[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring RADIUS-Flow-Tap Service Support for Subscriber Secure Policy Mirroring

Subscriber secure policy runs on the radius-flow-tap service. This topic describes the steps to configure radius-flow-tap support for RADIUS-initiated and DTCP-initiated subscriber secure policy mirroring.

To configure the radius-flow-tap service to support subscriber secure policy mirroring:

  1. Allocate a pool of tunnel interfaces for the radius-flow-tap service to use for subscriber secure policy mirroring. The intercept access point uses these interfaces to send mirrored traffic to the mediation device. The intercept access point equally distributes the mirrored traffic across the available tunnel interfaces.

    You can configure a maximum of 2048 mirrored subscriber sessions per chassis.

    [edit chassis]user@host# set fpc slot–number pic number tunnel-services bandwidth bandwidth
  2. Configure the tunnel interfaces.
    [edit interfaces]user@host# set interface-name
  3. Assign the tunnel interfaces that the radius-flow-tap service uses for subscriber secure policy mirroring.
    [edit services]user@host# set radius-flow-tap interfaces interface-name

    Note: If a currently used tunnel interface is deleted from the pool of interfaces, the subscriber secure policy service redistributes the active mirroring sessions from the deleted interface to other tunnel interfaces in the pool. Also, when a new tunnel interface is added into the pool, the service adds the new interface to the list of available interfaces—the new interface is used for new mirroring sessions or for existing sessions transferred from a failed interface.

  4. Specify the source IP address that the radius-flow-tap service uses for mirroring. This address is used in the IP header prepended to mirrored packets that are sent to the content destination device.
    [edit services]user@host# set radius-flow-tap source-ipv4-address ipv4-address
  5. (Optional) Specify the forwarding class that is applied to the mirrored packets sent to the mediation device.

    If you do not specify a forwarding class, the mirrored packets inherit the forwarding class from the original packet (which is the forwarding class set by default classification that CoS applies to the packet on the ingress interface).

    [edit services]user@host# set radius-flow-tap forwarding-class class-name

Published: 2010-04-15

[an error occurred while processing this directive]