Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring Traffic That Is Mirrored Using DTCP-Initiated Subscriber Secure Policy

This example shows how to configure traffic that is mirrored using DTCP-initiated subscriber secure policy.

Requirements

  • Juniper Networks MX Series routers.
  • Junos OS Release 12.3R1 or later.

Overview

This example drops all video on demand TCP traffic from subnet 10.0.0.0/8 to any subscriber on which the policy named vod is enabled.

To configure traffic mirroring using DTCP-initiated subscriber secure policy:

  1. Create a policy.
  2. Set up the policy to filter IPv4 or IPv6 traffic by source or destination address, or port, protocol, or DSCP value.
  3. Apply the policy using the DTCP attribute X-Drop-Policy.
  4. Use the X-Drop-Policy with the ADD DTCP command to begin filtering traffic when mirroring is triggered.

Note: To begin filtering traffic that is currently being mirrored, use the X-Drop-Policy attribute with the new ENABLE DTCP command. To stop filtering traffic that is currently being mirrored, use the X-Drop-Policy attribute with the new DISABLE DTCP command.

Configuration

Step-by-Step Procedure

To configure filtering mirrored traffic before it is sent to a mediation device:

  1. Specify that you want to configure radius-flow-tap.
    [edit services]user@host# edit radius-flow-tap
  2. Specify that you want to configure a video on demand policy.
    [edit services radius-flow-tap]user@host# edit policy vod
  3. Specify inet as the family that you want to use.
    [edit services radius-flow-tap vod]user@host# edit inet
  4. Specify t1 as the term name for the IPv4 drop-policy.
    [edit services radius-flow-tap vod inet] user@host# edit drop-policy t1
  5. Specify the source address for the drop-policy.
    [edit services radius-flow-tap vod inet drop-policy t1]user@host# edit source-address 10.0.0.0/8
  6. Specify the match criteria that you want to use.
    [edit services radius-flow-tap vod inet drop-policy t1]user@host# set protocol tcp

Results

From configuration mode, confirm your configuration by entering the show services command. If the output does not display the intended configuration, repeat the instructions in this example to correct it.

[edit services radius-flow-tap policy]
vod {inet {drop-policy t1 {from{source-address {10.0.0.0/8;}protocol tcp;}}}

If you are done configuring the device, enter commit from configuration mode.

 

Related Documentation

 

Published: 2013-02-11

Previous Page Next Page