Example: Flow-Tap Configuration on T and M Series Routers
The following example shows all the parts of a complete flow-tap configuration.
Note:
The following example applies only to M Series and T Series routers, except M160 and TX Matrix routers. For MX Series routers, because the flow-tap application resides in the Packet Forwarding Engine rather than a service PIC or Dense Port Concentrator (DPC), the Packet Forwarding Engine must send the packet to a tunnel logical (vt-) interface to encapsulate the intercepted packet. In such a scenario, you need to allocate a tunnel interface and assign it to the dynamic flow capture process for FlowTapLite to use.
services {
flow-tap {
interface sp-1/2/0.100;
}
}
interfaces {
sp-1/2/0 {
unit 100 {
family inet;
}
}
}
system {
services {
flow-tap-dtcp {
ssh {
connection-limit 5;
rate-limit 5;
}
}
}
login {
class ft-class {
permissions flow-tap-operation;
}
user ft-user1 {
class ft-class;
authentication {
encrypted-password “xxxx”;
}
}
}
}