Certexams practice tests and network simulator Register             Login

Home > Juniper Router Simulator > Configuration Statements Hierarchy

Available labs  |   Supported Commands  |   Download Junos Sim  |   Product Help  |   About Junos Sim  |   Network Diagram

 

CLI Operational Mode Commands | CLI Configuration Mode Commands 

Configuration Statements Hierarchy

The following configuration statements hierarchy is supported at this time. The supported commands are likely to be expanded with each revision of the software.

 

toggle Edit interfaces hierarchy level 

  • interfaces {
    interface-name {
    disable;
    description <text>;
    encapsulation <type>;
    hold-time up <milliseconds> down <milliseconds>;
    no-keepalives;
    keepalives interval down-count up-count;
    serial-options { 
    clock-rate <rate>;
     }
    speed (10m | 100m);
    unit <logical-unit-number> { 
    bandwidth <rate>;
    description <text>; 
    disable;
    family family {
    address <address>;
    }
    }
    }  

toggle Edit routing options hierarchy level

  • routing-options {
    static {
    route destination-prefix {
    next-hop <next-hop ip-address>;
    }
    }
    }
     

toggle Edit system hierarchy level

  • system {
    backup-router address <destination destination-address>;
    domain-name <domain-name>; 
    host-name <host-name>; 
    }
    name-server {
    <address>; 
    }
    root-authentication {
    (encrypted-password "password" | plain-text-password);
    }
    }    
    
     

toggle Edit policy-options hierarchy level

  • policy-options {
    policy-statement <policy-name> {
    term <term-name> {
    from {
    match-conditions;
    }
    to {
    match-conditions;
    }
    then actions;
    }
    }
    }
     

toggle Edit protocols hierarchy level

  • rip {
    group <group-name> {
    export [ policy-names ]; neighbor neighbor-name { import [ policy-names ]; } 
    }
    }
     
    ospf {
    area <area-id> {
    interface interface-name {
    disable;
    hello-interval <seconds>;
    dead-interval <seconds>;
    neighbor <neighbor_address>;
    }
    stub <(no-summaries | summaries)>;
    virtual-link neighbor-id router-id transit-area area-id {
    }
    }
    export [ policy-names ];
    }
     
        
    bgp
    {
    group  {
    type 
    peer-as 
    neighbor 
    neighbor  {
    peer-as 
    }
    hold-time 
    }
    }

toggle Edit firewall hierarchy level 

  • Firewall Hierarchy
    Firewall{
        family family-name {
            filter filter-name {
                term term-name {
                    from {
                        match-conditions;
                    }
                  then {
                    action;
                    action-modifiers;
                 }
             }
          }
      }
    }

toggle Edit NAT hierarchy level 

  • NAT Hierarchy
    Source Nat hierarchy
    Source {
        pool <poolname>{
            address <address>;
        }
        rule-set<rule-set-name> {
            from zone trust; 
            to zone untrust;
            from interface <interfacelist>
            rule <rule-name> {
                match {
                    source-address <source-address/prefix-list>;
                    destination-address <destination-address/prefix-list>;
                }
                then source-nat{
                    interface|off|pool <poolname> ;
                }
            }
        }
    }
    Destination NAT hierarchy
    destination{
        pool <poolname {
            address <address> port <portnumber>;
        }
        rule-set <rule-set-name> { 
            from interface <interfacelist>;
            from zone <zonename>;
            rule <rule-name> {
                match {
                    destination-address <destination-address/prefix-list>;
                    destination-port <destination port>;
                }
                then destination-nat {
                    pool <poolname>;
                }
            }
        }
    }
    Static NAT Hierarchy
    static {
        rule-set <rule-set-name>{
            from interface <interfacelist>;
            from zone <zonename>;
            rule <rule-name>{
                match {
                    destination-address <destination-address/prefix-list>;
                }
                then static-nat {
                    prefix <address prefix>;
                }
            }
        }
    }

toggle [edit security address-book] Hierarchy Level*

  • security {
    		address-book (book-name | global) {
    			address address-name {
    				ip-prefix {
    					description text;
    				}
    				description text;
    
      			}
    			address-set address-set-name {
    				address address-name;
    				address-set address-set-name;
    				description text;
    			}
    			attach {
    				zone zone-name;
    			}
    			description text;
    		}
    	}  

toggle [edit security ike] Hierarchy Level*

  • IKE Phase 1 Proposal Hierarchy
    [edit security ike]
    proposal <proposal-name>{
    authentication-method [pre-shared-keys | rsa-signatures];
    dh-group [group1 | group2 | group5];
    authentication-algorithm [md5 | sha-256 | sha1];
    encryption-algorithm [3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc];
    lifetime-seconds <seconds>;
    }
    IKE Phase 1 Policy Hierarchy
    [edit security ike]
    policy <policy-name>{
    mode [main | aggressive];
    (proposals proposal-name) | (proposal-set [basic | compatible | standard]);
    pre-shared-key [ascii-text | hexadecimal];
    } 
    IKE Phase 1 Gateway Hierarchy
    [edit security ike]
    gateway <gateway-name>{
    ike-policy <policy-name>;
    address <ip-address>;
    external-interface <interface-name>;
    dead-peer-detection {
    interval <seconds>;
    threshold <number>;
    }
    }

toggle [edit security ipsec] Hierarchy Level*

  • IPSEC Phase 2 Proposal Hierarchy
    [edit security ipsec]
    proposal <proposal-name>{
    protocol [ah | esp];
    authentication-algorithm [hmac-md5-96 | hmac-sha1-96];
    encryption-algorithm [3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc];
    lifetime-kilobytes <kilobytes>;
    lifetime-seconds <seconds>;
    } 
    IPSEC Phase 2 Policy Hierarchy
    [edit security ipsec]
    policy <policy-name>{
    perfect-forward-secrecy {
    keys [group1 | group2 | group5];
    }
    (proposals <proposal-name>) | (proposal-set [basic | compatible | standard]);
    } 
    IPSEC Phase 2 VPN Tunnel hierarchy
    [edit security ipsec]
    vpn <vpn-name>{
    bind-interface st0.x;   -------------------- is necessary only for route based VPNs
    ike {
    gateway <gateway-name>;
    ipsec-policy <policy-name>;
    }
    manual {  --------------------------- is necessary if using manual key
    }
    establish-tunnels [immediately | on-traffic];
    }
    Security policies for tunnel traffic hierarchy
    [edit security policies]
    from-zone <source-zone-name> to-zone <destination-zone-name>{
    policy <policy-name>{
    match {
    }
    then {
    permit {
    tunnel {
    ipsec-vpn <ipsec-tunnel-name>;  ----------------- Reference to the IPsec VPN tunnel
    }
    }
    }
    }
    } 

toggle Edit interfaces hierarchy level (switch)

  • ge-fpc/pic/port {
    description <text>;
    
    disable;
    ether-options {
    
    link-mode <mode>;
    
    speed (auto-negotiation | speed);
    
    }
    
    unit <logical-unit-number> {
    
    bandwidth <rate>;
    description <text>;
    disable;
    family family-name {...}
    vlan-id <vlan-id-number>;
    }
    
    }
    
    me0 {
  • unit <logical-unit-number> {
    
    family family-name {..} 
    
     }
    
     }
    
    vlan {
    unit <logical-unit-number> {
    
    family family-name {..} 
    
     }
    
     }
     

toggle Edit vlans hierarchy level (switch)

  • vlans {
    <vlan-name> {
    description <text-description>;
    l3-interface <vlan.logical-interface-number>;
    mac-table-aging-time <seconds>;
    primary-vlan <vlan-name>;
    vlan-id <number>;
    vlan-range <vlan-id-low-vlan-id-high>;
    }
    }
     

toggle Edit protocols hierarchy level (switch)

  • stp {
    bridge-priority <priority>;
    disable;
    forward-delay <seconds>;
    hello-time <seconds>;
    interface (all | interface-name) {
    edge;
    mode <mode>;
    no-root-port;
    priority <priority>;
    }
    max-age <seconds>;
    }
     
    vstp {
    vlan (all | vlan-id | vlan-name) {
    bridge-priority <priority>;
    forward-delay <seconds>;
    hello-time <seconds>;
    interface (all | interface-name) {
    edge;
    mode <mode>;
    no-root-port;
    priority <priority>;
    }
    max-age <seconds>;
    }
    }
     

toggle Edit poe hierarchy level (switch)

  • poe {
    guard-band <watts>;
    interface (all | interface-name) {
    disable;
    maximum-power (Interface) <watts>;
    priority (high | low);
    }
    management (class | static);
    }
     
*- New configuration statements hierarchy added in version 3.8.0 updated on 30/10/2018

Back

Real Time Web Analytics

Clicky