[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring DTCP Support for Subscriber Secure Policy Mirroring

This topic describes the steps to enable DTCP support for subscriber secure policy mirroring. The DTCP-initiated subscriber secure policy feature requires that you configure the DTCP-over-SSH feature for the radius-flow-tap service.

To enable the DTCP-over-SSH flow-tap service to support subscriber secure policy mirroring:

  1. Create the login class and configure flow-tap-operation permissions for the class.
    1. At the [edit system] hierarchy, specify that you want to configure login properties.
      [edit system]user@host# edit login
    2. Create and name the class.
      [edit system login]user@host# edit class class-name
    3. Configure the flow-tap-operation permission for the class.
      [edit system login class class-name]user@host# set permissions flow-tap-operation
  2. Create the user login account for the subscriber whose traffic will be mirrored.
    1. At the [edit system login] hierarchy, create the user account.
      [edit system login]user@host# edit user username
    2. Configure the user ID.
      [edit system login user username]user@host# set uid uid-value
    3. Configure the class for the user account.
      [edit system login user username]user@host# set class class-name
    4. Configure the authentication for the user account.
      [edit system login user username]user@host# set authentication encrypted-password password
  3. Configure DTCP sessions to run over SSH in support of the flow-tap service.
    1. At the [edit system services] hierarchy, configure the flow-tap-dtcp service.
      [edit system services]user@host# edit flow-tap-dtcp
    2. Configure SSH support for DTCP.
      [edit system services flow-tap-dtcp]user@host# set ssh
    3. (Optional) Configure maximum number of established connections allowed for the DTCP service.
      [edit system services flow-tap-service ssh]user@host# set connection-limit limit
    4. (Optional) Configure the maximum number of connection attempts allowed per minute for DTCP.
      [edit system services flow-tap-service ssh]user@host# set rate-limit limit

Published: 2010-04-15

[an error occurred while processing this directive]