RADIUS Attributes Used for Packet Mirroring

Table 53 and Table 54 list the packet mirroring triggers. The triggers are RADIUS attributes that identify a user whose traffic is to be mirrored. A packet mirroring session starts when the router receives a RADIUS packet that contains mirroring attributes and then applies the mirroring configuration to the appropriate interface. For example, packet mirroring starts when a logon request occurs that contains a specified User-Name attribute.

The triggers also enable RADIUS-initiated mirroring to start when the user is already logged in.

Table 53: RADIUS Attributes Used as Packet Mirroring Triggers (Vendor ID 4874)

Standard Number

Attribute Name

Order of Preference

[1]

User-Name

4

[8]

Framed-IP-Address

3

[26-1]

Virtual-Router

Used with Framed-IP-Address and User-Name

[31]

Calling-Station-ID

2

[44]

Acct-Session-ID

1

[87]

Nas-Port-ID

5

[26–159]

DHCP- Option-82

6

Table 54: RADIUS Attributes Used as Packet Mirroring Triggers (Vendor ID 3561)

Standard Number

Attribute Name

Order of Preference

[26-1]

Agent-Circuit-ID

7

[26-2]

Agent-Remote-ID

8

You add the trigger to the RADIUS record of the user whose traffic will be mirrored. In addition, you must include the RADIUS VSAs listed in Table 55 in the mirrored user’s RADIUS record.

Note: For IP mirroring, you must include both VSA 26-59 and VSA 26-61, or you must omit both of these VSAs. If you use only one of these VSAs, the configuration fails.

Table 55: RADIUS-Based Mirroring Attributes

Standard Number

Attribute Name

Setting

[26-58]

LI-Action

0 = disable mirroring
1 = enable mirroring
2 = no action

[26-59]

Med-Dev-Handle

String (not null-terminated)

[26-60]

Med-IP-Address

IP address of analyzer device

[26-61]

Med-Port-Number

UDP port number of monitoring application in analyzer device

An LI-Action setting of 2 specifies that the router does not perform any packet mirroring–related configuration. This setting can provide additional security by confusing unauthorized users who attempt to access packet mirroring communication between the router and the RADIUS server.

Related Documentation