Figure 20 shows the
sequence of events that take place during RADIUS-based mirroring.
The tables after the figure describe the events indicated by the numbers
and letters in the figure. Table 48 describes
the configuration process; Table 49 describes
the flow of traffic during a mirroring operation that is initiated
when the user logs in; and Table 50 describes
the flow of traffic when mirroring a user who is already logged in.
Figure 20: RADIUS-Based Packet Mirroring
To create a RADIUS-based packet-mirroring environment, you must complete
the processes listed in Table 48.
Table 48: Setting
Up the RADIUS-Based Packet-Mirroring Environment
Process
Description
A
The authorized individual requests packet mirroring of
the user’s traffic and configures the analyzer device to receive
mirrored traffic.
B
The ISP administration configures VSAs in the user’s
RADIUS record.
C
The E-series router administrator configures RADIUS server
information and the analyzer interface connection to the analyzer
device.
Table 49 indicates the sequence
of steps for a packet mirroring operation that takes place when a
user starts a new session.
Table 49: RADIUS-Based
Mirroring During Session Start (User-Initiated)
Step
Description
1
A user logs in to an E-series router, requesting authentication
by the RADIUS server. Attributres in the logon request are examined
to determine whether any match a configured trigger. The first match
starts the packet mirroring session for the user.
2
The RADIUS server authenticates the user and sends packet
mirroring VSAs and any other configured VSAs to the router.
The router creates a secure policy based on the VSAs and
starts mirroring the user’s traffic.
3
The router sends the user’s original traffic to
its intended destination.
4
The router sends the mirrored traffic to analyzer device.
5
The analyzer device provides information for the requesting
individual.
Table 50 indicates the sequence
of steps for a packet mirroring operation that is configured for a
currently running session.
Table 50: RADIUS-Based
Mirroring of Currently Running Session (RADIUS-Initiated)
Step
Description
1
A user logs in to the E-series router; no mirroring action
is configured.
2
Packet mirroring is enabled on the RADIUS server.
Authenticated users are examined to determine whether
any match a configured trigger. The first match determines the router
to which to send change-of-authorization messages.
The RADIUS server sends change-of-authorization messages
containing packet mirroring VSAs to the router.
The router creates a secure policy based on the VSAs and
starts mirroring the user’s traffic.
3
The router sends the user’s original traffic to
its intended destination.
4
The router sends mirrored traffic to the analyzer device.
5
The analyzer device provides information for the requesting
individual.
