RADIUS-Based Mirroring Sequence of Events

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Policy Management Configuration Guide > Configuring RADIUS-Based Mirroring > RADIUS-Based Mirroring Sequence of Events
RADIUS-Based Mirroring Sequence of Events

Figure 20 shows the sequence of events that take place during RADIUS-based mirroring. The tables after the figure describe the events indicated by the numbers and letters in the figure. Table 44 describes the configuration process; Table 45 describes the flow of traffic during a mirroring operation that is initiated when the user logs on; and Table 46 describes the flow of traffic when mirroring a user who is already logged in.

Figure 20: RADIUS-Based Packet Mirroring
To create a RADIUS-based packet mirroring environment, you must complete the processes listed in Table 44.
 Table 44:  Setting Up the RADIUS-Based Packet Mirroring Environment 

 Process
 Description

 A

 The authorized individual requests packet mirroring of the user's traffic and configures the analyzer device to receive mirrored traffic.


 B

 The ISP administration configures VSAs in the user's RADIUS record.


 C

 The E-series router administrator configures RADIUS server information and the analyzer interface connection to the analyzer device.



 
Table 45 indicates the sequence of steps for a packet mirroring operation that takes place when a user starts a new session.
 Table 45:  RADIUS-Based Mirroring During Session Start 

 Step
 Description

 1

 The user logs on to an E-series router, requesting authentication by the RADIUS server. A trigger in the logon request starts the packet mirroring session. 


 2


   The RADIUS server authenticates the user and sends packet mirroring VSAs and any other configured VSAs to the router. 
   The router creates a secure policy based on the VSAs and starts mirroring the user's traffic.



 3

 The router sends the user's original traffic to its intended destination.


 4

 The router sends the mirrored traffic to analyzer device. 


 5

 The analyzer device provides information for the requesting individual. 



 
Table 46 indicates the sequence of steps for a packet mirroring operation that is configured for a currently running session.
 Table 46:  RADIUS-Based Mirroring of Currently Running Session  

 Step
 Description

 1

 The user logs on to the E-series router; no mirroring action is configured.


 2


   Packet mirroring is enabled on the RADIUS server.
   The RADIUS server sends change-of-authorization messages containing packet mirroring VSAs to the router.
   The router creates a secure policy based on the VSAs and starts mirroring the user's traffic.



 3

 The router sends the user's original traffic to its intended destination.


 4

 The router sends mirrored traffic to the analyzer device. 


 5

 The analyzer device provides information for the requesting individual. 



 

Process	Description
A	The authorized individual requests packet mirroring of the user's traffic and configures the analyzer device to receive mirrored traffic.
B	The ISP administration configures VSAs in the user's RADIUS record.
C	The E-series router administrator configures RADIUS server information and the analyzer interface connection to the analyzer device.

Step	Description
1	The user logs on to an E-series router, requesting authentication by the RADIUS server. A trigger in the logon request starts the packet mirroring session.
2	The RADIUS server authenticates the user and sends packet mirroring VSAs and any other configured VSAs to the router. The router creates a secure policy based on the VSAs and starts mirroring the user's traffic.
3	The router sends the user's original traffic to its intended destination.
4	The router sends the mirrored traffic to analyzer device.
5	The analyzer device provides information for the requesting individual.

Step	Description
1	The user logs on to the E-series router; no mirroring action is configured.
2	Packet mirroring is enabled on the RADIUS server. The RADIUS server sends change-of-authorization messages containing packet mirroring VSAs to the router. The router creates a secure policy based on the VSAs and starts mirroring the user's traffic.
3	The router sends the user's original traffic to its intended destination.
4	The router sends mirrored traffic to the analyzer device.
5	The analyzer device provides information for the requesting individual.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]