Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Flow-Tap Security Properties on MX Series Routers

You can add an extra level of security to DTCP transactions between the mediation device and the router by enabling DTCP sessions on top of the SSH layer. To configure, include the flow-tap-dtcp statement at the [edit system services] hierarchy level:

To configure client permissions for viewing and modifying flow-tap configurations and for receiving tapped traffic, include the permissions statement at the [edit system login class class-name] hierarchy level:

The permissions needed to use flow-tap features are as follows:

  • flow-tap—Can view flow-tap configuration.

  • flow-tap-control—Can modify flow-tap configuration.

  • flow-tap-operation—Can tap flows.

You can also specify user permissions on a RADIUS server, for example: