 |
Note: You cannot configure dynamic flow capture (DFC) and flow-tap features on the same router simultaneously. |
This section describes the following tasks for configuring flow-tap service:
To configure an adaptive services interface for flow-tap service, include the interface statement at the [edit services flow-tap] hierarchy level:
- interface sp-fpc/pic/port.unit-number;
You can assign any AS or MultiServices PIC in the active monitoring router for flow-tap service, and use any logical unit on the PIC.
|
Note: You cannot configure dynamic flow capture (DFC) and flow-tap features on the same router simultaneously. |
You must also configure the logical interface at the [edit interfaces] hierarchy level:
- interface sp-fpc/pic/port {
-
- unit logical-unit-number {
- family inet;
- }
- }
You can add an extra level of security to DTCP transactions between the mediation device and the router by enabling DTCP sessions on top of the SSH layer. To configure SSH settings, include the flow-tap-dtcp statement at the [edit system services] hierarchy level:
To configure client permissions for viewing and modifying flow-tap configurations and for receiving tapped traffic, include the permissions statement at the [edit system login class class-name] hierarchy level:
The permissions needed to use flow-tap features are as follows:
You can also specify user permissions on a RADIUS server, for example:
For details on [edit system] and RADIUS configuration, see the JUNOS System Basics Configuration Guide.
The following restrictions apply to flow-tap services: