Junos system configuration module
Version: 2019-01-01
module junos-es-conf-system { yang-version 1; namespace "http://yang.juniper.net/junos-es/conf/system"; prefix jc-system; import junos-common-ddl-extensions { prefix junos; revision-date "2019-01-01"; } import junos-common-types { prefix jt; revision-date "2019-01-01"; } import junos-es-conf-root { prefix jc; revision-date "2019-01-01"; } organization "Juniper Networks, Inc."; contact "yang-support@juniper.net"; description "Junos system configuration module"; revision "2019-01-01" { description "Junos: 21.3R1.9"; } augment /jc:configuration { uses system-group; } augment /jc:configuration/jc:groups { uses system-group; } grouping system-group { container system { description "System parameters"; uses juniper-system; } // container system } // grouping system-group grouping juniper-system { uses apply-advanced; leaf host-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores"; length "0 .. 255"; } description "Hostname for this router"; } container root-authentication { description "Authentication information for the root login"; uses authentication-object; } // container root-authentication container commit { description "Configuration commit management"; uses apply-advanced; container commit-synchronize-server { description "Commit synchronize server configuration"; uses apply-advanced; container traceoptions { description "Traceoptions for commit synchronize server"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf microsecond-stamp { type empty; description "Timestamp with microsecond granularity"; } } // container file list flag { key "name"; description "Tracing parameters"; leaf name { type enumeration { enum "ephemeral-commit" { value 0; description "Trace ephemeral database commit synchronize requests"; } enum "operational-command" { value 1; description "Trace operational command requests"; } enum "debug" { value 2; description "Trace debug level information"; } enum "all" { value 3; description "Trace all information"; } } } } // list flag } // container traceoptions } // container commit-synchronize-server choice persist-groups-choice { leaf persist-groups-inheritance { type empty; description "Build configuration groups inheritance path"; } leaf no-persist-groups-inheritance { type empty; description "Don't build configuration groups inheritance path"; } } // choice persist-groups-choice leaf ignore-xpath-failure { type empty; status deprecated; description "Ignore xpath failures during commit"; } container server { description "Commit server (batch commit)"; uses apply-advanced; leaf maximum-aggregate-pool { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Maximum number of transactions to aggregate"; } leaf maximum-entries { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Maximum number of transactions allowed in queue"; } leaf commit-interval { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Number of seconds between commits"; } leaf retry-attempts { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "5"; description "Retry attempts for commit failure due to db lock error"; } leaf retry-interval { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "20"; description "Retry interval in seconds for commit failure"; } leaf days-to-keep-error-logs { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 366"; } } description "Number of day to keep error log entries"; } leaf redirect-completion-status { type string; description "Redirect Async commit status to server configured here"; } list commit-schedule-profile { key "name"; ordered-by user; description "Scheduling profile for asynchronous low priority commits"; leaf name { type string { length "1 .. 64"; } description "Schedule name for low priority commits"; } uses apply-advanced; leaf start-time { type string { junos:posix-pattern "^(([0-1]?[0-9])|([2][0-3])):([0-5]?[0-9])$"; junos:pattern-message "Time must be of the format hh:mm"; } description "Time when the schedule starts processing low priority jobs (hh:mm)"; } leaf end-time { type string { junos:posix-pattern "^(([0-1]?[0-9])|([2][0-3])):([0-5]?[0-9])$"; junos:pattern-message "Time must be of the format hh:mm"; } description "Time when the schedule stops processing low priority jobs (hh:mm)"; } leaf interruptible { type empty; description "Allow the low priority jobs to be interrupted during the schedule"; } leaf load-average { type jt:unsigned-float; description "Max load average of system at which schedule starts (last 1 min)"; } } // list commit-schedule-profile container traceoptions { description "Trace options for commit server"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf microsecond-stamp { type empty; description "Timestamp with microsecond granularity"; } } // container file list flag { key "name"; description "Tracing parameters"; leaf name { type enumeration { enum "all" { value 0; description "Trace all operations"; } enum "commit-server" { value 1; description "Trace commit server"; } enum "batch" { value 2; description "Trace file batching"; } enum "configuration" { value 3; description "Reading of configuration"; } } } } // list flag } // container traceoptions } // container server leaf fast-synchronize { junos:must "("chassis redundancy graceful-switchover")"; junos:must-message "[chassis redundancy graceful-switchover] has to be configured"; junos:must "("system commit synchronize")"; junos:must-message "[system commit synchronize] has to be configured"; type empty; description "Parallelized commit synchronizing multiple routing-engines"; } leaf synchronize { type empty; description "Synchronize commit on both Routing Engines by default"; } leaf delta-export { type empty; description "Export only delta configuration during commit"; } container notification { junos:must "("system services extension-service notification")"; junos:must-message "Notification services must be configured, mandatory to use commit notifications"; presence "enable notification"; description "Notify applications upon commit complete"; uses apply-advanced; } // container notification leaf peers-synchronize { type empty; description "Synchronize commit on remote peers by default"; } list peers { key "name"; max-elements 3; ordered-by user; description "Commit peers-synchronize details"; uses peers-type; } // list peers } // container commit container configuration-database { description "Configuration database parameters"; uses apply-advanced; container ephemeral { presence "enable ephemeral"; description "Configure ephemeral database"; uses apply-advanced; list instance { key "name"; max-elements 8; ordered-by user; description "Configure ephemeral instances"; leaf name { type string { junos:posix-pattern "!(^default$|[^a-zA-Z0-9_.-])"; junos:pattern-message "Instance name must be a string of alphanumericals, dashes or underscores and must not be default as a name. Default name is used when default ephemeral database is created"; length "1 .. 32"; } description "Name of ephemeral instance"; } uses apply-advanced; } // list instance leaf commit-synchronize-model { type enumeration { enum "asynchronous" { junos:must "((!("chassis redundancy graceful-switchover") || ".. allow-commit-synchronize-with-gres"))"; junos:must-message "Asynchronous commit in ephemeral is not supported along with GRES, please refer documentation for more details"; value 0; description "Commit synchronize on backup happens asynchronously"; } enum "synchronous" { value 1; description "Commit synchronize on backup happens synchronously"; } } default "asynchronous"; description "Select commit synchronize model for ephemeral"; } leaf ignore-ephemeral-default { type empty; description "Ignore ephemeral default database"; } leaf allow-commit-synchronize-with-gres { type empty; description "Allow ephemeral commit synchronize with GRES"; } } // container ephemeral container virtual-memory-mapping { description "Virtual memory mapping configuration"; uses apply-advanced; list process { key "name"; ordered-by user; description "Per process configuration"; leaf name { type string; description "Name of the process"; } uses apply-advanced; leaf fixed-size { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "512 .. 696320"; } } units "kilobytes"; description "Fixed memory mapped size in kilobytes"; } leaf page-pooling-size { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "512 .. 696320"; } } units "kilobytes"; description "Page pooling memory mapped size in kilobytes"; } leaf page-leak-debug { type empty; description "Page leak detection"; } } // list process container process-set { junos:must "("chassis network-services enhanced-ip")"; junos:must-message "process-set is allowed only when enhanced-ip is configured"; description "Set of processes using page pool"; uses apply-advanced; container subscriber-management { presence "enable subscriber-management"; description "Subscriber management processes will use page pooling"; uses apply-advanced; leaf fixed-size { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "512 .. 696320"; } } units "kilobytes"; description "Fixed memory mapped size"; } leaf page-pooling-size { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "512 .. 696320"; } } units "kilobytes"; description "Page pooling memory mapped size"; } } // container subscriber-management } // container process-set } // container virtual-memory-mapping leaf extend-size { junos:must "(!("system configuration-database max-db-size"))"; junos:must-message "extend-size and max-db-size are mutually exclusive"; type empty; description "Extend configuration database upto 1.5G"; } container resize { presence "enable resize"; description "Resize configuration database"; uses apply-advanced; leaf database-size-on-disk { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1024"; } } units "Megabytes"; default "450"; description "Minimum configuration database size on disk"; } leaf database-size-diff { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1024"; } } units "Megabytes"; default "100"; description "Difference between database size and actual usage"; } } // container resize } // container configuration-database container scripts { description "Scripting mechanisms"; uses scripts_type; } // container scripts container login { description "Names, login classes, and passwords for users"; uses apply-advanced; container retry-options { description "Configure password retry options"; uses apply-advanced; leaf tries-before-disconnect { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 10"; } } default "3"; description "Number of times user is allowed to try password"; } leaf backoff-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 3"; } } default "2"; description "Number of password failures before delay is introduced"; } leaf backoff-factor { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "5 .. 10"; } } default "5"; description "Delay factor after 'backoff-threshold' password failures"; } leaf minimum-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "20 .. 60"; } } default "20"; description "Minimum total connection time if all attempts fail"; } leaf maximum-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "20 .. 300"; } } default "120"; description "Maximum time the connection will remain for user to enter username and password"; } leaf lockout-period { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 43200"; } } units "minutes"; description "Amount of time user account is locked after 'tries-before-disconnect' failures"; } } // container retry-options leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 60"; } } units "minutes"; description "Maximum idle time before logout"; } list class { key "name"; description "Login class"; uses login-class-object; } // list class list user { key "name"; description "Username"; uses login-user-object; } // list user container password { description "Password configuration"; uses apply-advanced; leaf minimum-character-changes { type union { type string { pattern "<.*>|$.*"; } type int32 { range "4 .. 15"; } } description "Minimum number of character changes between old and new passwords"; } leaf minimum-reuse { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 20"; } } description "Minimum number of old passwords which should not be same as the new password"; } leaf maximum-lifetime { junos:must "(".. minimum-reuse")"; junos:must-message "'minimum-reuse' must be configured with maximum-lifetime"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "30 .. 365"; } } description "Maximum password lifetime in days"; } leaf minimum-lifetime { junos:must "(".. minimum-reuse")"; junos:must-message "'minimum-reuse' must be configured with minimum-lifetime"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 30"; } } description "Minimum password lifetime in days"; } leaf minimum-length { type union { type string { pattern "<.*>|$.*"; } type int32 { range "6 .. 20"; } } description "Minimum password length for all users"; } leaf maximum-length { type union { type string { pattern "<.*>|$.*"; } type int32 { range "20 .. 128"; } } description "Maximum password length for all users"; } leaf change-type { type enumeration { enum "character-sets" { value 0; description "Count number of character type"; } enum "set-transitions" { value 1; description "Count changes in character type"; } } description "Password change type"; } leaf minimum-changes { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Minimum number of changes in password"; } leaf minimum-numerics { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 128"; } } description "Minimum number of numeric class characters in password"; } leaf minimum-upper-cases { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 128"; } } description "Minimum number of upper-case class characters in password"; } leaf minimum-lower-cases { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 128"; } } description "Minimum number of lower-case class characters in password"; } leaf minimum-punctuations { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 128"; } } description "Minimum number of punctuation class characters in password"; } leaf format { type enumeration { enum "sha1" { value 0; description "Secure Hash Algorithm 1"; } enum "sha256" { value 1; description "Secure Hash Algorithm 256 ($5$)"; } enum "sha512" { value 2; description "Secure Hash Algorithm 512 ($6$)"; } enum "md5" { value 3; description "Message Digest 5"; } enum "des" { value 4; description "Digital Encryption Standard"; } } description "Encryption method to use for password"; } } // container password container deny-sources { description "Sources from which logins are denied"; uses apply-advanced; leaf-list address { type jt:ipprefix-optional; ordered-by user; description "IPv4/IPv6 addresses, prefix length optional, or hostnames"; } } // container deny-sources leaf announcement { type string { length "1 .. 2048"; } description "System announcement message (displayed after login)"; } leaf message { type string { length "1 .. 2048"; } description "System login message"; } } // container login container export-format { description "Setting the properties related to exporting the data"; uses apply-advanced; container json { description "Set the type of JSON format"; uses apply-advanced; choice json-type { leaf verbose { type empty; description "All the objects will be emitted as JSON arrays"; } leaf ietf { type empty; description "JSON format will be emitted as per ietf draft"; } } // choice json-type } // container json container state-data { description "Setting the properties with respect to state data"; uses apply-advanced; container json { description "Set the type of JSON format for state data rendering"; uses apply-advanced; choice json-type { leaf compact { type empty; description "Display JSON in compact format"; } } // choice json-type } // container json } // container state-data } // container export-format container autoinstallation { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "incompatible with 'forwarding-options helpers bootp'"; presence "enable autoinstallation"; description "Autoinstallation configuration"; uses apply-advanced; list interfaces { key "name"; ordered-by user; description "Interfaces to perform autoinstallation"; leaf name { type union { type jt:interface-wildcard; type string { pattern "<.*>|$.*"; } } description "Name of interface"; } uses apply-advanced; leaf bootp { type empty; description "Enable BOOTP/DHCP during autoinstallation"; } leaf rarp { type empty; description "Enable RARP during autoinstallation"; } leaf slarp { type empty; description "Enable SLARP during autoinstallation"; } } // list interfaces list configuration-servers { key "name"; ordered-by user; description "Servers to retrieve configuration files from"; leaf name { type string; description "URL of configuration server"; } leaf password { type jt:unreadable; description "Password for authentication with the configuration server"; } } // list configuration-servers container usb { presence "enable usb"; description "USB Autoinstallation process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable Autoinstallation process"; } } // choice enable-disable } // container usb } // container autoinstallation container services { presence "enable services"; description "System services"; uses apply-advanced; container netproxy { presence "enable netproxy"; description "Netproxy configuration"; } // container netproxy container finger { presence "enable finger"; description "Allow finger requests from remote systems"; uses apply-advanced; leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } } // container finger container ftp { presence "enable ftp"; description "Allow FTP file transfers"; uses apply-advanced; leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } leaf-list authentication-order { type enumeration { enum "radius" { value 0; description "Remote Authentication Dial-In User Service"; } enum "tacplus" { value 1; description "TACACS+ authentication services"; } enum "password" { value 2; description "Traditional password authentication"; } } ordered-by user; } } // container ftp container ssh { presence "enable ssh"; description "Allow ssh access"; uses apply-advanced; leaf-list authentication-order { type enumeration { enum "radius" { value 0; description "Remote Authentication Dial-In User Service"; } enum "tacplus" { value 1; description "TACACS+ authentication services"; } enum "password" { value 2; description "Traditional password authentication"; } } ordered-by user; } leaf root-login { type enumeration { enum "allow" { value 0; description "Allow root access via ssh"; } enum "deny" { value 1; description "Do not allow root access via ssh"; } enum "deny-password" { value 2; description "Allow for non-password-based authentication methods only"; } } description "Configure root access via ssh"; } leaf no-challenge-response { type empty; description "Disables ssh challenge-response based authentication methods"; } leaf no-password-authentication { type empty; description "Disables ssh password based authentication methods"; } leaf no-passwords { type empty; description "Disables ssh password and challenge-response based authentication"; } leaf no-public-keys { type empty; description "Disables ssh public key based authentication"; } choice tcp_forwarding_choices { leaf tcp-forwarding { type empty; description "Allow forwarding TCP connections via SSH"; } leaf no-tcp-forwarding { type empty; description "Do not allow forwarding TCP connections via SSH"; } } // choice tcp_forwarding_choices leaf-list protocol-version { type enumeration { enum "v2" { value 0; description "Version 2 ssh protocol"; } } ordered-by user; description "Specify ssh protocol versions supported"; } leaf max-sessions-per-connection { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 65535"; } } description "Maximum number of sessions per single SSH connection"; } leaf max-pre-authentication-packets { type union { type string { pattern "<.*>|$.*"; } type int32 { range "20 .. 2147483647"; } } description "Maximum number of pre-authentication SSH packets per single SSH connection"; } leaf sftp-server { type empty; description "Globally enable incoming SFTP connections"; } leaf-list ciphers { type enumeration { enum "3des-cbc" { value 0; description "Triple DES in CBC mode"; } enum "aes128-cbc" { value 1; description "128-bit AES with Cipher Block Chaining"; } enum "aes192-cbc" { value 2; description "192-bit AES with Cipher Block Chaining"; } enum "aes256-cbc" { value 3; description "256-bit AES with Cipher Block Chaining"; } enum "aes128-ctr" { value 4; description "128-bit AES with Counter Mode"; } enum "aes192-ctr" { value 5; description "192-bit AES with Counter Mode"; } enum "aes256-ctr" { value 6; description "256-bit AES with Counter Mode"; } enum "aes128-gcm@openssh.com" { value 7; description "128-bit AES with Galois/Counter Mode"; } enum "aes256-gcm@openssh.com" { value 8; description "256-bit AES with Galois/Counter Mode"; } enum "chacha20-poly1305@openssh.com" { value 9; description "ChaCha20 stream cipher and Poly1305 MAC"; } enum "arcfour128" { value 10; description "128-bit RC4 with Cipher Block Chaining "; } enum "arcfour256" { value 11; description "256-bit RC4 with Cipher Block Chaining "; } enum "arcfour" { value 12; description "128-bit RC4 with Cipher Block Chaining "; } enum "blowfish-cbc" { value 13; description "128-bit Blowfish with Cipher Block Chaining "; } enum "cast128-cbc" { value 14; description "128-bit CAST with Cipher Block Chaining "; } } ordered-by user; description "Specify the ciphers allowed for protocol version 2"; } leaf-list macs { type enumeration { enum "hmac-md5" { value 0; description "Hash-based MAC using Message-Digest 5 (MD5)"; } enum "hmac-md5-etm@openssh.com" { value 1; description "Hash-based Encrypt-then-MAC using Message-Digest 5 (MD5)"; } enum "hmac-sha1" { value 2; description "Hash-based MAC using Secure Hash Algorithm (SHA1)"; } enum "hmac-sha1-etm@openssh.com" { value 3; description "Hash-based Encrypt-then-MAC using Secure Hash Algorithm (SHA1)"; } enum "umac-64@openssh.com" { value 4; description "UMAC-64 algorithm specified in RFC4418"; } enum "umac-128@openssh.com" { value 5; description "UMAC-128 algorithm specified in RFC4418"; } enum "umac-64-etm@openssh.com" { value 6; description "Encrypt-then-MAC using UMAC-64 algorithm specified in RFC4418"; } enum "umac-128-etm@openssh.com" { value 7; description "Encrypt-then-MAC using UMAC-128 algorithm specified in RFC4418"; } enum "hmac-sha2-256" { value 8; description "Hash-based MAC using Secure Hash Algorithm (SHA2)"; } enum "hmac-sha2-256-etm@openssh.com" { value 9; description "Hash-based Encrypt-then-Mac using Secure Hash Algorithm (SHA2)"; } enum "hmac-sha2-256-96" { value 10; description "96-bits of Hash-based MAC using SHA2"; } enum "hmac-sha2-512" { value 11; description "Hash-based MAC using Secure Hash Algorithm (SHA2)"; } enum "hmac-sha2-512-etm@openssh.com" { value 12; description "Hash-based Encrypt-then-Mac using Secure Hash Algorithm (SHA2)"; } enum "hmac-sha2-512-96" { value 13; description "96-bits of Hash-based MAC using SHA2"; } enum "hmac-ripemd160" { value 14; description "Hash-based MAC using RIPEMD"; } enum "hmac-ripemd160-etm@openssh.com" { value 15; description "Hash-based Encrypt-then-MAC using RIPEMD"; } enum "hmac-sha1-96" { value 16; description "96-bits of Hash-based MAC using SHA1"; } enum "hmac-sha1-96-etm@openssh.com" { value 17; description "96-bits of Hash-based Encrypt-then-MAC using SHA1"; } enum "hmac-md5-96" { value 18; description "96-bits of Hash-based MAC using MD5"; } enum "hmac-md5-96-etm@openssh.com" { value 19; description "96-bits of Hash-based Encrypt-then-MAC using MD5"; } } ordered-by user; description "Message Authentication Code algorithms allowed (SSHv2)"; } leaf-list key-exchange { type enumeration { enum "curve25519-sha256" { value 0; description "The EC Diffie-Hellman on Curve25519 with SHA2-256 hash"; } enum "ecdh-sha2-nistp256" { value 1; description "The EC Diffie-Hellman on nistp256 with SHA2-256"; } enum "ecdh-sha2-nistp384" { value 2; description "The EC Diffie-Hellman on nistp384 with SHA2-384"; } enum "ecdh-sha2-nistp521" { value 3; description "The EC Diffie-Hellman on nistp521 with SHA2-512"; } enum "group-exchange-sha2" { value 4; description "The RFC 4419 group exchange with SHA2-256 hash"; } enum "group-exchange-sha1" { value 5; description "The RFC 4419 group exchange with SHA1 hash"; } enum "dh-group14-sha1" { value 6; description "The RFC 4253 mandated group14 with SHA1 hash"; } enum "dh-group1-sha1" { value 7; description "The RFC 4253 mandated group1 with SHA1 hash"; } } ordered-by user; description "Specify ssh key-exchange for Diffie-Hellman keys"; } leaf client-alive-count-max { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 255"; } } default "3"; description "Threshold of missing client-alive responses that triggers a disconnect"; } leaf client-alive-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 65535"; } } units "seconds"; default "0"; description "Frequency of client-alive requests"; } container hostkey-algorithm { presence "enable hostkey-algorithm"; description "Specify permissible SSH host-key algorithms"; uses apply-advanced; choice ssh-dss-choice { leaf no-ssh-dss { type empty; description "Disallow generation of 1024-bit DSA host-key"; } container ssh-dss { presence "enable ssh-dss"; status deprecated; description "Allow generation of 1024-bit DSA host-key"; uses apply-advanced; choice allow-deny { leaf allow { type empty; status deprecated; description "Allow generation of 1024-bit DSA host-key"; } leaf deny { type empty; status deprecated; description "Disallow generation of 1024-bit DSA host-key"; } } // choice allow-deny } // container ssh-dss } // choice ssh-dss-choice choice ssh-rsa-choice { leaf no-ssh-rsa { type empty; description "Disallow generation of RSA host-key"; } container ssh-rsa { presence "enable ssh-rsa"; description "Allow generation of RSA host-key"; uses apply-advanced; choice allow-deny { leaf allow { type empty; status deprecated; description "Allow generation of RSA host-key"; } leaf deny { type empty; status deprecated; description "Disallow generation of RSA host-key"; } } // choice allow-deny } // container ssh-rsa } // choice ssh-rsa-choice choice ssh-ecdsa-choice { leaf no-ssh-ecdsa { type empty; description "Disallow generation of ECDSA host-key"; } container ssh-ecdsa { presence "enable ssh-ecdsa"; description "Allow generation of ECDSA host-key"; uses apply-advanced; choice allow-deny { leaf allow { type empty; status deprecated; description "Allow generation of ECDSA host-key"; } leaf deny { type empty; status deprecated; description "Disallow generation of ECDSA host-key"; } } // choice allow-deny } // container ssh-ecdsa } // choice ssh-ecdsa-choice choice ssh-ed25519-choice { leaf no-ssh-ed25519 { type empty; description "Disallow generation of ED25519 host-key"; } leaf ssh-ed25519 { type empty; description "Allow generation of ED25519 host-key"; } } // choice ssh-ed25519-choice } // container hostkey-algorithm leaf fingerprint-hash { type enumeration { enum "sha2-256" { value 0; description "Enable use of SHA2-256"; } enum "md5" { value 1; description "Enable use of MD5"; } } description "Configure hash algorithm used when displaying key fingerprints"; } leaf authorized-keys-command { junos:must "(".. authorized-keys-command-user")"; junos:must-message "'authorized-keys-command-user' must be configured with authorized-keys-command"; type string { length "1 .. 1024"; } description "Specifies a command string to be used to look up the user's public keys"; } leaf authorized-keys-command-user { junos:must "(".. authorized-keys-command")"; junos:must-message "'authorized-keys-command' must be configured with authorized-keys-command-user"; type string { length "1 .. 256"; } description "Specifies the user under whose account the authorized-keys-command is run"; } container rekey { description "Limits before session keys are renegotiated"; uses apply-advanced; leaf data-limit { type string; units "bytes"; description "Data limit before renegotiating session keys"; } leaf time-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1440"; } } units "minutes"; description "Time limit before renegotiating session keys"; } } // container rekey leaf port { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } default "22"; description "Port number to accept incoming connections"; } leaf log-key-changes { type empty; description "Log changes to authorized keys to syslog"; } leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } } // container ssh container telnet { presence "enable telnet"; description "Allow telnet login"; uses apply-advanced; leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } leaf-list authentication-order { type enumeration { enum "radius" { value 0; description "Remote Authentication Dial-In User Service"; } enum "tacplus" { value 1; description "TACACS+ authentication services"; } enum "password" { value 2; description "Traditional password authentication"; } } ordered-by user; } } // container telnet container xnm-clear-text { presence "enable xnm-clear-text"; description "Allow clear text-based JUNOScript connections"; uses apply-advanced; leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } } // container xnm-clear-text container xnm-ssl { presence "enable xnm-ssl"; description "Allow SSL-based JUNOScript connections"; uses apply-advanced; leaf local-certificate { junos:must "("security certificates local $$")"; junos:must-message "certificate must be configured under 'security certificates local'"; type string; description "Name of local X.509 certificate to use"; } choice ssl-renegotiation-choice { leaf ssl-renegotiation { type empty; description "Allow SSL renegotiation"; } leaf no-ssl-renegotiation { type empty; description "Don't allow SSL renegotiation"; } } // choice ssl-renegotiation-choice leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } } // container xnm-ssl container jeb { presence "enable jeb"; description "Configure the Juniper Juniper Entropy Beacon service"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1025 .. 65535"; } } default "57005"; description "JEB Service port"; } leaf rbg { type enumeration { enum "default-rng" { value 0; description "Default CSPRNG"; } enum "hmac-drbg" { junos:must "("system rng hmac-drbg")"; junos:must-message "system rng must be set to hmac-drbg"; value 1; description "HMAC DRBG, NIST SP800-90A"; } enum "jrbc" { value 2; description "Juniper Random Bit Conditioner"; } } description "Random Bit Generator"; } leaf max-seed-size { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65536"; } } default "4096"; description "Maximum allowed size for a requested seed"; } container tls { presence "enable tls"; description "Configure TLS Attributes for JEB Service"; uses apply-advanced; leaf cert-bundle { type string; description "Certificate Bundle File"; } leaf certificate { type string; description "TLS Server Certificate"; } leaf key { type string; description "Private Key File"; } } // container tls } // container jeb container extension-service { description "Enable JUNOS extension services"; uses apply-advanced; container request-response { description "Allow request-response API execution"; uses apply-advanced; container grpc { description "Grpc server configuration"; uses apply-advanced; choice request-response-type { container ssl { description "SSL based API connection settings"; uses apply-advanced; leaf address { type jt:ipaddr; default "::"; description "Address to listen for incoming connections"; } leaf port { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } default "32767"; description "Port number to accept incoming connections"; } leaf-list local-certificate { type string; ordered-by user; description "Name of local X.509 certificate to use"; } container mutual-authentication { description "Enable TLS mutual authentication"; uses apply-advanced; leaf certificate-authority { junos:must "(("security pki ca-profile $$" || "security pki ca-profile-group $$"))"; junos:must-message "ca-profile must be configured under 'security pki ca-profile' or 'security pki ca-profile-group'"; type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Certificate authority profile"; } leaf client-certificate-request { type enumeration { enum "no-certificate" { value 0; description "Client certificate is not requested"; } enum "request-certificate" { value 1; description "Request certificate from client, do not verify"; } enum "request-certificate-and-verify" { value 2; description "Request certificate from client, verify if provided"; } enum "require-certificate" { value 3; description "Client certificate is mandatory, do not verify"; } enum "require-certificate-and-verify" { value 4; description "Client certificate is mandatory, certificate is verified"; } } default "require-certificate-and-verify"; description "Specify requirements for client certificate"; } } // container mutual-authentication } // container ssl } // choice request-response-type leaf max-connections { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 30"; } } default "5"; description "Maximum number of connections"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level or in case of managment routing-instance 'mgmt_junos' make sure 'system management-instance' configuration is set"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance for grpc"; } } // container grpc } // container request-response container notification { presence "enable notification"; description "Enable Notification Services"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } default "1883"; description "Port number to accept incoming connections"; } leaf max-connections { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 20"; } } default "20"; description "Maximum number of connections"; } leaf broker-socket-send-buffer-size { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "65536"; description "Socket send buffer size for the broker to publish the messages"; } container allow-clients { description "Client IPs from which notifications are allowed"; uses apply-advanced; leaf-list address { type jt:ipprefix-optional; ordered-by user; description "IPv4/IPv6 addresses, prefix length optional, or hostnames"; } } // container allow-clients } // container notification container traceoptions { description "Trace options for JSD"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "10"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file container level { description "Trace verbosity level"; choice level-name { leaf error { type empty; description "Only trace error events"; } } // choice level-name } // container level list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "timer" { value 0; description "Trace internal timer events"; } enum "timeouts" { value 1; description "Trace timeouts "; } enum "routing-socket" { value 2; description "Trace routing socket calls"; } enum "general" { value 3; description "Trace general events"; } enum "config" { value 4; description "Trace config events"; } enum "grpc" { value 5; description "Trace grpc related events"; } enum "libgrpc-debug" { value 6; description "Trace all lib grpc related events"; } enum "libgrpc-errors" { value 7; description "Trace lib grpc errors"; } enum "libgrpc-info" { value 8; description "Trace lib grpc info and errors"; } enum "notification" { value 9; description "Trace notification events"; } enum "all" { value 10; description "Trace everything"; } } } } // list flag } // container traceoptions } // container extension-service container netconf { description "Allow NETCONF connections"; uses apply-advanced; container ssh { presence "enable ssh"; description "Allow NETCONF over SSH"; uses apply-advanced; leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } leaf client-alive-count-max { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 255"; } } default "3"; description "Threshold of missing client-alive responses that triggers a disconnect"; } leaf client-alive-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 65535"; } } units "seconds"; default "0"; description "Frequency of client-alive requests"; } leaf port { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 65535"; } } default "830"; description "Service port number"; } } // container ssh container tls { description "Allow NETCONF over TLS"; uses apply-advanced; leaf local-certificate { junos:must "((".. default-client-identity" || ".. client-identity"))"; junos:must-message "Either 'client-identity' OR 'default-client-identity' must be configured"; type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Local Certificate ID"; } list client-identity { key "name"; ordered-by user; description "Individual TLS/NETCONF client information"; leaf name { type string { length "1 .. 31"; } description "Client ID"; } uses apply-advanced; leaf fingerprint { junos:must "(unique ".. .. client-identity <*> fingerprint $$")"; junos:must-message "Fingerprint must be unique for each client"; type string { junos:posix-pattern "^([0-9a-fA-F]){2}(:([0-9a-fA-F]){2}){0,254}$"; junos:pattern-message "Invalid fingerprint. Refer x509c2n:tls-fingerprint format"; } description "Client certificate fingerprint in x509c2n:tls-fingerprint format"; } leaf map-type { type enumeration { enum "specified" { junos:must "(".. username")"; junos:must-message "When the map-type is 'specified', 'username' is mandatory"; value 0; description "Use the specified username as NETCONF username"; } enum "san-dirname-cn" { value 1; description "Use the common name (CN) field of SAN DirName as NETCONF username"; } } description "Map Type"; } leaf username { junos:must "(".. map-type specified")"; junos:must-message "map-type must be 'specified' to use this username. If it is anything other than 'specified', remove this username"; type string { junos:posix-pattern "^[[:alnum:]_]{1,}[.]{0,1}[[:alnum:]_-]{0,}[.]{0,1}[[:alnum:]_-]{0,}$"; junos:pattern-message "Must contain characters (alphanumerics, underscores or hyphens) beginning with an alphanumeric or an underscore character."; } description "NETCONF username if the map-type is specified"; } } // list client-identity container default-client-identity { description "Default TLS/NETCONF client information"; uses apply-advanced; leaf map-type { type enumeration { enum "specified" { junos:must "(".. username")"; junos:must-message "When the map-type is 'specified', 'username' is mandatory"; value 0; description "Use the specified username as NETCONF username"; } enum "san-dirname-cn" { value 1; description "Use the common name (CN) field of SAN DirName as NETCONF username"; } } description "Map Type"; } leaf username { junos:must "(".. map-type specified")"; junos:must-message "map-type must be 'specified' to use this username. If it is anything other than 'specified', remove this username"; type string { junos:posix-pattern "^[[:alnum:]_]{1,}[.]{0,1}[[:alnum:]_-]{0,}[.]{0,1}[[:alnum:]_-]{0,}$"; junos:pattern-message "Must contain characters (alphanumerics, underscores or hyphens) beginning with an alphanumeric or an underscore character."; } description "NETCONF username if the map-type is specified"; } } // container default-client-identity container traceoptions { description "NETCONF over TLS trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "general" { value 0; description "Log the tls-proxyd infra related messages"; } enum "pki" { value 1; description "Log the PKI related messages"; } enum "plugin" { value 2; description "Log the plugin messages"; } enum "app" { value 3; description "Log the application data in plain text"; } enum "all" { value 4; description "Log the entire communication"; } } } } // list flag } // container traceoptions } // container tls container unified { description "Schema options for unified netconf"; uses apply-advanced; leaf unhide { type empty; description "Unhide unified netconf get from CLI"; } } // container unified container hello-message { description "Configuration for NETCONF 'hello' message"; uses apply-advanced; container yang-module-capabilities { description "Advertise YANG module capabilities of the device"; uses apply-advanced; leaf advertise-native-yang-modules { type empty; description "Advertise Junos native YANG modules"; } leaf advertise-custom-yang-modules { type empty; description "Advertise custom YANG modules installed on the device"; } leaf advertise-standard-yang-modules { type empty; description "Advertise standard YANG modules supported by the device"; } } // container yang-module-capabilities } // container hello-message container netconf-monitoring { description "NETCONF monitoring feature (RFC 6022) related configuration"; uses apply-advanced; container netconf-state-schemas { description "Configuration to retrieve the schemas supported by the NETCONF server"; uses apply-advanced; leaf retrieve-custom-yang-modules { type empty; description "Retrieve the custom YANG modules installed on the device"; } leaf retrieve-standard-yang-modules { type empty; description "Retrieve the standard YANG modules supported by the device"; } } // container netconf-state-schemas } // container netconf-monitoring leaf rfc-compliant { type empty; description "Make the NETCONF sessions compliant to RFC 4741"; } leaf yang-compliant { type empty; description "Make the NETCONF sessions compliant to yang schemas"; } leaf flatten-commit-results { junos:must "(".. rfc-compliant")"; junos:must-message "The option 'flatten-commit-results' is only applicable when 'rfc-compliant' is configured"; type empty; description "Suppress the 'commit-results' XML subtree in 'commit' rpc response"; } container yang-modules { description "Tweak settings for YANG modules served on this device"; uses apply-advanced; leaf device-specific { type empty; description "Serve YANG modules specific to this device"; } leaf emit-extensions { type empty; description "Enable serving of Junos YANG extension modules"; } } // container yang-modules container traceoptions { description "NETCONF trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "all" { value 0; description "Log the entire communication"; } enum "incoming" { value 1; description "Log all incoming data"; } enum "outgoing" { value 2; description "Log all outgoing data"; } enum "debug" { value 3; description "Log debug level information"; } } } } // list flag leaf on-demand { type empty; description "Enable on-demand tracing"; } } // container traceoptions container notification { presence "enable notification"; description "Enable Netconf notification service"; uses apply-advanced; leaf interleave { type empty; description "Enable interleaving"; } } // container notification } // container netconf container tftp-server { junos:must "("services app-engine")"; junos:must-message "TFTP server can be enabled only when app-engine is configured"; presence "enable tftp-server"; description "Enable TFTP file transfers"; uses apply-advanced; leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections"; default "75"; description "Limit number of simultaneous connections"; } leaf rate-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 250"; } } units "connections per minute"; default "150"; description "Limit incoming connection rate"; } } // container tftp-server leaf dtcp-only { type empty; description "Allow subscriber DTCP based lawful intercept only"; } container reverse { junos:must "(!("system ports auxiliary"))"; junos:must-message "Cannot have 'system ports auxiliary' configured with reverse telnet/SSH"; description "Allow connections to device connected to the AUX port"; uses apply-advanced; container telnet { presence "enable telnet"; description "Allow reverse telnet connections (over AUX port)"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 65535"; } } default "2900"; description "Port number to accept reverse telnet connections"; } } // container telnet container ssh { presence "enable ssh"; description "Allow reverse SSH connections (over AUX port)"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 65535"; } } default "2901"; description "Port number to accept reverse SSH connections"; } } // container ssh } // container reverse container dns { presence "enable dns"; description "Enable Name server"; uses apply-advanced; leaf max-cache-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 604800"; } } units "seconds"; default "604800"; description "Max TTL for cached responses"; } leaf max-ncache-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 604800"; } } units "seconds"; default "10800"; description "Max TTL for cached negative responses"; } container traceoptions { description "DNS server trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice } // container file leaf debug-level { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 99"; } } default "0"; description "Debug level"; } list category { key "name"; description "Logging category"; leaf name { type enumeration { enum "default" { value 0; description "Categories where no specific configuration"; } enum "general" { value 1; description "General infomation"; } enum "database" { value 2; description "Messages relating to the databases"; } enum "security" { value 3; description "Approval and denial of requests"; } enum "config" { value 4; description "Configuraion file parsing and processing"; } enum "resolver" { value 5; description "DNS resolution"; } enum "xfer-in" { value 6; description "Zone transfers the server is receiving"; } enum "xfer-out" { value 7; description "Zone transfers the server is sending"; } enum "notify" { value 8; description "The NOTIFY protocol"; } enum "client" { value 9; description "Processing of client requests"; } enum "unmatched" { value 10; description "Messages named was unable to determine the class"; } enum "network" { value 11; description "Network options"; } enum "update" { value 12; description "Dynamic updates"; } enum "update-security" { value 13; description "Approval and denial of update requests"; } enum "queries" { value 14; description "DNS query"; } enum "dispatch" { value 15; description "Dispatching of incoming packets to the server"; } enum "dnssec" { value 16; description "DNSSEC and TSIG protocol processing"; } enum "lame-servers" { value 17; description "Lame servers"; } enum "delegation-only" { value 18; description "Delegation only"; } enum "edns-disabled" { value 19; description "Log query using plain DNS"; } } } } // list category leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of NAMED demon to enable debugging output"; leaf name { type enumeration { enum "ddns" { value 0; description "Trace DDNS code"; } enum "config" { value 1; description "Trace configuration code"; } enum "ui" { value 2; description "Trace ui code"; } enum "rtsock" { value 3; description "Trace rtsock code"; } enum "all" { value 4; description "Trace all areas of code"; } enum "trace" { value 5; description "Trace tracing code"; } } } } // list flag } // container traceoptions list forwarders { key "name"; ordered-by user; description "Server IPs to DNS query will be forwarded"; leaf name { type jt:ipaddr; description "IP address"; } uses apply-advanced; } // list forwarders container dnssec { presence "enable dnssec"; description "Configure DNSSEC"; uses apply-advanced; leaf disable { type empty; description "Disable DNSSEC"; } container trusted-keys { presence "enable trusted-keys"; description "Trusted keys"; uses apply-advanced; list key { key "name"; ordered-by user; description "Trusted key"; leaf name { type string; description "Trusted key"; } uses apply-advanced; } // list key } // container trusted-keys list dlv { key "domain trusted-anchor"; ordered-by user; description "Configure DLV (DNS Lookaside Validation)"; leaf domain { type string; description "Name of the domain"; } leaf trusted-anchor { type string; description "Trusted DLV anchor"; } } // list dlv list secure-domains { key "name"; ordered-by user; description "Domains for which only signed responses are accepted"; leaf name { type string; description "Domain name"; } uses apply-advanced; } // list secure-domains } // container dnssec container dns-proxy { description "Configure DNS proxy server"; uses apply-advanced; leaf propogate-setting { type enumeration { enum "enable" { value 0; description "Enable propogate name-server"; } enum "disable" { value 1; description "Disable propogate name-server"; } } description "Use dhcp/pppoe propogated name-server as forwarders for DNS proxy"; } list interface { key "name"; max-elements 512; description "Configure interface for DNS proxy"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; } // list interface list default-domain { key "name"; max-elements 16; ordered-by user; description "Configure domain for split DNS"; leaf name { junos:must "(!("system services dns forwarders"))"; junos:must-message "Domain cannot be configured if 'forwarders' is configured"; type string { junos:posix-pattern "^[[:alnum:]._-]+$|^[*]$"; junos:pattern-message "Must be a valid domain-name"; length "1 .. 50"; } description "Configure domain-name for split DNS"; } uses apply-advanced; list forwarders { key "name"; max-elements 16; ordered-by user; description "Server IP for forwarding DNS query"; leaf name { type jt:ipaddr; description "IP address"; } uses apply-advanced; } // list forwarders } // list default-domain list cache { key "name"; description "Configure DNS proxy static cache entries"; leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$|^[*]$"; junos:pattern-message "Must be a valid hostname"; } description "Hostname"; } leaf inet { type jt:ipaddr; description "Host's IPv4 address"; } } // list cache list view { key "name"; max-elements 32; ordered-by user; description "Configure view for split DNS"; leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$|^[*]$"; junos:pattern-message "Must be a valid viewname"; length "1 .. 50"; } description "Configure View select list identifier"; } uses apply-advanced; list match-clients { key "name"; max-elements 16; ordered-by user; description "Interface IP to DNS query will be handled"; leaf name { junos:must "(unique "system services dns dns-proxy view <*> match-clients $$")"; junos:must-message "match-client has to be unique among all views"; type jt:ipprefix; description "Logical subnet address/netmask"; } uses apply-advanced; } // list match-clients list domain { key "name"; max-elements 16; ordered-by user; description "Configure domain for split DNS"; leaf name { junos:must "(!("system services dns forwarders"))"; junos:must-message "Domain cannot be configured if 'forwarders' is configured"; type string { junos:posix-pattern "^[[:alnum:]._-]+$|^[*]$"; junos:pattern-message "Must be a valid domain-name"; length "1 .. 50"; } description "Configure domain-name for split DNS"; } uses apply-advanced; leaf forward-only { type empty; description "The server will only forward queries"; } list forwarders { key "name"; max-elements 16; ordered-by user; description "Server IP for forwarding DNS query"; leaf name { type jt:ipaddr; description "IP address"; } uses apply-advanced; } // list forwarders } // list domain } // list view } // container dns-proxy } // container dns container rest { description "Allow RPC execution over HTTP(S) connection"; uses apply-advanced; container http { presence "enable http"; description "Unencrypted HTTP connection settings"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1024 .. 65535"; } } default "3000"; description "Port number to accept HTTP connections"; } leaf-list addresses { type jt:ipv4addr; ordered-by user; description "List of addresses to listen for incoming connections"; } } // container http container https { description "Encrypted HTTPS connections"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1024 .. 65535"; } } default "3443"; description "Port number to accept HTTPS connections"; } leaf-list addresses { type jt:ipv4addr; ordered-by user; description "List of addresses to listen for incoming connections"; } leaf server-certificate { type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Local certificate identifier"; } leaf ca-chain { junos:must "(("security pki ca-profile $$" || "security pki ca-profile-group $$"))"; junos:must-message "ca-profile must be configured under 'security pki ca-profile' or 'security pki ca-profile-group'"; type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Certificate authority chain profile"; } leaf-list cipher-list { type enumeration { enum "rsa-with-rc4-128-md5" { value 0; description "RSA, 128bit rc4, md5 hash"; } enum "rsa-with-rc4-128-sha" { value 1; description "RSA, 128bit rc4, sha hash"; } enum "rsa-with-3des-ede-cbc-sha" { value 2; description "RSA, 3des ede/cbc, sha hash"; } enum "dhe-rsa-with-3des-ede-cbc-sha" { value 3; description "DHE/rsa, 3es/ede cbc, sha hash"; } enum "rsa-with-aes-128-cbc-sha" { value 4; description "RSA, 128 bit aes/cbc, sha hash"; } enum "dhe-rsa-with-aes-128-cbc-sha" { value 5; description "DHE/rsa, 128 bit aes/cbc, sha hash"; } enum "rsa-with-aes-256-cbc-sha" { value 6; description "RSA, 256 bit aes/cbc, sha hash"; } enum "dhe-rsa-with-aes-256-cbc-sha" { value 7; description "DHE/rsa, 256 bit aes/cbc, sha hash"; } enum "ecdhe-rsa-with-rc4-128-sha" { value 8; description "ECDHE/rsa, 128 bit rc4, sha hash"; } enum "ecdhe-rsa-with-3des-ede-cbc-sha" { value 9; description "ECDHE/rsa, 128bit 3des ede/cbc sha hash"; } enum "ecdhe-rsa-with-aes-128-cbc-sha" { value 10; description "ECDHE/rsa, 128 bit aes/cbc, sha hash"; } enum "ecdhe-rsa-with-aes-256-cbc-sha" { value 11; description "ECDHE/rsa, 256 bit aes/cbc, sha hash"; } enum "rsa-with-aes-128-cbc-sha256" { value 12; description "RSA, 128 bit aes/cbc, sha256 hash "; } enum "rsa-with-aes-256-cbc-sha256" { value 13; description "RSA, 256 bit aes/cbc, sha256 hash"; } enum "dhe-rsa-with-aes-128-cbc-sha256" { value 14; description "DHE/rsa, 128 bit aes/cbc, sha256 hash"; } enum "dhe-rsa-with-aes-256-cbc-sha256" { value 15; description "DHE/rsa, 256 bit aes/cbc, sha256 hash"; } enum "rsa-with-aes-128-gcm-sha256" { value 16; description "RSA, 128 bit aes/gcm, sha256 hash"; } enum "rsa-with-aes-256-gcm-sha384" { value 17; description "RSA, 256 bit aes/gcm, sha384 hash"; } enum "dhe-rsa-with-aes-128-gcm-sha256" { value 18; description "DHE/rsa, 128 bit aes/gcm, sha256 hash"; } enum "dhe-rsa-with-aes-256-gcm-sha384" { value 19; description "DHE/rsa, 256 bit aes/gcm, sha384 hash"; } enum "ecdhe-rsa-with-aes-128-cbc-sha256" { value 20; description "ECDHE/rsa, 128 bit aes/cbc, sha256 hash"; } enum "ecdhe-rsa-with-aes-256-cbc-sha384" { value 21; description "ECDHE/rsa, 256 bit aes/cbc, sha384 hash"; } enum "ecdhe-rsa-with-aes-128-gcm-sha256" { value 22; description "ECDHE/rsa, 128 bit aes/gcm, sha256 hash"; } enum "ecdhe-rsa-with-aes-256-gcm-sha384" { value 23; description "ECDHE/rsa, 256 bit aes/gcm, sha384 hash"; } } ordered-by user; description "List of allowed cipher suites in order of preference"; } container mutual-authentication { description "Enable TLS mutual authentication"; uses apply-advanced; leaf certificate-authority { type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Certificate authority profile"; } } // container mutual-authentication } // container https container control { description "Control of the rest-api process"; uses apply-advanced; leaf-list allowed-sources { type jt:ipv4addr; ordered-by user; description "List of allowed source IP addresses"; } leaf connection-limit { type union { type string { pattern "<.*>|$.*"; } type int32; } description "Maximum number of simultaneous connections"; } } // container control container traceoptions { description "Trace options for rest-api service"; uses apply-advanced; leaf flag { type enumeration { enum "lighttpd" { value 0; description "Enable tracing for lighttpd"; } enum "juise" { value 1; description "Enable tracing for JUISE"; } enum "all" { value 2; description "Enable all traces"; } } description "Area to enable tracing"; } } // container traceoptions leaf enable-explorer { type empty; description "Enable REST API explorer tool"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } } // container rest container subscriber-management-helper { description "Subscriber management helper configuration"; uses smihelperd-type; } // container subscriber-management-helper container dhcp-local-server { description "Dynamic Host Configuration Protocol server configuration"; uses jdhcp-local-server-type; } // container dhcp-local-server container database-replication { junos:must "(("chassis redundancy graceful-switchover" || "chassis cluster redundancy-group"))"; junos:must-message "'database-replication' statement cannot be included without 'chassis redundancy graceful-switchover' or 'chassis cluster redundancy-group' statement"; description "Database replication configuration"; uses bdbrepd-type; } // container database-replication container web-management { junos:must "((". http" || ". https"))"; junos:must-message "HTTP or HTTPS web services must be enabled"; description "Web management configuration"; uses apply-advanced; container traceoptions { description "Web management trace options"; uses httpd_traceoptions_type; } // container traceoptions leaf management-url { type string; description "URL path for web management access"; } container https { presence "enable https"; description "Encrypted HTTPS connections"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "443"; description "TCP port for incoming HTTPS connections"; } choice certificate-choice { leaf local-certificate { junos:must "("security certificates local $$")"; junos:must-message "certificate must be configured under 'security certificates local'"; type string; description "X.509 certificate to use (from configuration)"; } leaf pki-local-certificate { type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "X.509 certificate to use (from PKI local store)"; } leaf system-generated-certificate { type empty; description "X.509 certificate generated automatically by system"; } } // choice certificate-choice leaf-list interface { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Interfaces that accept HTTPS access"; } } // container https container control { description "Control of the web management process"; uses apply-advanced; leaf max-threads { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 16"; } } default "5"; description "Maximum simultaneous threads to handle requests"; } } // container control container session { description "Session parameters"; uses apply-advanced; leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1440"; } } units "minutes"; default "30"; description "Default timeout of web-management sessions"; } leaf session-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 7"; } } description "Maximum number of web-management sessions to allow"; } } // container session } // container web-management container static-subscribers { description "Static Subscriber Client configuration"; uses jsscd-static-subscribers-type; } // container static-subscribers container subscriber-management { description "Subscriber management configuration"; uses smid-type; } // container subscriber-management container resource-monitor { description "Resource monitor configuration"; uses resource-monitor-type; } // container resource-monitor container bbe-stats-service { description "Bbe statistics configuration"; uses bbe-stats-type; } // container bbe-stats-service container extensible-subscriber-services { description "Extensible Subscriber Services Configuration"; uses apply-advanced; container maximum-subscribers { description "Maximum number of subscribers"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 16000"; } } description "Maximum number of subscribers"; } } // container maximum-subscribers container commit-interval { description "Script configuration commit interval"; uses apply-advanced; leaf interval { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "10 .. 3600"; } } description "Commit interval in seconds"; } } // container commit-interval container flat-file-accounting-interval { status deprecated; description "Flat file accounting collection interval"; uses apply-advanced; leaf interval { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "600 .. 7200"; } } description "Flat file accounting interval in seconds"; } } // container flat-file-accounting-interval container flat-file-rollover-interval { status deprecated; description "Flat file accounting rollover interval"; uses apply-advanced; leaf interval { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "600 .. 7200"; } } description "Flat file accounting rollover interval in seconds"; } } // container flat-file-rollover-interval container logical-interface-unit-range { presence "enable logical-interface-unit-range"; description "Logical interface unit range"; uses apply-advanced; leaf low { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 16385"; } } description "Lower limit of logical interface unit range"; } leaf high { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 16385"; } } description "Upper limit of logical interface unit range"; } } // container logical-interface-unit-range container dictionary { description "Dictionary Information"; uses apply-advanced; leaf dictionary-path { type jt:filename; description "Complete path with dictionary name"; } } // container dictionary container flat-file-accounting-format { status deprecated; description "Flat file accounting format"; uses apply-advanced; choice format { leaf ipdr { type empty; description "IPDR format"; } leaf csv { type empty; description "CSV format"; } } // choice format } // container flat-file-accounting-format container access-profile { description "Access profile reference"; uses apply-advanced; leaf access-profile-name { junos:must "("access profile $$")"; junos:must-message "referenced access profile must be defined"; type string { length "1 .. 63"; } description "Profile name"; } } // container access-profile leaf flat-file-profile { junos:must "("accounting-options flat-file-profile $$")"; junos:must-message "referenced accounting profile must be defined"; type string; description "Flat file profile name"; } } // container extensible-subscriber-services container dhcp { junos:must "(!("forwarding-options dhcp-relay group"))"; junos:must-message "Incompatible with 'forwarding-options dhcp-relay'"; junos:must "(!(any "routing-instances <*> forwarding-options dhcp-relay group"))"; junos:must-message "Incompatible with 'forwarding-options dhcp-relay group'"; junos:must "(!(any "routing-instances <*> system services dhcp-local-server group"))"; junos:must-message "Incompatible with 'system services dhcp-local-server group'"; junos:must "(!("system services dhcp-local-server group"))"; junos:must-message "Incompatible with 'system services dhcp-local-server group'"; description "Configure DHCP server"; uses apply-advanced; leaf maximum-lease-time { type string; units "seconds"; description "Maximum lease time advertised to clients"; } leaf default-lease-time { type string; units "seconds"; description "Default lease time advertised to clients"; } leaf domain-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Invalid domain-name string"; length "1 .. 254"; } description "Domain name advertised to clients"; } list name-server { key "name"; ordered-by user; description "Domain name servers available to the client"; leaf name { type jt:ipv4addr; description "DNS server's IPv4 address"; } uses apply-advanced; } // list name-server list domain-search { key "name"; ordered-by user; description "Domain search list used to resolve hostnames"; leaf name { type string; description "DNS search suffix"; } uses apply-advanced; } // list domain-search list wins-server { key "name"; ordered-by user; description "NetBIOS name servers"; leaf name { type jt:ipv4addr; description "WINS server's IPv4 address"; } uses apply-advanced; } // list wins-server list router { key "name"; ordered-by user; description "Routers advertised to clients"; leaf name { type jt:ipv4addr; description "Router's IPv4 address"; } uses apply-advanced; } // list router leaf boot-file { type string; description "Boot filename advertised to clients"; } leaf boot-server { type string { junos:posix-pattern "^[[:alnum:]._/:-]+$"; junos:pattern-message "Invalid boot-server string"; } description "Boot server advertised to clients"; } leaf next-server { type jt:ipv4addr; description "Next server that clients need to contact"; } leaf server-identifier { type jt:ipv4addr; description "DHCP server identifier advertised to clients"; } list option { key "name"; ordered-by user; description "DHCP option"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "DHCP option identifier code"; } choice option-type-choice { leaf flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } description "Boolean flag value"; } leaf byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Unsigned 8-bit value"; } leaf short { type union { type int16; type string { pattern "<.*>|$.*"; } } description "Signed 16-bit numeric value"; } leaf unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Unsigned 16-bit numeric value"; } leaf integer { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Signed 32-bit numeric value"; } leaf unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Unsigned 32-bit numeric value"; } leaf string { type string { length "1 .. 254"; } description "Character string value"; } leaf ip-address { type jt:ipv4addr; description "IP address value"; } container array { presence "enable array"; description "Array of values"; uses apply-advanced; choice option-type-array-choice { leaf-list flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } ordered-by user; description "Array of boolean flag values"; } leaf-list byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 8-bit values"; } leaf-list short { type union { type int16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 16-bit numeric values"; } leaf-list unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of 16-bit numeric values"; } leaf-list integer { type union { type int32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 32-bit numeric values"; } leaf-list unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 32-bit numeric values"; } leaf-list string { type string { length "1 .. 254"; } ordered-by user; description "Array of character string values"; } leaf-list ip-address { type jt:ipv4addr; ordered-by user; description "Array of IP address values"; } } // choice option-type-array-choice } // container array leaf byte-stream { type string; description "Stream of unsigned 8-bit values within quotes"; } } // choice option-type-choice } // list option container sip-server { description "SIP servers to clients"; uses apply-advanced; list name { key "name"; ordered-by user; description "Names of SIP servers"; leaf name { junos:must "(!(any ".. .. address <*>"))"; junos:must-message "Cannot configure sip-server by both name and address"; type string; description "SIP server name"; } uses apply-advanced; } // list name list address { key "name"; ordered-by user; description "IP addresses of SIP servers"; leaf name { type jt:ipv4addr; description "SIP server's IPv4 address"; } uses apply-advanced; } // list address } // container sip-server container traceoptions { description "DHCP server trace options"; uses dhcp-traceoptions-type; } // container traceoptions list pool { key "name"; ordered-by user; description "DHCP address pool"; leaf name { type jt:ipprefix; description "Logical subnet address/netmask"; } uses apply-advanced; container address-range { presence "enable address-range"; description "Range of addresses to choose from"; leaf low { type jt:ipv4addr; description "Lowest address in the range"; } leaf high { type jt:ipv4addr; description "Highest address in the range"; } } // container address-range list exclude-address { key "name"; ordered-by user; description "Address to exclude from pool"; leaf name { type jt:ipv4addr; description "IPv4 address"; } uses apply-advanced; } // list exclude-address leaf maximum-lease-time { type string; units "seconds"; description "Maximum lease time advertised to clients"; } leaf default-lease-time { type string; units "seconds"; description "Default lease time advertised to clients"; } leaf domain-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Invalid domain-name string"; length "1 .. 254"; } description "Domain name advertised to clients"; } list name-server { key "name"; ordered-by user; description "Domain name servers available to the client"; leaf name { type jt:ipv4addr; description "DNS server's IPv4 address"; } uses apply-advanced; } // list name-server list domain-search { key "name"; ordered-by user; description "Domain search list used to resolve hostnames"; leaf name { type string; description "DNS search suffix"; } uses apply-advanced; } // list domain-search list wins-server { key "name"; ordered-by user; description "NetBIOS name servers"; leaf name { type jt:ipv4addr; description "WINS server's IPv4 address"; } uses apply-advanced; } // list wins-server list router { key "name"; ordered-by user; description "Routers advertised to clients"; leaf name { type jt:ipv4addr; description "Router's IPv4 address"; } uses apply-advanced; } // list router leaf boot-file { type string; description "Boot filename advertised to clients"; } leaf boot-server { type string { junos:posix-pattern "^[[:alnum:]._/:-]+$"; junos:pattern-message "Invalid boot-server string"; } description "Boot server advertised to clients"; } leaf next-server { type jt:ipv4addr; description "Next server that clients need to contact"; } leaf server-identifier { type jt:ipv4addr; description "DHCP server identifier advertised to clients"; } list option { key "name"; ordered-by user; description "DHCP option"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "DHCP option identifier code"; } choice option-type-choice { leaf flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } description "Boolean flag value"; } leaf byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Unsigned 8-bit value"; } leaf short { type union { type int16; type string { pattern "<.*>|$.*"; } } description "Signed 16-bit numeric value"; } leaf unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Unsigned 16-bit numeric value"; } leaf integer { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Signed 32-bit numeric value"; } leaf unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Unsigned 32-bit numeric value"; } leaf string { type string { length "1 .. 254"; } description "Character string value"; } leaf ip-address { type jt:ipv4addr; description "IP address value"; } container array { presence "enable array"; description "Array of values"; uses apply-advanced; choice option-type-array-choice { leaf-list flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } ordered-by user; description "Array of boolean flag values"; } leaf-list byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 8-bit values"; } leaf-list short { type union { type int16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 16-bit numeric values"; } leaf-list unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of 16-bit numeric values"; } leaf-list integer { type union { type int32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 32-bit numeric values"; } leaf-list unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 32-bit numeric values"; } leaf-list string { type string { length "1 .. 254"; } ordered-by user; description "Array of character string values"; } leaf-list ip-address { type jt:ipv4addr; ordered-by user; description "Array of IP address values"; } } // choice option-type-array-choice } // container array leaf byte-stream { type string; description "Stream of unsigned 8-bit values within quotes"; } } // choice option-type-choice } // list option container sip-server { description "SIP servers to clients"; uses apply-advanced; list name { key "name"; ordered-by user; description "Names of SIP servers"; leaf name { junos:must "(!(any ".. .. address <*>"))"; junos:must-message "Cannot configure sip-server by both name and address"; type string; description "SIP server name"; } uses apply-advanced; } // list name list address { key "name"; ordered-by user; description "IP addresses of SIP servers"; leaf name { type jt:ipv4addr; description "SIP server's IPv4 address"; } uses apply-advanced; } // list address } // container sip-server leaf propagate-settings { type string; description "Interface name for propagating TCP/IP settings to pool"; } leaf-list propagate-ppp-settings { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } max-elements 8; ordered-by user; description "PPP interface name for propagating DNS/WINS settings to pool"; } } // list pool list static-binding { key "name"; ordered-by user; description "DHCP client's hardware address"; leaf name { type jt:mac-addr; description "Ethernet hardware address belonging to host"; } uses apply-advanced; list fixed-address { key "name"; ordered-by user; description "Possible IP addresses to assign to host"; leaf name { type jt:ipaddr; description "IPv4 address"; } uses apply-advanced; } // list fixed-address leaf host-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Invalid host-name string"; } description "Hostname for this client"; } container client-identifier { description "Client identifier option"; choice client-identifier-choice { leaf ascii { type string; description "Client identifier as an ASCII string"; } leaf hexadecimal { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; } description "Client identifier as a hexadecimal string"; } } // choice client-identifier-choice } // container client-identifier leaf domain-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Invalid domain-name string"; length "1 .. 254"; } description "Domain name advertised to clients"; } list name-server { key "name"; ordered-by user; description "Domain name servers available to the client"; leaf name { type jt:ipv4addr; description "DNS server's IPv4 address"; } uses apply-advanced; } // list name-server list domain-search { key "name"; ordered-by user; description "Domain search list used to resolve hostnames"; leaf name { type string; description "DNS search suffix"; } uses apply-advanced; } // list domain-search list wins-server { key "name"; ordered-by user; description "NetBIOS name servers"; leaf name { type jt:ipv4addr; description "WINS server's IPv4 address"; } uses apply-advanced; } // list wins-server list router { key "name"; ordered-by user; description "Routers advertised to clients"; leaf name { type jt:ipv4addr; description "Router's IPv4 address"; } uses apply-advanced; } // list router leaf boot-file { type string; description "Boot filename advertised to clients"; } leaf boot-server { type string { junos:posix-pattern "^[[:alnum:]._/:-]+$"; junos:pattern-message "Invalid boot-server string"; } description "Boot server advertised to clients"; } leaf next-server { type jt:ipv4addr; description "Next server that clients need to contact"; } leaf server-identifier { type jt:ipv4addr; description "DHCP server identifier advertised to clients"; } list option { key "name"; ordered-by user; description "DHCP option"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "DHCP option identifier code"; } choice option-type-choice { leaf flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } description "Boolean flag value"; } leaf byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } description "Unsigned 8-bit value"; } leaf short { type union { type int16; type string { pattern "<.*>|$.*"; } } description "Signed 16-bit numeric value"; } leaf unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Unsigned 16-bit numeric value"; } leaf integer { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Signed 32-bit numeric value"; } leaf unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Unsigned 32-bit numeric value"; } leaf string { type string { length "1 .. 254"; } description "Character string value"; } leaf ip-address { type jt:ipv4addr; description "IP address value"; } container array { presence "enable array"; description "Array of values"; uses apply-advanced; choice option-type-array-choice { leaf-list flag { type enumeration { enum "true" { value 0; description "True value"; } enum "false" { value 1; description "False value"; } enum "on" { value 2; description "On value"; } enum "off" { value 3; description "Off value"; } } ordered-by user; description "Array of boolean flag values"; } leaf-list byte { type union { type uint8; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 8-bit values"; } leaf-list short { type union { type int16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 16-bit numeric values"; } leaf-list unsigned-short { type union { type uint16; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of 16-bit numeric values"; } leaf-list integer { type union { type int32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of signed 32-bit numeric values"; } leaf-list unsigned-integer { type union { type uint32; type string { pattern "<.*>|$.*"; } } ordered-by user; description "Array of unsigned 32-bit numeric values"; } leaf-list string { type string { length "1 .. 254"; } ordered-by user; description "Array of character string values"; } leaf-list ip-address { type jt:ipv4addr; ordered-by user; description "Array of IP address values"; } } // choice option-type-array-choice } // container array leaf byte-stream { type string; description "Stream of unsigned 8-bit values within quotes"; } } // choice option-type-choice } // list option container sip-server { description "SIP servers to clients"; uses apply-advanced; list name { key "name"; ordered-by user; description "Names of SIP servers"; leaf name { junos:must "(!(any ".. .. address <*>"))"; junos:must-message "Cannot configure sip-server by both name and address"; type string; description "SIP server name"; } uses apply-advanced; } // list name list address { key "name"; ordered-by user; description "IP addresses of SIP servers"; leaf name { type jt:ipv4addr; description "SIP server's IPv4 address"; } uses apply-advanced; } // list address } // container sip-server } // list static-binding leaf propagate-settings { type string; description "Interface name for propagating TCP/IP settings to pool"; } leaf-list propagate-ppp-settings { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } max-elements 8; ordered-by user; description "PPP interface name for propagating DNS/WINS settings globally"; } } // container dhcp container dynamic-dns { description "Configure DNS dynamic dns"; uses apply-advanced; list client { key "name"; max-elements 256; ordered-by user; description "Configure DNS dynamic dns clients"; leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$|^[*]$"; junos:pattern-message "Must be a valid hostname"; } description "Internal dns hostname"; } uses apply-advanced; leaf server { type enumeration { enum "dyndns" { value 0; } enum "ddo" { value 1; } } description "Dynamic DNS server - members.dyndns.org or ddo.jp"; } leaf agent { type string; description "Dynamic DNS agent name"; } leaf username { type string; description "Dynamic DNS server username"; } leaf password { type jt:unreadable; description "Dynamic DNS server password"; } leaf interface { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } } // list client } // container dynamic-dns container webapi { description "Webapi configuration"; uses apply-advanced; container user { description "User name"; uses apply-advanced; leaf user-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$"; junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots"; length "1 .. 64"; } description "User name"; } leaf password { type string { length "1 .. 128"; } description "Password string"; } } // container user list client { key "name"; max-elements 20; ordered-by user; description "Address of permitted HTTP/HTTPS request originator"; leaf name { type jt:ipaddr; description "Address"; } } // list client container http { presence "enable http"; description "Unencrypted HTTP connection settings"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "8080"; description "TCP port for incoming HTTP connections"; } } // container http container https { description "Encrypted HTTPS connection settings"; uses apply-advanced; leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "8443"; description "TCP port for incoming HTTPS connections"; } leaf default-certificate { type empty; description "X.509 certificate generated by system"; } leaf pki-local-certificate { type string { length "1 .. 256"; } description "X.509 certificate to use (from PKI local store)"; } leaf certificate { type string { length "1 .. 256"; } description "X.509 certificate to use (from local file system)"; } leaf certificate-key { type string { length "1 .. 256"; } description "X.509 certificate key to use (from local file system)"; } } // container https container debug-log { description "Debug log for webapi daemon"; uses apply-advanced; leaf file { type string { length "1 .. 255"; } description "Debug file for webapi daemon"; } } // container debug-log container debug-level { description "Debug level for webapi daemon"; uses apply-advanced; choice level { leaf emerg { type empty; description "Match emergence messages"; } leaf alert { type empty; description "Match alert messages"; } leaf crit { type empty; description "Match critical messages"; } leaf error { type empty; description "Match error messages"; } leaf warn { type empty; description "Match warning messages"; } leaf notice { type empty; description "Match notice messages"; } leaf info { type empty; description "Match informational messages"; } } // choice level } // container debug-level } // container webapi container outbound-https { description "Initiate outbound HTTPS connection"; uses apply-advanced; list client { key "name"; ordered-by user; description "Define a device initiated outbound https connection"; leaf name { type string; description "Client application identifier"; } uses apply-advanced; leaf device-id { type string; description "Unique ID used by client to identify this device"; } leaf secret { type jt:unreadable; description "Shared secret between client and this device"; } leaf waittime { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Wait time to retry if none of the gRPC servers are available"; } leaf reconnect-strategy { type enumeration { enum "sticky" { value 0; description "Attempt to reconnect to the gRPC server last connected to"; } enum "in-order" { value 1; description "Attempt to reconnect to the first gRPC server configured"; } } default "in-order"; description "Strategy used to reconnect to a gRPC server in the list"; } list servers { key "name"; ordered-by user; description "Client application servers"; leaf name { type string; description "GRPC server IP or hostname"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "GRPC server port"; } leaf trusted-cert { type string; description "Certificate chain content without newlines"; } } // list servers } // list client } // container outbound-https container service-deployment { description "Configuration for Service Deployment (SDXD) management application"; uses apply-advanced; leaf local-certificate { junos:must "("security certificates local $$")"; junos:must-message "certificate must be configured under 'security certificates local'"; type string { length "1 .. 1024"; } description "Name of local X.509 certificate to use"; } leaf source-address { type jt:ipv4addr; description "Local IPv4 address to be used as source address for traffic to SDX"; } list servers { key "name"; max-elements 3; ordered-by user; description "Service deployment system configuration"; leaf name { type jt:ipv4addr; description "IPv4 address of SDX server"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "TCP port of SDX server"; } leaf user { junos:must "("system login user $$")"; junos:must-message "Referenced user must be configured"; type string; description "Username used by SDX when logging into the router"; } container security-options { description "Specify mechanism to secure the connection"; uses apply-advanced; choice protocol { leaf tls { type empty; description "Use TLS for transport layer security"; } leaf ssl3 { type empty; description "Use SSLv3 for transport layer security"; } } // choice protocol } // container security-options } // list servers container traceoptions { description "Service deployment daemon trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Tracing options"; leaf name { type enumeration { enum "beep" { value 0; description "Trace BEEP protocol events"; } enum "profile" { value 1; description "Trace BEEP profile events"; } enum "application" { value 2; description "Trace application events"; } enum "io" { value 3; description "Trace I/O activities"; } enum "all" { value 4; description "Trace everything"; } } } } // list flag } // container traceoptions } // container service-deployment container outbound-ssh { description "Initiate outbound SSH connection"; uses apply-advanced; leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing-instance must be defined under [edit routing-instances] hierarchy"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance through which client is reachable"; } container traceoptions { description "Outbound SSH trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "configuration" { value 0; description "Trace configuration events"; } enum "connectivity" { value 1; description "Trace TCP connection handling"; } enum "all" { value 2; description "Trace everything"; } } } } // list flag } // container traceoptions list client { key "name"; ordered-by user; description "Define a device initiated SSH connection"; leaf name { type string; description "Client application identifier"; } uses apply-advanced; leaf disable-ssh-security-settings { type empty; status deprecated; description "Disable ssh security parameter defined under [system services ssh]"; } leaf device-id { type string; description "Unique ID used by client to identify this device"; } leaf secret { type jt:unreadable; description "Shared secret between client and this device"; } container keep-alive { presence "enable keep-alive"; uses apply-advanced; leaf retry { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "3"; description "Maximum number of connection attempts"; } leaf timeout { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "15"; description "Timeout value for conection attempts"; } } // container keep-alive leaf reconnect-strategy { type enumeration { enum "sticky" { value 0; description "Attempt to reconnect to the server last connected to"; } enum "in-order" { value 1; description "Attempt to reconnect to the first server configured"; } } default "in-order"; description "Strategy used to reconnect to a server"; } leaf services { type enumeration { enum "netconf" { value 0; description "Enable invoking NETCONF sub-system"; } } description "The subsystem(s) that can be invoked"; } list servers { key "name"; ordered-by user; description "Client application servers"; leaf name { type string; description "Client address to connect to"; } uses apply-advanced; leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Client port to connect to"; } leaf retry { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "3"; description "Maximum number of connection attempts"; } leaf timeout { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "15"; description "Timeout value for conection attempts"; } } // list servers } // list client } // container outbound-ssh } // container services leaf auto-snapshot { type empty; description "Enable auto-snapshot when boots from alternate slice"; } leaf domain-name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores"; length "1 .. 255"; } description "Domain name for this router"; } leaf-list domain-search { type string; ordered-by user; description "List of domain names to search"; } leaf no-hidden-commands { type empty; description "Deny hidden commands for all users except root"; } container statistics-timeout { description "Statistics - Configurable Timeout"; uses apply-advanced; leaf statistics-timeout-value { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1000 .. 60000"; } } description "Statistics - Configurable Timeout value in milliseconds(1000 to 60000)"; } } // container statistics-timeout container backup-router { description "IPv4 router to use while booting"; leaf address { type jt:ipv4addr; description "Address of router to use while booting"; } leaf-list destination { type jt:ipv4prefix; ordered-by user; description "Destination network reachable through the router"; } } // container backup-router container inet6-backup-router { description "IPv6 router to use while booting"; leaf address { type jt:ipv6addr; description "Address of router to use while booting"; } leaf-list destination { type jt:ipv6prefix; ordered-by user; description "Destination network reachable through the router"; } } // container inet6-backup-router leaf time-zone { type string { junos:posix-pattern "^[a-zA-Z0-9:_+-/,\\.]{3,}$"; junos:pattern-message "Invalid string"; } units "<continent>/<major-city> or <time-zone>"; default "UTC"; description "Time zone name or POSIX-compliant time zone string"; } leaf use-imported-time-zones { type empty; description "Use locally generated time-zone database"; } leaf regex-additive-logic { type empty; description "Set regex-additive-logic"; } leaf switchover-on-routing-crash { junos:must "(("routing-options nonstop-routing" || "routing-options warm-standby"))"; junos:must-message "Nonstop routing or Warm standby must be enabled"; type empty; description "On failure, switch mastership to other Routing Engine"; } leaf default-address-selection { type empty; description "Use system address for locally originated traffic"; } leaf ndcpp-compliant { type empty; description "Enable NDcPP compliance"; } leaf nd-maxmcast-solicit { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Set Maximum multicast solicit"; } leaf nd-maxucast-retry { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Set Maximum unicast retry count"; } leaf nd-retransmit-timer { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Set retransmit timer"; } leaf nd-system-cache-limit { type union { type string { pattern "<.*>|$.*"; } type int32 { range "200 .. 2000000"; } } description "Set max system cache size for IPv6 nexthops"; } leaf arp-system-cache-limit { type union { type string { pattern "<.*>|$.*"; } type int32 { range "200 .. 2000000"; } } description "Set max system cache size for ARP nexthops"; } leaf no-neighbor-learn { type empty; description "Disable neighbor address learning"; } leaf no-multicast-echo { type empty; description "Disable ICMP echo on multicast addresses"; } leaf extended-echo { type empty; description "Enable ICMP extended echo processing"; } leaf no-redirects { type empty; description "Disable ICMP redirects"; } leaf no-redirects-ipv6 { type empty; description "Disable IPV6 ICMP redirects"; } leaf nd-override-preferred-src { type empty; description "Do not use preferred source address for unnumbered interface as the source of NA/NS"; } leaf no-ping-record-route { type empty; description "Do not insert IP address in ping replies"; } leaf no-ping-time-stamp { type empty; description "Do not insert time stamp in ping replies"; } leaf dump-device { type string; description "Device to record memory snapshots on operating system failure"; } container arp { description "ARP settings"; uses apply-advanced; leaf aging-timer { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 240"; } } units "minutes"; description "Change the ARP aging time value"; } container interfaces { description "Logical interface on which to specify ARP aging timer"; uses apply-advanced; list arp-interface { key "name"; uses arp-interface-type; } // list arp-interface } // container interfaces leaf passive-learning { type empty; description "ARP passive learning"; } leaf purging { type empty; description "ARP purging when link goes down"; } leaf gratuitous-arp-on-ifup { type empty; description "Gratuitous ARP announcement on interface up"; } leaf gratuitous-arp-delay { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4000000"; } } description "Delay gratuitous ARP request"; } leaf non-subscriber-no-reply { type empty; description "Do not reply to ARP requests from non-subscribers"; } leaf unicast-mode-on-expire { type empty; description "Send unicast ARP request on expiry timer"; } } // container arp leaf-list personality-file-list-of-directories { type string; ordered-by user; description "List of Optional directories for personality-tarball of device"; } leaf saved-core-files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "5"; description "Number of saved core files per executable"; } choice saved-core-context-choice { leaf saved-core-context { type empty; description "Save context information for core files"; } leaf no-saved-core-context { type empty; description "Don't save context information for core files"; } } // choice saved-core-context-choice container kernel-replication { presence "enable kernel-replication"; description "Kernel replication"; uses apply-advanced; } // container kernel-replication leaf mirror-flash-on-disk { type empty; description "Mirror contents of the flash drive onto hard drive"; } container icmp-rate-limit { junos:must "(!("system internet-options icmpv4-rate-limit"))"; junos:must-message "incompatible with 'system internet-options icmpv4-rate-limit'"; status deprecated; description "Rate-limiting parameters for ICMP messages"; leaf packet-rate { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "1000"; description "ICMP rate-limiting packets earned per second"; } leaf bucket-size { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "seconds"; default "5"; description "ICMP rate-limiting maximum bucket size"; } } // container icmp-rate-limit leaf tcp-ack-rst-syn { type empty; status deprecated; description "Send ACKs for in-window RSTs and SYN packets on TCP connections"; } leaf management-instance { type empty; description "Enable Management VRF Instance"; } container demux-options { description "Tunable options for demux link local address generation"; uses apply-advanced; leaf use-underlying-interface-mac { type empty; description "Use underlying interface MAC for link local address"; } } // container demux-options container internet-options { description "Tunable options for Internet operation"; uses apply-advanced; container icmpv4-rate-limit { junos:must "(!("system icmp-rate-limit"))"; junos:must-message "incompatible with 'system icmp-rate-limit'"; description "Rate-limiting parameters for ICMPv4 messages"; leaf packet-rate { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "1000"; description "ICMP rate-limiting packets earned per second"; } leaf bucket-size { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "seconds"; default "5"; description "ICMP rate-limiting maximum bucket size"; } } // container icmpv4-rate-limit container icmpv6-rate-limit { description "Rate-limiting parameters for ICMPv6 messages"; leaf packet-rate { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "1000"; description "ICMPv6 rate-limiting packets earned per second"; } leaf bucket-size { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "seconds"; default "5"; description "ICMPv6 rate-limiting maximum bucket size"; } } // container icmpv6-rate-limit choice path-mtu-discovery-choice { leaf path-mtu-discovery { type empty; description "Enable Path MTU discovery on TCP connections"; } leaf no-path-mtu-discovery { type empty; description "Don't enable Path MTU discovery on TCP connections"; } } // choice path-mtu-discovery-choice choice gre-path-mtu-discovery-choice { leaf gre-path-mtu-discovery { type empty; description "Enable path MTU discovery for GRE tunnels"; } leaf no-gre-path-mtu-discovery { type empty; description "Don't enable path MTU discovery for GRE tunnels"; } } // choice gre-path-mtu-discovery-choice choice ipip-path-mtu-discovery-choice { leaf ipip-path-mtu-discovery { type empty; description "Enable path MTU discovery for IP-IP tunnels"; } leaf no-ipip-path-mtu-discovery { type empty; description "Don't enable path MTU discovery for IP-IP tunnels"; } } // choice ipip-path-mtu-discovery-choice container source-port { description "Source port selection parameters"; uses apply-advanced; leaf upper-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "5000 .. 65535"; } } description "Specify upper limit of source port selection range"; } } // container source-port choice source-quench-choice { leaf source-quench { type empty; description "React to incoming ICMP Source Quench messages"; } leaf no-source-quench { type empty; description "Don't react to incoming ICMP Source Quench messages"; } } // choice source-quench-choice leaf tcp-mss { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "64 .. 65535"; } } units "bytes"; description "Maximum value of TCP MSS for IPV4 traffic"; } leaf tcp-drop-synfin-set { type empty; description "Drop TCP packets that have both SYN and FIN flags"; } leaf no-tcp-rfc1323 { junos:must "("system internet-options no-tcp-rfc1323-paws")"; junos:must-message "RFC 1323 Protection Against Wrapped Sequence Number extension must be disabled"; type empty; description "Disable RFC 1323 TCP extensions"; } leaf no-tcp-rfc1323-paws { type empty; description "Disable RFC 1323 Protection Against Wrapped Sequence Number extension"; } choice ipv6-reject-zero-hop-limit-choice { leaf ipv6-reject-zero-hop-limit { type empty; description "Enable dropping IPv6 packets with zero hop-limit"; } leaf no-ipv6-reject-zero-hop-limit { type empty; description "Don't enable dropping IPv6 packets with zero hop-limit"; } } // choice ipv6-reject-zero-hop-limit-choice leaf ipv6-duplicate-addr-detection-transmits { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 20"; } } default "3"; description "IPv6 Duplicate address detection transmits"; } choice ipv6-path-mtu-discovery-choice { leaf ipv6-path-mtu-discovery { type empty; description "Enable IPv6 Path MTU discovery"; } leaf no-ipv6-path-mtu-discovery { type empty; description "Don't enable IPv6 Path MTU discovery"; } } // choice ipv6-path-mtu-discovery-choice leaf ipv6-path-mtu-discovery-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "5 .. 71582788"; } } units "minutes"; default "10"; description "IPv6 Path MTU Discovery timeout"; } leaf no-tcp-reset { type enumeration { enum "drop-tcp-with-syn-only" { value 0; description "Drop only those TCP Packets with SYN bit"; } enum "drop-all-tcp" { value 1; description "Drop all TCP Packets"; } } description "Do not send RST TCP packet for packets sent to non-listening ports"; } } // container internet-options leaf-list authentication-order { type enumeration { enum "radius" { value 0; description "Remote Authentication Dial-In User Service"; } enum "tacplus" { value 1; description "TACACS+ authentication services"; } enum "password" { value 2; description "Traditional password authentication"; } } ordered-by user; } container location { description "Location of the system, in various forms"; uses location-type; } // container location container ports { description "Craft interface RS-232 ports"; uses apply-advanced; container console { description "Console port"; uses tty_port_object; } // container console container auxiliary { description "Auxiliary port"; uses tty_port_object; } // container auxiliary } // container ports container diag-port-authentication { description "Authentication for the diagnostic port"; uses apply-advanced; leaf plain-text-password-value { type string; description "Plain text password"; } leaf encrypted-password { type string { length "1 .. 128"; } description "Encrypted password string"; } } // container diag-port-authentication container pic-console-authentication { description "Authentication for the console port on PICs"; uses apply-advanced; leaf plain-text-password-value { type string; description "Plain text password"; } leaf encrypted-password { type string { length "1 .. 128"; } description "Encrypted password string"; } } // container pic-console-authentication list name-server { key "name"; ordered-by user; description "DNS name servers"; uses nameserver-object; } // list name-server list radius-server { key "name"; ordered-by user; description "RADIUS server configuration"; uses radius-server-object; } // list radius-server container dynamic-profile-options { description "Dynamic profile options"; uses dynamic-profile-option-object; } // container dynamic-profile-options list tacplus-server { key "name"; ordered-by user; description "TACACS+ server configuration"; uses tacplus-server-object; } // list tacplus-server container password-options { description "Local password options, password should be configured at [system authentication-order]"; uses apply-advanced; leaf tacplus-authorization { type empty; description "TACACS+ authorization for locally authenticated users"; } } // container password-options container ldap-server { presence "enable ldap-server"; description "LDAP server configuration"; uses apply-advanced; leaf-list address { type jt:hostname; max-elements 2; ordered-by user; description "LDAP authentication server address"; } leaf-list port { type union { type uint32; type string { pattern "<.*>|$.*"; } } max-elements 2; ordered-by user; description "LDAP authentication server port number"; } leaf base { type string; description "LDAP base"; } leaf binddn { type string; description "LDAP binddn"; } leaf bindpw { type string; description "LDAP bindpw"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "LDAP routing instance"; } leaf ldaps-cert { type string; description "LDAPS client certificate id"; } } // container ldap-server container radius-options { description "RADIUS options"; uses apply-advanced; leaf password-protocol { type enumeration { enum "mschap-v2" { value 0; description "MSCHAP version 2"; } } description "Specify password protocol used in RADIUS packets"; } leaf enhanced-accounting { type empty; description "Include authentication method, remote port and user-privileges in 'login' accounting"; } container attributes { description "Configure RADIUS attributes"; uses apply-advanced; leaf nas-ip-address { type jt:ipaddr; description "Value of NAS-IP-Address in outgoing RADIUS packets"; } leaf nas-id { type string { length "3 .. 64"; } description "Value of NAS-ID in outgoing RADIUS packets"; } } // container attributes } // container radius-options container tacplus-options { description "TACACS+ options"; uses apply-advanced; leaf service-name { type string; description "TACACS+ service name"; } leaf authorization-time-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 1440"; } } units "minutes"; description "TACACS+ authorization refresh time interval"; } choice strict-authorization-choice { leaf strict-authorization { type empty; description "Deny login if authorization request fails"; } leaf no-strict-authorization { type empty; description "Don't deny login if authorization request fails"; } } // choice strict-authorization-choice choice cmd-attribute { leaf no-cmd-attribute-value { type empty; description "In start/stop requests, set 'cmd' attribute value to empty string"; } leaf exclude-cmd-attribute { type empty; description "In start/stop requests, do not include 'cmd' attribute"; } } // choice cmd-attribute leaf enhanced-accounting { type empty; description "Include authentication method, remote port and user-privileges in 'login' accounting"; } leaf timestamp-and-timezone { type empty; description "In start/stop accounting packets, include 'start-time', 'stop-time' and 'timezone' attributes"; } } // container tacplus-options container accounting { description "System accounting configuration"; uses apply-advanced; leaf-list events { type enumeration { enum "login" { value 0; description "Login session"; } enum "change-log" { value 1; description "Configuration changes"; } enum "interactive-commands" { value 2; description "Commands"; } } description "Events to be logged"; } leaf enhanced-avs-max { junos:must "(("system radius-options enhanced-accounting" || "system tacplus-options enhanced-accounting"))"; junos:must-message "configure enhanced-accounting at one of [sytem radius-options] or [system tacplus-options]"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "7 .. 15"; } } default "7"; description "No. of AV pairs each of which can store a max of 250 Bytes"; } container traceoptions { description "Trace options for system accounting"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice } // container file list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "all" { value 0; description "Trace all operations"; } enum "events" { value 1; description "Trace accounting events and their processing"; } enum "config" { value 2; description "Trace configuration processing"; } enum "radius" { value 3; description "Trace RADIUS processing"; } enum "tacplus" { value 4; description "Trace TACPLUS processing"; } } } } // list flag } // container traceoptions container destination { description "Destination for system accounting records"; uses apply-advanced; container radius { junos:must "((". server" || "system radius-server"))"; junos:must-message "Configure RADIUS server at [system accounting destination radius server] or [system radius-server]"; presence "enable radius"; description "Configure RADIUS accounting"; uses apply-advanced; list server { key "name"; ordered-by user; description "RADIUS accounting server configuration"; uses radius-server-object; } // list server } // container radius container tacplus { junos:must "((". server" || "system tacplus-server"))"; junos:must-message "Configure TACPLUS server at [system accounting destination tacplus server] or [system tacplus-server]"; presence "enable tacplus"; description "Send TACACS+ accounting records"; uses apply-advanced; list server { key "name"; ordered-by user; description "TACACS+ server configuration"; uses tacplus-server-object; } // list server } // container tacplus } // container destination } // container accounting leaf allow-v4mapped-packets { type empty; description "Allow processing for packets with V4 mapped address"; } leaf allow-6pe-traceroute { type empty; description "Allow IPv4-mapped v6 address in tag icmp6 TTL expired packet"; } leaf allow-l3vpn-traceroute-src-select { type empty; description "Select best src addr for icmp ttl expiry error in case l3vpn"; } leaf allow-6vpe-traceroute-src-select { type empty; description "Select best src addr for icmp6 ttl expiry error in case 6vpe"; } leaf donot-disable-ip6op-ondad { type empty; description "Do not disable IP operation on interface, if DAD fails on EUI-64 link local address "; } container schema { description "System schema"; uses apply-advanced; container openconfig { description "Openconfig schema options"; uses apply-advanced; leaf unhide { type empty; description "Unhide openconfig from CLI"; } } // container openconfig } // container schema list static-host-mapping { key "name"; ordered-by user; description "Static hostname database mapping"; leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores"; } description "Fully qualified name of system"; } uses apply-advanced; leaf-list inet { type jt:ipv4addr; ordered-by user; description "IP address"; } leaf-list inet6 { type jt:ipv6addr; ordered-by user; description "IPv6 address"; } leaf sysid { type jt:sysid; description "ISO/IS-IS system identifier"; } leaf-list alias { type string; ordered-by user; description "Hostname alias"; } } // list static-host-mapping container syslog { description "System logging facility"; uses apply-advanced; container archive { presence "enable archive"; description "Archive file information"; uses archive-object; } // container archive list user { key "name"; ordered-by user; description "Notify a user of the event"; leaf name { type string { junos:posix-pattern "^([[:alnum:]_-]+|[*])$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores"; } description "Name of user to notify"; } uses apply-advanced; list contents { key "name"; uses syslog-object; } // list contents leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } leaf allow-duplicates { type empty; description "Do not suppress the repeated message"; } leaf-list match-strings { type string; max-elements 50; ordered-by user; description "Matching string(s) for lines to be logged"; } } // list user list host { key "name"; ordered-by user; description "Host to be notified"; leaf name { type string; description "Name of host to notify"; } uses apply-advanced; list contents { key "name"; uses syslog-object; } // list contents leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } leaf allow-duplicates { type empty; description "Do not suppress the repeated message"; } leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "Port number"; } leaf facility-override { type enumeration { enum "authorization" { value 0; description "Authorization system"; } enum "daemon" { value 1; description "Various system processes"; } enum "ftp" { value 2; description "FTP process"; } enum "kernel" { value 3; description "Kernel"; } enum "user" { value 4; description "User processes"; } enum "local0" { value 5; description "Local logging option number 0"; } enum "local1" { value 6; description "Local logging option number 1"; } enum "local2" { value 7; description "Local logging option number 2"; } enum "local3" { value 8; description "Local logging option number 3"; } enum "local4" { value 9; description "Local logging option number 4"; } enum "local5" { value 10; description "Local logging option number 5"; } enum "local6" { value 11; description "Local logging option number 6"; } enum "local7" { value 12; description "Local logging option number 7"; } } description "Alternate facility for logging to remote host"; } leaf log-prefix { type string { junos:posix-pattern "![ =:]"; junos:pattern-message "Should not contain '=' or ':'"; } description "Prefix for all logging to this host"; } leaf source-address { type jt:ipaddr; description "Use specified address as source address"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } leaf explicit-priority { type empty; description "Include priority and facility in messages"; } leaf exclude-hostname { type empty; description "Exclude hostname field in messages"; } leaf transport { type enumeration { enum "tcp" { value 0; description "TCP as transport for syslog"; } enum "udp" { value 1; description "UDP as transport for syslog"; } enum "tls" { value 2; description "TLS as transport for syslog"; } } default "udp"; description "Transport type"; } container tlsdetails { presence "enable tlsdetails"; description "TLS for TCP"; uses apply-advanced; leaf local-certificate { type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Local Certificate ID"; } container mutual-authentication { description "Enable TLS mutual authentication"; uses apply-advanced; leaf certificate-authority { junos:must "(("security pki ca-profile $$" || "security pki ca-profile-group $$"))"; junos:must-message "ca-profile must be configured under 'security pki ca-profile' or 'security pki ca-profile-group'"; type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Certificate authority profile"; } } // container mutual-authentication list trusted-ca-group { key "name"; ordered-by user; description "Trusted Certificate Authority group configuration"; leaf name { type string { length "1 .. 63"; } description "Name of the trusted CA group"; } uses apply-advanced; leaf-list ca-profiles { type string { length "1 .. 63"; } max-elements 20; ordered-by user; description "Name of the CA profiles (maximum 20)"; } } // list trusted-ca-group } // container tlsdetails leaf-list match-strings { type string; max-elements 50; ordered-by user; description "Matching string(s) for lines to be logged"; } container structured-data { presence "enable structured-data"; description "Log system message in structured format"; uses apply-advanced; choice format { leaf brief { type empty; description "Omit English-language text from end of logged message"; } } // choice format } // container structured-data } // list host leaf allow-duplicates { type empty; description "Do not suppress the repeated message for all targets"; } list file { key "name"; description "File in which to log data"; leaf name { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to log data"; } uses apply-advanced; list contents { key "name"; uses syslog-object; } // list contents leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } leaf allow-duplicates { type empty; description "Do not suppress the repeated message"; } container archive { presence "enable archive"; description "Archive file information"; uses archive-object; } // container archive leaf explicit-priority { junos:must "(!(".. structured-data"))"; junos:must-message "'explicit-priority' cannot be configured if 'structured-data' is configured"; type empty; description "Include priority and facility in messages"; } leaf-list match-strings { type string; max-elements 50; ordered-by user; description "Matching string(s) for lines to be logged"; } container structured-data { presence "enable structured-data"; description "Log system message in structured format"; uses apply-advanced; choice format { leaf brief { type empty; description "Omit English-language text from end of logged message"; } } // choice format } // container structured-data } // list file list console { key "name"; description "Console logging"; leaf name { type enumeration { enum "any" { value 0; description "All facilities"; } enum "authorization" { value 1; description "Authorization system"; } enum "daemon" { value 2; description "Various system processes"; } enum "ftp" { value 3; description "FTP process"; } enum "ntp" { value 4; description "NTP process"; } enum "security" { value 5; description "Security related"; } enum "kernel" { value 6; description "Kernel"; } enum "user" { value 7; description "User processes"; } enum "dfc" { value 8; description "Dynamic flow capture"; } enum "external" { value 9; description "Local external applications"; } enum "firewall" { value 10; description "Firewall filtering system"; } enum "pfe" { value 11; description "Packet Forwarding Engine"; } enum "conflict-log" { value 12; description "Configuration conflict log"; } enum "change-log" { value 13; description "Configuration change log"; } enum "interactive-commands" { value 14; description "Commands executed by the UI"; } } description "Facility type"; } choice level { leaf any { type empty; description "All levels"; } leaf emergency { type empty; description "Panic conditions"; } leaf alert { type empty; description "Conditions that should be corrected immediately"; } leaf critical { type empty; description "Critical conditions"; } leaf error { type empty; description "Error conditions"; } leaf warning { type empty; description "Warning messages"; } leaf notice { type empty; description "Conditions that should be handled specially"; } leaf info { type empty; description "Informational messages"; } leaf none { type empty; description "No messages"; } } // choice level } // list console container time-format { presence "enable time-format"; description "Additional information to include in system log timestamp"; leaf year { type empty; description "Include year in timestamp"; } leaf millisecond { type empty; description "Include milliseconds in timestamp"; } } // container time-format leaf source-address { type jt:ipaddr; description "Use specified address as source address"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } leaf log-rotate-frequency { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 59"; } } units "minutes"; default "15"; description "Rotate log frequency"; } container server { junos:must "("services app-engine")"; junos:must-message "Syslog server can be enabled only when app-engine is configured"; presence "enable server"; description "Enable syslog server"; uses apply-advanced; list routing-instances { key "name"; ordered-by user; description "Enable/disable syslog server in routing-instances"; leaf name { type string; description "Routing instance name"; } uses apply-advanced; container disable { presence "enable disable"; description "Disable syslog server in this routing instance"; } // container disable } // list routing-instances } // container server leaf alternate-format { type empty; description "Append node name with daemon name instead of hostname(default) in the log entries"; } container grpc-replay { description "GRPC streaming"; uses apply-advanced; list contents { key "name"; uses syslog-object; } // list contents leaf-list match-strings { type string; max-elements 50; ordered-by user; description "Matching string(s) for lines to be logged"; } leaf last { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "minutes"; description "Store last x minutes events"; } } // container grpc-replay } // container syslog container tracing { description "System wide option for remote tracing"; container destination-override { description "Override tracing destination"; container syslog { description "Send trace messages to remote syslog server"; leaf host { type jt:ipv4addr; description "IPv4 address of remote syslog server"; } } // container syslog } // container destination-override } // container tracing leaf encrypt-configuration-files { type empty; description "Encrypt the router configuration files"; } choice compress-configuration-files-choice { leaf compress-configuration-files { type empty; description "Compress the router configuration files"; } leaf no-compress-configuration-files { type empty; description "Don't compress the router configuration files"; } } // choice compress-configuration-files-choice leaf max-configurations-on-flash { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 49"; } } default "3"; description "Number of configuration files stored on flash"; } leaf max-configuration-rollbacks { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 49"; } } default "49"; description "Number of rollback configuration files"; } container archival { description "System archival management"; uses apply-advanced; container configuration { description "Automatic configuration uploads to host(s)"; uses apply-advanced; choice transfer-method { leaf transfer-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "15 .. 2880"; } } units "minutes"; description "Frequency at which file transfer happens"; } leaf transfer-on-commit { type empty; description "Transfer after each commit"; } } // choice transfer-method leaf routing-instance { junos:must "("system management-instance")"; junos:must-message "'system management-instance' must be configured"; junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "^mgmt_junos"; junos:pattern-message "Only routing-instance supported is mgmt_junos"; } description "Routing instance through which server is reachable"; } list archive-sites { key "name"; ordered-by user; description "List of archive destinations"; leaf name { type string; description "URLs to receive configuration files"; } leaf password { type jt:unreadable; description "Password for login into the archive site"; } } // list archive-sites } // container configuration } // container archival container extensions { presence "enable extensions"; description "Configuration for extensions to JUNOS"; uses apply-advanced; list providers { key "name"; ordered-by user; leaf name { type string { junos:posix-pattern "^[a-z][a-z0-9]*$"; junos:pattern-message "Must be a string of alphanumericals starting with a letter"; } } uses apply-advanced; list license-type { key "name"; ordered-by user; leaf name { type string { junos:posix-pattern "^[a-z][a-z0-9]*$"; junos:pattern-message "Must be a string of alphanumericals starting with a letter"; } description "Type of the license"; } leaf-list deployment-scope { type string; ordered-by user; } } // list license-type } // list providers container extension-service { presence "enable extension-service"; description "Enable JUNOS extension service"; uses apply-advanced; container application { presence "enable application"; description "JUNOS extension service application"; uses apply-advanced; leaf refresh { type empty; description "Refresh all operation scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all operation scripts from a given base URL"; } list file { key "name"; description "Configuration for each extension-service application"; uses jet_scripts_file_type; } // list file container traceoptions { description "Trace options for extension-service applications"; uses script_traceoptions; } // container traceoptions leaf max-datasize { type string; units "bytes"; description "Maximum data segment size for apps execution"; } } // container application } // container extension-service container resource-limits { description "Process resource limits"; uses apply-advanced; list process { key "name"; ordered-by user; leaf name { type string; description "Process name"; } uses apply-advanced; container resources { presence "enable resources"; description "Resource limits"; uses resources-type; } // container resources } // list process list package { key "name"; ordered-by user; leaf name { type string; description "Package name"; } uses apply-advanced; container resources { presence "enable resources"; description "Resource limits"; uses resources-type; } // container resources } // list package } // container resource-limits } // container extensions container license { description "License information for the router"; uses license-object; } // container license container proxy { description "Proxy information for the router"; uses proxy-object; } // container proxy container kernel-options { description "Kernel options: selectively enable few knobs"; uses apply-advanced; leaf select-active-unilist-member { type empty; status deprecated; description "Select active unilist member for host path forwarding"; } } // container kernel-options container fips { description "FIPS configuration"; uses apply-advanced; container chassis { description "FIPS chassis boundary configuration"; uses apply-advanced; leaf level { type union { type string { pattern "<.*>|$.*"; } type int32 { range "0 .. 2"; } } description "FIPS chassis level configuration"; } } // container chassis leaf level { type union { type string { pattern "<.*>|$.*"; } type int32 { range "0 .. 2"; } } description "FIPS 140 level"; } container self-test { description "Configure FIPS self-test execution"; uses apply-advanced; leaf after-key-generation { type enumeration { enum "enable" { value 0; status deprecated; description "Enable FIPS self-test after cryptographic key generation"; } enum "disable" { value 1; status deprecated; description "Disable FIPS self-test after cryptographic key generation"; } } status deprecated; description "FIPS self-test after cryptographic key generation"; } container periodic { description "Configure periodic FIPS self-test"; uses apply-advanced; leaf start-time { type string { junos:posix-pattern "^(([0-1]?[0-9])|([2][0-3])):([0-5]?[0-9])$"; junos:pattern-message "Time must be of the format hh:mm"; } description "Time when the periodic FIPS self-tests are to be executed (hh:mm)"; } leaf day-of-month { junos:must "(".. start-time")"; junos:must-message "'start-time' for FIPS self-test execution must be configured"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 31"; } } description "Day of the month when FIPS self-tests are to be executed"; } leaf month { junos:must "(".. start-time")"; junos:must-message "'start-time' for FIPS self-test execution must be configured"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 12"; } } description "The month when FIPS self-tests are to be executed"; } leaf day-of-week { junos:must "(".. start-time")"; junos:must-message "'start-time' for FIPS self-test execution must be configured"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 7"; } } description "Day of the week when the FIPS self-tests are to be executed (where 1 - Monday, 7 - Sunday)"; } } // container periodic } // container self-test } // container fips container rng { description "Configure system CSPRNG"; uses apply-advanced; choice algorithm { leaf fortuna { type empty; description "Fortuna"; } leaf hmac-drbg { type empty; description "HMAC DRBG, NIST SP800-90A"; } } // choice algorithm } // container rng container health-monitor { presence "enable health-monitor"; description "Kernel health monitoring system"; uses apply-advanced; container ifstate-clients { presence "enable ifstate-clients"; description "Configure health monitor for ifstate clients on ifstate consumption"; uses apply-advanced; container peer-stuck { presence "enable peer-stuck"; description "PFE/RE/Smart PIC peers ifstate consumption"; uses apply-advanced; leaf threshold-level { type enumeration { enum "low" { value 0; description "Low - 180s"; } enum "medium" { value 1; description "Medium - 360s"; } enum "high" { value 2; description "High - 540s"; } } default "medium"; description "Threshold level to categorize peers as stuck"; } leaf action { type enumeration { enum "alarm" { value 0; description "An alarm will be raised"; } enum "alarm-with-cores" { value 1; description "Live cores(stuck peer and vmcore) along with Alarm"; } enum "restart" { value 2; description "The stuck peers will be restarted"; } } default "alarm"; description "Set an action on stuck peers"; } } // container peer-stuck container non-peer-stuck { presence "enable non-peer-stuck"; description "Non-peer clients(daemons) on ifstate consumption"; uses apply-advanced; leaf threshold-level { type enumeration { enum "low" { value 0; description "Low - 180s"; } enum "medium" { value 1; description "Medium - 360s(Default)"; } enum "high" { value 2; description "High - 540s"; } } default "medium"; description "Threshold level to categorize non-peer ifstate clients as stuck"; } leaf action { type enumeration { enum "alarm" { value 0; description "An alarm will be raised"; } enum "alarm-with-cores" { value 1; description "Live cores(stuck client and vmcore) along with Alarm"; } enum "restart" { value 2; description "The stuck non-peer ifstate clients will be restarted"; } } default "alarm"; description "Set an action on stuck non-peer ifstate clients"; } } // container non-peer-stuck container all-clients-stuck { presence "enable all-clients-stuck"; description "All ifstate clients on ifstate consumption"; uses apply-advanced; leaf threshold-level { type enumeration { enum "low" { value 0; description "Low - 180s"; } enum "medium" { value 1; description "Medium - 360s(Default)"; } enum "high" { value 2; description "High - 540s"; } } default "medium"; description "Threshold level to categorize all ifsate clients as stuck"; } leaf action { type enumeration { enum "alarm" { value 0; description "An alarm will be raised"; } enum "alarm-with-cores" { value 1; description "Live cores(stuck ifstate client and vmcore) along with Alarm"; } enum "restart" { value 2; description "The stuck non-peer ifstate clients will be restarted"; } } default "alarm"; description "Set an action on all stuck ifstate clients"; } } // container all-clients-stuck } // container ifstate-clients } // container health-monitor leaf netlink-async-mode { type empty; description "Enable async mode in nlsd"; } container auto-configuration { presence "enable auto-configuration"; description "System Autoconfiguration"; uses apply-advanced; container traceoptions { description "Autoconfiguration trace options"; uses autoconf_traceoptions_type; } // container traceoptions } // container auto-configuration container processes { description "Process control"; uses apply-advanced; container routing { description "Routing process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable routing process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of routing process"; } choice mode { leaf force-32-bit { type empty; description "Always use 32-bit mode"; } leaf force-64-bit { type empty; description "Always use 64-bit mode"; } leaf auto-64-bit { type empty; description "Use 64-bit mode if RE memory is sufficient"; } } // choice mode container bgp { description "BGP protocol control"; uses apply-advanced; container rib-sharding { junos:must "((!(any "routing-instances <*> protocols mvpn hot-root-standby") || ".. rib-sharding no-l3vpn"))"; junos:must-message "Can't be configured together with hot-root-standby in mvpn"; junos:must "(!("routing-options forwarding-table fib-agent"))"; junos:must-message "Can't be configured together with fib-agent"; junos:must "(!(any "routing-options dynamic-tunnels <*> bgp-signal"))"; junos:must-message "Can't be configured together with routing-options dynamic-tunnels bgp-signal"; junos:must "(!("routing-options nonstop-routing"))"; junos:must-message "Can't be configured together with routing-options nonstop-routing"; junos:must "(!("protocols bgp multipath list-nexthop"))"; junos:must-message "Can't be configured together with bgp multipath list-nexthop"; junos:must "(!("routing-options resolution scheme"))"; junos:must-message "Can't be configured together with routing-options resolution scheme"; junos:must "(!("routing-options transport-class"))"; junos:must-message "Can't be configured together with routing-options transport-class"; junos:must "(".. update-threading")"; junos:must-message "Must be configured together with update-threading"; presence "enable rib-sharding"; description "Enable BGP RIB sharding"; uses apply-advanced; leaf number-of-shards { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 31"; } } description "Set number of sharding threads"; } } // container rib-sharding container update-threading { junos:must "(!("routing-options forwarding-table fib-agent"))"; junos:must-message "Can't be configured together with fib-agent"; junos:must "(!("routing-options nonstop-routing"))"; junos:must-message "Update threading can't be configured together with routing-options nonstop-routing"; presence "enable update-threading"; description "Enable BGP update threading"; uses apply-advanced; leaf number-of-threads { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 128"; } } description "Set number of update threads"; } } // container update-threading } // container bgp } // container routing container chassis-control { description "Chassis control process"; choice enable-disable { leaf disable { type empty; description "Disable chassis control process"; } } // choice enable-disable leaf failover { type enumeration { enum "alternate-media" { value 0; description "On failing, reboot off alternate media"; } } description "How to handle failure of chassis control process"; } } // container chassis-control container service-pics { description "Service PICs process"; choice enable-disable { leaf disable { type empty; description "Disable service PICs process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of service PICs process"; } } // container service-pics container ntp { description "Network time process"; choice enable-disable { leaf disable { type empty; description "Disable network time process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of network time process"; } } // container ntp container watchdog { description "Watchdog timer"; choice enable-disable { leaf enable { type empty; description "Enable watchdog timer"; } leaf disable { type empty; description "Disable watchdog timer"; } } // choice enable-disable leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 3600"; } } units "seconds"; description "Watchdog timer value"; } } // container watchdog container process-monitor { description "Process health monitor process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable Process health monitor process"; } } // choice enable-disable container traceoptions { description "Process health monitor trace options"; uses pmond-traceoptions-type; } // container traceoptions } // container process-monitor container resource-cleanup { description "Resource cleanup process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable Resource cleanup process"; } } // choice enable-disable container traceoptions { description "Resource cleanup process trace options"; uses res-cleanupd-traceoptions-type; } // container traceoptions } // container resource-cleanup container routing-socket-proxy { description "Routing socket proxy process"; choice enable-disable { leaf disable { type empty; description "Disable routing socket proxy process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of routing socket proxy process"; } } // container routing-socket-proxy container web-management { description "Web management process"; choice enable-disable { leaf disable { type empty; description "Disable web management process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of web management process"; } } // container web-management container named-service { presence "enable named-service"; description "DNS server process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable dns server process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of dns server process"; } } // container named-service container cfm { description "Ethernet OAM connectivity fault management process"; choice enable-disable { leaf disable { type empty; description "Disable CFM process"; } } // choice enable-disable } // container cfm container general-authentication-service { description "General authentication service process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable general-authentication service process"; } } // choice enable-disable container traceoptions { description "General authentication service trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file container filter { presence "enable filter"; description "Filter to control trace messages"; uses apply-advanced; } // container filter list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "configuration" { value 0; description "Trace configuration events"; } enum "framework" { value 1; description "Trace authentication framework events"; } enum "radius" { value 2; description "Trace radius authentication events"; } enum "local-authentication" { value 3; description "Trace local authentication events"; } enum "ldap" { value 4; description "Trace ldap authentication events"; } enum "address-assignment" { value 5; description "Trace address-assignment events"; } enum "jsrc" { value 6; description "Trace jsrc events"; } enum "gx-plus" { value 7; description "Trace gx-plus events"; } enum "session-db" { value 8; description "Trace session DB events"; } enum "profile-db" { value 9; description "Trace profile DB events"; } enum "lib-stats" { value 10; description "Trace lib stats events"; } enum "user-access" { value 11; description "Trace subscriber events"; } enum "nasreq" { value 12; description "Trace nasreq events"; } enum "ocs-backup" { value 13; description "Trace osc-backup events"; } enum "s6a" { value 14; description "Trace s6a events"; } enum "nas-5g" { value 15; description "Trace nas-5g events"; } enum "all" { value 16; description "Trace everything"; } } } } // list flag } // container traceoptions } // container general-authentication-service container dhcp-service { description "Dynamic Host Configuration Protocol general configuration"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable dhcp service process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of dhcp service process"; } container traceoptions { description "Trace options for DHCP"; uses jdhcp-traceoptions-level-type; } // container traceoptions container interface-traceoptions { description "Interface trace options for DHCP"; uses jdhcp-interface-traceoptions-level-type; } // container interface-traceoptions container log { description "Output the logs"; uses apply-advanced; container session { description "Logs of sessions"; uses apply-advanced; leaf client { type empty; description "Logs of the client"; } leaf server { type empty; description "Logs of the server"; } leaf relay { type empty; description "Logs of the relay"; } leaf all { type empty; description "Logs of the cleint, server and relay"; } container dhcpv6 { description "Logs of DHCPv6"; uses apply-advanced; leaf client { type empty; description "Logs of the client"; } leaf server { type empty; description "Logs of the server"; } leaf relay { type empty; description "Logs of the relay"; } leaf dynamic-server { type empty; description "Logs of the dynamic-server"; } leaf all { type empty; description "Logs of the cleint, server, relay and dynamic-server"; } } // container dhcpv6 } // container session } // container log container dhcp-snooping-file { description "DHCP snooping persistence file, write-interval and timeout"; uses apply-advanced; leaf location { type jt:filename; description "Location of DHCP snooping entries file"; } leaf write-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 86400"; } } units "seconds"; description "Time interval for writing DHCP snooping entries"; } } // container dhcp-snooping-file container dhcpv6-snooping-file { description "DHCPv6 snooping persistence file and write-interval timeout"; uses apply-advanced; leaf location { type jt:filename; description "Location of DHCPv6 snooping entries file"; } leaf write-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 86400"; } } units "seconds"; description "Time interval in seconds for writing DHCPv6 snooping entries"; } } // container dhcpv6-snooping-file container ltv-syslog-interval { description "Lease time violation syslog interval"; uses apply-advanced; leaf syslog-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Syslog interval in secs"; } } // container ltv-syslog-interval leaf accept-max-tcp-connections { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } default "5"; description "Max TCP connections served globally at a time"; } leaf request-max-tcp-connections { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } default "3"; description "Max TCP connections requested globally at a time"; } container max-clients-supported { presence "enable max-clients-supported"; description "Enbale limitation of maximum clients of jdhcp server"; uses apply-advanced; leaf threshold { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Supported maximum clients of jdhcp server"; } } // container max-clients-supported } // container dhcp-service container diameter-service { description "Diameter process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable diameter process"; } } // choice enable-disable container traceoptions { description "Diameter service trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Aread to enabe debugging output"; leaf name { type enumeration { enum "framework" { value 0; description "Trace Diameter framework"; } enum "configuration" { value 1; description "Trace configuration events"; } enum "memory-management" { value 2; description "Trace memory management events"; } enum "daemon" { value 3; description "Trace daemon level events"; } enum "application" { value 4; description "Trace Diameter application interface"; } enum "node" { value 5; description "Trace Diameter node events"; } enum "diameter-instance" { value 6; description "Trace Diameter instance events"; } enum "dne" { value 7; description "Trace Diameter DNE events"; } enum "peer" { value 8; description "Trace Diameter peer events"; } enum "messages" { value 9; description "Trace Diameter messages"; } enum "all" { value 10; description "Trace everything"; } } } } // list flag } // container traceoptions } // container diameter-service container sbc-configuration-process { description "SBC configuration process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable SBC configuration process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failure, switch mastership to other Routing Engine"; } enum "alternate-media" { value 1; description "On failure, reboot off alternate media"; } } description "How to handle failure of SBC configuration process"; } container traceoptions { description "SBC configuration process trace options"; uses sbc_traceoptions; } // container traceoptions } // container sbc-configuration-process container sdk-service { description "SDK Service Daemon"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable SDK Service Daemon"; } } // choice enable-disable container traceoptions { description "SDK Service Daemon trace options"; uses ssd-traceoptions-type; } // container traceoptions } // container sdk-service container aaad { description "AAAD process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable AAAD process"; } } // choice enable-disable container traceoptions { description "AAA trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "send" { value 0; description "Trace transmitted packets"; } enum "send-detail" { value 1; description "Trace transmitted packets in detail"; } enum "receive" { value 2; description "Trace received packets"; } enum "receive-detail" { value 3; description "Trace received packets in detail"; } enum "timeout" { value 4; description "Trace timeout events"; } enum "state" { value 5; description "Trace DIAMTER peer state changes"; } enum "all" { value 6; description "Trace everything"; } } } } // list flag list peer { key "name"; ordered-by user; description "Trace packet sent to or received from the peer[s]"; leaf name { junos:must "("access diameter peer $$")"; junos:must-message "Referenced DIAMETER peer name must be defined"; type string { length "1 .. 31"; } description "Trace packet sent to or received from the peer"; } uses apply-advanced; } // list peer } // container traceoptions } // container aaad container app-engine-virtual-machine-management-service { description "App-engine Virtual Machine Management"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable SDK Virtual Machine Management Daemon"; } } // choice enable-disable container traceoptions { description "App-engine virtual machine management trace options"; uses sdk-vmmd-traceoptions-type; } // container traceoptions } // container app-engine-virtual-machine-management-service container app-engine-management-service { description "App-engine Management Daemon"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable SDK Management Daemon"; } } // choice enable-disable container traceoptions { description "App-engine management daemon trace options"; uses sdk-mgmtd-traceoptions-type; } // container traceoptions } // container app-engine-management-service container datapath-trace-service { description "Datapath Trace process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable Datapath Trace process"; } } // choice enable-disable container traceoptions { description "DATAPATH Trace process trace options"; uses datapath-traced-traceoptions-type; } // container traceoptions } // container datapath-trace-service container send { description "Secure Neighbor Discovery Protocol process"; choice enable-disable { leaf disable { type empty; description "Disable SEND process"; } } // choice enable-disable } // container send container static-subscribers { description "Static subscribers process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable static-subscribers process"; } } // choice enable-disable } // container static-subscribers container extensible-subscriber-services { description "Extensible Subscriber Services Manager Daemon"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable Extensible Subscriber Services Manager Daemon"; } } // choice enable-disable } // container extensible-subscriber-services list daemon-process { key "name"; ordered-by user; uses daemon-process; } // list daemon-process container video-monitoring { description "Video Monitoring Process"; choice enable-disable { leaf disable { type empty; description "Disable video monitoring process"; } } // choice enable-disable container traceoptions { description "Trace options for VMOND"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file } // container traceoptions } // container video-monitoring container remote-device-management { description "Remote device management daemon"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable Remote Device Management Daemon"; } } // choice enable-disable } // container remote-device-management container isdn-signaling { description "ISDN process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable ISDN process"; } } // choice enable-disable container traceoptions { junos:must "(!(("system processes isdn-signaling traceoptions" && "isdn traceoptions")))"; junos:must-message "ISDN traceoptions should be configured only under [system processes isdn-signaling]"; description "Trace options for ISDN signaling process"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "One or more event types to include in trace"; leaf name { type enumeration { enum "daemon" { value 0; description "ISDN process events"; } enum "stack" { value 1; description "ISDN stack events"; } enum "all" { value 2; description "All events"; } } } } // list flag } // container traceoptions leaf reject-incoming { type empty; description "Reject incoming ISDN calls"; } } // container isdn-signaling container telephony-gateway-module { description "Telephony gateway module process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable telephony gateway module process"; } } // choice enable-disable container traceoptions { description "Telephony gateway module service trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "configuration" { value 0; description "Trace configuration events"; } enum "routing-socket" { value 1; description "Trace routing socket events"; } enum "dynamic-call-admission-control" { value 2; description "Trace dynamic call admission control events"; } enum "memory" { value 3; description "Trace memory allocation or deallocation messages"; } enum "tgm-login" { value 4; description "Trace telephony gateway module login events"; } enum "all" { value 5; description "Trace everything"; } } } } // list flag } // container traceoptions } // container telephony-gateway-module container wireless-wan-service { description "Wireless WAN service process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable wireless WAN process"; } } // choice enable-disable container traceoptions { description "Trace options for wireless WAN process"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Events or messages to include in the trace output"; leaf name { type enumeration { enum "config" { value 0; description "Configuration events"; } enum "debug" { value 1; description "WAN interface specific debug messages"; } enum "sdk-api" { value 2; description "WAN interface specific library messages"; } enum "memory" { value 3; description "Memory allocation or deallocation messages"; } enum "fpc-ipc" { value 4; description "FPC inter-process communication messages"; } enum "snmp" { value 5; description "SNMP communication specific debug messages"; } enum "all" { value 6; description "All events and messages"; } } } } // list flag } // container traceoptions } // container wireless-wan-service container wireless-lan-service { description "Wireless LAN service process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable wireless LAN service process"; } } // choice enable-disable container traceoptions { description "Trace options for wireless LAN process"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Events or messages to include in the trace output"; leaf name { type enumeration { enum "status" { value 0; description "Trace access point status messages"; } enum "config" { value 1; description "Trace configuration events"; } enum "keepalive" { value 2; description "Trace access point keep alive events"; } enum "licensing" { value 3; description "Trace access point license events"; } enum "snmp" { value 4; description "Trace access point snmp events"; } enum "all" { value 5; description "Trace everything"; } } } } // list flag } // container traceoptions } // container wireless-lan-service container dialer-services { description "Dial-Out On Demand process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable Dial-Out On Demand process"; } } // choice enable-disable container traceoptions { junos:must "(!(("system processes dialer-services traceoptions" && "dialer traceoptions")))"; junos:must-message "Dialer traceoptions should be configured only under [system processes dialer-services]"; description "Trace options for dialer services"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "One or more message or event types to include in trace"; leaf name { type enumeration { enum "config" { value 0; description "Dialer configuration messages"; } enum "kernel" { value 1; description "Messages from the kernel"; } enum "route" { value 2; description "Route and next-hop messages for dialer watch"; } enum "interface" { value 3; description "Interface-related events"; } enum "error" { value 4; description "Error messages"; } enum "memory" { value 5; description "Memory allocation or deallocation messages"; } enum "all" { value 6; description "All messages and events"; } } } } // list flag } // container traceoptions } // container dialer-services container network-security { description "Network security process"; choice enable-disable { leaf disable { type empty; description "Disable network security process"; } } // choice enable-disable } // container network-security container firewall-authentication-service { description "Firewall authentication service process"; choice enable-disable { leaf disable { type empty; description "Disable firewall-wauthentication service process"; } } // choice enable-disable } // container firewall-authentication-service container jsrp-service { description "Juniper stateful redundancy process"; choice enable-disable { leaf disable { type empty; description "Disable jsrp service process"; } } // choice enable-disable } // container jsrp-service container wan-acceleration { description "WAN acceleration (WX) process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable WAN acceleration process"; } } // choice enable-disable container traceoptions { description "Trace options for WAN acceleration process"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Events or messages to include in the trace output"; leaf name { type enumeration { enum "configuration" { value 0; description "Configuration events"; } enum "ssam" { value 1; description "State Synchronization And Management events"; } enum "memory" { value 2; description "Memory allocation or deallocation messages"; } enum "fpc-ipc" { value 3; description "FPC inter-process communication messages"; } enum "fpc-ipc-heart-beat" { value 4; description "FPC inter-process communication heart beat messages"; } enum "wx-login" { value 5; description "Trace ISM login events"; } enum "all" { value 6; description "All events and messages"; } } } } // list flag } // container traceoptions } // container wan-acceleration container smtpd-service { description "SMTP mail client service process"; choice enable-disable { leaf disable { type empty; description "Disable smtp service process"; } } // choice enable-disable } // container smtpd-service container logical-system-service { description "Logical system process"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable logical system process"; } } // choice enable-disable container traceoptions { description "Logical system trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Events or messages to include in the trace output"; leaf name { type enumeration { enum "configuration" { value 0; description "Configuration events"; } enum "all" { value 1; description "All events and messages"; } } } } // list flag } // container traceoptions } // container logical-system-service container system-health-management { description "System Health Management"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable syshmd process"; } } // choice enable-disable } // container system-health-management container system-log-vital { description "System Log Vital"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable syslvd process"; } } // choice enable-disable } // container system-log-vital container sysctlrelayd { description "Sysctl Relaying Engine"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable sysctlrelayd process"; } } // choice enable-disable } // container sysctlrelayd } // container processes container ntp { description "Network Time Protocol services"; uses apply-advanced; leaf boot-server { type jt:ipaddr; status deprecated; description "Server to query during boot sequence"; } container interval-range { description "Set the minpoll and maxpoll interval range"; leaf value { type union { type string { pattern "<.*>|$.*"; } type int32 { range "0 .. 3"; } } description "The poll interval range"; } } // container interval-range list authentication-key { key "name"; ordered-by user; description "Authentication key information"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65534"; } } description "Authentication key number"; } leaf type { type enumeration { enum "md5" { value 0; description "MD5 authentication key"; } enum "des" { value 1; description "DES authentication key"; } enum "sha1" { value 2; description "Secure Hash Algorithm 1"; } enum "sha256" { value 3; description "Secure Hash Algorithm 2-256"; } } description "Authentication key type"; } leaf value { type jt:unreadable; description "Authentication key value"; } } // list authentication-key list peer { key "name"; ordered-by user; description "Peer parameters"; leaf name { type jt:ipaddr; description "Name or address of peer"; } leaf key { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65534"; } } description "Authentication key"; } leaf version { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4"; } } description "NTP version to use"; } leaf prefer { type empty; description "Prefer this peer_serv"; } } // list peer list server { key "name"; ordered-by user; description "Server parameters"; leaf name { type jt:hostname; description "Name or address of server"; } leaf key { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65534"; } } description "Authentication key"; } leaf version { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4"; } } description "NTP version to use"; } leaf prefer { type empty; description "Prefer this peer_serv"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance through which server is reachable"; } container nts { junos:must "(!(".. key"))"; junos:must-message "NTS authentication protocol and shared-key authentication method cannot be used together"; presence "enable nts"; description "Enable NTS protocol for this server"; container remote-identity { description "Remote identity of server for verification"; choice remote-id-type { container distinguished-name { description "Use a distinguished name of server"; uses apply-advanced; choice name-type { leaf container { type string; description "Specify the container string"; } leaf wildcard { type string; description "Specify the wildcard string"; } } // choice name-type } // container distinguished-name leaf hostname { type string; description "Use a fully-qualified domain name"; } } // choice remote-id-type } // container remote-identity } // container nts } // list server list broadcast { key "name"; ordered-by user; description "Broadcast parameters"; leaf name { type jt:ipaddr; description "Broadcast or multicast address to use"; } leaf routing-instance-name { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing intance name in which interface has address in broadcast subnet"; } leaf key { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65534"; } } description "Authentication key"; } leaf version { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4"; } } description "NTP version to use"; } leaf ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "TTL value to transmit"; } } // list broadcast leaf broadcast-client { type empty; description "Listen to broadcast NTP"; } container multicast-client { presence "enable multicast-client"; description "Listen to multicast NTP"; leaf address { type jt:ipaddr; description "Multicast address to listen to"; } } // container multicast-client leaf-list trusted-key { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65534"; } } ordered-by user; description "List of trusted authentication keys"; } list restrict { key "name"; ordered-by user; description "Restrict options"; leaf name { type string; description "Address of a host or network"; } leaf mask { type string; description "Mask address of host or network"; } leaf noquery { type empty; description "Deny ntpq and ntpdc queries"; } } // list restrict container threshold { description "Set the maximum threshold(sec) allowed for NTP adjustment"; leaf value { type union { type string { pattern "<.*>|$.*"; } type int32 { range "1 .. 600"; } } description "The maximum value(sec) allowed for NTP adjustment"; } leaf action { type enumeration { enum "accept" { value 0; description "Enable log mode for abnormal NTP adjustment"; } enum "reject" { value 1; description "Enable reject mode for abnormal NTP adjustment"; } } description "Select actions for NTP abnormal adjustment"; } } // container threshold list source-address { key "name"; ordered-by user; description "Source-Address parameters"; leaf name { type jt:ipaddr; description "Use specified address as source address"; } leaf-list routing-instance { type string; ordered-by user; description "Routing intance name in which source address is defined"; } } // list source-address container nts { description "NTS Configuration"; leaf local-certificate { type string { junos:posix-pattern "^.{1,32}$"; junos:pattern-message "Must be string of 32 characters or less"; } description "Local Certificate ID for NTS-KE server"; } container trusted-ca { description "Specify the trusted CA to use for verifying server certificate"; choice ca { leaf trusted-ca-profile { junos:must "("security pki ca-profile $$")"; junos:must-message "Referenced profile must be defined under [edit security pki ca-profile]"; type string; description "Name of the trusted CA profile to use"; } leaf trusted-ca-group { junos:must "("security pki trusted-ca-group $$")"; junos:must-message "Referenced group must be defined under [edit security pki trusted-ca-group]"; type string; description "Name of the trusted CA group to use"; } } // choice ca } // container trusted-ca } // container nts } // container ntp container node-health-monitor { description "Node Health Monitoring Configuration"; uses apply-advanced; leaf refresh-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 86400"; } } units "seconds"; default "120"; description "Node Health Monitoring Refresh Interval"; } } // container node-health-monitor container master-password { description "Master password for $8$ password-encryption"; uses apply-advanced; leaf iteration-count { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 10000"; } } default "100"; description "Define PBKDF2 iteration count"; } leaf pseudorandom-function { type enumeration { enum "hmac-sha2-256" { value 0; description "HMAC-SHA2-256 authentication algorithm"; } enum "hmac-sha1" { value 1; description "HMAC-SHA1 authentication algorithm"; } enum "hmac-sha2-512" { value 2; description "HMAC-SHA2-512 authentication algorithm"; } } default "hmac-sha2-256"; description "Define PBKDF2 PRF"; } } // container master-password container log-vital { presence "enable log-vital"; description "Log vital configuration"; uses apply-advanced; leaf interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1440"; } } units "minutes"; default "10"; description "Log vital sample interval"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 30"; } } units "days"; default "3"; description "Log vital keeps files of only recent days"; } leaf storage-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } units "percentage"; default "80"; description "Log vital storage limit percentage"; } leaf file-size { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } units "Mbytes"; default "10"; description "Log vital dump file size"; } list add { key "name"; ordered-by user; description "Log vital add in OID"; leaf name { type string { junos:posix-pattern "^([.]?1|[a-zA-Z][a-zA-Z0-9]*)([.]([a-zA-Z]|[0-9]+))*$"; junos:pattern-message "Must be an OID of the form 1.x.y.z... or objname[.x.y.z] where x, y, & z are either numbers or a single letter"; } description "Collect information of the OID"; } uses apply-advanced; container comment { presence "enable comment"; description "Comment of the OID"; uses apply-advanced; leaf comment-string { type string { length "1 .. 40"; } description "Comment of the OID"; } } // container comment } // list add container group { presence "enable group"; description "Log vital group configuration"; uses apply-advanced; leaf operating { type empty; description "Collect operating information"; } leaf idp { type empty; description "Collect IDP information"; } leaf storage { type empty; description "Collect storage information of /var/log/"; } leaf cluster-counter { type empty; description "Collect Cluster Counter information"; } list screen { key "name"; ordered-by user; description "Collect screen counter for the zone"; leaf name { type string { length "1 .. 64"; } description "Name of security zone"; } uses apply-advanced; } // list screen list spu { key "name"; ordered-by user; description "Collect information for the SPU(all/fwdd/nodex.fpcy.picz)"; leaf name { type string { length "1 .. 32"; } description "SPU as 'all', 'fwdd' and 'node0.fpc1.pic1'"; } uses apply-advanced; } // list spu } // container group } // container log-vital container security-profile { description "Security profile for logical-systems"; uses apply-advanced; container resources { presence "enable resources"; uses apply-advanced; leaf cpu-control { type empty; description "Enable CPU utilization control"; } leaf cpu-control-target { type decimal64 { fraction-digits 9; range "0 .. 100"; } units "percent"; default "80.0"; description "Targeted CPU utilization allowed for the whole system"; } } // container resources list profile { key "name"; uses profile_type; } // list profile } // container security-profile } // grouping juniper-system grouping apply-advanced { description "Apply advanced configuration logic"; leaf-list apply-groups { type string; ordered-by user; description "Groups from which to inherit configuration data"; } leaf-list apply-groups-except { type string; ordered-by user; description "Don't inherit configuration data from these groups"; } list apply-macro { key "name"; ordered-by user; description "Macro and parameters for commit script expansion"; uses apply-macro-type; } // list apply-macro } // grouping apply-advanced grouping apply-macro-type { description "Macro data for commit-script expansion"; leaf name { type string; description "Name of the macro to be expanded"; } list data { key "name"; uses macro-data-type; } // list data } // grouping apply-macro-type grouping archive-object { leaf size { type string; units "bytes"; description "Size of files to be archived"; } leaf files { type string; description "Number of files to be archived"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice choice binary-data-choice { leaf binary-data { type empty; description "Mark file as if it contains binary data"; } leaf no-binary-data { type empty; description "Don't mark file as if it contains binary data"; } } // choice binary-data-choice leaf transfer-interval { junos:must "(".. archive-sites")"; junos:must-message "'archive-sites' must also be configured"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "5 .. 2880"; } } units "minutes"; description "Frequency at which to transfer files to archive sites"; } leaf start-time { junos:must "(".. archive-sites")"; junos:must-message "'archive-sites' must also be configured"; type jt:time; description "Start time for file transmission (yyyy-mm-dd.hh:mm)"; } list archive-sites { key "name"; ordered-by user; leaf name { type string; description "Primary and failover URLs to receive archive files"; } leaf password { type jt:unreadable; description "Password for login into the archive site"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } } // list archive-sites } // grouping archive-object grouping arp-interface-type { description "Logical interface on which to configure ARP aging timer"; leaf name { junos:must "("interfaces $$-IFL family inet")"; junos:must-message "Family inet must be configured on this logical interface"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf aging-timer { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 600000"; } } units "minutes"; description "Change the ARP aging time value"; } } // grouping arp-interface-type grouping authentication-object { description "Authentication method"; uses apply-advanced; leaf plain-text-password-value { type string; description "Plain text password"; } leaf encrypted-password { type string { length "1 .. 128"; } description "Encrypted password string"; } leaf no-public-keys { type empty; description "Disables ssh public key based authentication"; } list ssh-rsa { junos:must "(!(".. no-public-keys"))"; junos:must-message "To configure ssh-rsa, 'no-public-keys' should not be configured"; key "name"; ordered-by user; description "Secure shell (ssh) RSA public key string"; leaf name { type string { junos:posix-pattern "^([[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[[:digit:]]+|ssh-rsa[[:space:]]+[[:print:]]+)([[:space:]]+.*){0,1}$"; junos:pattern-message "Must follow SSHv2 or SSHv1 RSA key format"; } description "Secure shell (ssh) RSA public key string"; } leaf from { type string { junos:posix-pattern "^[*.:a-zA-Z0-9,!?_-]+$"; junos:pattern-message "Pattern-list must not contain spaces"; } description "Pattern-list of allowed hosts"; } } // list ssh-rsa list ssh-dsa { junos:must "(!(".. no-public-keys"))"; junos:must-message "To configure ssh-dsa, 'no-public-keys' should not be configured"; key "name"; ordered-by user; status deprecated; description "Secure shell (ssh) DSA public key string"; leaf name { type string { junos:posix-pattern "^ssh-dss[[:space:]]+[[:print:]]+([[:space:]]+.*){0,1}$"; junos:pattern-message "Key format must be 'ssh-dss <base64-encoded-DSA-key> <comment>'"; } description "Secure shell (ssh) DSA public key string"; } leaf from { type string { junos:posix-pattern "^[*.:a-zA-Z0-9,!?_-]+$"; junos:pattern-message "Pattern-list must not contain spaces"; } description "Pattern-list of allowed hosts"; } } // list ssh-dsa list ssh-ecdsa { junos:must "(!(".. no-public-keys"))"; junos:must-message "To configure ssh-ecdsa, 'no-public-keys' should not be configured"; key "name"; ordered-by user; description "Secure shell (ssh) ECDSA public key string"; leaf name { type string { junos:posix-pattern "^ecdsa-sha2-nistp(256|384|521)[[:space:]]+[[:print:]]+([[:space:]]+.*){0,1}$"; junos:pattern-message "Key format must be 'ecdsa-sha2-nistp??? <base64-encoded-ECDSA-key> <comment>'"; } description "Secure shell (ssh) ECDSA public key string"; } leaf from { type string { junos:posix-pattern "^[*.:a-zA-Z0-9,!?_-]+$"; junos:pattern-message "Pattern-list must not contain spaces"; } description "Pattern-list of allowed hosts"; } } // list ssh-ecdsa list ssh-ed25519 { junos:must "(!(".. no-public-keys"))"; junos:must-message "To configure ssh-ed25519, 'no-public-keys' should not be configured"; key "name"; ordered-by user; description "Secure shell (ssh) ED25519 public key string"; leaf name { type string { junos:posix-pattern "^ssh-ed25519[[:space:]]+[[:print:]]+([[:space:]]+.*){0,1}$"; junos:pattern-message "Key format must be 'ssh-ed25519 <base64-encoded-key> <comment>'"; } description "Secure shell (ssh) EC25519 public key string"; } leaf from { type string { junos:posix-pattern "^[*.:a-zA-Z0-9,!?_-]+$"; junos:pattern-message "Pattern-list must not contain spaces"; } description "Pattern-list of allowed hosts"; } } // list ssh-ed25519 } // grouping authentication-object grouping autoconf_traceoptions_type { description "Trace options for autoconfiguration"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of autoconfiguration to enable debugging output"; leaf name { type enumeration { enum "configuration" { value 0; description "Trace configuration"; } enum "interfaces" { value 1; description "Trace interface database"; } enum "io" { value 2; description "Trace interface database"; } enum "rtsock" { value 3; description "Trace routing socket"; } enum "ui" { value 4; description "Trace user interface"; } enum "auth" { value 5; description "Trace VLAN authentication"; } enum "all" { value 6; description "Trace all areas"; } } } } // list flag } // grouping autoconf_traceoptions_type grouping bbe-stats-type { description "Bbe statistics configuration"; uses apply-advanced; } // grouping bbe-stats-type grouping bdbrepd-type { description "Database replication configuration"; uses apply-advanced; container traceoptions { description "Database replication trace options"; uses bdbrepd-traceoptions-type; } // container traceoptions } // grouping bdbrepd-type grouping bdbrepd-traceoptions-type { description "Trace options for Database replication"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Database replication operations to include in debugging trace"; leaf name { type enumeration { enum "database" { value 0; description "Database operations"; } enum "mirror" { value 1; description "Mirror operations"; } enum "replication" { value 2; description "Database replication operations"; } enum "ui" { value 3; description "User Interface operations"; } enum "general" { value 4; description "Miscellaneous operations"; } enum "session-db" { value 5; description "Session database operations"; } enum "server" { value 6; description "Server operations"; } enum "all" { value 7; description "All operations"; } } } } // list flag } // grouping bdbrepd-traceoptions-type grouping daemon-process { leaf name { type string; } choice enable-disable { leaf disable { type empty; description "Disable process"; } } // choice enable-disable leaf failover { type enumeration { enum "other-routing-engine" { value 0; description "On failing, switch mastership to other routing engine"; } enum "alternate-media" { value 1; description "On failing, reboot off alternate media"; } } description "How to handle failure of parameter"; } leaf command { type string { length "1 .. 1024"; } description "Path to binary for process"; } } // grouping daemon-process grouping datapath-traced-traceoptions-type { description "Trace options for DATAPATH-TRACED"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of DATAPATH Trace process to enable debugging output"; leaf name { type enumeration { enum "datapath-traced-infrastructure" { value 0; description "Trace datapath-traced infrastructure code"; } enum "datapath-traced-server" { value 1; description "Trace datapath-traced server functionality code"; } enum "client-management" { value 2; description "Trace datapath-traced client management code"; } enum "all" { value 3; description "Trace all areas of datapath-traced code"; } } } } // list flag } // grouping datapath-traced-traceoptions-type grouping dhcp-traceoptions-type { description "Trace options for DHCP server"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of DHCP server process to enable debugging output"; leaf name { type enumeration { enum "binding" { value 0; description "Trace bindings code"; } enum "config" { value 1; description "Trace configuration code"; } enum "conflict" { value 2; description "Trace conflict detection code"; } enum "event" { value 3; description "Trace event code"; } enum "ifdb" { value 4; description "Trace interface database code"; } enum "io" { value 5; description "Trace I/O code"; } enum "lease" { value 6; description "Trace lease code"; } enum "main" { value 7; description "Trace main loop code"; } enum "misc" { value 8; description "Trace miscellaneous code"; } enum "option" { value 9; description "Trace option code"; } enum "packet" { value 10; description "Trace packet code"; } enum "pool" { value 11; description "Trace pool code"; } enum "protocol" { value 12; description "Trace protocol code"; } enum "relay" { value 13; description "Trace relay code"; } enum "rtsock" { value 14; description "Trace routing socket code"; } enum "scope" { value 15; description "Trace scope code"; } enum "signal" { value 16; description "Trace signal code"; } enum "trace" { value 17; description "Trace tracing code"; } enum "ui" { value 18; description "Trace user interface code"; } enum "all" { value 19; description "Trace all areas of code"; } enum "client" { value 20; description "Trace DHCP client code"; } } } } // list flag } // grouping dhcp-traceoptions-type grouping dynamic-profile-option-object { uses apply-advanced; leaf versioning { type empty; description "Enable dynamic profile versioning"; } } // grouping dynamic-profile-option-object grouping httpd_traceoptions_type { description "Trace options for Web management process"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of HTTPD process to enable debugging output"; leaf name { type enumeration { enum "configuration" { value 0; description "Trace configuration"; } enum "mgd" { value 1; description "Trace MGD requests"; } enum "webauth" { value 2; description "Trace webauth requests"; } enum "dynamic-vpn" { value 3; description "Trace dynamic vpn requests"; } enum "init" { value 4; description "Trace daemon init process"; } enum "all" { value 5; description "Trace all areas"; } } } } // list flag } // grouping httpd_traceoptions_type grouping jdhcp-interface-traceoptions-level-type { description "Interface trace options for DHCP"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Interface trace categories"; leaf name { type enumeration { enum "state" { value 0; description "State-transition operations"; } enum "packet" { value 1; description "Packet-decoding operations"; } enum "flow" { value 2; description "Flow-decoding operations"; } enum "packet-option" { value 3; description "DHCP option-decoding operations"; } enum "dhcpv6-state" { value 4; description "State-transition operations for dhcpv6"; } enum "dhcpv6-packet" { value 5; description "Packet-decoding operations for dhcpv6"; } enum "dhcpv6-packet-option" { value 6; description "DHCP option-decoding operations for dhcpv6"; } enum "all" { value 7; description "All operations"; } } } } // list flag } // grouping jdhcp-interface-traceoptions-level-type grouping jdhcp-local-server-type { uses apply-advanced; container dhcpv6 { description "DHCPv6 configuration"; uses dhcpv6-local-server-type; } // container dhcpv6 list pool-match-order { key "name"; ordered-by user; description "Define order of attribute matching for pool selection"; leaf name { type enumeration { enum "external-authority" { value 0; description "External authority handles address selection"; } enum "ip-address-first" { value 1; description "IP address used first to select a pool"; } enum "option-82" { value 2; description "Option 82 used in matching of pool"; } enum "option-82-strict" { value 3; description "Option 82 used in strict matching of pool"; } } description "Match type"; } uses apply-advanced; } // list pool-match-order container duplicate-clients-in-subnet { junos:must "(!(".. duplicate-clients-on-interface"))"; junos:must-message "Cannot specify duplicate-clients-in-subnet with duplicate-clients-on-interface"; description "Allow duplicate clients in a subnet"; uses jdhcp-duplicate-clients-in-subnet-type; } // container duplicate-clients-in-subnet container forward-snooped-clients { junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))"; junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured"; description "Forward snooped (unicast) packets"; choice interface-type { leaf configured-interfaces { type empty; description "Forward snooped (unicast) packets on configured interfaces"; } leaf non-configured-interfaces { type empty; description "Forward snooped (unicast) packets on non-configured interfaces"; } leaf all-interfaces { type empty; description "Forward snooped (unicast) packets on configured and non-configured interfaces"; } } // choice interface-type } // container forward-snooped-clients container overrides { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'overrides' statement cannot be included along with 'forwarding-options helpers bootp' statement"; presence "enable overrides"; description "DHCP override processing"; uses override-local-server-type; } // container overrides leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'access-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container route-suppression { junos:must "(!(".. liveness-detection method layer2-liveness-detection"))"; junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection"; junos:must "(!(".. overrides no-arp"))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; description "Suppress access-internal and/or destination route addition"; uses dhcp-route-suppression-type; } // container route-suppression list group { junos:must "(!("system services dhcp"))"; junos:must-message "Incompatible with the dhcp server configured under 'system services dhcp'"; junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'group' statement cannot be included along with 'forwarding-options helpers bootp' statement"; key "name"; ordered-by user; description "Define a DHCP local server group"; uses dhcp-local-server-group; } // list group list dual-stack-group { key "name"; description "Define a DHCP dual stack group"; uses dhcp-local-server-dual-stack-group; } // list dual-stack-group container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation seconds"; } container violation-action { description "Lease time validation violation action"; choice violation-action-choice { leaf strict { type empty; description "Reject discover and renew"; } leaf override-lease { type empty; description "Override assigned lease time with threshold"; } } // choice violation-action-choice } // container violation-action } // container lease-time-validation choice requested-ip-check { leaf requested-ip-network-match { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 31"; } } default "8"; description "Subnet to match server's address for active and giaddr for passive clients"; } leaf requested-ip-interface-match { type empty; description "Use incoming-interface's subnet to check"; } } // choice requested-ip-check leaf no-snoop { junos:must "(!("legacy-snooping"))"; junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement"; type empty; description "Do not snoop DHCP packets"; } container allow-leasequery { presence "enable allow-leasequery"; description "Allow DHCP leasequery"; uses server-leasequery-type; } // container allow-leasequery container remote-id-mismatch { junos:must "(!(".. reauthenticate"))"; junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'"; presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container reauthenticate { junos:must "(!(".. remote-id-mismatch"))"; junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'"; junos:must "((".. authentication" || ".. .. authentication"))"; junos:must-message "'authentication' statement must be included with 'reauthenticate'"; description "DHCP client reauthenticate processing"; leaf lease-renewal { type empty; description "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT"; } leaf remote-id-mismatch { type empty; description "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation"; } } // container reauthenticate container allow-bulk-leasequery { presence "enable allow-bulk-leasequery"; description "Allow DHCP bulk leasequery"; uses server-bulk-leasequery-type; } // container allow-bulk-leasequery container allow-active-leasequery { presence "enable allow-active-leasequery"; description "Allow DHCP active leasequery"; uses server-active-leasequery-type; } // container allow-active-leasequery } // grouping jdhcp-local-server-type grouping dhcp-local-server-dual-stack-group { description "DHCP dual stack groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Dual stack group name"; } uses apply-advanced; container authentication { description "DHCP authentication"; uses dual-stack-authentication-type; } // container authentication leaf access-profile { type string { length "1 .. 128"; } description "Access profile to be used for jdhcpd"; } container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf on-demand-address-allocation { type empty; description "Allocate addresses on demand"; } container classification-key { junos:must "(".. dynamic-profile")"; junos:must-message "dynamic profile configuration in dual-stack-group is must for configuring classification-type"; description "Classification key for identifying dual stack household"; uses classification-types; } // container classification-key container protocol-master { description "Select family as protocol master"; uses jdhcp-dual-stack-protocol-mstr-type; } // container protocol-master container liveness-detection { description "DHCP client liveness detection processing"; uses dhcp-liveness-detection-dualstack-type; } // container liveness-detection container reauthenticate { junos:must "(".. on-demand-address-allocation")"; junos:must-message "'on-demand-address-allocation' statement must be included with 'reauthenticate'"; junos:must "(".. authentication")"; junos:must-message "'authentication' statement must be included with 'reauthenticate'"; description "DHCP client reauthenticate processing"; leaf lease-renewal { type empty; description "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT"; } leaf remote-id-mismatch { type empty; description "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation"; } } // container reauthenticate container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // grouping dhcp-local-server-dual-stack-group grouping classification-types { description "Different mechanisms to identify a single household"; uses apply-advanced; leaf mac-address { type empty; description "MAC address of client"; } leaf circuit-id { type empty; description "Circuit-id as key"; } leaf remote-id { type empty; description "Remote-id as key"; } } // grouping classification-types grouping dhcp-liveness-detection-dualstack-type { description "DHCP client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container layer2-liveness-detection { junos:must "((!(".. .. route-suppression") && (!(".. .. .. route-suppression") && !(".. .. .. .. route-suppression"))))"; junos:must-message "Method not allowed with route-suppression enabled"; description "Address resolution options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcp-liveness-detection-dualstack-type grouping dhcp-arp-nud-liveness-detection-type { description "Address Resolution detection options"; uses apply-advanced; leaf transmit-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "300 .. 1800"; } } units "seconds"; default "300"; description "Transmit interval for address resolution"; } leaf max-consecutive-retries { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "3 .. 6"; } } default "3"; description "Retry attempts"; } } // grouping dhcp-arp-nud-liveness-detection-type grouping dhcp-liveness-detection-failure-action-type { description "Liveness detection failure action options"; uses apply-advanced; choice failure-action-type { leaf clear-binding { type empty; description "Clear the client binding"; } leaf clear-binding-if-interface-up { type empty; description "Clear the client binding only if the incoming interface is up"; } leaf log-only { type empty; description "Maintain the client binding and log the failure event"; } } // choice failure-action-type } // grouping dhcp-liveness-detection-failure-action-type grouping dhcp-local-server-group { description "DHCP groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container authentication { description "DHCP authentication"; uses authentication-type; } // container authentication container overrides { presence "enable overrides"; description "DHCP override processing"; uses override-local-server-type; } // container overrides container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container route-suppression { junos:must "(!(".. liveness-detection method layer2-liveness-detection"))"; junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection"; junos:must "((!(".. overrides no-arp") && !(".. .. overrides no-arp")))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; description "Suppress access-internal and/or destination route addition"; uses dhcp-route-suppression-type; } // container route-suppression list interface { key "name"; description "One or more interfaces"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf upto { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface up to"; } leaf exclude { type empty; description "Exclude this interface range"; } container overrides { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "DHCP override processing"; uses override-local-server-type; } // container overrides container dynamic-profile { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // list interface container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation seconds"; } container violation-action { description "Lease time validation violation action"; choice violation-action-choice { leaf strict { type empty; description "Reject discover and renew"; } leaf override-lease { type empty; description "Override assigned lease time with threshold"; } } // choice violation-action-choice } // container violation-action } // container lease-time-validation container remote-id-mismatch { junos:must "(!(".. reauthenticate"))"; junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'"; presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container reauthenticate { junos:must "(!(".. remote-id-mismatch"))"; junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'"; junos:must "((".. authentication" || ".. .. authentication"))"; junos:must-message "'authentication' statement must be included with 'reauthenticate'"; description "DHCP client reauthenticate processing"; leaf lease-renewal { type empty; description "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT"; } leaf remote-id-mismatch { type empty; description "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation"; } } // container reauthenticate } // grouping dhcp-local-server-group grouping authentication-type { description "DHCP authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container option-82 { presence "enable option-82"; description "Include option 82"; leaf circuit-id { type empty; description "Include option 82 circuit-id (sub option 1)"; } leaf remote-id { type empty; description "Include option 82 remote-id (sub option 2)"; } } // container option-82 leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id leaf option-60 { type empty; description "Include option 60"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping authentication-type grouping dhcp-remote-id-mismatch-type { description "DHCP client remote-id-mismatch processing"; uses apply-advanced; leaf disconnect { type empty; description "Disconnect session on remote-id mismatch"; } } // grouping dhcp-remote-id-mismatch-type grouping dhcp-route-suppression-type { uses apply-advanced; choice dhcp-route-suppression-choice { leaf access-internal { type empty; description "Suppress access-internal and destination route addition"; } leaf destination { type empty; description "Suppress destination route addition"; } } // choice dhcp-route-suppression-choice } // grouping dhcp-route-suppression-type grouping dhcpv6-local-server-type { uses apply-advanced; container authentication { description "DHCPv6 authentication"; uses dhcpv6-authentication-type; } // container authentication container liveness-detection { description "DHCPv6 client liveness detection processing"; uses dhcpv6-liveness-detection-type; } // container liveness-detection container reconfigure { presence "enable reconfigure"; description "DHCPv6 reconfigure processing"; uses dhcpv6-reconfigure-type; } // container reconfigure container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile container forward-snooped-clients { junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))"; junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured"; description "Forward snooped (unicast) packets"; choice interface-type { leaf configured-interfaces { type empty; description "Forward snooped (unicast) packets on configured interfaces"; } leaf non-configured-interfaces { type empty; description "Forward snooped (unicast) packets on non-configured interfaces"; } leaf all-interfaces { type empty; description "Forward snooped (unicast) packets on configured and non-configured interfaces"; } } // choice interface-type } // container forward-snooped-clients leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { presence "enable overrides"; description "DHCPv6 override processing"; uses dhcpv6-override-local-server-type; } // container overrides container route-suppression { description "Suppress access-internal and/or access route addition"; uses dhcpv6-route-suppression-type; } // container route-suppression list group { key "name"; ordered-by user; description "Define a DHCPv6 local server group"; uses dhcpv6-local-server-group; } // list group container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation seconds"; } container violation-action { description "Lease time validation violation action"; choice violation-action-choice { leaf strict { type empty; description "Reject solicit and renew"; } leaf override-lease { type empty; description "Override assigned lease time with threshold"; } } // choice violation-action-choice } // container violation-action } // container lease-time-validation choice requested-ip-check { leaf requested-ip-network-match { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 127"; } } default "16"; description "Subnet to match server's address for active and link-address for passive clients"; } leaf requested-ip-interface-match { type empty; description "Use incoming-interface's subnet to check"; } } // choice requested-ip-check leaf no-snoop { junos:must "(!("legacy-snooping"))"; junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement"; type empty; description "Do not snoop DHCPV6 packets"; } container server-duid-type { description "Define the DUID type to be used as the Server ID. Type supported is DUID-LL"; uses duid-type; } // container server-duid-type container remote-id-mismatch { junos:must "(!(".. reauthenticate"))"; junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'"; presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container reauthenticate { junos:must "(!(".. remote-id-mismatch"))"; junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'"; junos:must "((".. authentication" || ".. .. authentication"))"; junos:must-message "'authentication' statement must be included with 'reauthenticate'"; description "DHCP client reauthenticate processing"; leaf lease-renewal { type empty; description "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT"; } leaf remote-id-mismatch { type empty; description "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation"; } } // container reauthenticate container allow-leasequery { presence "enable allow-leasequery"; description "Allow DHCPv6 leasequery"; uses server-leasequery-type; } // container allow-leasequery container allow-bulk-leasequery { presence "enable allow-bulk-leasequery"; description "Allow DHCPv6 bulk leasequery"; uses server-bulk-leasequery-type; } // container allow-bulk-leasequery container allow-active-leasequery { presence "enable allow-active-leasequery"; description "Allow DHCPv6 active leasequery"; uses server-active-leasequery-type; } // container allow-active-leasequery container duplicate-clients { description "Allow duplicate clients"; uses dhcpv6-duplicate-clients-type; } // container duplicate-clients container dynamic-server { description "DHCPv6 dynamic server configuration"; uses dhcpv6-dynamic-server-type; } // container dynamic-server } // grouping dhcpv6-local-server-type grouping dhcpv6-authentication-type { description "DHCPv6 authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "Include the relay agent remote ID"; uses apply-advanced; choice relay-agent-remote-id-choice { leaf enterprise-id { type empty; status deprecated; description "Only use enterprise-id portion of option-37"; } leaf remote-id { type empty; status deprecated; description "Only use remote-id portion of option-37"; } } // choice relay-agent-remote-id-choice } // container relay-agent-remote-id leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } leaf relay-agent-subscriber-id { type empty; description "Include the relay agent subscriber ID"; } leaf relay-agent-interface-id { type empty; description "Include the relay agent interface ID"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping dhcpv6-authentication-type grouping dhcpv6-duplicate-clients-type { description "Allow duplicate clients"; choice distinguish-with { leaf incoming-interface { type empty; description "Allow duplicate clients on different underlying interfaces"; } } // choice distinguish-with } // grouping dhcpv6-duplicate-clients-type grouping dhcpv6-dynamic-server-type { uses apply-advanced; container overrides { presence "enable overrides"; description "DHCPv6 override processing"; uses dhcpv6-override-dynamic-server-type; } // container overrides list group { key "name"; ordered-by user; description "Define a DHCPv6 dynamic server group"; uses dhcpv6-dynamic-server-group; } // list group } // grouping dhcpv6-dynamic-server-type grouping dhcpv6-dynamic-server-group { description "DHCP dynamic server groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; leaf neighbor-discovery-router-advertisement { type string { length "1 .. 64"; } description "Designated NDRA pool for this group"; } container overrides { presence "enable overrides"; description "DHCP override processing"; uses dhcpv6-override-dynamic-server-type; } // container overrides list interface { key "name"; description "One or more interfaces"; leaf name { junos:must "(!(any "system services dhcp-local-server dhcpv6 group <*> interface $$"))"; junos:must-message "DHCP dynamic server and dhcp local server cannot be started on the same interface"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; container overrides { description "DHCP override processing"; uses dhcpv6-override-dynamic-server-type; } // container overrides } // list interface } // grouping dhcpv6-dynamic-server-group grouping dhcpv6-liveness-detection-type { description "DHCPv6 client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container bfd { description "Bidirectional Forwarding Detection (BFD) options"; uses dhcp-bfd-liveness-detection-type; } // container bfd container layer2-liveness-detection { description "Neighbor discovery options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcpv6-liveness-detection-type grouping dhcp-bfd-liveness-detection-type { description "Bidirectional Forwarding Detection (BFD) options"; uses apply-advanced; leaf version { type enumeration { enum "0" { value 0; description "BFD version 0 (deprecated)"; } enum "1" { value 1; description "BFD version 1"; } enum "automatic" { value 2; description "Choose BFD version automatically"; } } default "automatic"; description "BFD protocol version number"; } leaf minimum-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum transmit and receive interval"; } leaf minimum-transmit-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; status deprecated; description "Minimum transmit interval"; } leaf minimum-receive-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum receive interval"; } leaf multiplier { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } default "3"; description "Detection time multiplier"; } choice adaptation-choice { leaf no-adaptation { type empty; description "Disable adaptation"; } } // choice adaptation-choice container transmit-interval { description "Transmit-interval options"; uses apply-advanced; leaf minimum-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum transmit interval"; } leaf threshold { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "milliseconds"; description "High transmit interval triggering a trap"; } } // container transmit-interval container detection-time { description "Detection-time options"; uses apply-advanced; leaf threshold { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "milliseconds"; description "High detection-time triggering a trap"; } } // container detection-time leaf session-mode { type enumeration { enum "automatic" { value 0; description "Choose session-mode automatically"; } enum "single-hop" { value 1; description "Use single-hop"; } enum "multihop" { value 2; description "Use multihop"; } } default "automatic"; description "BFD single-hop or multihop session-mode"; } leaf holddown-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 255000"; } } units "milliseconds"; default "0"; description "Time to hold the session-UP notification to the client"; } } // grouping dhcp-bfd-liveness-detection-type grouping dhcpv6-local-server-group { description "DHCP groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container authentication { description "DHCP authentication"; uses dhcpv6-authentication-type; } // container authentication container liveness-detection { description "DHCPv6 client liveness detection processing"; uses dhcpv6-liveness-detection-type; } // container liveness-detection container reconfigure { presence "enable reconfigure"; description "DHCPv6 reconfigure processing"; uses dhcpv6-reconfigure-type; } // container reconfigure container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { presence "enable overrides"; description "DHCP override processing"; uses dhcpv6-override-local-server-type; } // container overrides container route-suppression { description "Suppress access-internal and/or access route addition"; uses dhcpv6-route-suppression-type; } // container route-suppression list interface { key "name"; description "One or more interfaces"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf upto { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface up to"; } leaf exclude { type empty; description "Exclude this interface range"; } leaf trace { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify tracing with exclude"; type empty; description "Enable tracing for this interface"; } container overrides { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "DHCP override processing"; uses dhcpv6-override-local-server-type; } // container overrides container dynamic-profile { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // list interface container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation seconds"; } container violation-action { description "Lease time validation violation action"; choice violation-action-choice { leaf strict { type empty; description "Reject solicit and renew"; } leaf override-lease { type empty; description "Override assigned lease time with threshold"; } } // choice violation-action-choice } // container violation-action } // container lease-time-validation container remote-id-mismatch { junos:must "(!(".. reauthenticate"))"; junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'"; presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container reauthenticate { junos:must "(!(".. remote-id-mismatch"))"; junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'"; junos:must "((".. authentication" || ".. .. authentication"))"; junos:must-message "'authentication' statement must be included with 'reauthenticate'"; description "DHCP client reauthenticate processing"; leaf lease-renewal { type empty; description "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT"; } leaf remote-id-mismatch { type empty; description "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation"; } } // container reauthenticate } // grouping dhcpv6-local-server-group grouping dhcpv6-override-dynamic-server-type { description "DHCP override processing"; uses apply-advanced; leaf interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of clients allowed on an interface"; } leaf rapid-commit { type empty; description "Enable rapid commit processing"; } container process-inform { presence "enable process-inform"; description "Process INFORMATION request PDUs"; uses apply-advanced; leaf pool { type string { length "1 .. 64"; } description "Pool name for family inet6"; } } // container process-inform leaf delegated-pool { type string { length "1 .. 64"; } description "Delegated pool name for inet6"; } leaf ia-na-pool { type string { length "1 .. 64"; } description "IA_NA pool name for inet6"; } } // grouping dhcpv6-override-dynamic-server-type grouping dhcpv6-override-local-server-type { description "DHCP override processing"; uses apply-advanced; leaf interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of clients allowed on an interface"; } leaf rapid-commit { type empty; description "Enable rapid commit processing"; } container client-negotiation-match { description "Use secondary match criteria for SOLICIT PDU"; choice match-with { leaf incoming-interface { type empty; description "Use incoming interface"; } } // choice match-with } // container client-negotiation-match container process-inform { presence "enable process-inform"; description "Process INFORMATION request PDUs"; uses apply-advanced; leaf pool { type string { length "1 .. 64"; } description "Pool name for family inet6"; } } // container process-inform container delay-advertise { presence "enable delay-advertise"; description "Filter options for dhcp-server"; uses dhcpv6-filter-option; } // container delay-advertise leaf delegated-pool { type string { length "1 .. 64"; } description "Delegated pool name for inet6"; } leaf multi-address-embedded-option-response { type empty; description "If the client requests multiple addresses place the options in each address"; } leaf always-process-option-request-option { type empty; description "Always process option even after address allocation failure"; } leaf delete-binding-on-renegotiation { type empty; description "Delete binding on renegotiation"; } leaf top-level-status-code { type empty; description "A top level status code option rather than encapsulated in IA for NoAddrsAvail in Advertise PDUs"; } leaf always-add-option-dns-server { type empty; description "Add option-23, DNS recursive name server in Advertise and Reply"; } leaf asymmetric-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced lease time for the client. In seconds"; } leaf asymmetric-prefix-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced prefix lease time for the client. In seconds"; } leaf protocol-attributes { type string { length "1 .. 64"; } description "DHCPv6 attributes to use as defined under access protocol-attributes"; } leaf dual-stack { type string { length "1 .. 64"; } description "Dual stack group to use"; } } // grouping dhcpv6-override-local-server-type grouping dhcpv6-filter-option { description "Generic DHCPv6 filter processing"; uses apply-advanced; leaf delay-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 30"; } } units "seconds"; default "3"; description "Time delay between solicit and advertise"; } container based-on { description "Option number"; uses apply-advanced; container option-18 { presence "enable option-18"; description "Option 18"; uses apply-advanced; container equals { description "Generic option equals"; uses server-v6-option-ascii-hex; } // container equals container not-equals { description "Generic option not equals"; uses server-v6-option-ascii-hex; } // container not-equals container starts-with { description "Generic option starts-with"; uses server-v6-option-ascii-hex; } // container starts-with } // container option-18 container option-37 { presence "enable option-37"; description "Option 37"; uses apply-advanced; container equals { description "Generic option equals"; uses server-v6-option-ascii-hex; } // container equals container not-equals { description "Generic option not equals"; uses server-v6-option-ascii-hex; } // container not-equals container starts-with { description "Generic option starts-with"; uses server-v6-option-ascii-hex; } // container starts-with } // container option-37 container option-15 { presence "enable option-15"; description "Option 15"; uses apply-advanced; container equals { description "Generic option equals"; uses server-v6-option-ascii-hex; } // container equals container not-equals { description "Generic option not equals"; uses server-v6-option-ascii-hex; } // container not-equals container starts-with { description "Generic option starts-with"; uses server-v6-option-ascii-hex; } // container starts-with } // container option-15 container option-16 { presence "enable option-16"; description "Option 16"; uses apply-advanced; container equals { description "Generic option equals"; uses server-v6-option-ascii-hex; } // container equals container not-equals { description "Generic option not equals"; uses server-v6-option-ascii-hex; } // container not-equals container starts-with { description "Generic option starts-with"; uses server-v6-option-ascii-hex; } // container starts-with } // container option-16 } // container based-on } // grouping dhcpv6-filter-option grouping dhcpv6-reconfigure-type { description "DHCPv6 reconfigure processing"; uses apply-advanced; leaf strict { type empty; description "Only allow packets containing Reconfigure Accept Option"; } leaf clear-on-abort { type empty; description "Delete client on reconfiguration abort"; } leaf attempts { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } description "Number of reconfigure attempts before aborting"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } description "Initial timeout value for retry"; } leaf token { type string { length "1 .. 244"; } description "Reconfigure token"; } container trigger { description "DHCP reconfigure trigger"; uses reconfigure-trigger-type; } // container trigger leaf support-option-pd-exclude { type empty; description "Request prefix exclude option in reconfigure message"; } } // grouping dhcpv6-reconfigure-type grouping dhcpv6-route-suppression-type { description "Suppress access-internal and/or access route addition"; leaf access { type empty; description "Suppress access route addition"; } leaf access-internal { type empty; description "Suppress access-internal route addition"; } } // grouping dhcpv6-route-suppression-type grouping dual-stack-authentication-type { description "DHCP dual stack authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id leaf relay-agent-remote-id { type empty; description "Include the relay agent remote ID"; } leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } leaf relay-agent-interface-id { type empty; description "Include the relay agent interface ID"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping dual-stack-authentication-type grouping duid-type { uses apply-advanced; leaf duid_ll { type empty; description "Link Layer Address based DUID "; } } // grouping duid-type grouping dynamic-profile-type { description "Dynamic profile to use"; uses apply-advanced; leaf dynamic-profile { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string { length "1 .. 80"; } description "Dynamic profile to use"; } choice dynamic-profile-type-choice { leaf use-primary { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string { length "1 .. 80"; } description "Dynamic profile to use on the primary interface"; } container aggregate-clients { presence "enable aggregate-clients"; description "Aggregate client profiles"; uses apply-advanced; choice aggregate-type { leaf merge { type empty; description "Merge the client dynamic profiles"; } leaf replace { type empty; description "Replace client dynamic profiles"; } } // choice aggregate-type } // container aggregate-clients } // choice dynamic-profile-type-choice } // grouping dynamic-profile-type grouping jdhcp-dual-stack-protocol-mstr-type { description "Select family as protocol master"; choice addr-fam { leaf inet { type empty; description "INET family has protocol master behavior"; } leaf inet6 { type empty; description "INET6 family has protocol master behavior"; } } // choice addr-fam } // grouping jdhcp-dual-stack-protocol-mstr-type grouping jdhcp-duplicate-clients-in-subnet-type { description "Allow duplicate clients in a subnet"; choice distinguish-with { leaf incoming-interface { type empty; description "Allow duplicate clients on different interfaces in a subnet"; } leaf option-82 { type empty; description "Allow duplicate clients using different option-82 options in a subnet"; } } // choice distinguish-with } // grouping jdhcp-duplicate-clients-in-subnet-type grouping jdhcp-traceoptions-level-type { description "Trace options for DHCP"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "DHCP operations to include in debugging trace"; leaf name { type enumeration { enum "state" { value 0; description "State-transition operations"; } enum "packet" { value 1; description "Packet-decoding operations"; } enum "flow" { value 2; description "Flow-decoding operations"; } enum "packet-option" { value 3; description "DHCP option-decoding operations"; } enum "dhcpv6-state" { value 4; description "State-transition operations for dhcpv6"; } enum "dhcpv6-packet" { value 5; description "Packet-decoding operations for dhcpv6"; } enum "dhcpv6-packet-option" { value 6; description "DHCP option-decoding operations for dhcpv6"; } enum "all" { value 7; description "All operations"; } enum "database" { value 8; description "Database operations"; } enum "persistent" { value 9; description "Persitent file operations"; } enum "lockout-db" { value 10; description "Lockout database operations"; } enum "interface" { value 11; description "Interface operations"; } enum "rtsock" { value 12; description "Routing socket operations"; } enum "flow-notify" { value 13; description "Flow notification operations"; } enum "io" { value 14; description "I/O operations"; } enum "ha" { value 15; description "High Availability-related operations"; } enum "ui" { value 16; description "User Interface operations"; } enum "general" { value 17; description "Miscellaneous operations"; } enum "fwd" { value 18; description "Firewall process operations"; } enum "rpd" { value 19; description "Routing Protocol process operations"; } enum "auth" { value 20; description "Authentication operations"; } enum "profile" { value 21; description "Profile operations"; } enum "session-db" { value 22; description "Session database operations"; } enum "performance" { value 23; description "Performance measurement operations"; } enum "statistics" { value 24; description "Baseline statistics operations"; } enum "dhcpv6-io" { value 25; description "I/O operations for dhcpv6"; } enum "dhcpv6-rpd" { value 26; description "Routing Protocol process operations for dhcpv6"; } enum "dhcpv6-session-db" { value 27; description "Session database operations for dhcpv6"; } enum "dhcpv6-general" { value 28; description "Miscellaneous operations for dhcpv6"; } enum "liveness-detection" { value 29; description "Liveness detection operations"; } enum "security-persistence" { value 30; description "Liveness detection operations"; } enum "mclag" { value 31; description "Multichassis LAG"; } enum "ra-guard" { value 32; description "DHCP RA guard option for dhcpv6"; } } } } // list flag } // grouping jdhcp-traceoptions-level-type grouping jet_scripts_file_type { leaf name { type string { junos:posix-pattern "!/"; junos:pattern-message "file name cannot contain a '/'"; length "1 .. 254"; } description "Local filename of the script file"; } uses apply-advanced; container checksum { description "Checksum of this script"; uses apply-advanced; leaf sha-256 { type string { length "1 .. 254"; } description "SHA-256 checksum of this script"; } } // container checksum leaf arguments { type string; description "Command line arguments to JET application"; } leaf daemonize { type empty; description "Runs application as daemon"; } leaf interpreter { type enumeration { enum "python" { value 0; description "Runs application using on-box python"; } enum "python3" { value 1; description "Runs application using on-box python3"; } enum "bash" { value 2; description "Runs application using on-box bash"; } } description "Runs application using on-box <python|python3|bash>"; } leaf respawn-on-normal-exit { type empty; description "Respawn application on normal exit"; } leaf username { type string { junos:posix-pattern "^[[:alnum:]_]{1,}[.]{0,1}[[:alnum:]_-]{0,}[.]{0,1}[[:alnum:]_-]{0,}$"; junos:pattern-message "Must contain characters (alphanumerics, underscores or hyphens) beginning with an alphanumeric or an underscore character."; } description "User under whose privileges extension service will execute"; } leaf source { type string { length "1 .. 254"; } description "URL of source for this script"; } leaf cert-file { junos:must "(".. source")"; junos:must-message "source must be defined"; type string; description "Specify the certificate file name"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } container traceoptions { description "Trace options per application"; uses script_traceoptions; } // container traceoptions leaf refresh { type empty; description "Refresh all operation scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all operation scripts from a given base URL"; } } // grouping jet_scripts_file_type grouping jsscd-static-subscribers-type { uses apply-advanced; container access-profile { description "Access profile reference"; uses jsscd-access-profile-type; } // container access-profile container dynamic-profile { description "Dynamic profile reference"; uses jsscd-dynamic-profile-type; } // container dynamic-profile container service-profile { description "Dynamic profile to use for default service activation"; uses jsscd-service-profile-type; } // container service-profile container authentication { description "Static Subscriber Client authentication"; uses jsscd-authentication-type; } // container authentication list group { key "name"; ordered-by user; description "Static Subscriber Client group configuration"; uses jsscd-group-type; } // list group leaf auto-login { type empty; description "Auto login the operator logged-out static subscribers"; } leaf baseline-stats { type empty; description "Baseline the statistics for static subscribers"; } list interface { key "name"; description "One or more interfaces"; leaf name { junos:must "((".. subscriber-ip-address" || ".. subscriber-ipv6-address"))"; junos:must-message "subscriber ip or ipv6 address must be configured"; type union { type jt:interface-unit; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; container subscriber-ip-address { description "Assigned IP address to report externally"; uses apply-advanced; leaf address { type jt:ipv4addr; description "IPv4 address"; } } // container subscriber-ip-address container subscriber-ipv6-address { description "Assigned IPv6 address to report externally"; uses apply-advanced; leaf address { type jt:ipv6prefix; description "IPv6 Address or Prefix"; } } // container subscriber-ipv6-address } // list interface } // grouping jsscd-static-subscribers-type grouping jsscd-access-profile-type { description "Access profile for static subscribers"; uses apply-advanced; leaf access-profile-name { junos:must "("access profile $$")"; junos:must-message "referenced access profile must be defined"; type string; description "Profile name"; } } // grouping jsscd-access-profile-type grouping jsscd-authentication-type { description "Static Subscriber Client authentication"; uses apply-advanced; leaf password { type jt:unreadable; description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf interface { type empty; description "Include interface name"; } leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } leaf vlan-tags { type empty; description "Include vlan tag(s)"; } } // container username-include } // grouping jsscd-authentication-type grouping jsscd-dynamic-profile-type { description "Dynamic profile to use"; uses apply-advanced; leaf dynamic-profile-name { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string { length "1 .. 80"; } description "Dynamic profile to use"; } container aggregate-clients { presence "enable aggregate-clients"; description "Aggregate client profiles"; uses apply-advanced; choice aggregate-type { leaf merge { type empty; description "Merge the client dynamic profiles"; } leaf replace { type empty; description "Replace client dynamic profiles"; } } // choice aggregate-type } // container aggregate-clients } // grouping jsscd-dynamic-profile-type grouping jsscd-group-type { leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container service-profile { description "Dynamic profile to use for default service activation"; uses jsscd-service-profile-type; } // container service-profile container access-profile { description "Access profile reference"; uses jsscd-access-profile-type; } // container access-profile container dynamic-profile { description "Dynamic profile reference"; uses jsscd-dynamic-profile-type; } // container dynamic-profile container authentication { description "Static Subscriber Client authentication"; uses jsscd-authentication-type; } // container authentication list interface { key "name"; description "One or more interfaces"; leaf name { type union { type jt:interface-unit; type string { pattern "<.*>|$.*"; } } description "Interface name"; } leaf upto { type union { type jt:interface-unit; type string { pattern "<.*>|$.*"; } } description "Interface up to"; } leaf exclude { type empty; description "Exclude this interface range"; } } // list interface leaf auto-login { type empty; description "Auto login the operator logged-out static subscribers"; } } // grouping jsscd-group-type grouping jsscd-service-profile-type { description "Service profile for static subscribers"; uses apply-advanced; leaf service-profile-name { junos:must "("dynamic-profiles $$")"; junos:must-message "referenced service profile must be defined"; type string { length "1 .. 80"; } description "Service profile name"; } } // grouping jsscd-service-profile-type grouping license-object { description "License configuration for this router"; uses apply-advanced; container traceoptions { description "Trace options for licenses"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "all" { value 0; description "Trace all operations"; } enum "events" { value 1; description "Trace licensing events and their processing"; } enum "config" { value 2; description "Trace license configuration processing"; } } } } // list flag } // container traceoptions container keys { presence "enable keys"; description "License keys"; uses apply-advanced; list key { key "name"; ordered-by user; description "License key"; leaf name { type string; description "License key"; } uses apply-advanced; } // list key } // container keys choice mode-selection { leaf standalone-mode { type empty; description "Forcing the node to standalone licensing"; } } // choice mode-selection } // grouping license-object grouping location-type { uses apply-advanced; leaf country-code { type string; description "Two-letter country code"; } leaf postal-code { type string; description "Zip code or postal code"; } leaf npa-nxx { type string; description "First six digits of phone number (area code plus exchange)"; } leaf latitude { type string; description "Latitude in degree format"; } leaf longitude { type string; description "Longitude in degree format"; } leaf altitude { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Feet above (or below) sea level"; } leaf lata { type string; description "Local access transport area"; } leaf vcoord { type string; description "Bellcore vertical coordinate"; } leaf hcoord { type string; description "Bellcore horizontal coordinate"; } leaf building { type string; description "Building name"; } leaf floor { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Floor of the building"; } leaf rack { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Rack number"; } list lcc { key "name"; description "Line-card chassis location"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 3"; } } description "LCC number"; } uses apply-advanced; leaf floor { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Floor of the building"; } leaf rack { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Rack number"; } } // list lcc } // grouping location-type grouping login-class-object { leaf name { type string { junos:posix-pattern "^[[:alnum:]_-]+$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores"; } description "Login class name"; } uses apply-advanced; leaf-list allowed-days { type enumeration { enum "sunday" { value 0; description "Sunday"; } enum "monday" { value 1; description "Monday"; } enum "tuesday" { value 2; description "Tuesday"; } enum "wednesday" { value 3; description "Wednesday"; } enum "thursday" { value 4; description "Thursday"; } enum "friday" { value 5; description "Friday"; } enum "saturday" { value 6; description "Saturday"; } } ordered-by user; description "Day(s) of week when access is allowed."; } leaf access-start { junos:must "(!(".. access-end $$"))"; junos:must-message "Both access-start and access-end cannot hold the same time values."; junos:must "(".. access-end")"; junos:must-message "access-end time must be configured"; type jt:time-of-day; description "Start time for remote access (hh:mm)"; } leaf access-end { junos:must "(".. access-start")"; junos:must-message "access-start time must be configured"; type jt:time-of-day; description "End time for remote access (hh:mm)"; } leaf idle-timeout { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "minutes"; description "Maximum idle time before logout"; } leaf logical-system { junos:must "("logical-systems $$")"; junos:must-message "Referenced logical system must be configured"; type string; description "Logical system associated with login"; } leaf tenant { junos:must "((any "logical-systems <*> tenants $$" || "tenants $$"))"; junos:must-message "Referenced tenant must be configured"; type string; description "Tenant associated with this login"; } leaf login-alarms { type empty; description "Display system alarms when logging in"; } leaf login-script { junos:must "("system scripts op file $$")"; junos:must-message "Login script must be configured as op-script"; type string; description "Execute this login-script when logging in"; } leaf login-tip { type empty; description "Display tip when logging in"; } leaf no-scp-server { type empty; description "Disable incoming SCP connections"; } leaf no-sftp-server { type empty; description "Disable incoming SFTP connections"; } leaf-list permissions { type string; ordered-by user; } leaf allow-commands { junos:must "((!(".. allow-commands-regexps") && !(".. deny-commands-regexps")))"; junos:must-message "'*-commands' and '*-commands-regexps' are mutually exclusive"; type jt:regular-expression; description "Regular expression for commands to allow explicitly"; } leaf deny-commands { junos:must "((!(".. allow-commands-regexps") && !(".. deny-commands-regexps")))"; junos:must-message "'*-commands' and '*-commands-regexps' are mutually exclusive"; type jt:regular-expression; description "Regular expression for commands to deny explicitly"; } leaf allow-configuration { junos:must "((!(".. allow-configuration-regexps") && !(".. deny-configuration-regexps")))"; junos:must-message "'*-configuration' and '*-configuration-regexps' are mutually exclusive"; type jt:regular-expression; description "Regular expression for configure to allow explicitly"; } leaf deny-configuration { junos:must "((!(".. allow-configuration-regexps") && !(".. deny-configuration-regexps")))"; junos:must-message "'*-configuration' and '*-configuration-regexps' are mutually exclusive"; type jt:regular-expression; description "Regular expression for configure to deny explicitly"; } leaf-list allow-commands-regexps { junos:must "((!(".. allow-commands") && !(".. deny-commands")))"; junos:must-message "'*-commands' and '*-commands-regexps' are mutually exclusive"; type string; ordered-by user; description "Object path regular expressions to allow commands"; } leaf-list deny-commands-regexps { junos:must "((!(".. allow-commands") && !(".. deny-commands")))"; junos:must-message "'*-commands' and '*-commands-regexps' are mutually exclusive"; type string; ordered-by user; description "Object path regular expressions to deny commands"; } leaf-list allow-configuration-regexps { junos:must "((!(".. allow-configuration") && !(".. deny-configuration")))"; junos:must-message "'*-configuration' and '*-configuration-regexps' are mutually exclusive"; type string; ordered-by user; description "Object path regular expressions to allow"; } leaf-list deny-configuration-regexps { junos:must "((!(".. allow-configuration") && !(".. deny-configuration")))"; junos:must-message "'*-configuration' and '*-configuration-regexps' are mutually exclusive"; type string; ordered-by user; description "Object path regular expressions to deny"; } leaf configuration-breadcrumbs { type empty; description "Enable breadcrumbs during display of configuration"; } list confirm-commands { key "name"; ordered-by user; description "List of commands to be confirmed explicitly"; leaf name { type jt:regular-expression; description "Regular expression for confirm commands"; } uses apply-advanced; leaf message { type string; description "Message to be displayed during confirmation"; } } // list confirm-commands choice hidden-commands { leaf allow-hidden-commands { type empty; description "Allow all hidden commands to be executed"; } container no-hidden-commands { description "Deny all hidden commands with exemptions"; uses apply-advanced; list except { key "name"; ordered-by user; description "Specify the list of hidden command to be exempted"; leaf name { type string; description "Exempted hidden command(s)"; } uses apply-advanced; } // list except } // container no-hidden-commands } // choice hidden-commands container cli { uses apply-advanced; leaf prompt { type string { length "1 .. 255"; } description "Cli prompt name for this class"; } } // container cli leaf security-role { type enumeration { enum "audit-administrator" { value 0; description "Audit administrator"; } enum "crypto-administrator" { value 1; description "Cryptographic administrator"; } enum "ids-administrator" { value 2; description "IDS administrator"; } enum "security-administrator" { value 3; description "Security administrator"; } } description "Common Criteria security role"; } } // grouping login-class-object grouping login-user-object { leaf name { type string { junos:posix-pattern "^[[:alnum:]_]{1,}[.]{0,1}[[:alnum:]_-]{0,}[.]{0,1}[[:alnum:]_-]{0,}$"; junos:pattern-message "Must contain characters (alphanumerics, underscores or hyphens) beginning with an alphanumeric or an underscore character."; } description "User name (login)"; } uses apply-advanced; leaf full-name { type string { junos:posix-pattern "![: ]"; junos:pattern-message "Field cannot contain colons or new lines"; } description "Full name"; } container cli { uses apply-advanced; leaf prompt { type string { length "1 .. 255"; } description "Cli prompt name for this user"; } } // container cli leaf uid { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "100 .. 64000"; } } description "User identifier (uid)"; } leaf class { type string { junos:posix-pattern "^[[:alnum:]_-]+$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores"; } description "Login class"; } container authentication { description "Authentication method"; uses authentication-object; } // container authentication } // grouping login-user-object grouping macro-data-type { leaf name { type string; description "Keyword part of the keyword-value pair"; } leaf value { type string; description "Value part of the keyword-value pair"; } } // grouping macro-data-type grouping nameserver-object { leaf name { type jt:ipaddr; description "DNS name server address"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance through which server is reachable"; } leaf source-address { type jt:ipaddr; description "Source address for requests to this DNS server"; } } // grouping nameserver-object grouping override-local-server-type { description "DHCP override processing"; uses apply-advanced; leaf bootp-support { type empty; description "Allow processing of bootp requests"; } container delay-offer { description "Filter options for dhcp-server"; uses dhcpv4-filter-option; } // container delay-offer container process-inform { presence "enable process-inform"; description "Process INFORM PDUs"; uses apply-advanced; leaf pool { type string { length "1 .. 64"; } description "Pool name for family inet"; } } // container process-inform container include-option-82 { description "Include option-82 in reply packets"; uses apply-advanced; leaf nak { type empty; description "Include option-82 in NAK"; } leaf forcerenew { type empty; description "Include option-82 in FORCERENEW"; } } // container include-option-82 leaf delete-binding-on-renegotiation { type empty; description "Delete binding on renegotiation"; } leaf allow-no-end-option { type empty; description "Allow packets without end-of-option"; } leaf asymmetric-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced lease time for the client. In seconds"; } leaf protocol-attributes { type string { length "1 .. 64"; } description "DHCPv4 attributes to use as defined under access protocol-attributes"; } leaf dual-stack { type string { length "1 .. 64"; } description "Dual stack group to use"; } } // grouping override-local-server-type grouping dhcpv4-filter-option { description "Generic DHCPv4 filter processing"; uses apply-advanced; leaf delay-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 30"; } } units "seconds"; default "3"; description "Time delay between discover and offer"; } container based-on { description "Option number"; uses apply-advanced; container option-82 { presence "enable option-82"; description "Option 82"; uses apply-advanced; container equals { description "Generic option equals"; uses server-v6-option-ascii-hex; } // container equals container not-equals { description "Generic option not equals"; uses server-v6-option-ascii-hex; } // container not-equals container starts-with { description "Generic option starts-with"; uses server-v6-option-ascii-hex; } // container starts-with } // container option-82 container option-60 { presence "enable option-60"; description "Option 60"; uses apply-advanced; container equals { description "Generic option equals"; uses server-v6-option-ascii-hex; } // container equals container not-equals { description "Generic option not equals"; uses server-v6-option-ascii-hex; } // container not-equals container starts-with { description "Generic option starts-with"; uses server-v6-option-ascii-hex; } // container starts-with } // container option-60 container option-77 { presence "enable option-77"; description "Option 77"; uses apply-advanced; container equals { description "Generic option equals"; uses server-v6-option-ascii-hex; } // container equals container not-equals { description "Generic option not equals"; uses server-v6-option-ascii-hex; } // container not-equals container starts-with { description "Generic option starts-with"; uses server-v6-option-ascii-hex; } // container starts-with } // container option-77 } // container based-on } // grouping dhcpv4-filter-option grouping peers-type { description "Commit peers-synchronize type"; leaf name { type string { junos:posix-pattern "^[[:alnum:]._-]+$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores"; length "1 .. 255"; } description "Remote peer hostname or ip-address"; } uses apply-advanced; leaf user { type string; description "User name"; } leaf authentication { type jt:unreadable; description "Authentication string"; } leaf routing-instance { type string { junos:posix-pattern "!^((__.*__)|(.*[ ].*)|(.{129,}))$"; junos:pattern-message "Must be a string of 128 characters or less with no spaces."; } description "Specific routing instance for connectivity to remote peer"; } } // grouping peers-type grouping pmond-traceoptions-type { description "Trace options for process health monitor"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of process health monitor to enable debugging output"; leaf name { type enumeration { enum "events" { value 0; description "Trace event conde"; } enum "heartbeat" { value 1; description "Trace heartbeat code"; } enum "process-tracking" { value 2; description "Trace process tracking code"; } enum "ui" { value 3; description "Trace user interface code"; } enum "all" { value 4; description "Trace all areas of code"; } } } } // list flag } // grouping pmond-traceoptions-type grouping profile_type { description "Set of attributes that define profile"; leaf name { type string { junos:posix-pattern "!^((all)|(Default-Profile)|(root-logical-system))$"; junos:pattern-message "Must be a non-reserved string."; length "1 .. 31"; } description "Profile name"; } uses apply-advanced; container appfw-rule-set { presence "enable appfw-rule-set"; description "Application firewall rule-set quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container appfw-rule-set container appfw-rule { presence "enable appfw-rule"; description "Application firewall rule quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container appfw-rule container appfw-profile { presence "enable appfw-profile"; description "Application firewall profile quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container appfw-profile container auth-entry { presence "enable auth-entry"; description "Firewall authentication quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container auth-entry container policy { presence "enable policy"; description "Security policy quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container policy container policy-with-count { presence "enable policy-with-count"; description "Security policy with count quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container policy-with-count container scheduler { presence "enable scheduler"; description "Security scheduler quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container scheduler container address-book { presence "enable address-book"; description "Security address book quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container address-book container zone { presence "enable zone"; description "Security zone quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container zone container flow-session { presence "enable flow-session"; description "Security flow session quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container flow-session container cpu { presence "enable cpu"; uses apply-advanced; leaf reserved { type decimal64 { fraction-digits 9; range "0 .. 100"; } units "percent"; default "0"; description "CPU utilization quota (percent) of a logical system or tenant"; } } // container cpu container flow-gate { presence "enable flow-gate"; description "Security flow gate quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container flow-gate container nat-source-pool { presence "enable nat-source-pool"; description "Security nat src pool quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-source-pool container nat-destination-pool { presence "enable nat-destination-pool"; description "Security nat dst pool quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-destination-pool container nat-pat-address { presence "enable nat-pat-address"; description "Security nat IP address in src pool with PAT quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-pat-address container nat-nopat-address { presence "enable nat-nopat-address"; description "Security nat IP address in src pool without PAT quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-nopat-address container nat-pat-portnum { presence "enable nat-pat-portnum"; description "Security nat port num in source pool with PAT quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-pat-portnum container nat-source-rule { presence "enable nat-source-rule"; description "Security nat src rule quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-source-rule container nat-destination-rule { presence "enable nat-destination-rule"; description "Security nat destination rule quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-destination-rule container nat-static-rule { presence "enable nat-static-rule"; description "Security nat static rule quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-static-rule container nat-rule-referenced-prefix { presence "enable nat-rule-referenced-prefix"; description "Security NAT rule referenced IP-prefix quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-rule-referenced-prefix container nat-cone-binding { presence "enable nat-cone-binding"; description "Security cone nat binding quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-cone-binding container nat-port-ol-ipnumber { presence "enable nat-port-ol-ipnumber"; description "Security nat port overloading ip number quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-port-ol-ipnumber container nat-interface-port-ol { presence "enable nat-interface-port-ol"; description "Security nat interface port overloading quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container nat-interface-port-ol container dslite-softwire-initiator { presence "enable dslite-softwire-initiator"; description "Security ds-lite softwire initiator number quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container dslite-softwire-initiator container security-log-stream-number { presence "enable security-log-stream-number"; description "Security log stream number quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container security-log-stream-number container icap-redirect-profile { presence "enable icap-redirect-profile"; description "ICAP redirect profile quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container icap-redirect-profile container advanced-anti-malware-policy { presence "enable advanced-anti-malware-policy"; description "Advanced-anti-malware policy qouta of a logical system"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container advanced-anti-malware-policy container security-metadata-streaming-policy { presence "enable security-metadata-streaming-policy"; description "Security-metadata-streaming policy qouta of a logical system"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container security-metadata-streaming-policy container secintel-policy { presence "enable secintel-policy"; description "Security-intelligence policy quota of a logical system"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container secintel-policy container user-auth-entry { presence "enable user-auth-entry"; description "Useridd auth entry quota of a logical system"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container user-auth-entry container secure-wire { presence "enable secure-wire"; description "Secure-wire quota of a logical system"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container secure-wire container vrf-group { presence "enable vrf-group"; description "Security vrf-group quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container vrf-group leaf idp-policy { junos:must "(("security idp idp-policy $$" && ((".. root-logical-system" && !("security idp active-policy")) || !(".. root-logical-system"))))"; junos:must-message "The IDP security policy must be defined at the [security idp idp-policy] hierarchy level. If the root-logical-system statement is defined in this profile, the active-policy statement at the [security idp] hierarchy level cannot be defined."; type string; description "Assign idp policy to logical systems in this profile"; } container vxlan { presence "enable vxlan"; description "Security vxlan quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum vxlan allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container vxlan container tunnel-inspection { presence "enable tunnel-inspection"; description "Security tunnel-inspection profile quota of a logical system or tenant"; uses apply-advanced; leaf maximum { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum tunnel-inspection allowed quota"; } leaf reserved { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Reserved quota"; } } // container tunnel-inspection leaf root-logical-system { junos:must "(unique "system security-profile <*> root-logical-system")"; junos:must-message "A logical-system can only be associated with 1 security profile"; type empty; description "Assign this security-profile to root logical system"; } leaf-list logical-system { type string { length "1 .. 63"; } ordered-by user; description "Assign the security-profile to logical-systems"; } leaf-list tenant { type string { length "1 .. 63"; } ordered-by user; description "Assign the security-profile to tenants"; } } // grouping profile_type grouping proxy-object { description "License download proxy server."; uses apply-advanced; leaf server { type string { length "1 .. 256"; } description "URL or IP address of the proxy server host"; } leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "0 .. 65535"; } } default "3128"; description "Proxy server port"; } leaf username { type string { junos:posix-pattern "^[[:alnum:]_]{1,}[.]{0,1}[[:alnum:]_-]{0,}[.]{0,1}[[:alnum:]_-]{0,}$"; junos:pattern-message "Must contain characters (alphanumerics, underscores or hyphens) beginning with an alphanumeric or an underscore character."; length "1 .. 256"; } description "Username as configured in the proxy server"; } leaf password { junos:must "(".. username")"; junos:must-message "User name should be set"; type jt:unreadable; description "Password as configured in the proxy server"; } } // grouping proxy-object grouping radius-server-object { leaf name { type jt:hostname; description "RADIUS server address"; } uses apply-advanced; leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } leaf port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1812"; description "RADIUS server authentication port number"; } leaf preauthentication-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } description "RADIUS server preauthentication port number"; } leaf accounting-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "1813"; description "RADIUS server accounting port number"; } leaf dynamic-request-port { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "1 .. 65535"; } } default "3799"; description "RADIUS client dynamic request port number"; } leaf secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf preauthentication-secret { type jt:unreadable; description "Shared secret with the RADIUS server"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000"; } } units "seconds"; default "3"; description "Request timeout period"; } leaf retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } default "3"; description "Retry attempts"; } leaf accounting-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 1000"; } } units "seconds"; default "0"; description "Accounting request timeout period"; } leaf accounting-retry { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 100"; } } default "0"; description "Accounting retry attempts"; } leaf max-outstanding-requests { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 2000"; } } default "1000"; description "Maximum requests in flight to server"; } leaf source-address { type jt:ipaddr; description "Use specified address as source address"; } } // grouping radius-server-object grouping reconfigure-trigger-type { description "DHCP reconfigure trigger"; uses apply-advanced; leaf radius-disconnect { type empty; description "Trigger DHCP reconfigure by radius initiated disconnect"; } } // grouping reconfigure-trigger-type grouping res-cleanupd-traceoptions-type { description "Trace options for resource cleanup process"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of resource cleanup process to enable debugging output"; leaf name { type enumeration { enum "events" { value 0; description "Trace event code"; } enum "gencfg" { value 1; description "Trace GENCFG blob cleanup code"; } enum "module" { value 2; description "Trace module code"; } enum "sysvsem" { value 3; description "Trace SYSV semaphore cleanup code"; } enum "sysvshm" { value 4; description "Trace SYSV shared memory cleanup code"; } enum "tracking" { value 5; description "Trace process tracking code"; } enum "ui" { value 6; description "Trace user interface code"; } enum "all" { value 7; description "Trace all areas of code"; } } } } // list flag } // grouping res-cleanupd-traceoptions-type grouping resource-monitor-type { description "Resource monitor configuration"; uses apply-advanced; list resource-category { key "name"; ordered-by user; description "Resource category"; leaf name { type enumeration { enum "jtree" { value 0; description "Category jtree"; } } } uses apply-advanced; list resource-type { key "name"; ordered-by user; description "Resource type"; leaf name { type enumeration { enum "free-pages" { value 0; description "Type free-pages"; } enum "free-dwords" { value 1; description "Type free-dwords"; } enum "contiguous-pages" { value 2; description " Type contiguous-pages"; } } } uses apply-advanced; leaf low-watermark { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } description "Low watermark limit percentage"; } leaf high-watermark { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } description "High watermark limit percentage"; } } // list resource-type } // list resource-category container traceoptions { description "Resource monitor trace options"; uses resource-monitor-traceoptions-type; } // container traceoptions leaf no-throttle { type empty; description "Disable throttling of subscribers and services based on resource utilization"; } leaf no-load-throttle { type empty; description "Disable throttling of subscribers and services based on PFE load"; } leaf no-logging { type empty; description "Disable logging of warning or error messages resource levels exceeded"; } leaf high-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 99"; } } units "percentage"; description "High threshold percentage for resource utilization"; } leaf high-cos-queue-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 90"; } } units "percentage"; description "High threshold percentage for cos queue utilization per scheduler"; } leaf free-heap-memory-watermark { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 99"; } } units "percentage"; description "Watermark percentage for ukern heap resource utilization"; } leaf free-nh-memory-watermark { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 99"; } } units "percentage"; description "Watermark percentage for NH resource utilization"; } leaf free-fw-memory-watermark { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 99"; } } units "percentage"; description "Watermark percentage for Filter / Firewall resource utilization"; } container subscribers-limit { description "Limit number of subscribers allowed to login"; uses apply-advanced; list client-type { key "name"; ordered-by user; description "Subscriber client type"; leaf name { type enumeration { enum "pppoe" { value 0; description "PPPoE client type"; } enum "dhcp" { value 1; description "DHCP client type"; } enum "l2tp" { value 2; description "L2TP client type"; } enum "any" { value 3; description "Any client type"; } } } uses apply-advanced; container chassis { description "Max subscriers allowed in chassis"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000000"; } } description "Number of subscribers allowed"; } } // container chassis list fpc { key "name"; description "Limiting subscriber on fpc"; uses rsmon_fpc_type; } // list fpc } // list client-type } // container subscribers-limit } // grouping resource-monitor-type grouping resource-monitor-traceoptions-type { description "Trace options for Resource monitor "; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Resource monitor operations to include in debugging trace"; leaf name { type enumeration { enum "all" { value 0; description "All operations"; } } } } // list flag } // grouping resource-monitor-traceoptions-type grouping resources-type { uses apply-advanced; container cpu { uses apply-advanced; leaf priority { type union { type int32; type string { pattern "<.*>|$.*"; } } description "Highest priority (nice level) process can run at"; } leaf time { type union { type uint64; type string { pattern "<.*>|$.*"; } } description "Maximum amount of CPU time that can be accumulated"; } } // container cpu container memory { uses apply-advanced; leaf data-size { type string; units "mbytes"; description "Maximum size of the data segment"; } leaf locked-in { type string; units "mbytes"; description "Maximum bytes that can be locked into memory"; } leaf resident-set-size { type string; units "mbytes"; description "Maximum amount of private physical memory at any given moment"; } leaf socket-buffers { type string; units "mbytes"; description "Maximum amount of physical memory that may be dedicated to socket buffers"; } leaf stack-size { type string; units "mbytes"; description "Maximum size of the stack segment"; } } // container memory container file { uses apply-advanced; leaf size { type string; units "mbytes"; description "Maximum size of a file that can be created"; } leaf open { type union { type uint64; type string { pattern "<.*>|$.*"; } } description "Maximum number of simultaneous open files"; } leaf core-size { type string; units "mbytes"; description "Maximum size of a core file that can be created"; } } // container file } // grouping resources-type grouping rsmon_fpc_type { leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 512"; } } description "FPC slot number"; } uses apply-advanced; list pic { key "name"; description "Limiting subscriber on fpc"; uses rsmon_pic_type; } // list pic leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 256000"; } } description "Number of subscribers allowed"; } } // grouping rsmon_fpc_type grouping rsmon_pic_type { leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 5"; } } description "PIC slot number"; } uses apply-advanced; list port { key "name"; description "Limiting subscriber on port"; uses rsmon_port_type; } // list port leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 256000"; } } description "Number of subscribers allowed"; } } // grouping rsmon_pic_type grouping rsmon_port_type { leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 23"; } } description "Port number"; } uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 256000"; } } description "Number of subscribers allowed"; } } // grouping rsmon_port_type grouping sbc_traceoptions { uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file container flag { presence "enable flag"; description "Tracing parameters"; uses apply-advanced; leaf configuration { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Trace configuration events"; } leaf ipc { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Trace IPC events"; } leaf device-monitor { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Trace device monitor events"; } leaf ui { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Trace ui events"; } leaf common { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Trace common events"; } leaf memory-pool { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Trace memory-pool events"; } leaf packet-capture { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Trace packet capture events"; } leaf all { type enumeration { enum "trace" { value 0; description "Trace functions entering and exiting"; } enum "debug" { value 1; description "Trace code flow, branching, positive style guide check"; } enum "info" { value 2; description "Summary logs for normal operations"; } enum "warning" { value 3; description "Failure-recovery or Failure of an external entity"; } enum "error" { value 4; description "Failure with short-term affect"; } } default "error"; description "Minimal trace level for all components"; } } // container flag } // grouping sbc_traceoptions grouping script_traceoptions { uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice } // container file list flag { key "name"; description "Tracing parameters"; leaf name { type enumeration { enum "all" { value 0; description "Trace all operations"; } enum "events" { value 1; description "Trace important events"; } enum "input" { value 2; description "Trace script input data"; } enum "offline" { value 3; description "Generate data for offline development"; } enum "output" { value 4; description "Trace script output data"; } enum "rpc" { value 5; description "Trace script RPCs"; } enum "xslt" { value 6; description "Trace the XSLT library"; } } } } // list flag } // grouping script_traceoptions grouping scripts_type { uses apply-advanced; container commit { description "Commit-time scripting mechanism"; uses apply-advanced; leaf allow-transients { type empty; description "Allow loading of transient configuration changes"; } container traceoptions { description "Trace options for commit scripts"; uses script_traceoptions; } // container traceoptions leaf refresh { type empty; description "Refresh all operation scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all operation scripts from a given base URL"; } leaf max-datasize { type string; units "bytes"; description "Maximum data segment size for scripts execution"; } leaf direct-access { type empty; description "Access the configuration directly from database"; } container dampen { presence "enable dampen"; description "Dampen execution of commit scripts"; uses apply-advanced; container dampen-options { description "Dampen options for commit scripts"; uses apply-advanced; leaf cpu-factor { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } description "CPU factor at which to pause"; } leaf line-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Line interval at which to pause"; } leaf time-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } units "microseconds"; description "Time to pause"; } } // container dampen-options } // container dampen list file { key "name"; ordered-by user; description "Commit script file"; uses commit_scripts_file_type; } // list file } // container commit container op { description "Operations scripting"; uses apply-advanced; leaf refresh { type empty; description "Refresh all operation scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all operation scripts from a given base URL"; } container traceoptions { description "Trace options for operation scripts"; uses script_traceoptions; } // container traceoptions list file { key "name"; description "Configuration for each operation script"; uses op_scripts_file_type; } // list file leaf no-allow-url { type empty; description "Do not allow the remote execution of op scripts"; } leaf allow-url-for-python { type empty; description "Allow the remote execution of Python op scripts"; } leaf max-datasize { type string; units "bytes"; description "Maximum data segment size for scripts execution"; } container dampen { presence "enable dampen"; description "Dampen execution of op scripts"; uses apply-advanced; container dampen-options { description "Dampen options for op scripts"; uses apply-advanced; leaf cpu-factor { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } description "CPU factor at which to pause"; } leaf line-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Line interval at which to pause"; } leaf time-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } units "microseconds"; description "Time to pause"; } } // container dampen-options } // container dampen } // container op container translation { description "Translation scripts"; uses apply-advanced; leaf max-datasize { type string; units "bytes"; description "Maximum data segment size for translation scripts execution"; } } // container translation leaf load-scripts-from-flash { type empty; description "Load scripts from flash"; } leaf language { type enumeration { enum "python" { value 0; description "Allow Python 2.x scripts on-box (Python2.x support will be deprecated in 21.1)"; } enum "python3" { value 1; description "Allow Python 3.x scripts on-box"; } } description "Allow/Disallow Python scripts on-box"; } leaf synchronize { type empty; description "Push all scripts to other RE on commit synchronize"; } container snmp { description "Snmp scripts"; uses apply-advanced; leaf refresh { type empty; description "Refresh all snmp scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all snmp scripts from a given base URL"; } list file { key "name"; description "Configuration for each snmp script"; uses snmp_scripts_file_type; } // list file container traceoptions { description "Trace options for snmp scripts"; uses script_traceoptions; } // container traceoptions leaf max-datasize { type string; units "bytes"; description "Maximum data segment size for scripts execution"; } } // container snmp } // grouping scripts_type grouping commit_scripts_file_type { leaf name { type string { junos:posix-pattern "!/"; junos:pattern-message "File name cannot contain a '/'"; length "1 .. 254"; } description "Local filename of the script file"; } uses apply-advanced; leaf optional { type empty; description "Allow commit to succeed if the script is missing"; } leaf source { type string { length "1 .. 254"; } description "URL of source for this script"; } leaf cert-file { junos:must "(".. source")"; junos:must-message "source must be defined"; type string; description "Specify the certificate file name"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } leaf refresh { type empty; description "Refresh all operation scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all operation scripts from a given base URL"; } container checksum { description "Checksum of this script"; uses apply-advanced; leaf sha-256 { type string { length "1 .. 254"; } description "SHA-256 checksum of this script"; } } // container checksum } // grouping commit_scripts_file_type grouping op_scripts_file_type { leaf name { type string { junos:posix-pattern "!/"; junos:pattern-message "file name cannot contain a '/'"; length "1 .. 254"; } description "Local filename of the script file"; } uses apply-advanced; leaf command { type string { junos:posix-pattern "!/"; junos:pattern-message "command name cannot contain a '/'"; length "1 .. 254"; } description "Command alias for the script file"; } container dampen { presence "enable dampen"; description "Dampen execution of the script"; uses apply-advanced; container dampen-options { description "Dampen options for the script"; uses apply-advanced; leaf cpu-factor { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } description "CPU factor at which to pause"; } leaf line-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Line interval at which to pause"; } leaf time-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } units "microseconds"; description "Time to pause"; } } // container dampen-options } // container dampen leaf description { type string { length "1 .. 254"; } description "Description of the script"; } leaf source { type string { length "1 .. 254"; } description "URL of source for this script"; } leaf cert-file { junos:must "(".. source")"; junos:must-message "source must be defined"; type string; description "Specify the certificate file name"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } leaf allow-commands { type jt:regular-expression; description "Regular expression for commands to allow explicitly"; } leaf refresh { type empty; description "Refresh all operation scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all operation scripts from a given base URL"; } list arguments { key "name"; description "Command line argument to the script"; leaf name { type string { length "1 .. 254"; } description "Name of the argument"; } uses apply-advanced; leaf description { type string { length "1 .. 254"; } description "Description of the argument"; } } // list arguments container checksum { description "Checksum of this script"; uses apply-advanced; leaf sha-256 { type string { length "1 .. 254"; } description "SHA-256 checksum of this script"; } } // container checksum } // grouping op_scripts_file_type grouping sdk-mgmtd-traceoptions-type { description "Trace options for App-engine management daemon"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of daemon to enable debugging output"; leaf name { type enumeration { enum "service-infrastructure" { value 0; description "Trace service infrastructure code"; } enum "routing-instance" { value 1; description "Trace routing instance functionality code"; } enum "config-handling" { value 2; description "Trace configuration command handling functionality code"; } enum "command-handling" { value 3; description "Trace operational command handling functionality code"; } enum "cli-show-commands" { value 4; description "Trace show commands for JDAF message statistics"; } enum "all" { value 5; description "Trace all areas of App-engine management"; } } } } // list flag } // grouping sdk-mgmtd-traceoptions-type grouping sdk-vmmd-traceoptions-type { description "App-engine virtual machine management service trace options"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "init" { value 0; description "Trace initialization events"; } enum "configuration" { value 1; description "Trace configuration events"; } enum "ccif" { value 2; description "Trace compute node interface events"; } enum "pxe" { value 3; description "Trace PXE related events"; } enum "platform" { value 4; description "Trace platform related events"; } enum "heartbeat" { value 5; description "Trace compute node heart beat related events"; } enum "routing-instances" { value 6; description "Trace routing instances related events"; } enum "snmp" { value 7; description "Trace SNMP events"; } enum "miscellaneous" { value 8; description "Trace miscellaneous events"; } enum "all" { value 9; description "Trace everything"; } } } } // list flag } // grouping sdk-vmmd-traceoptions-type grouping server-active-leasequery-type { description "Allow active leasequery"; uses apply-advanced; leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "120"; description "Read/write timeout in seconds"; } leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "60"; description "Idle-timeout in seconds"; } } // grouping server-active-leasequery-type grouping server-bulk-leasequery-type { description "Allow bulk leasequery"; uses apply-advanced; leaf max-connections { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "3"; description "Max TCP connections allowed at a time"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000"; } } units "seconds"; default "120"; description "Timeout for blocked connection"; } leaf max-empty-replies { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 100"; } } units "seconds"; default "5"; description "Maximum number of empty replies for a connection"; } leaf restricted-requestor { type empty; description "Allow bulk leasequery only from restricted requestors"; } } // grouping server-bulk-leasequery-type grouping server-leasequery-type { description "Allow leasequery"; uses apply-advanced; leaf restricted-requestor { type empty; description "Allow leasequery only from restricted requestors"; } } // grouping server-leasequery-type grouping server-v6-option-ascii-hex { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; } // list hexadecimal } // grouping server-v6-option-ascii-hex grouping smid-type { description "Subscriber management configuration"; uses apply-advanced; container traceoptions { description "Subscriber management trace options"; uses smid-traceoptions-type; } // container traceoptions container maintain-subscriber { description "Options to maintain subscriber"; uses smid-maintain-subscriber-type; } // container maintain-subscriber leaf gres-route-flush-delay { type empty; description "Delay flushing routes after RE switchover"; } container enforce-strict-scale-limit-license { presence "enable enforce-strict-scale-limit-license"; description "Options to enforce strict scale limit license"; } // container enforce-strict-scale-limit-license container overrides { description "Subscriber management configuration"; uses apply-advanced; leaf no-unsolicited-ra { type empty; description "Disable all unsolicited router advertisement packets"; } container interfaces { presence "enable interfaces"; uses apply-advanced; container family { presence "enable family"; uses apply-advanced; container inet6 { presence "enable inet6"; uses apply-advanced; leaf layer2-liveness-detection { type empty; description "Enabled ipv6-nud liveness detection"; } } // container inet6 container inet { presence "enable inet"; uses apply-advanced; leaf layer2-liveness-detection { type empty; description "Enabled arp-ping liveness detection"; } leaf receive-gratuitous-arp { type empty; description "Enable receieve gratuitous arp packet processing"; } leaf ipoe-dynamic-arp-enable { type empty; description "Enable IPOE dynamic ARP"; } } // container inet } // container family } // container interfaces container shmlog { description "Subscriber management shmlog configuration"; uses apply-advanced; leaf disable { type empty; description "Disable shmlogs"; } container filtering { description "Subscriber management shmlog filtering"; uses apply-advanced; leaf enable { type empty; description "Enable shmlog filtering"; } } // container filtering container file { presence "enable file"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of files"; } } // container file list log-name { key "name"; ordered-by user; description "The log name(s) to override"; leaf name { type string; } uses apply-advanced; choice verbosity { leaf none { type empty; description "Shmlog verbosity null"; } leaf terse { type empty; description "Shmlog verbosity terse"; } leaf brief { type empty; description "Shmlog verbosity brief"; } leaf detail { type empty; description "Shmlog verbosity detail"; } leaf extensive { type empty; description "Shmlog verbosity extensive"; } } // choice verbosity choice file-enable { leaf file-logging { type empty; description "Enable file write for the log(s)"; } leaf no-file-logging { type empty; description "Disable file write for the log(s)"; } } // choice file-enable } // list log-name list log-type { key "name"; ordered-by user; description "The log type to override"; leaf name { type enumeration { enum "debug" { value 0; description "The severity debug"; } enum "info" { value 1; description "The severity info"; } enum "notice" { value 2; description "The severity notice and more severe"; } } } uses apply-advanced; choice verbosity { leaf none { type empty; description "Shmlog verbosity null"; } leaf terse { type empty; description "Shmlog verbosity terse"; } leaf brief { type empty; description "Shmlog verbosity brief"; } leaf detail { type empty; description "Shmlog verbosity detail"; } leaf extensive { type empty; description "Shmlog verbosity extensive"; } } // choice verbosity choice file-enable { leaf file-logging { type empty; description "Enable file write for the log(s)"; } leaf no-file-logging { type empty; description "Disable file write for the log(s)"; } } // choice file-enable } // list log-type } // container shmlog } // container overrides container enable { junos:must "("chassis network-services enhanced-ip")"; junos:must-message "system services subscriber-management enable is allowed only when enhanced-ip is configured"; presence "enable enable"; description "Enable subscriber management features"; uses apply-advanced; } // container enable container mode { junos:must "("system services subscriber-management enable")"; junos:must-message "system services subscriber-management mode is allowed only when enhanced subscriber management is enabled"; description "Configure the operational role of this system (control-plane or user-plane)"; uses apply-advanced; choice modetype { container control-plane { presence "enable control-plane"; description "Control-plane mode (DBNG)"; uses apply-advanced; leaf control-plane-name { type string { length "1 .. 12"; } description "Control-plane name"; } container transport { description "Control plane transport address information"; uses apply-advanced; leaf inet { type jt:ipv4addr; description "The IPv4 address on which to listen for UP association"; } leaf inet6 { type jt:ipv6addr; description "The IPv6 address on which to listen for UP associations"; } leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "8805"; description "The port on which to listen for UP associations"; } } // container transport list user-plane { key "name"; max-elements 16; ordered-by user; description "User-plane definition"; leaf name { type string { length "1 .. 12"; } description "User-plane name"; } uses apply-advanced; choice familytype { leaf inet { junos:must "("system services subscriber-management mode control-plane transport inet")"; junos:must-message "IPv4 enabled UPs can be configured only if CP is configured with an IPv4 address"; type jt:ipv4addr; description "The IPv4 address"; } leaf inet6 { junos:must "("system services subscriber-management mode control-plane transport inet6")"; junos:must-message "IPv6 enabled UPs can be configured only if CP is configured with an IPv6 address"; type jt:ipv6addr; description "The IPv6 address"; } } // choice familytype } // list user-plane container pfcp { uses apply-advanced; leaf retransmission-timer { type union { type string { pattern "<.*>|$.*"; } type int32 { range "3 .. 90"; } } units "seconds"; default "3"; description "The retransmission interval after no response from peer"; } leaf retries { type union { type string { pattern "<.*>|$.*"; } type int32 { range "3 .. 10"; } } default "3"; description "The number of retransmission attempts"; } leaf heartbeat-interval { type union { type string { pattern "<.*>|$.*"; } type int32 { range "0 .. 600"; } } units "seconds"; default "60"; description "The time interval between successive heartbeat requests"; } } // container pfcp container external-resources { presence "enable external-resources"; description "External resources"; uses apply-advanced; list database-server { key "name"; ordered-by user; description "Database server configuration"; leaf name { type string { length "1 .. 64"; } description "Database server name"; } uses apply-advanced; choice familytype { leaf inet { type jt:ipv4addr; description "The IPv4 address"; } } // choice familytype leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "The port number"; } } // list database-server } // container external-resources } // container control-plane container user-plane { presence "enable user-plane"; description "User-plane mode (DBNG)"; uses apply-advanced; leaf user-plane-name { type string { length "1 .. 12"; } description "User-plane name"; } container transport { presence "enable transport"; uses apply-advanced; choice familytype { leaf inet { type jt:ipv4addr; description "Use IPv4 addressing"; } leaf inet6 { type jt:ipv6addr; description "Use IPv6 addressing"; } } // choice familytype } // container transport container pfcp { uses apply-advanced; leaf retransmission-timer { type union { type string { pattern "<.*>|$.*"; } type int32 { range "3 .. 90"; } } units "seconds"; default "3"; description "The time interval between message re-transmissions"; } leaf retries { type union { type string { pattern "<.*>|$.*"; } type int32 { range "3 .. 10"; } } default "3"; description "The number of retransmission attempts"; } leaf heartbeat-interval { type union { type string { pattern "<.*>|$.*"; } type int32 { range "0 .. 600"; } } units "seconds"; default "60"; description "The time interval between successive heartbeat requests"; } } // container pfcp container control-plane { presence "enable control-plane"; uses apply-advanced; leaf control-plane-name { type string { length "1 .. 12"; } description "Control-plane name"; } container transport { presence "enable transport"; uses apply-advanced; choice familyType { leaf inet { type jt:ipv4addr; description "The IPv4 address"; } leaf inet6 { junos:must "("system services subscriber-management mode user-plane transport inet6")"; junos:must-message "Cannot configure an IPv6 control plane without IPv6 user-plane"; type jt:ipv6addr; description "The IPv6 address"; } } // choice familyType leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } default "8805"; description "The port number"; } } // container transport } // container control-plane container selection-function { description "User-plane selection function"; uses apply-advanced; list cluster { key "name"; ordered-by user; description "Cluster for user-plane"; leaf name { type string; description "Cluster name"; } uses apply-advanced; } // list cluster list service-group { key "name"; ordered-by user; description "Service-group supported by user-plane"; leaf name { type string; description "Service-group name"; } uses apply-advanced; } // list service-group } // container selection-function container capabilities { description "Local capabilities control"; uses apply-advanced; container function-features { description "Features to exclude from capabilities"; uses apply-advanced; leaf exclude-lac { type empty; description "Exclude L2TP access concentrator feature"; } leaf exclude-lns { type empty; description "Exclude L2TP network server feature"; } leaf exclude-lcp-keepalive-offload { type empty; description "Exclude PPP LCP echo feature"; } } // container function-features } // container capabilities } // container user-plane } // choice modetype } // container mode container redundancy { description "Interface level redundancy configuration"; uses apply-advanced; list interface { key "name"; description "One or more interfaces"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interfaces participating in redundancy"; } uses apply-advanced; leaf virtual-inet-address { type jt:ipaddr; description "Virtual ipv4 Address for this interface (Used with GE / XE Interfaces for VRRP protocol)"; } leaf virtual-inet6-address { type jt:ipaddr; description "Virtual ipv6 Address for this interface (Used with GE / XE Interfaces for VRRP protocol)"; } leaf local-inet-address { type jt:ipaddr; description "Local ipv4 Address for this interface (Used with PS Interfaces for Pseudo-Wire protocol)"; } leaf local-inet6-address { type jt:ipaddr; description "Local ipv6 Address for this interface (Used with PS Interfaces for Pseudo-Wire protocol)"; } leaf shared-key { type string { length "1 .. 64"; } description "Shared Key for topology discovery match (Used with PS Interfaces for Pseudo-Wire protocol)"; } } // list interface container protocol { description "Underlying redundancy protocol"; uses apply-advanced; leaf vrrp { type empty; description "Use vrrp as redundancy protocol"; } leaf pseudo-wire { type empty; description "Use Pseudo Wire as redundancy protocol"; } } // container protocol leaf re-authenticate-on-failover { junos:must "(".. interface")"; junos:must-message "Interfaces participating in redundancy must be configured"; type empty; description "Re-authenticate the subscribers on interface fail over"; } leaf no-advertise-routes-on-backup { junos:must "(".. interface")"; junos:must-message "Interfaces participating in redundancy must be configured"; type empty; description "Do not advertise subscriber routes on redundancy backup"; } } // container redundancy list interfaces { key "name"; ordered-by user; description "Interface configuration"; leaf name { type string; description "Interface name"; } uses apply-advanced; list unit { key "name"; description "Logical interface"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 1073741823"; } } } uses apply-advanced; } // list unit } // list interfaces leaf location { type string { length "1 .. 32"; } description "Location name for APM partition of aggregated BNG"; } } // grouping smid-type grouping smid-maintain-subscriber-type { description "Maintain subscriber options for subscriber management"; uses apply-advanced; leaf interface-delete { type empty; description "Maintain subscriber on interface delete events"; } } // grouping smid-maintain-subscriber-type grouping smid-traceoptions-type { description "Trace options for Subscriber management"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Subscriber management replication operations to include in debugging trace"; leaf name { type enumeration { enum "database" { value 0; description "Database operations"; } enum "ui" { value 1; description "User Interface operations"; } enum "general" { value 2; description "Miscellaneous operations"; } enum "session-db" { value 3; description "Session database operations"; } enum "server" { value 4; description "Server operations"; } enum "issu" { value 5; description "ISSU operations"; } enum "all" { value 6; description "All operations"; } } } } // list flag } // grouping smid-traceoptions-type grouping smihelperd-type { description "Subscriber management helper configuration"; uses apply-advanced; container traceoptions { description "Subscriber management helper trace options"; uses smihelperd-traceoptions-type; } // container traceoptions } // grouping smihelperd-type grouping smihelperd-traceoptions-type { description "Trace options for Subscriber management helper"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Subscriber management replication operations to include in debugging trace"; leaf name { type enumeration { enum "sdb" { value 0; description "SDB operations"; } enum "general" { value 1; description "Miscellaneous operations"; } enum "ui" { value 2; description "User Interface operations"; } enum "snmp" { value 3; description "SNMP operations"; } enum "all" { value 4; description "All operations"; } } } } // list flag } // grouping smihelperd-traceoptions-type grouping snmp_scripts_file_type { leaf name { type string { junos:posix-pattern "!/"; junos:pattern-message "file name cannot contain a '/'"; length "1 .. 254"; } description "Local filename of the script file"; } uses apply-advanced; list oid { key "name"; ordered-by user; description "Oid implemented by this script"; leaf name { type string; description "Oid"; } uses apply-advanced; leaf priority { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } default "128"; description "Registration priority"; } } // list oid leaf source { type string { length "1 .. 254"; } description "URL of source for this script"; } leaf cert-file { junos:must "(".. source")"; junos:must-message "source must be defined"; type string; description "Specify the certificate file name"; } leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } leaf python-script-user { junos:must "("system login user $$")"; junos:must-message "User is not defined"; type string; description "Run the python snmp script with privileges of user"; } leaf refresh { type empty; description "Refresh all snmp scripts from their source"; } leaf refresh-from { type string { length "1 .. 254"; } description "Refresh all snmp scripts from a given base URL"; } container checksum { description "Checksum of this script"; uses apply-advanced; leaf sha-256 { type string { length "1 .. 254"; } description "SHA-256 checksum of this script"; } } // container checksum } // grouping snmp_scripts_file_type grouping ssd-traceoptions-type { description "Trace options for SSD"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Area of sdk-service daemon to enable debugging output"; leaf name { type enumeration { enum "infrastructure" { value 0; description "Trace ssd infrastructure code"; } enum "server" { value 1; description "Trace ssd server functionality code"; } enum "routing-instance" { value 2; description "Trace ssd routing instance functionality code"; } enum "client-management" { value 3; description "Trace ssd client management code"; } enum "interfaces-management" { value 4; description "Trace ssd/jdaf interfaces management code"; } enum "route-management" { value 5; description "Trace ssd/jdaf route management code"; } enum "nexthop-management" { value 6; description "Trace ssd nexthop route management code"; } enum "firewall-management" { value 7; description "Trace JDAF-based firewall service"; } enum "nexthop-group-management" { value 8; description "Trace ssd nexthop group management code"; } enum "cli" { value 9; description "Trace ssd cli interaction code"; } enum "cfg" { value 10; description "Trace ssd cli interaction code"; } enum "all" { value 11; description "Trace all areas of ssd code"; } } } } // list flag } // grouping ssd-traceoptions-type grouping syslog-object { leaf name { type enumeration { enum "any" { value 0; description "All facilities"; } enum "authorization" { value 1; description "Authorization system"; } enum "daemon" { value 2; description "Various system processes"; } enum "ftp" { value 3; description "FTP process"; } enum "ntp" { value 4; description "NTP process"; } enum "security" { value 5; description "Security related"; } enum "kernel" { value 6; description "Kernel"; } enum "user" { value 7; description "User processes"; } enum "dfc" { value 8; description "Dynamic flow capture"; } enum "external" { value 9; description "Local external applications"; } enum "firewall" { value 10; description "Firewall filtering system"; } enum "pfe" { value 11; description "Packet Forwarding Engine"; } enum "conflict-log" { value 12; description "Configuration conflict log"; } enum "change-log" { value 13; description "Configuration change log"; } enum "interactive-commands" { value 14; description "Commands executed by the UI"; } } description "Facility type"; } choice level { leaf any { type empty; description "All levels"; } leaf emergency { type empty; description "Panic conditions"; } leaf alert { type empty; description "Conditions that should be corrected immediately"; } leaf critical { type empty; description "Critical conditions"; } leaf error { type empty; description "Error conditions"; } leaf warning { type empty; description "Warning messages"; } leaf notice { type empty; description "Conditions that should be handled specially"; } leaf info { type empty; description "Informational messages"; } leaf none { type empty; description "No messages"; } } // choice level } // grouping syslog-object grouping tacplus-server-object { leaf name { type jt:hostname; description "TACACS+ authentication server address"; } uses apply-advanced; leaf routing-instance { junos:must "("routing-instances $$")"; junos:must-message "Referenced routing instance must be defined under [edit routing-instances] hierarchy level"; type string { junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$"; junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces."; } description "Routing instance"; } leaf port { type union { type uint16; type string { pattern "<.*>|$.*"; } } description "TACACS+ authentication server port number"; } leaf secret { type jt:unreadable; description "Shared secret with the authentication server"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 90"; } } units "seconds"; default "3"; description "Request timeout period"; } leaf single-connection { type empty; description "Optimize TCP connection attempts"; } leaf source-address { type jt:hostname; description "Use specified address as source address"; } } // grouping tacplus-server-object grouping tty_port_object { description "RS-232 configuration"; uses apply-advanced; leaf-list authentication-order { type enumeration { enum "radius" { value 0; description "Remote Authentication Dial-In User Service"; } enum "tacplus" { value 1; description "TACACS+ authentication services"; } enum "password" { value 2; description "Traditional password authentication"; } } ordered-by user; } leaf log-out-on-disconnect { type empty; description "Log out the console session when cable is unplugged"; } leaf disable { type empty; description "Disable console"; } leaf insecure { type empty; description "Disallow superuser access"; } leaf speed { type enumeration { enum "1200" { value 0; status deprecated; description "Standard terminal at 1200 baud"; } enum "2400" { value 1; status deprecated; description "Standard terminal at 2400 baud"; } enum "4800" { value 2; status deprecated; description "Standard terminal at 4800 baud"; } enum "9600" { value 3; status deprecated; description "Standard terminal at 9600 baud"; } enum "19200" { value 4; status deprecated; description "Standard terminal at 19200 baud"; } enum "38400" { value 5; status deprecated; description "Standard terminal at 38400 baud"; } enum "57600" { value 6; status deprecated; description "Standard terminal at 57600 baud"; } enum "115200" { value 7; status deprecated; description "Standard terminal at 115200 baud"; } } units "baud"; status deprecated; description "Speed of the port"; } leaf type { type enumeration { enum "ansi" { value 0; description "ANSI-compatible terminal"; } enum "vt100" { value 1; description "VT100-compatible terminal"; } enum "small-xterm" { value 2; description "Small (24-line) xterm window"; } enum "xterm" { value 3; description "Large (65-line) xterm window"; } } description "Terminal type"; } leaf silent-with-modem { type empty; description "Make the console silent if modem is connected and no call is present on the modem"; } } // grouping tty_port_object } // module junos-es-conf-system
© 2023 YumaWorks, Inc. All rights reserved.