Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
RADIUS-Initiated Traffic Mirroring Process at Subscriber Login
Figure 1 shows the process for a RADIUS-initiated subscriber mirroring operation that is initiated when the mirrored subscriber logs in.
Figure 1: RADIUS-Initiated Subscriber Secure Policy Model at Login
1 — The LEA sends provisioning information for a subscriber
whose traffic is to be mirrored over the HI-1 interface to the mediation
device. | 6 — The IAP sends the original subscriber traffic to its
intended destination. |
2 — The mediation device sends the provisioning information
over the INI-1 interface to the RADIUS server. | 7 — As subscriber-related events occur, the IAP sends the
events in SNMP traps over the INI-2 interface to the mediation device. |
3 — The subscriber logs in, requesting authentication by
the RADIUS server. | 8 — The mediation device provides the events over the HI-2
interface to the LEA. |
4 — The RADIUS server authenticates the subscriber and
sends an Access-Accept message containing mirroring-related RADIUS
attributes in Juniper Networks VSAs to the IAP (the router). | 9 — The IAP encapsulates the mirrored content in a packet
header and sends it over the INI-3 interface to the mediation device.
The IAP uses the destination IP address of the mediation device that
it received in the Access-Accept messaged from the RADIUS server. |
5 — The IAP creates a subscriber secure policy based on
the mirroring VSAs and begins mirroring the subscriber’s traffic. | 10 — The mediation device sends mirrored content over the
HI-3 interface to the LEA. |
