Supported Platforms
DTCP Traffic Mirroring Triggers
Table 1 lists the DTCP attributes that you can use in DTCP ADD messages to trigger traffic mirroring.
Table 1: DTCP Mirroring Triggers for Use in ADD Messages
Attribute Name | DTCP Message Semantic | Description |
|---|---|---|
Account Session ID | X-Act-Sess-Id | Trigger that is based on the text string of the Account Session ID associated with the subscriber session. If the subscriber logs out, the intercept terminates. We recommend that you use other triggers to ensure that all sessions for a subscriber are intercepted. |
Calling Station ID | X-Call-Sta-Id | Trigger that is based on the text string of the Calling Station ID associated with the subscriber. If the subscriber is not logged on, the policy is applied at any current or subsequent subscriber log in. |
Drop Policy Name | X-Drop-Policy | Trigger that is based on the name of the configured lawful intercept policy. |
IP Address | X-IP-Addr | Trigger for the IPv4 address that is associated with a subscriber. If you use the IP Address trigger, and the subscriber is not using the default logical system, you must include the Logical System attribute in your DTCP message. If the subscriber is not using the default routing instance, you must include the Routing Instance attribute in your DTCP message. |
Interface Identifier | X-Interface-Id | Trigger for subscribers that are configured to use a specific router interface. All subscribers that use the interface have their traffic mirrored. Add this attribute as a text string that identifies the physical interface; for example, ge-0/0/0.1 or demux0.107472834. |
NAS Port ID | X-NAS-Port-Id | Trigger that is based on the NAS port ID of the subscriber. |
Remote Circuit ID | X-RM-Circuit-Id | For DHCP subscribers, trigger that is used with the Remote Agent ID to specify the DHCP option 82 that is associated with this session to completely specify a trigger. For PPPoE subscribers, agent circuit ID (ACI) in the PPPoE Intermediate Agent (PPPoE IA) tag. |
Remote Agent ID | X-RM-Agent-Id | For DHCP subscribers, trigger that is used with the Remote Circuit ID to specify the session or by itself to completely specify the trigger. For PPPoE subscribers, agent remote identifier (ARI) in the PPPoE Intermediate Agent (PPPoE IA) tag. |
Logical System | X-Logical-System | Trigger attribute that you can use with the IP Address or Subscriber User Name triggers. It is ignored for other triggers. The value default is used if no logical system exists for the subscriber. |
Routing Instance | X-Router-Instance | Trigger attribute that you can use with the IP Address or Subscriber User Name triggers. It is ignored for other triggers. The value default is used if no routing instance exists for the subscriber. |
Subscriber User Name | X-UserName | Trigger based on a subscriber username. If you use the Subscriber User Name trigger, and the subscriber is not using the default logical system, you must include the Logical System attribute in your DTCP message. If the subscriber is not using the default routing instance, you must include the Routing Instance attribute in your DTCP message. |
Triggering Subscriber Secure Policy for Subscribers on Dynamic Authenticated VLANs
 | Best Practice: When you have DHCPv4/DHCPv6 subscribers over VLANs, two sessions are created for each subscriber—one for the Layer 2 VLAN, and one for DHCP. In this case do not use a trigger, such as Remote Circuit ID (ACI), that applies to both the VLAN and the DHCP sessions. If the DHCP and VLAN sessions match the same trigger, the DHCP subscriber login fails and subscriber secure policy is not triggered. You need to select a traffic mirroring trigger that matches only one of these sessions. |
Order in Which Trigger Attributes Are Processed
If a subscriber matches more than one of the DTCP mirroring triggers, the router processes mirroring triggers in ADD messages in the following order:
- Account Session ID
- Calling Station ID
- IP Address
- Interface Identifier
- NAS Port ID
- Remote Agent ID
- Subscriber User Name
- Drop Policy Name
