Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


tcp-forwarding (Remote Device Management)


Hierarchy Level


Configure the mapping between the TCP listening address/listening port combination on the BNG and the TCP port forwarding address/port combination where the BNG forwards the incoming data stream. TCP port forwarding is used when the BNG, together with one or more access nodes, is treated as a single addressable point of management by an external management system. The TCP port forwarding connections enable the BNG to demultiplex and multiplex management requests exchanged between the access nodes and the management system.


allowed-source ipv4-prefix

(Optional) Restrict the IPv4 prefixes from which TCP connections are accepted on the listening port. The allowed-source value is compared to the source address in the TCP header from the triggering entity. When you do not configure an allowed source, TCP connections are accepted from any source prefix.

You can use a /32 IPv4 mask to specify a single address as the source or you can use other masks to specify an IPv4 subnet as the source. You can configure an unlimited number of prefixes for each listening port. To configure multiple sources, you must include the statement multiple times, once for each additional source prefix.


You can also configure an unlimited number of allowed-source prefixes across the system.

forwarding-address ipv4-forwarding-address

Specify the IPv4 address to which MX BNG must open the second connection of the TCP pair after it opens the first connection triggered on the listening port/listening address combination. All packets received on one connection of the TCP pair are transmitted on the peer (second) connection. This address is used with the forwarding port to open the peer connection.

forwarding-port forwarding-port-number

Specify the TCP port of the peer (second) connection of the TCP pair. This port is used with the forwarding address to open the peer connection.

  • Range: 1 through 65,535

listening-address ipv4-listening-address

Specify a particular IPv4 address on the BNG that a triggering entity (an external management or provisioning system or a remote device) must use when attempting to trigger connections on the listening port. You must configure a unique combination of listening port and listening address for each TCP mapping.

listening-port port-number

Specify the TCP port that the BNG monitors for connections to be triggered by a remote device or an external management or provisioning system.

  • Range: 8000 through 8031

max-connections number

(Optional) Set a limit on the number of simultaneous TCP connections that the BNG allows on a single listening port. Connection requests received after this limit is reached are rejected.


In addition to this per-listening port limit, the system-wide limit for TCP connections is 128 (64 pairs) across all routing instances and listening ports.

  • Range: 1 through 16

  • Default: 1

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.3R1.