Example: Configuring Traffic That Is Mirrored Using DTCP-Initiated Subscriber Secure Policy

This example shows how to configure traffic that is mirrored using DTCP-initiated subscriber secure policy.

Requirements

Juniper Networks MX Series routers.
Junos OS Release 12.3R1 or later.

Overview

This example drops all video on demand TCP traffic from subnet 203.0.113.0/8 to any subscriber on which the policy named vod is enabled.

To configure traffic mirroring using DTCP-initiated subscriber secure policy:

Create a policy.
Set up the policy to filter IPv4 or IPv6 traffic by source or destination address, or port, protocol, or DSCP value.
Apply the policy using the DTCP attribute X-Drop-Policy.
Use the X-Drop-Policy with the DTCP ADD command to begin filtering traffic when mirroring is triggered.

Note:

To begin filtering traffic that is currently being mirrored, use the X-Drop-Policy attribute with the DTCP ENABLE command. To stop filtering traffic that is currently being mirrored:

Send a DTCP DELETE message to remove the current policy.
Modify the configuration with the new version of the policy.
Send a DTCP ADD message to add the policy.
Send a DTCP ENABLE message to enable the policy.

Configuration

Step-by-Step Procedure

To configure filtering mirrored traffic before it is sent to a mediation device:

Specify that you want to configure radius-flow-tap.

Specify that you want to configure a video on demand policy.

Specify inet as the family that you want to use.

Specify t1 as the term name for the IPv4 drop-policy.

Specify the source address for the drop-policy.

Specify the match criteria that you want to use.

Results

From configuration mode, confirm your configuration by entering the show services command. If the output does not display the intended configuration, repeat the instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

ON THIS PAGE