Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Using SNMP Secure Packet Mirroring Traps

    SNMP secure packet mirroring traps enable you to capture and report packet mirroring information to an external device; you can then view the secure information on the remote device. The secure packet mirroring traps feature is an extension of the router’s standard SNMP implementation, and is only available to SNMPv3 users who are authorized to use packet mirroring.

    You can also log mirror traps to local volatile memory for debugging purposes by enabling the SNMP secure log feature. See Capturing SNMP Secure Audit Logs for details of secure audit logging. Normal console and syslog audit logs for packet mirroring traps and packet Mirror-MIB accesses are suppressed due to security concerns.

    Note: The contents of secure logs are not preserved across a reboot.

    The mirror-enable command must be enabled to make packet mirroring-related commands, command options, and show command output visible.

    Note: You must use the CLI to configure the secure packet mirroring trap category to allow transmission of secure packet mirroring traps through the router—you cannot use SNMP to configure the secure packet mirroring trap category. However, after you have configured the secure packet mirroring trap category using the CLI, you can then use SNMP (juniPacketMirrorMIB.mi2) to enable and disable secure packet mirroring traps.

    Table 1 indicates the events that trigger secure packet-mirroring traps and lists the information sent in the trap for each event.

    Table 1: Packet-Mirroring SNMP Traps

    Trap Information Sent

    Event That Triggers the Trap

     

    A secure policy failed during COA-based or RADIUS-initiated packet mirroring

    A secure policy failed during CLI trigger or CLI-based packet mirroring

    An interface with secure policies attached is deleted

    An analyzer is unreachable

    Analyzer address

    Application name

    Configuration source

    Date and time of event

    Error cause

    Error string

    Mirror ID

    Mirroring direction

    Secure policy name

    Secure policy UID

    Session ID

    Trigger event

    Trigger type

    Username

    Virtual router (0 for L2TP)

    Additional Packet-Mirroring Traps for CALEA Compliance

    You can use the packet-mirroring traps shown in Table 2 to help support compliance with the Communications Assistance for Law Enforcement Act (CALEA), which defines electronic surveillance guidelines for telecommunications companies. For example, a third-party vendor of mediation devices might receive packet mirroring traps from the router and convert the traps to messages that comply with CALEA, such as Lawfully Authorized Electronic Surveillance (LAES) for IP Network Access, American Nation Standard For Telecommunications messages. Individual traps might map to multiple LAES messages to provide additional compliance-related information.

    Table 2: Packet-Mirroring Traps for CALEA Compliance

    Trap

    Description

    juniPacketMirrorSessionStart

    A grant has been issued to a mirrored subscriber.

    juniPacketMirrorSessionEnd

    A mirrored session has been terminated; includes the termination reason.

    juniPacketMirrorInterfaceSessionActivated

    A secure policy has been attached to an existing interface or to an existing session.

    juniPacketMirrorInterfaceSessionDeactivated

    A secure policy has been detached from an interface, not including interface or session termination.

    juniPacketMirrorSessionReject

    A deny has been issued because the potential mirrored user was not allowed on the network for some reason. However, the user would have been mirrored if access to the network had been allowed.

    juniPacketMirrorSessionFailed

    The user session was terminated before the secure policy was attached. For example, no resources were available to create the interface. The termination reason is included.

    Packet Mirroring Trap Severity Levels

    Table 3 lists the default severity levels for packet mirroring traps. See the JunosE System Basics Configuration Guide for descriptions of the severity levels.

    Table 3: Packet Mirroring Trap Severity Levels

    Trap

    Default Severity Level

    juniPacketMirrorAnalyzerUnreachable

    Warning

    juniPacketMirrorCliTriggerBasedMirroringFailure

    Error

    juniPacketMirrorInterfaceDeleted

    Notice

    juniPacketMirrorInterfaceSessionActivated

    Info

    juniPacketMirrorInterfaceSessionDeactivated

    Info

    juniPacketMirrorRadiusBasedMirroringFailure

    Error

    juniPacketMirrorSessionEnd

    Info

    juniPacketMirrorSessionFailed

    Info

    juniPacketMirrorSessionStart

    Info

    juniPacketMirrorSessionReject

    Info

    See Configuring SNMP in JunosE System Basics Configuration Guide for information about JunosE Software SNMP support.

    Published: 2014-08-14