[j-nsp] CALEA/lawful intercept with Adaptive Services 2 PIC
Dan Rautio
drautio at juniper.net
Thu Aug 31 17:52:06 EDT 2006
Hey Jim,
Here is one way to do it without port-mirroring:
ASP PIC -- ACTIVE monitoring -- firewall filter application
--
interfaces {
ae0 {
vlan-tagging;
unit 1 {
vlan-id 101;
family inet {
filter {
input Your-Cflowd;
}
address 10.0.1.2/24;
}
}
}
sp-0/3/0 {
unit 0 {
description "This dummy unit is required to activate
sampling";
family inet;
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 10;
run-length 5;
max-packets-per-second 1024;
}
}
output {
cflowd 10.20.30.40 {
port 9992;
source-address 192.168.0.2;
autonomous-system-type origin;
}
interface sp-0/3/0 {
engine-type 1;
source-address 192.168.0.2;
}
}
}
}
firewall {
family inet {
filter Your-Cflowd {
term t1 {
then {
sample;
accept;
}
}
}
}
}
- Dan
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jim Cotton
> Sent: Thursday, August 31, 2006 12:25 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] CALEA/lawful intercept with Adaptive Services 2 PIC
>
>
>
> I am more familiar with Cisco products than Juniper products.
>
> I am interested in an example of port mirroring using an
> adaptive services 2 PIC on a Juniper M Series.
>
> jcc
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list