Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring FlowTap and FlowTapLite Security Properties

Enable DTCP on top of the SSH layer and set permissions needed to configure and view FlowTap and FlowTapLite features.

You can add an extra level of security to DTCP transactions between the mediation device and the router by enabling DTCP sessions on top of the SSH layer. To configure, include the flow-tap-dtcp statement at the [edit system services] hierarchy level:

To configure client permissions for viewing and modifying flow-tap configurations and for receiving tapped traffic, include the permissions statement at the [edit system login class class-name] hierarchy level:

The permissions needed to use FlowTap and FlowTapLite features are as follows:

  • flow-tap—Can view FlowTap and FlowTapLite configuration.

  • flow-tap-control—Can modify FlowTap and FlowTapLite configuration.

  • flow-tap-operation—Can tap flows.

You can also specify user permissions on a RADIUS server, for example: