Swcmdref a m

8/3/2019 Swcmdref a m

1/387

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

E-Series Routers

Command Reference Guide

A to M

Release 5.1.x

Part No. 162-00739-00 Rev. A00


2/387

Juniper Networks is registered in the U.S. Patent and Trademark Office and in other countries as atrademark of Juniper Networks, Inc. Broadband Cable Processor, ERX, ESP, E-series, G1, G10,G-series, Internet Processor, J-Protect, Juniper Your Net, JUNOS, JUNOScript, JUNOSe, M5, M10,M20, M40, M40e, M160, M-series, NMC-RX, SDX, ServiceGuard, T320, T640, T-series, UMC, andUnison are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registeredtrademarks, or registered service marks are the property of their respective owners. All specificationsare subject to change without notice.

Products made or sold by Juniper Networks (including the G1 and G10 CMTSs, ERX-310, ERX-705,ERX-710, ERX-1410, ERX-1440, M5, M10, M20, M40, M40e, M160, and T320 routers, T640 routingnode, and the JUNOS, SDX-300, and ServiceGuard software) or components thereof might becovered by one or more of the following patents that are owned by or licensed to Juniper Networks:U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,333,650, 6,359,479, and 6,406,312.

E-Series RoutersCommand Reference Guide A to M, Release 5.1.xCopyright 2003, Juniper Networks, Inc.All rights reserved. Printed in USA.

Writers: Mark Barnard, Bruce Gillham, Justine Kangas, Helen Shaw, Brian Wesley Simmons, FranSinger, Michael TaillonEditor: Fran Mues

Revision HistoryAugust 2003

The information in this document is current as of the date listed in the revision history above.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networksreserves the right to change, modify, transfer, or otherwise revise this publication without notice.


3/387

SOFTWARE LICENSE AGREEMENTa

JUNIPER NETWORKS, INC. IS WILLING TO LICENSE THE ENCLOSED SOFTWARE ANDACCOMPANYING USER DOCUMENTATION (COLLECTIVELY, THE PROGRAM) TO YOU ONLYUPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THISLICENSE AGREEMENT. PLEASE READ THESE TERMS AND CONDITIONS CAREFULLYBEFORE COPYING OR USING THE ACCOMPANYING SOFTWARE OR INSTALLING THEHARDWARE UNIT WITH PRE-ENABLED SOFTWARE OR USING THE ACCOMPANYING USERDOCUMENTATION.

BY USING THE ACCOMPANYING SOFTWARE OR INSTALLING THE HARDWARE UNIT WITHPRE-ENABLED SOFTWARE, YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONSOF THIS LICENSE AGREEMENT. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OFTHIS LICENSE AGREEMENT, JUNIPER NETWORKS IS UNWILLING TO LICENSE THEPROGRAM TO YOU, IN WHICH EVENT YOU SHOULD PROMPTLY WITHIN TEN (10) DAYSFROM SHIPMENT RETURN THE UNUSED SOFTWARE, USER DOCUMENTATION, ANDRELATED EQUIPMENT AND HARDWARE TO THE PLACE OF PURCHASE AND YOU WILLRECEIVE A FULL REFUND OF YOUR LICENSE FEE. THIS LICENSE AGREEMENTREPRESENTS THE ENTIRE AGREEMENT CONCERNING THE PROGRAM BETWEEN YOU ANDJUNIPER NETWORKS, AND IT SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION ORUNDERSTANDING BETWEEN THE PARTIES.

1. License Grant. Juniper Networks, Inc. (Juniper Networks) and its suppliers and licensorshereby grant to you and you hereby accept a nonexclusive, personal and nontransferable license touse the computer software and/or hardware unit with pre-enabled software, including all patches,

error corrections, updates, and revisions thereto in machine-readable, object code form only (theSoftware), and the accompanying User Documentation on the Juniper Networks product owned byyou and only as authorized in this License Agreement. You may make one (1) archival copy of theSoftware for backup purposes provided you affix to such copy all copyright, confidentiality, andproprietary notices that appear on the original. Except as authorized under this paragraph, no copiesof the Program or any portions thereof may be made, in whole or in part, by you or any person underyour authority or control.

The Software and User Documentation are protected under copyright laws. The title to Software andUser Documentation shall remain solely with Juniper Networks and its suppliers.

Except as authorized above, you shall not: copy, in whole or in part, the Software or the related UserDocumentation; modify, reverse assemble, reverse compile, or otherwise translate, dissemble, orobtain source code for the Software or User Documentation, in whole or in part, or permit a third partyto do so; rent, lease, distribute, sell, or create derivative works of the Software; pledge, lease, rent,sublicense or share its rights under this License Agreement; or, without Juniper Networks prior

written consent, assign or transfer its rights hereunder.

2. Juniper Networks's Rights. You agree that the Software, including the User Documentation,embodies Juniper Networks's and its suppliers' and licensors' confidential and proprietary intellectualproperty protected under U.S. copyright law and you will use your best efforts to maintain theirconfidentiality. You further acknowledge and agree that Juniper Networks or its suppliers andlicensors own all right, title, and interest in and to the Software, including all intellectual propertyrights therein. You shall take no action inconsistent with Juniper Networks's or its suppliers'ownership of such Software. You shall not sublicense, assign, or otherwise disclose to any third partythe Software or any information about the operation, design, performance, or implementation of theSoftware and User Documentation without prior written consent of Juniper Networks. You agree toimplement reasonable security measures to protect such confidential and proprietary information andcopyrighted material. This License Agreement does not convey to you an interest in or to theProgram, but only the limited right of use revocable in accordance with the terms of this LicenseAgreement.

3. License Fees. The license fees paid by you are paid in consideration of the license grantedunder this License Agreement.

4. Term. This license is effective upon opening of the package(s) or use of the hardware containingthe Software, and shall continue until terminated. You may terminate this License at any time byreturning the Software, including any User Documentation, and all copies or portions thereof toJuniper Networks. This License will terminate immediately without notice from Juniper Networks ifyou breach any term or provision of this License. Upon such termination by Juniper Networks, you

a. If you and Juniper Networks, Inc., have executed another license agreement for the Program whichis now in effect, then such agreement (Negotiated Agreement) shall supersede this SoftwareLicense Agreement and shall exclusively govern the use and license terms of the Program.


4/387

must return the Software, including any User Documentation, and all copies or portions thereof toJuniper Networks. Termination of this License Agreement shall not prejudice Juniper Networks' rightsto damages or other available remedy.

5. Limited Software Warranty: Juniper Networks warrants, for your benefit alone, that for a periodof ninety (90) days from the date of shipment from Juniper Networks that the Software substantiallyconforms to its published specifications.

The limited warranty extends only to you as the original licensee. Your exclusive remedy and theentire liability of Juniper Networks and its suppliers under this limited warranty will be, at JuniperNetworks' option, repair or replacement of the Software, or refund of the amounts paid by you underthis License Agreement. You agree that this is your sole and exclusive remedy for breach by JuniperNetworks, its suppliers or its licensors of any warranties made under this License Agreement.

In no event does Juniper Networks warrant that the Software is error free or that you will be able tooperate the Software without problems or interruptions. Juniper Networks does not warrant: 1) thatthe functions contained in the software will meet your requirements; 2) that the Software will operatein the hardware or software combination that you may select; 3) that the operation of the Softwarewill be uninterrupted or error free; or 4) that all defects in the operation of the Software will becorrected.

This warranty does not apply if the product: 1) has been altered, except by Juniper Networks; 2) hasnot been installed, operated, repaired, or maintained in accordance with instruction supplied byJuniper Networks; or 3) has been subjected to or damaged by improper environment, abuse, misuse,accident, or negligence.

EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE SOFTWARE IS LICENSED AS IS,AND JUNIPER NETWORKS DISCLAIMS ANY AND ALL OTHER REPRESENTATIONS,CONDITIONS, AND WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY,INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE OR ANY WARRANTIES FOR NONINFRINGEMENT ORARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. ANY AND ALL SUCHWARRANTIES ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.JUNIPER NETWORKS' SUPPLIERS AND LICENSORS DO NOT MAKE OR PASS ON TO YOU ORANY THIRD PARTY ANY EXPRESS, IMPLIED, OR STATUTORY WARRANTY ORREPRESENTATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR ANY WARRANTIES FORNONINFRINGEMENT.

6. Proprietary Rights Indemnification. Juniper Networks shall at its expense defend you againstand, subject to the limitations set forth elsewhere herein, pay all costs and damages made in

settlement or awarded against you resulting from a claim that the Program as supplied by JuniperNetworks infringes a United States copyright or a United States patent, or misappropriates a UnitedStates trade secret, provided that you: (a) provide prompt written notice of any such claim, (b) allowJuniper Networks to direct the defense and settlement of the claim, and (c) provide Juniper Networkswith the authority, information, and assistance that Juniper Networks reasonably deems necessaryfor the defense and sett lement of the claim. You shall not consent to any judgment or decree or doany other act in compromise of any such claim without first obtaining Juniper Networks writtenconsent. In any action based on such a claim, Juniper Networks may, at its sole option, either: (1)obtain for you the right to continue using the Program, (2) replace or modify the Program to avoid theclaim, or (3) if neither (1) nor (2) can reasonably be effected by Juniper Networks, terminate thelicense granted hereunder and give you a pro rata refund of the license fee paid for such Program,calculated on the basis of straight-line depreciation over a five-year useful life. Notwithstanding thepreceding sentence, Juniper Networks will have no liability for any infringement or misappropriationclaim of any kind if such claim is based on: (i) the use of other than the current unaltered release ofthe Program and Juniper Networks has provided or offers to provide such release to you for its thencurrent license fee, or (ii) use or combination of the Program with programs or data not supplied or

approved by Juniper Networks if such use or combination caused the claim.

7. Limitation of Liability. IN NO EVENT WILL JUNIPER NETWORKS OR ITS SUPPLIERS ORLICENSORS BE LIABLE FOR ANY COST FOR SUBSTITUTE PROCUREMENT; SPECIAL,INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES; OR ANYDAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR PROFITSARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE, EVENIF JUNIPER NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.Juniper Networks' cumulative liability to you or any other party for any loss or damages resulting fromany claims, demands, or actions arising out of or relating to this License Agreement shall not exceedthe total fees paid to Juniper Networks for the Software.

8. Export Control. Software, including technical data, is subject to U.S. export control laws,including the U.S. Export Administration Act and its associated regulations, and may be subject to


5/387

export or import regulations in other countries. You agree to comply strictly with all such regulationsand acknowledge that you have the responsibility to obtain licenses to export, re-export, or importSoftware.

9. Government Licensees: If any Software or associated documentation is acquired by or onbehalf of a unit or agency of the United States government, the government agrees that suchSoftware or documentation is a commercial item as that term is defined in 48 C.F.R. 2.101,consisting of commercial computer software or commercial computer software documentation as

such terms are used in 48 C.F.R. 12.212 of the Federal Acquisition Regulations and its successorsand 48 C.F.R. 227.7202-1 through 227.7202-4 of the DoD FAR Supplement and its successors. Theuse, duplication, or disclosure by the United States government of technical, data, computer softwareand documentation is subject to the restrictions set forth in FAR section 12.212(a), FAR section52.227-14(g)(2), FAR section 52.227-19, DFARS section 252.227-7015(b), DFARS section227.7202-1(a), and DFARS section 227.7202-3(a), as applicable. All United States government endusers acquire the Software with only the rights set forth in this License Agreement.

10. General: This License shall be governed by and construed in accordance with the laws of theCommonwealth of Massachusetts, United States of America, as if performed wholly within the stateand without giving effect to the principles of conflict of law. Any dispute arising out of this Agreementshall be referred to an arbitration proceeding in Boston, Massachusetts, in accordance with thecommercial arbitration rules of the American Arbitration Association (the AAA). If the parties cannotagree upon an arbitrator, arbitration shall be conducted by a neutral arbitrator selected by the AAAwho is knowledgeable in electronics equipment manufacturing and software licensing. The partiesshall share the procedural costs of arbitration equally, and each party shall pay its own attorneys'

fees and other costs and expenses associated with the arbitration, unless the arbitrator decidesotherwise. The arbitrator's award shall be in writing and shall include a statement of reasons, but thearbitrator shall not be permitted to award punitive or indirect damages. The arbitrator's decision andaward shall be final and binding and may be entered in any court having jurisdiction. The terms ofthis section shall not prevent any party from seeking injunctive relief in any court of competentjurisdiction in order to protect its proprietary and confidential information. If any term or provisionhereof is found to be void or unenforceable by a court of competent jurisdiction, the remainingprovisions of this License Agreement shall remain in full force and effect. This License Agreementconstitutes the entire agreement between the parties with respect to the use of the Software andUser Documentation and supersedes any and all prior oral or written agreements, discussions,negotiations, commitments, or understandings. No amendment, modification, or waiver of anyprovision of this License Agreement will be valid unless in writing and signed by the authorizedrepresentative of the party against which such amendment, modification, or waiver is sought to beenforced. The waiver by either party of any default or breach of this License Agreement shall notconstitute a waiver of any other or subsequent default or breach. This License Agreement shall bebinding upon the parties and their respective successors and permitted assigns.

Should you have any questions about this agreement, please contact:

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089Attn: Contracts Administrator


6/387


7/387

About This Guide

This Command Reference Guide provides all the commands available to

configure an E-series router. Refer to the configuration guides fordetailed information on configuring an E-series router.

Note: If the information in the latest E-Series Release Notes differs from the

information in this guide, follow the E-Series Release Notes.

The E-series router is shipped with the latest system software installed. If

you need to install a future release or reinstall the system software, refer to

the procedures in theE-Series Installation and User Guide, Appendix B,

Installing JUNOSe Software.

E-Series Routers

Five models of E-series routers are available:

ERX-1440 router

ERX-1410 router

ERX-710 router

ERX-705 router

ERX-310 router

All models use the same software. For information about the differences

between the models, seeE-Series Installation and User Guide, Chapter 1,

E-Series Overview.

In the E-series documentation, the term ERX-14xx models refers to both

the ERX-1440 router and the ERX-1410 router. Similarly, the term

ERX-7xx models refers to both the ERX-710 router and the ERX-705
http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/http://hw-erx-install.pdf/


8/387

About This Guideviii

router. The terms ERX-1440 router, ERX-1410 router, ERX-710 router,

ERX-705 router, and ERX-310 router refer to the specific models.

Audience

This guide is intended for experienced system and network specialists

working with E-series routers in an Internet access environment.

Conventions

Table 1 defines notice icons used in this guide, and Table 2 defines text

conventions used throughout the book, except for command syntax.

Table 3 provides command syntax conventions used primarily in the

E-SeriesCommand Reference Guide. For more information about

command syntax, seeE-Series System Basics Configuration Guide,Chapter 2, Command Line Interface.

Table 1 Notice icons

Icon Meaning Description

Informational note Indicates important features or instructions.

Caution Indicates that you may risk losing data or damaging your hardware.

Warning Alerts you to the risk of personal injury.

Table 2 Text conventions (except for command syntax)

Convention Description Examples

Bold typeface Represents commands and

keywords in text.

Command example:

Issue the clock source command.

Keyword example:

Specify the keyword exp-msg.

Bold Courier typeface Represents text that the user musttype.user input

Key name in angle brackets Indicates the name of a key on the

keyboard.

Press .

Key names linked with a plus sign

(+) in angle brackets.

Indicates that you must press two or

more keys simultaneously.

Press .
http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/


9/387

Conventions

E-Series Routers

Using the no vs. the default Version of Commands

Most router configuration commands have a no version, which you can

use to negate a command (or a portion of it specified by an optional

keyword) or restore its default setting. When you use a command without

the keyword no, you can reenable a disabled feature or override a default

setting. You have the option of using the default keyword whenever theno keyword is also a choice; simply enter the keyword default instead of

no.

In most cases, when you execute the default version of a command, it

produces the exact results as the no version. There are some commands

for which the default version yields a different result than the no version.

Commands for which the default behavior differs from the no behavior

are clearly identified in this guide. Unless otherwise specified, therefore,

Plain Courier typeface Represents information as displayed

on your terminals screen.

host1#show ip ospf 2

Routing Process OSPF 2 withRouter ID 5.5.0.250

Router is an Area BorderRouter (ABR)

Italics Emphasize words.

Identify variables.

Identify chapter, appendix, and

book names.

There are two levels of access,

userandprivileged.

clusterId, ipAddress.

Appendix A, System Specifications.

Table 2 Text conventions (except for command syntax) (continued)


Table 3 Syntax conventions in Command Reference Guide


Words in plain text Represent keywords. terminal length

Words in italics Represent variables. mask, accessListName

Words separated by the | symbol Represent a choice to select one

keyword or variable to the left or

right of this symbol. (The keyword or

variable may be either optional or

required.)

diagnostic | line

Words enclosed in [ brackets ] Represent optional keywords or

variables.

[ internal | external ]

Words enclosed in [ brackets ]* Represent optional keywords or

variables that can be entered more

than once.

[ level1 | level2 | l1 ]*

Words enclosed in { braces } Represent required keywords or

variables.

{ permit | deny } { in | out }

{ clusterId| ipAddress }


10/387

About This Guidex

the default command is identical to the no command and will neither be

documented nor discussed.

The syntax for each no command is described in this guide. Some

commands do not have a no version; this is indicated in the individual

command descriptions except for the show commands, none of which

has a no version.

The CLI can act on no versions of commands when you have entered

sufficient information to distinguish the command syntactically, and

ignores all subsequent input on that line.

To be compatible with some nonE-series implementations, the no

versions of commands will accept the same options as the affirmative

version of the commands. The CLI ignores the optional input if it has no

effect on the command behavior. If using the option changes the behavior

of the no version, the individual command entry in this guide describes

the difference in behavior.

Obsolete Commands

A command that has been made obsolete in a release or in a particular

configuration mode will return a notice when you issue the command

manually:

NOTICE: This command is obsolete. It may be completely

removed from a subsequent software release.

A preferred alternate command will be provided in the notice. If you havea script that uses the obsolete command, the obsolete command is

automatically mapped to the preferred command when you run the

script. If the obsolete command no longer has a function, then that

command has no effect if you run a script containing the command.

We recommend that you use the preferred command when writing new

scripts.

Filtering show Commands

You have access to a variety ofshow commands that display router andprotocol information. You can filter the output of a show command by

specifying| (the UNIX pipe symbol), one of the following keywords, and

either a case-sensitive text string or a regular expression.

begin displays output beginning with the first line that contains the

text string or regular expression


11/387

Conventions

E-Series Routers

include displays output lines that contain the text string or regular

expression and excludes lines that do not contain the text string or

regular expression

exclude displays output lines that do not contain the text string or

regular expression and excludes lines that do contain the text string or

regular expression

For a list of regular expressions, seeE-Series Routing Protocols

Configuration Guide, Vol. 1, Chapter 1, Configuring Routing Policy.

You can press to interrupt the show command output.

Note: The router does not recognize beginning spaces of the text string. For

example, if you enter the include option with IP as the text string on which to

filter, the router ignores the space and displays lines that include words such as

RIP.

Example In the following example, the output display consists only of lines that

contain the stringip. The router omits all other lines of the output from

the display because none of them contain the stringip.

host1#show config include-defaults | include ip

! Configuration script generated on FRI NOV 12 1999 16:56:41UTC

ip address 192.168.1.229 255.255.255.0

ip rip receive version 2 1

ip rip send version 1

ip rip authentication mode md5 17

ip rip authentication key

ip route 10.6.0.0 255.255.0.0 192.168.1.1

ip route 10.10.0.0 255.255.0.0 192.168.1.1

ip route 10.10.0.166 255.255.255.255 192.168.1.1

ip debounce-time 0

router rip
http://swconfig-routing-vol1.pdf/http://swconfig-routing-vol1.pdf/http://swconfig-routing-vol1.pdf/http://swconfig-routing-vol1.pdf/


12/387

About This Guidexii

Interface Types and Specifiers

Many commands take the variablesinterfaceType and interfaceSpecifier.

Some commands support all types of interfaces, whereas other

commands support only certain types of interfaces. Similarly, some

commands support all interface specifier formats for a particular

interface type, whereas other commands support only certain interfacespecifier formats. Table 4 shows the interface specifiers for each type of

interface.

Table 4 Interface types and specifiers

Interface Type Description Interface Specifier Example

atm ATM interface or

ATM 1483 subinterface

Refer to the individual formats listed below.

ATM interface slot/port[.subinterface]

slot number of the chassis slot in

the range 06 (ERX-7xx models),

013 (ERX-14xx models), and

02 (ERX-310 router)

port port number on the I/O

module

subinterface number of the

subinterface in the range

14294967293

atm 3/2.6

ATM 1483subinterfacea

slot/port/vpi/vci




02 (ERX-310 router)


module

vpi virtual path identifier of the

PVC on this ATM 1483 subinterface;

allowable numeric range depends

on the module capabilities and

current configuration

vci virtual circuit identifier of the

PVC on this ATM 1483 subinterface;

allowable numeric range dependson the module capabilities and

current configuration

atm 3/2/1/0


13/387

Conventions

E-Series Routers

fastEthernet IEEE 802.3 Fast

Ethernet (FE) interfaceslot/port[.subinterface1[.subinterface2]]



013 (ERX-14xx models), and02 (ERX-310 router)


module

subinterface1 number of the FE


14294967293; not more than 2

subinterfaces per FE interface.b

subinterface2 number of the

higher-level subinterface in the

range 14294967293; not more than

4094 higher-level subinterfaces perFE subinterfaceb

fastEthernet 3/2.6.20

gigabitEthernet IEEE 802.3 Gigabit

Ethernet (GE) interface

slot/port[.subinterface1[.subinterface2]]




02 (ERX-310 router)


module

subinterface1 number of the GE


14294967293; not more than 2

subinterfaces per GE interface.b

subinterface2 number of the

higher-level subinterface in the

range 14294967293; not more than

4094 higher-level subinterfaces per

GE subinterface.b

gigabitEthernet 3/2.6.20

hssi High-speed serial

interfaceslot/port


the range 06 (ERX-7xx models)

and 013 (ERX-14xx models)


module

hssi 3/0

loopback Loopback interface integer

integer integer in the range

14294967293

loopback 20

Table 4 Interface types and specifiers (continued)



14/387

About This Guidexiv

mlframe-relay Multilink frame relay

interfacebundle-name [.subinterface ]

bundle-name name of the bundle

subinterface number of the MLFRsubinterface in the range

14294967293

mlframe-relay boston.1

mlppp Multilink PPP interface bundle-name

bundle-name name of the bundle

mlppp chicago

nullc Null interface, which

cannot forward or

receive traffic

0 null 0

pos Packet over SONET

(POS) interfaceslot/port





module

pos 3/2

serial CE1, CT1, CT3,

E3-FRAME,

T3-FRAME,

cOCx/STMx interface,

or X.21/V.35 interface

Refer to the individual formats listed below.

CE1/CT1 slot/port:channel-group


the range 06 (ERX-7xx models)and 013 (ERX-14xx models)


module

channel-group number of the

channel group associated with a

range of DS0 timeslots on a CE1 or

CT1 module; in the range 131 for a

CE1 module, and 124 for a CT1

module

serial 3/2:20




15/387

Conventions

E-Series Routers

CT3 slot/port:channel/subchannel





module

channel- number of a T1 channel on

a CT3 module; in the range 128

subchannel number of the channel

group associated with a range of

DS0 timeslots on a CT3 module; in

the range 128

serial 3/2:20/15

E3/T3 FRAME slot/port





module

serial 3/2

cOCx/STMx:unframed E1

slot/port:path-channel/path-payload/

tributary-group/tributary-number/

channelNumber




02 (ERX-310 router)

port port number on the I/Omodule

path-channel number of the

STS-1or STM-0 line in the range

12147483648

path-payload number of the

payload within the path

tributary-group number of the

tributary group within the path

tributary-number number of the

tributary within the group

channelNumber 1 (the routerassigns the number one to an

unframed E1 channel)

serial 3/0:10/1/2/2/1




16/387

About This Guidexvi

cOCx/STMx:fractional

E1/T1

slot/port:path-channel/path-payload/

tributary-group/tributary-number/

channel-group

slot number of the chassis slot inthe range 06 (ERX-7xx models),


02 (ERX-310 router)


module



12147483648

path-payload number of the

payload within the path

tributary-group number of thetributary group within the path

tributary-number number of the

tributary within the group

channel-group number of a

fractional T1 or E1 line

serial 3/0:10/1/2/2/1

cOCx/STMx:unchannelized

DS3

slot/port:path-channel/

ds3-channel-number




02 (ERX-310 router) port port number on the I/O

module



12147483648

ds3-channel-number number of a

T3 channel

serial 3/0:1/1




17/387

Conventions

E-Series Routers

cOCx/STMx:DS3

channelized to

DS0

slot/port:path-channel/

ds3-channel-number/

ds1-channel-number

/subchannel-number slot number of the chassis slot in



02 (ERX-310 router)


module



12147483648

ds3-channel-number number of a

T3 channel ds1-channel-number number of a

T1 channel

subchannel-number number of a

fractional T1 channel

serial 3/0:1/1/10/15

X.21/V.35 slot/port





module

sonet line layer Line layer of aSONET/SDH interface

slot/port




02 (ERX-310 router)


module

sonet 3/0

sonet path layer Path layer of a

SONET/SDH interface

slot/port:path-channel




02 (ERX-310 router) port port number on the I/O

module



12147483648

sonet 3/0:2




18/387

About This Guidexviii

Documentation

TheE-SeriesInstallation Quick Start poster is shipped in the box with all

new routers. This poster provides the basic procedures to help you get the

router up and running quickly.

With each software release, we provide theE-Series Routers

Documentation CD (formerly ERX Edge Routers Documentation CD).

The documentation CD contains the document set in PDF format and

HTML format (with and without frames). From the HTML files, you can

also access PDF files of individual chapters and appendixes.

The documentation is also available on the Web. You can order a set of

printed documents from your Juniper Networks sales representative.

The document set comprises the following books:

E-SeriesInstallation and User Guide Provides the necessary

procedures for getting the router operational, including information on

installing, cabling, powering up, configuring the router for

management access, and general troubleshooting. Describes SRP

modules, line modules, and I/O modules available for the E-series

routers, and provides information about the compatibility of line

modules and I/O modules with software releases. Lists the layer 2

sonet section layer Section layer of a

SONET/SDH interfaceslot/port





module

sonet 3/0

tunnel Tunnel interface tunnel-type:tunnel-name

tunnel-type type of the tunnel:

dvmrp, gre, ipsec, l2tp, or mpls

tunnel-name name of the tunnel

tunnel gre:boston

a.You can use the atmslot/port/vpi/vciinterface specifier format as an alternative to the atmslot/port.subinterface

format with the specific show interface and show subinterface commands to monitor all ATM 1483 subinterfaces

(except NBMA interfaces) as well as the upper-layer interfaces configured over an ATM 1483 subinterface. Youcannot, however, use the atmslot/port/vpi/vciformat to create or modify an ATM 1483 subinterface.

b.See the interface fastEthernetcommand and the interface gigabitEthernet command for details on specifying

subinterfaces with and without VLANs on Ethernet interfaces.

c.You cannot configure values on the null interface. This interface acts as a data sink; it cannot forward or receive

traffic.




19/387

Documentation

E-Series Routers

protocols, layer 3 protocols, and applications that line modules and

their corresponding I/O modules support.

E-SeriesSystem Basics Configuration Guide Describes planning and

configuring your network, managing the router, configuring passwords

and security, configuring the router clock, and configuring virtual

routers. Includes a list of references that provide information on the

protocols and features supported by the router.

E-SeriesPhysical Layer Configuration Guide Describes configuring

physical layer interfaces.

E-SeriesLink Layer Configuration Guide Describes configuring link

layer interfaces.

E-SeriesRouting Protocols Configuration Guide, Vol. 1 Provides

information about configuring routing policy and configuring IP, IP

routing, and IP security. E-SeriesRouting Protocols Configuration Guide, Vol. 2 Describes

BGP routing, MPLS, BGP-MPLS VPNs, and encapsulation of layer 2

services.

E-Series Policy and QoS Configuration Guide Provides information

about configuring policy management and quality of service (QoS).

E-SeriesBroadband Access Configuration Guide Provides

information about configuring remote access.

E-SeriesCommand Reference Guide A to M; E-SeriesCommandReference Guide N to Z Together comprise theE-Series Command

Reference Guide. Contain important information about commands

implemented in the system software. Use to look up command

descriptions, command syntax, a commands related mode, or a

description of a commands parameters. Use with the E-series

configuration guides.

E-SeriesProduct Overview Guide Gives a thorough overview of the

router from a software and hardware perspective. It provides

illustrations and configuration examples that present the big picture.

MIBS

Copies of the MIBs available in a software release are included on the

JUNOSe Software CD (formerly ERX Edge Routers Software CD) and

on the Web.


20/387

About This Guidexx

Release Notes

Release notes are included on the corresponding software CD and are

available on the Web.

In theRelease Notes, you will find the latest information about features,

changes, known problems, resolved problems, and system maximum

values. If the information in theRelease Notes differs from the

information found in the documentation set, follow theRelease Notes.

Abbreviations

A complete list of abbreviations used in this document set, along with

their spelled-out terms, is provided in theE-Series System Basics

Configuration Guide, Appendix A, Abbreviations and Acronyms.

Web Access To view the documentation on the Web, go to:

http://www.juniper.net/techpubs/

Comments About the Documentation

We encourage you to provide feedback, comments, and suggestions so

that we can improve the documentation to better meet your needs. Please

e-mail your comments to:

[email protected]

Along with your comments, be sure to indicate:

Document name

Document part number

Page number

Software release version

Contacting Customer Support

For technical support, contact Juniper Networks at [email protected],

or at 1-888-314-JTAC (within the United States) or 408-745-9500 (from

outside the United States).
http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://www.juniper.net/techpubs/http://swconfig-system-basics.pdf/http://swconfig-system-basics.pdf/http://www.juniper.net/techpubs/


21/387

List of Commands, A to M

aaa accounting acct-stop on-aaa-failure

Description: Configures AAA to send an Acct-Stop message if a user fails AAA, butRADIUS grants access. The no version returns the parameter to the default ofenable.

Syntax: aaa accounting acct-stop on-aaa-failure { enable | disable }

no aaa accounting acct-stop on-aaa-failure

Mode(s): Global Configuration

aaa accounting acct-stop on-access-deny

Description: Issues an Acct-Stop message if RADIUS denies access. The no versionreturns the parameter to the default of disable.

Syntax: aaa accounting acct-stop on-access-deny { enable | disable }

no aaa accounting acct-stop on-access-deny


aaa accounting duplication

Description: Sends duplicate accounting records to the accounting server of a differentvirtual router. The no version disables the feature.

Syntax: aaa accounting duplication routerName

no aaa accounting duplication

routerName virtual router name



22/387

aaa accounting interval2

aaa accounting interval

Description: Specifies the accounting interval. The no version sets the value to 0, whichturns off interim accounting.

Syntax: aaa accounting intervalperiod

no aaa accounting interval

period accounting interval in minutes in the range 101080, which setsthe time period between accounting updates


aaa accounting ppp default

Description: Specifies the default accounting protocol for PPP. The no version producesthe same result as specifying the radius value.

Syntax: aaa accounting ppp default accountor[ accountor]*

no aaa accounting ppp default

accountor specifies the accounting method:

radius uses RADIUS for the accounting method

none disables accounting

* indicates that one or more parameters can be repeated multiple times ina list in the command line



23/387

aaa authentication enable default

E-Series Routers

aaa authentication enable default

Description: Allows privilege determination to be authenticated through the authenticator(s)you specify. This authentication is applied to vty users. The no versionremoves the authentication settings.

Syntax: aaa authentication enable default authenticator[ authenticator]*no aaa authentication enable default

authenticator specifies the authentication method used:

radius use RADIUS authentication

line use the line password

tacacs+ use TACACS+ authentication

none use no authentication

enable use the enable password

* indicates that one or more parameters can be repeated multipletimes in a list in the command line


aaa authentication login

Description: Creates an authentication list and the criteria for login. This authentication isapplied to vty users. The no version disables AAA authentication.

Syntax: aaa authentication login { default | authListName } authenticator

[ authenticator]*no aaa authentication login authListName

default specifies the use of the default login for authentication

authListName specifies an existing authentication list name (createdusing the login authentication command); a string of 132 characters

authenticator specifies the authentication method:

line use the line password for authentication

none use no authentication

radius use RADIUS authentication tacacs+ use TACACS+ authentication




24/387

aaa authentication ppp default4

aaa authentication ppp default

Description: Specifies the default authentication protocol for PPP and DHCP clients. Theno version produces the same result as specifying the radius value.

Syntax: aaa authentication ppp default authenticator[ authenticator]*

no aaa authentication ppp default

authenticator specifies the authentication method:

enable use the enable password

line use the line password

none means authentication is off, allowing all users access

radius uses RADIUS for authentication

tacacs+ use TACACS+ authentication

* indicates that one or more parameters can be repeated multiple times in

a list in the command line



25/387

aaa authorization

E-Series Routers

aaa authorization

Description: Sets parameters that restrict a users access to a network. The no versiondisables authorization for a function.

Syntax: aaa authorization { exec | commands level} authorListNameauthMethod

[ authMethod]*no aaa authorization { exec | commands level} authorListName

exec runs authorization to determine if the user is allowed to run Execmode commands

commands runs authorization for all commands at the specified privilegelevel

level privilege level; a number in the range 015

authorListName specifies the name of the authorization methods list ofup to 32 characters

authMethod specifies the authorization method used:

if-authenticated allows the user to access the requested function if theuser is authenticated

none NAS does not request authorization information; authorization isnot performed over this line

tacacs+ NAS exchanges authorization information with the TACASC+security daemon



aaa authorization config-commands

Description: Reauthorizes the use of Global Configuration commands. This command isenabled by default when the aaa authorization commands command isexecuted. The no version disables AAA configuration command authorization.

Note: Using the no version can potentially reduce the amount of

administrative control on configuration commands.

Syntax: [ no ] aaa authorization config-commands



26/387

aaa delimiter6

aaa delimiter

Description: Specifies delimiters for the domain and realm names. You can specify up toeight delimiters each for domain and realm names. The no version restoresthe default value.

Syntax: aaa delimiter { domainName | realmName } delimitersno aaa delimiter { domainName | realmName }

domainName allows you to set delimiters for the domain name

realmName allows you to set delimiters for the realm name

delimiters either the domain or realm delimiter(s). You can specify up toeight characters.

The default domain name delimiter is @.

The default realm name delimiter is NULL (no character). In this case,realm parsing is disabled (having no delimiter disables realm parsing).


aaa dns

Description: Specifies the IP address of the primary DNS name server. The no version setsthe corresponding address to 0.

Syntax: aaa dns { primary | secondary } ipAddress

no aaa dns { primary | secondary }

primary specifies the primary DNS name server secondary specifies the secondary DNS name server

ipAddress IP address of the name server



27/387

aaa domain-map

E-Series Routers

aaa domain-map

Description: Maps a user domain name to a virtual router. When you specify only thedomain name, the command sets the mode to Domain Map Configuration. Theno version deletes the map entry.

Syntax: aaa domain-map domainName [ routerName [ loopback interfaceNumber] ]no aaa domain-map domainName

domainName user domain name; specify the domain name none toassign users without domains to a specific virtual router.

routerName router name associated with the domain name

loopback specifies the loopback interface

interfaceNumber interface number in the range 032000


aaa duplicate-address-check

Description: Allows you to enable or disable routing table address lookup or duplicateaddress check. There is no no version.

Syntax: aaa duplicate-address-check { enable | disable }

Note: To use this command, you must have a B-RAS license. Run the license

b-ras command and enter your password.


aaa intf-desc-format include sub-intf

Description: Specifies whether the subinterface is included in or omitted from the interfacedescription that the router passes to RADIUS for inclusion in the NAS-Port-Idattribute. Also affects the Interface field displayed by the show subscriberscommand. The no version restores the default, in which the subinterface isincluded.

Syntax: aaa intf-desc-format include sub-intf { enable | disable }

no aaa intf-desc-format include sub-intf

enable includes the subinterface (when it is available) in the interfacedescription; this is the default

disable omits the subinterface from the interface description



28/387

aaa ipv6-dns8

aaa ipv6-dns

Description: Specifies the IPv6 address of the primary DNS name server. The no versionsets the corresponding address to 0 (or ::).

Syntax: aaa ipv6-dns { primary | secondary } ipv6Address

no aaa ipv6-dns { primary | secondary }

primary specifies the primary DNS name server

secondary specifies the secondary DNS name server

ipv6Address IPv6 address of the name server


aaa new-model

Description: Specifies AAA authentication for Telnet sessions. The no version restoressimple authentication (login and password).

Syntax: [ no ] aaa new-model


aaa parse-order

Description: Specifies the order in which the router searches for a domain name. It eithersearches for realm and then domain, or it searches for domain and then realm.The no version returns the parse order to the default of searching for realmfirst.

Syntax: aaa parse-order { domain-first | realm-first }

no aaa parse-order

domain-first causes the router to search for a domain name starting withthe right-most character. When the router reaches a delimiter, it usesanything to the right of the delimiter as the domain name.

realm-first causes the router to search for a domain name starting withthe left-most character. When the router reaches a delimiter, it usesanything to the left of the delimiter as the domain name.



29/387

aaa profile

E-Series Routers

aaa profile

Description: Creates a new AAA profile to allow mapping to AAA services.

Syntax: aaa profileprofileName

profileName profile name of up to 32 characters

Mode(s): AAA Profile Configuration

aaa subscriber limit per-port

Description: Sets the maximum number of active subscribers permitted on the specifiedport. The no version returns the limit to the default, 0 (zero).

Syntax: aaa subscriber limit per-port interfaceValuelimitValue

no aaa subscriber limit per-port interfaceValue

interfaceValue location of the interface in the slot/port format limitValue maximum number of subscribers. The default is 0 (zero),

which means there is no limit on the number of subscribers.


aaa subscriber limit per-vr

Description: Sets the maximum number of active subscribers permitted on the virtualrouter. The no version returns the limit to the default, 0 (zero).

Syntax: aaa subscriber limit per-vrlimitValue

no aaa subscriber limit per-vr

limitValue maximum number of subscribers. The default is 0 (zero),which means there is no limit on the number of subscribers.


aaa timeout

Description: Sets either the default idle or session timeout for B-RAS PPP users. The no

version deletes either the idle or session timeout.

Syntax: aaa timeout { idle idleTimeout| session sessionTimeout}

no aaa timeout { idle | session }

idleTimeout in seconds, 3007200

sessionTimeout in seconds, 601814400 (that is, a minimum of 1 minuteto a maximum of 21 days)



30/387

aaa tunnel assignment-id-format10

aaa tunnel assignment-id-format

Description: Sets the format for the tunnel assignment ID. Use the no version to set thetunnel assignment ID to the default, assignmentID.

Syntax: aaa tunnel assignment-id-format { assignmentId | client-server-id }

no aaa tunnel assignment-id-format

assignmentId configures the format to be assignmentId only

client-server-id configures the format to be a combination ofclientAuthId + serverAuthId + assignmentId


aaa tunnel calling-number-format

Description: Configures the E-series LAC to generate L2TP Calling Number attribute value

pair (AVP) 22 in a fixed format similar to RADIUS attribute 31(Calling-Station-Id). Use the no version to return the calling number format tothe default, descriptive.

Syntax: aaa tunnel calling-number-format { descriptive | fixed }

no aaa tunnel calling-number-format

descriptive default format

fixed format calling number AVP to RADIUS format


aaa tunnel client-name

Description: Specifies the default tunnel client name. If the tunnel client name is notincluded in the tunnel attributes that are returned from the domain map orauthentication server, the router uses the default name. The no versiondeletes the client name.

Syntax: aaa tunnel client-name name

no aaa tunnel client-name

name default tunnel client name; a string of up to 32 characters



31/387

aaa tunnel ignore

E-Series Routers

aaa tunnel ignore

Description: Specifies whether the tunnel peers NAS-Port [5] and NAS-Port-Type [61]attributes should be used. The no version negates the command or restoresthe default of enable.

Syntax: aaa tunnel ignore { nas-port | nas-port-type } { enable | disable }no aaa tunnel ignore { nas-port | nas-port-type }

nas-port configures the tunnel peers supplied nas-port value

nas-port-type configures the tunnel peers supplied nas-port-type value


aaa tunnel password

Description: Specifies the default tunnel password. If the tunnel password is not included in

the tunnel attributes that are returned from the domain map or authenticationserver, the router uses the default password. The no version deletes thepassword.

Syntax: aaa tunnel password name

no aaa tunnel password

name default tunnel password; a string of up to 32 characters


aaa wins

Description: Specifies the IP address of the WINS name server. The no version sets thecorresponding address to 0.

Syntax: aaa wins { primary | secondary } ipAddress

no aaa wins { primary | secondary }

primary specifies the primary WINS name server

secondary specifies the secondary WINS name server

ipAddress IP address of the name server



32/387

access-class in12

access-class in

Description: Restricts incoming connections between a particular virtual terminal line andthe addresses in an access list. The no version removes access restrictions.

Syntax: access-class listName in

no access-class [ listName ]in

listName name of the access list

Mode(s): Line Configuration


33/387

access-list

E-Series Routers

access-list

Description: Defines a standard or extended IP access list. The extended access listenables you to specify a destination address or host, precedence, and type ofservice. Imposes an implicit last rule of deny ip any any to deny all routes thatdo not match previous rules in the access list. The no version removes the IP

access list, the specified entry in an access list, or the log for a specified entry.

Syntax: Standard IP access list:

access-list accessListName { permit | deny } { srcIP srcWildIp |[ host ] srcIPHost| any } [ log ]

no access-list accessListName [ { permit | deny } { srcIP srcWildIp |[ host ] srcIPHost| any } [ log ] ]

Extended IP access list:

access-list accessListName { permit | deny } ip { srcIPsrcWildIp |host srcIPHost| any } { dstIPdstWildIp | host dstIPHost| any } [ log ]

no access-list accessListName [ { permit | deny } ip { srcIPsrcWildIp |host srcIPHost| any } { dstIPdstWildIp | host dstIPHost| any } [ log ] ]

accessListName string of up to 32 alphanumeric characters

permit permits access if the conditions are matched

deny denies access if the conditions are matched

srcIP source IP address from which the packet is being sent

srcWildIp wildcard mask IP address

srcIPHost source host IP address; assumes a wildcard mask of 0

any creates an address of 0.0.0.0 with a wildcard mask of255.255.255.255

dstIP destination IP address

dstWildIp wildcard mask IP address for destination

dstIPHost destination host IP address to which the packet is being sent

preced number from 1 to the access list maximum that indicates theprecedence level to which packets are filtered

typeOServ number from 1 to the access list maximum that indicates thetype of service to which packets are filtered

log logs an Info event into the ipAccessList log whenever the access-listrule is matched



34/387

address14

address

Description: From Domain Map Tunnel Configuration mode, sets the tunnel endpointaddress of an L2TP tunnel. The no version removes the address of the tunnel.

From Interface Configuration or Subinterface Configuration mode, configures

RIP to run on the interface specified by the IP address or on an unnumberedinterface. Uses the default values: send version is RIP version 1, receiveversion is RIP version 1 and version 2, authentication is not enabled. The noversion deletes the RIP interface. Use the address commands to configureRIP attributes on the network.

From NAT Pool Configuration mode, configures NAT IP address pool ranges.The no version removes the range from the current NAT address pool.

Syntax: To set the tunnel endpoint address:

address serverAddress

no address

To configure RIP:

[ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}

serverAddress IP address of the LNS endpoint

ipAddress address of IP interface where RIP will be run

unnumbered specifies that RIP will be run on an unnumbered interface

interfaceType interface type; see Interface Types and Specifiers inAbout This Guide

interfaceSpecifier particular interface; format varies according to

interface type; see Interface Types and Specifiers inAbout This GuideTo configure NAT address pool ranges:

[ no ] address startIpAddress endIpAddress

startIpAddress starting IP address (inclusive) of the NAT pool range youare creating

endIpAddress ending IP address (inclusive) of the NAT pool range youare creating

Mode(s): Interface Configuration (RIP), Subinterface Configuration (RIP), Domain MapTunnel Configuration, IP NAT Pool Configuration


35/387

address area

E-Series Routers

address area

Description: Creates an interface on which OSPF runs in the specified area, on top of theIP interface at the specified IP address. Uses the default values. The noversion deletes OSPF interfaces. If the OSPF network was previouslyspecified with the network area command, the OSPF interface already exists,

and you do not need to use this command, unless you want to change thearea of the OSPF interface to an area different from the one specified by thenetwork area command.

Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}area { areaId | areaIdInt}

ipAddress IP address of the interface on which OSPF will be run

unnumbered configures OSPF on an unnumbered interface

interfaceType interface type; see Interface Types and SpecifiersinAboutThis Guide

interfaceSpecifier particular interface; format varies according tointerface type; see Interface Types and Specifiers inAbout This Guide

areaId OSPF area ID in IP address format

areaIdInt OSPF area ID as a decimal value in the range 14294967295

Note: Before you issue this command, you must first configure an interface

with the IP address specified byipAddress or an interface configured asunnumbered.

Note: You must issue this command before issuing any other OSPFaddress

command.

Mode(s): Router Configuration


36/387

address authentication key16

address authentication key

Description: Specifies the password for text authentication and the key for MD5authentication. The no version clears the key for the interface. Supported onlyin RIP version 2. Authentication is disabled by default.

Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}authentication key [ 0 | 8 ] authkey

no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]authentication key





interface type; see Interface Types and Specifiers inAbout This Guide 0 indicates the authKeyis entered in unencrypted form (plaintext); this is

the default option

8 indicates the authKeyis entered in encrypted form (ciphertext)

authkey password sent with RIP messages or the key used toencrypt/decrypt RIP messages, depending on the authentication mode setfor this interface

Mode(s): Interface Configuration, Subinterface Configuration


37/387

address authentication-key

E-Series Routers

address authentication-key

Description: Assigns a password used by neighboring routers that are using OSPF simplepassword authentication. The no version deletes the password.

Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}

authentication-key [ 0 | 8 ] authKey ipAddress OSPF interface address previously specified with the address

command

unnumbered indicates that OSPF is running on an unnumbered interfacepreviously specified with the address command



0 indicates the authKeyis entered in unencrypted form (plaintext); this isthe default option

8 indicates the authKeyis entered in encrypted form (ciphertext)

authKey password, string of up to 8 characters

Note: You must issue the address areacommand before issuing this

command.



38/387

address authentication message-digest18

address authentication message-digest

Description: Specifies that MD5 authentication is used for the OSPF interface. The noversion sets authentication for the interface to none, but leaves any configuredMD5 key intact.

Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}authentication message-digest

ipAddress OSPF interface address previously specified with the addresscommand





command.



39/387

address authentication mode

E-Series Routers

address authentication mode

Description: Specifies the type of authentication used on this interface. The no versionremoves authentication from the interface. Supported only in RIP version 2.Authentication is disabled by default.

Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}authentication mode { text | md5 keyID }

no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]authentication mode


unnumbered specifies RIP will be run on an unnumbered interface



interface type; see Interface Types and Specifiers inAbout This Guide text simple text password is sent with each RIP message. If the password

is not possessed by neighbors, the message is rejected.

md5 MD5 message-digest algorithms are used to encrypt and compressthe RIP message.

keyID number identifying the MD5 key. Neighbors must share the MD5key to decrypt the message and encrypt the response.



40/387

address authentication-none20

address authentication-none

Description: Specifies that no authentication is to be used for the OSPF interface. The noversion has no effect.


authentication-none ipAddress OSPF interface address previously specified with the address

command




Note: You must issue the address areacommand before issuing thiscommand.


address cost

Description: Specifies a cost metric for an OSPF interface. Used in the calculation of theSPF routing table. The no version resets the path cost to the default.


cost intfCost





intfCost link state metric cost; a number in the range 065535; defaultvalue is 10


command.



41/387

address dead-interval

E-Series Routers

address dead-interval

Description: Sets the time period that the routers neighbors should wait without seeinghello packets from the router before they declare the router to be down. Theno version resets the dead interval to its default.

Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}dead-interval deadInterval





deadInterval number in the range 165535 seconds; default value is 40seconds


command.



42/387

address-family22

address-family

Description: For BGP, configures the router to exchange addresses for the specifiedaddress family. For the IPv4 address family, configures the router or a specificVRF to exchange IPv4 addresses in unicast, multicast, or VPN mode. ForIPv6, configures the router to exchange IPv6 addresses in unicast mode. The

no version removes the address family.

For RIP, configures RIP in a specific VRF to exchange IPv4 addresses. Theno version removes the address family.

Syntax: For BGP:

[ no ] address-family { ipv4 [ multicast | unicast [ vrfvrfName ] |vrfvrfName ] | vpnv4 [ unicast ] | ipv6 [ unicast ] }

For RIP:

[ no ] address-family ipv4 [ unicast ] vrfvrfName

ipv4 sessions that carry standard IPv4 address prefixes (default)

ipv6 specifies sessions that carry IPv6 address prefixes

multicast specifies multicast prefixes

unicast specifies unicast prefixes (default)

vrfName name of the VRF; string of 132 alphanumeric characters

vpnv4 sessions that carry customer VPN-IPv4 prefixes, each of whichhas been made globally unique by adding an 8-byte route distinguisher



43/387

address hello-interval

E-Series Routers

address hello-interval

Description: Specifies the interval between hello packets that the router sends on theinterface. The no version resets the hello interval to its default.


hello-interval helloInterval ipAddress OSPF interface address previously specified with the address

command




helloInterval number in the range 165535 seconds; default value is 10seconds


command.



44/387

address message-digest-key md524

address message-digest-key md5

Description: Enables OSPF MD5 authentication and configures the MD5 key. The noversion deletes an MD5 key.

Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}

message-digest-key keyID md5 [ 0 | 8 ] msgDigestKeyno address { ipAddress | unnumbered interfaceType interfaceSpecifier}message-digest-key keyID





keyID key identifier in the range 1255

md5 specifies use of the MD5 algorithm

0 indicates the msgDigestKeyis entered in unencrypted form (plaintext);this is the default option

8 indicates the msgDigestKeyis entered in encrypted form (ciphertext)

msgDigestKey OSPF password; string of up to 16 alphanumericcharacters

Note: If all the MD5 keys have been deleted, the authentication type is still

MD5, but you need to configure MD5 keys.

Note: To disable MD5 authentication for the interface, use the address

authentication-none command.


command.



45/387

address network

E-Series Routers

address network

Description: Configures the OSPF network type for the specified interface to somethingother than the default for the network medium. The no version restores thedefault value for the medium.

Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}network { broadcast | non-broadcast | point-to-point }

no address { ipAddress | unnumbered interfaceType interfaceSpecifier}network





broadcast sets network type to broadcast

non-broadcast sets network type to NBMA

point-to-point sets network type to point-to-point


command.



46/387

address passive-interface26

address passive-interface

Description: Disables the transmission of routing updates on an interface. OSPF routinginformation is neither sent nor received through the specified router interface.The specified interface address appears as a stub network in the OSPFdomain. The no version reenables the transmission of routing updates.

Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}passive-interface





interface type; see Interface Types and Specifiers inAbout This Guide


command.


address-pool-name

Description: Specifies an address pool name to associate with the domain name being

configured. The no version removes the pool name.Syntax: address-pool-namepoolName

no address-pool-name

poolName name of the pool to associate with the domain name

Mode(s): Domain Map Configuration


47/387

address priority

E-Series Routers

address priority

Description: Sets the router priority. Used in determining the designated router for theparticular network. This designation only applies to multi-access networks.Every broadcast and nonbroadcast multiaccess network has a designatedrouter. The no version restores the default value.

Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}priority intfPriority





interface type; see Interface Types and Specifiers inAbout This Guide

intfPriority priority value, an 8-bit number in the range 1255; defaultvalue is 1


command.



48/387

address receive version28

address receive version

Description: Restricts the RIP version that the router can receive on an interface. The noversion sets the interface back to the default value, receiving both RIP version1 and version 2.

Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}receive version { 1 | 2 | 1 2 | 2 1 | off }

no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]receive version





interface type; see Interface Types and Specifiers inAbout This Guide 1 specifies RIP version 1 only

2 specifies RIP version 2 only

1 2 specifies RIP version 1 and version 2; the default value

2 1 specifies RIP version 2 and version 1

off turns reception off



49/387

address retransmit-interval

E-Series Routers

address retransmit-interval

Description: Specifies the time between LSA retransmissions for the interface when anacknowledgment for the LSA is not received. The no version restores thedefault value.

Syntax: [ no ] address { ipAddress | unnumbered interfaceType interfaceSpecifier}retransmit-interval retransInterval





retransInterval number in the range 03600 seconds; default value is 5seconds


command.



50/387

address send version30

address send version

Description: Restricts the RIP version that the router can send on an interface. The noversion sets the interface back to the default value, sending only RIPversion 1.

Syntax: address { ipAddress | unnumbered interfaceType interfaceSpecifier}send version {1 | 2 | 1 2 | 2 1 | off }

no address [ ipAddress | unnumbered interfaceType interfaceSpecifier]send version





interface type; see Interface Types and Specifiers inAbout This Guide 1 specifies RIP version 1 only

2 specifies RIP version 2 only



off turns reception off



51/387

address transmit-delay

E-Series Routers

address transmit-delay

Description: Sets the estimated time it takes to transmit a link state update packet on theinterface. The no version restores the default value.


transmit-delay transmDelay ipAddress OSPF interface address previously specified with the address

command




transmDelay link state transmit delay, a number in the range 03600seconds; default value is 1 second


command.


agent context-name

Description: Specifies the virtual router SNMP agent on which you want to poll MIB objects.

The no version returns the context name to the default context (virtual router).

Syntax: agent context-name contextName

no agent

contextName context name of the agent

Mode(s): SNMP Trigger Configuration


52/387

aggregate-address32

aggregate-address

Description: Creates an aggregate entry in a BGP routing table. The no version removesthe aggregate.

Syntax: [ no ] aggregate-address { address mask| ipv6Prefix} [ as-set |

summary-only | attribute-map attributeMapTag|advertise-map advertiseMapTag| suppress-map suppressMapName ]*

address aggregate IPv4 address

mask aggregate IPv4 mask

ipv6Prefix aggregate IPv6 prefix

as-set if the as-set option is not specified, the path attributes of theaggregate route are set in the same way as locally originated routes,except that the atomic_aggregate and aggregator attributes are added. Ifthe as-set option is used, the path attributes of the aggregate route aredetermined by combining the path attributes of the aggregated routes as

described in RFC 1771. If the as-set option is used, the path attributes ofthe aggregate route may change whenever one of the aggregated routeschanges, causing the aggregate route to be readvertised.

summary-only filters all more specific routes from updates.summary-only not only creates the aggregate route but also suppressesadvertisements of more-specific routes to all neighbors. If you only want tosuppress advertisements to certain neighbors, you may use the neighbordistribute-list command, with caution. If a more-specific route leaks out,all BGP speakers will prefer that route over the less-specific aggregate youare generating (using longest-match routing). Alternatively, you can use thesuppress-map keyword to suppress specific routes

attributeMapTag string of up to 32 characters that identifies the routemap used to set the attributes of the aggregate route

advertiseMapTag string of up to 32 characters that identifies the routemap used to set the routes to create AS-SET origin communities in therange

suppressMapName string of up to 32 characters that identifies a routemap that filters routes to be suppressed


Mode(s): Address Family Configuration, Router Configuration


53/387

aggressive-mode

E-Series Routers

aggressive-mode

Description: Allows aggressive mode negotiation for the tunnel. The no version restoresthe default, main mode.

Syntax: [ no ] aggressive-mode

Mode(s): ISAKMP Policy Configuration

allow

Description: Specifies the domain names that are to be allowed access to AAAauthentication. The no version negates the command.

Syntax: [ no ] allow domainName

domainName name of the domain; maximum of 64 characters

Mode(s): AAA Profile Configuration

append-after

Description: Add a next hop after a particular index in the MPLS explicit path. Thesequence numbers for existing hops after the index adjust automatically.There is no no version.

Syntax: append-afterindexNumbernext-address ipAddress [ mask ipMask] [ loose ]

index number of a node in an ordered set of abstract nodes

ipAddress address of the next hop

ipMask [ not currently used] mask for the next adjacent address

loose indicates the node is not necessarily directly connected (adjacent)to the previous node in the path. If loose is not configured, theconfiguration defaults to strict. Strict indicates that the node is directlyconnected to the previous node.

Mode(s): Explicit Path Configuration


54/387

application34

application

Description: Specifies the type of application that is secured by connections created withthis IPSec transport profile. The no version specifies the default application,L2TP.

Syntax: application applicationTypeno application

applicationType one of the following application types:

l2tp secures L2TP traffic; this is the default application

l2tp-nat-passthrough secures L2TP traffic and also allows clients toconnect from behind NAT devices that support IPSec passthrough

Mode(s): IPSec Transport Profile Configuration

aps force

Description: Forces the specified interface to be replaced by the inactive interface in anAPS/MSP group. The no version allows the specified interface to resumeoperation.

Syntax: aps force channelNumber

noaps force [ channelNumber]

channelNumber number that identifies the working or protectinterface.The number of the working interface is the same as the number ofthe corresponding active port on the I/O module. If there are n active ports

on the I/O module, working interfaces are identified by the numbers 0 ton-1. Protect interfaces are identified by the numbers of the correspondingworking interfaces plus

Swcmdref a m

Documents

Transcript of Swcmdref a m