Professional Documents
Culture Documents
Junos Security Swconfig Interfaces
Junos Security Swconfig Interfaces
OS
Interfaces Configuration Guide
for Security Devices
Release
10.4
Published: 2010-10-08
Revision 01
Copyright 2010, Juniper Networks, Inc.
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
This product includes the Envoy SNMPEngine, developedby Epilogue Technology, an IntegratedSystems Company. Copyright 1986-1997,
Epilogue Technology Corporation. All rights reserved. This programand its documentation were developed at private expense, and no part
of themis in the public domain.
This product includes memory allocation software developed by Mark Moraes, copyright 1988, 1989, 1993, University of Toronto.
This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation
and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright
1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.
GateD software copyright 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through
release 3.0 by Cornell University and its collaborators. Gated is based on Kirtons EGP, UC Berkeleys routing daemon (routed), and DCNs
HELLOrouting protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD
software copyright 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright 1991, D.
L. S. Associates.
This product includes software developed by Maker Communications, Inc., copyright 1996, 1997, Maker Communications, Inc.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are
owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,
6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Junos OS Interfaces Configuration Guide for Security Devices
Release 10.4
Copyright 2010, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History
October 2010Revision 01
The information in this document is current as of the date listed in the revision history.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. The Junos OS has no known time-related limitations through
the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase
order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks.
By using this software, you indicate that you understand and agree to be bound by those terms and conditions. Generally speaking, the
software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses.
The software license may state conditions under which the license is automatically terminated. You should consult the license for further
details. For complete product documentation, please see the Juniper Networks website at www.juniper.net/techpubs.
Copyright 2010, Juniper Networks, Inc. ii
ENDUSER LICENSE AGREEMENT
READTHIS ENDUSER LICENSE AGREEMENT (AGREEMENT) BEFORE DOWNLOADING, INSTALLING, OR USINGTHE SOFTWARE.
BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TOTHE TERMS
CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO
BINDTHE CUSTOMER) CONSENTTOBE BOUNDBYTHISAGREEMENT. IF YOUDONOTORCANNOTAGREE TOTHE TERMSCONTAINED
HEREIN, THEN (A) DONOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS
REGARDING LICENSE TERMS.
1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customers principal office is located in the Americas) or
Juniper Networks (Cayman) Limited(if theCustomers principal officeis locatedoutsidetheAmericas) (suchapplicableentity beingreferred
tohereinas Juniper), and(ii) thepersonor organizationthat originally purchasedfromJuniper or anauthorizedJuniper reseller theapplicable
license(s) for use of the Software (Customer) (collectively, the Parties).
2. The Software. In this Agreement, Software means the programmodules and features of the Juniper or Juniper-supplied software, for
which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by
Juniper in equipment which Customer purchased fromJuniper or an authorized Juniper reseller. Software also includes updates, upgrades
and newreleases of such software. Embedded Software means Software which Juniper has embedded in or loaded onto the Juniper
equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.
3. LicenseGrant. Subject to payment of the applicable fees andthe limitations andrestrictions set forth herein, Juniper grants to Customer
a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable formonly, subject to the
following use restrictions:
a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by
Customer fromJuniper or an authorized Juniper reseller.
b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units
for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access
Client software only, Customer shall use such Software on a single computer containing a single physical randomaccess memory space
and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines
(e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single
chassis.
c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may
specify limits toCustomers useof theSoftware. Suchlimits may restrict usetoamaximumnumber of seats, registeredendpoints, concurrent
users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of
separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput,
performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use
of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software.
Customers use of the Software shall be subject to all such limitations and purchase of all applicable licenses.
d. For any trial copy of the Software, Customers right to use the Software expires 30 days after download, installation or use of the
Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not
extend or create an additional trial period by re-installing the Software after the 30-day trial period.
e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customers
enterprise network. Specifically, service provider customers are expressly prohibited fromusing the Global Enterprise Edition of the
Steel-Belted Radius software to support any commercial network access services.
The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase
the applicable license(s) for the Software fromJuniper or an authorized Juniper reseller.
4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees
not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized
copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the
Software, in any form, toany thirdparty; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product
in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper
equipment soldinthesecondhandmarket; (f) useany locked or key-restrictedfeature, function, service, application, operation, or capability
without first purchasing the applicable license(s) and obtaining a valid key fromJuniper, even if such feature, function, service, application,
operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the
iii Copyright 2010, Juniper Networks, Inc.
Software in any manner that extends or is broader than the uses purchased by Customer fromJuniper or an authorized Juniper reseller; (i)
use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that
the Customer did not originally purchase fromJuniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking
of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly
provided herein.
5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper,
Customer shall furnish such records to Juniper and certify its compliance with this Agreement.
6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper.
As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence,
which at a minimumincludes restricting access to the Software to Customer employees and contractors having a need to use the Software
for Customers internal business purposes.
7. Ownership. Juniper and Junipers licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to
the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance
of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies
of the Software.
8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty
statement that accompanies theSoftware(theWarranty Statement). Nothinginthis Agreement shall giverisetoany obligationtosupport
the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services
agreement. TOTHE MAXIMUMEXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA,
ORCOSTSORPROCUREMENTOFSUBSTITUTEGOODSORSERVICES, ORFORANYSPECIAL, INDIRECT, ORCONSEQUENTIALDAMAGES
ARISINGOUTOFTHISAGREEMENT, THESOFTWARE, ORANYJUNIPERORJUNIPER-SUPPLIEDSOFTWARE. INNOEVENTSHALLJUNIPER
BE LIABLE FOR DAMAGES ARISING FROMUNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE.
EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TOTHE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY
AND ALL WARRANTIES IN AND TOTHE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NOEVENT DOES
JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT
ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TOINTRUSION OR ATTACK. In no event shall Junipers or its suppliers
or licensors liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid
by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by
Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in
reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between
the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same
forman essential basis of the bargain between the Parties.
9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination
of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related
documentation in Customers possession or control.
10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from
the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction
shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All
payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in
connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing
Customers payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to
be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with
all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any
liability incurred by Juniper as a result of Customers non-compliance or delay with its responsibilities herein. Customers obligations under
this Section shall survive termination or expiration of this Agreement.
11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any
applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such
restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the
Software supplied to Customer may contain encryption or other capabilities restricting Customers ability to export the Software without
an export license.
Copyright 2010, Juniper Networks, Inc. iv
12. Commercial Computer Software. The Software is commercial computer software and is provided with restricted rights. Use,
duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS
227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.
13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer
with the interface information needed to achieve interoperability between the Software and another independently created program, on
payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use
such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.
14. ThirdParty Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products
or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement,
and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party
software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent
portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such
portions publicly available (such as the GNU General Public License (GPL) or the GNU Library General Public License (LGPL)), Juniper
will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three
years fromthe date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA
94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL
at http://www.gnu.org/licenses/lgpl.html .
15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws
principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes
arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal
courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer
with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written
(including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an
authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained
herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing
by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity
of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the
Parties agree that the English version will govern. (For Canada: Les parties aux prsents confirment leur volont que cette convention de
mme que tous les documents y compris tout avis qui s'y rattach, soient redigs en langue anglaise. (Translation: The parties confirmthat
this Agreement and all related documentation is and will be in the English language)).
v Copyright 2010, Juniper Networks, Inc.
Copyright 2010, Juniper Networks, Inc. vi
Abbreviated Table of Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Part 1 Interfaces Overview
Chapter 1 Interfaces Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Part 2 Ethernet Interfaces
Chapter 2 Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 3 Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Chapter 4 1-Port Gigabit Ethernet SFP Mini-PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Chapter 5 2-Port 10-Gigabit Ethernet XPIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Chapter 6 Power over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Part 3 DS1 and DS3 Interfaces
Chapter 7 DS1 and DS3 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 8 Channelized Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Part 4 ISDNand VoIP Interfaces
Chapter 9 ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Chapter 10 Voice over Internet Protocol with Avaya . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Part 5 DSL and ModemInterfaces
Chapter 11 DSL Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Chapter 12 G.SHDSL Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Chapter 13 VDSL2 Mini-PIMInterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Chapter 14 3G Wireless Modems for WAN Connections . . . . . . . . . . . . . . . . . . . . . . . . . 353
Chapter 15 USB Modems for Dial Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Chapter 16 DOCSIS Mini-PIM Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Chapter 17 Serial Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Part 6 Link Services and Special Interfaces
Chapter 18 Link Services Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Chapter 19 Special Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
vii Copyright 2010, Juniper Networks, Inc.
Part 7 Encapsulation
Chapter 20 Interface Encapsulation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Chapter 21 Point-to-Point Protocol over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Part 8 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Copyright 2010, Juniper Networks, Inc. viii
Junos OS Interfaces Configuration Guide for Security Devices
Table of Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
J Series and SRX Series Documentation and Release Notes . . . . . . . . . . . . . . . . . xxi
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Supported Routing Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
Part 1 Interfaces Overview
Chapter 1 Interfaces Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Interfaces Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Understanding Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Services Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Special Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Interface Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Interface Logical Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Understanding Interface Logical Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Understanding Protocol Families . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Common Protocol Suites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Other Protocol Suites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Understanding IPv4 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
IPv4 Classful Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IPv4 Dotted Decimal Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IPv4 Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IPv4 Variable-Length Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Understanding IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configuring the inet6 IPv6 Protocol Family . . . . . . . . . . . . . . . . . . . . . . . . 18
Enabling Flow-Based Processing for IPv6 Traffic . . . . . . . . . . . . . . . . . . . 19
Understanding Virtual LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Interface Physical Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Understanding Interface Physical Properties . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Understanding Bit Error Rate Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Understanding Interface Clocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Data Stream Clocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Explicit Clocking Signal Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
ix Copyright 2010, Juniper Networks, Inc.
Understanding Frame Check Sequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Cyclic Redundancy Checks and Checksums . . . . . . . . . . . . . . . . . . . . . . . 25
Two-Dimensional Parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
MTU Default and Maximum Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Understanding the Data Link Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Physical Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Error Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Frame Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Data Link Sublayers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
MAC Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Part 2 Ethernet Interfaces
Chapter 2 Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Understanding Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Ethernet Access Control and Transmission . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Collisions and Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Collision Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Backoff Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Collision Domains and LAN Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Repeaters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Bridges and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Broadcast Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Ethernet Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Example: Creating an Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Example: Deleting an Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Static ARP Entries on Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Understanding Static ARP Entries on Ethernet Interfaces . . . . . . . . . . . . . . . 39
Example: Configuring Static ARP Entries on Ethernet Interfaces . . . . . . . . . . 39
Promiscuous Mode on Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Understanding Promiscuous Mode on Ethernet Interfaces . . . . . . . . . . . . . . 42
Enabling and Disabling Promiscuous Mode on Ethernet Interfaces (CLI
Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Copyright 2010, Juniper Networks, Inc. x
Junos OS Interfaces Configuration Guide for Security Devices
Chapter 3 Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Understanding Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . 45
LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Aggregated Ethernet Interfaces Configuration Overview . . . . . . . . . . . . . . . . 47
Device Count for Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . 48
Understanding the Aggregated Ethernet Interfaces Device Count . . . . . 48
Example: Configuring the Number of Aggregated Ethernet Interfaces
on a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Example: Deleting Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . 50
Physical Interfaces for Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . 51
Understanding Physical Interfaces for Aggregated Ethernet
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Example: Associating Physical Interfaces with Aggregated Ethernet
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Link Speed for Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 52
Understanding Aggregated Ethernet Interface Link Speed . . . . . . . . . . . 52
Example: Configuring Aggregated Ethernet Link Speed . . . . . . . . . . . . . 53
Minimum Links for Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . 54
Understanding Minimum Links for Aggregated Ethernet Interfaces . . . . 54
Example: Configuring Aggregated Ethernet Minimum Links . . . . . . . . . . 54
Removal of Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Understanding Aggregated Ethernet Interface Removal . . . . . . . . . . . . . 55
Example: Deleting Aggregated Ethernet Interface Contents . . . . . . . . . . 55
Understanding VLAN Tagging for Aggregated Ethernet Interfaces . . . . . . . . . 57
Understanding Promiscuous Mode for Aggregated Ethernet Interfaces . . . . 57
Verifying Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Verifying Aggregated Ethernet Interfaces (terse) . . . . . . . . . . . . . . . . . . . 57
Verifying Aggregated Ethernet Interfaces (extensive) . . . . . . . . . . . . . . . 58
LACP for Standalone Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Understanding LACP on Standalone Devices . . . . . . . . . . . . . . . . . . . . . . . . . 59
Example: Configuring LACP on Standalone Devices . . . . . . . . . . . . . . . . . . . 60
Verifying LACP on Standalone Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Verifying LACP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Verifying LACP Aggregated Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . 63
LACP on Chassis Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Understanding LACP on Chassis Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
MinimumLinks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Sub-LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Hitless Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
PDUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Example: Configuring LACP on Chassis Clusters . . . . . . . . . . . . . . . . . . . . . . . 66
Verifying LACP on Redundant Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . 68
Chapter 4 1-Port Gigabit Ethernet SFP Mini-PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Understanding the 1-Port Gigabit Ethernet SFP Mini-PIM. . . . . . . . . . . . . . . . . . . . 71
Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Interface Names and Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
xi Copyright 2010, Juniper Networks, Inc.
Table of Contents
Available Link Speeds and Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Link Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Example: Configuring the 1-Port Gigabit Ethernet SFP Mini-PIM Interface . . . . . . 73
Chapter 5 2-Port 10-Gigabit Ethernet XPIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Understanding the 2-Port 10-Gigabit Ethernet XPIM . . . . . . . . . . . . . . . . . . . . . . . 79
Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Interface Names and Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Copper and Fiber Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Link Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Link Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Example: Configuring the 2-Port 10-Gigabit Ethernet XPIM Interface . . . . . . . . . . 82
Chapter 6 Power over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Understanding Power over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
SRX Series Services Gateway PoE Specifications . . . . . . . . . . . . . . . . . . . . . . 87
PoE Classes and Power Ratings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
PoE Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Example: Configuring PoE on All Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Example: Configuring PoE on an Individual Interface . . . . . . . . . . . . . . . . . . . . . . . 92
Example: Disabling a PoE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Part 3 DS1 and DS3 Interfaces
Chapter 7 DS1 and DS3 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
DS1 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Understanding T1 and E1 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
T1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
E1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
T1 and E1 Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
T1 and E1 Framing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
T1 and E1 Loopback Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Example: Configuring a T1 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Example: Deleting a T1 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
DS3 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Understanding T3 and E3 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Multiplexing DS1 Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
DS2 Bit Stuffing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
DS3 Framing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Example: Configuring a T3 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Example: Deleting a T3 Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Copyright 2010, Juniper Networks, Inc. xii
Junos OS Interfaces Configuration Guide for Security Devices
Chapter 8 Channelized Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Understanding Channelized Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Clear Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Understanding Channelized Interface Clear Channels . . . . . . . . . . . . . . . . . . 116
Example: Configuring a Channelized T1 Interface as a Clear Channel . . . . . . 117
Example: Configuring a Channelized E1 Interface as a Clear Channel . . . . . . 120
Verifying Clear-Channel Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Drop-and-Insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Understanding Channelized Interface Drop-and-Insert . . . . . . . . . . . . . . . . . 124
Example: Configuring a Channelized Interface to Drop and Insert Time
Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Example: Configuring Complementary Clock Sources on Channelized
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Verifying Channelized Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
ISDN PRI Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Understanding ISDN PRI Operation for Channelized Interfaces . . . . . . . . . . 136
Example: Configuring a Channelized Interface for ISDN PRI Operation . . . . 137
Verifying ISDN PRI Configuration on Channelized Interfaces . . . . . . . . . . . . . 138
Part 4 ISDNand VoIP Interfaces
Chapter 9 ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Understanding ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
ISDN Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Typical ISDN Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
NT Devices and S and T Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
U Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
ISDN Call Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Layer 2 ISDN Connection Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Layer 3 ISDN Session Establishment . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
ISDN Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
ISDN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Understanding ISDN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
ISDN BRI Interface Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
ISDN PRI Interface Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
ISDN Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Example: Adding an ISDN BRI Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Dialer Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Understanding Dialer Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Example: Configuring Dialer Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Dial Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Understanding Dial Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Example: Configuring Dial Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Dial-on-Demand Routing Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Understanding Dial-on-Demand Routing Backup . . . . . . . . . . . . . . . . . 156
Example: Configuring Dialer Filters for Dial-on-Demand Routing
Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Example: Configuring Dial-on-Demand Routing Backup with OSPF
Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
xiii Copyright 2010, Juniper Networks, Inc.
Table of Contents
Dialer Watch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Understanding Dialer Watch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Example: Configuring Dialer Watch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Dial-In and Callback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Understanding Dial-In and Callback . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Example: Configuring Dial-In and Callback . . . . . . . . . . . . . . . . . . . . . . . 163
Bandwidth on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Understanding Bandwidth on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Example: Configuring Bandwidth on Demand . . . . . . . . . . . . . . . . . . . . . . . . 167
Disabling ISDN Processes (CLI Procedure) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Verifying the ISDN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Displaying the ISDN Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Verifying an ISDN BRI Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Verifying an ISDN PRI Interface and Checking B-Channel Interface
Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Checking D-Channel Interface Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Displaying the Status of ISDN Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Verifying Dialer Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Chapter 10 Voice over Internet Protocol with Avaya . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Avaya VoIP Modules Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Avaya VoIP Modules Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Supported Avaya VoIP Modules and Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Avaya VoIP Modules Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
J2320 and J2350 Avaya VoIP Module Summary . . . . . . . . . . . . . . . . . . 186
J4350 and J6350 Avaya VoIP Module Summary . . . . . . . . . . . . . . . . . . 187
TGM550 Telephony Gateway Module Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Understanding the TGM550 Telephony Gateway Module . . . . . . . . . . . . . . 189
TGM550 Guidelines and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
TGM550 Access Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
TGM550 Console Port Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
TGM550 RJ-11 Connector Pinout for Analog Ports . . . . . . . . . . . . . . . . . . . . . 194
TGM550 MaximumMedia Gateway Capacities . . . . . . . . . . . . . . . . . . . . . . . 195
TGM550 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
TIM508 Analog Telephony Interface Module Overview . . . . . . . . . . . . . . . . . . . . 197
Understanding the TIM508 Analog Telephony Interface Module . . . . . . . . . 197
TIM508 Connector Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
TIM508 Possible Port Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
TIM508 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
TIM510 E1/T1 Telephony Interface Module Overview . . . . . . . . . . . . . . . . . . . . . . 201
Understanding the TIM510 E1/T1 Telephony Interface Module . . . . . . . . . . . 201
TIM510 RJ-45 Connector Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
TIM510 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
TIM514 Analog Telephony Interface Module Overview . . . . . . . . . . . . . . . . . . . . 203
Understanding the TIM514 Analog Telephony Interface Module . . . . . . . . . 204
TIM514 Connector Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
TIM514 Possible Port Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
TIM514 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Copyright 2010, Juniper Networks, Inc. xiv
Junos OS Interfaces Configuration Guide for Security Devices
TIM516 Analog Telephony Interface Module Overview. . . . . . . . . . . . . . . . . . . . . 207
Understanding the TIM516 Analog Telephony Interface Module . . . . . . . . . 207
TIM516 Connector Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
TIM516 Possible Port Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
TIM516 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
TIM518 Analog Telephony Interface Module Overview . . . . . . . . . . . . . . . . . . . . . 211
Understanding the TIM518 Analog Telephony Interface Module . . . . . . . . . . 211
TIM518 Connector Pinout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
TIM518 Possible Port Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
TIM518 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
TIM521 BRI Telephony Interface Module Overview . . . . . . . . . . . . . . . . . . . . . . . . 215
Understanding the TIM521 BRI Telephony Interface Module . . . . . . . . . . . . . 215
TIM521 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Avaya IG550 Integrated Gateway Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Media Gateway Controller Server Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Avaya Communication Manager Software Overview . . . . . . . . . . . . . . . . . . . . . . 220
Dynamic Call Admission Control Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Dynamic CAC Interface Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Supported Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Bearer Bandwidth Limit and Activation Priority . . . . . . . . . . . . . . . . . . . . 221
Rules for Determining Reported BBL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Configuring VoIP Interfaces with EPW and Disk-on-Key . . . . . . . . . . . . . . . . . . . 222
Example: Configuring VoIP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
TGM550 Module Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Connecting Through the TGM550 Module Console Port . . . . . . . . . . . . . . . 234
Connecting to the TGM550 with SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
TGM550 Module with Telnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Enabling Telnet Service on the TGM550 Module . . . . . . . . . . . . . . . . . . 235
Connecting to the TGM550 Module with Telnet . . . . . . . . . . . . . . . . . . 235
Disabling Telnet Service on the TGM550 Module . . . . . . . . . . . . . . . . . 236
Accessing the Services Router from the TGM550 Module . . . . . . . . . . . . . . 236
Resetting the TGM550 Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Saving the TGM550 Module Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 237
TGM550 Module and VoIP Interface Troubleshooting . . . . . . . . . . . . . . . . . . . . . 237
Part 5 DSL and ModemInterfaces
Chapter 11 DSL Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
ADSL Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
ADSL Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
ADSL2 and ADSL2+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
ATM CoS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
ADSL and SHDSL Interfaces Configuration Overview . . . . . . . . . . . . . . . . . . . . . 244
Example: Configuring ATM-over-ADSL Network Interface . . . . . . . . . . . . . . . . . 248
Example: Configuring ATM-over-SHDSL Network Interface . . . . . . . . . . . . . . . . 255
Example: Configuring CHAP on DSL Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Example: Configuring MLPPP over ADSL Interfaces . . . . . . . . . . . . . . . . . . . . . . . 270
xv Copyright 2010, Juniper Networks, Inc.
Table of Contents
Chapter 12 G.SHDSL Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
SHDSL Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
G.SHDSL Mini-PIM Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Operating Modes and Line Rates of the G.SHDSL Mini-PIM . . . . . . . . . . . . . 274
ATM CoS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
G.SHDSL Mini-PIM Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Example: Configuring the G.SHDSL Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Example: Configuring the G.SHDSL Interface on SRX Series Devices . . . . . . . . . 286
Chapter 13 VDSL2 Mini-PIMInterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
VDSL2 Mini-PIM Interface Technology Overview . . . . . . . . . . . . . . . . . . . . . . . . . 295
VDSL2 Network Deployment Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
VDSL2 Mini-PIM Support on the SRX210 and SRX240 Services Gateways . . . . 297
VDSL2 Mini-PIM Supported Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
VDSL2 Mini-PIM Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Example: Configuring the VDSL2 Interface Properties . . . . . . . . . . . . . . . . . . . . . 299
Example: Configuring VDSL2 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Example: Configuring ADSL Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Chapter 14 3G Wireless Modems for WAN Connections . . . . . . . . . . . . . . . . . . . . . . . . . 353
3G Wireless Modem Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
3G Wireless Modem Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Dialer Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Understanding the Dialer Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Example: Configuring the Dialer Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
3G Wireless Modem Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Understanding the 3G Wireless Modem Physical Interface . . . . . . . . . . . . . 363
Example: Configuring the 3G Wireless Modem Interface . . . . . . . . . . . . . . . 363
GSM Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Understanding the GSM Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Example: Configuring the GSM Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Account Activation for CDMA EV-DO Modem Cards . . . . . . . . . . . . . . . . . . . . . . 366
Understanding Account Activation for CDMA EV-DO Modem Cards . . . . . . 367
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Activating the CDMA EV-DO Modem Card with OTASP Provisioning . . . . . 368
Activating the CDMA EV-DO Modem Card Manually . . . . . . . . . . . . . . . . . . 369
Activating the CDMA EV-DO Modem Card with IOTA Provisioning . . . . . . . . 371
Unlocking the GSM 3G Wireless Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Chapter 15 USB Modems for Dial Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
USB Modem Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Dialer Interface Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
USB Modem Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Example: Configuring a USB ModemInterface for Dial Backup . . . . . . . . . . . . . . 376
Example: Configuring a Dialer Interface for USB Modem Dial Backup . . . . . . . . . 377
Example: Configuring Dialer Interface for USB Modem Dial-In . . . . . . . . . . . . . . 384
Example: Configuring PAP on Dialer Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Example: Configuring CHAP on Dialer Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 387
Copyright 2010, Juniper Networks, Inc. xvi
Junos OS Interfaces Configuration Guide for Security Devices
Chapter 16 DOCSIS Mini-PIM Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
DOCSIS Mini-PIM Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Software Features Supported on DOCSIS Mini-PIMs . . . . . . . . . . . . . . . . . . . . . 392
Example: Configuring a DOCSIS Mini-PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Chapter 17 Serial Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Serial Interfaces Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Serial Transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Signal Polarity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Serial Clocking Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Serial Interface Transmit Clock Inversion . . . . . . . . . . . . . . . . . . . . . . . . 403
DTE Clock Rate Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Serial Line Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
EIA-530 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
RS-232 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
RS-422/449 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
V.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
X.21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Example: Configuring a Serial Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Example: Deleting a Serial Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Part 6 Link Services and Special Interfaces
Chapter 18 Link Services Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Link Services Interfaces Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Services Available on a J Series Link Services Interface . . . . . . . . . . . . . . . . . 414
Link Services Exceptions on J Series Services Routers . . . . . . . . . . . . . . . . . . 415
Configuring Multiclass MLPPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Queuing with LFI on J Series Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Queuing on Q2s of Constituent Links . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Compressed Real-Time Transport Protocol Overview . . . . . . . . . . . . . . . . . . 417
Configuring Fragmentation by Forwarding Class . . . . . . . . . . . . . . . . . . . . . . 418
Configuring Link-Layer Overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Link Services Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Configuring Link Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Understanding MLPPP Bundles and Link Fragmentation and Interleaving
(LFI) on Serial Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Example: Configuring an MLPPP Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Understanding Link Fragmentation and Interleaving Configuration . . . . . . . 424
Example: Configuring Link Fragmentation and Interleaving . . . . . . . . . . . . . 425
Understanding How to Define Classifiers and Forwarding Classes . . . . . . . 426
Example: Defining Classifiers and Forwarding Classes . . . . . . . . . . . . . . . . . 426
Understanding Howto Define and Apply Scheduler Maps . . . . . . . . . . . . . . 428
Example: Defining and Applying Scheduler Maps . . . . . . . . . . . . . . . . . . . . . 429
Understanding Interface Shaping Rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
xvii Copyright 2010, Juniper Networks, Inc.
Table of Contents
Example: Defining and Applying Interface Shaping Rates . . . . . . . . . . . . . . 432
Verifying the Link Services Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Verifying Link Services Interface Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Verifying Link Services CoS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Multilink Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Understanding Multilink Frame Relay FRF.15 . . . . . . . . . . . . . . . . . . . . . . . . . 437
Example: Configuring Multilink Frame Relay MLFR FRF.15 . . . . . . . . . . . . . . 438
Understanding Multilink Frame Relay FRF.16 . . . . . . . . . . . . . . . . . . . . . . . . 439
Example: Configuring Multilink Frame Relay MLFR FRF.16 . . . . . . . . . . . . . . 440
Compressed Real-Time Transport Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Understanding Compressed Real-Time Transport Protocol . . . . . . . . . . . . . 441
Example: Configuring Compressed Real-Time Transport Protocol . . . . . . . 442
Internal Interface ls-0/0/0 Upgrade and Configuration Rollback . . . . . . . . . . . . 443
Understanding the Internal Interface LSQ-0/0/0 Configuration . . . . . . . . . 443
Example: Upgrading Configuration to Change ls-0/0/0 to lsq-0/0/0 . . . . . 443
Troubleshooting the Link Services Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Determine Which CoS Components Are Applied to the Constituent
Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Determine What Causes Jitter and Latency on the Multilink Bundle . . . . . . 447
Determine If LFI and Load Balancing Are Working Correctly . . . . . . . . . . . . . 447
Determine Why Packets Are Dropped on a PVC Between a J Series Device
and Another Vendor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Chapter 19 Special Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Understanding the Discard Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Understanding the Loopback Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Part 7 Encapsulation
Chapter 20 Interface Encapsulation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Understanding Physical Encapsulation on an Interface . . . . . . . . . . . . . . . . . . . . 461
Understanding Frame Relay Encapsulation on an Interface . . . . . . . . . . . . . . . . 462
Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Switched and Permanent Virtual Circuits . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Data-Link Connection Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Congestion Control and Discard Eligibility . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Understanding Point-to-Point Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Link Control Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
PPP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Network Control Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Magic Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
CSU/DSU Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Understanding High-Level Data Link Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
HDLC Stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
HDLC Operational Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Copyright 2010, Juniper Networks, Inc. xviii
Junos OS Interfaces Configuration Guide for Security Devices
Chapter 21 Point-to-Point Protocol over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Understanding Point-to-Point Protocol over Ethernet . . . . . . . . . . . . . . . . . . . . 469
PPPoE Discovery Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
PPPoE Session Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
PPPoE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Understanding PPPoE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Example: Configuring PPPoE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
PPPoE Encapsulation on an Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Understanding PPPoE Ethernet Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Example: Configuring PPPoE Encapsulation on an Ethernet Interface . . . . . 477
PPPoE Encapsulation on an ATM-over-ADSL or ATM-over-SHDSL Interface . . 478
Understanding PPPoE ATM-over-ADSL and ATM-over-SHDSL
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Example: Configuring PPPoE Encapsulation on an ATM-over-ADSL
Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
CHAP Authentication on a PPPoE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Understanding CHAP Authentication on a PPPoE Interface . . . . . . . . . . . . . 481
Example: Configuring CHAP Authentication on a PPPoE Interface . . . . . . . 481
PPPoE-Based Radio-to-Router Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Understanding the PPPoE-Based Radio-to-Router Protocol . . . . . . . . . . . . 483
Example: Configuring the PPPoE-Based Radio-to-Router Protocol . . . . . . 485
Part 8 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
xix Copyright 2010, Juniper Networks, Inc.
Table of Contents
Copyright 2010, Juniper Networks, Inc. xx
Junos OS Interfaces Configuration Guide for Security Devices
About This Guide
This preface provides the following guidelines for using the Junos OS Interfaces
Configuration Guide for Security Devices:
J Series and SRX Series Documentation and Release Notes on page xxi
Objectives on page xxii
Audience on page xxii
Supported Routing Platforms on page xxii
Document Conventions on page xxii
Documentation Feedback on page xxiv
Requesting Technical Support on page xxiv
J Series and SRX Series Documentation and Release Notes
For a list of related J Series documentation, see
http://www.juniper.net/techpubs/software/junos-jseries/index-main.html .
For a list of related SRX Series documentation, see
http://www.juniper.net/techpubs/hardware/srx-series-main.html .
If the information in the latest release notes differs fromthe information in the
documentation, followthe Junos OS Release Notes.
To obtain the most current version of all Juniper Networks
technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
Juniper Networks supports atechnical bookprogramtopublishbooks byJuniper Networks
engineers and subject matter experts with book publishers around the world. These
books go beyond the technical documentation to explore the nuances of network
architecture, deployment, and administration using the Junos operating system(Junos
OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library,
published in conjunction with O'Reilly Media, explores improving network security,
reliability, and availability using Junos OS configuration techniques. All the books are for
sale at technical bookstores and book outlets around the world. The current list can be
viewed at http://www.juniper.net/books .
xxi Copyright 2010, Juniper Networks, Inc.
Objectives
This guide describes howto use and configure key security features on J Series Services
Routers and SRX Series Services Gateways running Junos OS. It provides conceptual
information, suggested workflows, and examples where applicable.
Audience
This manual is designed for anyone who installs, sets up, configures, monitors, or
administers a J Series Services Router or an SRX Series Services Gateway running Junos
OS. The manual is intended for the following audiences:
Customers with technical knowledge of and experience with networks and network
security, the Internet, and Internet routing protocols
Network administrators who install, configure, and manage Internet routers
Supported Routing Platforms
This manual describes features supported on J Series Services Routers and SRX Series
Services Gateways running Junos OS.
Document Conventions
Table 1 on page xxii defines the notice icons used in this guide.
Table 1: Notice Icons
Description Meaning Icon
Indicates important features or instructions. Informational note
Indicates a situation that might result in loss of data or hardware damage. Caution
Alerts you to the risk of personal injury or death. Warning
Alerts you to the risk of personal injury froma laser. Laser warning
Table 2 on page xxiii defines the text and syntax conventions used in this guide.
Copyright 2010, Juniper Networks, Inc. xxii
Junos OS Interfaces Configuration Guide for Security Devices
Table 2: Text and Syntax Conventions
Examples Description Convention
To enter configuration mode, type the
configure command:
user@host> configure
Represents text that you type. Bold text like this
user@host> showchassis alarms
No alarms currently active
Represents output that appears on the
terminal screen.
Fixed-width text like this
A policy termis a named structure
that defines match conditions and
actions.
Junos SystemBasics Configuration
Guide
RFC1997, BGPCommunities Attribute
Introduces important newterms.
Identifies book names.
Identifies RFCand Internet draft titles.
Italic text like this
Configure the machines domain name:
[edit]
root@# set systemdomain-name
domain-name
Represents variables (options for which
you substitute a value) in commands or
configuration statements.
Italic text like this
To configure a stub area, include the
stub statement at the [edit protocols
ospf area area-id] hierarchy level.
Theconsoleport is labeledCONSOLE.
Represents names of configuration
statements, commands, files, and
directories; IP addresses; configuration
hierarchy levels; or labels on routing
platformcomponents.
Text like this
stub <default-metric metric>; Enclose optional keywords or variables. < > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between the mutually
exclusive keywords or variables on either
side of the symbol. The set of choices is
often enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { #Required for dynamic MPLS only Indicates a comment specified on the
samelineas theconfigurationstatement
to which it applies.
# (pound sign)
community name members [
community-ids ]
Enclose a variable for which you can
substitute one or more values.
[ ] (square brackets)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
Identify a level in the configuration
hierarchy.
Indention and braces ( { } )
Identifies a leaf statement at a
configuration hierarchy level.
; (semicolon)
J-Web GUI Conventions
xxiii Copyright 2010, Juniper Networks, Inc.
About This Guide
Table 2: Text and Syntax Conventions (continued)
Examples Description Convention
In the Logical Interfaces box, select
All Interfaces.
To cancel the configuration, click
Cancel.
Represents J-Web graphical user
interface (GUI) items you click or select.
Bold text like this
In the configuration editor hierarchy,
select Protocols>Ospf.
Separates levels in a hierarchy of J-Web
selections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback format
https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include
the following information with your comments:
Document or topic name
URL or page number
Software release version (if applicable)
Requesting Technical Support
Technical product support is availablethroughtheJuniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need postsales technical support, you can access
our tools and resources online or open a case with JTAC.
JTAC policiesFor a complete understanding of our JTAC procedures and policies,
reviewthe JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .
Product warrantiesFor product warranty information, visit
http://www.juniper.net/support/warranty/ .
JTAC Hours of Operation The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problemresolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
Find CSC offerings: http://www.juniper.net/customers/support/
Find product documentation: http://www.juniper.net/techpubs/
Copyright 2010, Juniper Networks, Inc. xxiv
Junos OS Interfaces Configuration Guide for Security Devices
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
Download the latest versions of software and reviewrelease notes:
http://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
Toverify serviceentitlement by product serial number, useour Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, visit us at
http://www.juniper.net/support/requesting-support.html
xxv Copyright 2010, Juniper Networks, Inc.
About This Guide
Copyright 2010, Juniper Networks, Inc. xxvi
Junos OS Interfaces Configuration Guide for Security Devices
PART 1
Interfaces Overview
Interfaces Overviewon page 3
1 Copyright 2010, Juniper Networks, Inc.
Copyright 2010, Juniper Networks, Inc. 2
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 1
Interfaces Overview
Interfaces Overviewon page 3
Interface Naming Conventions on page 9
Interface Logical Properties on page 11
Interface Physical Properties on page 22
Understanding the Data Link Layer on page 28
Interfaces Overview
Understanding Interfaces on page 3
Network Interfaces on page 4
Services Interfaces on page 5
Special Interfaces on page 8
Understanding Interfaces
Interfaces act as a doorway through which traffic enters and exits a device. J Series
Services Routers and SRX Series Service Gateways support a variety of interface types:
Network interfacesNetworking interfaces primarily provide traffic connectivity.
Services interfacesServices interfaces manipulate traffic before it is delivered to its
destination.
Special interfacesSpecial interfaces include management interfaces, the loopback
interface, and the discard interface.
Each type of interface uses a particular mediumto transmit data. The physical wires and
Data Link Layer protocols used by a mediumdetermine howtraffic is sent. To configure
and monitor J Series or SRXSeries device interfaces, you need to understand their media
characteristics, as well as physical andlogical properties such as IPaddressing, link-layer
protocols, and link encapsulation.
NOTE: Most interfaces are configurable, but some internally generated
interfaces are not configurable.
3 Copyright 2010, Juniper Networks, Inc.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Interface Naming Conventions on page 9
Understanding Interface Logical Properties on page 11
Understanding Interface Physical Properties on page 22
Understanding the Data Link Layer on page 28
Router Interfaces Overviewin the Junos OS Network Interfaces Configuration Guide
Network Interfaces
All Juniper Networks devices use network interfaces to make physical connections to
other devices. A connection takes place along media-specific physical wires through an
I/OCard (IOC) in the SRX Series Services Gateway or a port on a Physical Interface
Module (PIM) installed in the J Series Services Router. Networking interfaces primarily
provide traffic connectivity.
Youmust configureeachnetworkinterfacebeforeit canoperateonthedevice. Configuring
an interface can define both the physical properties of the link and the logical properties
of a logical interface on the link.
Table 3 on page 4 describes network interfaces that are available on SRX Series and J
Series devices.
Table 3: Network Interfaces
Description Interface Name
Aggregated Ethernet interface. See Understanding Aggregated Ethernet Interfaces on page 45. ae
ATM-over-ADSL or ATM-over-SHDSL WAN interface. See DSL Interfaces on page 241. at
Bearer channel on an ISDN interface. See ISDN on page 141. bc
Basic Rate Interface for establishing ISDN connections. See ISDN on page 141. br
Channelized E1 interface. See Channelized Interfaces on page 115. ce1
Channelized T1 interface. See Channelized Interfaces on page 115. ct1
Delta channel on an ISDN interface. See ISDN on page 141. dc
Dialer interface for initiating ISDN and USB modemconnections. See ISDN on page 141 and USB
Modems for Dial Backup on page 373.
dl
E1 (also called DS1) WAN interface. See DS1 and DS3 Interfaces on page 99. e1
E3 (also called DS3) WAN interface. See DS1 and DS3 Interfaces on page 99. e3
Fast Ethernet interface. See Understanding Ethernet Interfaces on page 33. fe
Copyright 2010, Juniper Networks, Inc. 4
Junos OS Interfaces Configuration Guide for Security Devices
Table 3: Network Interfaces (continued)
Description Interface Name
Gigabit Ethernet interface. See Understanding Ethernet Interfaces on page 33. ge
VDSL2 interface. See DSL Interfaces on page 241. pt
For chassis cluster configurations only, redundant Ethernet interface. See Understanding Ethernet
Interfaces on page 33.
reth
Serial interface (either RS-232, RS-422/499, RS-530, V.35, or X.21). See Serial Interfaces on
page 401.
se
T1 (also called DS1) WAN interface. See DS1 and DS3 Interfaces on page 99. t1
T3 (also called DS3) WAN interface. See DS1 and DS3 Interfaces on page 99. t3
WXCIntegratedServices Module (ISM200) interface for WANacceleration. See the WXCIntegrated
Services Module Installation and Configuration Guide.
wx
10-Gigabit Ethernet interface. SeeUnderstandingthe2-Port 10-Gigabit Ethernet XPIM onpage79. xe
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Services Interfaces on page 5
Special Interfaces on page 8
Services Interfaces
Services interfaces provide specific capabilities for manipulating traffic before it is
deliveredto its destination. On Juniper Networks MSeries andTSeries routing platforms,
individual services such as IP-over-IP encapsulation, link services such as multilink
protocols, adaptive services such as stateful firewall filters and NAT, and sampling and
logging capabilities are implemented by services Physical Interface Cards (PICs). On a
J Series device, these same features are implemented by the general-purpose CPU on
the main circuit board.
Although the same Junos OS image supports the services features across all routing
platforms, on a J Series device no Physical Interface Module (PIM) is associated with
services features. To configure services on a J Series device, you must configure one or
more internal interfaces by specifying PIMslot 0 and port 0for example, gr-0/0/0 for
GRE.
Table 4 on page 6 describes services interfaces that you can configure on SRX Series
Services Gateways and J Series Services Routers.
5 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
Table 4: Configurable Services Interfaces
Description Interface Name
Configurable generic routing encapsulation (GRE) interface. GRE allows the encapsulation of one
routing protocol over another routing protocol.
WithinaJ Series device, packets areroutedtothis internal interface, wherethey arefirst encapsulated
with a GRE packet and then re-encapsulated with another protocol packet to complete the GRE.
The GRE interface is an internal interface only and is not associated with a physical mediumor PIM.
You must configure the interface for it to performGRE. See Tunnel Services Overviewin the Junos
OS Services Interfaces Configuration Guide.
gr-0/0/0
Configurable IP-over-IP encapsulation (also called IP tunneling) interface. IP tunneling allows the
encapsulation of one IP packet over another IP packet.
Generally, IP routing allows packets to be routed directly to a particular address. However, in some
instancesyoumight needtorouteanIPpacket tooneaddressandthenencapsulateit for forwarding
to a different address. In a mobile environment in which the location of the end device changes, a
different IP address might be used as the end device migrates between networks.
Within a J Series device, packets are routed to this internal interface where they are encapsulated
with an IP packet and then forwarded to the encapsulating packet's destination address. The IP-IP
interface is an internal interface only and is not associated with a physical mediumor PIM. You must
configure the interface for it to performIP tunneling. See Tunnel Services Overviewin the Junos OS
Services Interfaces Configuration Guide.
ip-0/0/0
Configurable link services queuing interface. Link services include the multilink services MLPPP,
MLFR, and Compressed Real-Time Transport Protocol (CRTP).
WithinaJ Series device, packets areroutedtothis internal interfacefor link bundlingor compression.
The link services interface is an internal interface only and is not associated with a physical medium
or PIM. You must configure the interface for it to performmultilink services.
NOTE: The ls-0/0/0 interface has been deprecated. All multiclass multilink features supported by
ls-0/0/0 are nowsupported by lsq-0/0/0.
See Link Services Interfaces Overview on page 413.
lsq-0/0/0
Interface used to provide class-of-service (CoS) support for real-time performance monitoring
(RPM) probe packets.
Within a J Series device, packets are routed to this internal interface for services. The lt interface is
an internal interface only and is not associated with a physical mediumor PIM. You must configure
the interface for it to performCoS for RPMservices.
NOTE: The lt interface on the MSeries and T Series routing platforms supports configuration of
logical devicesthe capability to partition a single physical device into multiple logical devices that
performindependent routing tasks. However, the lt interface on the J Series device does not support
logical devices.
See the Junos OS Class of Service Configuration Guide for Security Devices.
lt-0/0/0
Copyright 2010, Juniper Networks, Inc. 6
Junos OS Interfaces Configuration Guide for Security Devices
Table 4: Configurable Services Interfaces (continued)
Description Interface Name
Protocol Independent Multicast (PIM) de-encapsulationinterface. InPIMsparsemode, thefirst-hop
routing platformencapsulates packets destined for the rendezvous point device. The packets are
encapsulated with a unicast header and are forwarded through a unicast tunnel to the rendezvous
point. The rendezvous point then de-encapsulates the packets and transmits themthrough its
multicast tree.
Within a device, packets are routed to this internal interface for de-encapsulation. The PIM
de-encapsulationinterfaceis aninternal interfaceonly andis not associatedwithaphysical interface.
You must configure PIMwith the [edit protocol pim] hierarchy to performPIMde-encapsulation.
See Tunnel Services Overviewin the Junos OS Services Interfaces Configuration Guide.
pd-0/0/0
Protocol Independent Multicast (PIM) encapsulation interface. In PIMsparse mode, the first-hop
routing platformencapsulates packets destined for the rendezvous point device. The packets are
encapsulated with a unicast header and are forwarded through a unicast tunnel to the rendezvous
point. The rendezvous point then de-encapsulates the packets and transmits themthrough its
multicast tree.
Withinadevice, packets areroutedtothis internal interfacefor encapsulation. ThePIMencapsulation
interface is an internal interface only and is not associated with a physical interface. You must
configure PIMwith the [edit protocol pim] hierarchy to performPIMencapsulation. See Tunnel
Services Overviewin the Junos OS Services Interfaces Configuration Guide.
pe-0/0/0
Configurable PPPoE encapsulation interface. PPP packets being routed in an Ethernet network use
PPPoE encapsulation.
Within a J Series device, packets are routed to this internal interface for PPPoE encapsulation. The
PPPoE encapsulation interface is an internal interface only and is not associated with a physical
mediumor PIM. You must configure the interface for it to forward PPPoE traffic.
See Understanding Point-to-Point Protocol over Ethernet on page 469.
pp0
Secure tunnel interface used for IPSec VPNs. See Implementing Policy Based IPsec VPN Using SRX
Series Services Gateways at
http://www.juniper.net/us/en/local/pdf/app-notes/3500175-en.pdf .
st0
Configurable USB modemphysical interface. This interface is detected when an USB modemis
connected to the USB port on the device.
NOTE: The J4350and J6350devices have two USB ports. However, you can connect only one USB
modemto the USBports on these devices. If you connect USBmodems to both the USBports, only
the first USB modemconnected to the device is recognized.
See USB Modems for Dial Backup on page 373.
umd0
Table 5 on page 7 describes non-configuable services interfaces for SRX Series Services
Gateways and J Series Services Routers.
Table 5: Non-Configurable Services Interfaces
Description Interface Name
Internally generated GRE interface. The Junos OS generates this interface to handle GRE. It is not
a configurable interface.
gre
7 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
Table 5: Non-Configurable Services Interfaces (continued)
Description Interface Name
Internally generatedIP-over-IPinterface. The Junos OSgenerates this interface tohandle IP-over-IP
encapsulation. It is not a configurable interface.
ipip
Internally generatedlink services interface. The Junos OSgenerates this interface tohandle multilink
services like MLPPP, MLFR, and CRTP. It is not a configurable interface.
lsi
Internally configured interface used by the systemas a control path between the WXC Integrated
Services Module and the Routing Engine. It is not a configurable interface. See the WXC Integrated
Services Module Installation and Configuration Guide.
pc-pim/0/0
Internally generated Protocol Independent Multicast (PIM) de-encapsulation interface. The Junos
OS generates this interface to handle PIMde-encapsulation. It is not a configurable interface.
pimd
Internally generated Protocol Independent Multicast (PIM) encapsulation interface. The Junos OS
generates this interface to handle PIMencapsulation. It is not a configurable interface.
pime
Internally generated interface. The Junos OS generates this interface to monitor and record traffic
during passive monitoring. When packets are discarded by the Packet Forwarding Engine, they are
placed on this interface. It is not a configurable interface.
tap
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Network Interfaces on page 4
Special Interfaces on page 8
Special Interfaces
Special interfaces include management interfaces, which are primarily intended for
accessing the device remotely, the loopback interface, which has several uses depending
on the particular Junos OS feature being configured, and the discard interface.
Table 6 on page 8 describes special interfaces for SRX Series Services Gateways and
J Series Services Routers.
Table 6: Special Interfaces
Description Interface Name
On J Series devices, the fxp0 interface is the management port, and fxp1 is used as the control link
interface in a chassis cluster. On SRX Series devices, the fxp0management interface is a dedicated
port located on the Routing Engine.
fxp0, fxp1
Loopbackaddress. Theloopbackaddress has several uses, dependingontheparticular Junos feature
being configured.
lo0
Discard interface dsc
Copyright 2010, Juniper Networks, Inc. 8
Junos OS Interfaces Configuration Guide for Security Devices
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Network Interfaces on page 4
Services Interfaces on page 5
Interface Naming Conventions
Each device interface has a unique name that follows a naming convention. If you are
familiar with Juniper Networks MSeries and T Series routing platforms, be aware that
device interface names are similar to but not identical with the interface names on those
routing platforms.
The unique name of each network interface identifies its type and location and indicates
whether it is aphysical interfaceor anoptional logical unit createdonaphysical interface:
The name of each network interface has the following format to identify the physical
device that corresponds to a single physical network connector:
type-slot/pim-or-ioc/port
Network interfaces that are fractionalized into time slots include a channel number in
the name, preceded by a colon (:):
type-slot/pim-or-ioc/port:channel
Each logical interface has an additional logical unit identifier, preceded by a period (.):
type-slot/pim-or-ioc/port:<channel>.unit
The parts of an interface name are summarized in Table 7 on page 9.
Table 7: Network Interface Names
Possible Values Meaning Name Part
See Network Interfaces on page 4, Special Interfaces on page 8, and
Services Interfaces on page 5.
Type of network medium
that can connect to this
interface.
type
9 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
Table 7: Network Interface Names (continued)
Possible Values Meaning Name Part
J Series Services Router: The slot number begins at 1 and increases as
follows fromtop to bottom, left to right:
J2320 routerSlots 1 to 3
J2350 routerSlots 1 to 5
J4350 or J6350 routerPIMslots 1 to 6
The slot number 0 is reserved for the out-of-band management ports.
SRX5600andSRX5800devices: Theslot number beginsat 0andincreases
as follows fromleft to right, bottomto top:
SRX5600 deviceSlots 0 to 5
SRX5800 deviceSlots 0 to 5, 7 to 11
SRX3400andSRX3600devices: TheSwitchFabric Board(SFB) is always
0. Slot numbers increase as follows fromtop to bottom, left to right:
SRX3400 devceSlots 0 to 4
SRX3600 deviceSlots 0 to 6
Number of the chassis slot in
which a PIMor IOC is
installed.
slot
J Series devices: This number is always 0. Only one PIMcan be installed in
a slot.
SRX5600 and SRX5800 devices: For 40-port Gigabit Ethernet IOCs or
4-port 10-Gigabit Ethernet IOCs, this number can be 0, 1, 2, or 3.
SRX3400 and SRX3600 devices: This number is always 0. Only one IOC
can be installed in a slot.
Number of the PIMor IOCon
which the physical interface
is located.
pim-or-ioc
J Series Services Routers:
On a single-port PIM, the number is always 0.
On a multiple-port PIM, this number begins at 0 and increases fromleft
to right, bottomto top, to a maximumof 3.
On SRX5600 and SRX5800 devices:
For 40-port Gigabit Ethernet IOCs, this number begins at 0andincreases
fromleft to right to a maximumof 9.
For 4-port 10-Gigabit Ethernet IOCs, this number is always 0.
On SRX3400 and SRX3600 devices:
For the SFB built-in copper Gigabit Ethernet ports, this number begins
at 0 and increases fromtop to bottom, left to right, to a maximumof 7.
For the SFB built-in fiber Gigabit Ethernet ports, this number begins at
8 and increases fromleft to right to a maximumof 11.
For 16-port Gigabit Ethernet IOCs, this number begins at 0toamaximum
of 15.
For 2-port 10-Gigabit Ethernet IOCs, this number is 0 or 1.
Port numbers appear on the PIMor IOC faceplate.
Number of the port on a PIM
or IOC on which the physical
interface is located.
port
Copyright 2010, Juniper Networks, Inc. 10
Junos OS Interfaces Configuration Guide for Security Devices
Table 7: Network Interface Names (continued)
Possible Values Meaning Name Part
On an E1 interface, a value from1 through 31. The 1 time slot is reserved.
On a T1 interface, a value from1 through 24.
Number of thechannel (time
slot) on a fractional or
channelizedT1 or E1 interface.
channel
A value from0 through 16384.
If no logical interface number is specified, unit 0 is the default, but must
be explicitly configured.
Number of the logical
interface created on a
physical interface.
unit
For example, the interface name e1-5/0/0:15.0 on a J Series Services Router represents
the following information:
E1 WAN interface
PIMslot 5
PIMnumber 0 (always 0)
Port 0
Channel 15
Logical interface, or unit, 0
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Interface Descriptors Overviewin the Junos OS Network Interfaces Configuration Guide
Services Interface Naming Overviewin the Junos OS Services Interfaces Configuration
Guide
Interface Logical Properties
Understanding Interface Logical Properties on page 11
Understanding Protocol Families on page 12
Understanding IPv4 Addressing on page 13
IPv6 Addressing on page 16
Understanding Virtual LANs on page 20
Understanding Interface Logical Properties
The logical properties of an interface are the characteristics that do not apply to the
physical interface or the wires connected to it. Logical properties include:
Protocol families running on the interface (including any protocol-specific MTUs)
IP address or addresses associated with the interface. A logical interface can be
configured with an IPv6 address, IPv4 address, or both. The IP specification requires a
11 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
unique address on every interface of each systemattached to an IP network, so that
traffic can be correctly routed. Individual hosts such as home computers must have a
single IP address assigned. Devices must have a unique IP address for every interface.
Virtual LAN (VLAN) tagging
Any firewall filters or routing policies that are operating on the interface
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Understanding Protocol Families on page 12
Understanding IPv4 Addressing on page 13
Understanding IPv6 Addressing on page 16
Understanding Virtual LANs on page 20
Configuring the Interface Address in the Junos OS Network Interfaces Configuration
Guide
Understanding Protocol Families
Aprotocol family is agroupof logical properties withinaninterfaceconfiguration. Protocol
families include all the protocols that make up a protocol suite. To use a protocol within
a particular suite, you must configure the entire protocol family as a logical property for
aninterface. Theprotocol families includecommonandnot-so-commonprotocol suites.
This topic contains the following sections:
Common Protocol Suites on page 12
Other Protocol Suites on page 13
Common Protocol Suites
Junos OS protocol families include the following common protocol suites:
InetSupports IP protocol traffic, including OSPF, BGP, and Internet Control Message
Protocol (ICMP).
Inet6Supports IPv6 protocol traffic, including RIP for IPv6 (RIPng), IS-IS, and BGP.
ISOSupports IS-IS traffic.
MPLSSupports MPLS.
NOTE: Junos OS security features are flow-basedmeaning the device sets
up a flowto examine the traffic. Flow-based processing is not supported for
ISOor MPLS protocol families.
Copyright 2010, Juniper Networks, Inc. 12
Junos OS Interfaces Configuration Guide for Security Devices
Other Protocol Suites
In addition to the common protocol suites, Junos protocol families sometimes use the
following protocol suites:
cccCircuit cross-connect (CCC).
mlfr-uni-nniMultilinkFrameRelay(MLFR) FRF.16user-to-networknetwork-to-network
(UNI NNI).
mlfr-end-to-endMultilink Frame Relay end-to-end.
mlpppMultilink Point-to-Point Protocol.
tccTranslational cross-connect (TCC).
tnpTrivial Network Protocol. This Juniper Networks proprietary protocol provides
communication between the Routing Engine and the device's packet forwarding
components. Junos OS automatically configures this protocol family on the device's
internal interfaces only.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Logical Properties on page 11
Configuring the Protocol Family in the Junos OSNetwork Interfaces Configuration Guide
Understanding IPv4 Addressing
IPv4addresses are32-bit numbers that aretypically displayedindotteddecimal notation.
A 32-bit address contains two primary parts: the network prefix and the host number.
All hosts within a single network share the same network address. Each host also has an
address that uniquely identifies it. Depending on the scope of the network and the type
of device, the address is either globally or locally unique. Devices that are visible to users
outside the network (webservers, for example) must have a globally unique IP address.
Devices that are visible only within the network (J Series devices, for example) must have
locally unique IP addresses.
IP addresses are assigned by a central numbering authority called the Internet Assigned
Numbers Authority (IANA). IANA ensures that addresses are globally unique where
needed and has a large address space reserved for use by devices not visible outside
their own networks.
This topic contains the following sections:
IPv4 Classful Addressing on page 14
IPv4 Dotted Decimal Notation on page 14
IPv4 Subnetting on page 14
IPv4 Variable-Length Subnet Masks on page 15
13 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
IPv4 Classful Addressing
Toprovide flexibility inthe number of addresses distributedtonetworks of different sizes,
4-octet (32-bit) IP addresses were originally divided into three different categories or
classes: class A, class B, and class C. Each address class specifies a different number of
bits for its network prefix and host number:
Class A addresses use only the first byte (octet) to specify the network prefix, leaving
3 bytes to define individual host numbers.
Class B addresses use the first 2 bytes to specify the network prefix, leaving 2 bytes to
define host addresses.
Class C addresses use the first 3 bytes to specify the network prefix, leaving only the
last byte to identify hosts.
In binary format, with an x representing each bit in the host number, the three address
classes can be represented as follows:
00000000 xxxxxxxx xxxxxxxx xxxxxxxx (Class A)
00000000 00000000 xxxxxxxx xxxxxxxx (Class B)
00000000 00000000 00000000 xxxxxxxx (Class C)
Because each bit (x) in a host number can have a 0 or 1 value, each represents a power
of 2. For example, if only 3 bits are available for specifying the host number, only the
following host numbers are possible:
111 110 101 100 011 010 001 000
IneachIPaddress class, thenumber of host-number bits raisedtothepower of 2indicates
howmany host numbers canbecreatedfor aparticular network prefix. Class Aaddresses
have 2
24
(or 16,777,216) possible host numbers, class B addresses have 2
16
(or 65,536)
host numbers, and class C addresses have 2
8
(or 256) possible host numbers.
IPv4 Dotted Decimal Notation
The 32-bit IPv4addresses are most often expressedin dotteddecimal notation, in which
each octet (or byte) is treated as a separate number. Within an octet, the rightmost bit
represents 2
0
(or 1), increasing to the left until the first bit in the octet is 2
7
(or 128).
Following are IP addresses in binary format and their dotted decimal equivalents:
11010000 01100010 11000000 10101010 = 208.98.192.170
01110110 00001111 11110000 01010101 = 118.15.240.85
00110011 11001100 00111100 00111011 = 51.204.60.59
IPv4 Subnetting
Because of the physical and architectural limitations on the size of networks, you often
must break large networks into smaller subnetworks. Within a network, each wire or ring
requires its own network number and identifying subnet address.
Figure 1 on page 15 shows two subnets in a network.
Copyright 2010, Juniper Networks, Inc. 14
Junos OS Interfaces Configuration Guide for Security Devices
Figure 1: Subnets in a Network
Figure 1 on page 15 shows three devices connectedto one subnet and three more devices
connected to a second subnet. Collectively, the six devices and two subnets make up
the larger network. In this example, the network is assigned the network prefix 192.14.0.0,
a class B address. Each device has an IP address that falls within this network prefix.
In addition to sharing a network prefix (the first two octets), the devices on each subnet
share a third octet. The third octet identifies the subnet. All devices on a subnet must
have the same subnet address. In this case, the alpha subnet has the IP address
192.14.126.0 and the beta subnet has the IP address 192.14.17.0.
The subnet address 192.14.17.0 can be represented as follows in binary notation:
11000000 . 00001110 . 00010001 . xxxxxxxx
Because the first 24 bits in the 32-bit address identify the subnet, the last 8 bits are not
significant. To indicate the subnet, the address is written as 192.14.17.0/24 (or just
192.14.17/24). The /24 is the subnet mask (sometimes shown as 255.255.255.0).
IPv4 Variable-Length Subnet Masks
Traditionally, subnets were divided by address class. Subnets had either 8, 16, or
24 significant bits, corresponding to 2
24
, 2
16
, or 2
8
possible hosts. As a result, an entire /16
subnet had to be allocated for a network that required only 400 addresses, wasting
65,136 (2
16
400 = 65,136) addresses.
Tohelpallocate address spaces more efficiently, variable-length subnet masks (VLSMs)
wereintroduced. UsingVLSM, networkarchitects canallocatemoreprecisely thenumber
of addresses required for a particular subnet.
For example, suppose a network with the prefix 192.14.17/24 is divided into two smaller
subnets, one consisting of 18 devices and the other of 46 devices.
To accommodate 18 devices, the first subnet must have 2
5
(32) host numbers. Having
5 bits assigned to the host number leaves 27 bits of the 32-bit address for the subnet.
15 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
The IP address of the first subnet is therefore 192.14.17.128/27, or the following in binary
notation:
11000000 . 00001110 . 00010001 . 100xxxxx
The subnet mask includes 27 significant digits.
To create the second subnet of 46 devices, the network must accommodate 2
6
(64)
host numbers. The IP address of the second subnet is 192.14.17.64/26, or
11000000 . 00001110 . 00010001 . 01xxxxxx
By assigning address bits within the larger /24 subnet mask, you create two smaller
subnets that use the allocated address space more efficiently.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Logical Properties on page 11
Understanding IPv6 Addressing on page 16
IPv6 Addressing
Understanding IPv6 Addressing on page 16
Configuring the inet6 IPv6 Protocol Family on page 18
Enabling Flow-Based Processing for IPv6 Traffic on page 19
Understanding IPv6 Addressing
To create a much larger address space and relieve a projected future shortage of IP
addresses, IPv6 was created. IPv6 addresses consist of 128 bits, instead of 32 bits, and
include a scope field that identifies the type of application suitable for the address. IPv6
does not support broadcast addresses, but instead uses multicast addresses for
broadcast. In addition, IPv6 defines a newtype of address called anycast.
This topic contains the following sections:
IPv6 Address Representation on page 16
IPv6 Address Types on page 17
IPv6 Address Scope on page 17
IPv6 Address Structure on page 17
IPv6 Address Representation
IPv6 addresses consist of 8 groups of 16-bit hexadecimal values separated by colons
(:). IPv6 addresses have the following format:
aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa
Eachaaaaisa16-bit hexadecimal value, andeachaisa4-bit hexadecimal value. Following
is a sample IPv6 address:
3FFE:0000:0000:0001:0200:F8FF:FE75:50DF
You can omit the leading zeros of each 16-bit group, as follows:
Copyright 2010, Juniper Networks, Inc. 16
Junos OS Interfaces Configuration Guide for Security Devices
3FFE:0:0:1:200:F8FF:FE75:50DF
You can compress 16-bit groups of zeros to double colons (::) as shown in the following
example, but only once per address:
3FFE::1:200:F8FF:FE75:50DF
An IPv6 address prefix is a combination of an IPv6 prefix (address) and a prefix length.
The prefix takes the formipv6-prefix/prefix-length and represents a block of address
space (or a network). The ipv6-prefix variable follows general IPv6 addressing rules. The
/prefix-length variable is a decimal value that indicates the number of contiguous,
higher-order bits of the address that make up the network portion of the address. For
example, 10FA:6604:8136:6502::/64 is a possible IPv6 prefix.
For more information on the text representation of IPv6 addresses and address prefixes,
see RFC 4291, IP Version 6 Addressing Architecture.
IPv6 Address Types
IPv6 has three types of addresses:
UnicastFor a single interface.
MulticastFor a set of interfaces on the same physical medium. A packet is sent to all
interfaces associated with the address.
AnycastFor a set of interfaces on different physical media. A packet is sent to only
one of the interfaces associated with this address, not to all the interfaces.
IPv6 Address Scope
Unicast and multicast IPv6 addresses support address scoping, which identifies the
application suitable for the address.
Unicast addresses support global address scope and two types of local address scope:
Link-local unicast addressesUsed only on a single network link. The first 10 bits of
the prefix identify the address as a link-local address. Link-local addresses cannot be
used outside the link.
Site-local unicast addressesUsed only within a site or intranet. A site consists of
multiple network links. Site-local addresses identify nodes inside the intranet and
cannot be used outside the site.
Multicast addresses support 16 different types of address scope, including node, link,
site, organization, andglobal scope. A4-bit fieldintheprefix identifies theaddress scope.
IPv6 Address Structure
Unicast addresses identify a single interface. Each unicast address consists of n bits for
the prefix, and 128 n bits for the interface ID.
Multicast addresses identify a set of interfaces. Each multicast address consists of the
first 8 bits of all 1s, a 4-bit flags field, a 4-bit scope field, and a 112-bit group ID:
11111111 | flgs | scop | group ID
17 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
The first octet of 1s identifies the address as a multicast address. The flags fieldidentifies
whether the multicast address is a well-known address or a transient multicast address.
Thescopefieldidentifies thescopeof themulticast address. The112-bit groupIDidentifies
the multicast group.
Similar to multicast addresses, anycast addresses identify a set of interfaces. However,
packets are sent to only one of the interfaces, not to all interfaces. Anycast addresses
are allocated fromthe normal unicast address space and cannot be distinguished from
a unicast address in format. Therefore, each member of an anycast group must be
configured to recognize certain addresses as anycast addresses.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Logical Properties on page 11
Understanding IPv4 Addressing on page 13
Configuring the inet6 IPv6 Protocol Family on page 18
Enabling Flow-Based Processing for IPv6 Traffic on page 19
Configuring the inet6 IPv6 Protocol Family
In configuration commands, the protocol family for IPv6 is named inet6. In the
configuration hierarchy, instances of inet6 are parallel to instances of inet, the protocol
family for IPv4. In general, you configure inet6 settings and specify IPv6 addresses in
parallel to inet settings and IPv4 addresses.
The following example shows the CLI commands you use to configure an IPv6 address
for an interface:
[edit]
user@host# showinterfaces
ge-0/0/0 {
unit 0 {
family inet {
address 10.100.37.178/24;
}
}
}
[edit]
user@host# set interfaces ge-0/0/0unit 0family ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> ccc Circuit cross-connect parameters
> ethernet-switching Ethernet switching parameters
> inet IPv4 parameters
> inet6 IPv6 protocol parameters
> iso OSI ISO protocol parameters
> mpls MPLS protocol parameters
> tcc Translational cross-connect parameters
> vpls Virtual private LAN service parameters
[edit]
user@host# set interfaces ge-0/0/0unit 0family inet6 address 8d8d:8d01::1/64
user@host# showinterfaces
Copyright 2010, Juniper Networks, Inc. 18
Junos OS Interfaces Configuration Guide for Security Devices
ge-0/0/0 {
unit 0 {
family inet {
address 10.100.37.178/24;
}
family inet6 {
address 8d8d:8d01::1/64;
}
}
}
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding IPv6 Addressing on page 16
Enabling Flow-Based Processing for IPv6 Traffic on page 19
Junos OS Network Interfaces Configuration Guide
Enabling Flow-Based Processing for IPv6 Traffic
You have the following options for handling IPv6 traffic:
DropDo not forward IPv6 packets. This is the default behavior.
Packet-based forwardingDo not create a session and process according to
packet-based features only (includes firewall filters and class of service).
Flow-based forwardingCreate a session and process according to packet-based
features (including firewall filters and class of service) but also flow-based security
features, such as screens and firewall security policy.
NOTE: Packet-based forwarding is not supported for SRX3400, SRX3600,
SRX5600, or SRX5800 devices; and the option is unavailable in the CLI.
To enable flow-basedprocessing for IPv6traffic, modify the mode statement at the [edit
security forwarding-options family inet6] hierarchy level:
security {
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
}
The following example shows the CLI commands you use to configure forwarding for
IPv6 traffic:
[edit]
user@host# set security forwarding-options family inet6 mode ?
Possible completions:
drop Disable forwarding
19 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
flow-based Enable flow-based forwarding
packet-based Enable packet-based forwarding
[edit]
user@host# set security forwarding-options family inet6 mode flow-based
user@host# showsecurity forwarding-options
family {
inet6 {
mode flow-based;
}
}
If you change the forwarding option mode for IPv6, you might need to performa reboot
to initialize the configuration change. Table 8on page 20summarizes device status upon
configuration change.
Table 8: Device Status Upon Configuration Change
Impact on NewTraffic
Before Reboot
Impact on Existing
Traffic Before Reboot
Reboot
Required
Commit
Warning Configuration Change
Dropped Dropped Yes Yes Drop to flow-based
Packet-based Packet-based No No Drop to packet-based
Flowsessions created None Yes Yes Flow-based to packet-based
Flowsessions created None Yes Yes Flow-based to drop
Packet-based Packet-based Yes Yes Packet-based to flow-based
Dropped Dropped No No Packet-based to drop
For details on packet-based and flow-based processing, see the Junos OS Security
Configuration Guide.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding IPv6 Addressing on page 16
Configuring the inet6 IPv6 Protocol Family on page 18
Understanding Virtual LANs
A LAN is a single broadcast domain. When traffic is broadcast, all hosts within the LAN
receive the broadcast traffic. ALANis determined by the physical connectivity of devices
within the domain.
Within a traditional LAN, hosts are connected by a hub or repeater that propagates any
incoming traffic throughout the network. Each host and its connecting hubs or repeaters
make up a LANsegment. LANsegments are connected through switches and bridges to
formthe broadcast domainof the LAN. Figure 2 onpage 21 shows atypical LANtopology.
Copyright 2010, Juniper Networks, Inc. 20
Junos OS Interfaces Configuration Guide for Security Devices
Figure 2: Typical LAN
Virtual LANs (VLANs) allownetwork architects tosegment LANs intodifferent broadcast
domains based on logical groupings. Because the groupings are logical, the broadcast
domains are not determined by the physical connectivity of the devices in the network.
Hosts can be grouped according to a logical function, to limit the traffic broadcast within
the VLAN to only the devices for which the traffic is intended.
Suppose a corporate network has three major organizations: engineering, sales, and
support. UsingVLANtagging, hostswithineachorganizationcanbetaggedwithadifferent
VLAN identifier. Traffic sent to the broadcast domain is then checked against the VLAN
identifier and broadcast to only the devices in the appropriate VLAN. Figure 3 on page 21
shows a typical VLAN topology.
Figure 3: Typical VLAN
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Logical Properties on page 11
21 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
Understanding VPLS VLAN Encapsulation in the Junos OS MPLS Configuration Guide
for Security Devices
Example: Configuring VPLS VLAN Encapsulation on Gigabit Ethernet Interfaces in the
Junos OS MPLS Configuration Guide for Security Devices
Interface Physical Properties
Understanding Interface Physical Properties on page 22
Understanding Bit Error Rate Testing on page 23
Understanding Interface Clocking on page 24
Understanding Frame Check Sequences on page 25
MTU Default and MaximumValues on page 26
Understanding Interface Physical Properties
The physical properties of a network interface are the characteristics associated with
the physical link that affect the transmissionof either link-layer signals or the dataacross
the links. Physical properties include clocking properties, transmission properties, such
as the maximumtransmission unit (MTU), and encapsulation methods, such as
point-to-point and Frame Relay encapsulation.
The default property values for an interface are usually sufficient to successfully enable
a bidirectional link. However, if you configure a set of physical properties on an interface,
thosesameproperties must beset onall adjacent interfaces towhichadirect connection
is made.
Table 9 on page 22 summarizes some key physical properties of device interfaces.
Table 9: Interface Physical Properties
Description Physical Property
Bit error rate (BER). The error rate specifies the number of bit errors in a particular bit error rate test
(BERT) period required to generate a BERT error condition. See Understanding Bit Error Rate
Testing on page 23.
bert-error-rate
Bit error rate test (BERT) time period over which bit errors are sampled. See Understanding Bit
Error Rate Testing on page 23.
bert-period
ChallengeHandshakeAuthenticationProtocol (CHAP). SpecifyingchapenablesCHAPauthentication
on the interface. See Understanding CHAP Authentication on a PPPoE Interface on page 481.
chap
Clock sourcefor thelink. Clockingcanbeprovidedby thelocal system(internal) or aremoteendpoint
on the link (external). By default, all interfaces use the internal clocking mode. If an interface is
configured to accept an external clock source, one adjacent interface must be configured to act as
a clock source. Under this configuration, the interface operates in a loop timing mode, in which the
clocking signal is unique for that individual network segment or loop. See Understanding Interface
Clocking on page 24.
clocking
A user-defined text description of the interface, often used to describe the interface's purpose. description
Copyright 2010, Juniper Networks, Inc. 22
Junos OS Interfaces Configuration Guide for Security Devices
Table 9: Interface Physical Properties (continued)
Description Physical Property
Administratively disables the interface. disable
Type of encapsulation on the interface. Common encapsulation types include PPP, Frame Relay,
Cisco HDLC, and PPP over Ethernet (PPPoE). See Understanding Physical Encapsulation on an
Interface on page 461.
encapsulation
Frame check sequence (FCS). FCSis an error-detection scheme that appends parity bits to a digital
signal and uses decoding algorithms that detect errors in the received digital signal. See
Understanding Frame Check Sequences on page 25.
fcs
Maximumtransmission unit (MTU) size. MTU is the largest size packet or frame, specified in bytes
or octets, that can be sent in a packet-based or frame-based network. The TCP uses MTU to
determine the maximumsize of each packet in any transmission. See MTUDefault and Maximum
Values on page 26.
mtu
Disablingof keepalivemessages across aphysical link. Akeepalivemessageis sent betweennetwork
devices to indicate that they are still active. Keepalives help determine whether the interface is
operating correctly. Except for ATM-over-ADSL interfaces, all interfaces use keepalives by default.
See Configuring Keepalives in the Junos OS Network Interfaces Configuration Guide.
no-keepalives
Password Authentication Protocol (PAP). Specifying pap enables PAP authentication on the
interface. See Understanding CHAP Authentication on a PPPoE Interface on page 481.
pap
Scramblingof traffictransmittedout theinterface. Payloadscramblingrandomizes thedatapayload
of transmitted packets. Scrambling eliminates nonvariable bit patterns (strings of all 1s or all 0s)
that generate link-layer errors across some physical links. See Configuring E3 HDLC Payload
Scrambling, Configuring T3 HDLC Payload Scrambling, and payload-scrambler in the Junos OS
Network Interfaces Configuration Guide.
payload-scrambler
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Understanding Bit Error Rate Testing on page 23
Understanding Interface Clocking on page 24
Understanding Frame Check Sequences on page 25
MTU Default and MaximumValues on page 26
Understanding Bit Error Rate Testing
In telecommunication transmission, the bit error rate (BER) is the percentage of bits that
have errors compared to the total number of bits received in a transmission, usually
expressed as 10 to a negative power. For example, a transmission with a BER of 10
6
received1 erroredbit in1,000,000bits transmitted. TheBERindicates howoftenapacket
or other data unit must be retransmitted because of an error. If the BER is too high, a
slower data rate might improve the overall transmission time for a given amount of data
if it reduces the BER and thereby lowers the number of resent packets.
23 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
A bit error rate test (BERT) is a procedure or device that measures the BER for a given
transmission. You can configure a device to act as a BERT device by configuring the
interface with a bit error rate and a testing period. When the interface receives a BERT
request froma BER tester, it generates a response in a well-known BERT pattern. The
initiating device checks the BERT-patterned response to determine the number of bit
errors.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Physical Properties on page 22
Interface Diagnostics in the Junos OS Network Interfaces Configuration Guide
Understanding Interface Clocking
Clockingdetermines howindividual routingnodes or entirenetworks sampletransmitted
data. As streams of information are received by a device in a network, a clock source
specifies whentosample the data. Inasynchronous networks, the clock source is derived
locally, andsynchronous networks use a central, external clock source. Interface clocking
indicates whether the device uses asynchronous or synchronous clocking.
NOTE: Because truly synchronous networks are difficult to design and
maintain, most synchronous networks are really plesiochronous networks.
In a plesiochronous network, different timing regions are controlled by local
clocks that are synchronized (with very narrowconstraints). Such networks
approach synchronicity and are generally known as synchronous networks.
Most networks aredesignedtooperateas asynchronous networks. Eachdevicegenerates
its own clock signal, or devices use clocks frommore than one clock source. The clocks
within the network are not synchronized to a single clock source. By default, devices
generate their own clock signals to send and receive traffic.
Thesystemclockallows thedevicetosample(or detect) andtransmit databeingreceived
andtransmittedthroughits interfaces. Clockingenables thedevicetodetect andtransmit
the 0s and 1s that make up digital traffic through the interface. Failure to detect the bits
within a data flowresults in dropped traffic.
Short-termfluctuations in the clock signal are known as clock jitter. Long-termvariations
in the signal are known as clock wander.
Asynchronous clockingcaneither derivetheclock signal fromthedatastreamor transmit
the clocking signal explicitly.
This topic contains the following sections:
Data StreamClocking on page 25
Explicit Clocking Signal Transmission on page 25
Copyright 2010, Juniper Networks, Inc. 24
Junos OS Interfaces Configuration Guide for Security Devices
Data StreamClocking
Common in T1 links, data streamclocking occurs when separate clock signals are not
transmitted within the network. Instead, devices must extract the clock signal fromthe
data stream. As bits are transmitted across the network, each bit has a time slot of
648 nanoseconds. Within a time slot, pulses are transmitted with alternating voltage
peaks anddrops. Thereceivingdeviceuses theperiodof alternatingvoltages todetermine
the clock rate for the data stream.
Explicit Clocking Signal Transmission
Clock signals that are shared by hosts across a data link must be transmitted by one or
both endpoints on the link. In a serial connection, for example, one host operates as a
clock master and the other operates as a clock slave. The clock master internally
generates a clock signal that is transmitted across the data link. The clock slave receives
theclocksignal anduses its periodtodeterminewhentosampledataandhowtotransmit
data across the link.
This typeof clocksignal controls only theconnectiononwhichit is activeandis not visible
to the rest of the network. An explicit clock signal does not control howother devices or
even other interfaces on the same device sample or transmit data.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Physical Properties on page 22
Configuring the Clock Source in the Junos OS Network Interfaces Configuration Guide.
Understanding Frame Check Sequences
All packets or frames within a network can be damaged by crosstalk or interference in
the network's physical wires. The frame check sequence (FCS) is an extra field in each
transmitted frame that can be analyzed to determine if errors have occurred. The FCS
uses cyclic redundancy checks (CRCs), checksums, and two-dimensional parity bits to
detect errors in the transmitted frames.
This topic contains the following sections:
Cyclic Redundancy Checks and Checksums on page 25
Two-Dimensional Parity on page 26
Cyclic Redundancy Checks and Checksums
Onalink that uses CRCs for framechecking, thedatasourceuses apredefinedpolynomial
algorithmtocalculateaCRCnumber fromthedatait is transmitting. Theresult is included
in the FCS field of the frame and transmitted with the data. On the receiving end, the
destination host performs the same calculation on the data it receives.
If the result of the second calculation matches the contents of the FCS field, the packet
was sent and received without bit errors. If the values do not match, an FCS error is
generated, the frame is discarded and the originating host is notified of the error.
Checksums function similarly to CRCs, but use a different algorithm.
25 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
Two-Dimensional Parity
On a link that uses two-dimensional parity bits for frame checking, the sending and
receiving hosts examine each frame in the total packet transmission and create a parity
byte that is evaluated to detect transmission errors.
For example, a host can create the parity byte for the following frame sequence by
summing up each column (each bit position in the frame) and keeping only the
least-significant bit:
Frame 1 0 1 0 1 0 0 1
Frame 2 1 1 0 1 0 0 1
Frame 3 1 0 1 1 1 1 0
Frame 4 0 0 0 1 1 1 0
Frame 5 0 1 1 0 1 0 0
Frame 6 1 0 1 1 1 1 1
Parity Byte 1 1 1 1 0 1 1
If the sumof the bit values in a bit position is even, the parity bit for the position is 0. If
the sumis odd, the parity bit is 1. This method is called even parity. Matching parity bytes
onthe originating andreceiving hosts indicate that the packet was receivedwithout error.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Physical Properties on page 22
MTUDefault and MaximumValues
Table 10 on page 26 lists MTU values for J Series devices.
Table 10: MTUValues for J2320, J2350, J4350, and J6350Interfaces
Default IP MTU
(bytes)
MaximumMTU
(bytes)
Default MediaMTU
(bytes) J4350 and J6350 Interfaces
1500 9018 1514 Gigabit Ethernet (10/100/1000) built-in interface
1500 9014 1514 6-Port, 8-Port, and 16-Port Gigabit Ethernet uPIMs
1500 9018 1514 Gigabit Ethernet (10/100/1000) ePIM
1500 9018 1514 Gigabit Ethernet (10/100/1000) SFP ePIM
1500 1514 1514 4-Port Fast Ethernet (10/100) ePIM
1500 9192 1514 Dual-Port Fast Ethernet (10/100) PIM
1500 9150 1504 Dual-Port Serial PIM
1500 9192 1504 Dual-Port T1 or E1 PIM
Copyright 2010, Juniper Networks, Inc. 26
Junos OS Interfaces Configuration Guide for Security Devices
Table 10: MTUValues for J2320, J2350, J4350, and J6350Interfaces (continued)
Default IP MTU
(bytes)
MaximumMTU
(bytes)
Default MediaMTU
(bytes) J4350 and J6350 Interfaces
1500 4500 1504 Dual-Port ChannelizedT1/E1/ISDNPRI PIM(channelized
to DS0s)
1500 9150 1504 Dual-Port Channelized T1/E1/ISDN PRI PIM
(clear-channel T1 or E1)
1500 4098 1504 Dual-Port Channelized T1/E1/ISDN PRI PIM(ISDN PRI
dialer interface)
4470 9192 4474 T3 (DS3) or E3 PIM
1500 4092 1504 4-Port ISDN BRI PIM
4470 9150 4482 ADSL+2 PIM
4470 9150 4482 G.SHDSL PIM
Table 11 on page 27 lists MTU values for the SRX Series Services Gateways Physical
Interface Modules (PIMs).
Table 11: MTUValues for the SRX Series Services Gateways PIMs
MaximumMTU
(Bytes) Default MTU(Bytes)
Logical Interface
MTU(Bytes)
Physical Interface
MTU(Bytes) PIM
9010 1514 1500 1514 1-Port Gigabit Ethernet
Small Form-Factor
Pluggable (SFP)
Mini-PIM
1518 1514 1500 1514 1-Port Small
Form-Factor Pluggable
(SFP) Mini-PIM
1512 1496 1456 1496 ADSL2+ Mini-PIM
1504 1504 1500 1504 DOCSIS Mini-PIM
4482 1496 1468 1496 G.SHDSL Mini-PIM
2000 1504 1500 1504 Serial Mini-PIM
2000 1504 1500 1504 T1/E1 Mini-PIM
1496 1496 1482 1496 VDSL2 Mini-PIM
9000 1504 1500 1504 Dual CT1/E1 GPIM
27 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
Table 11: MTUValues for the SRX Series Services Gateways PIMs (continued)
MaximumMTU
(Bytes) Default MTU(Bytes)
Logical Interface
MTU(Bytes)
Physical Interface
MTU(Bytes) PIM
9000 1504 1500 1504 Quad CT1/E1 GPIM
Unspecified 1514 Unspecified 1514 2-Port 10 Gigabit
Ethernet XPIM
Unspecified 1514 Unspecified 1514 16-Port Gigabit
Ethernet XPIM
Unspecified 1514 Unspecified 1514 24-Port Gigabit
Ethernet XPIM
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interface Physical Properties on page 22
Understanding the Data Link Layer
The Data Link Layer is Layer 2 in the Open Systems Interconnection (OSI) model. The
Data Link Layer is responsible for transmitting data across a physical network link. Each
physical mediumhas link-layer specifications for network and link-layer protocol
characteristics such as physical addressing, network topology, error notification, frame
sequencing, and flowcontrol.
Physical Addressing on page 28
Network Topology on page 28
Error Notification on page 29
Frame Sequencing on page 29
FlowControl on page 29
Data Link Sublayers on page 29
MAC Addressing on page 29
Physical Addressing
Physical addressingis different fromnetworkaddressing. Networkaddresses differentiate
between nodes or devices in a network, allowing traffic to be routed or switched through
the network. In contrast, physical addressing identifies devices at the link-layer level,
differentiating between individual devices on the same physical medium. The primary
formof physical addressing is the media access control (MAC) address.
Network Topology
Network topology specifications identify howdevices arelinkedinanetwork. Somemedia
allowdevices to be connected by a bus topology, while others require a ring topology.
Copyright 2010, Juniper Networks, Inc. 28
Junos OS Interfaces Configuration Guide for Security Devices
The bus topology is used by Ethernet technologies, which are supported on Juniper
Networks devices.
Error Notification
The Data Link Layer provides error notifications that alert higher layer protocols that an
error has occurred on the physical link. Examples of link-level errors include the loss of
a signal, the loss of a clocking signal across serial connections, or the loss of the remote
endpoint on a T1 or T3 link.
Frame Sequencing
Theframesequencingcapabilitiesof theDataLinkLayer allowframesthat aretransmitted
out of sequence to be reordered on the receiving end of a transmission. The integrity of
the packet can then be verified by means of the bits in the Layer 2 header, which is
transmitted along with the data payload.
FlowControl
Flowcontrol within the Data Link Layer allows receiving devices on a link to detect
congestion and notify their upstreamand downstreamneighbors. The neighbor devices
relay the congestion information to their higher layer protocols so that the flowof traffic
can be altered or rerouted.
Data Link Sublayers
The Data Link Layer is divided into two sublayers: logical link control (LLC) and media
access control (MAC). The LLC sublayer manages communications between devices
over a single link of a network. This sublayer supports fields in link-layer frames that
enable multiple higher layer protocols to share a single physical link.
The MAC sublayer governs protocol access to the physical network medium. Through
the MAC addresses that are typically assigned to all ports on a device, multiple devices
on the same physical link can uniquely identify one another at the Data Link Layer. MAC
addresses are used in addition to the network addresses that are typically configured
manually on ports within a network.
MAC Addressing
A MAC address is the serial number permanently stored in a device adapter to uniquely
identify the device. MAC addresses operate at the Data Link Layer, while IP addresses
operate at the Network Layer. The IP address of a device can change as the device is
movedarounda network todifferent IPsubnets, but the MACaddress remains the same,
because it is physically tied to the device.
Within an IP network, devices match each MAC address to its corresponding configured
IP address by means of the Address Resolution Protocol (ARP). ARP maintains a table
with a mapping for each MAC address in the network.
Most Layer 2 networks use one of three primary numbering spacesMAC-48, EUI-48
(extended unique identifier), and EUI-64which are all globally unique. MAC-48 and
EUI-48 spaces each use 48-bit addresses, and EUI-64 spaces use a 64-bit addresses,
29 Copyright 2010, Juniper Networks, Inc.
Chapter 1: Interfaces Overview
but all three use the same numbering format. MAC-48 addresses identify network
hardware, and EUI-48 addresses identify other devices and software.
The Ethernet and ATMtechnologies supported on devices use the MAC-48 address
space. IPv6 uses the EUI-64 address space.
MAC-48 addresses are the most commonly used MAC addresses in most networks.
These addresses are 12-digit hexadecimal numbers (48 bits in length) that typically
appear in one of the following formats:
MM:MM:MM:SS:SS:SS
MM-MM-MM-SS-SS-SS
The first three octets (MM:MM:MMor MM-MM-MM) are the ID number of the hardware
manufacturer. Manufacturer ID numbers are assigned by the Institute of Electrical and
Electronics Engineers (IEEE). The last three octets (SS:SS:SS or SS-SS-SS) make up the
serial number for the device, which is assigned by the manufacturer. For example, an
Ethernet interface card might have a MAC address of 00:05:85:c1:a6:a0.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Copyright 2010, Juniper Networks, Inc. 30
Junos OS Interfaces Configuration Guide for Security Devices
PART 2
Ethernet Interfaces
Ethernet Interfaces on page 33
Aggregated Ethernet Interfaces on page 45
1-Port Gigabit Ethernet SFP Mini-PIMon page 71
2-Port 10-Gigabit Ethernet XPIMon page 79
Power over Ethernet on page 87
31 Copyright 2010, Juniper Networks, Inc.
Copyright 2010, Juniper Networks, Inc. 32
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 2
Ethernet Interfaces
Understanding Ethernet Interfaces on page 33
Example: Creating an Ethernet Interface on page 37
Example: Deleting an Ethernet Interface on page 38
Static ARP Entries on Ethernet Interfaces on page 39
Promiscuous Mode on Ethernet Interfaces on page 42
Understanding Ethernet Interfaces
Ethernet is aLayer 2technology that operates inasharedbus topology. Ethernet supports
broadcast transmission, uses best-effort delivery, and has distributed access control.
Ethernet is a point-to-multipoint technology.
In a shared bus topology, all devices connect to a single, shared physical link through
which all data transmissions are sent. All traffic is broadcast so that all devices within
the topology receive every transmission. The devices within a single Ethernet topology
make up a broadcast domain.
Ethernet uses best-effort delivery to broadcast traffic. The physical hardware provides
no information to the sender about whether the traffic was received. If the receiving host
is offline, traffic to the host is lost. Although the Ethernet data link protocol does not
informthesender about lost packets, higher layer protocols suchas TCP/IPmight provide
this type of notification.
This topic contains the following sections:
Ethernet Access Control and Transmission on page 33
Collisions and Detection on page 34
Collision Domains and LAN Segments on page 35
Broadcast Domains on page 36
Ethernet Frames on page 36
Ethernet Access Control and Transmission
Ethernet's access control is distributedbecause Ethernet has nocentral mechanismthat
grants access to the physical mediumwithin the network. Instead, Ethernet uses
carrier-sense multiple access with collision detection (CSMA/CD). Because multiple
33 Copyright 2010, Juniper Networks, Inc.
devices onanEthernet network canaccess thephysical medium, or wire, simultaneously,
each device must determine whether the physical mediumis in use. Each host listens on
the wire to determine if a message is being transmitted. If it detects no transmission, the
host begins transmitting its own data.
The length of each transmission is determined by fixed Ethernet packet sizes. By fixing
thelengthof eachtransmissionandenforcingaminimumidletimebetweentransmissions,
Ethernet ensures that no pair of communicating devices on the network can monopolize
the wire and block others fromsending and receiving traffic.
Collisions and Detection
When a device on an Ethernet network begins transmitting data, the data takes a finite
amount of time to reach all hosts on the network. Because of this delay, or latency, in
transmitting traffic, a device might detect an idle state on the wire just as another device
initially begins its transmission. As a result, two devices might send traffic across a single
wire at the same time. When the two electrical signals collide, they become scrambled
so that both transmissions are effectively lost.
Collision Detection
To handle collisions, Ethernet devices monitor the link while they are transmitting data.
The monitoring process is known as collision detection. If a device detects a foreign signal
while it is transmitting, it terminates the transmission and attempts to transmit again
only after detecting an idle state on the wire. Collisions continue to occur if two colliding
devices bothwait thesameamount of timebeforeretransmitting. Toavoidthis condition,
Ethernet devices use a binary exponential backoff algorithm.
Backoff Algorithm
With the binary exponential backoff algorithm, each device that sends a colliding
transmission randomly selects a value within a range. The value represents the number
of transmission times that the device must wait before retransmitting its data. If another
collision occurs, the range of values is doubled and retransmission takes place again.
Each time a collision occurs, the range of values doubles, to reduce the likelihood that
two hosts on the same network can select the same retransmission time. Table 12 on
page 34 shows collision rounds up to round 10.
Table 12: Collision Backoff AlgorithmRounds
Elements in the Set Size of Set Round
{0,1} 2 1
{0,1,2,3} 4 2
{0,1,2,3,...,7} 8 3
{0,1,2,3,4,...,15} 16 4
{0,1,2,3,4,5,...,31} 32 5
{0,1,2,3,4,5,6,...,63} 64 6
Copyright 2010, Juniper Networks, Inc. 34
Junos OS Interfaces Configuration Guide for Security Devices
Table 12: Collision Backoff AlgorithmRounds (continued)
Elements in the Set Size of Set Round
{0,1,2,3,4,5,6,7,...,127} 128 7
{0,1,2,3,4,5,6,7,8,...,255} 256 8
{0,1,2,3,4,5,6,7,8,9,...,511} 512 9
{0,1,2,3,4,5,6,7,8,9,10,...,1023} 1024 10
Collision Domains and LANSegments
Collisions are confined to a physical wire over which data is broadcast. Because the
physical wires are subject to signal collisions, individual LAN segments are known as
collision domains. Although the physical limitations on the length of an Ethernet cable
restrict the length of a LAN segment, multiple collision domains can be interconnected
by repeaters, bridges, and switches.
Repeaters
Repeaters are electronic devices that act on analog signals. Repeaters relay all electronic
signals fromone wire to another. Asingle repeater can double the distance between two
devices onanEthernet network. However, theEthernet specificationrestricts thenumber
of repeaters between any two devices on an Ethernet network to two, because collision
detection with latencies increases in complexity as the wire length and number of
repeaters increase.
Bridges and Switches
Bridges and switches combine LAN segments into a single Ethernet network by using
multiple ports to connect the physical wires in each segment. Although bridges and
switches are fundamentally the same, bridges generally provide more management and
more interface ports. As Ethernet packets flowthrough a bridge, the bridge tracks the
source MAC address of the packets and stores the addresses and their associated input
ports in an interface table. As it receives subsequent packets, the bridge examines its
interface table and takes one of the following actions:
If the destination address does not match an address in the interface table, the bridge
transmits the packet toall hosts on the network using the Ethernet broadcast address.
If the destination address maps to the port through which the packet was received,
thebridgeor switchdiscards thepacket. Becausetheother devices ontheLANsegment
also received the packet, the bridge does not need to retransmit it.
If the destination address maps to a port other than the one through which the packet
was received, the bridge transmits the packet through the appropriate port to the
corresponding LAN segment.
35 Copyright 2010, Juniper Networks, Inc.
Chapter 2: Ethernet Interfaces
Broadcast Domains
Thecombinationof all theLANsegments withinanEthernet network is calledabroadcast
domain. In the absence of any signaling devices such as a repeater, bridge, or switch, the
broadcast domain is simply the physical wire that makes up the connections in the
network. If a bridge or switch is used, the broadcast domain consists of the entire LAN.
Ethernet Frames
Data is transmitted through an Ethernet network in frames. The frames are of variable
length, ranging from64 octets to 1518 octets, including the header, payload, and cyclic
redundancy check (CRC) value. Figure 4 on page 36 shows the Ethernet frame format.
Figure 4: Ethernet Frame Format
Ethernet frames have the following fields:
The preamble (PRE) field is 7 octets of alternating 0s and 1s. The predictable format
in the preamble allows receiving interfaces to synchronize themselves to the data
being sent. The preamble is followed by a 1-octet start-of-frame delimiter (SFD).
The destination address (DA) and source address (SA) fields contain the 6-octet
(48-bit) MAC addresses for the destination and source ports on the network. These
Layer 2 addresses uniquely identify the devices on the LAN.
The Length/Type field is a 2-octet field that either indicates the length of the frame's
data field or identifies the protocol stack associated with the frame. Here are some
common frame types:
AppleTalk0x809B
AppleTalk ARP0x80F3
DECnet0x6003
IP0x0800
IPX0x8137
Loopback0x9000
XNS0x0600
Copyright 2010, Juniper Networks, Inc. 36
Junos OS Interfaces Configuration Guide for Security Devices
The Data field contains the packet payload.
The frame check sequence (FCS) is a 4-octet field that contains the calculated CRC
value. This valueis calculatedby theoriginatinghost andappendedtotheframe. When
it receives the frames, the receiving host calculates the CRC and checks it against this
appended value to verify the integrity of the received frame.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Interfaces on page 3
Example: Creating an Ethernet Interface on page 37
Example: Deleting an Ethernet Interface on page 38
Understanding Static ARP Entries on Ethernet Interfaces on page 39
Understanding Promiscuous Mode on Ethernet Interfaces on page 42
Example: Creating an Ethernet Interface
This example shows howto create an Ethernet interface.
Requirements on page 37
Overviewon page 37
Configuration on page 37
Verification on page 38
Requirements
No special configuration beyond device initialization is required before configuring an
interface.
Overview
In this example, you create the ge-1/0/0 Ethernet interface and set the logical interface
to 0. The logical unit number can range from0 to 16,384. You can also add values for
properties that youneedtoconfigureonthelogical interface, suchas logical encapsulation
or protocol family.
Configuration
Step-by-Step
Procedure
To configure an Ethernet interface:
Create the Ethernet interface and set the logical interface.
[edit]
1.
user@host# edit interfaces ge-1/0/0unit 0
2. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
37 Copyright 2010, Juniper Networks, Inc.
Chapter 2: Ethernet Interfaces
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces on page 33
Example: Deleting an Ethernet Interface on page 38
ping in the Junos SystemBasics and Services Command Reference
showinterfaces detail in the Junos Interfaces Command Reference
Example: Deleting an Ethernet Interface
This example shows howto delete an Ethernet interface.
Requirements on page 38
Overviewon page 38
Configuration on page 38
Verification on page 39
Requirements
No special configuration beyond device initialization is required before configuring an
interface.
Overview
In this example, you delete the ge-0/0/0 interface.
NOTE: Performing this action removes the interface fromthe software
configuration and disables it. Network interfaces remain physically present,
and their identifiers continue to appear on J-Web pages.
Configuration
Step-by-Step
Procedure
To delete an Ethernet interface:
Specify the interface you want to delete. 1.
[edit]
user@host# delete interfaces ge-0/0/0
2. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Copyright 2010, Juniper Networks, Inc. 38
Junos OS Interfaces Configuration Guide for Security Devices
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces on page 33
Example: Creating an Ethernet Interface on page 37
Static ARP Entries on Ethernet Interfaces
Understanding Static ARP Entries on Ethernet Interfaces on page 39
Example: Configuring Static ARP Entries on Ethernet Interfaces on page 39
Understanding Static ARP Entries on Ethernet Interfaces
By default, the device responds to an Address Resolution Protocol (ARP) request only
if the destination address of the ARP request is on the local network of the incoming
interface. For Fast Ethernet or Gigabit Ethernet interfaces, you can configure static ARP
entries that associate the IP addresses of nodes on the same Ethernet subnet with their
media access control (MAC) addresses. These static ARP entries enable the device to
respond to ARP requests even if the destination address of the ARP request is not local
to the incoming Ethernet interface.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces on page 33
Example: Configuring Static ARP Entries on Ethernet Interfaces on page 39
Example: Configuring Static ARP Entries on Ethernet Interfaces
Requirements on page 39
Overviewon page 39
Configuration on page 40
Verification on page 40
Requirements
No special configuration beyond device initialization is required before creating an
interface.
Overview
In this example, you configure a static ARP entry on the logical unit 0 of the ge-0/0/3
Gigabit Ethernet interface. The entry consists of the interfaces IP address (10.1.1.1/24)
and the corresponding MAC address of a node on the same Ethernet subnet
(00:ff:85:7f:78:03). The example also configures the device to reply to ARP requests
fromthe node using the publish option.
39 Copyright 2010, Juniper Networks, Inc.
Chapter 2: Ethernet Interfaces
Configuration
CLI Quick
Configuration
To quickly configure static ARP entries on Ethernet interfaces, copy the following
commands and paste theminto the CLI:
[edit]
set interfaces ge-0/0/3 unit 0family inet address 10.1.1.1/24 arp 10.1.1.3 mac
00:ff:85:7f:78:03
set interfaces ge-0/0/3 unit 0family inet address 10.1.1.1/24 arp 10.1.1.3 publish
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure a static ARP entry on an Ethernet interface:
1. Create the Gigabit Ethernet interface.
[edit]
user@host# edit interfaces ge-0/0/3
2. Configure a static ARP entry.
[edit interfaces ge-0/0/3]
user@host# edit unit 0family inet address 10.1.1.1/24
3. Set the IP address of the subnet node and the corresponding MAC address.
[edit interfaces ge-0/0/3 unit 0 family inet address 10.1.1.1/24]
user@host# set arp 10.1.1.3 mac 00:ff:85:7f:78:03 publish
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
ge-0/0/3 command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
[edit]
user@host#showinterfaces ge-0/0/3
unit 0 {
family inet {
address 10.1.1.1/24 {
arp 10.1.1.3 mac 00:ff:85:7f:78:03 publish;
}
}
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying Static ARP Configurations on page 41
Verifying the Link State of All Interfaces on page 41
Verifying Interface Properties on page 41
Copyright 2010, Juniper Networks, Inc. 40
Junos OS Interfaces Configuration Guide for Security Devices
Verifying Static ARP Configurations
Purpose Verify the IP address and MAC (hardware) address of the node.
Action Fromoperational mode, enter the showinterfaces ge-0/0/3 command.
Verifying the Link State of All Interfaces
Purpose Verify that all interfaces on the device are operational using the ping tool on each peer
address in the network.
Action For each interface on the device:
1. In the J-Web interface, select Troubleshoot>Ping Host.
2. In the Remote Host box, type the address of the interface for which you want to verify
the link state.
3. Click Start. The output appears on a separate page.
PING 10.10.10.10 : 56 data bytes
64 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=0.382 ms
64 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=0.266 ms
Meaning If the interface is operational, it generates an ICMP response. If this response is received,
the round-trip time in milliseconds is listed in the time field. For more information about
the output, see the Junos OS Administration Guide for Security Devices.
Verifying Interface Properties
Purpose Verify that the interface properties are correct.
Action Fromoperational mode, enter the showinterfaces detail command.
user@host> showinterfaces detail
Physical interface: ge-1/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 27, Generation: 17
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps 16384
Link flags : None
CoS queues : 4 supported
Hold-times : Up 0 ms, Down 0 ms
Current address: 00:90:69:87:44:9d, Hardware address: 00:90:69:87:44:9d
Last flapped : 2004-08-25 15:42:30 PDT (4w5d 22:49 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
41 Copyright 2010, Juniper Networks, Inc.
Chapter 2: Ethernet Interfaces
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Active alarms : None
Active defects : None
Meaning The output shows a summary of interface information. Verify the following information:
The physical interface is Enabled. If the interface is shown as Disabled, do one of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
ge-1/0/0] level of the configuration hierarchy.
In the J-Web configuration editor, clear the Disable check box on the Interfaces>
ge-1/0/0 page.
The physical link is Up. A link state of Down indicates a problemwith the interface
module, interface port, or physical connection (link-layer errors).
The Last Flapped time is an expected value. The Last Flapped time indicates the last
time the physical interface became unavailable and then available again. Unexpected
flapping indicates likely link-layer errors.
The traffic statistics reflect expected input and output rates. Verify that the number
of inbound and outbound bytes and packets matches expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics ge-1/0/0 command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Static ARP Entries on Ethernet Interfaces on page 39
Promiscuous Mode on Ethernet Interfaces
Understanding Promiscuous Mode on Ethernet Interfaces on page 42
Enabling and Disabling Promiscuous Mode on Ethernet Interfaces (CLI
Procedure) on page 43
Understanding Promiscuous Mode on Ethernet Interfaces
When promiscuous mode is enabled on a Layer 3 Ethernet interface, all packets received
onthe interface are sent tothe central point or Services Processing Unit (SPU)regardless
of the destination MAC address of the packet. You can also enable promiscuous mode
on chassis cluster redundant Ethernet interfaces and aggregated Ethernet interfaces. If
you enable promiscuous mode on a redundant Ethernet interface, promiscuous mode is
then enabled on any child physical interfaces. If you enable promiscuous mode on an
aggregated Ethernet interface, promiscuous mode is then enabled on all member
interfaces.
Copyright 2010, Juniper Networks, Inc. 42
Junos OS Interfaces Configuration Guide for Security Devices
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces on page 33
Enabling and Disabling Promiscuous Mode on Ethernet Interfaces (CLI Procedure) on
page 43
Enabling and Disabling Promiscuous Mode on Ethernet Interfaces (CLI Procedure)
To enable promiscuous mode on an interface:
user@host# set interfaces interface-name promiscuous-mode
To disable promiscuous mode on an interface:
user@host# delete interfaces interface-name promiscuous-mode
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Promiscuous Mode on Ethernet Interfaces on page 42
43 Copyright 2010, Juniper Networks, Inc.
Chapter 2: Ethernet Interfaces
Copyright 2010, Juniper Networks, Inc. 44
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 3
Aggregated Ethernet Interfaces
Aggregated Ethernet Interfaces on page 45
LACP for Standalone Devices on page 59
LACP on Chassis Clusters on page 64
Aggregated Ethernet Interfaces
Understanding Aggregated Ethernet Interfaces on page 45
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Device Count for Aggregated Ethernet Interfaces on page 48
Physical Interfaces for Aggregated Ethernet Interfaces on page 51
Link Speed for Aggregated Ethernet Interfaces on page 52
MinimumLinks for Aggregated Ethernet Interfaces on page 54
Removal of Aggregated Ethernet Interfaces on page 55
Understanding VLAN Tagging for Aggregated Ethernet Interfaces on page 57
Understanding Promiscuous Mode for Aggregated Ethernet Interfaces on page 57
Verifying Aggregated Ethernet Interfaces on page 57
Understanding Aggregated Ethernet Interfaces
Link aggregationof Ethernet interfaces is definedintheIEEE802.3adstandard. TheJunos
OS implementation of 802.3ad balances traffic across the member links within an
aggregated Ethernet bundle based on Layer 3 information carried in the packet, Layer 4
information carried in the packet, or both, or based on session ID data. (The session ID
datahas higher precedence thanthe Layer 3or 4information.) This implementationuses
the same load-balancing algorithmused for per-packet load balancing.
Aggregated Ethernet interfaces can be Layer 3 interfaces (VLAN-tagged or untagged)
and Layer 2 interfaces.
NOTE: This topic is specific to the SRX3000and SRX5000line devices. For
information about link aggregation for other SRX Series devices and J Series
devices, see the Junos OS Layer 2 Bridging and Switching Configuration Guide
for Security Devices.
45 Copyright 2010, Juniper Networks, Inc.
This topic contains the following sections:
LAGs on page 46
LACP on page 46
LAGs
You can combine multiple physical Ethernet ports to forma logical point-to-point link,
known as a link aggregation group (LAG) or bundle, such that a media access control
(MAC) client can treat the LAGas if it were a single link. Support for LAGs based on IEEE
802.3ad makes it possible to aggregate physical interface links on your device. LAGs
provide increased interface bandwidth and link availability by linking physical ports and
load-balancing traffic crossing the combined interface. For the LAGto operate correctly,
it is necessary to coordinate the two end systems connected by the LAG, either manually
or automatically.
Internally, a LAGis a virtual interface presented on SRX3000 and SRX5000 line devices
or onany system(consistingof devices suchas routers andswitches) supporting802.3ad
link aggregation. Externally, a LAG corresponds to a bundle of physical Ethernet links
connected between an SRX3000 or SRX5000 line device and another systemcapable
of link aggregation. This bundle of physical links is a virtual link.
Followtheseguidelines for aggregatedEthernet support for theSRX3000andSRX5000
lines:
Thedevicessupport amaximumof 16physical interfacesper singleaggregatedEthernet
bundle.
Aggregated Ethernet interfaces can use interfaces fromthe same or different Flexible
PIC Concentrators (FPCs) and PICs.
On the aggregated bundle, capabilities such as MAC accounting, VLAN rewrites, and
VLAN queuing are available.
LACP
Junos OS supports the Link Aggregation Control Protocol (LACP), which is a
subcomponent of IEEE 802.3ad. LACP provides additional functionality for LAGs, but is
only supported on Layer 3.
LACPprovidesastandardizedmeansfor exchanginginformationbetweenpartner (remote
or far-end of the link) systems on a link. This exchange allows their link aggregation
control instances toreachagreement ontheidentity of theLAGtowhichthelink belongs,
and then to move the link to that LAG. This exchange also enables the transmission and
reception processes for the link to function in an orderly manner.
For example, when LACP is not enabled, a local LAG might attempt to transmit packets
to a remote individual interface, which causes the communication to fail. (An individual
interface is a nonaggregatable interface.) When LACP is enabled, a local LAG cannot
transmit packets unless a LAG with LACP is also configured on the remote end of the
link.
Copyright 2010, Juniper Networks, Inc. 46
Junos OS Interfaces Configuration Guide for Security Devices
You configure an aggregated Ethernet virtual link by specifying the link number as a
physical device. Then you associate a set of ports that have the same speed and are in
full-duplex mode. The physical ports can be 100-megabit Ethernet, 1-Gigabit Ethernet,
and 10-Gigabit Ethernet.
When configuring LACP, followthese guidelines:
LACP does not support automatic configuration on SRX3000 and SRX5000 line
devices, but partner systems are allowed to performautomatic configuration. When
anSRX3000or SRX5000linedeviceis connectedtoafully802.3ad-compliant partner
system, static configuration of LAGs is initiated on the SRX3000 and SRX5000 line
device side, and static configuration is not needed on the partner side.
When an SRX3000 or SRX5000 line device is connected to a Juniper Networks MX
Series router, staticconfigurationof LAGs is neededat boththeactor (local or near-end
of the link) and partner systems.
Although the LACP functions on the SRX3000 and SRX5000 line devices are similar
totheLACPfeaturesonJuniper Networks MXSeriesrouters, thefollowingLACPfeatures
on MX Series routers are not supported on SRX3000 and SRX5000 line devices: link
protection, systempriority, andport priority for aggregatedEthernet interfaces. Instead,
SRX3000 and SRX5000 line devices provide active/standby support with redundant
Ethernet interface LAGs in chassis cluster deployments.
LACP is supported in standalone deployments, where aggregated Ethernet interfaces
aresupported, andinchassis cluster deployments, whereaggregatedEthernet interfaces
and redundant Ethernet interfaces are supported simultaneously.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces on page 33
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Understanding LACP on Standalone Devices on page 59
Understanding LACP on Chassis Clusters on page 64
Understanding VLAN Tagging for Aggregated Ethernet Interfaces on page 57
Understanding Promiscuous Mode for Aggregated Ethernet Interfaces on page 57
Aggregated Ethernet Interfaces Configuration Overview
NOTE: This topic is specific to the SRX3000and SRX5000line devices. For
information about link aggregation for other SRX Series devices and J Series
devices, see the Junos OS Layer 2 Bridging and Switching Configuration Guide
for Security Devices.
47 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
To configure an aggregated Ethernet interface:
1. Set the number of aggregated Ethernet interfaces on the device. See Example:
Configuring the Number of Aggregated Ethernet Interfaces on a Device on page 49.
2. Associate a physical interface with the aggregated Ethernet interface. See Example:
Associating Physical Interfaces with Aggregated Ethernet Interfaces on page 51.
3. (Optional) Set the required link speed for all the interfaces included in the bundle.
See Example: Configuring Aggregated Ethernet Link Speed on page 53.
4. (Optional) Configure the minimumnumber of links that must be up for the bundle as
awholetobelabeledas up. SeeExample: ConfiguringAggregatedEthernet Minimum
Links on page 54.
5. (Optional) Enable or disable VLAN tagging. See Understanding VLAN Tagging for
Aggregated Ethernet Interfaces on page 57.
6. (Optional) Enable promiscuous mode. See Understanding Promiscuous Mode for
Aggregated Ethernet Interfaces on page 57.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Example: Configuring LACP on Standalone Devices on page 60
Example: Configuring LACP on Chassis Clusters on page 66
Device Count for Aggregated Ethernet Interfaces
Understanding the Aggregated Ethernet Interfaces Device Count on page 48
Example: Configuring the Number of Aggregated Ethernet Interfaces on a
Device on page 49
Example: Deleting Aggregated Ethernet Interfaces on page 50
Understanding the Aggregated Ethernet Interfaces Device Count
By default, no aggregated Ethernet interfaces are created. You must set the number of
aggregated Ethernet interfaces on the routing device before you can configure them.
Once you set the device count, the systemcreates that number of empty aggregated
Ethernet interfaces. A globally unique MAC address is assigned to every aggregated
Ethernet interface. More aggregated Ethernet interfaces can be created by increasing
the parameter.
The maximumnumber of aggregated devices you can configure is 128. The aggregated
interfaces are numbered fromae0 through ae127.
Similarly, you can permanently remove an aggregatedEthernet interface fromthe device
configuration by deleting it fromthe device count. When you reduce the device count,
only the aggregated Ethernet interface objects at the end of the list are removed, leaving
the newly specified number of interfaces. That is, if you set the device count to 10 and
then reduce it to 6, the systemremoves the last 4 interface objects fromthe list.
Copyright 2010, Juniper Networks, Inc. 48
Junos OS Interfaces Configuration Guide for Security Devices
WARNING: Be aware that this approach deletes the aggregated Ethernet
interface and all of its objects fromthe device configuration.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device on
page 49
Example: Deleting Aggregated Ethernet Interfaces on page 50
Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device
This example shows howto configure the number of aggregated Ethernet interfaces on
a device.
Requirements on page 49
Overviewon page 49
Configuration on page 49
Verification on page 49
Requirements
No special configuration beyond device initialization is required before configuring an
interface.
Overview
In this example, you create two aggregate Ethernet interfaces, thereby enabling all the
interfaces that you need for your configuration in one step.
Configuration
Step-by-Step
Procedure
To configure the number of aggregated Ethernet interfaces on a device:
Set the number of aggregated Ethernet interfaces. 1.
[edit]
user@host# set chassis aggregated-devices ethernet device-count 2
2. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showchassis aggregated-devices
command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding the Aggregated Ethernet Interfaces Device Count on page 48
Aggregated Ethernet Interfaces Configuration Overviewon page 47
49 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
Example: Deleting Aggregated Ethernet Interfaces on page 50
Verifying Aggregated Ethernet Interfaces on page 57
Example: Deleting Aggregated Ethernet Interfaces
This exampleshows howtodeleteaggregatedEthernet interfaces usingthedevicecount.
Requirements on page 50
Overviewon page 50
Configuration on page 50
Verification on page 50
Requirements
Before you begin, set the number of aggregated Ethernet interfaces on the device. See
Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device on
page 49
Overview
This example shows howto clean up unused aggregated Ethernet interfaces. In this
example, you reduce the number of interfaces from10 to 6, thereby removing the last 4
interfaces fromthe interface object list.
Configuration
Step-by-Step
Procedure
To delete an interface:
Set the number of aggregated Ethernet interfaces. 1.
[edit]
user@host# delete chassis aggregated-devices ethernet device-count 6
2. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showchassis aggregated-devices
command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Example: Deleting Aggregated Ethernet Interface Contents on page 55
Verifying Aggregated Ethernet Interfaces on page 57
Copyright 2010, Juniper Networks, Inc. 50
Junos OS Interfaces Configuration Guide for Security Devices
Physical Interfaces for Aggregated Ethernet Interfaces
Understanding Physical Interfaces for Aggregated Ethernet Interfaces on page 51
Example: Associating Physical Interfaces with Aggregated Ethernet
Interfaces on page 51
Understanding Physical Interfaces for Aggregated Ethernet Interfaces
You associate a physical interface with an aggregated Ethernet interface. Doing so
associates the physical child links with the logical aggregated parent interface to form
a link aggregation group (LAG). You must also specify the constituent physical links by
including the 802.3ad configuration statement.
A physical interface can be added to any aggregated Ethernet interface as long as all
member links have the same link speedandthe maximumnumber of member links does
not exceed 16. The aggregated Ethernet interface instance number aex can be from0
through 127, for a total of 128 aggregated interfaces.
NOTE: If you specify (on purpose or accidentally) that a link already
associatedwithanaggregatedEthernet interfacebeassociatedwithanother
aggregatedEthernet interface, thelinkis removedfromtheprevious interface
(there is no need for you to explicitly delete it) and it is added to the other
one.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces on
page 51
Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces
This example shows howto associate physical interfaces with aggregated Ethernet
interfaces.
Requirements on page 51
Overviewon page 51
Configuration on page 52
Verification on page 52
Requirements
Before you begin, set the number of aggregated Ethernet interfaces on the device. See
Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device on
page 49
Overview
Inthis example, youassociatethephysical childlinkof thege-1/0/0andge-2/0/0physical
interfaces with the logical aggregate parent, ae0, thereby creating a LAG. Similarly, you
51 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
create a LAG that associate the ge-3/0/0, ge-3/0/1, and ge-4/0/1 physical interfaces
with the ae1 aggregated Ethernet interface.
Configuration
Step-by-Step
Procedure
To associate physical interfaces with aggregated Ethernet interfaces:
Create the first LAG. 1.
[edit]
user@host# set interfaces ge-1/0/0gigether-options 802.3ad ae0
user@host# set interfaces ge-2/0/0gigether-options 802.3ad ae0
2. Create the second LAG.
[edit]
user@host# set interfaces ge-3/0/0gigether-options 802.3ad ae1
user@host# set interfaces ge-3/0/1 gigether-options 802.3ad ae1
user@host# sset interfaces ge-4/0/0gigether-options 802.3ad ae1
3. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Physical Interfaces for Aggregated Ethernet Interfaces on page 51
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Verifying Aggregated Ethernet Interfaces on page 57
Link Speed for Aggregated Ethernet Interfaces
Understanding Aggregated Ethernet Interface Link Speed on page 52
Example: Configuring Aggregated Ethernet Link Speed on page 53
Understanding Aggregated Ethernet Interface Link Speed
On aggregated Ethernet interfaces, you can set the required link speed for all interfaces
included in the bundle. All interfaces that make up a bundle must be the same speed. If
you include in the aggregated Ethernet interface an individual link that has a speed
different fromthe speed you specify in the link-speed parameter, an error message will
be logged.
The speed value is specified in bits per second either as a complete decimal number or
as a decimal number followed by the abbreviation k (1000), m(1,000,000), or g
(1,000,000,000).
Aggregated Ethernet interfaces on SRX3000 and SRX5000 line devices can have one
of the following speed values:
100mLinks are 100 Mbps.
Copyright 2010, Juniper Networks, Inc. 52
Junos OS Interfaces Configuration Guide for Security Devices
10gLinks are 10 Gbps.
1gLinks are 1 Gbps.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Example: Configuring Aggregated Ethernet Link Speed on page 53
Understanding MinimumLinks for Aggregated Ethernet Interfaces on page 54
Example: Configuring Aggregated Ethernet Link Speed
This example shows howto configure the aggregated Ethernet link speed.
Requirements on page 53
Overviewon page 53
Configuration on page 53
Verification on page 53
Requirements
Before you begin:
1. Add the aggregated Ethernet interfaces using the device count. See Example:
Configuring the Number of Aggregated Ethernet Interfaces on a Device on page 49.
2. Associate physical interfaces with the aggregated Ethernet Interfaces. See Example:
Associating Physical Interfaces with Aggregated Ethernet Interfaces on page 51.
Overview
In this example, you set the required link speed for all interfaces included in the bundle
to 10 Gbps. All interfaces that make up a bundle must be the same speed.
Configuration
Step-by-Step
Procedure
To configure the aggregated Ethernet link speed:
Set the link speed. 1.
[edit]
user@host# set interfaces ae0aggregated-ether-options link-speed 10g
2. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interface Link Speed on page 52
53 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Verifying Aggregated Ethernet Interfaces on page 57
MinimumLinks for Aggregated Ethernet Interfaces
Understanding MinimumLinks for Aggregated Ethernet Interfaces on page 54
Example: Configuring Aggregated Ethernet MinimumLinks on page 54
Understanding MinimumLinks for Aggregated Ethernet Interfaces
On aggregated Ethernet interfaces, you can configure the minimumnumber of links that
must be up for the bundle as a whole to be labeled as up. By default, only one link must
be up for the bundle to be labeled as up.
On SRX3000 and SRX5000 line devices, the valid range for the minimumlinks number
is 1 through 16. When the maximumvalue (16) is specified, all configuredlinks of a bundle
must be up for the bundle to be labeled as up.
If the number of links configured in an aggregated Ethernet interface is less than the
minimum-linksvalueconfiguredintheminimum-linksstatement, theconfigurationcommit
fails and an error message is displayed.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Example: Configuring Aggregated Ethernet MinimumLinks on page 54
Understanding Aggregated Ethernet Interface Link Speed on page 52
Example: Configuring Aggregated Ethernet MinimumLinks
This example shows howto configure the minimumnumber of links on an aggregated
Ethernet interface that must be up for the bundle as a whole to be labeled as up.
Requirements on page 54
Overviewon page 55
Configuration on page 55
Verification on page 55
Requirements
Before you begin:
1. Add the aggregated Ethernet interfaces using the device count. See Example:
Configuring the Number of Aggregated Ethernet Interfaces on a Device on page 49.
2. Associate physical interfaces with the aggregated Ethernet Interfaces. See Example:
Associating Physical Interfaces with Aggregated Ethernet Interfaces on page 51.
3. Configure the aggregated Ethernet link speed. See Example: Configuring Aggregated
Ethernet Link Speed on page 53.
Copyright 2010, Juniper Networks, Inc. 54
Junos OS Interfaces Configuration Guide for Security Devices
Overview
In this example, you specify that on interface ae0 at least eight links must be up for the
bundle as a whole to be labeled as up.
Configuration
Step-by-Step
Procedure
To configure the minimumnumber of links on an aggregated Ethernet interface:
Set the minimumnumber of links. 1.
[edit]
user@host# set interfaces ae0aggregated-ether-options minimum-links 8
2. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interface Link Speed on page 52
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Verifying Aggregated Ethernet Interfaces on page 57
Removal of Aggregated Ethernet Interfaces
Understanding Aggregated Ethernet Interface Removal on page 55
Example: Deleting Aggregated Ethernet Interface Contents on page 55
Understanding Aggregated Ethernet Interface Removal
You can delete an aggregated Ethernet interface fromthe interface configuration. The
Junos OS removes the configuration statements related to aex and sets this interface to
the down state. The deleted aggregated Ethernet interface still exists, but it becomes
an empty interface.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Example: Deleting Aggregated Ethernet Interfaces on page 50
Example: Deleting Aggregated Ethernet Interface Contents on page 55
Example: Deleting Aggregated Ethernet Interface Contents
This example shows howto delete the contents of an aggregated Ethernet interface.
Requirements on page 56
Overviewon page 56
55 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
Configuration on page 56
Verification on page 56
Requirements
Before you begin:
1. Set the number of aggregated Ethernet interfaces on the device. See Example:
Configuring the Number of Aggregated Ethernet Interfaces on a Device on page 49.
2. Associate a physical interface with the aggregated Ethernet interface. See Example:
Associating Physical Interfaces with Aggregated Ethernet Interfaces on page 51.
3. Set the required link speed for all the interfaces included in the bundle. See Example:
Configuring Aggregated Ethernet Link Speed on page 53.
4. Configure the minimumnumber of links that must be up for the bundle as a whole to
be labeled as up. See Example: Configuring Aggregated Ethernet MinimumLinks on
page 54.
Overview
In this example, you delete the contents of the ae4 aggregated Ethernet interface, which
sets it to the down state.
Configuration
Step-by-Step
Procedure
To delete the contents of an aggregated Ethernet interface:
Delete the interface. 1.
[edit]
user@host# delete interfaces ae4
2. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Example: Deleting Aggregated Ethernet Interfaces on page 50
Verifying Aggregated Ethernet Interfaces on page 57
Copyright 2010, Juniper Networks, Inc. 56
Junos OS Interfaces Configuration Guide for Security Devices
Understanding VLANTagging for Aggregated Ethernet Interfaces
Aggregated Ethernet interfaces can be either VLAN-tagged or untagged, with LACP
enabled or disabled. Aggregated Ethernet interfaces on the SRX3000 and SRX5000
lines support the configuration of native-vlan-id, which consists of the following
configuration statements:
inner-tag-protocol-id
inner-vlan-id
pop-pop
pop-swap
push-push
swap-push
swap-swap
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Understanding Promiscuous Mode for Aggregated Ethernet Interfaces
YoucanenablepromiscuousmodeonaggregatedEthernet interfaces. Whenpromiscuous
mode is enabled on a Layer 3 Ethernet interface, all packets received on the interface
are sent to the central point or Services Processing Unit (SPU) regardless of the
destinationMACaddressof thepacket. If youenablepromiscuousmodeonanaggregated
Ethernet interface, promiscuous mode is then enabled on all member interfaces.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Understanding Promiscuous Mode for Aggregated Ethernet Interfaces on page 57
Aggregated Ethernet Interfaces Configuration Overviewon page 47
Verifying Aggregated Ethernet Interfaces
Verifying Aggregated Ethernet Interfaces (terse) on page 57
Verifying Aggregated Ethernet Interfaces (extensive) on page 58
Verifying Aggregated Ethernet Interfaces (terse)
Purpose Display status information in terse (concise) format for aggregated Ethernet interfaces.
Action Fromoperational mode, enter the showinterfaces ae0terse command.
user@host> showinterfaces ae0terse
57 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
ge-2/0/0.0 up up aenet --> ae0.0
ge-2/0/0.32767 up up aenet --> ae0.32767
ge-2/0/1.0 up up aenet --> ae0.0
ge-2/0/1.32767 up up aenet --> ae0.32767
ae0 up up
ae0.0 up up bridge
ae0.32767 up up multiservice
Meaning The output shows the bundle relationship for the aggregated Ethernet interface and the
overall status of the interface, including the following information:
Thelink aggregationcontrol PDUs runonthe.0childlogical interfaces for theuntagged
aggregated Ethernet interface.
The link aggregation control PDUs run on the .32767 child logical interfaces for the
VLAN-tagged aggregated Ethernet interface.
The .32767 logical interface is created for the parent link and all child links.
Verifying Aggregated Ethernet Interfaces (extensive)
Purpose Display status information and statistics in extensive (detailed) format for aggregated
Ethernet interfaces.
Action Fromoperational mode, enter the showinterfaces ae0extensive command.
user@host> showinterfaces ae0extensive
Physical interface: ae0, Enabled, Physical link is Up
...
Logical interface ae0.0 (Index 67) (SNMP ifIndex 628) (Generation 134)
...
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-5/0/0.0 Actor 127 00:1f:12:8c:af:c0 127 832 1
ge-5/0/0.0 Partner 127 00:1f:12:8f:d7:c0 127 640 1
ge-5/0/1.0 Actor 127 00:1f:12:8c:af:c0 127 833 1
ge-5/0/1.0 Partner 127 00:1f:12:8f:d7:c0 127 641 1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-5/0/0.0 12830 7090 0 0
ge-5/0/1.0 10304 4786 0 0
...
Logical interface ae0.32767 (Index 70) (SNMP ifIndex 630) (Generation 135)
...
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-5/0/0.32767 Actor 127 00:1f:12:8c:af:c0 127 832 1
ge-5/0/0.32767 Partner 127 00:1f:12:8f:d7:c0 127 640 1
ge-5/0/1.32767 Actor 127 00:1f:12:8c:af:c0 127 833 1
Copyright 2010, Juniper Networks, Inc. 58
Junos OS Interfaces Configuration Guide for Security Devices
ge-5/0/1.32767 Partner 127 00:1f:12:8f:d7:c0 127 641 1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-5/0/0.32767 12830 7090 0 0
ge-5/0/1.32767 10304 4786 0 0
...
Meaning The output shows detailed aggregated Ethernet interface information. This portion of
the output shows LACP information and LACP statistics for each logical aggregated
Ethernet interface.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Aggregated Ethernet Interfaces Configuration Overviewon page 47
LACP for Standalone Devices
Understanding LACP on Standalone Devices on page 59
Example: Configuring LACP on Standalone Devices on page 60
Verifying LACP on Standalone Devices on page 62
Understanding LACP on Standalone Devices
Link AggregationControl Protocol (LACP) provides astandardizedmeans for exchanging
information between partner systems on a link. Within LACP, the local end of a child link
is known as the actor and the remote end of the link is known as the partner.
LACPis enabledonanaggregatedEthernet interfaceby settingthemodetoeither passive
or active. However, to initiate the transmission of link aggregation control protocol data
units (PDUs) andresponse link aggregationcontrol PDUs, youmust enable LACPat both
the local and remote ends of the links, and one end must be active:
Active modeIf either the actor or partner is active, they exchange link aggregation
control PDUs. The actor sends link aggregation control PDUs to its protocol partner
that convey what the actor knows about its own state and that of the partners state.
PassivemodeIf theactor andpartner arebothinpassivemode, they donot exchange
link aggregation control PDUs. As a result, the aggregated Ethernet links do not come
up. In passive transmission mode, links send out link aggregation control PDUs only
when they receive themfromthe remote end of the same link.
By default, the actor and partner transmit link aggregation control PDUs every second.
You can configure different periodic rates on active and passive interfaces. When you
configure the active and passive interfaces at different rates, the transmitter honors the
receivers rate.
You configure the interval at which the interfaces on the remote side of the link transmit
link aggregation control PDUs by configuring the periodic statement on the interfaces on
the local side. It is the configuration on the local side that specifies the behavior of the
remote side. That is, the remote side transmits link aggregation control PDUs at the
specified interval. The interval can be fast (every second) or slow(every 30 seconds).
59 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Understanding LACP on Chassis Clusters on page 64
Example: Configuring LACP on Standalone Devices on page 60
Example: Configuring LACP on Standalone Devices
This example shows howto configure LACP on standalone devices.
Requirements on page 60
Overviewon page 60
Configuration on page 60
Verification on page 61
Requirements
Before you begin:
1. Add the aggregated Ethernet interfaces using the device count. See Example:
Configuring the Number of Aggregated Ethernet Interfaces on a Device on page 49.
2. Associate physical interfaces with the aggregated Ethernet Interfaces. See Example:
Associating Physical Interfaces with Aggregated Ethernet Interfaces on page 51.
3. Configure the aggregated Ethernet link speed. See Example: Configuring Aggregated
Ethernet Link Speed on page 53.
4. Configure the aggregated Ethernet minimumlinks speed. See Example: Configuring
Aggregated Ethernet MinimumLinks on page 54.
Overview
In this example, you set LACP to passive mode for the ae0 interface. You set the LACP
mode for the ae1 interface to active and set the link aggregation control PDU transmit
interval to slow, which is every 30 seconds.
Configuration
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure LACP on standalone devices:
1. Set the first LACP.
[edit interfaces]
user@host# set ae0aggregated-ether-options lacp passive
2. Set the second LACP.
[edit interfaces]
user@host# set ae1 aggregated-ether-options lacp active
Copyright 2010, Juniper Networks, Inc. 60
Junos OS Interfaces Configuration Guide for Security Devices
user@host# set ae1 aggregated-ether-options lacp periodic slow
3. If you are done configuring the device, commit the configuration.
[edit interfaces]
user@host# commit
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying LACP Statistics on page 61
Verifying LACP Aggregated Ethernet Interfaces on page 61
Verifying LACP Statistics
Purpose Display LACP statistics for aggregated Ethernet interfaces.
Action Fromoperational mode, enter the showlacp statistics interfaces ae0 command.
user@host> showlacp statistics interfaces ae0
Aggregated interface: ae0
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-2/0/0 1352 2035 0 0
ge-2/0/1 1352 2056 0 0
ge-2/2/0 1352 2045 0 0
ge-2/2/1 1352 2043 0 0
Meaning The output shows LACP statistics for each physical interface associated with the
aggregated Ethernet interface, such as the following:
The LACP received counter that increments for each normal hello
The number of LACP transmit packet errors logged
The number of unrecognized packet errors logged
The number of invalid packets received
Use the following command to clear the statistics and see only newchanges:
user@host# clear lacp statistics interfaces ae0
Related
Documentation
For a complete description of showlacp statistics interfaces output, see the Junos OS
CLI Reference.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Verifying LACP on Redundant Ethernet Interfaces on page 68
Verifying LACP on Standalone Devices
Verifying LACP Statistics on page 62
Verifying LACP Aggregated Ethernet Interfaces on page 63
Verifying LACP Statistics
Purpose Display LACP statistics for aggregated Ethernet interfaces.
Action Fromoperational mode, enter the showlacp statistics interfaces ae0 command.
user@host> showlacp statistics interfaces ae0
Aggregated interface: ae0
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-2/0/0 1352 2035 0 0
ge-2/0/1 1352 2056 0 0
ge-2/2/0 1352 2045 0 0
ge-2/2/1 1352 2043 0 0
Meaning The output shows LACP statistics for each physical interface associated with the
aggregated Ethernet interface, such as the following:
Copyright 2010, Juniper Networks, Inc. 62
Junos OS Interfaces Configuration Guide for Security Devices
The LACP received counter that increments for each normal hello
The number of LACP transmit packet errors logged
The number of unrecognized packet errors logged
The number of invalid packets received
Use the following command to clear the statistics and see only newchanges:
user@host# clear lacp statistics interfaces ae0
Verifying LACP Aggregated Ethernet Interfaces
Purpose Display LACP status information for aggregated Ethernet interfaces.
Action Fromoperational mode, enter the showlacp interfaces ae0 command.
user@host> showlacp interfaces ae0
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-2/0/0 Actor No No Yes Yes Yes Yes Fast Active
ge-2/0/0 Partner No No Yes Yes Yes Yes Fast Active
ge-2/0/1 Actor No No Yes Yes Yes Yes Fast Active
ge-2/0/1 Partner No No Yes Yes Yes Yes Fast Active
ge-2/2/0 Actor No No Yes Yes Yes Yes Fast Active
ge-2/2/0 Partner No No Yes Yes Yes Yes Fast Active
ge-2/2/1 Actor No No Yes Yes Yes Yes Fast Active
ge-2/2/1 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
ge-2/0/0 Current Fast periodic Collecting distributing
ge-2/0/1 Current Fast periodic Collecting distributing
ge-2/2/0 Current Fast periodic Collecting distributing
ge-2/2/1 Current Fast periodic Collecting distributing
Meaning The output shows aggregated Ethernet interface information, including the following
information:
The LACPstateIndicates whether the link in the bundle is an actor (local or near-end
of the link) or partner (remote or far-end of the link).
The LACP modeIndicates whether both ends of the aggregated Ethernet interface
are enabled (active or passive)at least one end of the bundle must be active.
The periodic link aggregation control PDU transmit rate.
The LACP protocol stateIndicates the link is up ifit is collecting and distributing
packets.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: Configuring LACP on Standalone Devices on page 60
Verifying LACP on Redundant Ethernet Interfaces on page 68
63 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
LACP on Chassis Clusters
Understanding LACP on Chassis Clusters on page 64
Example: Configuring LACP on Chassis Clusters on page 66
Verifying LACP on Redundant Ethernet Interfaces on page 68
Understanding LACP on Chassis Clusters
Link aggregation groups (LAGs) can be established across nodes in a chassis cluster.
A redundant Ethernet interface has active and standby links located on two nodes in a
chassis cluster. All active links are located on one node, and all standby links are on the
other node. You can configure up to eight active links and eight standby links per node.
Link aggregation allows a redundant Ethernet interface to add multiple child interfaces
fromboth nodes and thereby create a redundant Ethernet interface LAG.
Having multiple active redundant Ethernet interface links reduces the possibility of
failover. For example, when an active link is out of service, all traffic on this link is
distributed to other active redundant Ethernet interface links, instead of triggering a
redundant Ethernet active/standby failover.
Standalone LAG interfaces are supported on clustered devices but cannot be added to
redundant Ethernet interfaces. Instead, aggregated Ethernet interfaces and redundant
Ethernet interfaces coexist. (Because the functionality of a redundant Ethernet interface
relies on the Junos OS aggregated Ethernet framework, you can think of it as a special
aggregated Ethernet interface.) Likewise, any child interface of an existing LAG cannot
be added to a redundant Ethernet interface and vice versa. The maximumnumber of
total combined standalone aggregate interfaces (ae) and redundant Ethernet interfaces
(reth) per cluster is 128.
You configure LACP on a redundant Ethernet interface by setting the LACP mode for the
parent link with the lacp statement. The LACP mode can be off (the default), active, or
passive.
This topic contains the following sections:
MinimumLinks on page 64
Sub-LAGs on page 65
Hitless Failover on page 65
PDUs on page 65
MinimumLinks
Redundant Ethernet interfaceconfigurationincludes aminimum-links settingthat allows
you to set a minimumnumber of physical child links in a redundant Ethernet interface
LAG that must be working on the primary node for the interface to be up. The default
minimum-links value is 1. When the number of physical links on the primary node in a
redundant Ethernet interface falls belowthe minimum-links value, the interface will be
down even if some links are still working.
Copyright 2010, Juniper Networks, Inc. 64
Junos OS Interfaces Configuration Guide for Security Devices
Sub-LAGs
LACP maintains a point-to-point LAG. Any port connected to the third point is denied.
However, a redundant Ethernet interface does connect to two different systems or two
remote aggregated Ethernet interfaces by design. To support LACP on both redundant
Ethernet interface active and standby links, a redundant Ethernet interface can be
modeled to consist of two sub-LAGs, where all active links forman active sub-LAG and
all standby links forma standby sub-LAG. In this model, LACP selection logic is applied
and limited to one sub-LAG at a time. In this way, two redundant Ethernet interface
sub-LAGs are maintained simultaneously while all the LACP advantages are preserved
for each sub-LAG.
It is necessary for the switches used to connect the nodes in the cluster to have a LAG
link configured and 802.3ad enabled for each LAG on both nodes so that the aggregate
links will be recognized as such and correctly pass traffic.
NOTE: The redundant Ethernet interface LAGchild links fromeach node in
the chassis cluster must be connectedto a different LAGat the peer devices.
If a single peer switch is used to terminate the redundant Ethernet interface
LAG, two separate LAGs must be used in the switch.
Hitless Failover
With LACP, it is essential for the redundant Ethernet interface to support hitless failover
between the active and standby links in normal operation. The termhitless means that
the redundant Ethernet interface state remains up during failover.
The lacpd process manages both the active and standby links of the redundant Ethernet
interfaces. A redundant Ethernet interface pseudolink is in the up condition when the
number of active up links is not less than the number of minimumlinks configured.
Therefore, to support hitless failover, the LACPstate on the redundant Ethernet interface
standby links must be collecting and distributing before failover occurs.
PDUs
By default, aggregated and redundant Ethernet links do not exchange link aggregation
control protocol data units (PDUs), which contain information about the state of the
link. You can configure Ethernet links to actively transmit link aggregation control PDUs,
or you can configure the links to passively transmit them, sending out link aggregation
control PDUs only when they receive themfromthe remote end of the same link. The
local end of a child link is known as the actor and the remote end of the link is known as
the partner. That is, the actor sends link aggregation control PDUs to its protocol partner
that convey what the actor knows about its own state and that of the partners state.
You configure the interval at which the interfaces on the remote side of the link transmit
link aggregation control PDUs by configuring the periodic statement on the interfaces on
the local side. It is the configuration on the local side that specifies the behavior of the
remote side. That is, the remote side transmits link aggregation control PDUs at the
specified interval. The interval can be fast (every second) or slow(every 30 seconds).
65 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
By default, the actor and partner transmit link aggregation control PDUs every second.
You can configure different periodic rates on active and passive interfaces. When you
configure the active and passive interfaces at different rates, the transmitter honors the
receivers rate.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Aggregated Ethernet Interfaces on page 45
Understanding LACP on Standalone Devices on page 59
Example: Configuring LACP on Chassis Clusters on page 66
Understanding Chassis Cluster Redundant Ethernet Interface Link AggregationGroups
in the Junos OS Security Configuration Guide
Example: Configuring LACP on Chassis Clusters
This example shows howto configure LACP on chassis clusters.
Requirements on page 66
Overviewon page 66
Configuration on page 67
Verification on page 67
Requirements
Before you begin:
1. Add the aggregated Ethernet interfaces using the device count. See Example:
Configuring the Number of Aggregated Ethernet Interfaces on a Device on page 49.
2. Associate physical interfaces with the aggregated Ethernet Interfaces. See Example:
Associating Physical Interfaces with Aggregated Ethernet Interfaces on page 51.
3. Configure the aggregated Ethernet link speed. See Example: Configuring Aggregated
Ethernet Link Speed on page 53.
4. Configure the aggregated Ethernet minimumlinks speed. See Example: Configuring
Aggregated Ethernet MinimumLinks on page 54.
5. Configure the LACP on standalone devices. See Example: Configuring LACP on
Standalone Devices on page 60.
Overview
In this example, you set LACP to passive mode for the reth0 interface. You set the LACP
mode for the reth1 interface to active and set the link aggregation control PDU transmit
interval to slow, which is every 30 seconds.
Copyright 2010, Juniper Networks, Inc. 66
Junos OS Interfaces Configuration Guide for Security Devices
Configuration
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure LACP on chassis clusters:
1. Set the first LACP.
{primary:node1} [edit interfaces]
user@host# set reth0redundant-ether-options lacp passive
2. Set the second LACP.
[edit interfaces]
user@host# set reth1 redundant-ether-options lacp active
user@host# set reth1 redundant-ether-options lacp periodic slow
3. If you are done configuring the device, commit the configuration.
[edit interfaces]
user@host# commit
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying LACP on Redundant Ethernet Interfaces on page 67
Verifying LACP on Redundant Ethernet Interfaces
Purpose Display LACP status information for redundant Ethernet interfaces.
Action Fromoperational mode, enter the showlacp interfaces reth0 command.
user@host> showlacp interfaces reth0
Aggregated interface: reth0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-11/0/0 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/0 Partner No No Yes Yes Yes Yes Fast Active
ge-11/0/1 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/1 Partner No No Yes Yes Yes Yes Fast Active
ge-11/0/2 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/2 Partner No No Yes Yes Yes Yes Fast Active
ge-11/0/3 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/3 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/0 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/0 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/1 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/1 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/2 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/2 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/3 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/3 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
ge-11/0/0 Current Fast periodic Collecting distributing
ge-11/0/1 Current Fast periodic Collecting distributing
ge-11/0/2 Current Fast periodic Collecting distributing
ge-11/0/3 Current Fast periodic Collecting distributing
67 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
ge-3/0/0 Current Fast periodic Collecting distributing
ge-3/0/1 Current Fast periodic Collecting distributing
ge-3/0/2 Current Fast periodic Collecting distributing
ge-3/0/3 Current Fast periodic Collecting distributing
{primary:node1}
Meaning The output shows redundant Ethernet interface information, such as the following:
The LACPstateIndicates whether the link in the bundle is an actor (local or near-end
of the link) or partner (remote or far-end of the link).
The LACP modeIndicates whether both ends of the aggregated Ethernet interface
are enabled (active or passive)at least one end of the bundle must be active.
The periodic link aggregation control PDU transmit rate.
The LACP protocol stateIndicates the link is up if it is collecting and distributing
packets.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Verifying LACP on Standalone Devices on page 62
Junos OS CLI Reference
Verifying LACP on Redundant Ethernet Interfaces
Purpose Display LACP status information for redundant Ethernet interfaces.
Action Fromoperational mode, enter the showlacp interfaces reth0 command.
user@host> showlacp interfaces reth0
Aggregated interface: reth0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-11/0/0 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/0 Partner No No Yes Yes Yes Yes Fast Active
ge-11/0/1 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/1 Partner No No Yes Yes Yes Yes Fast Active
ge-11/0/2 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/2 Partner No No Yes Yes Yes Yes Fast Active
ge-11/0/3 Actor No No Yes Yes Yes Yes Fast Active
ge-11/0/3 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/0 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/0 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/1 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/1 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/2 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/2 Partner No No Yes Yes Yes Yes Fast Active
ge-3/0/3 Actor No No Yes Yes Yes Yes Fast Active
ge-3/0/3 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
ge-11/0/0 Current Fast periodic Collecting distributing
ge-11/0/1 Current Fast periodic Collecting distributing
ge-11/0/2 Current Fast periodic Collecting distributing
ge-11/0/3 Current Fast periodic Collecting distributing
ge-3/0/0 Current Fast periodic Collecting distributing
ge-3/0/1 Current Fast periodic Collecting distributing
ge-3/0/2 Current Fast periodic Collecting distributing
Copyright 2010, Juniper Networks, Inc. 68
Junos OS Interfaces Configuration Guide for Security Devices
ge-3/0/3 Current Fast periodic Collecting distributing
{primary:node1}
Meaning The output shows redundant Ethernet interface information, such as the following:
The LACPstateIndicates whether the link in the bundle is an actor (local or near-end
of the link) or partner (remote or far-end of the link).
The LACP modeIndicates whether both ends of the aggregated Ethernet interface
are enabled (active or passive)at least one end of the bundle must be active.
The periodic link aggregation control PDU transmit rate.
The LACP protocol stateIndicates the link is up if it is collecting and distributing
packets.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: Configuring LACP on Chassis Clusters on page 66
Verifying LACP on Standalone Devices on page 62
Junos OS CLI Reference.
69 Copyright 2010, Juniper Networks, Inc.
Chapter 3: Aggregated Ethernet Interfaces
Copyright 2010, Juniper Networks, Inc. 70
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 4
1-Port Gigabit Ethernet SFP Mini-PIM
Understanding the 1-Port Gigabit Ethernet SFP Mini-PIMon page 71
Example: Configuring the 1-Port Gigabit Ethernet SFP Mini-PIMInterface on page 73
Understanding the 1-Port Gigabit Ethernet SFP Mini-PIM
Small form-factor pluggables (SFPs) are hot-pluggable modular interface transceivers
for Gigabit and Fast Ethernet connections. Gigabit Ethernet SFP Mini-PIMs can be used
in copper and optical environments to provide maximumflexibility when upgrading from
an existing infrastructure to Metro Ethernet.
The 1-Port Gigabit Ethernet SFP Mini-PIMinterfaces a single Gigabit Ethernet device or
a network. It supports a variety of transceivers with data speeds of
10-Mbps/100-Mbps/1-Gbps with extended LAN or WAN connectivity.
Online insertion and removal of the transceivers is supported.
This topic includes the following sections:
Supported Features on page 71
Interface Names and Settings on page 72
Available Link Speeds and Modes on page 72
Link Settings on page 72
Supported Features
The following features are supported on the 1-Port Gigabit Ethernet SFP Mini-PIM:
10-Mbps/100-Mbps/1-Gbps link speed
Half-duplex/full-duplex support
Autonegotiation
Encapsulations
Maximumtransmission unit (MTU) size of 1514bytes (default) and9010bytes (jumbo
frames)
Loopback
Online insertion and removal of transceivers
71 Copyright 2010, Juniper Networks, Inc.
Interface Names and Settings
The following format is used to represent the 1-Port Gigabit Ethernet SFP Mini-PIM
interface names:
type-fpc/pic/port
Where:
typeMedia type (ge)
fpcNumber of theFlexiblePICConcentrator (FPC) cardonwhichthephysical interface
is located
picNumber of the PIC on which the physical interface is located (0)
portSpecific port on a PIC (0)
Examples: ge-1/0/0 and ge-2/0/0
By default, the interfaces on the ports on the uplink module installed on the device are
enabled. You can also specify the MTU size for the Gigabit Ethernet interface. Junos OS
supports values from256 through 9010. The default MTU size for Gigabit Ethernet
interfaces is 1514.
Available Link Speeds and Modes
The 1-Port Gigabit Ethernet SFP Mini-PIMsupports the following link speeds:
10mSets the link speed to 10 Mbps.
100mSets the link speed to 100 Mbps.
1gSets the link speed to 1 Gbps.
The 1-Port Gigabit Ethernet SFP Mini-PIMsupports the following link modes:
Full-duplexAllows bidirectional communication at a given point in time.
Half-duplexAllows single directional communication at a given point in time.
Link Settings
The 1-Port Gigabit Ethernet SFP Mini-PIMincludes the following link settings:
auto-negotiationEnables autonegotation of link mode and speed.
NOTE: By default autonegotiation is enabled. To disable autonegotiation
use: set gigether-options no-autonegotiation
We recommend enabling autonegotiation.
loopbackEnables loopback.
Copyright 2010, Juniper Networks, Inc. 72
Junos OS Interfaces Configuration Guide for Security Devices
no-auto-negotiationDisables autonegotation of link mode and speed.
no-loopbackDisables loopback.
By default a link speed of 1 Gbps in full-duplex mode is supported.
NOTE: 1-Port Gigabit Ethernet SFP mini-PIMdoes not support family
ehternet-switching.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces
Example: Configuring the 1-Port Gigabit Ethernet SFP Mini-PIMInterface on page 73
Example: Configuring the 1-Port Gigabit Ethernet SFP Mini-PIMInterface
This example shows howto performbasic configuration for the 1-Port Gigabit Ethernet
SFP Mini-PIM.
Requirements on page 73
Overviewon page 73
Configuration on page 73
Verification on page 76
Requirements
Before you begin:
1. Establish basic connectivity. See the Getting Started Guide for your device.
2. Configure network interfaces as necessary. See Example: Creating an Ethernet
Interface on page 37.
Overview
In this example, you configure the ge-2/0/0 interface, set the operating speed to 100
Mbps, and define a logical interface that you can connect to the 1-Port Gigabit Ethernet
SFPMini-PIM. Youalsoset theMTUvalueto9010andset thelink optiontono-loopback.
Configuration
CLI Quick
Configuration
Toquicklyconfigurea1-Port Gigabit Ethernet SFPMini-PIM, copythefollowingcommands
and paste theminto the CLI.
[edit]
set interfaces ge-2/0/0link-mode full-duplex speed 100m
set interface ge-2/0/0gigether-options no-loopback
73 Copyright 2010, Juniper Networks, Inc.
Chapter 4: 1-Port Gigabit Ethernet SFP Mini-PIM
J-Web Quick
Configuration
ConfiguringPhysical PropertiesTo quickly configure the physical properties of a 1-Port
Gigabit Ethernet SFP Mini-PIMusing J-Web, use the following steps:
1. Select Configure > Interfaces.
2. Under Interface, select ge-2/0/0 and then click Edit. A pop-up windowappears.
3. In the Description box, type the description for the SFP Mini-PIM.
4. In the MTU box, type 9010.
5. Fromthe Speed list, select 100Mbps.
6. Fromthe Link-mode list, select Full-duplex.
7. Select the Enable Auto-negotiation checkbox.
8. Select the Enable Per Unit Scheduler checkbox.
9. Click OK.
Disabling the InterfaceTo disable the 1Port Gigabit Ethernet SFP Mini-PIMusing
J-Web,
1. Select Configure > Interfaces .
2. Under Interface, select ge-2/0/0 and then click Disable.
Configuring Logical PropertiesTo quickly configure the physical properties of a 1-Port
Gigabit Ethernet SFP Mini-PIMusing J-Web, use the following steps:
1. Select Configure > Interfaces.
2. Under Interface, select ge-2/0/0.0, and then click Add Logical Interface. A pop-up
windowappears.
3. In the Unit box, type 0.
4. In the Description box, type a description for the SFP Mini-PIM.
5. Fromthe Zone list, select untrust.
6. To edit the family protocol type to the Mini-PIMinterfaces, select the IPv4 tab, and
then select Enable address configuration.
7. Click Add, and then type IPv4 address.
8. Click OK.
EditingLogical PropertiesToquickly configurethephysical properties of a1-Port Gigabit
Ethernet SFP Mini-PIMusing J-Web:
1. Under Interface, select the logical interface added to the 1-Port Gigabit Ethernet SFP
Mini-PIMand then click Edit. A pop-up windowappears.
2. Under Interface, select ge-2/0/0.0, and then click Edit Logical Interface. A pop-up
windowappears.
3. Fromthe Zone list, select trust.
Copyright 2010, Juniper Networks, Inc. 74
Junos OS Interfaces Configuration Guide for Security Devices
4. To enable DHCP client on the interface, select the IPv4 tab and then select Enable
DHCP.
5. Click OK.
NOTE: You cannot add or edit Description and Unit for a logical interface.
Deleting the Logical InterfaceTo delete the logical interface of 1Port Gigabit Ethernet
SFP Mini-PIMusing J-Web,
1. Select Configure > Interfaces.
2. Under Interface, select ge-2/0/0.0, and then click Delete.
Step-by-Step
Procedure
Configuring the 1Port Gigabit Ethernet SFP Mini-PIMUsing the CLI Configuration
Editor
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To performbasic configuration for the 1-Port Gigabit Ethernet SFP Mini-PIM:
1. Configure the interface.
[edit]
user@host# edit interfaces ge-2/0/0
2. Set the operating link-mode full-duplex speed of 100 Mbps for the SFP Mini-PIM.
[edit interfaces ge-2/0/0]
user@host# set link-mode full-duplex speed 100m
3. Assign the MTU value.
[edit interfaces ge-2/0/0]
user@host# set mtu 9010
4. Add the logical interface.
[edit interfaces ge-2/0/0]
user@host# set unit 0family inet address 14.1.1.1/24
5. Set the link options.
[edit interfaces ge-2/0/0]
user@host# set gigether-options no-loopback
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
ge-2/0/0 command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
[edit]
user@host# showinterfaces ge-2/0/0
mtu 9010;
75 Copyright 2010, Juniper Networks, Inc.
Chapter 4: 1-Port Gigabit Ethernet SFP Mini-PIM
speed 100m;
gigether-options {
no-loopback;
}
unit 0 {
family inet {
14.1.1.1/24
}
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying That the Correct Hardware Is Installed on page 76
Verifying the FPC Status on page 77
Verifying the Interface Settings on page 77
Verifying That the Correct Hardware Is Installed
Purpose Verify that the 1-Port Gigabit Ethernet SFP Mini-PIMis installed on the device.
Action Fromoperational mode, enter the showchassis hardware command.
user@host> show chassis hardware detail
Hardware inventory:
Item Version Part number Serial number Description
Chassis AG0309AA0004 SRX240b
Routing Engine REV 16 750-021792 VL3180 RE-SRX240B
da0 999 MB ST72682 Nand Flash
usb0 (addr 1) DWC OTG root hub 0 vendor 0x0000 uhub0
usb0 (addr 2) product 0x005a 90 vendor 0x0409 uhub1
usb0 (addr 3) ST72682 High Speed Mode 64218 STMicroelectronics umass0
FPC 0 FPC
PIC 0 16x GE Base PIC
FPC 1 750-023367 112009000278 FPC
PIC 0 1x T1E1 mPIM
FPC 2 REV 00 750-03273 AABC5081 FPC
PIC 0 1x GE High-Perf SFP mPIM
Xcvr 0 REV 02 740-011612 9101465 SFP-T
FPC 4 750-029145 122009000061 FPC
PIC 0 1x GE SFP mPIM
Xcvr 0 REV 01 740-011782 PBL0C3T SFP-SX
Power Supply 0
Meaning Verify that the output contains the following values:
FPC 2, PIC 01x GE High-Perf SFP mPIM
FPC 4, PIC 01x GE SFP mPIM
Copyright 2010, Juniper Networks, Inc. 76
Junos OS Interfaces Configuration Guide for Security Devices
NOTE: In the example shown above, the output for 1-Port SFPMini-Physical
Interface Module is displayed as 1X GE SFP mPIMand the output for 1-Port
Gigabit Ethernet SFP Mini-Physical Interface Module is displayed as 1X GE
High-Perf SFP mPIM.
NOTE: The1-Port GESFPMini-PIMisinstalledinthesecondslot of thedevice
chassis; therefore the output displayed is 1x GE High-Perf SFPmPIMand the
Flexible PIC Concentrator (FPC) used here is fpc 2.
The 1-Port SFP Mini-PIMis installed in the fourth slot of the device chassis;
therefore the output displayed is 1x GE SFP mPIMand Flexible PIC
Concentrator (FPC) used here is fpc 4.
Verifying the FPC Status
Purpose Verify the FPC status.
Action Fromoperational mode, enter the showchassis fpc command.
show@host> show chassis fpc
Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Online -------------------- CPU less FPC --------------------
1 Online -------------------- CPU less FPC --------------------
2 Online -------------------- CPU less FPC --------------------
3 Empty
4 Online -------------------- CPU less FPC --------------------
Meaning The output should showthe FPC status as online.
The 1-Port SFP Mini-PIMis installed in the fourth slot of the device chassis; the output
shows the FPC status for slot 4 as online.
The 1-Port Gigabit Ethernet SFP Mini-PIMis installed in the second slot of the device
chassis; the output shows the FPC status for slot 2 as online.
Verifying the Interface Settings
Purpose Verify that the interface is configured as expected.
Action Fromoperational mode, enter the showinterface ge-2/0/0 command.
user@host# run show interfaces ge-2/0/0
Physical interface: ge-2/0/0, Enabled, Physical link is Up
Interface index: 156, SNMP ifIndex: 552
Link-level type: Ethernet, MTU: 9010, Link-mode: Full-duplex, Speed: 100mbps,
BPDU Error: None, MAC-REWRITE Error: None,
77 Copyright 2010, Juniper Networks, Inc.
Chapter 4: 1-Port Gigabit Ethernet SFP Mini-PIM
Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Current address: 00:22:83:99:ac:f2, Hardware address: 00:22:83:99:ac:f2
Last flapped : 2010-08-17 12:20:33 UTC (00:00:20 ago)
Input rate : 0 bps (0 pps)
Output rate : 0 bps (0 pps)
Active alarms : None
Active defects : None
Logical interface ge-2/0/0.0 (Index 88) (SNMP ifIndex 557)
Flags: SNMP-Traps Encapsulation: ENET2
Input packets : 108
Output packets: 1
Security: Zone: Null
Protocol inet, MTU: 8996
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 14.1.1/24, Local: 14.1.1.1, Broadcast: 14.1.1.255
Meaning Verify the following information in the command output:
Physical interfacege-2/0/0, Enabled, Physical link is Up
MTU9010; Link-modeFull-duplex
Speed100 Mbps
LoopbackDisabled
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces
Understanding the 1-Port Gigabit Ethernet SFP Mini-PIMon page 71
Copyright 2010, Juniper Networks, Inc. 78
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 5
2-Port 10-Gigabit Ethernet XPIM
Understanding the 2-Port 10-Gigabit Ethernet XPIMon page 79
Example: Configuring the 2-Port 10-Gigabit Ethernet XPIMInterface on page 82
Understanding the 2-Port 10-Gigabit Ethernet XPIM
The 10-Gigabit Ethernet (also known as 10GBASE-T or IEEE 802.3an) is a
telecommunication technology that offers data speeds up to 10 billion bits per second
over unshielded or shielded twisted pair cables.
The 2-Port 10-Gigabit Ethernet Physical Interface Module (XPIM) is a 2 x 10GBASE-T /
SFP+ XPIMline card. (SFP+ is a fiber optic transceiver module designed for 10-Gigabit
Ethernet and 8.5 Gbps-fiber channel systems.) The 2-Port 10-Gigabit Ethernet XPIM
provides a front-end interface connection that includes the following ports:
2 X copper ports. The copper ports support 10GBASE-T running with CAT6A or CAT7
Ethernet cable for up to 100 meters.
2 X fiber (SFP+) ports. The fiber ports support SFP+ multiple 10G modules.
The 2-Port 10-Gigabit Ethernet XPIMprovides interconnects for LANs, WANs, and
metropolitan area networks (MANs). The XPIMprovides multiple service levels (1Gigabit
Ethernet to 10-Gigabit Ethernet in increments) and a single connection option for a wide
range of customer needs and applications.
This topic includes the following sections:
Supported Features on page 80
Interface Names and Settings on page 80
Copper and Fiber Operating Modes on page 80
Link Speeds on page 81
Link Settings on page 81
79 Copyright 2010, Juniper Networks, Inc.
Supported Features
The following features are supported on the 2-Port 10-Gigabit Ethernet XPIM:
Multiple SFP+ 10G modules and the following SFP modules:
SFPP-10GE-SR
SFPP-10GE-LR
SFPP-10GE-ER
SFPP-10GE-LRM
Copper TWIN-AX 1Mand Copper TWIN-AX 3M
Online Insertion and Removal (OIR ) functionality
Link speeds of up to 10-Gbps
Full-duplex and half-duplex modes
Flowcontrol
Autonegotiation and autosensing
Quality of service (QoS)
Interface Names and Settings
The following format is used to represent the 2-Port 10-Gigabit Ethernet XPIMinterface
names:
type-fpc/pic/port
Where:
type Media type (xe)
fpc Number of the Flexible PIC Concentrator (FPC) card on which the physical
interface is located
pic Number of the PIC on which the physical interface is located (0)
port Specific port on a PIC (0 or 1)
Example: xe-6/0/0 or xe-2/0/0
By default, the interfaces on the ports on the uplink module installed on the device are
enabled. You can also specify the maximumtransmission unit (MTU) size for the Gigabit
Ethernet interface. Junos OS supports values from256 through 9216. The default MTU
for Gigabit Ethernet interfaces is 1514.
Copper and Fiber Operating Modes
On the 2-Port 10-Gigabit Ethernet XPIM, one copper port and one fiber port is grouped
together as port 0, and another copper port and fiber port are grouped as port 1. Only
Copyright 2010, Juniper Networks, Inc. 80
Junos OS Interfaces Configuration Guide for Security Devices
two ports can be active at the same time (one port fromport 0 and another port from
port 1).
The 2-Port 10-Gigabit Ethernet XPIMcan be configured to operate in two copper mode,
twofiber mode, or mixedmode (one copper andone fiber). Inmixedmode, the twoports
should be fromdifferent port groups (one port fromport 1 and the other fromport 2).
Link Speeds
The 2-Port 10-Gigabit Ethernet XPIMports support the following link speeds for copper
and fiber:
Copper10/100/1000 Mbps or 10Gbps (full-duplex). Half duplex is only for 10/100
Mbps.
Fiber1000 Mbps or 10 Gbps (full-duplex)
To set the link speeds, use the following options:
10mSets the link speed to 10 Mbps.
10gSets the link speed to 10 Gbps.
100mSets the link speed to 100 Mbps.
1gSets the link speed to 1 Gbps.
Link Settings
The 2-Port 10-Gigabit Ethernet XPIMincludes the following link settings:
802.3adSpecifies an aggregated Ethernet bundle.
auto-negotiationEnables autonegotiation of flowcontrol, link mode, and speed.
loopbackEnables loopback.
no-auto-negotiationDisables autonegotiation of flowcontrol, link mode, and speed.
no-loopbackDisables loopback.
By default, flowcontrol is enabled on all ports, a link speed of 10 Gbps in full duplex is
supported, autonegotiationis disabledonthefiber ports, andauto-negotiationis enabled
on copper ports.
NOTE: Auto-negotiationisnot supportedwhenthe2-Port 10-Gigabit Ethernet
XPIMis operating in fiber mode at a link speed of 10 Gbps.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces on page 33
Example: Configuring the 2-Port 10-Gigabit Ethernet XPIMInterface on page 82
81 Copyright 2010, Juniper Networks, Inc.
Chapter 5: 2-Port 10-Gigabit Ethernet XPIM
Example: Configuring the 2-Port 10-Gigabit Ethernet XPIMInterface
This example shows howto performbasic configuration for the 1-Port Gigabit Ethernet
SFP Mini-PIM.
Requirements on page 82
Overviewon page 82
Configuration on page 82
Verification on page 83
Requirements
Before you begin:
1. Establish basic connectivity. See the Getting Started Guide for your device.
2. Configure network interfaces as necessary. See Example: Creating an Ethernet
Interface on page 37.
Overview
In this example, you configure the xe-6/0/0 interface, set the operating mode to copper
mode, set the operating speed to 10 Gbps, and define a logical interface that you can
connect to the 2-Port 10-Gigabit Ethernet XPIM. Additionally, you set the MTU value to
1514, set the link option to no loopback, and enable the interface.
Configuration
CLI Quick
Configuration
To quickly configure a 2-Port 10-Gigabit Ethernet XPIM, copy the following commands
and paste theminto the CLI.
[edit]
set interfaces xe-6/0/0media-type copper speed 10g unit 0family inet mtu 1514
set interface xe-6/0/0gigether-options no-loopback
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To performbasic configuration for the 2-Port 10-Gigabit Ethernet XPIM:
1. Configure the interface.
[edit]
user@host# edit interfaces xe-6/0/0
2. Configure the operating mode.
[edit interfaces xe-6/0/0]
user@host# set media-type copper
3. Set the operating speed for the XPIM.
[edit interfaces xe-6/0/0]
Copyright 2010, Juniper Networks, Inc. 82
Junos OS Interfaces Configuration Guide for Security Devices
user@host# set speed 10g
4. Add the logical interface.
[edit interfaces xe-6/0/0]
user@host# set unit 0family inet
5. Assign the MTU value.
[edit interfaces xe-6/0/0]
user@host# set unit 0family inet mtu 1514
6. Set the link options.
[edit interfaces xe-6/0/0]
user@host# set gigether-options no-loopback
7. Enable the interface.
[edit interfaces xe-6/0/0]
user@host# set enable
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
xe-6/0/0 command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
[edit]
user@host# showinterfaces xe-6/0/0
speed 10g;
media-type copper;
gigether-options {
no-loopback;
}
unit 0 {
family inet {
mtu 1514;
}
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying That the Correct Hardware Is Installed on page 83
Verifying the FPC Status on page 84
Verifying the Interface Settings on page 84
Verifying That the Correct Hardware Is Installed
Purpose Verify that the 2-Port 10-Gigabit Ethernet XPIMis installed on the device.
Action Fromoperational mode, enter the showchassis hardware command.
Hardware inventory:
Item Version Part number Serial number Description
Chassis AJ0309AC0047 SRX650
83 Copyright 2010, Juniper Networks, Inc.
Chapter 5: 2-Port 10-Gigabit Ethernet XPIM
Midplane REV 04 710-023875 TV3993
System IO REV 04 710-023209 TV4035 SRXSME System IO
Routing Engine REV 01 710-023224 DT5109 RE-SRXSME-SRE6
FPC 0 FPC
PIC 0 4x GE Base PIC
FPC 2 FPC
PIC 0 2x 10G gPIM
FPC 6 FPC
PIC 0 2x 10G gPIM
Power Supply 0 REV 01 740-024283 TA00049WSSSS PS 645W AC
Meaning Verify that the output contains the following values:
FPC 2 , PIC 02x 10G gPIM
FPC 6, PIC 02x 10G gPIM
Verifying the FPC Status
Purpose Verify the FPC status.
Action Fromoperational mode, enter the showchassis fpc command.
Temp CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt DRAM (MB) Heap Buffer
0 Online -------------------- CPU less FPC --------------------
1 Empty
2 Online -------------------- CPU less FPC --------------------
3 Empty
4 Empty
5 Empty
6 Online -------------------- CPU less FPC --------------------
7 Empty
8 Empty
Meaning The output should display FPC status as online.
NOTE: The 2-Port 10-Gigabit Ethernet XPIMis installed in the second and
sixth slot of the SRX650 device chassis; therefore the FPC used here is fpc
2 and fpc 6.
Verifying the Interface Settings
Purpose Verify that the interface is configured as expected.
Action Fromoperational mode, enter the showinterface xe-6/0/0 command.
Physical interface: xe-6/0/0, Enabled, Physical link is Up
Interface index: 144, SNMP ifIndex: 501
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 10Gbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Device flags : Present Running
Copyright 2010, Juniper Networks, Inc. 84
Junos OS Interfaces Configuration Guide for Security Devices
6 Copyright 2010, Juniper Networks, Inc.
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Current address: 00:1f:12:e0:80:a8, Hardware address: 00:1f:12:e0:80:a8
Last flapped : 1970-01-01 00:34:22 PST (07:26:29 ago)
Input rate : 0 bps (0 pps)
Output rate : 0 bps (0 pps)
Active alarms : None
Active defects : None
Logical interface xe-6/0/0.0 (Index 72) (SNMP ifIndex 503)
Flags: SNMP-Traps Encapsulation: ENET2
Input packets : 25
Output packets: 25
Security: Zone: HOST
Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp nhrp
ospf pgm pim rip router-discovery rsvp sap vrrp
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.10.10/24, Local: 10.10.10.10, Broadcast: 10.10.10.255
Meaning Verify the following information in the command output:
Physical interfacexe-6/0/0, Enabled, Physical link is Up
MTU1514; Link-modeFull-duplex
Speed10 Gbps
LoopbackDisabled
FlowcontrolEnabled
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding the 2-Port 10-Gigabit Ethernet XPIMon page 79
85 Copyright 2010, Juniper Networks, Inc.
Chapter 5: 2-Port 10-Gigabit Ethernet XPIM
Copyright 2010, Juniper Networks, Inc. 86
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 6
Power over Ethernet
Understanding Power over Ethernet on page 87
Example: Configuring PoE on All Interfaces on page 90
Example: Configuring PoE on an Individual Interface on page 92
Example: Disabling a PoE Interface on page 95
Understanding Power over Ethernet
Power over Ethernet (PoE) is the implementation of the IEEE 802.3 AF and IEEE 802.3
AT standards that allowboth data and electrical power to pass over a copper Ethernet
LAN cable.
The SRX Series devices support PoE on Ethernet ports. PoE ports transfer electrical
power and data to remote devices over standard twisted-pair cable in an Ethernet
network. PoE ports allowyou to plug in devices that require both network connectivity
and electrical power, such as VoIP and IP phones and wireless LAN access points.
You can configure the SRX Series device to act as power sourcing equipment (PSE),
supplying power to powered devices that are connected on designated ports.
This topic contains the following sections:
SRX Series Services Gateway PoE Specifications on page 87
PoE Classes and Power Ratings on page 88
PoE Options on page 89
SRX Series Services Gateway PoE Specifications
Table 13 on page 87 lists the PoE specifications for the SRX210, SRX240 and SRX650
devices
Table13: PoESpecificationsfor theSRX210, SRX240andSRX650Devices
For SRX650 Device For SRX240 Device For SRX210 Devices Specifications
IEEE 802.3 AF
IEEE802.3AT(PoE+)
Legacy
(pre-standards)
IEEE 802.3 AF
IEEE802.3AT(PoE+)
Legacy
(pre-standards)
IEEE 802.3 AF
Legacy
(pre-standards)
Supported
standards
87 Copyright 2010, Juniper Networks, Inc.
Table 13: PoE Specifications for the SRX210, SRX240and SRX650
Devices (continued)
For SRX650 Device For SRX240 Device For SRX210 Devices Specifications
Supported on the
following ports:
Slot 2 or 6 on 16
Gigabit Ethernet ports
ge-2/0/0to
ge-2/0/15
ge-6/0/0to
ge-6/0/15
Slot 2 or 6 on 24
Gigabit Ethernet ports
ge-2/0/0to
ge-2/0/23
ge-6/0/0to
ge-6/0/23
Supported on all 16
Gigabit Ethernet ports
(ge-0/0/0 to
ge-0/0/15).
Supported on two
Gigabit Ethernet ports
and two Fast Ethernet
ports (ge-0/0/0,
ge-0/0/1, fe-0/0/2, and
fe-0/0/3).
Supported
ports
The 645 watts AC and
645 watts DC power
supplies support the
following capacities:
250 watts on a single
power supply, or with
redundancy usingthe
two-power-supply
option.
500 watts with the
two-power-supply
option operating as
nonredundant.
150 W 50 W Total PoE
power sourcing
capacity
15.4 W 15.4 W 15.4 W Default per port
power limit
30 W 30 W 30 W Maximumper
port power limit
Static: Power
allocated for each
interface can be
configured.
Class: Power
allocated for
interfaces is basedon
the class of powered
device connected.
Static: Power
allocated for each
interface can be
configured.
Class: Power
allocated for
interfaces is basedon
the class of powered
device connected.
Static: Power
allocated for each
interface can be
configured.
Class: Power
allocated for
interfaces is basedon
the class of powered
device connected.
Power
management
modes
PoE Classes and Power Ratings
A powered device is classified based on the maximumpower that it draws across all
input voltages and operational modes. When class-based power management mode is
Copyright 2010, Juniper Networks, Inc. 88
Junos OS Interfaces Configuration Guide for Security Devices
configuredontheSRXSeriesdevices, power isallocatedtakingintoaccount themaximum
power ratings defined for the different classes of devices.
Table 14 on page 89 lists the classes and their power ratings as specified by the IEEE
standards.
Table 14: SRX Series Devices PoE Specifications
MinimumPower Levels
Output fromPoE Port Usage Class
15.4 W Default 0
4.0 W Optional 1
7.0 W Optional 2
15.4 W Optional 3
Class 4 power devices are
eligible to receive power up to
30 Waccording to IEEE
standards.
Reserved 4
PoE Options
When configuring PoE, you must enable the PoE interface in order for the port to provide
power to a connected, powered device. In addition, you can configure the following PoE
features:
Port prioritySets port priority. When it is not possible to maintain power to all
connectedports, lower priority ports are poweredoff before higher priority ports. When
anewdeviceis connectedonahigher-priority port, alower priority port will bepowered
off automatically if available power is insufficient to power on the higher priority port.
(For the ports with the same priority configuration, ports on the left are given higher
priority than the ports on the right.)
Maximumavailable wattage power available to a portSets the maximumamount
of power that can be supplied to the port. The default wattage per port is 15.4 watts.
PoE power consumption loggingAllows logging of per-port PoE power consumption.
Thetelemetries sectionmust beexplicitly specifiedtoenablelogging. If left unspecified,
telemetries is disabled by default. The default telemetry duration is 1 hour. The default
telemetry interval is 5 minutes.
PoE power management modeHas two modes:
ClassWhen a powered device is connected to a PoE port, the power allocated to
it is equal to the maximumpower for the class as defined by the IEEE standards.
89 Copyright 2010, Juniper Networks, Inc.
Chapter 6: Power over Ethernet
StaticWhen a powered device is connected to a PoE port, the power allocated to
it is equal to the maximumpower configured for the port.
Reserve powerReserves the specified amount of power for the gateway in case of a
spike in PoE consumption. The default is 0.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Ethernet Interfaces on page 33
Example: Configuring PoE on All Interfaces on page 90
Example: Configuring PoE on an Individual Interface on page 92
Example: Disabling a PoE Interface on page 95
Example: Configuring PoE on All Interfaces
This example shows howto configure PoE on all interfaces.
Requirements on page 90
Overviewon page 90
Configuration on page 90
Verification on page 91
Requirements
Before you begin, configure Ethernet interfaces. See Example: Creating an Ethernet
Interface on page 37.
Overview
This example shows howto configure PoE on all interfaces on a device. In this example,
you set the power port priority to lowand the maximumpower available to a port to 15.4
watts. Then you enable the PoE power consumption logging with the default telemetries
settings, and you set the PoE management mode to static. Finally, you set the reserved
power consumption to 15 watts in case of a spike in PoE consumption.
Configuration
CLI Quick
Configuration
To quickly configure PoE on all interfaces, copy the following commands andpaste them
into the CLI:
[edit]
set poe interface all priority lowmaximum-power 15.4 telemetries
set poe management static guard-band 15
Copyright 2010, Juniper Networks, Inc. 90
Junos OS Interfaces Configuration Guide for Security Devices
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure PoE on all interfaces:
1. Enable PoE.
[edit]
user@host# edit poe interface all
2. Set the power port priority.
[edit poe interface all]
user@host# set priority low
3. Set the maximumPoE wattage available for a port.
[edit poe interface all]
user@host# set maximum-power 15.4
4. Enable logging of PoE power consumption.
[edit poe interface all]
user@host# set telemetries
5. Set the PoE management mode.
[edit]
user@host# set poe management static
6. Reserve power wattage in case of a spike in PoE consumption.
[edit]
user@host# set poe guard-band 15
Results Fromconfiguration mode, confirmyour configuration by entering the showpoe interface
all command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
[edit]
user@host# showpoe interface all
priority low;
maximum-power 15.4;
telemetries;
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying the Status of PoE Interfaces on page 91
Verifying the Status of PoE Interfaces
Purpose Verify that the PoE interfaces on the device are enabled and set to the desired priority
settings. (The device used here is the SRX240 Services Gateway.)
91 Copyright 2010, Juniper Networks, Inc.
Chapter 6: Power over Ethernet
Action Fromoperational mode, enter the showpoe interface all command.
user@host> showpoe interface all
Interface Admin status Oper status Max power Priority Power consumption Class
ge-0/0/0 Enabled Searching 15.4W Low 0.0W 0
ge-0/0/1 Enabled Powered-up 15.4W High 6.6W 0
ge-0/0/2 Disabled Disabled 15.4W Low 0.0W 0
ge-0/0/3 Disabled Disabled 15.4W Low 0.0W 0
Meaning The showpoe interface all command lists PoE interfaces configured on the SRX 240
device, including information on status, priority, power consumption, and class. This
output shows that the device has four PoE interfaces of which two are enabled with
default values. One port has a device connected that is drawing power within expected
limits.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Power over Ethernet on page 87
Example: Configuring PoE on an Individual Interface on page 92
Example: Disabling a PoE Interface on page 95
Example: Configuring PoE on an Individual Interface
This example shows howto configure PoE on an individual interface.
Requirements on page 92
Overviewon page 92
Configuration on page 93
Verification on page 94
Requirements
Before you begin:
1. Configure Ethernet interfaces. See Example: Creating an Ethernet Interface on
page 37.
2. Configure PoE on all interfaces. See Example: Configuring PoE on All Interfaces on
page 90.
Overview
This example shows howto configure PoE on the ge-0/0/0 interface. In this example,
you set the power port priority to high and the maximumpower available to a port to 15.4
watts. Then you enable the PoE power consumption logging with the default telemetries
settings, and you set the PoE management mode to static. Finally, you set the reserved
power to 15 watts in case of a spike in PoE consumption.
Copyright 2010, Juniper Networks, Inc. 92
Junos OS Interfaces Configuration Guide for Security Devices
Configuration
CLI Quick
Configuration
To quickly configure PoE on an individual interface, copy the following commands and
paste theminto the CLI:
[edit]
set poe interface ge-0/0/0priority high maximum-power 15.4 telemetries
set poe management static guard-band 15
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure PoE:
1. Enable PoE.
[edit]
user@host# edit poe interface ge-0/0/0
2. Set the power port priority.
[edit poe interface ge-0/0/0]
user@host# set priority high
3. Set the maximumPoE wattage available for a port.
[edit poe interface ge-0/0/0]
user@host# set maximumpower 15.4
4. Enable logging of PoE power consumption.
[edit poe interface ge-0/0/0]
user@host# set telemetries
5. Set the PoE management mode.
[edit]
user@host# set poe management static
6. Reserve power wattage in case of a spike in PoE consumption.
[edit]
user@host# set poe guard-band 15
Results Fromconfiguration mode, confirmyour configuration by entering the showpoe interface
ge-0/0/0 command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
[edit]
user@host# showpoe interface ge-0/0/0
priority high;
maximum-power 15.4;
telemetries;
If you are done configuring the device, enter commit fromconfiguration mode.
93 Copyright 2010, Juniper Networks, Inc.
Chapter 6: Power over Ethernet
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying the Status of PoE Interfaces on page 94
Verifying the Telemetry Data (History) for the Specified Interface on page 94
Verifying PoE Global Parameters on page 95
Verifying the Status of PoE Interfaces
Purpose Verify that the PoE interfaces on the device are enabled and set to the desired priority
settings. (The device used here is the SRX240 Services Gateway.)
Action Fromoperational mode, enter the showpoe interface ge-0/0/1 command.
user@host> showpoe interface ge-0/0/1
PoE interface status:
PoE interface : ge-0/0/1
Administrative status : Enabled
Operational status : Powered-up
Power limit on the interface : 15.4 W
Priority : High
Power consumed : 6.6 W
Class of power device : 0
Meaning Theshowpoeinterfacege-0/0/1 commandlists PoEinterfaces configuredontheSRX240
device, with their status, priority, power consumption, and class.
Verifying the Telemetry Data (History) for the Specified Interface
Purpose Verify the PoE interface's power consumption over a specified period.
Action Fromoperational mode, enter the showpoe telemetries interface command.
For all records:
user@host> showpoe telemetries interface ge-0/0/1 all
Sl No Timestamp Power Voltage
1 Fri Jan 04 11:41:15 2009 5.1 W 47.3 V
2 Fri Jan 04 11:40:15 2009 5.1 W 47.3 V
3 Fri Jan 04 11:39:15 2009 5.1 W 47.3 V
4 Fri Jan 04 11:38:15 2009 0.0 W 0.0 V
5 Fri Jan 04 11:37:15 2009 0.0 W 0.0 V
6 Fri Jan 04 11:36:15 2009 6.6 W 47.2 V
7 Fri Jan 04 11:35:15 2009 6.6 W 47.2 V
For a specific number of records:
user@host> showpoe telemetries interface ge-0/0/1 5
Sl No Timestamp Power Voltage
1 Fri Jan 04 11:31:15 2009 6.6 W 47.2 V
2 Fri Jan 04 11:30:15 2009 6.6 W 47.2 V
3 Fri Jan 04 11:29:15 2009 6.6 W 47.2 V
4 Fri Jan 04 11:28:15 2009 6.6 W 47.2 V
5 Fri Jan 04 11:27:15 2009 6.6 W 47.2 V
Copyright 2010, Juniper Networks, Inc. 94
Junos OS Interfaces Configuration Guide for Security Devices
Meaning The telemetry status displays the power consumption history for the specified interface,
provided telemetry has been configured for that interface.
Verifying PoE Global Parameters
Purpose Verify global parameters such as guard band, power limit, and power consumption.
Action Fromoperational mode, enter the showpoe controller command.
user@host> showpoe controller
Controller Maximum Power Guard band Management
index power consumption
0 150.0 W 0.0 W 0 W Static
Meaning The showpoe controller command lists the global parameters configured on the SRX
Seriesdevicesuchascontroller index, maximumpower, power consumption, guardband,
and management mode along with their status.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Power over Ethernet on page 87
Example: Configuring PoE on All Interfaces on page 90
Example: Disabling a PoE Interface on page 95
Example: Disabling a PoE Interface
This example shows howto disable PoE on all interfaces or on a specific interface.
Requirements on page 95
Overviewon page 95
Configuration on page 96
Verification on page 96
Requirements
Before you begin:
Configure PoE on all interfaces. See Example: Configuring PoE on All Interfaces on
page 90.
ConfigurePoEonanindividual interface. SeeExample: ConfiguringPoEonanIndividual
Interface on page 92.
Overview
In this example, you disable PoE on all interfaces and on a specific interface, which in
this case is ge-0/0/0.
95 Copyright 2010, Juniper Networks, Inc.
Chapter 6: Power over Ethernet
Configuration
Step-by-Step
Procedure
To disable PoE on interfaces:
Disable PoE on all interfaces. 1.
[edit]
user@host# set poe interface all disable
2. Disable PoE on a specific interface.
[edit]
user@host# set poe interface ge-0/0/0disable
3. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showpoe interface command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Power over Ethernet on page 87
Copyright 2010, Juniper Networks, Inc. 96
Junos OS Interfaces Configuration Guide for Security Devices
PART 3
DS1 and DS3 Interfaces
DS1 and DS3 Interfaces on page 99
Channelized Interfaces on page 115
97 Copyright 2010, Juniper Networks, Inc.
Copyright 2010, Juniper Networks, Inc. 98
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 7
DS1 and DS3 Interfaces
DS1 Interfaces on page 99
DS3 Interfaces on page 106
DS1 Interfaces
Understanding T1 and E1 Interfaces on page 99
Example: Configuring a T1 Interface on page 102
Example: Deleting a T1 Interface on page 105
Understanding T1 and E1 Interfaces
T1 and E1 are equivalent digital data transmission formats that carry DS1 signals. T1 and
E1 lines can be interconnected for international use.
This topic contains the following sections:
T1 Overviewon page 99
E1 Overviewon page 100
T1 and E1 Signals on page 100
Encoding on page 100
T1 and E1 Framing on page 101
T1 and E1 Loopback Signals on page 102
T1 Overview
T1 isadigital datatransmissionmediumcapableof handling24simultaneousconnections
running at a combined 1.544 Mbps. T1 combines these 24 separate connections, called
channels or time slots, onto a single link. T1 is also called DS1.
The T1 data streamis broken into frames. Each frame consists of a single framing bit and
24 8-bit channels, totaling 193 bits per T1 frame. Frames are transmitted 8,000 times
per second, at a data transmission rate of 1.544 Mbps (8,000 x 193 = 1.544 Mbps).
As each frame is received and processed, the data in each 8-bit channel is maintained
with the channel data fromprevious frames, enabling T1 traffic to be separated into
24separate flows across a single medium. For example, in the following set of 4-channel
99 Copyright 2010, Juniper Networks, Inc.
frames (without a framing bit), the data in channel 1 consists of the first octet of each
frame, the data in channel 2 consists of the second octet of each frame, and so on:
Chan. 1 Chan. 2 Chan. 3 Chan. 4
Frame 1 [10001100][00110001][11111000][10101010]
Frame 2 [11100101][01110110][10001000][11001010]
Frame 3 [00010100][00101111][11000001][00000001]
E1 Overview
E1 is theEuropeanformat for DS1 digital transmission. E1 links aresimilar toT1 links except
that they carry signals at 2.048 Mbps. Each signal has 32 channels, and each channel
transmits at 64 Kbps. E1 links have higher bandwidth than T1 links because they use all
8 bits of a channel. T1 links use 1 bit in each channel for overhead.
T1 and E1 Signals
T1 and E1 interfaces consist of two pairs of wiresa transmit data pair and a receive data
pair. Clocksignals, whichdeterminewhenthetransmitteddatais sampled, areembedded
in the T1 and E1 transmissions.
Typical digital signals operate by sending either zeros (0s) or ones (1s), which are usually
represented by the absence or presence of a voltage on the line. The receiving device
need only detect the presence of the voltage on the line at the particular sampling edge
to determine whether the signal is 0or 1. T1 and E1, however, use bipolar electrical pulses.
Signals are represented by no voltage (0), positive voltage (1), or negative voltage (1).
The bipolar signal allows T1 and E1 receivers to detect error conditions in the line,
depending on the type of encoding that is being used.
Encoding
The following are common T1 and E1 encoding techniques:
Alternate mark inversion (AMI)T1 and E1
Bipolar with 8-zero substitution (B8ZS)T1 only
High-density bipolar 3 code (HDB3)E1 only
AMI Encoding
AMI encoding forces the 1s signals on a T1 or E1 line to alternate between positive and
negativevoltages for eachsuccessive1 transmission, as inthis sampledatatransmission:
1 1 0 1 0 1 0 1
+ - 0 + 0 - 0 +
When AMI encoding is used, a data transmission with a long sequence of 0s has no
voltage transitions on the line. In this situation, devices have difficulty maintaining clock
synchronization, because they rely on the voltage fluctuations to constantly synchronize
with the transmitting clock. To counter this effect, the number of consecutive 0s in a
datastreamis restrictedto15. This restrictionis calledthe1s density requirement, because
it requires a certain number of 1s for every 15 0s that are transmitted.
On an AMI-encoded line, two consecutive pulses of the same polarityeither positive or
negativeare called a bipolar violation (BPV), which is generally flagged as an error.
Copyright 2010, Juniper Networks, Inc. 100
Junos OS Interfaces Configuration Guide for Security Devices
B8ZS and HDB3 Encoding
Neither B8ZS nor HDB3 encoding restricts the number of 0s that can be transmitted on
aline. Instead, theseencodingmethodsdetect sequencesof 0sandsubstitutebit patterns
for the sequences to provide the signal oscillations required to maintain timing on the
link.
The B8ZS encoding method for T1 lines detects sequences of eight consecutive 0
transmissions and substitutes a pattern of two consecutive BPVs (11110000). Because
the receiving end uses the same encoding, it detects the BPVs as 0s substitutions, and
no BPV error is flagged. A single BPV, which does not match the 11110000 substitution
bit sequence is likely to generate an error, depending on the configuration of the device.
The HDB3 encoding method for E1 lines detects sequences of four consecutive 0
transmissions andsubstitutes asingleBPV(1100). Similar toB8ZSencoding, thereceiving
device detects the 0s substitutions and does not generate a BPV error.
T1 and E1 Framing
J Series Services Router T1 interfaces use two types of framing: superframe (D4) and
extended superframe (ESF). E1 interfaces use G.704 framing or G.704 with no CRC4
framing, or can be in unframed mode.
Superframe (D4) Framing for T1
AD4frameconsists of 192databits: 248-bit channels andasingleframingbit. Thesingle
framing bit is part of a 12-bit framing sequence. The 193rd bit in each T1 frame is set to a
value, andevery 12consecutiveframes areexaminedtodeterminetheframingbit pattern
for the 12-bit superframe.
The following sample 12-frame sequence shows the framing pattern for D4 framing:
[data bits][framing bit]
[xxxxxxxxx][1]
[xxxxxxxxx][0]
[xxxxxxxxx][0]
[xxxxxxxxx][0]
[xxxxxxxxx][1]
[xxxxxxxxx][1]
[xxxxxxxxx][0]
[xxxxxxxxx][1]
[xxxxxxxxx][1]
[xxxxxxxxx][1]
[xxxxxxxxx][0]
[xxxxxxxxx][0]
The10001101110012-bit patternis repeatedineachsuccessivesuperframe. Thereceiving
device detects these bits tosynchronize withthe incoming datastreamandtodetermine
when the framing pattern begins and ends.
D4 framing requires the 8th bit of every byte (of every channel) within the frame to be
set to 1, a process known as bit robbing. The bit-robbing requirement ensures that the 1s
density requirements aremet, regardless of thedatacontents of theframes, but it reduces
the bandwidth on the T1 link by an eighth.
101 Copyright 2010, Juniper Networks, Inc.
Chapter 7: DS1 and DS3 Interfaces
ESF Framing for T1
ESF extends the D4 superframe from12 frames to 24 frames. By expanding the size of
thesuperframe, ESFincreases thenumber of bits inthesuperframeframingpatternfrom
12 to 24. The extra bits are used for frame synchronization, error detection, and
maintenance communications through the facilities data link (FDL).
The ESF pattern for synchronization bits is 001011. Only the framing bits fromframes 4,
8, 12, 16, 20, and 24 in the superframe sequence are used to create the synchronization
pattern.
The framing bits fromframes 2, 6, 10, 14, 18, and 22 are used to pass a CRCcode for each
superframe block. The CRC code verifies the integrity of the received superframe and
detects bit errors with a CRC6 algorithm.
The framing bits for frames 1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, and 23 are used for the data link
channel. These 12 bits enable the operators at the network control center to query the
remote equipment for information about the performance of the link.
T1 and E1 Loopback Signals
The control signal on a T1 or E1 link is the loopback signal. Using the loopback signal, the
operators at the network control center can force the device at the remote end of a link
to retransmit its received signals back onto the transmit path. The transmitting device
can then verify that the received signals match the transmitted signals, to perform
end-to-end checking on the link.
Two loopback signals are used to performthe end-to-end testing:
The loop-up command signal sets the link into loopback mode, with the following
command pattern:
...100001000010000100...
The loop-downsignal returns the link toits normal mode, withthe followingcommand
pattern:
...100100100100100100...
While the link is in loopback mode, the operator can insert test equipment onto the line
to test its operation.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
T1 Interfaces Overviewin the Junos OS Network Interfaces Configuration Guide
E1 Interfaces Overviewin the Junos OS Network Interfaces Configuration Guide
Example: Configuring a T1 Interface
This example shows howto complete the initial configuration on a T1 interface.
Requirements on page 103
Overviewon page 103
Copyright 2010, Juniper Networks, Inc. 102
Junos OS Interfaces Configuration Guide for Security Devices
Configuration on page 103
Verification on page 104
Requirements
Before you begin, install a PIM, connect the interface cables to the ports, and power on
the device. See Understanding the 2-Port 10-Gigabit Ethernet XPIM on page 79.
Overview
This example describes the initial configurationthat youmust complete oneachnetwork
interface. In this example, you configure the t1-1/0/0 interface as follows:
You create the basic configuration for the newinterface by setting the encapsulation
typetoppp. Youcanenter additional values for physical interfaceproperties as needed.
You set the logical interface to 0. Note that the logical unit number can range from0
through 16,384. You can enter additional values for properties you need to configure
on the logical interface, such as logical encapsulation or protocol family.
Configuration
CLI Quick
Configuration
To quickly configure a T1 interface, copy the following commands and paste theminto
the CLI:
[edit]
set interfaces t1-1/0/0encapsulation ppp unit 0
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure a T1 interface:
1. Create the interface.
[edit]
user@host# edit interfaces t1-1/0/0
2. Create the basic configuration for the newinterface.
[edit interfaces t1-1/0/0]
user@host#set encapsulation ppp
3. Add logical interfaces.
[edit interfaces t1-1/0/0]
user@host# set unit 0
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
For brevity, this showinterfaces command output includes only the configuration that is
relevant to this example. Any other configuration on the systemhas been replaced with
ellipses (...).
103 Copyright 2010, Juniper Networks, Inc.
Chapter 7: DS1 and DS3 Interfaces
[edit]
...
t1-1/0/0 {
encapsulation ppp;
unit 0;
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying the Link State of All Interfaces on page 104
Verifying Interface Properties on page 104
Verifying the Link State of All Interfaces
Purpose By using the ping tool on each peer address in the network, verify that all interfaces on
the device are operational.
Action For each interface on the device:
1. In the J-Web interface, select Troubleshoot>Ping Host.
2. In the Remote Host box, type the address of the interface for which you want to verify
the link state.
3. Click Start. The output appears on a separate page.
PING 10.10.10.10 : 56 data bytes
64 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=0.382 ms
64 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=0.266 ms
Meaning If the interface is operational, it generates an ICMP response. If this response is received,
the round-trip time, in milliseconds, is listed in the time field. For more information about
the output, see the Junos OS Administration Guide for Security Devices.
Verifying Interface Properties
Purpose Verify that the interface properties are correct.
Action Fromthe operational mode, enter the showinterfaces detail command.
Meaning The output shows a summary of interface information. Verify the following information:
The physical interface is Enabled. If the interface is shown as Disabled, do one of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
t1-1/0/0] level of the configuration hierarchy.
Copyright 2010, Juniper Networks, Inc. 104
Junos OS Interfaces Configuration Guide for Security Devices
In the J-Web configuration editor, clear the Disable check box on the Interfaces>
t1-1/0/0 page.
The physical link is Up. A link state of Down indicates a problemwith the interface
module, interface port, or physical connection (link-layer errors).
The Last Flapped time is an expected value. It indicates the last time the physical
interface became unavailable andthen available again. Unexpectedflapping indicates
likely link-layer errors.
The traffic statistics reflect expected input and output rates. Verify that the number
of inbound and outbound bytes and packets matches expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics t1-1/0/0 command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
ping in the Junos SystemBasics and Services Command Reference
showinterfaces detail in the Junos Interfaces Command Reference
Configuring T1 Physical Interface Properties in the Junos OS Network Interfaces
Configuration Guide
Configuring E1 Physical Interface Properties in the Junos OS Network Interfaces
Configuration Guide
Example: Deleting a T1 Interface
This example shows howto delete a T1 interface.
Requirements on page 105
Overviewon page 105
Configuration on page 106
Verification on page 106
Requirements
No special configuration beyond device initialization is required before configuring an
interface.
Overview
In this example, you delete the t1-1/0/0 interface.
NOTE: Performing this action removes the interface fromthe software
configuration and disables it. Network interfaces remain physically present,
and their identifiers continue to appear on the J-Web pages.
105 Copyright 2010, Juniper Networks, Inc.
Chapter 7: DS1 and DS3 Interfaces
Configuration
Step-by-Step
Procedure
To delete a T1 interface:
Specify the interface you want to delete. 1.
[edit interfaces]
user@host# delete t1-1/0/0
2. If you are done configuring the device, commit the configuration.
[edit interfaces]
user@host# commit
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding T1 and E1 Interfaces on page 99
DS3 Interfaces
Understanding T3 and E3 Interfaces on page 106
Example: Configuring a T3 Interface on page 111
Example: Deleting a T3 Interface on page 114
Understanding T3 and E3 Interfaces
T3 is a high-speed data-transmission mediumformed by multiplexing 28 DS1 signals
into seven separate DS2 signals, and combining the DS2 signals into a single DS3 signal.
T3 links operate at 43.736 Mbps. T3 is also called DS3.
E3 is the equivalent European transmission format. E3 links are similar to T3 (DS3) links,
but carry signals at 34.368 Mbps. Each signal has 16 E1 channels, and each channel
transmits at 2.048 Mbps. E3 links use all 8 bits of a channel, whereas T3 links use 1 bit in
each channel for overhead.
Multiplexing DS1 Signals on page 106
DS2 Bit Stuffing on page 107
DS3 Framing on page 107
Multiplexing DS1 Signals
Four DS1 signals combine to forma single DS2 signal. The four DS1 signals forma single
DS2 M-frame, which includes subframes M1 through M4. Each subframe has six 49-bit
blocks, for a total of 294 bits per subframe. The first bit in each block is a DS2 overhead
(OH) bit. The remaining 48 bits are DS1 information bits.
Figure 5 on page 107 shows the DS2 M-frame format.
Copyright 2010, Juniper Networks, Inc. 106
Junos OS Interfaces Configuration Guide for Security Devices
Figure 5: DS2 M-Frame Format
The four DS2 subframes are not four DS1 channels. Instead, the DS1 data bits within the
subframes areformedby datainterleavedfromtheDS1 channels. The0
n
values designate
time slots devoted to DS1 inputs as part of the bit-by-bit interleaving process. After every
48 DS1 information bits (12 bits fromeach signal), a DS2 OH bit is inserted to indicate
the start of a subframe.
DS2 Bit Stuffing
Because the four DS1 signals are asynchronous signals, they might operate at different
line rates. To synchronize the asynchronous streams, the multiplexers on the line use bit
stuffing.
A DS2 connection requires a nominal transmit rate of 6.304 Mbps. However, because
multiplexers increase the overall output rate to the intermediate rate of 6.312 Mbps, the
output rate is higher than individual input rates on DS1 signals. The extra bandwidth is
used to stuff the incoming DS1 signals with extra bits until the output rate of each signal
equals the increased intermediate rate. These stuffed bits are inserted at fixed locations
in the DS2 M-frame. When DS2 frames are received and the signal is demultiplexed, the
stuffing bits are identified and removed.
DS3 Framing
A set of four DS1 signals is multiplexed into seven DS2 signals, which are multiplexed
into a single DS3 signal. The multiplexing occurs just as with DS1-to-DS2 multiplexing.
The resulting DS3 signal uses either the standard M13 asynchronous framing format or
the C-bit parity framing format. Although the two framing formats differ in their use of
control and message bits, the basic frame structures are identical. The DS3 frame
structures are shown in Figure 6 on page 108 and Figure 7 on page 109.
M13 Asynchronous Framing
ADS3 M-frame includes seven subframes, formed by DS2 data bits interleaved fromthe
seven multiplexed DS2 signals. Each subframe has eight 85-bit blocksa DS3 OH bit
107 Copyright 2010, Juniper Networks, Inc.
Chapter 7: DS1 and DS3 Interfaces
plus 84 data bits. The meaning of an OHbit depends on the block it precedes. Standard
DS3 M13 asynchronous framing format is shown in Figure 6 on page 108.
Figure 6: DS3 M13 Frame Format
A DS3 M13 M-frame contains the following types of OH bits:
Framing bits (F-bits)Make up a frame alignment signal that synchronizes DS3
subframes. EachDS3framecontains 28F-bits (4bits per subframe). F-bits arelocated
at the beginning of blocks 2, 4, 6, and 8 of each subframe. When combined, the frame
alignment pattern for each subframe is 1001. The pattern can be examined to detect
bit errors in the transmission.
Multiframing bits (M-bits)Make up a multiframe alignment signal that synchronizes
the M-frames in a DS3 signal. Each DS3 frame contains 3 M-bits, which are located at
the beginning of subframes 5, 6, and 7. When combined, the multiframe alignment
patter for each M-frame is 010.
Bit stuffing control bits (C-bits)Serve as bit stuffing indicators for each DS2 input.
For example, C
11
, C
12
, andC
13
areindicators for DS2input 1. Their values indicatewhether
DS3 bit stuffing has occurred at the multiplexer. If the three C-bits in a subframe are
all 0s, no stuffing was performedfor the DS2 input. If the three C-bits are all 1s, stuffing
was performed.
Message bits (X-bits)Used by DS3 transmitters to embed asynchronous in-service
messages inthedatatransmission. EachDS3framecontains 2X-bits, whicharelocated
Copyright 2010, Juniper Networks, Inc. 108
Junos OS Interfaces Configuration Guide for Security Devices
at the beginning of subframes 1 and 2. Within an DS3 M-frame, both X-bits must be
identical.
Parity bits (P-bits)Compute parity over all but 1 bit of the M-frame. (The first X-bit
is not included.) Each DS3 frame contains 2 P-bits, which are located at the beginning
of subframes 3 and 4. Both P-bits must be identical.
If the previous DS3 frame contained an odd number of 1s, both P-bits are set to 1. If the
previous DS3containedanevennumber of 1s, bothP-bits areset to0. If, onthereceiving
side, the number of 1s for a given frame does not match the P-bits in the following
frame, it indicates one or more bit errors in the transmission.
C-Bit Parity Framing
In M13 framing, every C-bit in a DS3 frame is used for bit stuffing. However, because
multiplexers first use bit stuffing when multiplexing DS1 signals into DS2 signals, the
incoming DS2 signals are already synchronized. Therefore, the bit stuffing that occurs
when DS2 signals are multiplexed is redundant.
C-bit parity framing format redefines the function of C-bits and X-bits, using themto
monitor end-to-end path performance and provide in-band data links. The C-bit parity
framing structure is shown in Figure 7 on page 109.
Figure 7: DS3 C-Bit Parity Framing
In C-bit parity framing, the X-bits transmit error conditions fromthe far end of the link to
the near end. If noerror conditions exist, bothX-bits are set to1. If anout-of-frame (OOF)
or alarmindication signal (AIS) error is detected, both X-bits are set to 0in the upstream
direction for 1 second to notify the other end of the link about the condition.
109 Copyright 2010, Juniper Networks, Inc.
Chapter 7: DS1 and DS3 Interfaces
The C-bits that control bit stuffing in M13 frames are typically used in the following ways
by C-bit parity framing:
Application identification channel (AIC)The first C-bit in the first subframe identifies
the type of DS3 framing used. A value of 1 indicates that C-bit parity framing is in use.
N
a
A reserved network application bit.
Far-end alarmand control (FEAC) channelThe third C-bit in the first subframe is
used for the FEAC channel. In normal transmissions, the FEAC C-bit transmits all 1s.
Whenanalarmconditionis present, theFEACC-bit transmits acodewordintheformat
0xxxxxxx 11111111, in which x can be either 1 or 0. Bits are transmitted fromright to left.
Table 15 on page 110 lists some C-bit code words and the alarmor status condition
indicated.
Table 15: FEAC C-Bit Condition Indicators
C-Bit Code Word Alarmor Status Condition
0011001011111111 DS3 equipment failure requires immediate attention.
0001111011111111 DS3 equipment failure occurredsuch as suspended, not activated, or
unavailable servicethat is non-service-affecting.
0001110011111111 DS3 loss of signal.
0000000011111111 DS3 out of frame.
0010110011111111 DS3 alarmindication signal (AIS) received.
0011010011111111 DS3 idle received.
00011101 11111111 Common equipment failure occurred that is non-service-affecting.
0010101011111111 Multiple DS1 loss of signal.
0000101011111111 DS1 equipment failure occurred that requires immediate attention.
0000011011111111 DS1 equipment failure occurred that is non-service-affecting.
0011110011111111 Single DS1 loss of signal.
Data linksThe 12 C-bits in subframes 2, 5, 6, and 7 are data link (DL) bits for
applications and terminal-to-terminal path maintenance.
DS3 parityThe 3 C-bits in the third subframe are DS3 parity C-bits (also called
CP-bits). When a DS3 frame is transmitted, the sending device sets the CP-bits to the
same value as the P-bits. When the receiving device processes the frame, it calculates
Copyright 2010, Juniper Networks, Inc. 110
Junos OS Interfaces Configuration Guide for Security Devices
the parity of the M-frame and compares this value to the parity in the CP-bits of the
following M-frame. If nobit errors have occurred, the twovalues are typically the same.
Farendblock errors (FEBEs)The3C-bits inthefourthsubframemakeupthefar-end
block error (FEBE) bits. If a framing or parity error is detected in an incoming M-frame
(via the CP-bits), the receiving device generates a C-bit parity error and sends an error
notification to the transmitting (far-end) device. If an error is generated, the FEBE bits
are set to 000. If no error occurred, the bits are set to 111.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
T3 Interfaces Overviewin the Junos OS Network Interfaces Configuration Guide
E3 Interfaces Overviewin the Junos OS Network Interfaces Configuration Guide
Example: Configuring a T3 Interface
This example shows howto complete the initial configuration on a T3 interface.
Requirements on page 111
Overviewon page 111
Configuration on page 111
Verification on page 112
Requirements
Before you begin, install a PIM, connect the interface cables to the ports, and power on
the device. See the Getting Started Guide for your device.
Overview
This example describes the initial configurationthat youmust complete oneachnetwork
interface. In this example, you configure the t3-1/0/0 interface as follows:
You create the basic configuration for the newinterface by setting the encapsulation
typetoppp. Youcanenter additional values for physical interfaceproperties as needed.
You set the logical interface to 0. Note that the logical unit number can range from0
to 16,384. You can enter additional values for properties you need to configure on the
logical interface, such as logical encapsulation or protocol family.
Configuration
CLI Quick
Configuration
To quickly configure a T3 interface, copy the following commands and paste theminto
the CLI:
[edit]
set interfaces t3-1/0/0encapsulation ppp unit 0
111 Copyright 2010, Juniper Networks, Inc.
Chapter 7: DS1 and DS3 Interfaces
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure a T3 interface:
1. Create the interface.
[edit]
user@host# edit interfaces t3-1/0/0
2. Create the basic configuration for the newinterface.
[edit interfaces t3-1/0/0]
user@host#set encapsulation ppp
3. Add logical interfaces.
[edit interfaces t3-1/0/0]
user@host# set unit 0
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
For brevity, this showinterfaces command output includes only the configuration that is
relevant to this example. Any other configuration on the systemhas been replaced with
ellipses (...).
[edit]
...
t3-1/0/0 {
encapsulation ppp;
unit 0;
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthese tasks:
Verifying the Link State of All Interfaces on page 112
Verifying Interface Properties on page 113
Verifying the Link State of All Interfaces
Purpose By using the ping tool on each peer address in the network, verify that all interfaces on
the device are operational.
Action For each interface on the device:
1. In the J-Web interface, select Troubleshoot>Ping Host.
2. In the Remote Host box, type the address of the interface for which you want to verify
the link state.
Copyright 2010, Juniper Networks, Inc. 112
Junos OS Interfaces Configuration Guide for Security Devices
3. Click Start. The output appears on a separate page.
PING 10.10.10.10 : 56 data bytes
64 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=0.382 ms
64 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=0.266 ms
Meaning If the interface is operational, it generates an ICMP response. If this response is received,
the round-trip time in milliseconds is listed in the time field. For more information about
the output, see the Junos OS Administration Guide for Security Devices.
Verifying Interface Properties
Purpose Verify that the interface properties are correct.
Action Fromthe operational mode, enter the showinterfaces detail command.
Meaning The output shows a summary of interface information. Verify the following information:
The physical interface is Enabled. If the interface is shown as Disabled, do one of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
t3-1/0/0] level of the configuration hierarchy.
In the J-Web configuration editor, clear the Disable check box on the Interfaces>
t3-1/0/0 page.
The physical link is Up. A link state of Down indicates a problemwith the interface
module, interface port, or physical connection (link-layer errors).
The Last Flapped time is an expected value. It indicates the last time the physical
interface became unavailable andthen available again. Unexpectedflapping indicates
likely link-layer errors.
The traffic statistics reflect expected input and output rates. Verify that the number
of inbound and outbound bytes and packets matches expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics t1-1/0/0 command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
ping in the Junos SystemBasics and Services Command Reference
showinterfaces detail in the Junos Interfaces Command Reference
Configuring T3 Physical Interface Properties in the Junos OS Network Interfaces
Configuration Guide
Configuring E3 Physical Interface Properties in the Junos OS Network Interfaces
Configuration Guide
113 Copyright 2010, Juniper Networks, Inc.
Chapter 7: DS1 and DS3 Interfaces
Example: Deleting a T3 Interface
This example shows howto delete a T3 interface.
Requirements on page 114
Overviewon page 114
Configuration on page 114
Verification on page 114
Requirements
No special configuration beyond device initialization is required before configuring an
interface.
Overview
In this example, you delete the t3-1/0/0 interface.
NOTE: Performing this action removes the interface fromthe software
configuration and disables it. Network interfaces remain physically present,
and their identifiers continue to appear on the J-Web pages.
Configuration
Step-by-Step
Procedure
To delete a T3 interface:
Specify the interface you want to delete. 1.
[edit interfaces]
user@host# delete t3-1/0/0
2. If you are done configuring the device, commit the configuration.
[edit interfaces]
user@host# commit
Verification
To verify the configuration is working properly, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding T3 and E3 Interfaces on page 106
Copyright 2010, Juniper Networks, Inc. 114
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 8
Channelized Interfaces
Understanding Channelized Interfaces on page 115
Clear Channels on page 116
Drop-and-Insert on page 124
ISDN PRI Operation on page 136
Understanding Channelized Interfaces
A channelized interface is an interface that is a subdivision of a larger interface.
Channelization minimizes the number of Physical Interface Modules (PIMs) that an
installationrequires, enablingdevices toprovide IPservices tousers withdifferent access
speeds andbandwidth requirements. Users share an interface that has been dividedinto
discrete time slots by transmitting in only their own time slots.
You can aggregate the channels on a channelized interface into bundles called channel
groups to aggregate customer traffic. A channel group is a combination of DS0 or
Integrated Services Digital Network Primary Rate Interface (ISDN PRI) B-channels
interfaces partitioned froma channelized interface into a single logical bundle.
Each port on a channelized T1/E1/ISDN PRI PIMis software configurable for a T1, E1, or
ISDN PRI service. Each channelized T1 or E1 interface can be configured as a single clear
channel or for fractional or channelized operation.
The J Series device supports these software-configurable interfaces on the following
PIMs:
Dual-Port Channelized T1 PIMA T1 interface is a physical WAN interface for
transmitting digital signals in the T-carrier systemused in the United States, Japan,
and Canada. The T1 signal format carries 24 pulse code modulation (PCM) signals
using time-division multiplexing (TDM) at an overall rate of 1.544 Mbps. Achannelized
T1 interface can be configured as a single clear-channel T1 interface or channelized
into as many as 24 discrete DS0 interfaces (channels 1 through 24), or up to 23 ISDN
PRI B-channels and1 D-channel. When the interface is configuredfor ISDNPRI service,
time slot 24 is reserved for the D-channel.
Dual-Port Channelized E1 PIMAn E1 interface is a physical WAN interface for
transmitting signals in European digital transmission (E1) format. The E1 signal format
transmits information at a rate of 2.048 Mbps and can carry 32 channels of 64 Kbps
115 Copyright 2010, Juniper Networks, Inc.
each. AchannelizedE1 interfacecanbeconfiguredas asingleclear-channel E1 interface
or channelized into as many as 31 discrete DS0 interfaces (channels 1 through 31), or
up to 30 ISDN PRI B-channels and 1 D-channel.
Dual-Port Channelized ISDN PRI PIMA PRI is an ISDN service intended for higher
bandwidth applications than ISDN Basic Rate Interface (BRI). ISDN PRI consists of a
singleD-channel for control andsignaling, plusanumber of 64-KbpsB-channelseither
23 B-channels on a T1 line, or 30B-channels on an E1 lineto carry network traffic. The
E1 channelized interface can be partitioned into up to 23 ISDN PRI B-channels and
1 D-channel when the parent interface is channelized T1, and up to 30 ISDN PRI
B-channels and 1 Dchannel when the parent interface is channelized E1. Time slots on
the interface that are unused by ISDN PRI can operate normally as DS0 interfaces.
J Series ISDN PRI interfaces support the following switch types:
ATT5EAT&T 5ESS
ETSINET3 for the United Kingdomand Europe
NI2National ISDN-2
NTDMS100Northern TelecomDMS-100
NTTNTT Group switch for Japan
On J Series channelized interfaces, time slots are numbered from1 through 31, and time
slot 1 is reserved for framing. When the interface is configured for ISDN PRI service, time
slot 16 is reserved for the D-channel.
Channelized interfaces support class of service (CoS) configurations.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Channelized Interface Clear Channels on page 116
Understanding Channelized Interface Drop-and-Insert on page 124
Understanding ISDN PRI Operation for Channelized Interfaces on page 136
Understanding ISDN on page 141
Junos OS Class of Service Configuration Guide for Security Devices
Clear Channels
Understanding Channelized Interface Clear Channels on page 116
Example: Configuring a Channelized T1 Interface as a Clear Channel on page 117
Example: Configuring a Channelized E1 Interface as a Clear Channel on page 120
Verifying Clear-Channel Interfaces on page 123
Understanding Channelized Interface Clear Channels
Each port on a channelized T1/E1/ISDN PRI PIMis software configurable as a T1 or E1
clear channel. You can partition each port into up to 24 DS0 channels on a T1 interface
Copyright 2010, Juniper Networks, Inc. 116
Junos OS Interfaces Configuration Guide for Security Devices
or up to 31 DS0 channels on an E1 interface, and can insert channels fromone port into
another with the drop-and-insert feature. Channelized T1/E1/ISDNPRI ports can also be
partitioned into channels for ISDN PRI service.
NOTE: When you configure a T1-specific or an E1-specific interface on the
SRX-GP-QUAD-T1-E1 or SRX-GP-DUAL-T1-E1, the line encoding and the
framing must be specified under the ct1-n/n/n interface, whereas the
remaining T1 or E1 specific configuration items must be configured under the
t1-n/n/n or e1-n/n/n interface, respectively. Channelized T1/E1/ISDNPRI
ports can also be partitioned into channels for ISDNPRI service.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Channelized Interfaces on page 115
Example: Configuring a Channelized T1 Interface as a Clear Channel on page 117
Example: Configuring a Channelized E1 Interface as a Clear Channel on page 120
Example: Configuring a Channelized T1 Interface as a Clear Channel
This example shows howto configure a channelized T1 interface as a clear channel.
Requirements on page 117
Overviewon page 117
Configuration on page 118
Verification on page 119
Requirements
No special configuration beyond device initialization is required before configuring this
feature.
Overview
In this example, you configure the ct1-3/0/0 interface as a clear channel. As part of the
configuration, you configure the following interface options:
Usethedevices systemclock(internal) insteadof asignal receivedfromtheT1 interface
(external) as the transmit clock source.
Label the physical interface (description) as clear t1 interface.
Delay the advertisement of interface transitions (hold time) fromup to and down to
500 milliseconds. Additionally, set the link hold-up time to 500 milliseconds.
Use the interface as a single clear channel (no partition).
Use subunit queuing on Frame Relay or VLAN IQinterfaces (per-unit-scheduler).
You also set E1 options:
117 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
Set the BERT algorithmto all ones repeating.
Set the BERT error rate to 5.
Set the BERT period to 5 seconds.
Set the line buildout range, for cables to 0 through 132 feet.
Set the framing mode to ESF.
Set the line encoding method to alternate mark inversion (AMI).
Set the loopback mode to local.
Configuration
CLI Quick
Configuration
To quickly configure a channelized T1 interface as a clear channel, copy the following
commands and paste theminto the CLI:
[edit]
set interfaces ct1-3/0/0clocking internal
set interfaces ct1-3/0/0description cleart1interface hold-time down 500up 500
set interfaces ct1-3/0/0no-partition interface-type t1
set interfaces ct1-3/0/0per-unit-scheduler
set interfaces ct1-3/0/0t1-options bert-algorithmall-ones-repeating bert-error-rate 5
bert-period 5 buildout 0-132 framing esf line-encoding ami loopback local
set interfaces ct1-3/0/0traceoptions flag all
set interfaces ct1-3/0/0apply-groups test
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure a channelized T1 interface as a clear channel:
1. Create the interface.
[edit]
user@host# edit interfaces ct1-3/0/0
2. Configure interface options.
[edit interfaces ct1-3/0/0]
user@host# set clocking internal
user@host# set description cleart1 interface
user@host# set hold-time down 500up 500
user@host# set no-partition interface-type t1
user@host# set per-unit-scheduler
3. Configure T1 options.
[edit interfaces ct1-3/0/0 ]
user@host# set bert-algorithmall-ones-repeating
user@host# set bert-error-rate 5
user@host# set bert-period 5
user@host# set buildout 0132
user@host# set framing esf
user@host# set line-encoding ami
user@host# set loopback local
Copyright 2010, Juniper Networks, Inc. 118
Junos OS Interfaces Configuration Guide for Security Devices
4. Configure trace options.
[edit interfaces ct1-3/0/0]
user@host# set bert-algorithmall-ones-repeating
user@host# set bert-error-rate 5
user@host# set bert-period 5
user@host# set buildout 0132
user@host# set framing esf
user@host# set line-encoding ami
user@host# set loopback local
5. Configure trace options.
[edit interfaces ct1-3/0/0]
user@host# set traceoptions flag all
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
ct1-3/0/0 command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
[edit]
user@host# showinterfaces ct1-3/0/0
apply-groups test;
description cleart1interface;
traceoptions {
flag all;
}
per-unit-scheduler;
hold-time up 500 down 500;
clocking internal;
t1-options {
loopback local;
buildout 0-132;
line-encoding ami;
framing esf;
bert-algorithmall-ones-repeating;
bert-error-rate 5;
bert-period 5;
}
no-partition interface-type t1;
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying Channelized Interfaces on page 119
Verifying Channelized Interfaces
Purpose Verify that your configurations for the channelized interfaces are correct.
Action Fromoperational mode, enter the showinterfaces ct1-3/0/1 command.
user@host>showinterfaces ct1-3/0/1
119 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
Physical interface: ct1-3/0/1, Enabled, Physical link is Up
Interface index: 151, SNMP ifIndex: 28
Link-level type: Controller, Clocking: Internal, Speed: E1, Loopback: None,
Parent: ct1-3/0/1 Interface index 151
Framing: G704, Parent: None
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : 2006-10-05 21:11:48 PDT (06:45:04 ago)
DS1 alarms : None
DS1 defects : None
Line encoding: HDB3
Meaning The output shows a summary of information about the physical parent interfacea
channelized T1 interface in this example.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Junos OS Class of Service Configuration Guide for Security Devices
Understanding Channelized Interface Clear Channels on page 116
Example: Configuring a Channelized E1 Interface as a Clear Channel on page 120
Example: Configuring a Channelized E1 Interface as a Clear Channel
This example shows howto configure a channelized E1 interface as a clear channel.
Requirements on page 120
Overviewon page 120
Configuration on page 121
Verification on page 122
Requirements
No special configuration beyond device initialization is required before configuring this
feature.
Overview
In this example, you configure the ce1-3/0/0 interface as a clear channel. As part of the
configuration, you configure the following interface options:
Usethedevices systemclock(internal) insteadof asignal receivedfromtheE1 interface
(external) as the transmit clock source.
Label the physical interface (description) as clear e1 interface.
Delay the advertisement of interface transitions (hold time) fromup to and down to
500 milliseconds. Additionally, set the link hold-up time to 500 milliseconds.
Copyright 2010, Juniper Networks, Inc. 120
Junos OS Interfaces Configuration Guide for Security Devices
Use the interface as a single clear channel (no partition).
Use subunit queuing on Frame Relay or VLAN IQinterfaces (per-unit-scheduler).
You also set E1 options:
Set the BERT algorithmto all ones repeating.
Set the BERT error rate to 5.
Set the BERT period to 5 seconds.
Set the framing mode to G704.
Set the loopback mode to local.
Additionally, this example shows howto flag all trace option messages and howto apply
configuration settings to the test group.
Configuration
CLI Quick
Configuration
To quickly configure a channelized E1 interface as a clear channel, copy the following
commands and paste theminto the CLI:
[edit]
set interfaces ce1-3/0/0clocking internal
description cleart1interface hold-time down 500up 500
set interfaces ce1-3/0/0no-partition interface-type e1
set interfaces ce1-3/0/0per-unit-scheduler
set interfaces ce1-3/0/0e1-options bert-algorithmall-ones-repeating bert-error-rate 5
bert-period 5 framing g704 loopback local
set interfaces ce1-3/0/0traceoptions flag all
set interfaces ce1-3/0/0apply-groups test
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure a channelized E1 interface as a clear channel:
1. Create the interface.
[edit]
user@host# edit interfaces ce1-3/0/0
2. Configure interface options.
[edit interfaces ce1-3/0/0]
user@host# set clock internal
user@host# set description clear e1 interface
user@host# set hold-time down 500up 500
user@host# set no-partition interface-type e1
user@host# set per-unit-scheduler
3. Configure E1 options.
[edit interfaces ce1-3/0/0]
user@host# set bert-algorithmall-ones-repeating
user@host# set bert-error-rate 5
121 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
user@host# set bert-period 5
user@host# set framing g704
user@host# set loopback local
4. Configure trace options.
[edit interfaces ce1-3/0/0]
user@host# set traceoptions flag all
5. Configure advanced options.
[edit interfaces ce1-3/0/0]
user@host# set interfaces apply-groups test
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
ce1-3/0/0 command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
[edit]
user@host# showinterfaces ce1-3/0/0
apply-groups test;
description cleare1interface;
traceoptions {
flag all;
}
per-unit-scheduler;
clocking internal;
e1-options {
loopback local;
framing g704;
bert-algorithmall-ones-repeating;
bert-error-rate 5;
bert-period 5;
}
no-partition interface-type e1;
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying Clear-Channel Interfaces on page 122
Verifying Clear-Channel Interfaces
Purpose Verify that your configurations for the clear-channel interfaces are correct.
Action Fromoperational mode, enter the showinterfaces e1-3/0/1 command.
user@host> showinterfaces e1-3/0/1
Physical interface: e1-3/0/1, Enabled, Physical link is Up
Interface index: 212, SNMP ifIndex: 237
Link-level type: PPP, MTU: 1504, Speed: E1, Loopback: None, FCS: 16,
Parent: ce1-3/0/1 Interface index 151
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Copyright 2010, Juniper Networks, Inc. 122
Junos OS Interfaces Configuration Guide for Security Devices
Link flags : Keepalives
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
Keepalive: Input: 1066 (00:00:02 ago), Output: 1066 (00:00:02 ago)
LCP state: Opened
NCP state: inet: Opened, inet6: Opened, iso: Not-configured, mpls:
Not-configured
CHAP state: Closed
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : 2006-10-06 01:01:36 PDT (02:57:27 ago)
Input rate : 88 bps (0 pps)
Output rate : 58144 bps (157 pps)
DS1 alarms : None
DS1 defects : None
Logical interface e1-3/0/1.0 (Index 66) (SNMP ifIndex 238)
Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPP
Bandwidth: 1984kbps
Protocol inet, MTU: 1500
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 47.47.47.0/30, Local: 47.47.47.2, Broadcast: 47.47.47.3
Protocol inet6, MTU: 1500
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 8b8b:8b01::/64, Local: 8b8b:8b01::2
Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::205:85ff:fec5:d3d0
Meaning The output shows a summary of interface information. Although the parent interface is
ce1-3/0/1, the physical and logical clear-channel interfaces are named e1-3/0/1 and
e1-3/0/1.0.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Channelized Interface Clear Channels on page 116
Example: Configuring a Channelized T1 Interface as a Clear Channel on page 117
showinterfaces (Channelized E1) in the Junos OS Interfaces Command Reference
Verifying Clear-Channel Interfaces
Purpose Verify that your configurations for the clear-channel interfaces are correct.
Action In operational mode, enter the showinterfaces e1-3/0/1 command.
Sample Output user@host> showinterfaces e1-3/0/1
Physical interface: e1-3/0/1, Enabled, Physical link is Up
Interface index: 212, SNMP ifIndex: 237
Link-level type: PPP, MTU: 1504, Speed: E1, Loopback: None, FCS: 16,
Parent: ce1-3/0/1 Interface index 151
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link flags : Keepalives
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
Keepalive: Input: 1066 (00:00:02 ago), Output: 1066 (00:00:02 ago)
123 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
LCP state: Opened
NCP state: inet: Opened, inet6: Opened, iso: Not-configured, mpls:
Not-configured
CHAP state: Closed
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : 2006-10-06 01:01:36 PDT (02:57:27 ago)
Input rate : 88 bps (0 pps)
Output rate : 58144 bps (157 pps)
DS1 alarms : None
DS1 defects : None
Logical interface e1-3/0/1.0 (Index 66) (SNMP ifIndex 238)
Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPP
Bandwidth: 1984kbps
Protocol inet, MTU: 1500
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 47.47.47.0/30, Local: 47.47.47.2, Broadcast: 47.47.47.3
Protocol inet6, MTU: 1500
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 8b8b:8b01::/64, Local: 8b8b:8b01::2
Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::205:85ff:fec5:d3d0
Meaning The output shows a summary of interface information. Although the parent interface is
ce1-3/0/1, the physical and logical clear-channel interfaces are named e1-3/0/1 and
e1-3/0/1.0.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: Configuring a Channelized T1 Interface as a Clear Channel on page 117
Example: Configuring a Channelized E1 Interface as a Clear Channel on page 120
Drop-and-Insert
Understanding Channelized Interface Drop-and-Insert on page 124
Example: ConfiguringaChannelizedInterfacetoDropandInsert TimeSlots onpage125
Example: Configuring Complementary Clock Sources on Channelized
Interfaces on page 128
Verifying Channelized Interfaces on page 135
Understanding Channelized Interface Drop-and-Insert
On channelized T1/E1/ISDNPRI interfaces configured for channelized operation, you can
insert channels (time slots) fromone port (for example, channels carrying voice) directly
into the other port on the PIM, replacing channels coming through the Routing Engine.
This feature, known as drop-and-insert, allows you to integrate voice and data channels
on a single T1 or E1 link.
Copyright 2010, Juniper Networks, Inc. 124
Junos OS Interfaces Configuration Guide for Security Devices
The drop-and-insert feature allows you to remove the DS0time slots of one T1 or E1 port
and replace themby inserting the time slots of another T1 or E1 interface. This process
saves you the cost of two lines.
Although you need not use the same time slots on both interfaces, the time slot count
must be the same.
You must ensure that the signaling channels (port 16 for an E1 interface and port 24 for
a T1 interface) are also part of the channels that are being switched through the
drop-and-insert functionality. Junosdoesnot support switchingof voiceanddatabetween
ports by default. The channels that are not configured for the drop-and-insert feature
are used for normal traffic.
Both ports involved in the drop-and-insert configuration must use the same clock
sourceeither the device's internal clock or an external clock. The following clock source
settings are valid:
When port 0 is set to use the internal clock, port 1 must also be set to use it.
When port 0 is set to use its external clock, port 1 must be set to run on the same
clockthe external clock for port 0.
When port 1 is set to use its external clock, port 0 must be set to run on the same
clockthe external clock for port 1.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Channelized Interfaces on page 115
Example: ConfiguringaChannelizedInterfacetoDropandInsert TimeSlots onpage125
Example: Configuring Complementary Clock Sources on Channelized Interfaces on
page 128
Example: Configuring a Channelized Interface to Drop and Insert Time Slots
This example shows howto configure a channelized interface to drop and insert time
slots.
Requirements on page 125
Overviewon page 125
Configuration on page 126
Verification on page 127
Requirements
No special configuration beyond device initialization is required before configuring this
feature.
Overview
This example integrates voice and data channels on a single T1 or E1 link. It also removes
the DS0 time slots of one T1 or E1 port and replace themby inserting the time slots of
another T1 or E1 interface.
125 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
Port 16 for an E1 interface and port 24 for a T1 interface involved in the drop-and-insert
configuration must use the same clock sourceeither the device's internal clock or an
external clock. The following clock source settings are valid:
When port 0 is set to use the internal clock, port 1 must also be set to use it, and vice
versa.
When port 0 is set to use its external clock, port 1 must be set to run on the same
clockthe external clock for port 0.
When port 1 is set to use its external clock, port 0 must be set to run on the same
clockthe external clock for port 1.
Configuration
CLI Quick
Configuration
To quickly configure a channelized interface to drop and insert time slots, copy the
following commands and paste theminto the CLI:
[edit]
set interfaces ct1-3/0/0clocking external
set interfaces ct1-3/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ct1-3/0/1 clocking external interface ct1-3/0/0
set interfaces ct1-3/0/1 partition 1 timeslots 1-10interface-type ds
set interfaces ds-3/0/0:1 data-input interface ds-3/0/1:1
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure the drop-and-insert feature on a channelized T1/E1/ISDN PRI interface:
1. Create the interface.
[edit interfaces ct1-3/0/0]
user@host# edit interfaces ct1-3/0/0
2. Configure the clock source and partition on the interface.
[edit]
user@host# set clocking external
user@host# set partition 1 timeslots 1-10
user@host# set partition 1 interface-type ds
NOTE: While configuring the drop-and-insert feature, you must ensure
that both ports on the channelized T1/E1 PIMrun on the same clock.
3. Create another interface.
[edit]
user@host# edit interfaces ct1-3/0/1
4. Configure the clock source and partition on the interface.
[edit interfaces ct1-3/0/1]
user@host# set clocking external interface ct1-3/0/0
Copyright 2010, Juniper Networks, Inc. 126
Junos OS Interfaces Configuration Guide for Security Devices
user@host# set partition 1 timeslots 1-10
user@host# set partition 1 interface-type ds
NOTE: While configuring the drop-and-insert feature, you must ensure
that both ports on the channelized T1/E1 PIMrun on the same clock.
5. Create additional interfaces and configure the drop-and-insert feature on those
interfaces.
[edit interfaces ds-3/0/0:1]
user@host# edit interfaces ds-3/0/0:1
user@host# set interfaces ds-3/0/0:1 data-input interface ds-3/0/1:1
NOTE: Both interfaces configuredfor the drop-and-insert feature must
exist on the same PIM. For example, you can configure ds-3/0/0:1 as
the data input interface for ds-3/0/1:1, but not for ds-4/0/0:1.
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
For brevity, this showinterfaces command output includes only the configuration that is
relevant to this example. Any other configuration on the systemhas been replaced with
ellipses (...).
[edit]
user@host# showinterfaces
...
ct1-3/0/0 {
clocking external;
partition 1 timeslots 1-10 interface-type ds;
}
ds-3/0/0:1 {
data-input {
interface ds-3/0/1:1;
}
}
ct1-3/0/1 {
clocking external interface ct1-3/0/0;
partition 1 timeslots 1-10 interface-type ds;
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying Channelized Interfaces on page 128
127 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
Verifying Channelized Interfaces
Purpose Verify that your configurations for the channelized interfaces are correct.
Action Fromoperational mode, enter the showinterfaces ct1-3/0/1 command.
user@host>showinterfaces ct1-3/0/1
Physical interface: ct1-3/0/1, Enabled, Physical link is Up
Interface index: 151, SNMP ifIndex: 28
Link-level type: Controller, Clocking: Internal, Speed: E1, Loopback: None,
Parent: ct1-3/0/1 Interface index 151
Framing: G704, Parent: None
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : 2006-10-05 21:11:48 PDT (06:45:04 ago)
DS1 alarms : None
DS1 defects : None
Line encoding: HDB3
Meaning The output shows a summary of information about the physical parent interfacea
channelized T1 interface in this example.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Junos OS Class of Service Configuration Guide for Security Devices
Understanding Channelized Interface Drop-and-Insert on page 124
Example: Configuring Complementary Clock Sources on Channelized Interfaces on
page 128
showinterfaces (Channelized E1) in the Junos OS Interfaces Command Reference
Example: Configuring Complementary Clock Sources on Channelized Interfaces
This example shows howto configure complementary clock sources on channelized
interfaces.
Requirements on page 128
Overviewon page 129
Configuration on page 129
Verification on page 134
Requirements
No special configuration beyond device initialization is required before configuring this
feature.
Copyright 2010, Juniper Networks, Inc. 128
Junos OS Interfaces Configuration Guide for Security Devices
Overview
J Series devices connected to one another must have complementary clock sources
configured. In the following examples, device R1 is connected to devices R2 and R3. Port
0onthechannelizedT1/E1/ISDNPRI PIMof R1 is connectedtoR2, andport 1 is connected
to R3. The drop-and-insert feature is configured on R1 to insert input coming fromR2 on
port 0 into port 1 for transmission to R3.
Devices R1, R2, and R3 can be configured in three ways, depending on whether the
drop-and-insert clock source on R1 is the external clock for port 0, the external clock for
port 1, or the device's internal clock.
Configuration
Configuring the External Clock for Port 0 as the Clock Source on page 129
Configuring the External Clock for Port 1 as the Clock Source on page 131
Configuring the Internal Clock of the Device as the Clock Source on page 133
Configuring the External Clock for Port 0 as the Clock Source
CLI Quick
Configuration
To quickly configure the external clock for port 0 as the clock source, copy the following
commands and paste theminto the CLI:
For device R2
[edit]
set interfaces ct1-6/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-6/0/0:1 unit 0family inet address 10.46.46.1/30
For device R3
[edit]
set interfaces ct1-3/0/0clocking external
set interfaces ct1-3/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-3/0/0:1 unit 0family inet address 10.46.46.2/30
For device R1
[edit]
set interfaces ct1-3/0/0clocking external
set interfaces ct1-3/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-3/0/0:1 data-input interface ds-3/0/1:1
set interfaces ct1-3/0/1 clocking external interface ct1-3/0/0
set interfaces ct1-3/0/1 partition 1 timeslots 1-10interface-type ds
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure the drop-and-insert interfaces on device R1 to use the external clock for
port 0:
1. Configure device R2.
[edit interfaces]
user@host# set ct1-6/0/0partition 1 timeslots 1-10
user@host# set ct1-6/0/0partition 1 interface-type ds
user@host# set ds-6/0/0:1 unit 0family inet address 10.46.46.1/30
2. Configure device R3.
129 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
[edit interfaces]
user@host# set ct1-3/0/0clocking external
user@host# set ct1-3/0/0partition 1 timeslots 1-10
user@host# set ct1-3/0/0partition 1 interface-type ds
user@host# set ds-3/0/0:1 unit 0family inet address 10.46.46.2/30
3. Configure device R1.
[edit interfaces]
user@host# set ct1-3/0/0clocking external
user@host# set ct1-3/0/0partition 1 timeslots 1-10
user@host# set ct1-3/0/0partition 1 interface-type ds
user@host# set ds-3/0/0:1 data-input interface ds-3/0/1:1
user@host# set ct1-3/0/1 clocking external interface ct1-3/0/0
user@host# set ct1-3/0/1 partition 1 timeslots 1-10
user@host# set ct1-3/0/1 partition 1 interface-type ds
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
For device R2
[edit]
user@host# showinterfaces ct1-6/0/0 {
partition 1 timeslots 1-10 interface-type ds;
}
ds-6/0/0:1 {
unit 0 {
family inet {
address 10.46.46.1/30;
}
}
}
For device R3
[edit]
user@host# showinterfaces ct1-3/0/0 {
clocking external;
partition 1 timeslots 1-10 interface-type ds;
}
ds-3/0/0:1 {
unit 0 {
family inet {
address 10.46.46.2/30;
}
}
}
For device R1
[edit]
user@host# showinterfaces ct1-3/0/0 {
clocking external;
partition 1 timeslots 1-10 interface-type ds;
}
ds-3/0/0:1 {
data-input {
interface ds-3/0/1:1;
}
Copyright 2010, Juniper Networks, Inc. 130
Junos OS Interfaces Configuration Guide for Security Devices
}
ct1-3/0/1 {
clocking external interface ct1-3/0/0;
partition 1 timeslots 1-10 interface-type ds;
}
If you are done configuring the device, enter commit fromconfiguration mode.
Configuring the External Clock for Port 1 as the Clock Source
CLI Quick
Configuration
To quickly configure the external clock for port 1 as the clock source, copy the following
commands and paste theminto the CLI:
For device R2
[edit]
set interfaces ct1-6/0/0clocking external
set interfaces ct1-6/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-6/0/0:1 unit 0family inet address 10.46.46.1/30
For device R3
[edit]
set interfaces ct1-3/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-3/0/0:1 unit 0family inet address 10.46.46.2/30
For device R1
[edit]
set interfaces ct1-3/0/0clocking external interface ct1-3/0/1
set interfaces ct1-3/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-3/0/0:1 data-input interface ds-3/0/1:1
set interfaces ct1-3/0/1 clocking external
set interfaces ct1-3/0/1 partition 1 timeslots 1-10interface-type ds
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure the drop-and-insert interfaces on device R1 to use the external clock for
port 1:
1. Configure device R2.
[edit interfaces]
user@host# set ct1-6/0/0clocking external
user@host# set ct1-6/0/0partition 1 timeslots 1-10
user@host# set ct1-6/0/0partition 1 interface-type ds
user@host# set ds-6/0/0:1 unit 0family inet address 10.46.46.1/30
2. Configure device R3.
[edit interfaces]
user@host# set ct1-3/0/0partition 1 timeslots 1-10
user@host# set ct1-3/0/0partition 1 interface-type ds
user@host# set ds-3/0/0:1 unit 0family inet address 10.46.46.2/30
3. Configure device R1.
[edit interfaces]
user@host# set ct1-3/0/0clocking external interface ct1-3/0/1
user@host# set ct1-3/0/0partition 1 timeslots 1-10
131 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
user@host# set ct1-3/0/0partition 1 interface-type ds
user@host# set ds-3/0/0:1 data-input interface ds-3/0/1:1
user@host# set ct1-3/0/1 clocking external
user@host# set ct1-3/0/1 partition 1 timeslots 1-10
user@host# set ct1-3/0/1 partition 1 interface-type ds
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
For device R2
[edit]
user@host# showinterfaces ct1-6/0/0 {
clocking external;
partition 1 timeslots 1-10 interface-type ds;
}
ds-6/0/0:1 {
unit 0 {
family inet {
address 10.46.46.1/30;
}
}
}
For device R3
[edit]
user@host# showinterfaces ct1-3/0/0 {
partition 1 timeslots 1-10 interface-type ds;
}
ds-3/0/0:1 {
unit 0 {
family inet {
address 10.46.46.2/30;
}
}
}
For device R1
[edit]
user@host# showinterfaces ct1-3/0/0 {
clocking external interface ct1-3/0/1;
partition 1 timeslots 1-10 interface-type ds;
}
ds-3/0/0:1 {
data-input {
interface ds-3/0/1:1;
}
}
ct1-3/0/1 {
clocking external;
partition 1 timeslots 1-10 interface-type ds;
}
If you are done configuring the device, enter commit fromconfiguration mode.
Copyright 2010, Juniper Networks, Inc. 132
Junos OS Interfaces Configuration Guide for Security Devices
Configuring the Internal Clock of the Device as the Clock Source
CLI Quick
Configuration
Toquickly configure the Internal clock of device R1 as the clock source, copy the following
commands and paste theminto the CLI:
For device R2
[edit]
set interfaces ct1-6/0/0clocking external
set interfaces ct1-6/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-6/0/0:1 unit 0family inet address 10.46.46.1/30
For device R3
[edit]
set interfaces ct1-3/0/0clocking external
set interfaces ct1-3/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-3/0/0:1 unit 0family inet address 10.46.46.2/30
For device R1
[edit]
set interfaces ct1-3/0/0clocking internal
set interfaces ct1-3/0/0partition 1 timeslots 1-10interface-type ds
set interfaces ds-3/0/0:1 data-input interface ds-3/0/1:1
set interfaces ct1-3/0/1 clocking internal
set interfaces ct1-3/0/1 partition 1 timeslots 1-10interface-type ds
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure the drop-and-insert interfaces on device R1 to use the internal clock of the
device:
1. Configure device R2.
[edit interfaces]
user@host# set ct1-6/0/0clocking external
user@host# set ct1-6/0/0partition 1 timeslots 1-10
user@host# set ct1-6/0/0partition 1 interface-type ds
user@host# set ds-6/0/0:1 unit 0family inet address 10.46.46.1/30
2. Configure device R3.
[edit interfaces]
user@host# set ct1-3/0/0clocking external
user@host# set ct1-3/0/0partition 1 timeslots 1-10
user@host# set ct1-3/0/0partition 1 interface-type ds
user@host# set ds-3/0/0:1 unit 0family inet address 10.46.46.2/30
3. Configure device R1.
[edit interfaces]
user@host# set ct1-3/0/0clocking internal
user@host# set ct1-3/0/0partition 1 timeslots 1-10
user@host# set ct1-3/0/0partition 1 interface-type ds
user@host# set ds-3/0/0:1 data-input interface ds-3/0/1:1
user@host# set ct1-3/0/1 clocking internal
user@host# set ct1-3/0/1 partition 1 timeslots 1-10
user@host# set ct1-3/0/1 partition 1 interface-type ds
133 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
For device R2
[edit]
user@host# showinterfaces ct1-6/0/0 {
clocking external;
partition 1 timeslots 1-10 interface-type ds;
}
ds-6/0/0:1 {
unit 0 {
family inet {
address 10.46.46.1/30;
}
}
}
For device R3
[edit]
user@host# showinterfaces ct1-3/0/0 {
clocking external;
partition 1 timeslots 1-10 interface-type ds;
}
ds-3/0/0:1 {
unit 0 {
family inet {
address 10.46.46.2/30;
}
}
}
For device R1
[edit]
user@host# showinterfaces ct1-3/0/0 {
clocking internal;
partition 1 timeslots 1-10 interface-type ds;
}
ds-3/0/0:1 {
data-input {
interface ds-3/0/1:1;
}
}
ct1-3/0/1 {
clocking internal;
partition 1 timeslots 1-10 interface-type ds;
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying Channelized Interfaces on page 135
Copyright 2010, Juniper Networks, Inc. 134
Junos OS Interfaces Configuration Guide for Security Devices
Verifying Channelized Interfaces
Purpose Verify that your configurations for the channelized interfaces are correct.
Action Fromoperational mode, enter the showinterfaces ct1-3/0/1 command.
user@host> showinterfaces ct1-3/0/1
Physical interface: ct1-3/0/1, Enabled, Physical link is Up
Interface index: 151, SNMP ifIndex: 28
Link-level type: Controller, Clocking: Internal, Speed: E1, Loopback: None,
Framing: G704, Parent: None
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : 2006-10-05 21:11:48 PDT (06:45:04 ago)
DS1 alarms : None
DS1 defects : None
Line encoding: HDB3
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
showinterfaces in the Junos OS Interfaces Command Reference.
Understanding Channelized Interface Clear Channels on page 116
Verifying Channelized Interfaces
Purpose Verify that your configurations for the channelized interfaces are correct.
Action In operational mode, enter the showinterfaces ct1-3/0/1 command.
Sample Output user@host> showinterfaces ct1-3/0/1
Physical interface: ct1-3/0/1, Enabled, Physical link is Up
Interface index: 151, SNMP ifIndex: 28
Link-level type: Controller, Clocking: Internal, Speed: E1, Loopback: None,
Framing: G704, Parent: None
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : 2006-10-05 21:11:48 PDT (06:45:04 ago)
DS1 alarms : None
DS1 defects : None
Line encoding: HDB3
Meaning The output shows a summary of information about the physical parent interfacea
channelized T1 interface in this example.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: ConfiguringaChannelizedInterfacetoDropandInsert TimeSlots onpage125
Example: Configuring Complementary Clock Sources on Channelized Interfaces on
page 128
135 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
showinterfaces in the Junos OS Interfaces Command Reference.
ISDNPRI Operation
Understanding ISDN PRI Operation for Channelized Interfaces on page 136
Example: Configuring a Channelized Interface for ISDN PRI Operation on page 137
Verifying ISDN PRI Configuration on Channelized Interfaces on page 138
Understanding ISDNPRI Operation for Channelized Interfaces
The Dual-Port Channelized T1/E1/ISDN PRI PIMprovides support for ISDN PRI services
suchas dial-inat thecentral office, callback fromthecentral office, andprimary or backup
network connections frombranch offices. You can install channelized T1/EI/ISDN PRI
PIMs and ISDNBRI PIMs and configure both ISDNPRI and ISDNBRI service on the same
J Series device.
On a J Series device with Dual-Port Channelized T1/E1/ISDNPRI PIMs, you can configure
each port for T1, E1, or ISDN PRI service, or for a combination of ISDN PRI and either
channelizedT1 serviceor E1 service. Youcanconfigureupto23timeslots inachannelized
T1 PRI interface and up to 30 time slots in a channelized E1 PRI interface as B-channels.
Each B-channel supports 64 Kbps of traffic. The unconfigured time slots can be used as
regular DS0 interfaces on top of the T1 or E1 physical layer.
You must also explicitly configure a D-channel for signaling purposes: time slot 24 on a
channelized T1 interface and time slot 16 on a channelized E1 interface.
In addition, you can configure the following options:
B-channel allociation orderThis setting controls the allocation of free B-channels
for dial-out calls. Values include ascending (allocating fromthe lowest numbered to
highest numbered) anddescending(thedefault--allocatingfromthehighest numbered
to the lowest numbered).
Switch typeThe following ISDN switch types are compatible with J Series devices:
ATT5EAT&T 5ESS
ETSINET3 for the UK and Europe
NI2National ISDN-2
NTDMS-100Northern TelecomDMS-100
NTTNTT Group switch for Japan
Q.931 timersQ.931 is a Layer 3 protocol for the setup and termination of connections.
Thedefault valuefor eachtimer is 10seconds, but thevaluecanbeconfiguredbetween
1 and 65,536 seconds.
Dialer poolThe dialer pool priority has a range from1 through 255, with 1 designating
the lowest-priority interfaces and 255 designating the highest-priority interfaces.
Trace options
Copyright 2010, Juniper Networks, Inc. 136
Junos OS Interfaces Configuration Guide for Security Devices
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Channelized Interfaces on page 115
Example: Configuring a Channelized Interface for ISDN PRI Operation on page 137
Example: Configuring a Channelized Interface for ISDNPRI Operation
Setting up the J Series device for ISDNPRI operation is a multipart process. First, you add
ISDNPRI serviceonachannelizedinterfaceas shownhere. Second, youconfigureadialer
interface. You can then configure ISDN services such as dial-in, callback, and backup.
In this example, you create the ct12/0/0 interface and partition the interface into time
slots 1 through23for B-channels andtimeslot 24for theD-channel. Youset theB-channel
allocation order to ascending. You also set the traceoptions flag to q921. You select
National ISDN-2 (NI2) as the ISDN switch type, set the Q.931 timers to 15, and create a
dialer pool called ISDN-dialer-group with a priority of 1.
To configure an ISDN PRI network service on a channelized interface:
1. Create a newinterface.
[edit]
user@host# edit interfaces ct1-2/0/0
2. Configure the partition and interface type.
[edit interfaces ct1-2/0/0]
user@host# set partition 1-23 timeslots 1-23
user@host# set partition 1-23 interface-type bc
user@host# set partition 24 timeslots 24
user@host# set partition 24 interface-type dc
3. Configure a trace options flag.
[edit interfaces ct1-2/0/0]
user@host# set traceoptions flag q921
4. Configure the B-channel allocation order.
[edit interfaces ct1-2/0/0]
user@host# set isdn-options bchannel-allocation ascending
5. Select the ISDN switch type.
[edit interfaces ct1-2/0/0]
user@host# set isdn-options switch-type ni2
6. Configure Q.931 timers.
[edit interfaces ct1-2/0/0]
user@host# set isdn-options t31015
7. Configure dialer options.
[edit interfaces ct1-2/0/0]
user@host#set dialer-options pool isdn-dialer-group priority 1
137 Copyright 2010, Juniper Networks, Inc.
Chapter 8: Channelized Interfaces
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding ISDN PRI Operation for Channelized Interfaces on page 136
Verifying ISDN PRI Configuration on Channelized Interfaces on page 138
Verifying ISDNPRI Configuration on Channelized Interfaces
Purpose Verify that your configuration of ISDN PRI service on a channelized interface is correct.
Action Fromoperational mode, enter the showinterfaces ct1-2/0/0 command.
user@host# showinterfaces ct1-2/0/0
traceoptions {
flag q921;
file {
isdnback;
}
}
clocking external;
isdn-options {
switch-type ni2;
}
dialer-options {
isdn-dialer-group priority 1;
}
partition 24 timeslots 24 interface-type dc;
partition 1-23 timeslots 1-23 interface-type bc;
[edit]
Meaning Verify that the output shows your intended ISDN PRI interface configuration.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: Configuring a Channelized Interface for ISDN PRI Operation on page 137
showinterfaces in the Junos OS Interfaces Command Reference
Copyright 2010, Juniper Networks, Inc. 138
Junos OS Interfaces Configuration Guide for Security Devices
PART 4
ISDN and VoIP Interfaces
ISDN on page 141
Voice over Internet Protocol with Avaya on page 183
139 Copyright 2010, Juniper Networks, Inc.
Copyright 2010, Juniper Networks, Inc. 140
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 9
ISDN
Understanding ISDN on page 141
ISDN Configuration Overviewon page 144
ISDN Interfaces on page 145
Dialer Interfaces on page 150
Bandwidth on Demand on page 165
Disabling ISDN Processes (CLI Procedure) on page 170
Verifying the ISDN Configuration on page 171
Understanding ISDN
Integrated Services Digital Network (ISDN) is a set of standards for digital transmission
over different media. These standards were created by the Consultative Committee for
International Telegraph and Telephone (CCITT) and International Telecommunication
Union (ITU). ISDN is an all-digital dial-up (on-demand) service that carries voice, data,
and video transmissions over telephone lines. As a dial-on-demand service, it has fast
call setup and lowlatency as well as the ability to carry high-quality voice, data, and
video transmissions. ISDN is also a circuit-switched service that can be used on both
multipoint andpoint-to-point connections. ISDNcancarry voice, data, images, andvideo
across a telephony network, using a single interface for all transmissions.
ISDN connectivity is supported as a backup for a primary Internet connection. J Series
devices can be configured to fail over to an ISDN interface when the primary connection
experiences interruptions in Internet connectivity.
You can also use ISDN at the central office to terminate calls that originate at branch
office routers and for central office callback for security, accounting, or cost savings at
the branch office.
This topic contains the following sections:
ISDN Channels on page 142
Typical ISDN Network on page 142
ISDN Call Setup on page 143
141 Copyright 2010, Juniper Networks, Inc.
ISDNChannels
ISDN uses separate channels to transmit voice and data over the network. Channels
operate at bandwidths of either 64 Kbps or 16 Kbps, depending on the type of channel:
Bearer channels (B-channels) use64Kbps totransmit voice, data, video, or multimedia
information. This bandwidthis derivedfromthefact that analogvoicelines aresampled
at a rate of 64 Kbps (8,000 samples per second, using 8 bits per sample).
Delta channels (D-channels) are control channels that operate at either 16 Kbps or
64Kbps. D-channelsareusedprimarilyfor ISDNsignalingbetweenswitchingequipment
in an ISDN network. In ISDN Basic Rate Interface applications, a D-channel can also
support customer packet data traffic at speeds up to 9.6 Kbps.
Typical ISDNNetwork
Figure 8 on page 142 shows a typical ISDN network.
Figure 8: ISDNNetwork
InFigure8onpage142, twotypes of end-user devices areconnectedtotheISDNnetwork:
Terminal equipment type1 (TE1) deviceDesignedtoconnect directly throughanISDN
telephone line.
Terminal equipment type 2 (TE2) deviceNot designed for ISDN. TE2 devicesfor
example, analog telephones or modemsmust connect to the ISDNnetwork through
a terminal adapter (TA).
A terminal adapter allows non-ISDN devices on the ISDN network.
NT Devices and S and T Interfaces
The interface between the ISDN network and a TE1 device or terminal adapter is called
an S interface. The S interface connects to a network termination type 2 (NT2) device
suchas aprivatebranchexchange(PBX), or directly totheTE1 deviceor terminal adapter,
as shown in Figure 8 on page 142. The NT2 device is then connected to a network
Copyright 2010, Juniper Networks, Inc. 142
Junos OS Interfaces Configuration Guide for Security Devices
termination type 1 (NT1) device through a T interface. The S and T interfaces are
electrically equivalent.
An NT1 device is a physical layer device that connects a home telephone network to a
service provider carrier network. ISDN devices that connect to an NT1 device fromthe
home network side use a 4-wire S/T interface. The NT1 device converts the 4-wire S/T
interfaceintothe2-wireUinterfacethat telephonecarriers useas their plainoldtelephone
service (POTS) lines.
In the United States, NT1 devices are user owned. In many other countries, NT1 devices
are owned by the telephone service providers.
UInterface
The U interface connects the ISDN network into the telephone switch through line
termination(LT) equipment. TheconnectionfromLTequipment toother switches within
the telephone network is called the exchange termination (ET).
ISDNCall Setup
Before traffic can pass through an ISDN network, an ISDN call must be set up. ISDN call
setup requires a Layer 2 connection to be initialized and then a Layer 3 session to be
established over the connection.
To specify the services and features to be provided by the service provider switch, you
must set service profile identifiers (SPIDs) on TE1 devices before call setup and
initialization. If you define SPIDs for features that are not available on the ISDN link,
Layer 2 initialization takes place, but a Layer 3 connection is not established.
A SPID is a number that specifies the services available to you on the service provider
switch and defines the feature set ordered when the ISDN service is provisioned.
A terminal endpoint identifier (TEI) is a number that identifies a terminal endpoint, an
ISDN-capable device attached to an ISDN network through an ISDN interface on the
device. The TEI is a number between 0 and 127. The numbers 0 through 63 are used for
static TEI assignment, numbers 64 through 126 are used for dynamic assignment, and
127 is used for group assignment.
Layer 2 ISDNConnection Initialization
The TE device and the telephone network initialize a Layer 2 connection for ISDN as
follows:
1. The terminal equipment (TE) device and the telephone network exchange Receive
Ready (RR) frames, to indicate that they are available for data transmission. A call
cannot be set up if either the TE device or the telephone network does not transmit
RR frames.
2. If both ends of the ISDNconnection are available to receive data, the TE device sends
an Unnumbered Information (UI) frame to all devices on the ISDN link.
3. When it receives the UI frame, the network responds with a message containing a
unique TEI that identifies the endpoint on the ISDN link for all subsequent data
transmissions.
143 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
4. When the TE device receives the TEI message, it sends out a call setup message.
5. The network sends an acknowledgement of the call setup message.
6. When the TE device receives the acknowledgement, a Layer 2 connection is initialized
on the ISDN link.
Layer 3 ISDNSession Establishment
The caller, switch, and receiver establish a Layer 3 ISDN connection as follows:
1. When a Layer 2 connection is initialized, the caller sends a SETUP message to the
switch in the telephone network.
2. If thesetupmessageis valid, theswitchresponds withacall proceeding(CALLPROC)
message to the caller and a SETUP message to the receiver.
3. When the receiver receives the SETUP message, it responds with an ALERTING
message to the telephone switch.
4. This ALERTING message is then forwarded to the caller.
5. The receiver then accepts the connection by sending a CONNECT message to the
switch.
6. The switch forwards the CONNECT message to the caller.
7. The caller responds with an acknowledgement message (CONNECT ACK).
8. When the CONNECT ACK message is received by the receiver, the ISDN call is set up
and traffic can pass.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding ISDN Interfaces on page 145
Understanding Dialer Interfaces on page 150
Understanding Bandwidth on Demand on page 166
ISDN Configuration Overviewon page 144
ISDNConfiguration Overview
To configure ISDN interfaces:
1. Order an ISDN line fromyour telecommunications service provider. Contact your
service provider for more information.
2. Configure at least one ISDN interface (physical interface). See Example: Adding an
ISDN BRI Interface on page 148.
3. Configure at least one dialer interface (logical interface). See Example: Configuring
Dialer Interfaces on page 152.
Copyright 2010, Juniper Networks, Inc. 144
Junos OS Interfaces Configuration Guide for Security Devices
4. Configure one of the following back up methods on each dialer interface:
Configure dial backup if you want to use ISDN to backup the primary device
interfaces. See Example: Configuring Dial Backup on page 155.
Configure dialer filters for dial-on-demand routing backup. You can configure
dial-on-demand routing with or without OSPF support. See Example: Configuring
Dialer Filters for Dial-on-Demand Routing Backup on page 157 or Example:
Configuring Dial-on-Demand Routing Backup with OSPF Support on page 157.
Configure dialer watch. See Example: Configuring Dialer Watch on page 159.
Configure dial-in or callback. See Example: Configuring Dial-In and Callback on
page 163.
NOTE: You can configure only one back up method per dialer interface.
5. (Optional) Configure bandwidth on demand. See Example: Configuring Bandwidth
on Demand on page 167.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Configuring ISDN Services Physical and Logical Interface Properties in the Junos OS
Network Interfaces Configuration Guide
Understanding ISDN on page 141
Disabling ISDN Processes (CLI Procedure) on page 170
Verifying the ISDN Configuration on page 171
ISDNInterfaces
Understanding ISDN Interfaces on page 145
Example: Adding an ISDN BRI Interface on page 148
Understanding ISDNInterfaces
ISDNprovides two basic types of service, ISDNBasic Rate Interface (ISDNBRI) andISDN
Primary Rate Interface (ISDN PRI).
This topic contains the following sections:
ISDN BRI Interface Types on page 146
ISDN PRI Interface Types on page 146
ISDN Interface Configuration on page 147
145 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
ISDNBRI Interface Types
ISDN BRI is an ISDN service intended for home and small enterprise applications. ISDN
BRI consists of two64-Kbps B-channels tocarryvoiceor dataandone16-Kbps D-channel
for control and signaling.
ISDNBRI is designed for high-bandwidth data transmissions through existing telephone
lines. The copper wires that make up much of the existing telephony infrastructure can
support approximately 160Kbps, which provides enough bandwidth for two B-channels
and a D-channel, leaving 16 Kbps for any data framing, maintenance, and link control
overhead.
Up to six of the following field-replaceable units (FRUs) are available for ISDN BRI
connectivity:
4-port S/T Physical Interface Module (PIM) supporting ITU-T I.430, ETSI TS 101080,
and GR-1089-Core Type III
4-port U PIMsupporting ANSI T.601 and GR-1089-Core
A J Series device with one or more ISDN BRI ports has the following types of ISDN
interfaces:
Physical ISDN BRI interfacebr-pim/0/port
Physical B-channel interfacebc-pim/0/port
Physical D-channel interfacedc-pim/0/port
Logical dialer interfacedln
Each ISDN BRI port has two B-channels for transport, identified as bc-pim/0/port:1 and
bc-pim/0/port:2, and one D-channel for control, identified as dc-pim/0/port. On ISDN
BRI interfaces, the B-channels and D-channel have no configurable settings, but you can
monitor themfor interface status and statistics.
To configure ISDN BRI service on a J Series device, you configure the physical ISDN BRI
interface and the logical dialer interface.
ISDNPRI Interface Types
ISDN PRI is designed for users with greater capacity requirements than can be met with
ISDN BRI. In the United States, the most common ISDN PRI supports 23 B-channels to
carry trafficand1 D-channel for control andsignaling, totaling1,536Kbps, whichis roughly
equivalent to a T1 link. In Europe, the most common ISDN PRI supports 30 B-channels
and 1 D-channel, totaling 1,984 Kbps, which is roughly equivalent to an E1 link.
For ISDN PRI, up to six Dual-Port Channelized T1/E1/ISDN PRI PIMs, supporting ITU-T
Q.920, Q.921: LAPD, Q.930, and Q.931, are available for ISDN connectivity.
Copyright 2010, Juniper Networks, Inc. 146
Junos OS Interfaces Configuration Guide for Security Devices
On a J Series device with one or more Dual-Port Channelized T1/E1/ISDN PRI PIMs, you
can configure each port on the PIMfor either T1, E1, or ISDN PRI service, or for a
combination of ISDN PRI and either T1 or E1 service. For ISDN PRI service, you configure
the following types of ISDN interfaces as channels on the channelized T1 or E1 interface:
Physical B-channel interfacebc-pim/0/port:channel
On a channelized T1 interface, up to 23 time slots can be configured as ISDN PRI
B-channels.
On a channelized E1 interface, up to 30 time slots can be configured as ISDN PRI
B-channels.
Physical D-channel interfacedc-pim/0/port:channel
On a channelized T1 interface, you configure time slot 24 as the D-channel.
On a channelized E1 interface, you configure time slot 16 as the D-channel.
Logical dialer interfacedln
ISDNInterface Configuration
To enable ISDN interfaces to work properly, you must configure the interface properties:
Calling numberThis number represents the caller's number. It is sent to the ISDN
switch during the call setup.
SPID
Static TEIThis number comes fromyour service provider. Valid values range from0
to 63. If you are using a service provider that requires SPIDs, you cannot place calls
until the interface sends a valid, assigned SPIDto the service provider when accessing
the ISDN connection.
NOTE:
When configuring the static TEI value, please note the following:
If the field is left blank, the device dynamically acquires a TEI.
If you have configured a second SPID, you cannot set a static TEI value.
If you have an NTDMS-100 or NI1 switch, an additional box for a service
provider ID is provided.
Incoming called numberConfigure incoming call properties if you have remote
locations dialing into the device through the ISDN interface.
147 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
In addition to configuring ISDN properties, you must set the following additional ISDN
values:
Dialer poolDialer pool priority has a range from1 to 255, with 1 designating the
lowest-priority interfaces and 255 designating the highest-priority interfaces.
ISDN switch typeThe following switches are compatible with J Series devices:
ATT5EAT&T 5ESS
ETSINET3 for the UK and Europe
NI1National ISDN-1
NTDMS100Northern TelecomDMS-100
NTTNTT Group switch for Japan
Q.931 timer intervalQ.931 is a Layer 3 protocol for the setup and termination of
connections. The default value for the timer is 10 seconds, but the value can be
configured between 1 and 65,536 seconds.
TEI negotiationvalueYoumust specifywhentheTEI negotiates withtheISDNprovider.
If you specify first-call, activation does not occur until a call is sent. If you specify
power-up, activation occurs when the device is powered on. This is the default value.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding ISDN on page 141
Example: Adding an ISDN BRI Interface on page 148
Example: Adding an ISDNBRI Interface
This example showhowto add an ISDN BRI interface.
Requirements on page 148
Overviewon page 148
Configuration on page 149
Verification on page 150
Requirements
No special configuration beyond device initialization is required before configuring this
feature.
Overview
Inthis example, youcreatethebr-1/0/3ISDNBRI interfaceandaddtheisdn-dialer-options
dialer pool to the interface. You set the pools priority to 255. When configuring ISDNBRI
properties, you set the calling number to 18005555555, the SPID to 00108005555555,
the static TEI value to23, andthe incoming callednumber to18883333456. Additionally,
you set the ISDN switch type to att5e, the Q.931 timer to 15 seconds, and you configure
the TEI to negotiate with the ISDN provider when the device is powered on.
Copyright 2010, Juniper Networks, Inc. 148
Junos OS Interfaces Configuration Guide for Security Devices
Configuration
CLI Quick
Configuration
To quickly add an ISDN BRI interface, copy the following commands and paste them
into the CLI:
[edit]
set interfaces br-1/0/3 dialer-options pool isdn-dialer-group priority 255
setinterfacesbr-1/0/3isdn-optionscalling-number 18005555555spid1 00108005555555
static-tei-val 23 incoming-called-number 18883333456
set interfaces br-1/0/3 isdn-options switch-type att5e t31015 tei-option power-up
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure an ISDN BRI network interface:
1. Create an ISDN interface.
[edit]
user@host# edit interfaces br-1/0/3
2. Configure the dialer pool.
[edit interfaces br-1/0/3]
user@host# set dialer-options pool isdn-dialer-group priority 255
3. Configure the ISDN BRI properties.
[edit interfaces br-1/0/3]
user@host# set isdn-options calling-number 18005555555
user@host# set isdn-options spid1 00108005555555
user@host# set isdn-options static-tei-val 23
user@host# set isdn-options incoming-called-number 18883333456
4. Select the ISDN switch type.
[edit interfaces br-1/0/3]
user@host# set isdn-options switch-type att5e
5. Specify the Q.931 timer interval.
[edit interfaces br-1/0/3]
user@host# set isdn-options t31015
6. Specify when the TEI negotiates with the ISDN provider.
[edit interfaces br-1/0/3]
user@host# set isdn-options tei-option power-up
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
[edit]
user@host# showinterfaces br-1/0/3
isdn-options {
switch-type att5e;
spid1 00108005555555;
149 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
calling-number 18005555555;
incoming-called-number 18883333456;
tei-option power-up;
static-tei-val 23;
t310 15;
}
dialer-options {
pool isdn-dialer-group priority 255;
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying an ISDN BRI Interface on page 150
Verifying an ISDNBRI Interface
Purpose Verify that the ISDN BRI interface is correctly configured.
Action Fromoperational mode, enter the showinterfaces extensive command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Configuring ISDN Physical Interface Properties in the Junos OS Network Interfaces
Configuration Guide
Understanding ISDN Interfaces on page 145
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Dialer Interfaces
Understanding Dialer Interfaces on page 150
Example: Configuring Dialer Interfaces on page 152
Dial Backup on page 154
Dial-on-Demand Routing Backup on page 156
Dialer Watch on page 158
Dial-In and Callback on page 161
Understanding Dialer Interfaces
A dialer interface (dln) is a logical interface for configuring dialing properties and the
control interface for a backup ISDN connection. You can configure multiple dialer
interfaces for different functions on the device. The dialer interface can performas a
backup interface for one primary interface, as a dialer filter, or as a dialer watch interface,
but these operations are mutually exclusive.
Copyright 2010, Juniper Networks, Inc. 150
Junos OS Interfaces Configuration Guide for Security Devices
To enable dialer interfaces to work properly, you must configure the interface properties:
Encapsulation modeThe interface can be configured in the following modes:
Multilink mode using Multilink Point-to-Point Protocol (MLPPP)
encapsulationMLPPP is a protocol for aggregating multiple constituent links into
one larger PPP bundle. You can bundle up to eight B-channels.
Normal mode using Point-to-Point Protocol (PPP) encapsulationPPP is for
communicationbetweentwocomputers usingaserial interface. Usethis modewhen
the device is using only one B-channel.
Normal mode using Cisco High-Level Data Link Control (HDLC)
encapsulationCisco-compatibleHDLCis agroupof protocols for transmittingdata
betweennetworkpoints. Usethis modewhenthedeviceis usingonly oneB-channel.
NOTE: MPLS over ISDNis supported only with MLPPP encapsulation. If
you use PPP or Cisco HDLC, MPLS packets might be dropped.
Logical unitYou can set the logical unit to 0only, unless you are configuring the dialer
interface for MLPPP encapsulation.
Hold-time valueThe hold-time value is used to damp interface transitions. When an
interface goes fromup to down, it is not advertised as down to the rest of the system
until it remains unavailable for the hold-time period. Similarly, an interface is not
advertised as up until it remains operational for the hold-time period. The hold time is
three times the interval at which keepalive messages are sent.
Delay intervalsYou can configure the following delay intervals:
Activation delayTime to wait before activating the backup interface after the
primary interface is down. The default value is 0 seconds with a maximumvalue of
60 seconds. Use activation delay only for dialer backup and dialer watch.
Deactivation delayTime to wait before deactivating the backup interface after the
primary interface is up. The default value is 0 seconds with a maximumvalue of 60
seconds. Use deactivation delay only for dialer backup and dialer watch.
Redial delayNumber of seconds to wait before redialing a failed outgoing ISDN
call. The default value is 3 seconds, with a range from2 through 255.
Idle timeoutTime a connection is idle before disconnecting. The default value is 120
seconds, with a range from0 through 4,294,967,295. This option is used only to
configure a dialer filter.
Initial route checkTime to wait before checking if the primary interface is up. The
default value is 120seconds, with a range of 1 through 300seconds. This option is used
only to configure dialer watch.
PoolName of a group of ISDN interfaces configured to use the dialer interface.
151 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
NOTE: If you configure multiple dialer interfaces, ensure that the same IP
subnet address is not configured on different dialer interfaces. Configuring
the same IP subnet address on multiple dialer interfaces can cause both
inconsistency in the route and packet loss. The device might route packets
throughanother dialer interfacewiththeIPsubnet addressinsteadof through
the dialer interface to which the ISDNmodemcall is mapped.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: Configuring Dialer Interfaces on page 152
Understanding ISDN on page 141
Understanding Dial Backup on page 154
Understanding Dial-on-Demand Routing Backup on page 156
Understanding Dialer Watch on page 158
Understanding Dial-In and Callback on page 161
Example: Configuring Dialer Interfaces
This example shows howto configure a logical dialer interface.
Requirements on page 152
Overviewon page 152
Configuration on page 152
Verification on page 154
Requirements
No special configuration beyond device initialization is required before configuring this
feature.
Overview
In this example, you create the dl0 dialer interface and set the encapsulation type for
the interface to Cisco HDLC. You set the hold-time value to 60 milliseconds. When
configuring delay intervals, you set the activation delay to 60 seconds, the deactivation
delay to 30 seconds, and the redial delay to 5 seconds. Additionally, you create the
isdn-dialer-group dialer pool, set the dial string to 5551212, specify 172.20.10.2 as the
source IP address for the dialer interface, and specify 172.20.10.1 as the destination IP
address for the dialer interface. (The destination IP address is optional.)
Configuration
CLI Quick
Configuration
To quickly configure a logical dialer interface, copy the following commands and paste
theminto the CLI:
[edit]
set interfaces dl0description T1-backup encapsulation cisco-hdlc hold-time down 60
up 60
Copyright 2010, Juniper Networks, Inc. 152
Junos OS Interfaces Configuration Guide for Security Devices
set interfaces dl0unit 0dialer-options activation-delay 60deactivation-delay 30
redial-delay 5 pool isdn-dialer-group dial-string 5551212
set interfaces dl0unit 0family inet address 172.20.10.2 destination 172.20.10.1
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode
To configure a logical dialer interface:
1. Create and describe the interface.
[edit]
user@host# edit interfaces dl0
user@host# set description T1-backup
2. Configure the encapsulation mode.
[edit interfaces dl0]
user@host# set encapsulation cisco-hdlc
3. Enter the hold-time values.
[edit interfaces dl0]
user@host# set hold-time down 60
user@host# set hold-time up 60
4. Create the logical unit.
[edit interfaces dl0]
user@host# edit unit 0
5. Configure the delay intervals.
[edit interfaces dl0 unit 0 dialer-options]
user@host# set activation-delay 60
user@host# set deactivation-delay 30
user@host# set redial-delay 5
6. Configure the dialer pool.
[edit interfaces dl0 unit 0 dialer-options]
user@host# set pool isdn-dialer-group
7. Specify which remote destination to call.
[edit interfaces dl0 unit 0 dialer-options]
user@host# set dial-string 5551212
8. Configure source and destination IP addresses.
[edit]
user@host# set interfaces dl0unit 0family inet address 172.20.10.2 destination
172.20.10.1
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces dl0
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
[edit]
153 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
user@host# showinterfaces dl0
showinterfaces dl0
hold-time up 60 down 60;
encapsulation cisco-hdlc;
unit 0 {
family inet {
address 172.20.10.2/32 {
destination 172.20.10.1;
}
}
dialer-options {
pool isdn-dialer-group;
dial-string 5551212;
redial-delay 5;
activation-delay 60;
deactivation-delay 30;
}
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying Dialer Interface Configuration on page 154
Verifying Dialer Interface Configuration
Purpose Verify that the dialer interface is correctly configured.
Action Fromoperational mode, enter the showinterfaces dl0 command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Configuring ISDN Logical Interface Properties in the Junos OS Network Interfaces
Configuration Guide
Understanding Dialer Interfaces on page 150
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Dial Backup
Understanding Dial Backup on page 154
Example: Configuring Dial Backup on page 155
Understanding Dial Backup
Dial backup is a feature that reestablishes network connectivity through one or more
backup ISDNdialer interfaces after a primary interface fails. The backup dialer interfaces
areactivatedonly whentheprimary interfacefails. ISDNbackupconnectivity is supported
Copyright 2010, Juniper Networks, Inc. 154
Junos OS Interfaces Configuration Guide for Security Devices
on all interfaces except lsq-0/0/0. When the primary interface is reestablished, the ISDN
interface is disconnected.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dialer Interfaces on page 150
Example: Configuring Dial Backup on page 155
Example: Configuring Dial Backup
This example shows howto configure a primary backup connectivity.
Requirements on page 155
Overviewon page 155
Configuration on page 155
Verification on page 155
Requirements
Before you begin:
1. AddinganISDNBRI interface. SeeExample: AddinganISDNBRI Interface onpage148.
2. Configure dialer interfaces. See Example: Configuring Dialer Interfaces on page 152.
Overview
In this example, you select ge-0/0/0 unit 0 as the primary interface for backup ISDN
connectivity and configure dl0.0 as the backup dialer interface.
Configuration
Step-by-Step
Procedure
To configure a primary interface for backup connectivity:
Select the physical interface for backup ISDN connectivity. 1.
[edit]
user@host# edit interfaces ge-0/0/0unit 0
2. Configure the backup dialer interface.
[edit interfaces ge-0/0/0 unit 0]
user@host# set backup-options interface dl0.0
3. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showInterfaces ge-0/0/0
command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dial Backup on page 154
155 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Dial-on-Demand Routing Backup
Understanding Dial-on-Demand Routing Backup on page 156
Example: Configuring Dialer Filters for Dial-on-Demand Routing Backup on page 157
Example: ConfiguringDial-on-DemandRoutingBackupwithOSPFSupport onpage157
Understanding Dial-on-Demand Routing Backup
Dial-on-demand routing (DDR) backup is a feature that provides a J Series device with
full-timeconnectivity across anISDNline. YouconfigureDDRusingthefollowingfeatures:
Dialer filtersA dialer filter is a stateless firewall filter that enables DDR backup when
applied to a physical ISDN interface. Within this configuration, the dialer interface is
configured as a passive static route. The passive static route has a lower priority than
dynamic routes, meaning that the static route is used only when the dynamic routes
are no longer available.
Whenafloatingstatic routeis configuredonaninterfacewithadialer filter, theinterface
can be usedfor backup. Afloating static route is a route with an administrative distance
greater than the administrative distance of the dynamically learned versions of the
same route.
If all dynamic routes on a primary serial T1, E1, T3, E3, Fast Ethernet, Gigabit Ethernet,
or Point-to-Point Protocol over Ethernet (PPPoE) interface to an address are lost from
the routing table and the device receives a packet for that address, the dialer interface
initiates an ISDN backup connection. The dialer interface then sends the packet over
the backup connection. To save connection time costs, the device drops the ISDN
connection after a configured period of inactivity.
This DDRbackupmethodallows anISDNlinetobeactivatedonly whennetwork traffic
configured as an interesting packet arrives on the network. After the network traffic
is sent, an inactivity timer is triggered, and the connection is closed after the timer
expires. Youdefineaninterestingpacket as part of thedialer filter featureconfiguration.
DemandcircuitsAdemandcircuit is anetwork segment whosecost varies withusage,
according to a service-level agreement with a service provider. Demand circuits limit
traffic based on either bandwidth (bites or packets transmitted) or access time. For
example, ISDN interfaces can be configured for DDR backup. In OSPF, the demand
circuit reduces the amount of OSPF traffic by removing all OSPF protocols when the
routing domain is in a steady state.
Two types of routing protocol traffic are used by OSPF to establish and maintain
network structure. First, periodic hello packets are sent over each link for neighbor
discovery and maintenance. Second, OSPF protocol traffic achieves and maintains
link-statedatabasesynchronizationbetweendevices. TheOSPFdemandcircuit feature
removes the periodic nature of both traffic types and reduces the amount of OSPF
traffic by removing all OSPF protocol traffic froma demand circuit when the routing
Copyright 2010, Juniper Networks, Inc. 156
Junos OS Interfaces Configuration Guide for Security Devices
domain is in a steady state. This feature allows the underlying data-link connections
to be closed when no application traffic is on the network.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dialer Interfaces on page 150
Example: Configuring Dialer Filters for Dial-on-Demand Routing Backup on page 157
Example: ConfiguringDial-on-DemandRoutingBackupwithOSPFSupport onpage157
Example: Configuring Dialer Filters for Dial-on-Demand Routing Backup
In this example, you create a dialer filter called int-packet and a corresponding dialer
filter rule called term1. Within term1, you configure an ICMP packet as the interesting
packet. You then apply to the dialer filter to the dl0 interface.
To configure a dialer filter for dial-on-demand backup:
1. Create the dialer filter.
[edit]
user@host# edit firewall family inet dialer-filter int-packet
2. Create the dialer filter rule.
[edit firewall family inet dialer-filter int-packet]
user@host# set termterm1 fromprotocol icmp then note
3. Select the dialer interface to apply to the filter.
[edit]
user@host# edit interfaces dl0 unit 0
4. Select the dialer filter and apply it to the dialer interface.
[edit interfaces dl0 unit 0]
user@host# set family inet filter dialer int-packet
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dial-on-Demand Routing Backup on page 156
Example: ConfiguringDial-on-DemandRoutingBackupwithOSPFSupport onpage157
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Example: Configuring Dial-on-Demand Routing Backup with OSPF Support
This example shows howto configure a dial-on-demand routing backup with OSPF
support.
Requirements on page 158
Overviewon page 158
157 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
Configuration on page 158
Verification on page 158
Requirements
Before you begin, you must configure OSPF on the device.
Overview
Inthis example, youcreatethe0.0.0.0OSPFareaandconfigureOSPFon-demandcircuits
for thedl0ISDNdialer interface, whichis participatingas anon-demandroutinginterface.
Configuration
Step-by-Step
Procedure
To configure OSPF demand circuits:
Create the OSPF area. 1.
[edit]
user@host# edit protocols ospf area 0.0.0.0
2. Specify the on-demand routing interface.
[edit protocols ospf area 0.0.0.0]
user@host# set interface dl0demand-circuit
3. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To verify the configuration is working properly, enter the showprotocols ospf command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dial-on-Demand Routing Backup on page 156
Example: Configuring Dialer Filters for Dial-on-Demand Routing Backup on page 157
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Dialer Watch
Understanding Dialer Watch on page 158
Example: Configuring Dialer Watch on page 159
Understanding Dialer Watch
Dialer watch is a DDR backup feature that provides dependable connectivity without
relying on a dialer filter to activate the ISDNinterface. The ISDNdialer interface monitors
the existence of each route on a watch list. If all routes on the watch list are lost from
the routing table, dialer watch initiates the ISDN interface for failover connectivity.
Copyright 2010, Juniper Networks, Inc. 158
Junos OS Interfaces Configuration Guide for Security Devices
Configure dialer watch options for each ISDN interface participating in the dialer watch
feature. Each ISDN interface must have the same pool identifier to participate in dialer
watch.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dialer Interfaces on page 150
Example: Configuring Dialer Watch on page 159
Example: Configuring Dialer Watch
This example shows howto configure a dialer watch interface.
Requirements on page 159
Overviewon page 159
Configuration on page 159
Verification on page 160
Requirements
Before you begin:
1. AddinganISDNBRI interface. SeeExample: AddinganISDNBRI Interface onpage148.
2. Configure dialer interfaces. See Example: Configuring Dialer Interfaces on page 152.
3. Configure dial backup. See Example: Configuring Dial Backup on page 155.
4. Configuredialer filters for dial-on-demandroutingbackup. SeeExample: Configuring
Dialer Filters for Dial-on-Demand Routing Backup on page 157.
5. Configure dial-on-demand routing backup with OSPF support. See Example:
Configuring Dial-on-Demand Routing Backup with OSPF Support on page 157.
Overview
In this example, you add a dialer watch to the dl0 interface. You then configure the ISDN
interface to participate as a dialer watch interface. You create the dw-group dialer pool
on the unit 0logical interface and specify that the dialer should watch the 172.27.27.0/24
list of routes. Once you have finished configuring the dialer watch interface, you select
the br-1/0/3 ISDN physical interface for ISDN BRI.
Configuration
CLI Quick
Configuration
To quickly configure a dialer watch interface, copy the following commands and paste
theminto the CLI:
[edit]
set interfaces dl0description dialer-watch
set interfaces dl0unit 0dialer-options pool dw-group watch-list 172.27.27.0/24
set interfaces br-1/0/3 dialer-options pool isdn-dialer-group
159 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure a dialer watch interface:
1. Create the dialer watch interface.
[edit]
user@host# edit interfaces dl0set description dialer-watch
2. Specify a logical interface.
[edit interfaces dl0]
user@host# edit unit 0dialer-options
3. Specify a dialer pool.
[edit interfaces dl0 unit 0 dialer-options]
user@host# set pool dw-group
4. Configure the list of routes for dialer watch.
[edit interfaces dl0 unit 0 dialer-options]
user@host# set watch-list 172.27.27.0/24
5. Select the ISDN physical interface for ISDN BRI.
[edit]
user@host# edit interfaces br-1/0/3 dialer-options pool isdn-dialer-group
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces dl0
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
[edit]
user@host# showinterfaces dl0
description dialer-watch;
unit 0 {
dialer-options {
pool dw-group;
watch-list {
172.27.27.0/24;
}
}
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying a dialer watch interface on page 160
Verifying a dialer watch interface
Purpose Verify a dialer watch interface.
Copyright 2010, Juniper Networks, Inc. 160
Junos OS Interfaces Configuration Guide for Security Devices
Action Fromoperational mode, enter the showinterfaces dl0 command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dialer Watch on page 158
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Dial-In and Callback
Understanding Dial-In and Callback on page 161
Example: Configuring Dial-In and Callback on page 163
Understanding Dial-In and Callback
If you are a service provider or a corporate data center into which a remote location dials
in during an emergency, you can configure your Juniper Networks device to accept
incoming ISDNcalls originating fromthe remote location. The dial-in feature enables the
device to receive calls fromthe remote end of a backup ISDN connection. The remote
endof theISDNcall might beaserviceprovider, acorporatecentral location, or acustomer
premises equipment (CPE) branch office. Each dialer interface accepts calls fromonly
those callers whose caller IDs are configured on it.
NOTE: Incoming voice calls are currently not supported.
Alternatively, you can configure the device toreject the incoming ISDNcalls andcall back
theremotelocation. Thecallback featurelets youcontrol access by allowingonly specific
remote locations to connect to the device. The feature also enables the device to call
back the caller fromthe remote end of a backup ISDN connection. Instead of accepting
acall fromtheremoteendof theconnection, thedevicerejects thecall, waits aconfigured
period of time, and calls a number configured on the device's dialer interface.
Whenit receivesanincomingISDNcall, theJuniper Networksdevicematchestheincoming
call's caller ID against the caller IDs configured on the devices dialer interfaces. If an
exact match is not found and the incoming call's caller ID has more digits than the
configured caller IDs, the device performs a right-to-left match of the incoming call's
caller ID with the configured caller IDs and accepts the incoming call if a match is found.
For example, if the incoming call's caller ID is 4085550115 and the caller ID configured
onadialer interfaceis 5550115, theincomingcall is accepted. Eachdialer interfaceaccepts
calls fromonly those callers whose caller IDs are configured on it.
This topic contains the following sections:
Dial-In and Callback Encapsulation on page 162
Dial-In Configuration on page 162
Callback Configuration on page 163
161 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
Dial-In and Callback Encapsulation
The dialer interface of the device and the dialer interface of the remote device must have
the same encapsulationPPP, MLPPP, or Cisco HDLC. If the encapsulation is different,
the ISDN call is dropped. Table 16 on page 162 describes howthe device monitors
encapsulation.
Table 16: Encapsulation Monitoring by Juniper Networks Devices
Encapsulation Monitoring
and Call Status
Possible Action on Juniper
Networks Device's Dialer
Interface
Encapsulation on Remote
Router's Dialer Interface
Encapsulation on Juniper
Networks Device's
Interface
Device performs
encapsulation monitoring.
ISDN call is successful
because encapsulation
matches.
Accepts an incoming call
Rejects an incoming call
and calls back the
incoming number when
callback is enabled on the
dialer interface
PPP PPP
MLPPP MLPPP
Device performs
encapsulation monitoring.
ISDN call is dropped because
of encapsulation mismatch.
MLPPP or Cisco HDLC PPP
PPP or Cisco HDLC MLPPP
Device does not perform
encapsulation monitoring.
Success of the ISDN call
dependsontheencapsulation
monitoring capability of the
remote device.
Dials out
Accepts an incoming call
as a result of having
originally dialed out,
because the dialer
interface of the remote
device has callback
enabled
PPP, MLPPP, or Cisco HDLC PPP or MLPPP
Dials out
Accepts an incoming call
Accepts an incoming call
as a result of having
originally dialed out,
because the dialer
interface of the remote
device has callback
enabled
Rejects an incoming call
and calls back the
incoming number when
callback is enabled on the
dialer interface
PPP, MLPPP, or Cisco HDLC Cisco HDLC
Dial-In Configuration
Whenyouenablethedial-infeatureonadialer interfaceassociatedwithanISDNphysical
interface, the device accepts incoming calls. You can specify that the interface accept
all incoming calls, or you can configure up to 15 specific incoming numbers per dialer
interface that you want the device to accept.
Copyright 2010, Juniper Networks, Inc. 162
Junos OS Interfaces Configuration Guide for Security Devices
If multiple devices are connected to the same ISDN line, you can configure an ISDN
interface to screen incoming calls based on the incoming called number. Each interface
accepts only the calls whose called numbers are configured on it. If an exact match is
not found, the incoming call is ignored.
The same caller ID must not be configured on different dialer interfaces. However, you
can configure caller IDs with more or fewer digits on different dialer interfaces. For
example, you can configure the caller IDs 14085550115, 4085550115, and 5550115 on
different dialer interfaces. Additionally, if you configure one of the interfaces to accept
all calls, the device only uses that interface if the incoming call's caller IDdoes not match
the caller IDs configured on other dialer interfaces.
You can also configure the device to reject (ignore) calls fromspecific numbers. You
might choose to use this option if a the number belongs to another device connected to
the same ISDNline. For example, if another device on the same ISDNline has the called
number 4085551091, you can configure the called number 4085551091 with the reject
option on the ISDN interface so that it does not accept calls with that number.
Callback Configuration
When you enable the callback feature on a dialer interface, the ISDN interface rejects
incoming calls, waits for 5 seconds (the default callback wait period) or the interval you
specify, and then calls back the incoming number.
Before configuring callback on a dialer interface, ensure that the following conditions
exist:
The dialer interface is not configured as a backup for a primary interface.
The dialer interface does not have a watch list configured.
Only one dial string is configured for the dialer interface.
Dial-in is configured on the dialer interface of the remote device that is dialing in.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dialer Interfaces on page 150
Example: Configuring Dial-In and Callback on page 163
Example: Configuring Dial-In and Callback
This example shows howto configure a dial-in and callback options.
Requirements on page 163
Overviewon page 164
Configuration on page 164
Verification on page 165
Requirements
Before you begin:
163 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
1. Add an ISDNBRI interface. See Example: Adding an ISDNBRI Interface on page 148.
2. Configure dialer interfaces. See Example: Configuring Dialer Interfaces on page 152.
3. Configuredialer backupinterfaces. SeeExample: ConfiguringDial Backup onpage155.
4. Configuredialer filters for dial-on-demandroutingbackup. SeeExample: Configuring
Dialer Filters for Dial-on-Demand Routing Backup on page 157.
5. Configure dial-on-demand routing backup with OSPF support. See Example:
Configuring Dial-on-Demand Routing Backup with OSPF Support on page 157.
6. Configure dialer watch. See Example: Configuring Dialer Watch on page 159.
Overview
In this example, you set the dialer interfaces as dl0 and set the incoming map options
for the dialer interface on a logical interface to 4085550115. Then, you set the callback
wait period to 5 and configure an ISDN interface to screen incoming ISDN calls. Finally,
you set the device to reject incoming calls fromthe specified number.
Configuration
CLI Quick
Configuration
To quickly configure dial-in and callback options, copy the following commands and
paste theminto the CLI:
[edit]
set interfaces dl0unit 0dialer-options incoming-map caller 4085550115
set interfaces dl0unit 0dialer-options callback callback-wait-period 5
set interfaces br-1/0/3 isdn-options incoming-called-number 4085550115
set systemprocesses isdn-signaling reject-incoming
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure dial-in and callback options:
1. Create a dialer interface.
[edit]
user@host# edit interfaces dl0unit 0dialer-options
2. Configure the incoming map options for the dialer interface on a logical interface.
[edit interfaces dl0 unit 0 dialer-options]
user@host# set incoming-map caller 4085550115
3. Configure callback options for the dialer interface.
[edit interfaces dl0 unit 0 dialer-options]
user@host# set callback
user@host# set callback-wait-period 5
4. Configure an ISDN interface to screen incoming ISDN calls.
[edit interfaces br-1/0/3 ]
user@host# set isdn-options incoming-called-number 4085550115
5. Configure the device to reject incoming calls fromthe specified number.
Copyright 2010, Juniper Networks, Inc. 164
Junos OS Interfaces Configuration Guide for Security Devices
[edit]
user@host# set systemprocesses isdn-signaling reject-incoming
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
[edit]
user@host showinterfaces
br-1/0/3 {
isdn-options {
incoming-called-number 4085550115;
}
}
dl0 {
unit 0 {
dialer-options {
callback;
callback-wait-period 5;
}
}
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying Dial-In and Callback Options on page 165
Verifying Dial-In and Callback Options
Purpose Verify dial-in and callback options.
Action Fromoperational mode, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Dial-In and Callback on page 161
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Bandwidth on Demand
Understanding Bandwidth on Demand on page 166
Example: Configuring Bandwidth on Demand on page 167
165 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
Understanding Bandwidth on Demand
Bandwidth on demand is an ISDN cost-control feature that defines the bandwidth
threshold that must be reached on all links before a device initiates additional ISDNdata
connections to provide more bandwidth.
You can define a threshold for network traffic on the device using the dialer interface and
ISDNinterfaces. A number of ISDNinterfaces are aggregated together into a bundle and
assigned a single dialer profile. A dialer profile is a set of characteristics configured for
the ISDN dialer interface. Dialer profiles allowthe configuration of physical interfaces to
be separated fromthe logical configuration of dialer interfaces required for ISDN
connectivity. This featurealsoallows physical andlogical interfaces tobeboundtogether
dynamically on a per-connection basis.
Initially, only one ISDNlink is active, and all packets are sent through this interface. When
a configured threshold is exceeded, the dialer interface activates another ISDN link and
initiates a data connection. The threshold is specified as a percentage of the cumulative
load of all UP links that are part of the bundle. When the cumulative load of all UP links,
not counting the most recently activated link, is at or belowthe threshold, the most
recently activated link is deactivated.
To enable bandwidth on demand, you must configure its properties:
Dialer interfaceYoucanconfiguremultipledialer interfacesfor bandwidth-on-demand
by incrementing the unit numberfor example, dl0.1, dl0.2, and so on. For ISDN BRI,
you can group up to four ISDN interfaces together when configuring bandwidth on
demand, for a total of eight B-channels (two channels per interface) providing
connectivity. For ISDNPRI, thepool limit is eight B-channels per channelizedT1/E1/ISDN
PRI port. Each ISDN interface must have the same pool identifier to participate in
bandwidth on demand.
Dialer optionsDialer options for bandwidth on demand include:
Dial stringTelephone number for the interface to dial that establishes ISDN
connectivity. You can configure a maximumof 15 dial strings per dialer interface.
Load intervalInterval of time used to calculate the average load on the dialer
interface. The default value is 60 seconds with a range of 20 through 180 seconds.
The value must be a multiple of 10.
Load thresholdThreshold above which an additional ISDN interface is activated,
specified as a percentage of the cumulative load of all UP links. The default value
is 100, with a range of 0 through 100.
PoolName of a group of ISDN interfaces configured to use the dialer interface.
Unit propertiesUnit properties include the F max period, which is the maximum
number of compressedpackets allowedbetweenthe transmissionof full packets. The
value can be between 1 and 65,535.
Copyright 2010, Juniper Networks, Inc. 166
Junos OS Interfaces Configuration Guide for Security Devices
Logical propertiesLogical properties for bandwidth on demand include:
Fragment thresholdMaximumsize, in bytes, for multilink packet fragments. The
valuecanbebetween128and16,320bytes. Thedefault is 0bytes (nofragmentation).
Any nonzero value must be a multiple of 64 bytes.
Maximumreceivedreconstructedunit (MRRU)This valueis expressedas anumber
between 1500 and 4500 bytes.
Packet compressionYou can configure the following compression types:
ACFC(addressandcontrol fieldcompression)Conservesbandwidthbycompressing
the address and control fields of PPP-encapsulated packets.
PFC(protocol fieldcompression)Conservesbandwidthbycompressingtheprotocol
field of a PPP-encapsulated packet.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding ISDN on page 141
Example: Configuring Bandwidth on Demand on page 167
Example: Configuring Bandwidth on Demand
This example shows howto configure a bandwidth on demand.
Requirements on page 167
Overviewon page 167
Configuration on page 167
Verification on page 170
Requirements
Before you begin, enable bandwidth on demand and configure its properties. See
Understanding Bandwidth on Demand on page 166.
Overview
Inthis example, youcreatethedl0dialer interfaceanddefinethebw-profileCHAPaccess
profile with the client1 and my-secret password. You configure CHAP on the dl0 unit 0
interfaces and specify a unique profile called bw-profile that contains client list and
access parameters. You configure the ACFC compression type. Finally, you configure a
bandwidth on demand on each ISDNinterface that is participating in the aggregated link
(in this case, the br-1/0/3 ISDN BRI physical interface).
Configuration
CLI Quick
Configuration
To quickly configure a bandwidth on demand, copy the following commands and paste
theminto the CLI:
[edit]
set interfaces dl0encapsulation multilink-ppp
167 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
set interfaces dl0unit 0dialer-options dial-string 4085550115 load-interval 90
load-threshold 95 pool bw-pool
set interfaces dl0unit 0compression rtp f-max-period 500queues q3
set interfaces dl0unit 0fragment-threshold 1024
set access profile bw-profile client client1 chap-secret my-secret
set interfaces dl0unit 0ppp-options chap access-profile bw-profile
set interfaces dl0unit 0ppp-options compression acfc
set interfaces dl0unit 0family inet address 172.20.10.2 destination 172.20.10.1
set interfaces dl0unit 0family inet negotiate-address
set interfaces dl0unit 0family inet unnumbered-address lo0.0destination 192.168.1.2
set interfaces br-1/0/3 dialer-options pool bw-pool
Step-by-Step
Procedure
The following example requires you to navigate various levels in the configuration
hierarchy. For instructions on howto do that, see Using the CLI Editor in Configuration
Mode.
To configure a dialer interface for bandwidth on demand:
1. Select a dialer interface.
[edit]
user@host# edit interfaces dl0
2. Configure multilink properties on the dialer interface.
[edit interfaces dl0]
user@host# set encapsulation multilink-ppp
3. Select the logical unit.
[edit interfaces dl0]
user@host# edit unit 0
4. Configure the dialer options.
[edit interfaces dl0 unit 0]
user@host# set dialer-options dial-string 4085550115
user@host# set dialer-options load-interval 90
user@host# set dialer-options load-threshold 95
user@host# set dialer-options pool bw-pool
5. Configure unit properties.
[edit interfaces dl0 unit 0]
user@host# set compression rtp f-max-period 500queues q3
6. Configure logical properties.
[edit interfaces dl0 unit 0]
user@host# set fragment-threshold 1024
7. Define a CHAP access profile with a client and a secret password.
[edit]
user@host# set access profile bw-profile client client1 chap-secret my-secret
8. Configure CHAP on the dialer interface.
[edit interfaces dl0 unit 0]
user@host# set ppp-options chap access-profile bw-profile
Copyright 2010, Juniper Networks, Inc. 168
Junos OS Interfaces Configuration Guide for Security Devices
9. Configure packet compression.
[edit interfaces dl0 unit 0]
user@host# set ppp-options compression acfc
10. Configure the dialer interface to be assigned an IP address. Choose any of the
following:
Assign source and destination IP addresses.
[edit interfaces dl0 unit 0]
user@host#set family inet address 172.20.10.2 destination 172.20.10.1
Obtain an IP address fromthe remote end.
[edit interfaces dl0 unit 0]
user@host#set family inet negotiate-address
Derive the source address and assign the destination address.
[edit interfaces dl0 unit 0]
user@host#set family inet unnumbered-address lo0.0destination 192.168.1.2
11. For each ISDN interface that is participating in the aggregated link, configure
bandwidth on demand.
[edit interfaces dl0 unit 0]
user@host# set ppp-options compression acfc
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
command. If the output does not display the intended configuration, repeat the
configuration instructions in this example to correct it.
[edit]
user@host# showinterfaces
br-1/0/3 {
dialer-options {
pool bw-pool;
}
}
dl0 {
encapsulation multilink-ppp;
unit 0 {
ppp-options {
chap {
access-profile bw-profile;
}
compression acfc;
}
fragment-threshold 1024;
compression {
rtp {
f-max-period 500;
queues q3;
}
}
family inet {
address 172.20.10.2/32 {
169 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
destination 172.20.10.1;
}
unnumbered-address lo0.0 destination 192.168.1.2;
negotiate-address;
}
dialer-options {
pool bw-pool;
dial-string 4085550115;
load-threshold 95;
load-interval 90;
}
}
}
If you are done configuring the device, enter commit fromconfiguration mode.
Verification
To confirmthat the configuration is working properly, performthis task:
Verifying a Bandwidth on Demand on page 170
Verifying a Bandwidth on Demand
Purpose Verify a bandwidth on demand.
Action Fromoperational mode, enter the showinterfaces command.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding ISDN on page 141
Disabling ISDNProcesses (CLI Procedure)
The Junos OS ISDN signaling process manages ISDN signaling by initializing ISDN
connections. The Junos OS ISDN dialer services process manages dialing out through
dialer interfaces.
To disable the ISDN signaling process, use the following CLI statement:
[edit]
user@host: set systemprocesses isdn-signaling disable
To disable the dialer services process, use the following CLI statement:
[edit]
user@host# set systemprocesses dialer-services disable
CAUTION: Never disable a software process unless you are instructed to do
so by a Customer Support engineer.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Copyright 2010, Juniper Networks, Inc. 170
Junos OS Interfaces Configuration Guide for Security Devices
Understanding ISDN on page 141
Disabling ISDN Processes in the Junos OS Network Interfaces Configuration Guide
ISDN Configuration Overviewon page 144
Verifying the ISDN Configuration on page 171
Verifying the ISDNConfiguration
To verify an ISDN configuration, performthe following tasks:
Displaying the ISDN Status on page 171
Verifying an ISDN BRI Interface on page 172
VerifyinganISDNPRI InterfaceandCheckingB-Channel InterfaceStatistics onpage173
Checking D-Channel Interface Statistics on page 174
Displaying the Status of ISDN Calls on page 176
Verifying Dialer Interface Configuration on page 177
Displaying the ISDNStatus
Purpose Display the status of ISDN service on the ISDN interface. For example, you can display
ISDNBRI status onthebr-6/0/0interfaceandISDNPRI status onthect1-2/0/0interface.
Action Fromoperational mode, enter the showisdn status command.
Sample Output user@host> showisdn status
Interface: br-6/0/0
Layer 1 status: active
Layer 2 status:
CES: 0, Q.921: up, TEI: 12
Layer 3 status: 1 Active calls
Switch Type : ETSI
Interface Type : USER
T310 : 10 seconds
Tei Option : Power Up
user@host> showisdn status
Interface: ct1-2/0/0
Layer 1 status: active
Layer 2 status:
CES: 0, Q.921: up, TEI: 0
Layer 3 status: 8 Active calls
Switch Type : NI2
Interface Type : USER
T310 : 10 seconds
Tei Option : Power Up
Meaning The output shows a summary of interface information. Verify the following information:
171 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
InterfaceISDN interface currently active on the device. For ISDN BRI, the interface is
a br-pim/0/port interface, as shown in the first example for br-6/0/0. For ISDN PRI,
the interface displayed is a channelized T1 or channelized E1 interface, as shown in the
second example for ct1-2/0/0.
Layer 1 statusIndicates whether Layer 1 is active or inactive.
Layer 2 statusIndicates whether Q.921 (the D-channel protocol) is up or down.
TEIAssigned terminal endpoint identifier (TEI) number.
Layer 3 statusNumber of active calls.
Switch TypeType of ISDN switch that is connected to the device interface.
Interface TypeDefault value for the local interface.
Calling numberTelephone number configured for dial-out.
T310Q.931-specific timer.
TEI OptionIndicates when TEI negotiations occur on the interface.
Verifying an ISDNBRI Interface
Purpose Verify that the ISDN BRI interface is correctly configured.
Action FromtheCLI, enter theshowinterfacesextensivecommand. Alternatively, fromtheJ-Web
interface, select Monitor>Interfaces>interface.
Sample Output user@host> showinterfaces br-6/0/0extensive
Physical interface: br-6/0/0, Enabled, Physical link is Up
Interface index: 143, SNMP ifIndex: 59, Generation: 24
Type: BRI, Link-level type: Controller, MTU: 4092, Clocking: 1, Speed: 144kbps,
Parent: None
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link type : Full-Duplex
Link flags : None
Physical info : S/T
Hold-times : Up 0 ms, Down 0 ms
Last flapped : 2005-12-07 12:21:11 UTC (04:07:26 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards:
0,
Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors:
0
Meaning The output shows a summary of interface information. Verify the following information:
Copyright 2010, Juniper Networks, Inc. 172
Junos OS Interfaces Configuration Guide for Security Devices
The physical interface is Enabled. If the interface is shown as Disabled, do either of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
interface-name] level of the configuration hierarchy.
In the J-Web configuration editor, clear the Disable check box on the
Interfaces>interface-name page.
The physical link is Up. A link state of Down indicates a problemwith the interface
module, interface port, or physical connection (link-layer errors).
The Last Flapped time is an expected value. The Last Flapped time indicates the last
time the physical interface became unavailable and then available again. Unexpected
flapping indicates likely link-layer errors.
Thetraffic statistics reflect theexpectedinput andoutput rates. Verify that thenumber
of inbound and outbound bytes and packets matches the expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics interface-name command.
Verifying an ISDNPRI Interface and Checking B-Channel Interface Statistics
Purpose Verify that an ISDN B-channel interface is operating properly. For ISDN PRI, verify that a
B-channel interface is configured correctly. (To display a list of B-channel interfaces,
enter the showisdn calls command.)
Action Fromoperational mode, enter the showinterfaces extensive command. Alternatively,
Fromthe J-Web interface, select Monitor>Interfaces>interface.
Sample Output user@host> showinterfaces bc-0/0/4:1 extensive
Physical interface: bc-0/0/4:1, Administratively down, Physical link is Up
Interface index: 145, SNMP ifIndex: 75, Generation: 26
Type: Serial, Link-level type: Multilink-PPP, MTU: 1510, Clocking: Internal,
Speed: 64kbps,
Parent: br-0/0/4 Interface index 143
Device flags : Present Running
Interface flags: Admin-Test SNMP-Traps 16384
Link type : Full-Duplex
Link flags : None
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: Unspecified, Hardware address: Unspecified
Alternate link address: Unspecified
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : Never
Statistics last cleared: Never
Traffic statistics:
Input bytes : 5787 0 bps
Output bytes : 3816 0 bps
Input packets: 326 0 pps
Output packets: 264 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards:
6,
Resource errors: 0
Output errors:
173 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors:
0
Queue counters Queued packets Transmitted Packets Dropped packets
0 best-effort 314335 0 0
1 best-effort 0 0 0
2 best-effort 5 0 0
3 best-effort 5624 5624 0
Packet Forwarding Engine configuration:
Destination slot: 5, PLP byte: 1 (0x00)
CoS transmit queue Bandwidth Buffer Priority
Limit
% bps % usec
0 best-effort 95 60800 95 0 low
none
3 network-control 5 3200 5 0 low
none
Logical interface bc-0/0/4:1.0 (Index 71) (SNMP ifIndex 61) (Generation 33)
Flags: Device Down Point-To-Point SNMP-Traps Encapsulation: PPP
Protocol mlppp, Multilink bundle: dl0.0, MTU: 1506, Generation: 18, Route
table: 0
Meaning The output shows a summary of B-channel interface information. Verify the following
information:
The physical interface is Enabled. If the interface is shown as Disabled, do either of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
interface-name] level of the configuration hierarchy.
In the J-Web configuration editor, clear the Disable check box on the
Interfaces>interface-name page.
The physical link is Up. A link state of Down indicates a problemwith the interface
module, interface port, or physical connection (link-layer errors).
For ISDNBRI, theParent interfaceis abr-pim/0/port interfacebr-0/0/4inthis example.
For ISDN PRI, the Parent interface is a channelized T1 or channelized E1
interfacect1pim/0/port or ce1pim/0/port.
The Last Flapped time is an expected value. The Last Flapped time indicates the last
time the physical interface became unavailable and then available again. Unexpected
flapping indicates possible link-layer errors.
The traffic statistics reflect expected input and output rates. Verify that the number
of inbound and outbound bytes and packets matches the expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics interface-name command.
Checking D-Channel Interface Statistics
Purpose Verify that the ISDN D-channel interface is operating properly. For ISDN PRI, verify that
the D-channel interface is configured correctly.
Copyright 2010, Juniper Networks, Inc. 174
Junos OS Interfaces Configuration Guide for Security Devices
Action Fromoperational mode, enter the showinterfaces extensive command. Alternatively,
Fromthe J-Web interface, select Monitor>Interfaces>interface.
Sample Output user@host> showinterfaces dc-0/0/4 extensive
Physical interface: dc-0/0/4, Enabled, Physical link is Up
Interface index: 144, SNMP ifIndex: 60, Generation: 25
Type: Serial, Link-level type: 55, MTU: 4092, Clocking: Internal, Speed: 16kbps,
Parent: br-0/0/4 Interface index 143
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link type : Full-Duplex
Link flags : None
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: Unspecified, Hardware address: Unspecified
Alternate link address: Unspecified
Last flapped : 2005-12-07 12:21:12 UTC (05:46:00 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 13407 0 bps
Output bytes : 16889 0 bps
Input packets: 3262 0 pps
Output packets: 3262 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards:
0,
Resource errors: 0
Output errors:
Carrier transitions: 1, Errors: 0, Drops: 0, MTU errors: 0, Resource errors:
0
ISDN alarms : None
ISDN media: Seconds Count State
LOF 0 1 0K
LOS 0 0 0K
Logical interface dc-0/0/4.32767 (Index 70) (SNMP ifIndex 72) (Generation 8)
Flags: Point-To-Point SNMP-Traps Encapsulation: 60
Traffic statistics:
Input bytes : 13407
Output bytes : 82129
Input packets: 3262
Output packets: 3262
Local statistics:
Input bytes : 13407
Output bytes : 82129
Input packets: 3262
Output packets: 3262
Meaning The output shows a summary of D-channel interface information. Verify the following
information:
The physical interface is Enabled. If the interface is shown as Disabled, do either of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
interface-name] level of the configuration hierarchy.
175 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
In the J-Web configuration editor, clear the Disable check box on the
Interfaces>interface-name page.
The physical link is Up. A link state of Down indicates a problemwith the interface
module, interface port, or physical connection (link-layer errors).
For ISDNBRI, theParent interfaceis abr-pim/0/port interfacebr-0/0/4inthis example.
For ISDN PRI, the Parent interface is a channelized T1 or channelized E1
interfacect1pim/0/port or ce1pim/0/port.
The Last Flapped time is an expected value. The Last Flapped time indicates the last
time the physical interface became unavailable and then available again. Unexpected
flapping indicates possible link-layer errors.
The traffic statistics reflect expected input and output rates. Verify that the number
of inbound and outbound bytes and packets matches the expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics interface-name command.
Displaying the Status of ISDNCalls
Purpose Display the status of ISDN calls. This information helps you to verify the dialer interface
configuration as described in Verifying Dialer Interface Configuration on page 177. The
command also provides a list of the B-channels configured on an ISDN BRI or ISDN PRI
interface.
Action Fromoperational mode, enter the showisdn calls command.
Sample Output user@host> showisdn calls
Interface: bc-6/0/0:1
Status: No call in progress
Most recent error code: No error
Interface: bc-6/0/0:2
Status: Connected to 384070
Call Duration: 43 seconds
Call Direction: Dialout
Most recent error code: No error
user@host> showisdn calls
Interface: bc-2/0/0:1
Status: Connected to 384010
Call Duration: 49782 seconds
Call Direction: Dialin
Most recent error code: destination out of order
Interface: bc-2/0/0:2
Status: Connected to 384011
Call Duration: 49782 seconds
Call Direction: Dialin
Most recent error code: destination out of order
Interface: bc-2/0/0:3
Status: Connected to 384020
Call Duration: 49782 seconds
Call Direction: Dialin
Most recent error code: destination out of order
...
Interface: bc-2/0/0:20
Copyright 2010, Juniper Networks, Inc. 176
Junos OS Interfaces Configuration Guide for Security Devices
Status: No call in progress
Most recent error code: No error
Interface: bc-2/0/0:21
Status: No call in progress
Most recent error code: No error
Interface: bc-2/0/0:22
Status: No call in progress
Most recent error code: No error
Interface: bc-2/0/0:23
Status: No call in progress
Most recent error code: No error
Meaning The output shows a summary of B-channel interfaces and the active ISDN calls on the
interfaces. The first example shows the two B-channels on an ISDN BRI
interfacebc-2/0/0:1 and bc-2/0/0:2. The second example indicates B-channels
bc-2/0/0:1 through bc-2/0/0:23, the 23 B-channels on an ISDNPRI interface. Determine
the following information:
The interfaces on which ISDN calls are in progress
Whether the call is a dial-in call, dial-out call, or a callback call
Verifying Dialer Interface Configuration
Purpose Verify that the dialer interface is correctly configured. To determine the ISDN interfaces
on which calls are taking place, see Displaying the Status of ISDN Calls on page 176.
Action Fromoperational mode, enter the showinterfaces dl0extensive command. Alternatively,
Fromthe J-Web interface, select Monitor>Interfaces>interface.
Sample Output user@host> showinterfaces dl0extensive
Physical interface: dl0, Enabled, Physical link is Up
Interface index: 173, SNMP ifIndex: 26, Generation: 77
Type: 27, Link-level type: PPP, MTU: 1504, Clocking: Unspecified, Speed:
Unspecified
Device flags : Present Running
Interface flags: SNMP-Traps
Link type : Full-Duplex
Link flags : Keepalives
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: Unspecified, Hardware address: Unspecified
Alternate link address: Unspecified
Last flapped : Never
Statistics last cleared: Never
Traffic statistics:
Input bytes : 13859 0 bps
Output bytes : 0 0 bps
Input packets: 317 0 pps
Output packets: 0 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards:
0,
Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors:
0
177 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
Logical interface dl0.0 (Index 76) (SNMP ifIndex 28) (Generation 148)
Flags: Point-To-Point SNMP-Traps 0x4000 LinkAddress 23-0 Encapsulation: PPP
Dialer:
State: Active, Dial pool: 1
Dial strings: 384070
Subordinate interfaces: bc-6/0/0:2 (Index 172)
Watch list: 11.12.13.14/32
Activation delay: 0, Deactivation delay: 0
Initial route check delay: 120
Redial delay: 3
Callback wait period: 5
Load threshold: 0, Load interval: 60
Bandwidth: 64kbps
Traffic statistics:
Input bytes : 24839
Output bytes : 17792
Input packets: 489
Output packets: 340
Local statistics:
Input bytes : 10980
Output bytes : 17792
Input packets: 172
Output packets: 340
Transit statistics:
Input bytes : 13859 0 bps
Output bytes : 0 0 bps
Input packets: 317 0 pps
Output packets: 0 0 pps
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
Keepalive statistics:
Input : 0 (last seen: never)
Output: 36 (last sent 00:00:09 ago)
LCP state: Opened
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured,
mpls: Not-configured
CHAP state: Success
Protocol inet, MTU: 1500, Generation: 74, Route table: 0
Flags: Negotiate-Address
Addresses, Flags: Kernel Is-Preferred Is-Primary
Destination: 43.1.1.2, Local: 43.1.1.19, Broadcast: Unspecified,
Generation: 37
user@host> showinterfaces dl0extensive
Physical interface: dl0, Enabled, Physical link is Up
Interface index: 140, SNMP ifIndex: 35, Generation: 141
Link-level type: LinkService, MTU: 1504
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Last flapped : 2007-02-27 01:50:38 PST (1d 15:48 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 42980144 0 bps
Output bytes : 504 0 bps
Input packets: 934346 0 pps
Output packets: 6 0 pps
Frame exceptions:
Oversized frames 0
Errored input frames 0
Input on disabled link/bundle 0
Output for disabled link/bundle 0
Copyright 2010, Juniper Networks, Inc. 178
Junos OS Interfaces Configuration Guide for Security Devices
Queuing drops 0
Buffering exceptions:
Packet data buffer overflow 0
Fragment data buffer overflow 0
Assembly exceptions:
Fragment timeout 0
Missing sequence number 0
Out-of-order sequence number 0
Out-of-range sequence number 0
Hardware errors (sticky):
Data memory error 0
Control memory error 0
Egress queues: 8 supported, 8 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 q1 6 6 0
1 q2 0 0 0
2 assured-forw 0 0 0
3 q3 0 0 0
Logical interface dl0.0 (Index 66) (SNMP ifIndex 36) (Generation 133)
Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: Multilink-PPP
Dialer:
State: Active, Dial pool: 1
Dial strings: 384010
Subordinate interfaces: bc-2/0/0:8 (Index 161), bc-2/0/0:7 (Index 160),
bc-2/0/0:6 (Index 159), bc-2/0/0:5 (Index 158), bc-2/0/0:4 (Index 157),
bc-2/0/0:3 (Index 156), bc-2/0/0:2 (Index 155), bc-2/0/0:1 (Index 154)
Activation delay: 0, Deactivation delay: 0
Initial route check delay: 120
Redial delay: 3
Callback wait period: 5
Load threshold: 100, Load interval: 60
Bandwidth: 512kbps
Bundle options:
MRRU 1504
Remote MRRU 1504
Drop timer period 0
Inner PPP Protocol field compression enabled
Sequence number format long (24 bits)
Fragmentation threshold 0
Links needed to sustain bundle 1
Interleave fragments Disabled
Bundle errors:
Packet drops 0 (0 bytes)
Fragment drops 15827 (759696 bytes)
MRRU exceeded 0
Exception events 0
Statistics Frames fps Bytes bps
Bundle:
Fragments:
Input : 963116 0 50963104 0
Output: 6 0 540 0
Packets:
Input : 934346 0 42980144 0
Output: 6 0 504 0
Link:
179 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
bc-2/0/0:1.0
Input : 119656 0 6341806 0
Output: 1 0 90 0
bc-2/0/0:2.0
Input : 120176 0 6369366 0
Output: 1 0 90 0
bc-2/0/0:3.0
Input : 119856 0 6352368 0
Output: 1 0 90 0
bc-2/0/0:4.0
Input : 120315 0 6376695 0
Output: 0 0 0 0
bc-2/0/0:5.0
Input : 120181 0 6369593 0
Output: 0 0 0 0
bc-2/0/0:6.0
Input : 121154 0 6421200 0
Output: 0 0 0 0
bc-2/0/0:7.0
Input : 121181 0 6340321 0
Output: 0 0 0 0
bc-2/0/0:8.0
Input : 120594 0 6391482 0
Output: 0 0 0 0
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls:
Not-configured
Protocol inet, MTU: 1500, Generation: 138, Route table: 0
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 1.1.1.0/30, Local: 1.1.1.2, Broadcast: Unspecified,
Generation: 134
Meaning The output shows a summary of dialer interface information. The first example is for
ISDN BRI service, and the second example is for ISDN PRI service. Verify the following
information:
The physical interface is Enabled. If the interface is shown as Disabled, do either of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
interface-name] level of the configuration hierarchy.
In the J-Web configuration editor, clear the Disable check box on the
Interfaces>interface-name page.
The physical link is Up. A link state of Down indicates a problemwith the interface
module, interface port, or physical connection (link-layer errors).
The Last Flapped time is an expected value. The Last Flapped time indicates the last
time the physical interface became unavailable and then available again. Unexpected
flapping indicates possible link-layer errors.
Subordinate interfaces correctly lists the B-channel interface or interfaces associated
with this dialer interface. The ISDN BRI output in the first example shows that dl0
supports bc-6/0/0:2.
TheISDNPRI output inthesecondexampleshowsthat dl0supportsbc-2/0/0:1 through
bc-2/0/0:8.
Copyright 2010, Juniper Networks, Inc. 180
Junos OS Interfaces Configuration Guide for Security Devices
The traffic statistics reflect expected input and output rates. Verify that the number
of inbound and outbound bytes and packets matches the expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics interface-name command.
The dialer state is Active when an ISDN call is in progress.
The LCP state is Opened when an ISDN call is in progress. An LCP state of Closed or
Not Configured indicates a problemwith the dialer configuration that needs to be
debugged with the monitor traffic interface interface-name command. For information
about the monitor traffic command, see the Junos OS Administration Guide for Security
Devices.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding ISDN on page 141
ISDN Configuration Overviewon page 144
Disabling ISDN Processes (CLI Procedure) on page 170
showisdn status in the Junos Interfaces Command Reference
showisdn calls in the Junos Interfaces Command Reference
showinterfaces in the Junos Interfaces Command Reference
181 Copyright 2010, Juniper Networks, Inc.
Chapter 9: ISDN
Copyright 2010, Juniper Networks, Inc. 182
Junos OS Interfaces Configuration Guide for Security Devices
CHAPTER 10
Voice over Internet Protocol with Avaya
This section contains the following topics:
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Supported Avaya VoIP Modules and Interfaces on page 186
TGM550 Telephony Gateway Module Overviewon page 189
TIM508 Analog Telephony Interface Module Overviewon page 197
TIM510 E1/T1 Telephony Interface Module Overviewon page 201
TIM514 Analog Telephony Interface Module Overviewon page 203
TIM516 Analog Telephony Interface Module Overviewon page 207
TIM518 Analog Telephony Interface Module Overviewon page 211
TIM521 BRI Telephony Interface Module Overviewon page 215
Avaya IG550 Integrated Gateway Overviewon page 217
Media Gateway Controller Server Overviewon page 219
Avaya Communication Manager Software Overviewon page 220
Dynamic Call Admission Control Overviewon page 221
Configuring VoIP Interfaces with EPWand Disk-on-Key on page 222
Example: Configuring VoIP Interfaces on page 225
TGM550 Module Administration on page 234
TGM550 Module and VoIP Interface Troubleshooting on page 237
Avaya VoIP Modules Overview
J2320, J2350, J4350, andJ6350Services Routers support voiceover IP(VoIP) connectivity
for branchoffices withthe AvayaIG550IntegratedGateway. The AvayaIG550Integrated
Gateway consists of four VoIP modulesa TGM550 Telephony Gateway Module and
three types of Telephony Interface Modules (TIMs).
The VoIP modules installed in a Services Router at a branch office connect the IP and
analog telephones and trunk lines at the branch to headquarters and to the
public-switched telephone network (PSTN).
183 Copyright 2010, Juniper Networks, Inc.
Figure 9on page 184shows a typical VoIPtopology. The small branch office shown in the
expandedillustrationontheright is connectedover thecorporateWANtotheheadoffice
throughaJ6300Services Router withVoIPmodules installed. The AvayaMediaGateway
Controller, S8700 Media Server, and integrated Management tools at the head office
manage telephony services for headquarters and the branch offices on the WAN,
connecting the corporation's legacy analog telephones, VoIP telephones, PCs, and fax
machines to the PSTN.
Figure 9: Typical VoIP Topology
You must assign a local IP address to the vp-pim/0/0 interface on the Services Router
and also a destination IP address to the TGM550 so that they can communicate with
each other.
The following rules apply for configuring the source IPv4 address:
You cannot specify more than one IPv4 address.
Do not assign the following IPv4 addresses:
A broadcast address (255.255.255.255)
A class E address (240.0.0.0 to 255.255.255.254)
A loopback address (127.0.0.0 to 127.255.255.255)
A multicast address (224.0.0.0 to 239.255.255.255)
An address with 0 as the first byte or an address with 0 or 255 as the last byte
Copyright 2010, Juniper Networks, Inc. 184
Junos OS Interfaces Configuration Guide for Security Devices
The VoIP interface needs a point-to-point connection to the TGM550. To configure
the point-to-point connection, specify /32 as the subnet mask in the IPv4 address.
The TGM550 uses the destination IP address to identify itself when communicating
with other devices, particularly the Media Gateway Controller (MGC).
CAUTION: Applying a newor modified IP address resets the TGM550. For
existing configurations, ensure that the TGM550 configuration is saved
(seeSavingtheTGM550ModuleConfiguration onpage237) andthat the
TGM550 module is carrying no voice traffic.
To provide telephony services, the TGM550 must be registered with at least one Media
Gateway Controller (MGC). You can configure the IP addresses of up to four MGCs that
the TGM550 can connect to in the event of a link failure. In addition to configuring the
MGC list fromJ-Web and the CLI, you can log in to the TGM550 and configure the list.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Configuration Overviewon page 185
Supported Avaya VoIP Modules and Interfaces on page 186
Understanding the TGM550 Telephony Gateway Module on page 189
Understanding the TIM508 Analog Telephony Interface Module on page 197
Understanding the TIM510 E1/T1 Telephony Interface Module on page 201
Understanding the TIM514 Analog Telephony Interface Module on page 204
Understanding the TIM516 Analog Telephony Interface Module on page 207
Understanding the TIM518 Analog Telephony Interface Module on page 211
Understanding the TIM521 BRI Telephony Interface Module on page 215
Example: Configuring VoIP Interfaces on page 225
Avaya VoIP Modules Configuration Overview
You can use either J-Web or the CLI configuration editor to configure VoIP. Alternatively,
you can download a complete router configuration that includes VoIPfroman Electronic
Preinstallation Worksheet (EPW) and a disk-on-key USB memory stick.
The Avaya VoIPmodules are installedin a J Series chassis like Physical Interface Modules
(PIMs), but they are controlled by Avaya Communication Manager software rather than
the Junos OS.
CAUTION: PIMs and VoIP modules are not hot-swappable. You must power
off the Services Router before removing or inserting a PIMor VoIP module.
Ensure that the PIMs and VoIP modules are installed in the router chassis
before booting up the system.
185 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
CAUTION: The grounding cable for J Series devices must be, at minimum, 14
AWGcable.
On each J Series device with Avaya VoIP, a single TGM550 Telephony Gateway Module
(TGM) and at least one telephony interface module (TIM) is required. No more than four
TIMs of any kind can be installed on a single chassis.
CAUTION: Do not install a combination of PIMs in a single chassis that
exceeds the maximumpower and heat capacity of the chassis. If power
management is enabled, PIMs that exceed the maximumpower and heat
capacity remain offline for a J Series device when the chassis is powered on.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Overviewon page 183
Supported Avaya VoIP Modules and Interfaces on page 186
Understanding the TGM550 Telephony Gateway Module on page 189
Understanding the TIM508 Analog Telephony Interface Module on page 197
Understanding the TIM510 E1/T1 Telephony Interface Module on page 201
Understanding the TIM514 Analog Telephony Interface Module on page 204
Understanding the TIM516 Analog Telephony Interface Module on page 207
Understanding the TIM518 Analog Telephony Interface Module on page 211
Understanding the TIM521 BRI Telephony Interface Module on page 215
Example: Configuring VoIP Interfaces on page 225
Supported Avaya VoIP Modules and Interfaces
J2320, J2350, J4350, and J6350 Services Routers support VoIP connectivity for branch
offices with the Avaya IG550 Integrated Gateway.
Avaya VoIP Modules Summary
The following sections describe the supported Avaya VoIP modules and interfaces:
J2320 and J2350 Avaya VoIP Module Summary on page 186
J4350 and J6350 Avaya VoIP Module Summary on page 187
J2320and J2350Avaya VoIP Module Summary
Table 17 on page 187 provides the module names, slot and port numbers, maximum
number allowed on a chassis, and sample interface names (where applicable) for the
J2320 and J2350 Avaya VoIP modules.
Copyright 2010, Juniper Networks, Inc. 186
Junos OS Interfaces Configuration Guide for Security Devices
Table 17: J2320and J2350Avaya VoIP Module Summary
Sample Interface
Name
(type-pim/0/port)
MaximumNumber on a
Chassis
Slot and Port
Numbering Also Called PIMName
vp-3/0/0 One (required)
If more than one TGM550 is
installed, only the one in the
lowest numbered slot is
enabled. For example, if
TGM550sareinstalledinslots
2 and 3, only the one in slot 2
is enabled.
J2320Slots 1
through 3
J2350Slots 1
through 5
TGM550GatewayModule
TGM550
TGM550
Telephony
Gateway Module
One on J2320
Three on J2350
J2320Slots 1
through 3
J2350Slots 1
through 5
TIM508 media module
TIM508
TIM508 Analog
Telephony
Interface Module
Two J2320Slots 1
through 3
J2350Slots 1
through 5
TIM510 E1/T1 media
module
TIM510
TIM510 E1/T1
Telephony
Interface Module
Two J2320Slots 1
through 3
J2350Slots 1
through 5
TIM514 analog media
module
TIM514
TIM514 Analog
Telephony
Interface Module
One on J2320
Three on J2350
J2320Slots 1
through 3
J2350Slots 1
through 5
TIM516 analog media
module
TIM516
TIM516 Analog
Telephony
Interface Module
One on J2320
Three on J2350
J2320Slots 1
through 3
J2350Slots 1
through 5
TIM518 analog media
module
TIM518
TIM518 Analog
Telephony
Interface Module
Two J2320Slots 1
through 3
J2350Slots 1
through 5
TIM521 BRI mediamodule
TIM521
TIM521 BRI
Telephony
Interface Module
J4350and J6350Avaya VoIP Module Summary
Table 18 on page 188 provides the module names, slot and port numbers, maximum
number allowed on a chassis, and sample interface names (where applicable) for the
J4350 and J6350 Avaya VoIP modules.
187 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Table 18: J4350and J6350Avaya VoIP Module Summary
Sample Interface
Name
(type-pim/0/port)
MaximumNumber on
a Chassis
Slot and Port
Numbering Also Called PIMName
vp-3/0/0 One (required)
If more than one
TGM550 is installed,
only the one in the
lowest numbered slot is
enabled. For example, if
TGM550s are installed
in slots 2 and 3, only the
one in slot 2 is enabled.
Slots 1 through 6 TGM550
Gateway
Module
TGM550
TGM550
Telephony
Gateway
Module
Three Slots 1 through 6 TIM508 media
module
TIM508
TIM508
Analog
Telephony
Interface
Module
Two Slots 1 through 6 TIM510 E1/T1
media module
TIM510
TIM510 E1/T1
Telephony
Interface
Module
Four Slots 1 through 6 TIM514 analog
media module
TIM514
TIM514
Analog
Telephony
Interface
Module
Three Slots 1 through 6 TIM516 analog
media module
TIM516
TIM516
Analog
Telephony
Interface
Module
Three Slots 1 through 6 TIM518 analog
media module
TIM518
TIM518
Analog
Telephony
Interface
Module
Two Slots 1 through 6 TIM521 BRI
media module
TIM521
TIM521 BRI
Telephony
Interface
Module
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Copyright 2010, Juniper Networks, Inc. 188
Junos OS Interfaces Configuration Guide for Security Devices
Understanding the TGM550 Telephony Gateway Module on page 189
Understanding the TIM508 Analog Telephony Interface Module on page 197
Understanding the TIM510 E1/T1 Telephony Interface Module on page 201
Understanding the TIM514 Analog Telephony Interface Module on page 204
Understanding the TIM516 Analog Telephony Interface Module on page 207
Understanding the TIM518 Analog Telephony Interface Module on page 211
Understanding the TIM521 BRI Telephony Interface Module on page 215
Example: Configuring VoIP Interfaces on page 225
TGM550Telephony Gateway Module Overview
This topic contains the following sections:
Understanding the TGM550 Telephony Gateway Module on page 189
TGM550 Access Requirements on page 192
TGM550 Console Port Pinouts on page 193
TGM550 RJ-11 Connector Pinout for Analog Ports on page 194
TGM550 MaximumMedia Gateway Capacities on page 195
TGM550 LEDs on page 197
Understanding the TGM550Telephony Gateway Module
The TGM550 Telephony Gateway Module (Figure 10 on page 190), also known as the
TGM550 Gateway Module, has two analog telephone ports, two analog trunk ports, and
a serial console port. A TGM550 and one or more TIMs installed in a Services Router
provide telephony exchange services to a branch office over IP networks. Different TIMs
have access ports for different types of VoIPand analog telephones and telephone lines.
You connect the telephones and lines to the ports on the TGM550 and the TIMs. VoIP
telephones require connection to a Power over Ethernet (PoE) adapter or switch that is
plugged into an Ethernet port on the Services Router.
VoIP capabilities on the TGM550 enable the Services Router to provide VoIP services to
telephones and trunks that do not directly support VoIP. The TGM550 translates voice
and signaling data between VoIP and the systemused by the telephones and trunks.
TIMs convert the voice path of traditional circuits such as analog trunk and T1 or E1 to a
TDMbus inside the router. The TGM550 then converts the voice path fromthe TDMbus
to compressed or uncompressed and packetized VoIP on an Ethernet connection.
189 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Figure 10: TGM550Telephony Gateway Module
TGM550Guidelines and Features
This topic contains the following sections:
TGM550 Firmware Compatibility with Junos OS on page 190
TGM550 IP Addressing Guidelines on page 190
TGM550 Features on page 191
TGM550 Firmware Compatibility with Junos OS
The TGM550 firmware version must be compatible with the Junos OS version installed
on the device.
CAUTION: If the TGM550firmware version is not compatible with the Junos
OS version on the device, the device does not detect the VoIP interface
(vp-pim/0/0) and the interface is unavailable. For more information, see
TGM550 Module and VoIP Interface Troubleshooting on page 237.
If you are upgrading both the TGM550 firmware and the Junos OS on the router, first
upgrade the TGM550 firmware, and then upgrade the Junos OS.
TGM550 IP Addressing Guidelines
For operational purposes, the TGM550 is identified as a host on the device. Hence, the
TGM550 needs to be assigned an IP address that is reachable both externally and
internally fromthe device. The TGM550 uses this IP address to identify itself when
communicating with other devices, particularly the Media Gateway Controller (MGC).
To assign the IP address for the TGM550, you configure the destination address on the
vp-pim/0/0 interface.
CAUTION: Applyinganewor modifiedIPaddress resets theTGM550. Before
modifying the IP address, take the following precautions:
Log into the TGM550 and enter copy running-config startup-config to save
theTGM550configuration. (For logininstructions, seeSavingtheTGM550
Module Configuration on page 237)
Ensure that the TGM550 is not currently handling voice traffic.
Copyright 2010, Juniper Networks, Inc. 190
Junos OS Interfaces Configuration Guide for Security Devices
To enable easier administration of the TGM550, we recommend the following guidelines
for assigning the IP address of the TGM550:
Assign an address fromone of the subnets that is already configured in the branch
office where the device is installed.
Decide on a block of IPaddresses for VoIPservices, and assign an IPaddress fromthat
block to the TGM550.
Do not assign the following IP addresses to the TGM550:
A broadcast address (255.255.255.255)
A class E address (240.0.0.0 to 255.255.255.254)
A loopback address (127.0.0.0 to 127.255.255.255)
A multicast address (224.0.0.0 to 239.255.255.255)
An address with 0 as the first byte or an address with 0 or 255 as the last byte
TGM550 Features
The TGM550 provides the following features:
Voice
VoIP Media Gateway services.
Two analog telephone (LINE) ports to support two analog telephones or incoming
analog direct inward dialing (DID) trunks with either wink start or immediate start.
An analog relay supports emergency transfer relay (ETR).
Two analog trunk (TRUNK) ports to support loop start, ground start, centralized
automatic message accounting (CAMA), and direct inward and outward dialing
(DIOD) trunks (for Japan only).
Survivability features for continuous voice services.
Call center capabilities.
Provisioning
Avaya Communication Manager (CM) media server management.
Extensive alarmand troubleshooting features.
Survivability
Media Gateway Controller (MGC) automatic switchover, migration, and survivability
features.
Modembackup connection to the MGC.
Dynamic call admission control (CAC) for WAN interfaces.
Management: One serial port for console access over an RJ-45 connector cable.
191 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
NOTE: The RJ-45 console cable and DB-9 adapter supplied with the
TGM550 are different fromthose supplied with the Services Router. You
cannot use the RJ-45 cable and DB-9 adapter supplied with the Services
Router for console connections to the TGM550.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Communication Manager Software &Firmware Compatibility Matrix at
http://support.avaya.com
Administration Guide and CLI Reference for the Avaya IG550 Integrated Gateway at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
TGM550 Access Requirements on page 192
TGM550 Console Port Pinouts on page 193
TGM550 RJ-11 Connector Pinout for Analog Ports on page 194
TGM550 MaximumMedia Gateway Capacities on page 195
TGM550 LEDs on page 197
Example: Configuring VoIP Interfaces on page 225
TGM550Access Requirements
The CLI on the TGM550allows you to configure, monitor, and diagnose the TGM550and
TIMs installed in a Services Router. You can access the TGM550 froma management
deviceattachedtotheTGM550consoleport or by openingaTelnet or secureshell (SSH)
session fromthe Junos OS CLI on the Services Router.
YoucanalsoopenaremoteTelnet or SSHsessiondirectly totheTGM550fromanetwork
location, or indirectly through the Junos OS CLI froma dial-up connection with a USB
modemattached to the router.
Administrators can use the root password to access the TGM550 initially, but all users
need a TGM550 user account (username and password) set up by the network
administrator for regular access to the module.
NOTE: Youcannot useaServicesRouter user account toaccesstheTGM550
CLI.
Copyright 2010, Juniper Networks, Inc. 192
Junos OS Interfaces Configuration Guide for Security Devices
A console connection requires the Ethernet rollover cable and adapter provided with
the TGM550.
An SSH connection requires that the TGM550 have an IP address assigned.
A Telnet connection to the TGM550 requires that the module have an IP address and
that Telnet service be enabled on the module.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Administration Guide and CLI Reference for the Avaya IG550 Integrated Gateway at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TGM550 Telephony Gateway Module on page 189
TGM550 Console Port Pinouts on page 193
TGM550 RJ-11 Connector Pinout for Analog Ports on page 194
TGM550 MaximumMedia Gateway Capacities on page 195
TGM550 LEDs on page 197
Example: Configuring VoIP Interfaces on page 225
TGM550Console Port Pinouts
The console port on a TGM550 Telephony Gateway Module has an RJ-45 connector.
Table 19 on page 193 provides TGM550 RJ-45 console connector pinout information. An
RJ-45 cable is supplied with the TGM550.
NOTE: Two different RJ-45 cables and RJ-45 to DB-9adapters are provided.
Do not use the RJ-45 cable and adapter for the Services Router console port
to connect to the TGM550 console port.
To connect the console port to an external management device, you need an RJ-45 to
DB-9 serial port adapter, which is also supplied with the TGM550.
Table 19: TGM550RJ-45 Console Connector Pinouts
Terminal DB-9 Pin Signal
TGM550 RJ-45
Pin
NC For future use 1
3 TXD (TGM550 input) 2
2 RXD (TGM550 output) 3
4 CD 4
193 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Table 19: TGM550RJ-45 Console Connector Pinouts (continued)
Terminal DB-9 Pin Signal
TGM550 RJ-45
Pin
5 GND 5
1 DTR 6
8 RTS 7
7 CTS 8
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TGM550 Telephony Gateway Module on page 189
TGM550 Access Requirements on page 192
TGM550 RJ-11 Connector Pinout for Analog Ports on page 194
TGM550 MaximumMedia Gateway Capacities on page 195
TGM550 LEDs on page 197
Example: Configuring VoIP Interfaces on page 225
TGM550RJ-11 Connector Pinout for Analog Ports
The two analog telephone ports and two analog trunk ports on the TGM550use an RJ-11
cable. Table 20 on page 194 describes the TGM550 RJ-11 connector pinout.
Table 20: TGM550RJ-11 Connector Pinout
Signal Pin
No connection 1
No connection 2
Ring 3
Tip 4
No connection 5
No connection 6
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Copyright 2010, Juniper Networks, Inc. 194
Junos OS Interfaces Configuration Guide for Security Devices
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TGM550 Telephony Gateway Module on page 189
TGM550 Access Requirements on page 192
TGM550 Console Port Pinouts on page 193
TGM550 MaximumMedia Gateway Capacities on page 195
TGM550 LEDs on page 197
Example: Configuring VoIP Interfaces on page 225
TGM550MaximumMedia Gateway Capacities
Table 21 on page 195 lists the maximumnumber of media servers, telephones, and so on
that are supported by the TGM550 installed on a J4350, J6350, J2320, or J2350 device.
Table 21: TGM550MaximumMedia Gateway Capacities
Additional Information TGM550 MaximumCapacity Hardware or Feature
This number also applies if a combination of
Avaya G700 Media Gateways, G250 Media
Gateways, and G350 Media Gateways are
controlled by the same media server.
250 TGM550s that can be controlled by
an Avaya S8500 or S8700 Media
Server
This number also applies if a combination of
Avaya G700 Media Gateways, G250 Media
Gateways, and G350 Media Gateways are
controlled by the same media server.
5 TGM550s that can be controlled by
an Avaya S8400 Media Server
This capacity is 50 if a combination of Avaya
G700 Media Gateways, G250 Media Gateways,
and G350Media Gateways are controlled by the
same media server.
TheS8300must resideinaG700or G350media
gateway. Therefore, the maximumof 50 H.248
gateways supported by the S8300 means that
only 49 of the 50 can be TGM550s.
49 TGM550s that can be controlled by
an Avaya S8300 Media Server
If an MGC becomes unavailable, the TGM550
uses the next MGC on the list. The built-in SLS
module can be considered a fifth MGC, although
its functionality is limitedfromthat of afull-scale
media server.
4 Mediaservers that canberegistered
as Media Gateway Controllers
(MGCs) on a TGM550
2 Fixed analog line ports
2 Fixed analog trunk ports
195 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Table 21: TGM550MaximumMedia Gateway Capacities (continued)
Additional Information TGM550 MaximumCapacity Hardware or Feature
For calls using voice codec sets with 20 ms or
higher packet sizes, the DSP supports:
80 channels
20 channels
10 channels
For calls with 10 ms or lower packet sizes, the
80channel DSP supports 40 channels.
For TTY, fax, or modemover IP calls, the
80channel DSP supports 40 channels.
1 (up to 80 channels) Digital signal processors (DSPs)
800 Busy hour call completion rate
(BHCC)
Maximumincludes a combination of analog and
IP telephones
70 (J4350)
100 (J6350)
Total of IP and analog telephones
that canbeconnectedtoaTGM550
and TIMs
Receivers 32 Touch-tone recognition (TTR)
As much as necessary for all TDM
calls.
Tone generation
16 playback channels for playing
announcements, one of which can
be used for recording.
20 minutes for G711-quality stored
announcements andmusic-on-hold.
256 maximumannouncements
stored.
Announcements (VAL)
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TGM550 Telephony Gateway Module on page 189
TGM550 Access Requirements on page 192
TGM550 Console Port Pinouts on page 193
TGM550 RJ-11 Connector Pinout for Analog Ports on page 194
TGM550 LEDs on page 197
Example: Configuring VoIP Interfaces on page 225
Copyright 2010, Juniper Networks, Inc. 196
Junos OS Interfaces Configuration Guide for Security Devices
TGM550LEDs
TGM550LEDs indicatelinkstatus andactivity. Table22onpage197describes themeaning
of the LEDs.
Table 22: LEDs for TGM550Gateway Module
Description State Color Label
Alarm. A failure in the TGM550
requiresmonitoringor maintenance.
On steadily Red ALM
Active. The TGM550 is online with
network traffic.
On steadily Yellow ACT
Alternate software bank. The
software is not running fromthe
selected boot bank.
On steadily Green ASB
Emergency transfer relay (ETR)
feature is active.
On steadily Green ETR
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TGM550 Telephony Gateway Module on page 189
TGM550 Access Requirements on page 192
TGM550 Console Port Pinouts on page 193
TGM550 RJ-11 Connector Pinout for Analog Ports on page 194
TGM550 MaximumMedia Gateway Capacities on page 195
Example: Configuring VoIP Interfaces on page 225
TIM508 Analog Telephony Interface Module Overview
This topic contains the following sections:
Understanding the TIM508 Analog Telephony Interface Module on page 197
TIM508 Connector Pinout on page 198
TIM508 Possible Port Configurations on page 200
TIM508 LEDs on page 200
Understanding the TIM508 Analog Telephony Interface Module
The TIM508 Analog Telephony Interface Module (Figure 11 on page 198), also known as
the TIM508 Analog Media Module, has eight analog telephone lines that can be used as
trunk ports.
197 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Figure 11: TIM508 Analog Telephony Interface Module
g
0
0
3
8
6
5
ACT
1 8
TIM 508
ALM
Analog
LINES
NOTE: All eight analoglines canbeconfiguredas analogdirect inwarddialing
(DID) trunks.
The TIM508 provides the following features:
Three ringer loads, the ringer equivalency number for up to 2,000 ft (610 m), for all
eight lines
Up to eight simultaneously ringing lines
Type 1 caller ID and Type 2 caller ID for lines
Ring voltage generation for a variety of international frequencies and cadences
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
TIM508 Connector Pinout on page 198
TIM508 Possible Port Configurations on page 200
TIM508 LEDs on page 200
Example: Configuring VoIP Interfaces on page 225
TIM508 Connector Pinout
The TIM508 Analog Telephony Interface Module uses a B25A unshielded 25pair
Amphenol cable. Table 23 on page 199 describes the TIM508 connector pinout.
Copyright 2010, Juniper Networks, Inc. 198
Junos OS Interfaces Configuration Guide for Security Devices
Table 23: TIM508 Connector Pinout
Signal Pin
Tip 1
Tip 2
Tip 3
Tip 4
Tip 5
Tip 6
Tip 7
Tip 8
R - Receive 26
Ring 27
Ring 28
Ring 29
Ring 30
Ring 31
Ring 32
Ring 33
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM508 Analog Telephony Interface Module on page 197
TIM508 Possible Port Configurations on page 200
TIM508 LEDs on page 200
199 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Example: Configuring VoIP Interfaces on page 225
TIM508 Possible Port Configurations
You can configure TIM508 ports as described in Table 24 on page 200.
Table 24: TIM508 Possible Port Configurations
Possible Analog Telephone Line Configurations
Wink-start or immed-start DID trunk
Analog tip/ring devices such as single-line telephones with or without LED message-waiting indication
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM508 Analog Telephony Interface Module on page 197
TIM508 Connector Pinout on page 198
TIM508 LEDs on page 200
Example: Configuring VoIP Interfaces on page 225
TIM508 LEDs
TIM508LEDsindicatelinkstatusandactivity. Table25onpage200describesthemeaning
of the LEDs.
Table 25: LEDs for TIM508
Description State Color Label
Alarm. A TIM508 failure requires
monitoring or maintenance.
On steadily Red ALM
Active. A device connected to the
TIM508 is in use. This situation can
include a telephone that is off the
hook.
Blinking Yellow ACT
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
Copyright 2010, Juniper Networks, Inc. 200
Junos OS Interfaces Configuration Guide for Security Devices
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM508 Analog Telephony Interface Module on page 197
TIM508 Connector Pinout on page 198
TIM508 Possible Port Configurations on page 200
Example: Configuring VoIP Interfaces on page 225
TIM510E1/T1 Telephony Interface Module Overview
This topic contains the following sections:
Understanding the TIM510 E1/T1 Telephony Interface Module on page 201
TIM510 RJ-45 Connector Pinout on page 202
TIM510 LEDs on page 203
Understanding the TIM510E1/T1 Telephony Interface Module
The TIM510E1/T1 Telephony Interface Module (Figure 12 on page 201), also known as the
TIM510E1/T1 mediamodule, terminates anE1 or T1 trunk. TheTIM510T1/E1 mediamodule
has a built-in channel service unit (CSU) so an external CSU is not necessary. The CSU
is used for a T1 circuit only. Up to two TIM510s can be installed in any of the slots on the
Services Router.
Figure 12: TIM510E1/T1 Telephony Interface Module
The TIM510 provides the following key features:
One E1 or T1 trunk port with up to 30 channels on an E1 port and 24 channels on a T1
port.
DS1-level support for a variety of E1 and T1 trunk types.
Trunk signaling to support U.S. and international central office (CO) or tie trunks.
Echo cancellation in either directionincoming or outgoing.
201 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
TIM510 RJ-45 Connector Pinout on page 202
TIM510 LEDs on page 203
Example: Configuring VoIP Interfaces on page 225
TIM510RJ-45 Connector Pinout
The TIM510 Telephony Interface Module uses an RJ-45 cable. Table 26 on page 202
describes the TIM510 RJ-45 connector pinout.
Table 26: TIM510RJ-45 Connector Pinout
Signal Pin
Ring 1
Tip 2
No connection 3
R1 - Transmit 4
T1 - Transmit 5
No connection 6
No connection 7
No connection 8
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Copyright 2010, Juniper Networks, Inc. 202
Junos OS Interfaces Configuration Guide for Security Devices
Understanding the TIM510 E1/T1 Telephony Interface Module on page 201
TIM510 LEDs on page 203
Example: Configuring VoIP Interfaces on page 225
TIM510LEDs
TIM510LEDs indicatelink status andactivity. Table27 onpage203describes themeaning
of the LEDs.
Table 27: LEDs for TIM510
Description State Color Label
Alarm. A TIM510 failure requires
monitoring or maintenance.
On steadily Red ALM
Active. The TIM510 is online with
network traffic.
On steadily Green ACT
Test. A test is being performed on
the TIM510 through the Media
Gateway Controller (MGC).
On steadily Yellow TST
Signal. The link to the central office
(CO) is active.
On steadily Green SIG
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM510 E1/T1 Telephony Interface Module on page 201
TIM510 RJ-45 Connector Pinout on page 202
Example: Configuring VoIP Interfaces on page 225
TIM514 Analog Telephony Interface Module Overview
This topic contains the following sections:
Understanding the TIM514 Analog Telephony Interface Module on page 204
TIM514 Connector Pinout on page 205
203 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
TIM514 Possible Port Configurations on page 205
TIM514 LEDs on page 206
Understanding the TIM514 Analog Telephony Interface Module
The TIM514 Analog Telephony Interface Module (Figure 13 on page 204), also known as
the TIM514analog media module, has four analog telephone ports andfour analog trunk
ports.
Figure 13: TIM514 Analog Telephony Interface Module
NOTE: For analog direct inward dialing (DID) trunks, you must use the four
analogtelephone(LINE) ports. Youcannot usethefour analogtrunk(TRUNK)
ports for analog DID trunks.
The TIM514 provides the following features:
Three ringer loads, the ringer equivalency number for up to 2,000 ft (610 m), for all
eight ports.
Up to four simultaneously ringing ports.
Type 1 caller ID and Type 2 caller ID.
Ring voltage generation for a variety of international frequencies and cadences.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
TIM514 Connector Pinout on page 205
TIM514 Possible Port Configurations on page 205
TIM514 LEDs on page 206
Example: Configuring VoIP Interfaces on page 225
Copyright 2010, Juniper Networks, Inc. 204
Junos OS Interfaces Configuration Guide for Security Devices
TIM514 Connector Pinout
The TIM514 Telephony Interface Module uses an RJ-11 cable. Table 28 on page 205
describes the TIM514 RJ-11 connector pinout information.
Table 28: TIM514 RJ-11 Connector Pinout
Signal Pin
No connection 1
No connection 2
Ring 3
Tip 4
No connection 5
No connection 6
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM514 Analog Telephony Interface Module on page 204
TIM514 Possible Port Configurations on page 205
TIM514 LEDs on page 206
Example: Configuring VoIP Interfaces on page 225
TIM514 Possible Port Configurations
You can configure TIM514 ports as described in Table 29 on page 205.
Table 29: TIM514 Possible Port Configurations
Possible Analog Trunk (TRUNK) Port Configurations
Possible Analog Telephone (LINE) Port
Configurations
Loop-start or ground-start central office trunk with a loop current of
18 to 120 mA.
Wink-start or immediate-start DID trunk
205 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Table 29: TIM514 Possible Port Configurations (continued)
Possible Analog Trunk (TRUNK) Port Configurations
Possible Analog Telephone (LINE) Port
Configurations
Two-wireanalogoutgoingcentralizedautomaticmessageaccounting
(CAMA) emergency E911 trunk, for connectivity to the PSTN.
Multifrequency (MF) signaling is supported for CAMA ports.
Analog tip/ring devices such as single-line telephones
with or without LED message-waiting indication
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM514 Analog Telephony Interface Module on page 204
TIM514 Connector Pinout on page 205
TIM514 LEDs on page 206
Example: Configuring VoIP Interfaces on page 225
TIM514 LEDs
TIM514LEDs indicatelinkstatus andactivity. Table30onpage206describes themeaning
of the LEDs.
Table 30: LEDs for TIM514
Description State Color Label
Alarm. A TIM514 failure requires
monitoring or maintenance.
On steadily Red ALM
Active. A device connected to the
TIM514 is in use. This situation can
include a telephone that is off the
hook.
Blinking Yellow ACT
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Copyright 2010, Juniper Networks, Inc. 206
Junos OS Interfaces Configuration Guide for Security Devices
Understanding the TIM514 Analog Telephony Interface Module on page 204
TIM514 Connector Pinout on page 205
TIM514 Possible Port Configurations on page 205
Example: Configuring VoIP Interfaces on page 225
TIM516 Analog Telephony Interface Module Overview
This topic contains the following sections:
Understanding the TIM516 Analog Telephony Interface Module on page 207
TIM516 Connector Pinout on page 208
TIM516 Possible Port Configurations on page 210
TIM516 LEDs on page 210
Understanding the TIM516 Analog Telephony Interface Module
The TIM516 Analog Telephony Interface Module (Figure 14 on page 207), also known as
the TIM516 analog media module, has 16 analog telephone lines.
Figure 14: TIM516 Analog Telephony Interface Module
6 1 5 M I T
A T C
S E N I L
S E N I L
7 1
4 2
1 8
M L A
g o l a n A
6
6
8
3
0
0
g
S E N I L
The TIM516 provides the following features:
Three ringer loads, the ringer equivalency number for up to 2,000 ft (610 m), for all 16
lines
Up to 16 simultaneously ringing lines
Type 1 caller ID and Type 2 caller ID for line lines
Ring voltage generation for a variety of international frequencies and cadences
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
207 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
TIM516 Connector Pinout on page 208
TIM516 Possible Port Configurations on page 210
TIM516 LEDs on page 210
Example: Configuring VoIP Interfaces on page 225
TIM516 Connector Pinout
The TIM516 Analog Telephony Interface Module uses a B25A unshielded 25pair
Amphenol cable. Table 31 on page 208 describes the TIM516 connector pinout.
Table 31: TIM516 Connector Pinout
Signal Pin
Tip 1
Tip 2
Tip 3
Tip 4
Tip 5
Tip 6
Tip 7
Tip 8
Tip 17
Tip 18
Tip 19
Tip 20
Tip 21
Tip 22
Tip 23
Tip 24
Copyright 2010, Juniper Networks, Inc. 208
Junos OS Interfaces Configuration Guide for Security Devices
Table 31: TIM516 Connector Pinout (continued)
Signal Pin
Ring 26
Ring 27
Ring 28
Ring 29
Ring 30
Ring 31
Ring 32
Ring 33
Ring 42
Ring 43
Ring 44
Ring 45
Ring 46
Ring 47
Ring 48
Ring 49
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM516 Analog Telephony Interface Module on page 207
TIM516 Possible Port Configurations on page 210
TIM516 LEDs on page 210
209 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Example: Configuring VoIP Interfaces on page 225
TIM516 Possible Port Configurations
You can configure TIM516 lines as described in Table 32 on page 210.
Table 32: TIM516 Possible Port Configurations
Possible Analog Telephone (LINE) Line Configurations
Analog tip/ring devices such as single-line telephones with or without LED message-waiting indication
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM516 Analog Telephony Interface Module on page 207
TIM516 Connector Pinout on page 208
TIM516 LEDs on page 210
Example: Configuring VoIP Interfaces on page 225
TIM516 LEDs
TIM516LEDs indicatelinkstatus andactivity. Table33onpage210describes themeaning
of the LEDs.
Table 33: LEDs for TIM516
Description State Color Label
Alarm. A TIM516 failure requires
monitoring or maintenance.
On steadily Red ALM
Active. A device connected to the
TIM516 is in use. This situation can
include a telephone that is off the
hook.
Blinking Yellow ACT
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Copyright 2010, Juniper Networks, Inc. 210
Junos OS Interfaces Configuration Guide for Security Devices
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM516 Analog Telephony Interface Module on page 207
TIM516 Connector Pinout on page 208
TIM516 Possible Port Configurations on page 210
Example: Configuring VoIP Interfaces on page 225
TIM518 Analog Telephony Interface Module Overview
This topic contains the following sections:
Understanding the TIM518 Analog Telephony Interface Module on page 211
TIM518 Connector Pinout on page 212
TIM518 Possible Port Configurations on page 214
TIM518 LEDs on page 214
Understanding the TIM518 Analog Telephony Interface Module
The TIM518 Analog Telephony Interface Module (Figure 15 on page 211), also known as
the TIM518 analog media module, has eight analog telephone lines and eight analog
trunk lines.
Figure 15: TIM518 Analog Telephony Interface Module
ACT
LINES
LINES
17 24
1 8
TIM 51 8
ALM
Analog
g
0
0
3
8
6
7
NOTE: For analog direct inward dialing (DID) trunks, you can use all eight
analog telephone lines.
The TIM518 provides the following features:
Three ringer loads, the ringer equivalency number for up to 2,000 ft (610 m), for all 16
lines
Up to 16 simultaneously ringing lines
Type 1 caller ID and Type 2 caller ID for line lines
211 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Type 1 caller ID for trunk lines
Ring voltage generation for a variety of international frequencies and cadences
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
TIM518 Connector Pinout on page 212
TIM518 Possible Port Configurations on page 214
TIM518 LEDs on page 214
Example: Configuring VoIP Interfaces on page 225
TIM518 Connector Pinout
The TIM518 Analog Telephony Interface Module uses a B25A unshielded 25pair
Amphenol cable. Table 34 on page 212 describes the TIM518 connector pinout.
Table 34: TIM518 Connector Pinout
Signal Pin
Ring 1
Ring 2
Ring 3
Ring 4
Ring 5
Ring 6
Ring 7
Ring 8
Ring 17
Ring 18
Ring 19
Copyright 2010, Juniper Networks, Inc. 212
Junos OS Interfaces Configuration Guide for Security Devices
Table 34: TIM518 Connector Pinout (continued)
Signal Pin
Ring 20
Ring 21
Ring 22
Ring 23
Ring 24
Tip 26
Tip 27
Tip 28
Tip 29
Tip 30
Tip 31
Tip 32
33
Tip 42
Tip 43
44
Tip 45
Tip 46
Tip 47
Tip 48
Tip 49
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
213 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM518 Analog Telephony Interface Module on page 211
TIM518 Possible Port Configurations on page 214
TIM518 LEDs on page 214
Example: Configuring VoIP Interfaces on page 225
TIM518 Possible Port Configurations
You can configure eight TIM518 analog telephone lines as described in Table 35 on
page 214.
Table 35: TIM518 Possible Port Configurations
Possible Analog Trunk Port Configurations Possible Analog Telephone Port Configurations
Loop-start or ground-start central office trunk with a loop
current of 18 to 120 mA
Wink-start or immed-start DID trunk
Two-wire analog outgoing centralized automatic message
accounting (CAMA) emergency E911 trunk for connectivity to
the PSTN
Analog tip or ring devices such as single-line telephones with
or without LED message-waiting indication
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM518 Analog Telephony Interface Module on page 211
TIM518 Connector Pinout on page 212
TIM518 LEDs on page 214
Example: Configuring VoIP Interfaces on page 225
TIM518 LEDs
TIM518LEDs indicatelink status andactivity. Table36onpage215describes themeaning
of the LEDs.
Copyright 2010, Juniper Networks, Inc. 214
Junos OS Interfaces Configuration Guide for Security Devices
Table 36: LEDs for TIM518
Description State Color Label
Alarm. A TIM518 failure requires
monitoring or maintenance.
On steadily Red ALM
Active. A device connected to the
TIM518 is in use. This situation can
include a telephone that is off the
hook.
Blinking Yellow ACT
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM518 Analog Telephony Interface Module on page 211
TIM518 Connector Pinout on page 212
TIM518 Possible Port Configurations on page 214
Example: Configuring VoIP Interfaces on page 225
TIM521 BRI Telephony Interface Module Overview
This topic contains the following sections:
Understanding the TIM521 BRI Telephony Interface Module on page 215
TIM521 LEDs on page 216
Understanding the TIM521 BRI Telephony Interface Module
The TIM521 BRI Telephony Interface Module (Figure 16 on page 216), also known as the
TIM521 BRI media module, has four ports with RJ-45 jacks that can be administered as
ISDNBasicRateInterface(BRI) trunkconnections. EachISDNBRI port hastwoB-channels
plus a D-channel. Up to two TIM521 modules (with four BRI trunk ports each) can be
installed in any of the slots on the Services Router.
215 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Figure 16: TIM521 BRI Telephony Interface Module
For ISDNBRI trunking, the TIM521 supports up to four BRI interfaces to the central office
at the ISDN T reference point. Information is communicated on each port in two ways:
Over two 64-Kbps B-channels, called B1 and B2, that can be circuit-switched
simultaneously.
NOTE: The TIM521 does not support BRI stations or combining both
B-channels together to forma 128-Kbps channel.
Over a 16-Kbps channel, called the D-channel, that is used for signaling. The TIM521
occupies one time slot for all four D-channels.
The circuit-switched connections have an a-lawor mu-lawoption for voice operation.
The circuit-switched connections operate as 64-Kbps clear channels transmitting data.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
TIM521 LEDs on page 216
Example: Configuring VoIP Interfaces on page 225
TIM521 LEDs
TIM521 LEDs indicate link status andactivity. Table 37 onpage 216describes the meaning
of the LEDs.
Table 37: LEDs for TIM521
Description State Color Label
Alarm. A TIM521 failure requires
monitoring or maintenance.
On steadily Red ALM
Copyright 2010, Juniper Networks, Inc. 216
Junos OS Interfaces Configuration Guide for Security Devices
Table 37: LEDs for TIM521 (continued)
Description State Color Label
Active. A trunk connected to the
TIM521 is in use.
On steadily Yellow ACT
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya VoIP Modules Configuration Overviewon page 185
Understanding the TIM521 BRI Telephony Interface Module on page 215
Example: Configuring VoIP Interfaces on page 225
Avaya IG550Integrated Gateway Overview
The Avaya IG550 Integrated Gateway consists of the TGM550 Telephony Gateway
Module and one or more Telephony Interface Modules (TIMs) that are installed in the
slots ontheJ4350andJ6350Services Routers toprovideVoIPconnectivity. TheTGM550
is an H.248 media gateway that works with the TIMs to connect IP and legacy analog
telephones and trunks over IP networks and enable IP telephones to communicate
through analog telephone lines and trunks.
The TGM550 is also connected over a LAN or WAN to a Media Gateway Controller
(MGC)an Avaya media server running Avaya Communication Manager (CM) call
processing software. The telephony services on the TGM550 are managed by an MGC
located at headquarters or in a branch office. When the primary MGC is located at a
remote location, the TGM550 uses standard local survivability (SLS) for partial MGC
backup in the event that the connection to the primary MGC is lost. Devices can thereby
provide reliable telephony services to branch offices.
Four types of VoIPinterfaces on Avaya VoIPmodules provide VoIPconnectivity on J4350
and J6350 Services Routers:
Analog telephone or trunk port
T1 port
E1 port
ISDN BRI telephone or trunk port
These interfaces are available on the field-replaceable Avaya VoIP modules listed in
Table 38 on page 218.
217 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Table 38: Interfaces on Avaya VoIP Modules
Junos OS Interface
(type-pim/0/port) VoIP Interfaces Description Module Name
vp-pim/0/0
On a VoIP interface, the port is
always 0.
Twoanalogtelephoneports
Two analog trunk ports
One serial port for console
access
Avaya Telephony Gateway
Module (TGM). See
Understanding the TGM550
TelephonyGatewayModule on
page 189.
TGM550
One E1/T1 trunk port providing
up to 30 E1 or 24 T1 channels
Avaya E1/T1 Telephony
Interface Module (TIM). See
Understanding the TIM510
E1/T1 Telephony Interface
Module on page 201.
TIM510
Four analogtelephoneports
Four analog trunk ports
Avaya Analog TIM. See
Understanding the TIM514
Analog Telephony Interface
Module on page 204.
TIM514
Four ISDN BRI trunk ports
providing up to eight channels
Avaya BRI TIM. See
Understanding the TIM521 BRI
Telephony InterfaceModule on
page 215.
TIM521
Only the TGM550has aJunos OSinterface. Because the TIMs donot have corresponding
physical interfaces, you cannot configure or administer themwith the J-Web interface
or the Junos OS CLI. However, you can display TGM550 and TIMstatus fromJ-Web
Monitor>Chassis pages and with the CLI showchassis command.
CAUTION: The TGM550 and TIMs are not hot-swappable. You must power
off the router before installing or removing the Avaya VoIP modules. Ensure
that theAvayaVoIPmodules areinstalledintherouter chassis beforebooting
up the system.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Hardware Description and Reference for Avaya Communication Manager at
http://support.avaya.com
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers at
http://support.avaya.com
Administration Guide and CLI Reference for the Avaya IG550 Integrated Gateway at
http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Media Gateway Controller Server Overviewon page 219
Avaya Communication Manager Software Overviewon page 220
Copyright 2010, Juniper Networks, Inc. 218
Junos OS Interfaces Configuration Guide for Security Devices
Dynamic Call Admission Control Overviewon page 221
Configuring VoIP Interfaces with EPWand Disk-on-Key on page 222
Example: Configuring VoIP Interfaces on page 225
Media Gateway Controller Server Overview
A Media Gateway Controller (MGC) is a media server (call controller) that controls
telephoneservices ontheTGM550. AnAvayamediaserver runningAvayaCommunication
Manager (CM) software acts as an MGC for the TGM550.
The following media servers running Avaya Communication Manager can be used as an
MGC with the TGM550:
Avaya S8300 Media ServerControls up to 49 TGM550s.
Avaya S8400 Media ServerControls up to 5 TGM550s.
Avaya S8500 Media ServerControls up to 250 TGM550s.
Avaya S8700 Media ServerControls up to 250 TGM550s.
Avaya S8710 Media ServerControls up to 250 TGM550s.
Avaya S8720 Media ServerControls up to 250 TGM550s.
To provide telephony services, the TGM550 must be registered with at least one Media
Gateway Controller (MGC). You can configure the IP addresses of up to four MGCs that
the TGM550 can connect to in the event of a link failure. The MGC list consists of the IP
addresses of the MGCs to connect to andthe order in which to reestablish the H.248link.
The first MGCon the list is the primary MGC. The TGM550searches for the primary MGC
first. If it cannot connect to the primary MGC or loses its connection to the primary MGC,
it attempts to connect to the next MGC in the list, and so on.
NOTE: The MGC list is stored in the TGM550. It is not written to the Junos
OS configuration file.
You must also administer Avaya Communication Manager on the configured Media
Gateway Controllers to support the TGM550. For more information, see the following
Avaya IG550 Integrated Gateway manuals at http://support.avaya.com:
Installing and Configuring the Avaya IG550 Integrated Gateway
Administration Guide and CLI Reference for the Avaya IG550 Integrated Gateway
Administrator Guide for Avaya Communication Manager
Avaya Maintenance Procedures for Communication Manager, Media Servers, and Media
Gateways
Avaya Maintenance Commands for Communication Manager, Media Servers, and Media
Gateways
219 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Avaya Maintenance Alarms for Communication Manager, Media Servers, and Media
Gateways
Hardware Description and Reference for Avaya Communication Manager
SystemCapacities Table for Avaya Communication Manager on Avaya Media Servers
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Overviewon page 183
Avaya IG550 Integrated Gateway Overviewon page 217
Avaya Communication Manager Software Overviewon page 220
Dynamic Call Admission Control Overviewon page 221
Configuring VoIP Interfaces with EPWand Disk-on-Key on page 222
Avaya Communication Manager Software Overview
Avaya Communication Manager (CM) software manages the Media Gateway Controller
(MGC). Avaya CMallows you to do the following:
Assign numbers to local telephones.
Determine where to connect your telephone call based on the number you dial.
Play dial tones, busy signals, and prerecorded voice announcements.
Allowor prohibit access to outside lines for specific telephones.
Assign telephone numbers and buttons to special features.
Exchangecall switchinginformationwitholder telephoneswitches that donot support
VoIP.
NOTE: TheTGM550supports AvayaCommunicationManager (CM) release
4.0andlater releases. The TGM550does not support AvayaCommunication
Manager (CM) releases earlier than release 4.0.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Administrator Guide for Avaya Communication Manager at http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya IG550 Integrated Gateway Overviewon page 217
Media Gateway Controller Server Overviewon page 219
Dynamic Call Admission Control Overviewon page 221
Configuring VoIP Interfaces with EPWand Disk-on-Key on page 222
Copyright 2010, Juniper Networks, Inc. 220
Junos OS Interfaces Configuration Guide for Security Devices
Dynamic Call Admission Control Overview
Dynamic call admission control (CAC) enables the Media Gateway Controller (MGC) to
automatically assign the bandwidth available for voice traffic on WAN interfaces and
block newcalls when the existing call bandwidth is completely engaged. You configure
dynamicCAConahigh-bandwidthprimaryinterfaceandononeor morebackupinterfaces
with less bandwidth.
Without dynamic CAC, the MGC cannot detect the switchover to the backup link or the
resulting changes in network topology and available bandwidth. As a result, the MGC
continues toadmit calls at thebandwidthof theprimarylink, causingnetworkcongestion
and possible jitter, delay, and loss of calls.
Dynamic CAC Interface Requirements
This topic contains the following sections:
Supported Interfaces on page 221
Bearer Bandwidth Limit and Activation Priority on page 221
Rules for Determining Reported BBL on page 222
Supported Interfaces
Dynamic CAC must be configured on each Services Router interface responsible for
providing call bandwidth. You can configure dynamic CAC on the following types of
interfaces on Services Routers:
ADSL
E1
E3
Fast Ethernet
Gigabit Ethernet
GRE
G.SHDSL
ISDN BRI
Serial interfaces
T1
T3
Bearer Bandwidth Limit and Activation Priority
The dynamic CAC bearer bandwidth limit (BBL) configured on an interface specifies the
maximumbandwidth available for voice traffic on the interface. The TGM550 reports
the BBL to the MGC. When the call bandwidth exceeds the BBL, the MGC blocks new
calls and alerts the user with a busy tone.
221 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
You configure the dynamic CACactivation priority value on interfaces tospecify the order
in which the interfaces are used for providing call bandwidth.
Rules for Determining Reported BBL
To assess the WAN interfaces that have an activation priority value and determine a
single BBL to report to the MGC, the TGM550 uses the following rules. The reported BBL
(RBBL) allows the MGC to automatically control the call bandwidth when interfaces
responsible for providing call bandwidth become available or unavailable.
Report the BBL of the active interface with the highest activation priority. For example,
if one interface has the activation priority of 200 and a BBL of 1500 Kbps and another
interface has the activation priority of 100 and a BBL of 1000 Kbps, the RBBL is 1500
Kbps.
If more than one active interface has the same activation priority, report a BBL that is
the number of interfaces times their lowest BBL. For example, if two interfaces with
thesameactivationpriority haveBBLs of 2000Kbps and1500Kbps, theRBBLis 3000
Kbps (2 x 1500 Kbps).
If the interface with the highest activation priority is unavailable, report the BBL of the
active interface with the next highest activation priority.
If all the interfaces on which dynamic CAC is configured are inactive, report a BBL of
0. The MGC does not allowcalls to go through when the RBBL is 0.
NOTE: Dynamic CAC works in conjunction with the Avaya Communication
Manager (CM) Call Admission Control: Bandwidth Limitation (CAC-BL)
feature. If you configure dynamic CAC on WANinterfaces, you must also
configure CAC-BL on Avaya CM.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Administrator Guide for Avaya Communication Manager at http://support.avaya.com
Avaya VoIP Modules Overviewon page 183
Avaya IG550 Integrated Gateway Overviewon page 217
Media Gateway Controller Server Overviewon page 219
Avaya Communication Manager Software Overviewon page 220
Configuring VoIP Interfaces with EPWand Disk-on-Key on page 222
Configuring VoIP Interfaces with EPWand Disk-on-Key
If you have a newJ4350 or J6350 Services Router with the TGM550 and TIMs installed
in the router, you can use the Avaya Electronic Preinstallation Worksheet (EPW) and a
disk-on-key USB memory stick to configure VoIP on the router.
Copyright 2010, Juniper Networks, Inc. 222
Junos OS Interfaces Configuration Guide for Security Devices
The EPWis a customizedMicrosoft Excel spreadsheet that you use to collect a complete
set of VoIP configuration information and create a configuration file named
juniper-config.txt. You can copy the juniper-config.txt file to a disk-on-key device and
boot the router fromthe device to configure VoIP on the router.
This configuration method has the following requirements:
A management device (PC or laptop) running Microsoft Excel version 2000 or later.
A disk-on-key device with one of the following 16-bit or 32-bit file allocation table
(FAT) file systems:
DOS 3.0+ 16-bit FAT (up to 32 MB)
DOS 3.31+ 16-bit FAT (over 32 MB)
WIN95 OSR2 FAT32
WIN95 OSR2 FAT32, LBA-mapped
WIN95 DOS 16-bit FAT, LBA-mapped
A Services Router with the factory configuration and the TGM550 and TIMs installed.
If other Junos OS configuration files exist on the Services Router, the router cannot
readthejuniper-config.txt filefromthedisk-on-key device. Toremovetheconfiguration
files fromthe router, press and hold the RESET CONFIG button for 15 seconds or more,
until the STATUS LED blinks red.
CAUTION: Pressing and holding the RESET CONFIG button for 15 seconds
or moreuntil the STATUS LED blinks reddeletes all configurations on
the router, including the backup configurations and rescue configuration,
and loads and commits the factory configuration.
223 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
To configure a VoIP interface using EPWand disk-on-key:
1. Download the EPWto a PC or laptop computer.
a. Go to http://support.avaya.com.
b. On the Avaya support page, click FindDocumentationandTechnical Information
by Product Name.
c. Scroll down and click Integrated Management Provisioning &Installation
Manager.
d. Select the 4.0 release fromthe select a release box and click Viewall documents.
e. Scroll down and double-click the Electronic Preinstallation Worksheet for
Provisioning Installation Manager link.
f. Scroll down and double-click the ViewXLS link.
g. In the File Open window, click the Open button.
h. In the Security Warning window, open the EPWby clicking Enable Macros. Be sure
to open the EPWin Microsoft Excel version 2000 or later versions.
2. Enter information in the individual worksheets. Ensure that all mandatory fields
(highlighted in blue color) are filled in.
3. Select File>Save.
4. Open the InitialConfig worksheet and click Create Configuration File.
The Select Location page is displayed.
5. Choose a location where you want to create the configuration file.
The configuration file with the name juniper-config.txt is created.
6. Copy the juniper-config.txt file to a disk-on-key device.
7. Press and release the power button to power off the router. Wait for the POWER LED
to turn off.
8. Plug the disk-on-key device into the USB port on the Services Router.
9. Press the POWER button on the front panel of the router. Verify that the POWER LED
on the front panel turns green.
The router reads the juniper-config.txt file fromthe disk-on-key device and commits
the configuration.
10. Remove the disk-on-key device.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Avaya VoIP Modules Overviewon page 183
Avaya IG550 Integrated Gateway Overviewon page 217
Media Gateway Controller Server Overviewon page 219
Copyright 2010, Juniper Networks, Inc. 224
Junos OS Interfaces Configuration Guide for Security Devices
Avaya Communication Manager Software Overviewon page 220
Dynamic Call Admission Control Overviewon page 221
Example: Configuring VoIP Interfaces on page 225
Example: Configuring VoIP Interfaces
This example shows howto configure VoIP interfaces on a device.
Requirements on page 225
Overviewon page 226
Configuration on page 227
Verifying the VoIP Configuration on page 231
Requirements
Before you begin:
Install Services Router hardware, including the TGM550 and the TIMs. Before power
is connected, ensure that the router is grounded with a 10 AWG cable.
CAUTION: Theoriginal groundingcablefor SSGServicesRoutersis14AWG
only and must be replaced with a 10 AWGcable.
Verify that you have connectivity to at least one Avaya media server running Avaya
Communication Manager (CM) release 4.0 or later. For more information about Avaya
media servers, see Media Gateway Controller Server Overview on page 219.
Verify that the Services Router is running Junos OS Release 8.2R1 or later.
Downloadandinstall themost recent firmwarefor theTGM550. Verifythat theTGM550
firmware version is compatible with the Junos OS version installed on the Services
Router. For more information, see TGM550 Firmware Compatibility with Junos OS
on page 190.
If youareconfiguringVoIPusingtheAvayaElectronic PreinstallationWorksheet (EPW)
and a disk-on-key USB memory stick, order a disk-on-key USB memory stick. For
disk-on-key requirements, seeConfiguringVoIPInterfaces withEPWandDisk-on-Key
on page 222.
Establish basic connectivity.
If you do not already have a basic understanding of physical and logical interfaces and
Juniper Networks interface conventions, see Types of Interfaces Overview.
If you apply anIPaddress tothe TGM550, thenit resets the module. If you are updating
an existing VoIPconfiguration by modifying the TGM550IPaddress, take the following
precautions:
225 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Log into the TGM550 and enter copy running-config startup-config to save the
TGM550 configuration. (For login instructions, see Saving the TGM550 Module
Configuration on page 237.)
Ensure that the TGM550 is not currently handling voice traffic.
Overview
In this example, a TGM550 installed in slot 2 of a Services Router has the IP address
10.10.10.2. The TGM550 needs to have registered a primary MGC at address 172.16.0.0,
and second and third MGC at addresses 10.10.10.30 and 10.10.10.10.40.
To configure dynamic call admission control (CAC), you define the bearer bandwidth
limit (BBL) and activation priority on each WAN interface responsible for providing call
bandwidth.
The activation priority has a range from1 through 255. The default value is 50.
The BBL has a range from0 Kbps through 9999 Kbps. The default BBL value of 1
Kbps indicates that the complete bandwidth of the interface is available for voice
traffic. Use a BBL of 0, which indicates that no bandwidth is available for bearer traffic
on the MGC, to use the interface for signaling only.
In this example, a Gigabit Ethernet, T1, and ISDN BRI interface are configured with the
BBL and activation priority values shown in Table 39 on page 226.
Table 39: Dynamic CAC Configuration Example
Activation Priority Value Bearer Bandwidth Limit (BBL) Value Interface Providing Call Bandwidth
200 3000 Kbps Gigabit Ethernet
150 1000 Kbps T1
100 128 Kbps ISDN BRI
The Gigabit Ethernet interface is used as the primary link for providing call bandwidth
because it has the highest activation priority value. When the Gigabit Ethernet interface
is active, the TGM550 reports its BBL value of 3000 Kbps to the MGC. If the Gigabit
Ethernet interface fails, the TGM550 automatically switches over to the T1 interface
because it has the next highest activation priority. The TGM550 nowreports the BBL
value of the T1 interface to the MGC. If the T1 interface also fails, the TGM550 switches
over to the ISDNBRI interface and reports the BBL value of the ISDNBRI interface to the
MGC. Configuring dynamic CAC on multiple WAN interfaces allows the MGC to
automatically control the call bandwidth when interfaces responsible for providing call
bandwidth are unavailable.
CAUTION: The TGM550 is reset when you commit the configuration after
modifying the IPaddress. Before modifying the TGM550IPaddress, take the
following precautions:
Copyright 2010, Juniper Networks, Inc. 226
Junos OS Interfaces Configuration Guide for Security Devices
Log into the TGM550 and enter copy running-config startup-config to save
the TGM550 configuration.
Ensure that the TGM550 is not currently handling voice traffic.
Configuration
This example shows howto howto configure VoIP interfaces on a device. Performthe
following tasks marked (Required) and performother tasks if needed on your network.
Configuring the VoIP Interface (Required) on page 227
Configuring the Media Gateway Controller List (Required) on page 228
ConfiguringDynamicCall AdmissionControl onWANInterfaces (Optional) onpage229
Modifying the IP Address of the TGM550 on page 230
Configuring the VoIP Interface (Required)
CLI Quick
Configuration
To quickly configure the VoIP interface, copy the following commands and paste them
into the CLI.
[edit]
edit interfaces vp3/0/0
edit unit 0
set family inet address 10.10.10.1/32 destination 10.10.10.2
Step-by-Step
Procedure
To configure the VoIP interface:
Select the VoIP interface. 1.
[edit]
user@host# edit interfaces vp3/0/0
2. Create the logical unit.
NOTE: You cannot configure more than one logical unit on the VoIP
interface. The logical unit number must be 0.
[edit]
user@host# edit unit 0
3. Configure the source IPv4address anddestinationIPaddress for the VoIPinterface.
NOTE: You cannot specify more than one IP address.
[edit]
user@host# set family inet address 10.10.10.1/32 destination 10.10.10.2
4. If you are done configuring the device, commit the configuration.
227 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
[edit]
user@host# commit
5. Continue with Configuring the Media Gateway Controller List (Required) on
page 228. If you are done configuring the device, commit the configuration.
Results Fromconfiguration mode, confirmyour configuration by entering the showinterfaces
extensive command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit fromconfiguration mode.
Configuring the Media Gateway Controller List (Required)
CLI Quick
Configuration
To quickly configure and clear the MGC list, in operational mode, copy the following
commands and paste theminto the CLI.
set tgmfpc 2 media-gateway-controller [172.16.0.010.10.10.3010.10.10.40]
ssh 10.10.10.2
ping 172.16.0.0
ping 10.10.10.30
ping 10.10.10.40
clear tgmfpc 2 media-gateway-controller
Step-by-Step
Procedure
To configure the MGC List in operational mode:
Configure the IP addresses of the Media Gateway Controllers. 1.
user@host> set tgmfpc 2 media-gateway-controller [172.16.0.010.10.10.30
10.10.10.40]
NOTE: Runningtheset tgmfpcslot media-gateway-controller command
updates the startup configuration on the TGM550. You do not need to
run the copy running-config start-config command to save the
configuration on the module.
2. Log in to the TGM550 with SSH, and verify that each MGC can be reached over the
network.
user@host> ssh 10.10.10.2
password> root
TGM550-00<root># ping 172.16.0.0
...
TGM550-00<root># ping 10.10.10.30
...
TGM550-00<root># ping 10.10.10.40
...
Copyright 2010, Juniper Networks, Inc. 228
Junos OS Interfaces Configuration Guide for Security Devices
3. Do one of the following:
To control bandwidth assignments for voice traffic, see Configuring Dynamic
Call Admission Control on WAN Interfaces (Optional) on page 229.
To verify that VoIP is configured correctly on the router, see Verifying the VoIP
Interface on page 231.
Step-by-Step
Procedure
To clear an MCG list in operational mode:
Remove all of the IP addresses fromthe MGC list. 1.
user@host> clear tgmfpc 2 media-gateway-controller
NOTE: The clear command removes all the MGC IP addresses. You
cannot clear the IP address of a single MGC with this command.
2. Add one or more newMGC IP addresses. See Modifying the IP Address of the
TGM550 on page 230.
Configuring Dynamic Call Admission Control on WANInterfaces (Optional)
CLI Quick
Configuration
To quickly configure dynamic CACon Services Router WANinterfaces, copy the following
commands and paste theminto the CLI.
edit interfaces ge-0/0/3
edit unit 0
set dynamic-call-admission-control activation-priority200bearer-bandwidth-limit 3000
edit interfaces t1-6/0/0
edit unit 0
set dynamic-call-admission-control activation-priority150bearer-bandwidth-limit 1000
edit interfaces br-1/0/3
edit unit 0
set dynamic-call-admission-control activation-priority 100bearer-bandwidth-limit 128
Step-by-Step
Procedure
To configure dynamic CAC on Services Router WAN interfaces:
Select the Gigabit Ethernet interface. 1.
[edit]
user@host# edit interfaces ge-0/0/3
2. Configure dynamic CAC on logical unit 0 of the Gigabit Ethernet interface with the
activation priority and BBL values given in Table 39 on page 226.
[edit]
user@host# edit unit 0
user@host# set dynamic-call-admission-control activation-priority 200
bearer-bandwidth-limit 3000
3. Select the T1 interface.
[edit]
user@host# edit interfaces t1-6/0/0
229 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
4. Configure dynamic CAC on logical unit 0 of the T1 interface with the activation
priority and BBL values given in Table 39 on page 226.
[edit]
user@host# edit unit 0
user@host# set dynamic-call-admission-control activation-priority 150
bearer-bandwidth-limit 1000
5. Select the ISDN BRI interface.
[edit]
user@host# edit interfaces br-1/0/3
6. ConfiguredynamicCAConlogical unit 0of theISDNBRI interfacewiththeactivation
priority and BBL values given in Table 39 on page 226.
[edit]
user@host# edit unit 0
user@host# set dynamic-call-admission-control activation-priority 100
bearer-bandwidth-limit 128
7. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Modifying the IP Address of the TGM550
CLI Quick
Configuration
To quickly modify the IP address of the TGM550, copy the following commands and
paste theminto the CLI.
edit interfaces vp-3/0/0unit 0
set family inet address 10.10.10.1/32 destination 10.10.10.80
Step-by-Step
Procedure
To modify the IP address of the TGM550:
Select the logical VoIP interface. 1.
[edit]
user@host# edit interfaces vp-3/0/0unit 0
2. Modify the destination IP address for the TGM550 to a different address.
NOTE: You cannot specify more than one IP address.
[edit]
user@host# set family inet address 10.10.10.1/32 destination 10.10.10.80
3. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Copyright 2010, Juniper Networks, Inc. 230
Junos OS Interfaces Configuration Guide for Security Devices
Verifying the VoIP Configuration
To confirmthat the configuration is working properly, performthese tasks:
Verifying the VoIP Interface on page 231
Verifying the Media Gateway Controller List on page 232
Verifying Bandwidth Available for VoIP Traffic on page 233
Verifying the VoIP Interface
Purpose Verify that the VoIP interface is correctly configured.
Action Fromoperational mode, enter the showinterfaces extensive command.
user@host> showinterfaces vp-3/0/0extensive
Physical interface: vp-3/0/0, Enabled, Physical link is Up
Interface index: 141, SNMP ifIndex: 21, Generation: 142
Type: VP-AV, Link-level type: VP-AV, MTU: 1518, Speed: 10mbps
Device flags : Present Running
Link type : Full-Duplex
Link flags : None
Physical info : Unspecified
CoS queues : 8 supported, 8 maximum usable queues
Last flapped : 2006-09-29 09:28:32 UTC (4d 18:35 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 8886912 0 bps
Output bytes : 6624354 0 bps
Input packets: 90760 0 pps
Output packets: 65099 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards:
0,
Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors:
0
Egress queues: 8 supported, 8 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 65099 65099 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Packet Forwarding Engine configuration:
Destination slot: 2
CoS transmit queue Bandwidth Buffer Priority
Limit
% bps % usec
0 best-effort 95 9500000 95 0 low
none
3 network-control 5 500000 5 0 low
none
Logical interface vp-3/0/0.0 (Index 71) (SNMP ifIndex 47) (Generation 137)
231 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Flags: Point-To-Point SNMP-Traps Encapsulation: VP-AV
Protocol inet, MTU: 1500, Generation: 142, Route table: 0
Flags: None
Filters: Input: pcap, Output: pcap
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.10.10.2, Local: 10.10.10.1, Broadcast: Unspecified,
Generation: 144
Meaning The output shows a summary of interface information. Verify the following information:
The physical interface is Enabled. If the interface is shown as Disabled, do either of the
following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
interface-name] level of the configuration hierarchy.
In the J-Web configuration editor, clear the Disable check box on the
Interfaces>interface-name page.
The physical link is Up. A link state of Down indicates that the interface is disabled. Do
one of the following:
In the CLI configuration editor, delete the disable statement at the [edit interfaces
interface-name] level of the configuration hierarchy.
In the J-Web configuration editor, clear the Disable check box on the
Interfaces>interface-name page.
The Last Flapped time is an expected value. The Last Flapped time indicates the last
time the physical interface became unavailable and then available again. Unexpected
flapping indicates likely link-layer errors.
The traffic statistics reflect expected input and output rates. Verify that the number
of inbound and outbound bytes and packets matches expected throughput for the
physical interface. To clear the statistics and see only newchanges, use the clear
interfaces statistics interface-name command.
Verifying the Media Gateway Controller List
Purpose Verify that the Media Gateway Controller (MGC) list is correctly configured and that the
MGCs are reachable over the network.
Action Fromoperational mode, enter the showtgmfpc slot-number media-gateway-controller
command.
user@host> showtgmfpc 2 media-gateway-controller
Media gateway controller(s): 173.26.232.77
10.10.10.30
10.10.10.40
Meaning The output shows the configured MGC list. Verify the following:
The IPaddresses and the order of the IPaddresses in the MGClist are correct. The first
MGC on the list is the primary MGC. The TGM550 searches for the primary MGC first.
Copyright 2010, Juniper Networks, Inc. 232
Junos OS Interfaces Configuration Guide for Security Devices
If it cannot connect to the primary MGC or loses its connection to the primary MGC, it
attempts to connect to the next MGC in the list, and so on.
Use the Junos OSCLI ping command or the J-Web ping host tool (Troubleshoot>Ping
Host) to verify that the configured MGCs can be reached over the network.
Verifying Bandwidth Available for VoIP Traffic
Purpose Verify that the dynamic call admission control (CAC) configuration supports sufficient
bandwidth for VoIP traffic.
Action Fromoperational mode, enter the showtgmdynamic-call-admission-control command.
user@host> showtgmdynamic-call-admission-control
Reported bearer bandwidth limit: 3000 Kbps
Interface State Activation Bearer bandwidth
priority limit (Kbps)
ge-0/0/3.0 up 200 3000
t1-6/0/0.0 up 150 1000
br-1/0/3.0 up 50 128
Meaning The output shows the dynamic CAC configuration. Verify the following information:
The activation priority and bearer bandwidth limit (BBL) configured on individual
interfaces are correct.
The Reported bearer bandwidth limit field displays the bandwidth available for VoIP
traffic. Ensure that the bandwidth is sufficient for VoIP traffic.
Related
Documentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
J4350 and J6350 Services Router Getting Started Guide
Administration for the Avaya IG550 Integrated Gateway at http://support.avaya.com
Administrator Guide for Avaya Communication Manager at http://support.avaya.com
Junos Interfaces Command Reference
Avaya VoIP Modules Overviewon page 183
Understanding the TGM550 Telephony Gateway Module on page 189
Avaya IG550 Integrated Gateway Overviewon page 217
Avaya Communication Manager Software Overviewon page 220
Dynamic Call Admission Control Overviewon page 221
TGM550 Module and VoIP Interface Troubleshooting on page 237
233 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
TGM550Module Administration
This section contains the following topics:
Connecting Through the TGM550 Module Console Port on page 234
Connecting to the TGM550 with SSH on page 235
TGM550 Module with Telnet Access on page 235
Accessing the Services Router fromthe TGM550 Module on page 236
Resetting the TGM550 Module on page 236
Saving the TGM550 Module Configuration on page 237
Connecting Through the TGM550Module Console Port
To connect to the TGM550 through its console port:
1. Turn off the power to the management device, such as a PC or laptop computer, that
you are using to access the TGM550.
2. Plug one end of an Ethernet rollover cable provided with the TGM550 into the RJ-45
to DB-9 serial port adapter provided with the TGM550.
CAUTION: Two different RJ-45 cables and RJ-45 to DB-9 adapters are
provided. Do not use the RJ-45 cable and adapter for the Services Router
console port to connect to the TGM550 console port.
3. Plug the RJ-45 to DB-9 serial port adapter provided with the TGM550 into the serial
port on the management device.
4. Connect the other end of the Ethernet rollover cable to the console port (CONSOLE)
on the TGM550.
5. Turn on power to the management device.
6. Start your asynchronous terminal emulation application (such as Microsoft Windows
Hyper Terminal), and select the appropriate COMport to use (for example, COM1).
7. Configure the port settings as follows:
Bits per second: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flowcontrol: Hardware
8. At the login prompt, type your username and press Enter.
9. At the password prompt, type your password and press Enter.
Copyright 2010, Juniper Networks, Inc. 234
Junos OS Interfaces Configuration Guide for Security Devices
Connecting to the TGM550with SSH
To connect to the TGM550 with SSH:
1. Ensure that the TGM550 has an IP address.
2. Fromthe Junos OS CLI or a remote connection, enter the following command:
ssh ip-address
TGM550Module with Telnet Access
This section contains the following topics:
Enabling Telnet Service on the TGM550 Module on page 235
Connecting to the TGM550 Module with Telnet on page 235
Disabling Telnet Service on the TGM550 Module on page 236
Enabling Telnet Service on the TGM550Module
By default, Telnet service is not enabled on the TGM550. You must enable Telnet service
on the TGM550 before you can telnet to the TGM550 fromother devices or fromthe
TGM550 to other devices.
CAUTION: Telnet connections are not encrypted and therefore can be
intercepted.
To enable Telnet service on the TGM550:
1. Connect to the TGM550 through the console port.
2. EnableincomingTelnet connections byenteringthefollowingcommand, andreplacing
port with the Telnet port number.
TGM550-004(super)# ip telnet port port
3. Enable outgoing Telnet connections fromthe TGM550 to other devices.
TGM550-004(super)# ip telnet-client
4. Save the configuration.
TGM550-004(super)# copy running-config startup-config
Connecting to the TGM550Module with Telnet
To connect to the TGM550 with Telnet:
1. Ensure that Telnet is enabled on the TGM550.
2. Ensure that the TGM550 has an IP address.
3. Fromthe Junos OS CLI or a remote connection, enter the following command.
telnet ip-address
235 Copyright 2010, Juniper Networks, Inc.
Chapter 10: Voice over Internet Protocol with Avaya
Disabling Telnet Service on the TGM550Module
To disable Telnet service on the TGM550:
1. Connect to the TGM550 through the console port.
2. DisableincomingTelnet connectionsbyenteringthefollowingcommand, andreplacing
port with the Telnet port number.
TGM550-004(super)# no ip telnet
3. Disable outgoing Telnet connections fromthe TGM550 to other devices.
TGM550-004(super)# no ip telnet-client
4. Save the configuration.
TGM550-004(super)# copy running-config startup-config
Accessing the Services Router fromthe TGM550Module
You can access the Services Router fromthe CLI on its installed TGM550in the following
ways:
Enter the session chassis command.
Enter the telnet or ssh command.
NOTE: Before using the TGM550 CLI telnet command, ensure that Telnet
service is enabled on the TGM550.
Resetting the TGM550Module
CAUTION: Before resetting the TGM550, take the following precautions:
Log into the TGM550 and enter copy running-config startup-config to save
the TGM550 configuration.