Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

radius-flow-tap

Syntax

Hierarchy Level

Description

Configure the radius-flow-tap service for subscriber secure policy mirroring. Both RADIUS-initiated and Dynamic Tasking Control Protocol (DTCP)-initiated mirroring are supported.

Starting in Junos OS Release 17.3R1, the radius-flow-tap service can run concurrently on the same router with the FlowTapLite service. The FlowTapLite service is a version of the flow-tap service ([edit services flow-tap]) that is configured only on tunnel interfaces on MX Series routers.

In earlier releases, the radius-flow-tap and FlowTapLite services cannot run concurrently on an MX Series router, preventing you from running FlowTapLite monitoring and subscriber secure policy mirroring at the same time.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.

Options

forwarding-class class-name

Specify the forwarding class that is applied to mirrored packets sent to a mediation device.
interfaces interface-name

Assign virtual tunnel interfaces to mirror the interfaces created by extensible subscriber services manager (ESSM)

If a currently used tunnel interface is deleted from the pool of interfaces, the active mirroring sessions are redistributed from the deleted interface to other tunnel interfaces in the pool. Also, when a new tunnel interface is added into the pool, the service adds the new interface to the list of interfaces available for new mirroring sessions or for existing sessions transferred from a failed interface.
logical-system logical-system-name

Specify the logical system that is used to send mirrored packets to a mediation device for subscriber secure policy traffic mirroring. When you specify a logical system, you must also specify a routing instance.

  • Default: Logical system default
multicast-interception

Enables subscriber secure policy to mirror IPv4 multicast traffic sent to subscribers. It enables the mirroring of multicast traffic for all subscribers on the chassis.

Mirroring of multicast traffic is supported only for subscribers in the default logical system.
routing-instance routing-instance-name

Specify the routing instance that is used to send mirrored packets to a mediation device for subscriber secure policy traffic mirroring.

  • Default: Routing instance default
snmp notify-targets ip-address

Specify the IP address for a target mediation device (trap target) to receive SNMPv3 encrypted trap notifications subscriber secure policy mirroring trap. Only these configured targets can receive the notifications. This is required for secure SNMPv3 notifications for subscriber secure policy mirroring. If you configure multiple targets, you must configure them one at a time.
source-ipv4-address ipv4-address

Specify the source IPv4 address used in the IP header that is prepended to mirrored packets sent to a mediation device.

Required Privilege Level

flow-tap—To view this statement in the configuration.

flow-tap-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.4.

logical-system option added in Junos OS Release 15.1R3 for enhanced subscriber management.

multicast-interception option added in Junos OS Release 11.4.

snmp notify-targets option added in Junos OS Release 16.1R1.

routing-instance option added in Junos OS Release 15.1R3 for enhanced subscriber management.

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
17.3R1
Starting in Junos OS Release 17.3R1, the radius-flow-tap service can run concurrently on the same router with the FlowTapLite service.