 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
You can add an extra level of security to DTCP transactions between the mediation device and the router by enabling DTCP sessions on top of the SSH layer. To configure SSH settings, include the flow-tap-dtcp statement at the [edit system services] hierarchy level:
- flow-tap-dtcp {
-
- ssh {
- connection-limit value;
- rate-limit value;
- }
- }
To configure client permissions for viewing and modifying flow-tap configurations and for receiving tapped traffic, include the permissions statement at the [edit system login class class-name] hierarchy level:
- permissions [ permissions ];
The permissions needed to use flow-tap features are as follows:
You can also specify user permissions on a RADIUS server, for example:
- Bob Auth-Type := Local, User-Password = = “abc123”
- Juniper-User-Permissions = “flow-tap-operation”
For details on [edit system] and RADIUS configuration, see the JUNOS System Basics Configuration Guide.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |