Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    RADIUS Attributes Used for Packet Mirroring

    Table 1 and Table 2 list the packet mirroring triggers. The triggers are RADIUS attributes that identify a user whose traffic is to be mirrored. A packet mirroring session starts when the router receives a RADIUS packet that contains mirroring attributes and then applies the mirroring configuration to the appropriate interface. For example, packet mirroring starts when a logon request occurs that contains a specified User-Name attribute.

    The triggers also enable RADIUS-initiated mirroring to start when the user is already logged in.

    Table 1: RADIUS Attributes Used as Packet Mirroring Triggers (Vendor ID 4874)

    Standard Number

    Attribute Name

    Order of Preference

    [1]

    User-Name

    4

    [8]

    Framed-IP-Address

    3

    [26-1]

    Virtual-Router

    Used with Framed-IP-Address and User-Name

    [31]

    Calling-Station-ID

    2

    [44]

    Acct-Session-ID

    1

    [87]

    Nas-Port-ID

    5

    [26–159]

    DHCP- Option-82

    6

    Table 2: RADIUS Attributes Used as Packet Mirroring Triggers (Vendor ID 3561)

    Standard Number

    Attribute Name

    Order of Preference

    [26-1]

    Agent-Circuit-ID

    7

    [26-2]

    Agent-Remote-ID

    8

    You add the trigger to the RADIUS record of the user whose traffic will be mirrored. In addition, you must include the RADIUS VSAs listed in Table 3 in the mirrored user’s RADIUS record.

    Note: For IP mirroring, you must include both VSA 26-59 and VSA 26-61, or you must omit both of these VSAs. If you use only one of these VSAs, the configuration fails.

    Table 3: RADIUS-Based Mirroring Attributes

    Standard Number

    Attribute Name

    Setting

    [26-58]

    LI-Action

    0 = disable mirroring
    1 = enable mirroring
    2 = no action

    [26-59]

    Med-Dev-Handle

    String (not null-terminated)

    [26-60]

    Med-IP-Address

    IP address of analyzer device

    [26-61]

    Med-Port-Number

    UDP port number of monitoring application in analyzer device

    An LI-Action setting of 2 specifies that the router does not perform any packet mirroring–related configuration. This setting can provide additional security by confusing unauthorized users who attempt to access packet mirroring communication between the router and the RADIUS server.

    Published: 2014-08-20