[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
RADIUS-Based Packet Mirroring MLPPP Sessions
When you use RADIUS-based packet mirroring
on MLPPP traffic, RADIUS authentication and authorization is performed
on the individual links. The mirroring-related VSAs are returned with
the RADIUS response. For user-initiated mirroring, which starts when
the user logs in, a RADIUS response is returned for each successful
authentication/authorization. For RADIUS-initiated mirroring of a
user who is already logged in, a single RADIUS request is sent for
each link.
- If you are mirroring an L2TP session, the packet-mirroring
operation is enabled or disabled on a single link that is uniquely
identified by the trigger you use (the RADIUS attributes for Acct-Session-ID
or User-Name). For tunneled MLPPP, the individual links in the MLPPP
bundle are mirrored separately. The packet-mirroring configuration
fails if you use the Acct-Multi-Session-ID attribute (RADIUS attribute
50) for the configuration.
- If you are mirroring an IP session, the packet-mirroring
operation is enabled or disabled on the MLPPP bundle as a whole. We
recommend that you use the Account-Session-ID RADIUS attribute rather
than the User-Name attribute as the trigger. Using the Account-Session-ID
attribute is more efficient because the JUNOSe software creates one
secure policy that packet mirroring uses for all links in the MLPPP
bundle. If you use the User-Name attribute, a secure policy is created
for the first link, then removed and re-created for every other link.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
