI Configuration Editor Create a login class named operator-and-boot with the ability to reboot the router. 1. Next to Class, click Add new entry. 2. Type the name of the login class: Set the name of the login class and the ability to use the request system reboot command: operator-and-boot 3.
J-series™ Services Router Administration Guide To create user accounts: 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 15 on page 18. 3. If you are finished configuring the network, commit the configuration. Table 15: Creating User Accounts Task J-Web Configuration Editor CLI Configuration Editor Navigate to the System Login level in the configuration hierarchy. 1.
Chapter 1: Managing User Authentication and Access Creating a Remote Template Account You can create a remote template that is applied to users authenticated by RADIUS or TACACS+ that do not belong to a local template account. By default, the JUNOS software uses the remote template account when ■ The authenticated user does not exist locally on the Services Router.
J-series™ Services Router Administration Guide Creating a Local Template Account You can create a local template that is applied to users authenticated by RADIUS or TACACS+ that are assigned to the local template account. You use local template accounts when you need different types of templates. Each template can define a different set of permissions appropriate for the group of users who use that template.
Chapter 1: Managing User Authentication and Access Recovering the Root Password If you forget the root password for the router, you can use the password recovery procedure to reset the root password. NOTE: You need console access to recover the root password. To recover the root password: 1. Power off the router by pressing the power button on the front panel. 2. Turn off the power to the management device, such as a PC or laptop computer, that you want to use to access the CLI. 3.
J-series™ Services Router Administration Guide Figure 6: Connecting to the Console Port on the J4350 or J6350 Services Router 6. Turn on the power to the management device. 7. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal) and select the appropriate COM port to use (for example, COM1). 8. Configure the port settings as follows: 9.
Chapter 1: Managing User Authentication and Access 12. At the following prompt, enter recovery to start the root password recovery procedure. Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery 13. Enter configuration mode in the CLI. 14. Set the root password. For example: user@host# set system root-authentication plain-text-password For more information about configuring the root password, see the JUNOS System Basics Configuration Guide. 15.
J-series™ Services Router Administration Guide In a Common Criteria environment, you must disable the console port. For more information, see the Secure Configuration Guide for Common Criteria and JUNOS-FIPS. To secure the console port: 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 18 on page 24. 3. If you are finished configuring the network, commit the configuration.
Chapter 1: Managing User Authentication and Access To escape from the Telnet session to the Telnet command prompt, press Ctrl-]. To exit from the Telnet session and return to the CLI command prompt, enter quit. Table 19 on page 25 describes the telnet command options. For more information, see the JUNOS System Basics and Services Command Reference. Table 19: CLI telnet Command Options Option Description 8bit Use an 8-bit data path.
J-series™ Services Router Administration Guide Table 20: CLI ssh Command Options (continued) Option Description interface source-interface Open an SSH connection to a host on the specified interface. If you do not include this option, all interfaces are used. routing-instance routing-instance-name Use the specified routing instance for the SSH connection. source address Use the specified source address for the SSH connection. v1 Force SSH to use version 1 for the connection.
Chapter 1: Managing User Authentication and Access Table 21: Configuring Password Retry Limits for Telnet and SSH Access Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Retry options level in the configuration hierarchy. 1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration. From the [edit] hierarchy level, enter 2. Next to System, click Edit. 3. Next to Login, click Configure or Edit. 4. Next to Retry options, click Configure or Edit. 1.
J-series™ Services Router Administration Guide 28 ■ Configuring Password Retry Limits for Telnet and SSH Access
Chapter 2 Setting Up USB Modems for Remote Management J-series Services Routers support the use of USB modems for remote management. You can use Telnet or SSH to connect to the router from a remote location through two modems over a telephone network. The USB modem is connected to the USB port on the Services Router, and a second modem is connected to a remote management device such as a PC or laptop computer.
J-series™ Services Router Administration Guide Table 22: USB Modem Terminology Term Definition caller ID Telephone number of the caller on the remote end of a USB modem connection, used to dial in and also to identify the caller. Multiple caller IDs can be configured on a dialer interface. During dial-in, the router matches the incoming call's caller ID against the caller IDs configured on its dialer interfaces. Each dialer interface accepts calls from only callers whose caller IDs are configured on it.
Chapter 2: Setting Up USB Modems for Remote Management ■ The dialer interface must be configured to use PPP encapsulation. You cannot configure Cisco High-Level Data Link Control (HDLC) or Multilink PPP (MLPPP) encapsulation on dialer interfaces. ■ The dialer interface cannot be configured as a constituent link in a multilink bundle.
J-series™ Services Router Administration Guide Table 23: J-series Default Modem Initialization Commands (continued) Modem Command Description %C0 Disables data compression.
Chapter 2: Setting Up USB Modems for Remote Management Before You Begin Before you configure USB modems, you need to perform the following tasks: ■ Install Services Router hardware. For more information, see the Getting Started Guide for your router. ■ Establish basic connectivity. For more information, see the Getting Started Guide for your router. ■ Order a Multi-Tech MultiModem MT5634ZBA-USB-V92 USB modem from Multi-Tech Systems (http://www.multitech.com/).
J-series™ Services Router Administration Guide 1. Navigate to the top of the interfaces configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 25 on page 34. 3. Go on to “Configuring a Dialer Interface (Required)” on page 35. Table 25: Configuring a USB Modem Interface Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the configuration hierarchy. 1.
Chapter 2: Setting Up USB Modems for Remote Management Configuring a Dialer Interface (Required) The dialer interface (dl) is a logical interface configured to establish USB modem connectivity. You can configure multiple dialer interfaces for different functions on the Services Router. To configure a logical dialer interface for the Services Router: 1. Navigate to the top of the interfaces configuration hierarchy in either the J-Web or CLI configuration editor. 2.
J-series™ Services Router Administration Guide Table 26: Adding a Dialer Interface to a Services Router (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure the name of the dialer pool to use for USB modem connectivity—for example, usb-modem-dialer-pool. 1. 1. In the Pool box, type Enter usb-modem-dialer-pool. 2. edit unit 0 Click OK. 2.
Chapter 2: Setting Up USB Modems for Remote Management 3. If you are finished configuring the router, commit the configuration. 4. To verify that the network interface is configured correctly, see “Verifying the USB Modem Configuration” on page 42. Table 27: Configuring the Dialer Interface for Dial-In Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Interfaces level in the configuration hierarchy, and select a dialer interface—for example, dl0. 1.
J-series™ Services Router Administration Guide 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 28 on page 38. 3. If you are finished configuring the router, commit the configuration. 4. To verify the CHAP configuration, see “Verifying the USB Modem Configuration” on page 42.
Chapter 2: Setting Up USB Modems for Remote Management Connecting to the Services Router from the User End NOTE: These instructions describe connecting to the Services Router from a remote PC or laptop computer running Microsoft Windows XP. If your remote PC or laptop computer does not run Microsoft Windows XP, see the documentation for your operating system and enter equivalent commands.
J-series™ Services Router Administration Guide The Connect USB-modem-connect page is displayed. 11. If CHAP is configured on the dialer interface used for the USB modem interface at the router end, type the username and password configured in the CHAP configuration in the User name and Password boxes. For information about configuring CHAP on dialer interfaces, see “Configuring CHAP on Dialer Interfaces (Optional)” on page 37. 12. Click Properties. The USB-modem-connect Properties page is displayed. 13.
Chapter 2: Setting Up USB Modems for Remote Management Modifying USB Modem Initialization Commands NOTE: These instructions use Hayes-compatible modem commands to configure the modem. If your modem is not Hayes-compatible, see the documentation for your modem and enter equivalent modem commands. You can use the J-Web or CLI configuration editor to override the value of an initialization command configured on the USB modem or configure additional commands for initializing USB modems.
J-series™ Services Router Administration Guide Table 29: Modifying USB Modem Initialization Commands (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure the modem AT commands to initialize the USB modem. For example: 1. Next to Modem options, click Configure. From the [edit interfaces umd0] hierarchy, enter ■ The command S0=2 configures the modem to automatically answer calls on the second ring. 2. In the Init command string box, type AT S0=2 L2.
Chapter 2: Setting Up USB Modems for Remote Management Verifying a USB Modem Interface Purpose Action Verify that the USB modem interface is correctly configured and display the status of the modem. From the CLI, enter the show interfaces extensive command.
J-series™ Services Router Administration Guide ■ In the J-Web configuration editor, clear the Disable check box on the Interfaces>interface-name page. ■ The physical link is Up. A link state of Down indicates a problem with the interface module, interface port, or physical connection (link-layer errors). ■ The Last Flapped time is an expected value. The Last Flapped time indicates the last time the physical interface became unavailable and then available again.
Chapter 2: Setting Up USB Modems for Remote Management Link flags : Keepalives Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unspecified Alternate link address: Unspecified Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes : 13859 0 bps Output bytes : 0 0 bps Input packets: 317 0 pps Output packets: 0 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource e
J-series™ Services Router Administration Guide ■ Related Topics 46 ■ The physical interface is Enabled. If the interface is shown as Disabled, do either of the following: ■ In the CLI configuration editor, delete the disable statement at the [edit interfaces interface-name] level of the configuration hierarchy. ■ In the J-Web configuration editor, clear the Disable check box on the Interfaces>interface-name page. ■ The physical link is Up.
Chapter 3 Configuring SNMP for Network Management The Simple Network Management Protocol (SNMP) enables the monitoring of network devices from a central location. You can use either J-Web Quick Configuration or a configuration editor to configure SNMP. NOTE: SNMP is not supported on Gigabit Ethernet interfaces on J-series Services Routers. This chapter contains the following topics. For more information about SNMP, see the JUNOS Network Management Configuration Guide.
J-series™ Services Router Administration Guide Communication between the agent and the manager occurs in one of the following forms: ■ Get, GetBulk, and GetNext requests—The manager requests information from the agent, and the agent returns the information in a Get response message. ■ Set requests—The manager changes the value of a MIB object controlled by the agent, and the agent indicates status in a Set response message.
Chapter 3: Configuring SNMP for Network Management clients, you can control exactly which SNMP managers have access to a particular agent. SNMP Traps The get and set commands that SNMP uses are useful for querying hosts within a network. However, the commands do not provide a means by which events can trigger a notification. For instance, if a link fails, the health of the link is unknown until an SNMP manager next queries that agent.
J-series™ Services Router Administration Guide sampling interval is greater than this threshold, the SNMP health monitor generates an alarm. After the falling alarm, the health monitor cannot generate another alarm until the sampled value rises above the falling threshold and reaches the rising threshold. The interval represents the period of time, in seconds, over which the object instance is sampled and compared with the rising and falling thresholds.
Chapter 3: Configuring SNMP for Network Management 4. ■ To apply the configuration and stay on the Quick Configuration page for SNMP, click Apply. ■ To apply the configuration and return to the Quick Configuration SNMP page, click OK. ■ To cancel your entries and return to the Quick Configuration for SNMP page, click Cancel. To check the configuration, see “Verifying the SNMP Configuration” on page 58.
J-series™ Services Router Administration Guide Table 30: SNMP Quick Configuration Summary (continued) Field Function Your Action Categories Specifies which trap categories are added to the trap group being configured. ■ To generate traps for authentication failures, select Authentication. ■ To generate traps for chassis and environment notifications, select Chassis. ■ To generate traps for configuration changes, select Configuration.
Chapter 3: Configuring SNMP for Network Management Table 30: SNMP Quick Configuration Summary (continued) Field Function Your Action Enable Health Monitoring Enables the SNMP health monitor on the router. The health monitor periodically (the time you specify in the interval field) checks the following key indicators of router health: Select the check box to enable the health monitor and configure options. If you do not select the check box, the health monitor is disabled.
J-series™ Services Router Administration Guide Configuring SNMP with a Configuration Editor To configure SNMP on a Services Router, you must perform the following tasks marked (Required). For information about using the J-Web and CLI configuration editors, see the J-series Services Router Basic LAN and WAN Access Configuration Guide.
Chapter 3: Configuring SNMP for Network Management Table 32: Configuring Basic System Identification (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure the system contact information (such as a name and phone number). In the Contact box, type the contact information as a free-form text string. Set the contact information: set contact “contact-information” Configure the system location information (such as a lab name and a rack name).
J-series™ Services Router Administration Guide Table 33: Configuring SNMP Agents and Communities Task J-Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the configuration hierarchy. 1. From the [edit] hierarchy level, enter Create and name a community. Grant read-write access to the community. In the J-Web interface, select Configuration>View and Edit>Edit Configuration. edit snmp 2. Next to Snmp, click Configure or Edit. 1.
Chapter 3: Configuring SNMP for Network Management 3. If you are finished configuring the network, commit the configuration. 4. To check the configuration, see “Verifying the SNMP Configuration” on page 58. Table 34: Configuring SNMP Trap Groups Task J-Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the configuration hierarchy. 1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration. From the [edit] hierarchy level, enter 2.
J-series™ Services Router Administration Guide Table 35: Configuring SNMP Views Task J-Web Configuration Editor CLI Configuration Editor Navigate to the SNMP level in the configuration hierarchy. 1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration. From the [edit] hierarchy level, enter 2. Next to Snmp, click Configure or Edit. 1. Next to View, click Add new entry. Create a view: 2. In the Name box, type the name of the view as a free-form text string.
Chapter 3: Configuring SNMP for Network Management Get requests: 44942, Get nexts: 190371, Set requests: 10712, Get responses: 0, Traps: 0, Silent drops: 0, Proxy drops: 0, Commit pending drops: 0, Throttle drops: 0, V3 Input: Unknown security models: 0, Invalid messages: 0 Unknown pdu handlers: 0, Unavailable contexts: 0 Unknown contexts: 0, Unsupported security levels: 1 Not in time windows: 0, Unknown user names: 0 Unknown engine ids: 44, Wrong digests: 23, Decryption errors: 0 Output: Packets: 246093,
J-series™ Services Router Administration Guide Interface daemon SNMP daemon MIB2 daemon VRRP daemon Alarm daemon PFE daemon CRAFT daemon Traffic sampling control daemon Remote operations daemon CoS daemon Inet daemon Syslog daemon Web management daemon USB Supervise Daemon PPP daemon DLSWD daemon 32775 Health Monitor: jroute daemon memory usage Routing protocol daemon Management daemon Management daemon Management daemon Command line interface Command line interface Periodic Packet Management daemon Bidire
Chapter 3: Configuring SNMP for Network Management ■ rising threshold crossed—Variable value has crossed the upper threshold limit. Verify that any rising threshold values are greater than the configured rising threshold, and that any falling threshold values are less than the configured falling threshold. Related Topics For a complete description of show snmp health-monitor output, see the JUNOS System Basics and Services Command Reference.
J-series™ Services Router Administration Guide 62 ■ Verifying SNMP Health Monitor Configuration
Chapter 4 Configuring the Router as a DHCP Server A Dynamic Host Configuration Protocol (DHCP) server can automatically allocate IP addresses and also deliver configuration settings to client hosts on a subnet. DHCP is particularly useful for managing a pool of IP addresses among hosts. An IP address can be leased to a host for a limited period of time, allowing the DHCP server to share a limited number of IP addresses among a group of hosts that do not need permanent IP addresses.
J-series™ Services Router Administration Guide Table 36: DHCP Terms Term Definition binding Collection of configuration parameters, including at least an IP address, assigned by a DHCP server to a DHCP client. A binding can be dynamic (temporary) or static (permanent). Bindings are stored in the DHCP server's binding database. conflict Problem that occurs when an address within the IP address pool is being used by a host that does not have an associated binding in the DHCP server's database.
Chapter 4: Configuring the Router as a DHCP Server ■ Store, manage, and provide client configuration parameters. As a DHCP server, a Services Router can provide temporary IP addresses from an IP address pool to all clients on a specified subnet, a process known as dynamic binding. Services Routers can also perform static binding, assigning permanent IP addresses to specific clients based on their media access control (MAC) addresses. Static bindings take precedence over dynamic bindings.
J-series™ Services Router Administration Guide DHCP is not supported on interfaces that are part of a virtual private network (VPN). Before You Begin Before you begin configuring the Services Router as a DHCP server, complete the following tasks: ■ Determine the IP address pools and the lease durations to use for each subnet. ■ Obtain the MAC addresses of the clients that require permanent IP addresses. Determine the IP addresses to use for these clients.
Chapter 4: Configuring the Router as a DHCP Server Figure 8: DHCP Quick Configuration Main Page Configuring the DHCP Server with Quick Configuration ■ 67
J-series™ Services Router Administration Guide Figure 9: DHCP Quick Configuration Pool Page 68 ■ Configuring the DHCP Server with Quick Configuration
Chapter 4: Configuring the Router as a DHCP Server Figure 10: DHCP Quick Configuration Static Binding Page To configure the DHCP server with Quick Configuration: 1. In the J-Web interface, select Configuration>Quick Configuration>DHCP. 2. Access a DHCP Quick Configuration page: ■ To configure a DHCP pool for a subnet, click Add in the DHCP Pools box. ■ To configure a static binding for a DHCP client, click Add in the DHCP Static Binding box.
J-series™ Services Router Administration Guide 3. Enter information into the DHCP Quick Configuration pages, as described in Table 37 on page 70. 4. Click one of the following buttons on the DHCP Quick Configuration page: 5. ■ To apply the configuration and return to the Quick Configuration page, click OK. ■ To cancel your entries and return to the Quick Configuration page, click Cancel.
Chapter 4: Configuring the Router as a DHCP Server Table 37: DHCP Server Quick Configuration Pages Summary (continued) Field Function Your Action Server Identifier Specifies the IP address of the DHCP server reported to a client. Type the IP address of the Services Router. If you do not specify a server identifier, the primary address of the interface on which the DHCP exchange occurs is used. Domain Name Specifies the domain name that clients must use to resolve hostnames.
J-series™ Services Router Administration Guide Table 37: DHCP Server Quick Configuration Pages Summary (continued) Field Function Your Action Fixed IP Addresses (required) Defines a list of IP addresses permanently assigned to the client. A static binding must have at least one fixed address assigned to it, but multiple addresses are also allowed. Do either of the following: ■ To add an IP address, type it next to the Add button, and click Add.
Chapter 4: Configuring the Router as a DHCP Server Table 38: Sample DHCP Server Configuration Settings (continued) Settings Sample Value or Values Address pool subnet address 192.168.2.0/24 High address in the pool range 192.168.2.254 Low address in the pool range 192.168.2.2 Address pool default lease time, in seconds 1,209,600 (14 days) Address pool maximum lease time, in seconds 2,419,200 (28 days) Domain search suffixes mycompany.net mylab.net Address to exclude from the pool 192.168.2.
J-series™ Services Router Administration Guide Table 39: Configuring the DHCP Server Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Dhcp server level in the configuration hierarchy. 1. From the [edit] hierarchy level, enter Define the IP address pool. Define the default and maximum lease times, in seconds. Define the domain search suffixes to be used by the clients. Exclude addresses from the IP address pool.
Chapter 4: Configuring the Router as a DHCP Server Table 39: Configuring the DHCP Server (continued) Task J-Web Configuration Editor CLI Configuration Editor Define a DNS server. 1. Next to Name server, click Add new entry. Set the DNS server IP address: 2. In the Address box, type 192.168.10.2. 3. Click OK. 1. Next to Option, click Add new entry. 2. In the Option identifier code box, type 32. 3. From the Option type choice list, select Ip address. 4. In the Ip address box, type 192.168.
J-series™ Services Router Administration Guide [edit] user@host# show system services dhcp pool 192.168.2.0/24 { address-range low 192.168.2.2 high 192.168.2.254; exclude-address { 192.168.2.33; } maximum-lease-time 2419200; default-lease-time 1209600; name-server { 192.168.10.2; } domain-search { mycompany.net; mylab.net; } option 16 ip-address 192.168.2.33; } static-binding 01.03.05.07.09.0b { fixed-address { 192.168.2.
Chapter 4: Configuring the Router as a DHCP Server IP Address Hardware Address 192.168.2.2 02:04:06:08:0A:0C 192.168.2.50 01:03:05:07:09:0B Type dynamic static Lease expires at 2005-02-07 8:48:59 PDT never user@host> show system services dhcp binding 192.168.2.2 detail IP address 192.168.2.2 Hardware address 02:04:06:08:0A:0C Pool 192.168.2.
J-series™ Services Router Administration Guide user@host> ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2): 56 data bytes 64 bytes from 192.168.2.2: icmp_seq=0 ttl=255 time=8.856 ms 64 bytes from 192.168.2.2: icmp_seq=1 ttl=255 time=11.543 ms 64 bytes from 192.168.2.2: icmp_seq=2 ttl=255 time=10.315 ms ... C:\Documents and Settings\user> ipconfig /all Windows 2000 IP Configuration Host Name . . . . . . . Primary DNS Suffix . . Node Type . . . . . . . IP Routing Enabled. . . WINS Proxy Enabled. . .
Chapter 4: Configuring the Router as a DHCP Server Related Topics To use the J-Web interface to ping a host, see “Using the J-Web Ping Host Tool” on page 216. For more information about the ping command, see “Pinging Hosts from the CLI” on page 230 or the JUNOS System Basics and Services Command Reference. Displaying DHCP Statistics Purpose Action Display DHCP statistics, including lease times, packets dropped, and DHCP and BOOTP messages received and sent, to verify normal operation.
J-series™ Services Router Administration Guide 80 ■ Displaying DHCP Statistics
Chapter 5 Configuring Autoinstallation If you are setting up many J-series Services Routers, autoinstallation can help automate the configuration process by loading configuration files onto new or existing routers automatically over the network. You can use either the J-Web configuration editor or CLI configuration editor to configure a Services Router for autoinstallation. The J-Web interface does not include Quick Configuration pages for autoinstallation.
J-series™ Services Router Administration Guide Table 40: Autoinstallation Terms (continued) Term Definition host-specific configuration Configuration that takes place on a Services Router for which you have created a host-specific configuration file for autoinstallation called hostname.conf. The hostname.conf file contains all the information necessary to configure the router. For the router to use hostname.conf, it must be able to determine its own hostname from the network. network.
Chapter 5: Configuring Autoinstallation Table 41: Interfaces and Protocols for IP Address Acqusition During Autoinstallation Interface and Encapsulation Type Protocol for Autoinstallation Ethernet LAN interface with High-level Data Link Control (HDLC) DHCP, BOOTP, or Reverse Address Resolution Protocol (RARP) Serial WAN interface with HDLC Serial Line Address Resolution Protocol (SLARP) Serial WAN interface with Frame Relay BOOTP If the server with the autoinstallation configuration file is not on
J-series™ Services Router Administration Guide 2. 3. After the new Services Router acquires an IP address, the autoinstallation process on the router attempts to download a configuration file in the following ways: a. If the DHCP server specifies the host-specific configuration file (boot file) hostname.conf, the router uses that filename in the TFTP server request. (In the filename, hostname is the hostname of the new router.
Chapter 5: Configuring Autoinstallation ■ Gigabit Ethernet ■ Serial with HDLC encapsulation ■ If you configure the DHCP server to provide only the TFTP server hostname, add an IP address-to-hostname mapping entry for the TFTP server to the DNS database file on the DNS server in the network.
J-series™ Services Router Administration Guide Table 42: Configuring Autoinstallation Task J-Web Configuration Editor CLI Configuration Editor Navigate to the System level in the configuration hierarchy. 1. From the [edit] hierarchy level, enter 2. Enable autoinstallation. In the J-Web interface, select Configuration>View and Edit> Edit Configuration. Next to System, click Configure or Edit. Select Autoinstallation, and then click Configure.
Chapter 5: Configuring Autoinstallation Action From the CLI, enter the show system autoinstallation status command. user@host> show system autoinstallation status Autoinstallation status: Master state: Active Last committed file: None Configuration server of last committed file: 10.25.100.1 Interface: Name: ge-0/0/0 State: Configuration Acquisition Acquired: Address: 192.168.124.75 Hostname: host-ge-000 Hostname source: DNS Configuration filename: router-ge-000.conf Configuration filename server: 10.25.
J-series™ Services Router Administration Guide 88 ■ Verifying Autoinstallation Status
Chapter 6 Automating Network Operations and Troubleshooting J-series Services Routers support automation of network operations and troubleshooting tasks using commit scripts, operation scripts, and event policies. You can use commit scripts to enforce custom configuration rules. Operation scripts allow you to automate network management and troubleshooting tasks. You can configure event policies that initiate self-diagnostic actions on the occurrence of specific events.
J-series™ Services Router Administration Guide ■ Generate custom warning messages, system log messages, or error messages. If error messages are generated, the commit operation fails and the candidate configuration remains unchanged. ■ Change the configuration in accordance with your rules and then proceed with the commit operation. Consider the following examples of actions you can perform with commit scripts: ■ Run a basic sanity test.
Chapter 6: Automating Network Operations and Troubleshooting Table 43: Enabling Commit Scripts Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Commit level in the configuration hierarchy. 1. From the [edit] hierarchy level, enter Enable the commit script file—for example, commit-script.xsl. In the J-Web interface, select Configuration>View and Edit>Edit Configuration. edit system scripts commit 2. Next to System, click Configure or Edit. 3.
J-series™ Services Router Administration Guide commit complete NOTE: You can later reactivate the commit script using the activate system scripts commit filename.xsl command. Automating Network Management and Troubleshooting with Operation Scripts Operation scripts are scripts that you write to automate network management and troubleshooting tasks. They can perform any function available through JUNOScript remote procedure calls (RPCs).
Chapter 6: Automating Network Operations and Troubleshooting Enabling Operation Scripts To enable operation scripts: 1. Write an operation script. For information about writing operation scripts, see the JUNOS Configuration and Diagnostic Automation Guide. 2. Copy the script to the /var/db/scripts/op directory. Only users with superuser privileges can access and edit files in the /var/db/scripts/op directory. 3.
J-series™ Services Router Administration Guide user@host# op filename.xsl Disabling Operation Scripts If you do not want an operation script to run, you can disable it by deleting or deactivating it in the configuration. Deleting an operation script permanently removes it from the configuration. To run the script later, you must reenable the script as described in “Enabling Operation Scripts” on page 93. Deactivating an operation script disables the script until you activate it later.
Chapter 6: Automating Network Operations and Troubleshooting actions when specific events occur. These actions can either help you diagnose a fault or take corrective action.
J-series™ Services Router Administration Guide Table 45: Configuring Event Policies Task J-Web Configuration Editor CLI Configuration Editor Configuring Destination for Uploading Files for Analysis Navigate to the Destinations level in the configuration hierarchy. Enter the destination name—for example, bsd2. 1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration. 2. Next to Event options, click Configure or Edit. 3. Next to Destinations, click Add new entry.
Chapter 6: Automating Network Operations and Troubleshooting Table 45: Configuring Event Policies (continued) Task J-Web Configuration Editor CLI Configuration Editor Flag the event to initiate an SNMP trap when it generates a system log message. 1. Next to Then, click Configure. Enter 2. Select the Raise trap checkbox. 3. Click OK. set then set raise-trap Define the action to be taken when the configured event occurs.
J-series™ Services Router Administration Guide 98 ■ Running Self-Diagnostics with Event Policies
Part 2 Monitoring a Services Router ■ Monitoring the Router and Routing Operations on page 101 ■ Monitoring Events and Managing System Log Files on page 155 ■ Configuring and Monitoring Alarms on page 165 Monitoring a Services Router ■ 99
J-series™ Services Router Administration Guide 100 ■ Monitoring a Services Router
Chapter 7 Monitoring the Router and Routing Operations J-series Services Routers support a suite of J-Web tools and CLI operational mode commands for monitoring system health and performance. Monitoring tools and commands display the current state of the router. This chapter contains the following topics.
J-series™ Services Router Administration Guide You can also monitor the router with CLI operational mode commands. CLI command output appears on the screen of your console or management device, or you can filter the output to a file. This section contains the following topics: ■ Monitoring Tools Overview on page 102 ■ Filtering Command Output on page 105 Monitoring Tools Overview J-Web monitoring tools consist of the options that appear when you select Monitor in the task bar.
Chapter 7: Monitoring the Router and Routing Operations Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued) Monitor Option Function Corresponding CLI Commands Routing Displays routing information through the following options: ■ ■ Route Information—Information about the routes in a routing table, including destination, protocol, state, and parameter information. You can narrow the list of routes displayed by specifying search criteria.
J-series™ Services Router Administration Guide Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued) Monitor Option Function Corresponding CLI Commands MPLS Displays information about MPLS label-switched paths (LSPs) and virtual private networks (VPNs) through the following options: ■ Interfaces—show mpls interface ■ LSP information—show mpls lsp Interfaces—Information about the interfaces on which MPLS is enabled, including operational state and any administrative groups
Chapter 7: Monitoring the Router and Routing Operations Table 47: J-Web Monitor Options and Corresponding CLI show Commands (continued) Monitor Option Function Corresponding CLI Commands DHCP Displays DHCP dynamic and static leases, conflicts, pools, and statistics. ■ show system services dhcp binding ■ show system services dhcp conflict ■ show system services dhcp pool ■ show system services dhcp statistics For details, see “Monitoring DHCP” on page 143.
J-series™ Services Router Administration Guide lines of the configuration that contain address, issue the show configuration command using a pipe into the match filter: user@host> show configuration | match address address-range low 192.168.3.2 high 192.168.3.254; address-range low 192.168.71.71 high 192.168.71.254; address 192.168.71.70/21; address 192.168.2.1/24; address 127.0.0.
Chapter 7: Monitoring the Router and Routing Operations Using the Monitoring Tools This section describes the monitoring tools in detail.
J-series™ Services Router Administration Guide Table 48: Summary of Key System Properties Output Fields (continued) Field Values Router Hostname Hostname of the Services Router, as defined with the set system hostname command. Router IP Address IP address, in dotted decimal notation, of Ethernet management port 0 (ge-0/0/0, for example), as defined with the set interfaces ge-0/0/0 command.
Chapter 7: Monitoring the Router and Routing Operations Table 48: Summary of Key System Properties Output Fields (continued) Field Values Total Memory Available Total RAM available on the Services Router. Total Memory Used Total RAM currently being consumed by processes actively running on the Services Router, displayed both as a quantity of memory and as a percentage of the total RAM on the router. Process ID Process identifier. Process Owner Name of the process owner.
J-series™ Services Router Administration Guide Table 48: Summary of Key System Properties Output Fields (continued) Field Values Additional Information Memory Usage Percentage of the installed RAM that is being used by the process. System Storage Total Flash Size Total size, in megabytes, of the primary flash device. Usable Flash Size Total usable memory, in megabytes, of the primary flash device.
Chapter 7: Monitoring the Router and Routing Operations Table 49: Summary of System Process Information Output Fields (continued) Field Values Additional Information Sleep state Sleep state of the process. Start time Time of day when the process started.
J-series™ Services Router Administration Guide Table 50: Summary of Key Chassis Output Fields (continued) Field Values Additional Information Alarm Class Severity class for this alarm: Minor or Major. JUNOS has system-defined alarms and configurable alarms. System-defined alarms include FRU detection alarms (power supplies removed, for instance) and environmental alarms. The values for these alarms are defined within JUNOS.
Chapter 7: Monitoring the Router and Routing Operations Table 50: Summary of Key Chassis Output Fields (continued) Field Values Additional Information Part Number Part number of the chassis component. Serial Number Serial number of the chassis component. The serial number of the backplane is also the serial number of the router chassis. Use this serial number when you need to contact customer support about the router chassis. Description Brief description of the hardware item.
J-series™ Services Router Administration Guide interface. To view interface-specific properties such as administrative state or traffic statistics in the J-Web interface, select the interface name on the Interfaces page. Alternatively, enter the following CLI show commands: ■ show interfaces terse ■ show interfaces detail ■ show interfaces interface-name Table 51 on page 114 summarizes key output fields in interfaces displays.
Chapter 7: Monitoring the Router and Routing Operations Table 51: Summary of Key Interfaces Output Fields (continued) Field Values Additional Information Admin State Whether the interface is enabled up (Up) or disabled (Down). Interfaces are enabled by default. To disable an interface: MTU Maximum transmission unit (MTU) size on the physical interface. Speed Speed at which the interface is running. Current Address Configured media access control (MAC) address.
J-series™ Services Router Administration Guide This section contains the following topics: ■ Monitoring Route Information on page 116 ■ Monitoring BGP Routing Information on page 117 ■ Monitoring OSPF Routing Information on page 119 ■ Monitoring RIP Routing Information on page 120 ■ Monitoring DLSw Routing Information on page 121 Monitoring Route Information To view the inet.
Chapter 7: Monitoring the Router and Routing Operations Table 52: Summary of Key Routing Information Output Fields (continued) Field Values Additional Information Next-Hop Network layer address of the directly reachable neighboring system (if applicable) and the interface used to reach it. If a next hop is listed as Discard, all traffic with that destination address is discarded rather than routed.
J-series™ Services Router Administration Guide Table 53: Summary of Key BGP Routing Output Fields (continued) Field Values Down Peers Number of unavailable BGP peers. Peer Address of each BGP peer. InPkt Number of packets received from the peer, OutPkt Number of packets sent to the peer. Flaps Number of times a BGP session has changed state from Down to Up. A high number of flaps might indicate a problem with the interface on which the BGP session is enabled.
Chapter 7: Monitoring the Router and Routing Operations Table 53: Summary of Key BGP Routing Output Fields (continued) Field Values Additional Information Export Names of any export policies configured on the peer. Import Names of any import policies configured on the peer. Number of flaps Number of times the BGP sessions has changed state from Down to Up. A high number of flaps might indicate a problem with the interface on which the session is established.
J-series™ Services Router Administration Guide Table 54: Summary of Key OSPF Routing Output Fields (continued) Field Values Additional Information Area Number of the area that the interface is in. DR ID Address of the area's designated router. BDR ID Address of the area's backup designated router. Nbrs Number of neighbors on this interface. OSPF Statistics Packet Type Type of OSPF packet. Total Sent/Total Received Total number of packets sent and received.
Chapter 7: Monitoring the Router and Routing Operations Table 55: Summary of Key RIP Routing Output Fields (continued) Field Values Additional Information Routes advertised Number of RIP routes advertised on the logical interface. RIP Neighbors Neighbor Name of the RIP neighbor. This value is the name of the interface on which RIP is enabled.
J-series™ Services Router Administration Guide Table 56: Summary of Key DLSw Routing Information Output Fields (continued) Field Values Version number DLSw protocol version. Initial pacing window Frequency at which packets are sent. Version string Juniper Networks software version information. DLSw Circuits Circuit id DLSw circuit ID Local Address MAC address of the local DLSw peer. LSAP Number of the local service access point.
Chapter 7: Monitoring the Router and Routing Operations Table 56: Summary of Key DLSw Routing Information Output Fields (continued) Field Values Additional Information DLSw Reachability MAC index Number assigned to the remote DLSw peer. MAC address MAC address of the remote DLSw peer. Remote DLSw address IP address of the remote DLSw peer. Monitoring Class-of-Service Performance The J-Web interface provides information about the class-of-service (CoS) performance on a router.
J-series™ Services Router Administration Guide Table 57: Summary of Key CoS Interfaces Output Fields Field Values Additional Information Interface Name of a physical interface to which CoS components are assigned. To display names of logical interfaces configured on this physical interface, click the plus sign (+). Scheduler Map Name of the scheduler map associated with this interface. Queues Supported Number of queues you can configure on the interface.
Chapter 7: Monitoring the Router and Routing Operations Table 58: Summary of Key CoS Classifier Output Fields (continued) CoS Value Type The classifiers are displayed by type: ■ dscp—All classifiers of the DSCP type. ■ dscp ipv6—All classifiers of the DSCP IPv6 type. ■ exp—All classifiers of the MPLS EXP type. ■ ieee-802.1—All classifiers of the IEEE 802.1 type. ■ inet-precedence—All classifiers of the IP precedence type. Index Internal index of the classifier.
J-series™ Services Router Administration Guide Table 59: Summary of Key CoS Value Alias Output Fields Field Values Additional Information CoS Value Type Type of the CoS value: To display aliases and bit patterns, click the plus sign (+). ■ dscp—Examines Layer 3 packet headers for IP packet classification. ■ dscp ipv6—Examines Layer 3 packet headers for IPv6 packet classification. ■ exp—Examines Layer 2 packet headers for MPLS packet classification. ■ ieee-802.
Chapter 7: Monitoring the Router and Routing Operations Table 60: Summary of Key CoS RED Drop Profile Output Fields (continued) Field Values Type Type of a specific drop profile: ■ Additional Information interpolated—The two coordinates (x and y) of the graph are interpolated to produce a smooth profile. ■ segmented—The two coordinates (x and y) of the graph are represented by line fragments to produce a segmented profile.
J-series™ Services Router Administration Guide Table 61: Summary of Key CoS Forwarding Class Output Fields Field Values Forwarding Class Names of forwarding classes assigned to queue numbers. By default, the following forwarding classes are assigned to queues 0 through 3: ■ Additional Information best-effort—Provides no special CoS handling of packets. Loss priority is typically not carried in a CoS value, and RED drop profiles are more aggressive.
Chapter 7: Monitoring the Router and Routing Operations Table 62: Summary of Key CoS Rewrite Rules Output Fields (continued) Field Values Additional Information Forwarding Class Forwarding class that in combination with loss priority is used to determine CoS values for rewriting. Rewrite rules are applied to CoS values in outgoing packets based on forwarding class and loss priority setting.
J-series™ Services Router Administration Guide Table 63: Summary of Key CoS Scheduler Maps Output Fields (continued) Field Values Buffer Size Delay buffer size in the queue or the amount of transmit delay (in milliseconds). The buffer size can be either of the following: ■ A percentage—The buffer is a percentage of the total buffer allocation. ■ remainder—The buffer is sized Additional Information according to what remains after other scheduler buffer allocations.
Chapter 7: Monitoring the Router and Routing Operations ■ Monitoring RSVP Session Information on page 133 ■ Monitoring MPLS RSVP Interfaces Information on page 134 Monitoring MPLS Interfaces To view the interfaces on which MPLS is configured, select Monitor>MPLS>Interfaces, or enter the following CLI command: show mpls interface Table 64 on page 131 summarizes key output fields in the MPLS interface information display.
J-series™ Services Router Administration Guide Table 65: Summary of Key MPLS LSP Information Output Fields (continued) Field Values From Source (inbound router) of the session. State State of the path. It can be Up, Down, or AdminDn. Additional Information AdminDn indicates that the LSP is being taken down gracefully. Rt Number of active routes (prefixes) installed in the routing table. For inbound RSVP sessions, the routing table is the primary IPv4 table (inet.0).
Chapter 7: Monitoring the Router and Routing Operations Table 66: Summary of Key MPLS LSP Statistics Output Fields Field Values Additional Information Ingress LSP Information about LSPs on the inbound router. Each session has one line of output. Egress LSP Information about the LSPs on the outbound router. Each session has one line of output. MPLS learns this information by querying RSVP, which holds all the transit and outbound session information.
J-series™ Services Router Administration Guide Table 67: Summary of Key RSVP Session Information Output Fields (continued) Field Values Additional Information Transit LSP Information about transit RSVP sessions. MPLS learns this information by querying RSVP, which holds all the transit and outbound session information. To Destination (outbound router) of the session. From Source (inbound router) of the session. State State of the path: Up, Down, or AdminDn.
Chapter 7: Monitoring the Router and Routing Operations Table 68: Summary of Key RSVP Interfaces Information Output Fields (continued) Field Values Additional Information State State of the interface: Disabled—No traffic engineering information ■ is displayed. ■ Down—The interface is not operational. ■ Enabled—Displays traffic engineering information. Up—The interface is operational. ■ Active resv Number of reservations that are actively reserving bandwidth on the interface.
J-series™ Services Router Administration Guide Table 69: Summary of Key Service Set Output Fields Field Values Additional Information Service Set Summary Interface Name of the adaptive services interface on the Services Router—always sp-0/0/0. Service sets configured Total number of service sets configured on the Services Router. Bytes used Total number of general-purpose memory bytes being used by the service set configuration.
Chapter 7: Monitoring the Router and Routing Operations This section contains the following topics: ■ Monitoring Stateful Firewall Statistics on page 137 ■ Monitoring Stateful Firewall Filters on page 138 ■ Monitoring Firewall Intrusion Detection Services (IDS) on page 139 Monitoring Stateful Firewall Statistics To view stateful firewall filter statistics in the J-Web interface, select Monitor>Firewall>Statistics Summary.
J-series™ Services Router Administration Guide Table 70: Summary of Key Stateful Firewall Statistics Output Fields (continued) Field Values Errors Number of protocol errors detected: ■ IP—Number of IPv4 errors (for example, Minimum IP header length check failures). ■ TCP—Number of TCP errors (for example, Source or destination port number is zero). ■ UDP—Number of UDP errors (for example, IP data length less than minimum UDP header length (8 bytes)).
Chapter 7: Monitoring the Router and Routing Operations Table 71: Summary of Key Stateful Firewall Filters Output Fields (continued) Field Values Direction Direction of the flow: I (input) or O (output). Frames Number of frames in the flow. Monitoring Firewall Intrusion Detection Services (IDS) To view intrusion detection service (IDS) information for stateful firewall filters, select Monitor>Firewall>IDS Information.
J-series™ Services Router Administration Guide Table 73 on page 140 summarizes key output fields for stateful firewall filter intrusion detection. Table 73: Summary of Key Firewall IDS Output Fields Field Values Source Address Source address for the event. Destination address Destination address for the event. Time Total time the information has been in the IDS table. Bytes Total number of bytes sent from the source to the destination address, in thousands (k) or millions (m).
Chapter 7: Monitoring the Router and Routing Operations Table 74: Summary of Key IPSec Output Fields (continued) Field Values Remote Gateway Gateway address of the remote system. Direction Direction of the IPSec tunnel: Inbound or Outbound. Protocol Protocol supported: either Encapsulation Security Protocol (ESP) or Authentication Header and ESP (AH+ESP). Tunnel Index Numeric identifier of the IPSec tunnel. Tunnel Local Identity Prefix and port number of the local endpoint of the IPSec tunnel.
J-series™ Services Router Administration Guide Table 74: Summary of Key IPSec Output Fields (continued) Field Values Exchange Type Type of IKE exchange. The IKE exchange type determines the number of messages in the exchange and the payload types contained in each message. Each exchange type provides a particular set of security services, such as anonymity of the participants, perfect forward secrecy of the keying material, and authentication of the participants.
Chapter 7: Monitoring the Router and Routing Operations show services nat pool Table 75 on page 143 summarizes key output fields in NAT displays. Table 75: Summary of Key NAT Output Fields Field Values NAT Pools NAT Pool Name of the NAT pool. Pool Start Address Lower address in the NAT pool address range. Pool Address End Upper address in the NAT pool address range. Port High Upper port in the NAT pool port range. Port Low Lower port in the NAT pool port range.
J-series™ Services Router Administration Guide Table 76: Summary of DHCP Output Fields (continued) Field Values Additional Information Binding Type Type of binding assigned to the client: dynamic or static. DHCP servers can assign a dynamic binding from a pool of IP addresses or a static binding to one or more specific IP addresses. Lease Expires Date and time the lease expires, or never for leases that do not expire. DHCP Conflicts Detection Time Date and time the client detected the conflict.
Chapter 7: Monitoring the Router and Routing Operations Monitoring RPM Probes The RPM information includes the round-trip time, jitter, and standard deviation values for each configured RPM test on the Services Router. To view these RPM properties, select Monitor>RPM in the J-Web interface, or enter the following CLI show command: show services rpm probe-results In addition to the RPM statistics for each RPM test, the J-Web interface displays the round-trip times and cumulative jitter graphically.
J-series™ Services Router Administration Guide Table 77: Summary of Key RPM Output Fields (continued) Field Values Minimum RTT Shortest round-trip time from the Services Router to the remote server, as measured over the course of the test. Maximum RTT Longest round-trip time from the Services Router to the remote server, as measured over the course of the test. Average RTT Average round-trip time from the Services Router to the remote server, as measured over the course of the test.
Chapter 7: Monitoring the Router and Routing Operations Table 77: Summary of Key RPM Output Fields (continued) Field Values Additional Information Cumulative Jitter for a Probe Samples Total number of probes used for the data set. Earliest Sample System time when the first probe in the sample was received. Latest Sample System time when the last probe in the sample was received. Mean Value Average jitter for the 50–probe sample.
J-series™ Services Router Administration Guide For information about these CLI commands, see the JUNOS Interfaces Command Reference. Monitoring PPPoE The PPPoE monitoring information is displayed in multiple parts. To display the session status for PPPoE interfaces, cumulative statistics for all PPPoE interfaces on the Services Router, and the PPPoE version configured on the Services Router, select Monitor>PPPoE in the J-Web interface.
Chapter 7: Monitoring the Router and Routing Operations Table 78: Summary of Key PPPoE Output Fields (continued) Field Values Additional Information Service Name Type of service required from the access concentrator. Service Name identifies the type of service provided by the access concentrator, such as the name of the Internet service provider (ISP), class, or quality of service. Configured AC Name Configured access concentrator name. Session AC Names Name of the access concentrator.
J-series™ Services Router Administration Guide Table 78: Summary of Key PPPoE Output Fields (continued) Field Values Packet Type Packets sent and received during the PPPoE session, categorized by packet type and packet error: ■ PADI—PPPoE Active Discovery Initiation packets. ■ PADO—PPPoE Active Discovery Offer packets. ■ PADR—PPPoE Active Discovery Request packets. ■ PADS—PPPoE Active Discovery Session-Confirmation packets. ■ PADT—PPPoE Active Discovery Terminate packets.
Chapter 7: Monitoring the Router and Routing Operations Table 78: Summary of Key PPPoE Output Fields (continued) Field Values Additional Information PADI Resend Timeout Initial time, (in seconds) the Services Router waits to receive a PADO packet for the PADI packet sent—for example, 2 seconds. This timeout doubles for each successive PADI packet sent. The PPPoE Active Discovery Initiation (PADI) packet is sent to the access concentrator to initiate a PPPoE session.
J-series™ Services Router Administration Guide ■ show tgm dynamic-call-admission-control ■ show tgm fpc slot-number media-gateway-controller ■ show tgm fpc slot-number dsp-capacity ■ show tgm telephony-interace-module status Table 79 on page 152 summarizes key output fields in media gateway information displays.
Chapter 7: Monitoring the Router and Routing Operations Table 79: Summary of Key Media Gateway Information Output Fields (continued) Field Values DSP Capacity Number of voice channels in the low-capacity DSP.
J-series™ Services Router Administration Guide 154 ■ Using the Monitoring Tools
Chapter 8 Monitoring Events and Managing System Log Files J-series Services Routers support configuring and monitoring of system log messages (also called syslog messages). You can configure files to log system messages and also assign attributes, such as severity levels, to messages. The View Events page on the J-Web interface enables you to filter and view system log messages. This chapter contains the following topics.
J-series™ Services Router Administration Guide Table 80: System Log Message Terms (continued) Term Definition priority Combination of the facility and severity level of a system log message. By default, priority information is not included in system log messages, but you can configure the JUNOS software to include it. For more information, see the JUNOS System Log Messages Reference. See also facility; severity level.
Chapter 8: Monitoring Events and Managing System Log Files The JUNOS system logging utility is similar to the UNIX syslogd utility. Each system log message identifies the software process that generated the message and briefly describes the operation or error that occurred. Reboot requests are recorded to the system log files, which you can view with the show log command. Also, you can view the names of any processes running on your system with the show system processes command.
J-series™ Services Router Administration Guide Table 81: System Logging Facilities (continued) Facility Description interactive-commands Commands executed in the CLI kernel Messages generated by the JUNOS kernel user Messages from random user processes Table 82: System Logging Severity Levels Severity Level (from Highest to Lowest Severity) Description emergency System panic or other conditions that cause the routing platform to stop functioning.
Chapter 8: Monitoring Events and Managing System Log Files Table 83: Common Regular Expression Operators and the Terms They Match Regular Expression Operator Matching Terms . (period) One instance of any character except the space. For example, .in matches messages with win or windows. Zero or more instances of the immediately preceding term. * (asterisk) For example, tre* matches messages with tree, tread or trough. One or more instances of the immediately preceding term.
J-series™ Services Router Administration Guide Configuring System Log Messages with a Configuration Editor This section contains the following topics: ■ Sending System Log Messages to a File on page 160 ■ Sending System Log Messages to a User Terminal on page 161 ■ Archiving System Logs on page 161 ■ Disabling System Logs on page 162 Sending System Log Messages to a File You can direct system log messages to a file on the compact flash. The default directory for log files is /var/log.
Chapter 8: Monitoring Events and Managing System Log Files Sending System Log Messages to a User Terminal To direct system log messages to the terminal session of one or more specific users (or all users) when they are logged into the local Routing Engine, specify one or more JUNOS usernames. Separate multiple values with spaces, or use the asterisk (*) to indicate all users who are logged into the local Routing Engine.
J-series™ Services Router Administration Guide and permissions for the specified log file. For configuration details, see the information about archiving log files in the JUNOS System Basics Configuration Guide. Disabling System Logs To disable logging of the messages from a facility, use the facility none configuration statement. This statement is useful when, for example, you want to log messages of the same severity level from all but a few facilities.
Chapter 8: Monitoring Events and Managing System Log Files Table 86: Filtering System Log Messages (continued) Field Function Your Action Event ID Specifies the Event ID for which you want to display the messages. To specify events with a specific ID, type its partial or complete ID—for example, TFTPD_AF_ERR. Allows you to type part of the ID and completes the remaining automatically. An event ID, also known as system log message code, uniquely identifies a system log message.
J-series™ Services Router Administration Guide Viewing System Log Messages By default, the View Events page displays the most recent 25 events, with severity levels highlighted in different colors. After you specify the filters, Event Summary displays the events matching the specified filters. Click First, Next, Prev, and Last links to navigate through messages. Table 87 on page 164 describes the Event Summary fields.
Chapter 9 Configuring and Monitoring Alarms Alarms on a J-series Services Router alert you to conditions on a network interface, on the router chassis, or in the system software that might prevent the router from operating normally. You can set the conditions that trigger alarms on an interface. Chassis and system alarm conditions are preset. An active alarm lights the ALARM LED on the front panel of the router. You can monitor active alarms from the J-Web interface or the CLI.
J-series™ Services Router Administration Guide Table 88: Alarm Terms (continued) Term Definition interface alarm Alarm triggered by the state of a physical link on a fixed or installed Physical Interface Module (PIM), such as a link failure or a missing signal.
Chapter 9: Configuring and Monitoring Alarms Alarm Severity Alarms on a Services Router have two severity levels: ■ ■ Major (red)—Indicates a critical situation on the router that has resulted from one of the following conditions. A red alarm condition requires immediate action. ■ One or more hardware components have failed. ■ One or more hardware components have exceeded temperature thresholds. ■ An alarm condition configured on an interface has triggered a critical warning.
J-series™ Services Router Administration Guide Table 89: Interface Alarm Conditions Interface Alarm Condition Description Configuration Option DS1 (T1) Alarm indication signal The normal T1 traffic signal contained a defect condition and has been replaced by the AIS. A transmission interruption occurred at the remote endpoint or upstream of the remote endpoint. This all-ones signal is transmitted to prevent consequential downstream failures or alarms.
Chapter 9: Configuring and Monitoring Alarms Table 89: Interface Alarm Conditions (continued) Interface Alarm Condition Description Configuration Option Services Services module hardware down A hardware problem has occurred on the Services Router's services module. This error typically means that one or more of the CPUs on the module has failed. hw-down Services link down The link between the Services Router and its services module is unavailable.
J-series™ Services Router Administration Guide Table 89: Interface Alarm Conditions (continued) Interface Alarm Condition Description Configuration Option T3 (DS3) Alarm indication signal The normal T3 traffic signal contained a defect condition and has been replaced by the AIS. A transmission interruption occurred at the remote endpoint or upstream of the remote endpoint. This all-ones signal is transmitted to prevent consequential downstream failures or alarms.
Chapter 9: Configuring and Monitoring Alarms Table 90: Chassis Alarm Conditions and Corrective Actions Component Alarm Conditions Corrective Action Alarm Severity Alternative boot media The Services Router boots from an alternative boot device. Typically, the router boots from the internal compact flash. If you configured your router to boot from an alternative boot device, ignore this alarm condition.
J-series™ Services Router Administration Guide System Alarm Conditions and Corrective Actions Table 91 on page 172 lists the two preset system alarms, the condition that triggers each alarm, and the action you take to correct the condition. Table 91: System Alarm Conditions and Corrective Actions Alarm Type Alarm Condition Corrective Action Configuration The rescue configuration is not set. Set the rescue configuration.
Chapter 9: Configuring and Monitoring Alarms Table 92: Configuring Interface Alarms Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Alarm level in the configuration hierarchy. 1. From the [edit] hierarchy level, enter Configure the system to generate a red interface alarm when a Yellow alarm is detected on a T1 (DS1) link. Configure the system to generate a red interface alarm when a link down failure is detected on an Ethernet link.
J-series™ Services Router Administration Guide Table 92: Configuring Interface Alarms (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure the system to display active system alarms whenever a user with the login class admin logs in to the router. 1. On the main Configuration page next to System, click Configure or Edit. 1. 2. Next to Login, click Configure or Edit. 2. 3. In the Class field, click Add new entry. 4. In the Class name field, type admin. 5.
Chapter 9: Configuring and Monitoring Alarms Table 93: Summary of Key Alarm Output Fields (continued) Field Values Additional Information Received at Date and time when the alarm condition was detected. Severity Alarm severity—either major (red) or minor (yellow). A major (red) alarm condition requires immediate action. A minor (yellow) condition requires monitoring or maintenance. Subject Brief synopsis of the alarm. Clicking the alarm subject displays a detailed alarm message.
J-series™ Services Router Administration Guide exz yellow; los red; ylw red; } ds1 { ylw red; } ethernet { link-down red; } serial { loss-of-rx-clock red; loss-of-tx-clock red; dcd-absent yellow; cts-absent yellow; } Meaning Related Topics 176 ■ The sample output in this section displays the following alarm settings (in order). Verify that the output shows the intended configuration of the alarms.
Part 3 Managing Services Router Software ■ Performing Software Upgrades and Reboots on page 179 ■ Managing Files on page 199 Managing Services Router Software ■ 177
J-series™ Services Router Administration Guide 178 ■ Managing Services Router Software
Chapter 10 Performing Software Upgrades and Reboots A J-series Services Router is delivered with the JUNOS software preinstalled. When you power on the router, it starts (boots) up using its primary boot device. All Services Routers support a secondary boot device that allows you to back up your primary boot device and configuration. As new features and software fixes become available, you must upgrade your software to use them. Before an upgrade, we recommend that you back up your primary boot device.
J-series™ Services Router Administration Guide J-Web interface or the CLI to upgrade, the router downloads the software image, decompresses the image, and installs the decompressed software. Finally, you reboot the router, at which time it boots from the upgraded software. All JUNOS software is delivered in signed packages that contain digital signatures, Secure Hash Algorithm (SHA-1) checksums, and Message Digest 5 (MD5) checksums.
Chapter 10: Performing Software Upgrades and Reboots ■ 512 MB ■ 1024 MB Compact flash cards with 128 MB storage capacity are not supported. A sample J-series recovery software package name is junos-jseries-9.0R1-export-cf256.gz. Before You Begin To download software upgrades, you must have a Juniper Networks Web account and a valid support contract. To obtain an account, complete the registration form at the Juniper Networks Web site: https://www.juniper.net/registration/Register.jsp.
J-series™ Services Router Administration Guide 1. Using a Web browser, follow the links to the download URL on the Juniper Networks Web page. Depending on your location, select either Canada and U.S. Version or Worldwide Version: ■ https://www.juniper.net/support/csc/swdist-domestic/ ■ https://www.juniper.net/support/csc/swdist-ww/ 2. Log in to the Juniper Networks Web site using the username (generally your e-mail address) and password supplied by Juniper Networks representatives. 3.
Chapter 10: Performing Software Upgrades and Reboots Table 95: Install Remote Summary Field Function Your Action Package Location (required) Specifies the FTP or HTTP server, file path, and software package name. Type the full address of the software package location on the FTP or HTTP server—one of the following: ftp://hostname/pathname/package-name http://hostname/pathname/package-name User Specifies the username, if the server requires one. Type the username.
J-series™ Services Router Administration Guide Installing Software Upgrades with the CLI To install software upgrades on a router with the CLI: 1. If your router has 256 MB of flash memory and 256 MB of RAM, see the special instructions in the J-series Services Router Release Notes. 2. Download the software package as described in “Downloading Software Upgrades from Juniper Networks” on page 181. 3.
Chapter 10: Performing Software Upgrades and Reboots Downgrading the Software When you upgrade the JUNOS software, the router creates a backup image of the software that was previously installed, as well as installs the requested software upgrade. To downgrade the software, you can use the backup image of the software that was previously installed, which is saved on the router. If you revert to the previous image, this backup image is used, and the image of the running software is deleted.
J-series™ Services Router Administration Guide router. To downgrade to an earlier version of software, follow the procedure for upgrading, using the JUNOS software image labeled with the appropriate release. To downgrade software with the CLI: 1. Enter the request system software rollback command to return to the previous JUNOS software version: user@host> request system software rollback The previous software version is now ready to become active when you next reboot the router. 2.
Chapter 10: Performing Software Upgrades and Reboots Figure 16 on page 187 shows the Snapshot page. Figure 16: Snapshot Page ERROR: Unresolved graphic fileref="s020261.gif" not found in "\\teamsite1\default\main\TechPubsWorkInProgress\STAGING\images\". To create a boot device: 1. In the J-Web interface, select Manage>Snapshot. 2. On the Snapshot page, enter information into the fields described in Table 97 on page 187. 3. Click Snapshot. 4. Click OK.
J-series™ Services Router Administration Guide Table 97: Snapshot Summary (continued) Field Function Your Action As Primary Media On an external compact flash or USB storage device only, creates a snapshot for use as the primary boot medium. To create a boot medium to use in the internal compact flash only, select the check box. Use this feature to replace the medium in the internal compact flash slot or to replicate it for use in another Services Router. This process also partitions the boot medium.
Chapter 10: Performing Software Upgrades and Reboots Configuring a Boot Device for Backup with the CLI Use the request system snapshot CLI command to create a boot device for the Services Router on an alternate medium, to replace the primary boot device or serve as a backup.
J-series™ Services Router Administration Guide Table 98: CLI request system snapshot Command Options (continued) Option Description partition Partitions the medium. This option is usually necessary for boot devices that do not have software already installed on them. root-size size Specifies the size of the root partition, in megabytes. The default value is the boot device's physical memory minus the config, data, and swap partitions.
Chapter 10: Performing Software Upgrades and Reboots Table 99: CLI set system dump-device Command Options Option Description boot-device Uses whatever device was booted from as the system software failure memory snapshot device. compact-flash Uses the internal compact flash as the system software failure memory snapshot device. removable-compact-flash Uses the compact flash on the front of the router (J4300 and J6300 only) as the system software failure memory snapshot device.
J-series™ Services Router Administration Guide CAUTION: This procedure does not recover any router configuration files. After you reinstall the JUNOS software, all the information on the original internal compact flash is lost. Recommended Recovery Hardware and Software Before configuring compact flash recovery, assemble the equipment and software listed in Table 100 on page 192.
Chapter 10: Performing Software Upgrades and Reboots Recovery software packages are available from the same location as J-series upgrade software packages. (See “Downloading Software Upgrades from Juniper Networks” on page 181.) To recover an internal compact flash: 1. Plug the compact flash into a PCMCIA adapter or USB card reader. 2. Plug the PCMCIA adapter or USB card reader into the host PC and verify that the compact flash is recognized by the operating system. 3.
J-series™ Services Router Administration Guide WARNING: that disk is larger than 800 MB! Make sure you're not accidentally overwriting your primary hard disk! Proceeding on your own risk... About to overwrite the contents of disk 1 with new data. Proceed? (y/n) y 511451136/511451136 bytes written in total NOTE: The copy process can take several minutes. After copying the software package to the compact flash, you can use it as the internal compact flash in any J-series Services Router.
Chapter 10: Performing Software Upgrades and Reboots 3. Choose the boot device from the Reboot from media list: ■ compact-flash—Reboots from the internal compact flash. This selection is the default choice. ■ removable-compact-flash—Reboots from the optional external compact flash. This selection is available on J2320, J2350, J4300, and J6300 Services Routers only. ■ usb—Reboots from the USB storage device. 4.
J-series™ Services Router Administration Guide Table 101: CLI Request System Reboot Command Options (continued) Option Description at time Specifies the time at which to reboot the router. You can specify time in one of the following ways: ■ now—Reboots the router immediately. This is the default. ■ +minutes—Reboots the router in the number of minutes from now that you specify. ■ yymmddhhmm—Reboots the router at the absolute time on the date you specify.
Chapter 10: Performing Software Upgrades and Reboots Table 102: CLI Request System Halt Command Options (continued) Option Description at time Time at which to stop the software processes on the router. You can specify time in one of the following ways: ■ now—Stops the software processes immediately. This is the default. ■ +minutes—Stops the software processes in the number of minutes from now that you specify. ■ yymmddhhmm—Stops the software processes at the absolute time you specify.
J-series™ Services Router Administration Guide 198 ■ Rebooting or Halting a Services Router
Chapter 11 Managing Files You can use the J-Web interface to perform routine file management operations such as archiving log files and deleting unused log files, cleaning up temporary files and crash files, and downloading log files from the routing platform to your computer. You can also encrypt the configuration files with the CLI configuration editor to prevent unauthorized users from viewing sensitive configuration information. This chapter contains the following topics.
J-series™ Services Router Administration Guide ■ Rotates log files—All information in the current log files is archived, old archives are deleted, and fresh log files are created. ■ Deletes log files in /var/log—Any files that are not currently being written to are deleted. ■ Deletes temporary files in /var/tmp—Any files that have not been accessed within two days are deleted. ■ Deletes all crash files in /var/crash—Any core files that the router has written during an error are deleted.
Chapter 11: Managing Files ■ Log Files—Lists the log files located in the /var/log directory on the router. ■ Temporary Files—Lists the temporary files located in the /var/tmp directory on the router. ■ Old JUNOS Software—Lists the software images (*.tgz files) in the /var/sw/pkg directory on the router. ■ Crash (Core) Files—Lists the core files located in the /var/crash directory on the router. The J-Web interface displays the files located in the directory. 3.
J-series™ Services Router Administration Guide ■ Rotates log files—All information in the current log files is archived, old archives are deleted, and fresh log files are created. ■ Deletes log files in /var/log—Any files that are not currently being written to are deleted. ■ Deletes temporary files in /var/tmp—Any files that have not been accessed within two days are deleted. ■ Deletes all crash files in /var/crash—Any core files that the router has written during an error are deleted.
Chapter 11: Managing Files user@host> set file filename nonpersistent For more information about the nonpersistent option, see the JUNOS Network Management Configuration Guide. CAUTION: If log files for accounting data are stored on DRAM, these files are lost when the router reboots. Therefore, we recommend that you back up these files periodically. Encrypting and Decrypting Configuration Files Configuration files contain sensitive information such as IP addresses.
J-series™ Services Router Administration Guide Encrypting Configuration Files To encrypt configuration files on a Services Router: 1. Enter operational mode in the CLI. 2. To configure an encryption key in EEPROM and determine the encryption process, enter one of the request system set-encryption-key commands described in Table 103 on page 204.
Chapter 11: Managing Files user@host# set encrypt-configuration-files 7. To begin the encryption process, commit the configuration. user@host# commit commit complete Decrypting Configuration Files To disable the encryption of configuration files on a Services Router and make them readable to all: 1. Enter operational mode in the CLI. 2.
J-series™ Services Router Administration Guide To modify the encryption key: 1. Enter operational mode in the CLI. 2. To configure a new encryption key in EEPROM and determine the encryption process, enter one of the request system set-encryption-key commands described in Table 103 on page 204. For example: user@host> request system set-encryption-key Enter EEPROM stored encryption key: 3. At the prompt, enter the new encryption key. The encryption key must have at least 6 characters.
Part 4 Diagnosing Performance and Network Problems ■ Using Services Router Diagnostic Tools on page 209 ■ Configuring Packet Capture on page 253 ■ Configuring RPM Probes on page 267 Diagnosing Performance and Network Problems ■ 207
J-series™ Services Router Administration Guide 208 ■ Diagnosing Performance and Network Problems
Chapter 12 Using Services Router Diagnostic Tools J-series Services Routers support a suite of J-Web tools and CLI operational mode commands for evaluating system health and performance. Diagnostic tools and commands test the connectivity and reachability of hosts in the network. This chapter contains the following topics.
J-series™ Services Router Administration Guide Table 104: J-series Diagnostic Terms (continued) Term Definition strict source routing Option in the IP header used to route a packet based on information supplied by the source. A gateway or host must route the packet exactly as specified by this information. time to live (TTL) Value (octet) in the IP header that is (usually) decremented by 1 for each hop the packet passes through.
Chapter 12: Using Services Router Diagnostic Tools Table 105: J-Web Interface Diagnose and Manage Options (continued) Option Function Traceroute Allows you to trace a route between the Services Router and a remote host. You can configure advanced options for the traceroute operation. For details, see “Tracing Unicast Routes from the J-Web Interface” on page 223. Packet Capture Allows you to capture and analyze router control traffic.
J-series™ Services Router Administration Guide Table 106: CLI Diagnostic Command Summary Command Function Controlling the CLI Environment Configures the CLI display. set option Diagnosis and Troubleshooting clear Clears statistics and protocol database information. mtrace Traces information about multicast paths from source to receiver. For details, see “Tracing Multicast Routes from the CLI” on page 240.
Chapter 12: Using Services Router Diagnostic Tools Table 106: CLI Diagnostic Command Summary (continued) Command Function start Exits the CLI and starts a UNIX shell. configuration Enters configuration mode. For details, see the Getting Started Guide for your router. Exits the CLI and returns to the UNIX shell.
J-series™ Services Router Administration Guide Table 107: Options for Checking MPLS Connections (continued) J-Web Ping MPLS Tool ping mpls Command Purpose Additional Information Ping LDP-signaled LSP ping mpls ldp Checks the operability of an LSP that has been set up by the Label Distribution Protocol (LDP). The Services Router pings a particular LSP using the forwarding equivalence class (FEC) prefix and length.
Chapter 12: Using Services Router Diagnostic Tools Before You Begin This section includes the following topics: ■ General Preparation on page 215 ■ Ping MPLS Preparation on page 215 General Preparation To use the J-Web interface and CLI operational tools, you must have the appropriate access privileges. For more information about configuring access privilege levels, see “Adding New Users” on page 11 and the JUNOS System Basics Configuration Guide.
J-series™ Services Router Administration Guide Pinging Hosts from the J-Web Interface This section contains the following topics: ■ Using the J-Web Ping Host Tool on page 216 ■ Ping Host Results and Output Summary on page 218 Using the J-Web Ping Host Tool You can ping a host to verify that the host can be reached over the network. The output is useful for diagnosing host and network connectivity problems.
Chapter 12: Using Services Router Diagnostic Tools Table 108: J-Web Ping Host Field Summary (continued) Field Function Your Action Don't Resolve Addresses Determines whether to display hostnames of the hops along the path. ■ To suppress the display of the hop hostnames, select the check box. ■ To display the hop hostnames, clear the check box. Interface Specifies the interface on which the ping requests are sent. From the list, select the interface on which ping requests are sent.
J-series™ Services Router Administration Guide Ping Host Results and Output Summary Table 109 on page 218 summarizes the output in the ping host display. If the Services Router receives no ping responses from the destination host, review the list after Table 109 on page 218 for a possible explanation.
Chapter 12: Using Services Router Diagnostic Tools For more information about ICMP, see RFC 792, Internet Control Message Protocol. Checking MPLS Connections from the J-Web Interface Use the J-Web ping MPLS diagnostic tool to diagnose the state of label-switched paths (LSPs), Layer 2 and Layer 3 VPNs, and Layer 2 circuits. Alternatively, you can use the CLI commands ping mpls, ping mpls l2circuit, ping mpls l2vpn, and ping mpls l3vpn. For more information, see “Pinging Hosts from the CLI” on page 230.
J-series™ Services Router Administration Guide Table 110: J-Web Ping MPLS Field Summary (continued) Field Function Your Action Source Address Specifies the source address of the ping request packet. Type the source IP address—a valid address configured on a Services Router interface. Count Specifies the number of ping requests to send. From the list, select the number of ping requests to send. The default is 5 requests.
Chapter 12: Using Services Router Diagnostic Tools Table 110: J-Web Ping MPLS Field Summary (continued) Field Function Your Action Instance to which this connection belongs Layer 2VPN Name Identifies the Layer 2 VPN to ping. Type the name of the VPN to ping. Remote Site Identifier Specifies the remote site identifier of the Layer 2 VPN to ping. Type the remote site identifier for the VPN. Source Address Specifies the source address of the ping request packet.
J-series™ Services Router Administration Guide Table 110: J-Web Ping MPLS Field Summary (continued) Field Function Your Action Source Address Specifies the source address of the ping request packet. Type the source IP address—a valid address configured on a Services Router interface. Count Specifies the number of ping requests to send. From the list, select the number of ping requests to send. Detailed Output Requests the display of extensive rather than brief ping output.
Chapter 12: Using Services Router Diagnostic Tools ■ The host is not operational. ■ There are network connectivity problems between the Services Router and the host. ■ The host might be configured to ignore echo requests. ■ The host might be configured with a firewall filter that blocks echo requests or echo responses. ■ The size of the echo request packet exceeds the MTU of a host along the path. ■ The outbound node at the remote endpoint is not configured to handle MPLS packets.
J-series™ Services Router Administration Guide The Services Router sends a total of three traceroute packets to each router along the path and displays the round-trip time for each traceroute operation. If the Services Router times out before receiving a Time Exceeded message, an asterisk (*) is displayed for that round-trip time. Table 113 on page 225 summarizes the output fields of the display. 5.
Chapter 12: Using Services Router Diagnostic Tools Table 112: Traceroute Field Summary (continued) Field Function Your Action Resolve AS Numbers Determines whether the autonomous system (AS) number of each intermediate hop between the router and the destination host is displayed. ■ To display the AS numbers, select the check box. ■ To suppress the display of the AS numbers, clear the check box.
J-series™ Services Router Administration Guide For more information about ICMP, see RFC 792, Internet Control Message Protocol. Capturing and Viewing Packets with the J-Web Interface You can use the J-Web packet capture diagnostic tool when you need to quickly capture and analyze router control traffic on a Services Router. Packet capture on the J-Web interface allows you to capture traffic destined for or originating from the Routing Engine.
Chapter 12: Using Services Router Diagnostic Tools ■ To stop capturing packets and return to the Packet Capture page, click OK. Figure 24: Packet Capture Page ERROR: Unresolved graphic fileref="s020267.gif" not found in "\\teamsite1\default\main\TechPubsWorkInProgress\STAGING\images\". Table 114: Packet Capture Field Summary Field Function Your Action Interface Specifies the interface on which the packets are captured. From the list, select an interface—for example, ge-0/0/0.
J-series™ Services Router Administration Guide Table 114: Packet Capture Field Summary (continued) Field Function Your Action Absolute TCP Sequence Specifies that absolute TCP sequence numbers are to be displayed for the packet headers. ■ To display absolute TCP sequence numbers in the packet headers, select this check box. ■ To stop displaying absolute TCP sequence numbers in the packet headers, clear this check box.
Chapter 12: Using Services Router Diagnostic Tools Table 114: Packet Capture Field Summary (continued) Field Function Your Action Write Packet Capture File Writes the captured packets to a file in PCAP format in /var/tmp. The files are named with the prefix jweb-pcap and the extension .pcap. ■ To save the captured packet headers to a file, select this check box. ■ To decode and display the packet headers on the J-Web page, clear this check box.
J-series™ Services Router Administration Guide Table 115: J-Web Packet Capture Results and Output Summary (continued) Field Description data size Size of the packet (in bytes). Using CLI Diagnostic Commands Because the CLI is a superset of the J-Web interface, you can perform certain tasks only through the CLI. For an overview of the CLI operational mode commands, along with instructions for filtering command output, see “CLI Diagnostic Commands Overview” on page 211.
Chapter 12: Using Services Router Diagnostic Tools Table 116: CLI ping Command Options (continued) Option Description interface source-interface (Optional) Sends the ping requests on the interface you specify. If you do not include this option, ping requests are sent on all interfaces. bypass-routing (Optional) Bypasses the routing tables and sends the ping requests only to hosts on directly attached interfaces. If the host is not on a directly attached interface, an error message is returned.
J-series™ Services Router Administration Guide Table 116: CLI ping Command Options (continued) Option Description ttl number (Optional) Sets the time-to-live (TTL) value for the ping request packet. Specify a value from 0 through 255. wait seconds (Optional) Sets the maximum time to wait after sending the last ping request packet. If you do not specify this option, the default delay is 10 seconds. If you use this option without the count option, the Services Router uses a default count of 5 packets.
Chapter 12: Using Services Router Diagnostic Tools The ping mpls commands diagnose the connectivity of MPLS and VPN networks in the following ways: ■ Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs on page 233 ■ Pinging Layer 3 VPNs on page 234 ■ Pinging Layer 2 VPNs on page 235 ■ Pinging Layer 2 Circuits on page 236 Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs Enter the ping mpls command with the following syntax. Table 117 on page 233 describes the ping mpls command options.
J-series™ Services Router Administration Guide The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool. For information, see “Ping MPLS Results and Output” on page 222. Pinging Layer 3 VPNs Enter the ping mpls l3vpn command with the following syntax. Table 118 on page 234 describes the ping mpls l3vpn command options.
Chapter 12: Using Services Router Diagnostic Tools Pinging Layer 2 VPNs Enter the ping mpls l2vpn command with the following syntax. Table 119 on page 235 describes the ping mpls l2vpn command options. user@host> ping mpls l2vpn interface interface-name | instance l2vpn-instance-name local-site-id local-site-id-number remote-site-id remote-site-id-number To quit the ping mpls l2vpn command, press Ctrl-C.
J-series™ Services Router Administration Guide Reply for seq 5, return code: Egress-ok --- lsping statistics --5 packets transmitted, 5 packets received, 0% packet loss The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool. For information, see “Ping MPLS Results and Output” on page 222. Pinging Layer 2 Circuits Enter the ping mpls l2circuit command with the following syntax. Table 120 on page 236 describes the ping mpls l2circuit command options.
Chapter 12: Using Services Router Diagnostic Tools Tracing Unicast Routes from the CLI Use the CLI traceroute command to display a list of routers between the Services Router and a specified destination host. This command is useful for diagnosing a point of failure in the path from the Services Router to the destination host, and addressing network traffic latency and throughput problems.
J-series™ Services Router Administration Guide Table 121: CLI traceroute Command Options (continued) Option Description bypass-routing (Optional) Bypasses the routing tables and sends the traceroute packets only to hosts on directly attached interfaces. If the host is not on a directly attached interface, an error message is returned. Use this option to display a route to a local system through an interface that has no route through it.
Chapter 12: Using Services Router Diagnostic Tools To quit the traceroute monitor command, press Q. Table 122: CLI traceroute monitor Command Options Option Description host Sends traceroute packets to the hostname or IP address you specify. count number (Optional) Limits the number of ping requests, in packets, to send in summary mode. If you do not specify a count, ping requests are continuously sent until you press Q. inet (Optional) Forces the traceroute packets to an IPv4 destination.
J-series™ Services Router Administration Guide Table 123: CLI traceroute monitor Command Output Summary Field Description host Hostname or IP address of the Services Router issuing the traceroute monitor command. psizesize Size of ping request packet, in bytes. Keys Displays the help for the CLI commands. Help Press H to display the help. Display mode Toggles the display mode. Press D to toggle the display mode Restart statistics Restarts the traceroute monitor command.
Chapter 12: Using Services Router Diagnostic Tools the Services Router. The mtrace monitor command monitors and displays multicast trace operations. This section contains the following topics. For more information about mtrace commands, see the JUNOS System Basics and Services Command Reference.
J-series™ Services Router Administration Guide Table 124: CLI mtrace from-source Command Options (continued) Option Description multicast-response (Optional) Forces the responses to use multicast. unicast-response (Optional) Forces the response packets to use unicast. no-resolve (Optional) Does not display hostnames. no-router-alert (Optional) Does not use the router alert IP option in the IP header. brief (Optional) Does not display packet rates and losses.
Chapter 12: Using Services Router Diagnostic Tools Table 125: CLI mtrace from-source Command Output Summary Field Description hop-number Number of the hop (router) along the path. host Hostname, if available, or IP address of the router. If the no-resolve option was entered in the command, the hostname is not displayed. ip-address IP address of the router. protocol Protocol used. ttl TTL threshold.
J-series™ Services Router Administration Guide This example displays only mtrace queries. When the Services Router captures an mtrace response, the display is similar, but the complete mtrace response is also displayed—exactly as it is displayed in mtrace from-source command output. Table 126 on page 244 summarizes the output fields of the display.
Chapter 12: Using Services Router Diagnostic Tools Monitoring Interfaces and Traffic from the CLI This section contains the following topics: ■ Using the monitor interface Command on page 245 ■ Using the monitor traffic Command on page 246 Using the monitor interface Command Use the CLI monitor interface command to display real-time traffic, error, alarm, and filter statistics about a physical or logical interface.
J-series™ Services Router Administration Guide Table 128: CLI monitor interface traffic Output Control Keys (continued) Key Action d Displays the Delta column instead of the rate column—in bps or packets per second (pps). p Displays the statistics in units of packets and packets per second (pps). q or ESC Quits the command and returns to the command prompt. r Displays the rate column—in bps and pps—instead of the Delta column.
Chapter 12: Using Services Router Diagnostic Tools Enter the monitor traffic command with the following syntax. Table 129 on page 247 describes the monitor traffic command options.
J-series™ Services Router Administration Guide Table 129: CLI monitor traffic Command Options (continued) Option Description brief (Optional) Displays minimum packet header information. This is the default. detail (Optional) Displays packet header information in moderate detail. For some protocols, you must also use the size option to see detailed information. extensive (Optional) Displays the most extensive level of packet header information.
Chapter 12: Using Services Router Diagnostic Tools Table 130: CLI monitor traffic Match Conditions (continued) Match Condition Description host [address | hostname] Matches packet headers that contain the specified address or hostname. You can preprend any of the following protocol match conditions, followed by a space, to host: arp, ip, rarp, or any of the Directional match conditions.
J-series™ Services Router Administration Guide Table 130: CLI monitor traffic Match Conditions (continued) Match Condition Description tcp Matches all TCP packets. udp Matches all UDP packets. Table 131: CLI monitor traffic Logical Operators Logical Operator Description ! Logical NOT. If the first condition does not match, the next condition is evaluated. && Logical AND. If the first condition matches, the next condition is evaluated.
Chapter 12: Using Services Router Diagnostic Tools Table 132: CLI monitor traffic Arithmetic, Binary, and Relational Operators (continued) Operator Description != A match occurs if the first expression is not equal to the second. Following is sample output from the monitor traffic command: user@host> monitor traffic count 4 matching “arp” detail Listening on fe-0/0/0, capture size 96 bytes 15:04:16.276780 15:04:16.376848 15:04:16.376887 15:04:16.
J-series™ Services Router Administration Guide 252 ■ Using CLI Diagnostic Commands
Chapter 13 Configuring Packet Capture Packet capture is a tool that helps you to analyze network traffic and troubleshoot network problems. On a J-series Services Router, the packet capture tool captures real-time data packets traveling over the network, for monitoring and logging. Packets are captured as binary data, without modification. You can read the packet information offline with a packet analyzer such as Ethereal or tcpdump.
J-series™ Services Router Administration Guide Table 133: Packet Capture Terms Term Definition interface sampling Packet sampling method used by packet capture, in which entire IPv4 packets flowing in the input or output direction, or both directions, are captured for analysis. libpcap An implementation of the pcap application programming interface. libpcap may be used by a program to capture packets traveling over a network. packet capture 1.
Chapter 13: Configuring Packet Capture NOTE: You can enable packet capture and port mirroring simultaneously on a Services Router. For more information about traffic sampling, see the JUNOS Policy Framework Configuration Guide.
J-series™ Services Router Administration Guide the performance of the Services Router. You can control the number of packets captured on an interface with firewall filters and specify various criteria to capture packets for specific traffic flows. You must also configure and apply appropriate firewall filters on the interface if you need to capture packets generated by the host router, because interface sampling does not capture packets originating from the host router.
Chapter 13: Configuring Packet Capture For more details about analyzing packet capture files, see Verifying Captured Packets on page 264. Before You Begin Before you begin configuring packet capture, complete the following tasks: ■ Establish basic connectivity. See the Getting Started Guide for your router. ■ Configure network interfaces. See the J-series Services Router Basic LAN and WAN Access Configuration Guide.
J-series™ Services Router Administration Guide Table 134: Enabling Packet Capture Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Forwarding options level in the configuration hierarchy. 1. From the [edit] hierarchy level, enter In the J-Web interface, select Configuration>View and Edit>Edit Configuration. 2. Next to Forwarding options, click Configure or Edit. 3. Next to Scripts, click Configure or Edit. 4. Next to Commits, click Configure or Edit.
Chapter 13: Configuring Packet Capture Configuring Packet Capture on an Interface (Required) To capture all transit and host-bound packets on an interface and specify the direction of the traffic to capture—inbound, outbound, or both: 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 135 on page 259. 3. If you are finished configuring the router, commit the configuration. 4.
J-series™ Services Router Administration Guide 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 136 on page 260. 3. If you are finished configuring the router, commit the configuration. 4. To check the configuration, see “Verifying Packet Capture” on page 263.
Chapter 13: Configuring Packet Capture NOTE: If you apply a firewall filter on the loopback interface, it affects all traffic to and from the Routing Engine. If the firewall filter has a sample action, packets to and from the Routing Engine are sampled. If packet capture is enabled, then packets to and from the Routing Engine are captured in the files created for the input and output interfaces.
J-series™ Services Router Administration Guide To delete a packet capture file: 1. Disable packet capture following the steps in “Disabling Packet Capture” on page 261. 2. Using the CLI, delete the packet capture file for the interface: a. From CLI operational mode, access the local UNIX shell: user@host> start shell % b. Navigate to the directory where packet capture files are stored: % cd /var/tmp % c. Delete the packet capture file for the interface—for example, pcap-file.fe.0.0.
Chapter 13: Configuring Packet Capture user@host> start shell % b. Navigate to the directory where packet capture files are stored: % cd /var/tmp % c. Rename the latest packet capture file for the interface on which you are changing the encapsulation—for example, fe.0.0.0: % mv pcap-file.fe.0.0.0 pcap-file.fe.0.0.0.chdsl % d. Return to the CLI operational mode: % exit user@host> 4. Change the encapsulation on the interface using the J-Web or CLI configuration editor.
J-series™ Services Router Administration Guide } Meaning Verify that the output shows the intended file configuration for capturing packets. Related Topics For more information about the format of a configuration file, see the information about viewing configuration text in the J-series Services Router Basic LAN and WAN Access Configuration Guide. Displaying a Firewall Filter for Packet Capture Configuration Purpose Action Verify the firewall filter for packet capture configuration.
Chapter 13: Configuring Packet Capture Name (tools-server:user):remoteuser 331 Password required for remoteuser. Password: 230 User remoteuser logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> 2. Navigate to the directory where packet capture files are stored on the router: ftp> lcd /var/tmp Local directory now /cf/var/tmp 3. Copy the packet capture file that you want to analyze—for example, 126b.fe-0.0.1, to the server: ftp> put 126b.fe-0.0.1 local: 126b.fe-0.0.
J-series™ Services Router Administration Guide Meaning 266 ■ Verify that the output shows the intended packets.
Chapter 14 Configuring RPM Probes J-series Services Routers support a tool that allows network operators and their customers to accurately measure the performance between two network endpoints. With the real-time performance monitoring (RPM) feature, you configure and send probes to a specified target and monitor the analyzed results to determine packet loss, round-trip time, and jitter. This chapter contains the following topics.
J-series™ Services Router Administration Guide Table 138: RPM Terms (continued) Term Definition RPM target Remote network endpoint, identified by an IP address or URL, to which the Services Router sends a real-time performance monitoring (RPM) probe. RPM test A collection of real-time performance monitoring (RPM) probes sent out at regular intervals. test interval Time, in seconds, between RPM tests. RPM Overview Real-time performance monitoring (RPM) allows you to perform service-level monitoring.
Chapter 14: Configuring RPM Probes UDP and TCP probe types require that the remote server be configured as an RPM receiver so that it generates responses to the probes. RPM Tests Each probed target is monitored over the course of a test. A test represents a collection of probes, sent out at regular intervals, as defined in the configuration. Statistics are then returned for each test.
J-series™ Services Router Administration Guide RPM Statistics At the end of each test, the Services Router collects the statistics for packet round-trip time, packet inbound and outbound times (for ICMP timestamp probes only), and probe loss shown in Table 139 on page 270.
Chapter 14: Configuring RPM Probes Table 139: RPM Statistics (continued) RPM Statistics Description Loss percentage Percentage of probes sent for which a response was not received RPM Thresholds and Traps You can configure RPM threshold values for the round-trip times, ingress (inbound) times, and egress (outbound) times that are measured for each probe, as well as for the standard deviation and jitter values that are measured for each test.
J-series™ Services Router Administration Guide Figure 26: Main Quick Configuration Page for RPM ERROR: Unresolved graphic fileref="s020257.gif" not found in "\\teamsite1\default\main\TechPubsWorkInProgress\STAGING\images\". Figure 27: Probe Test Quick Configuration Page for RPM ERROR: Unresolved graphic fileref="s020258.gif" not found in "\\teamsite1\default\main\TechPubsWorkInProgress\STAGING\images\". To configure RPM parameters with Quick Configuration: 1.
Chapter 14: Configuring RPM Probes Table 140: RPM Quick Configuration Summary (continued) Field Function Your Action Routing Instance Particular routing instance over which the probe is sent Type the routing instance name. The routing instance applies only to probes of type icmp and icmp-timestamp. The default routing instance is inet.0. History Size Number of probe results saved in the probe history Type a number between 0 and 255. The default history size is 50 probes.
J-series™ Services Router Administration Guide Table 140: RPM Quick Configuration Summary (continued) Field Function Your Action Hardware Timestamp Enables timestamping of RPM probe messages. On J-series Services Routers you can timestamp the following RPM probes to improve the measurement of latency or jitter: To enable timestamping, select the check box.
Chapter 14: Configuring RPM Probes Table 140: RPM Quick Configuration Summary (continued) Field Function Your Action Ingress Standard Deviation Sets the maximum allowable standard deviation of inbound times (in microseconds) for a test, which, if exceeded, triggers a probe failure and generates a system log message. Type a number between 0 and 60,000,000 (microseconds). Generates SNMP traps when the threshold for jitter in outbound time is exceeded.
J-series™ Services Router Administration Guide Table 140: RPM Quick Configuration Summary (continued) Field Function Your Action Standard Deviation Exceeded Generates traps when the threshold for standard deviation in round-trip times is exceeded. ■ To enable SNMP traps for this condition, select the check box. ■ To disable SNMP traps, clear the check box. ■ To enable SNMP traps for this condition, select the check box. ■ To disable SNMP traps, clear the check box.
Chapter 14: Configuring RPM Probes probe for Customer B uses HTTP packets and sets thresholds and corresponding SNMP traps to catch excessive lost probes. To configure these RPM probes: 1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor. 2. Perform the configuration tasks described in Table 141 on page 277. 3. If you are finished configuring the network, commit the configuration. 4.
J-series™ Services Router Administration Guide Table 141: Configuring Basic RPM Probes (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure the RPM test icmp-test for the RPM owner customerA. 1. On the Rpm page, select customerA. 1. 2. In the Test box, click Add new entry The sample RPM test is an ICMP probe with a test interval (probe frequency) of 15 seconds, a probe type of icmp-ping-timestamp, a probe timestamp, and a target address of 192.178.16.5. 3.
Chapter 14: Configuring RPM Probes Table 141: Configuring Basic RPM Probes (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure the RPM test http-test for the RPM owner customerB. 1. On the Rpm page, select customerB. 1. 2. In the Test box, click Add new entry. The sample RPM test is an HTTP probe with a test interval (probe frequency) of 30 seconds, a probe type of http-get, and a target URL of http://customerB.net. 3. In the Name box, type http-test. 4.
J-series™ Services Router Administration Guide packets to the forwarding plane. Classified packets are sent to the output queue on the output interface specified by the CoS scheduler map configured on the interface. For information about CoS, see the J-series Services Router Advanced WAN Access Configuration Guide. CAUTION: Use probe classification with caution, because improper configuration can cause packets to be dropped.
Chapter 14: Configuring RPM Probes Table 142: Configuring TCP and UDP Probes (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure the RPM test tcp-test for the RPM owner customerC. 1. On the Rpm page, select customerC. 1. 2. In the Test box, click Add new entry. The sample RPM test is a TCP probe with a test interval (probe frequency) of 5, a probe type of tcp-ping, and a target address of 192.162.45.6. Configure the destination interface. 3.
J-series™ Services Router Administration Guide Table 142: Configuring TCP and UDP Probes (continued) Task J-Web Configuration Editor CLI Configuration Editor Configure Router B to act as a UDP server, using port 50037 to send and receive UDP probes. 1. Next to Probe server, click Edit. Enter 2. In the Udp box, click Configure. 3. In the Port box, type 50037. 4. Click OK.
Chapter 14: Configuring RPM Probes Table 143: Tuning RPM Probes (continued) Task J-Web Configuration Editor CLI Configuration Editor Set the time between probe transmissions to 15 seconds. In the Probe interval box, type 15. Enter set probe-interval 15 Set the number of probes within a test to 10. In the Probe count box, type 10. Enter set probe-count 10 Set the source address for each probe packet to 192.168.2.9.
J-series™ Services Router Administration Guide ■ To check the configuration, see “Verifying an RPM Configuration” on page 285. Table 144: Configuring RPM Probes to Monitor BGP Neighbors Task J-Web Configuration Editor CLI Configuration Editor Navigate to the Services>RPM>BGP level in the configuration hierarchy. 1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration. From the [edit] hierarchy level, enter 2. Next to Services, click Configure or Edit. 3.
Chapter 14: Configuring RPM Probes Directing RPM Probes to Select BGP Routers If a Services Router has a large number of BGP neighbors configured, you can direct (filter) the RPM probes to a selected group of BGP neighbors rather than to all the neighbors. To identify the BGP routers to receive RPM probes, you can configure routing instances. The sample RPM configuration in Table 145 on page 285 sends RPM probes to the BGP neighbors in routing instance R1. To direct RPM probes to select BGP neighbors: 1.
J-series™ Services Router Administration Guide Verifying RPM Services Purpose Action Verify that the RPM configuration is within the expected values. From configuration mode in the CLI, enter the show services rpm command. user@host# show services rpm probe test { test customerA { probe-type icmp-ping; target address 192.178.16.5; probe-count 15; probe-interval 1; hardware-timestamp; } test customerB { probe-type icmp-ping-timestamp; target address 192.178.16.
Chapter 14: Configuring RPM Probes Minimum Rtt: 1093 usec, Maximum Rtt: 1372 usec, Average Rtt: 1231 usec, Jitter Rtt: 279 usec, Stddev Rtt: 114 usec Probes sent: 3, Probes received: 3, Loss percentage: 0 Owner: Rpm-Bgp-Owner, Test: Rpm-Bgp-Test-1 Target address: 10.209.152.
J-series™ Services Router Administration Guide Verifying RPM Probe Servers Purpose Action Verify that the Services Router is configured to receive and transmit TCP and UDP RPM probes on the correct ports. From the CLI, enter the show services rpm active-servers command.
Part 5 Index ■ Index on page 291 Index ■ 289
J-series™ Services Router Administration Guide 290 ■ Index
Index Symbols #, comments in configuration statements.................xviii ( ), in syntax descriptions..........................................xviii .gz.jc file extension See file encryption /cf/var/crash directory See crash files /config directory file encryption See file encryption snapshots for boot directories (CLI).....................189 snapshots for boot directories (J-Web)................
J-series™ Services Router Administration Guide Alarms Summary page...............................................174 alert logging severity..................................................158 alias, CoS value..........................................................125 alternative boot media See boot devices; USB ambient temperature, monitoring..............................112 any level statement....................................................162 any logging facility...................................
Index change-log logging facility..........................................157 CHAP (Challenge Handshake Authentication Protocol), enabling on dialer interfaces....................................37 chassis alarm condition indicator....................................175 alarm conditions and remedies...........................171 alarms, displaying...............................................111 component part numbers ..................................113 component serial numbers.........................
J-series™ Services Router Administration Guide CPU usage PIM (in FPC summary)........................................113 CPU usage, displaying................................................109 crash files cleaning up (CLI).................................................201 cleaning up (J-Web).............................................199 displaying size....................................................110 downloading (J-Web)...........................................200 critical logging severity.....
Index SNMP health monitor............................................49 system logs.........................................................155 system operation................................................244 traceroute (J-Web)...............................................223 traceroute command..........................................237 traceroute monitor command.............................237 traffic analysis with packet capture.....................253 verifying captured packets....................
J-series™ Services Router Administration Guide event policies Common Criteria information...............................89 configuration editor..............................................95 overview...............................................................95 event viewer, J-Web Common Criteria information.............................155 overview.............................................................
Index overriding for SNMP (Quick Configuration)...........51 pinging (CLI).......................................................230 pinging (J-Web)...................................................216 resolving...............................................................72 SNMP trap target (Quick Configuration)................52 telnetting to..........................................................25 tracing a route to (CLI)................................237, 239 tracing a route to (J-Web)...........
J-series™ Services Router Administration Guide JUNOS Internet software release notes, URL.................................................xv JUNOS software autoinstallation.....................................................81 encryption See file encryption known problems, operation scripts as workarounds.....................................................92 upgrading...........................................................179 USB modems for remote management.................29 version, displaying.....
Index diagnosing problems from..................................210 monitoring from.................................................102 recovering root password from.............................21 Management Information Bases See MIBs management interface address, displaying................108 management interfaces active alarms......................................................115 administrative states...........................................114 alarm conditions and configuration options........
J-series™ Services Router Administration Guide system logs.........................................................244 system process information................................110 system properties...............................................107 TGM550..............................................................151 trace files............................................................244 VoIP....................................................................
Index P packet capture configuring..........................................................259 configuring (J-Web).............................................226 configuring on an interface.................................259 disabling.............................................................261 disabling before changing encapsulation on interfaces........................................................262 displaying configurations....................................263 displaying firewall filter for.
J-series™ Services Router Administration Guide Ping Host page...........................................................216 field summary....................................................216 results.................................................................217 Ping LDP-signaled LSP description..........................................................214 using...................................................................220 Ping LSP to Layer 3 VPN prefix description.............................
Index secret (configuration editor)..................................13 secret (Quick Configuration)...................................9 specifying for authentication (Quick Configuration)...................................................10 random early detection (RED) drop profiles, CoS.......126 RARP, for autoinstallation............................................86 RBBL (reported BBL)..................................................152 reachability, DLSw...............................................
J-series™ Services Router Administration Guide overview.............................................................268 See also RPM probes preparation.........................................................271 probe and test intervals......................................269 probe counts.......................................................270 Quick Configuration............................................271 round-trip times, description...............................270 round-trip times, viewing......
Index serial number chassis components............................................113 Services Router...................................................107 serial ports alarm condition indicator....................................175 alarm conditions and configuration options........168 autoinstallation on................................................82 configuring alarms on.........................................172 service sets, monitoring.............................................
J-series™ Services Router Administration Guide show system services dhcp binding command.........................................................76, 143 explanation...........................................................77 show system services dhcp binding detail command.................................................................76 explanation...........................................................77 show system services dhcp command.........................
Index RPM, monitoring.................................................145 RPM, verifying....................................................286 status administrative link state......................................114 autoinstallation.....................................................87 BGP.....................................................................118 fans.....................................................................112 link states, network interfaces............................
J-series™ Services Router Administration Guide telnet command...........................................................25 options..................................................................25 Telnet session..............................................................25 temperature chassis, monitoring.............................................112 PIM (in FPC summary)........................................113 Routing Engine, too warm..................................
Index upgrades downloading.......................................................181 installing (CLI).....................................................184 installing by uploading........................................183 installing from remote server..............................182 overview.............................................................179 requirements..............................................179, 181 Upload package page.................................................
J-series™ Services Router Administration Guide version hardware, displaying...........................................112 PPPoE, information about...................................150 software, displaying............................................107 View Events page.......................................................162 field summary (filtering log messages)................162 field summary (viewing log messages)................164 views, SNMP..........................................................
