JUNOSe 9.1.x Policy Management Configuration Guide > Configuring RADIUS-Based Mirroring > RADIUS-Based Mirroring Overview

RADIUS-Based Mirroring Overview

RADIUS-based packet mirroring enables you to mirror traffic related to a specific user, without regard to how often the user logs on or off, or which E-series router or interface the user uses. RADIUS-based mirroring is particularly appropriate for large networks, because you can use a single RADIUS server to provision mirroring on multiple E-series routers in a service provider's network. RADIUS-based mirroring is useful when debugging network problems related to mobile users, who do not always log on to a particular router.

You configure RADIUS-based mirroring independent of the actual mirroring session—you can configure the mirroring parameters at any time. RADIUS-based mirroring uses RADIUS and VSAs, rather than CLI commands, to specify the user whose traffic is to be mirrored. The VSAs specify attributes that are carried in Access-Accept messages and change-of-authorization messages from the RADIUS dynamic-request server to the E-series router.

NOTE: You cannot use RADIUS-initiated packet mirroring to mirror static interfaces, which might not be authenticated through RADIUS. To mirror static interfaces, you must use CLI-based mirroring. NOTE: RADIUS-based packet mirroring is not supported on LAC L2TP sessions if the LAC uses domain maps to create tunnels or if authentication is disabled for both LAC and PPP termination.