[j-nsp] CALEA/lawful intercept with Adaptive Services 2 PIC

Dan Rautio drautio at juniper.net
Thu Aug 31 17:52:06 EDT 2006


Hey Jim,

Here is one way to do it without port-mirroring:

ASP PIC -- ACTIVE monitoring -- firewall filter application
--
interfaces {
    ae0 {
        vlan-tagging;
        unit 1 {
            vlan-id 101;
            family inet {
                filter {
                    input Your-Cflowd;
                }
                address 10.0.1.2/24;
            }
        }
    }
    sp-0/3/0 {
        unit 0 {
            description "This dummy unit is required to activate
sampling";
            family inet;
        }
    }
}
forwarding-options {
    sampling {
        input {
            family inet {
                rate 10;
                run-length 5;
                max-packets-per-second 1024;
            }
        }
        output {
            cflowd 10.20.30.40 {
                port 9992;
                source-address 192.168.0.2;
                autonomous-system-type origin;
            }
            interface sp-0/3/0 {
                engine-type 1;
                source-address 192.168.0.2;
            }
        }
    }
}
firewall {
    family inet {
        filter Your-Cflowd {
            term t1 {
                then {
                    sample;
                    accept;
                }
            }
        }
    }
}

- Dan

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jim Cotton
> Sent: Thursday, August 31, 2006 12:25 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] CALEA/lawful intercept with Adaptive Services 2 PIC
> 
> 
> 
> I am more familiar with Cisco products than Juniper products.
> 
> I am interested in an example of port mirroring using an
> adaptive services 2 PIC on a Juniper M Series.
> 
> jcc
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list