Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    RADIUS-Based Mirroring Sequence of Events

    Figure 1 shows the sequence of events that take place during RADIUS-based mirroring. The tables after the figure describe the events indicated by the numbers and letters in the figure. Table 1 describes the configuration process; Table 2 describes the flow of traffic during a mirroring operation that is initiated when the user logs in; and Table 3 describes the flow of traffic when mirroring a user who is already logged in.

    Figure 1: RADIUS-Based Packet Mirroring

    RADIUS-Based Packet Mirroring

    To create a RADIUS-based packet-mirroring environment, you must complete the processes listed in Table 1.

    Table 1: Setting Up the RADIUS-Based Packet-Mirroring Environment

    Process

    Description

    A

    The authorized individual requests packet mirroring of the user’s traffic and configures the analyzer device to receive mirrored traffic.

    B

    The ISP administration configures VSAs in the user’s RADIUS record.

    C

    The E Series router administrator configures RADIUS server information and the analyzer interface connection to the analyzer device.

    Table 2 indicates the sequence of steps for a packet mirroring operation that takes place when a user starts a new session.

    Table 2: RADIUS-Based Mirroring During Session Start (User-Initiated)

    Step

    Description

    1

    A user logs in to an E Series router, requesting authentication by the RADIUS server. Attributes in the logon request are examined to determine whether any match a configured trigger. The first match starts the packet mirroring session for the user.

    2

    • The RADIUS server authenticates the user and sends packet mirroring VSAs and any other configured VSAs to the router.
    • The router creates a secure policy based on the VSAs and starts mirroring the user’s traffic.

    3

    The router sends the user’s original traffic to its intended destination.

    4

    The router sends the mirrored traffic to analyzer device.

    5

    The analyzer device provides information for the requesting individual.

    Table 3 indicates the sequence of steps for a packet mirroring operation that is configured for a currently running session.

    Table 3: RADIUS-Based Mirroring of Currently Running Session (RADIUS-Initiated)

    Step

    Description

    1

    A user logs in to the E Series router; no mirroring action is configured.

    2

    • Packet mirroring is enabled on the RADIUS server.
    • Authenticated users are examined to determine whether any match a configured trigger. The first match determines the router to which to send change-of-authorization messages.
    • The RADIUS server sends change-of-authorization messages containing packet mirroring VSAs to the router.
    • The router creates a secure policy based on the VSAs and starts mirroring the user’s traffic.

    3

    The router sends the user’s original traffic to its intended destination.

    4

    The router sends mirrored traffic to the analyzer device.

    5

    The analyzer device provides information for the requesting individual.

    Published: 2014-08-14