Technical Documentation

RADIUS-Based Mirroring Sequence of Events

Figure 1 shows the sequence of events that take place during RADIUS-based mirroring. The tables after the figure describe the events indicated by the numbers and letters in the figure. Table 1 describes the configuration process; Table 2 describes the flow of traffic during a mirroring operation that is initiated when the user logs in; and Table 3 describes the flow of traffic when mirroring a user who is already logged in.

Figure 1: RADIUS-Based Packet Mirroring

To create a RADIUS-based packet-mirroring environment, you must complete the processes listed in Table 1.

Table 1: Setting Up the RADIUS-Based Packet-Mirroring Environment

Process	Description
A	The authorized individual requests packet mirroring of the user’s traffic and configures the analyzer device to receive mirrored traffic.
B	The ISP administration configures VSAs in the user’s RADIUS record.
C	The E Series router administrator configures RADIUS server information and the analyzer interface connection to the analyzer device.

Table 2 indicates the sequence of steps for a packet mirroring operation that takes place when a user starts a new session.

Table 2: RADIUS-Based Mirroring During Session Start (User-Initiated)

Step	Description
1	A user logs in to an E Series router, requesting authentication by the RADIUS server. Attributres in the logon request are examined to determine whether any match a configured trigger. The first match starts the packet mirroring session for the user.
2	The RADIUS server authenticates the user and sends packet mirroring VSAs and any other configured VSAs to the router. The router creates a secure policy based on the VSAs and starts mirroring the user’s traffic.
3	The router sends the user’s original traffic to its intended destination.
4	The router sends the mirrored traffic to analyzer device.
5	The analyzer device provides information for the requesting individual.

Table 3 indicates the sequence of steps for a packet mirroring operation that is configured for a currently running session.

Table 3: RADIUS-Based Mirroring of Currently Running Session (RADIUS-Initiated)

Step	Description
1	A user logs in to the E Series router; no mirroring action is configured.
2	Packet mirroring is enabled on the RADIUS server. Authenticated users are examined to determine whether any match a configured trigger. The first match determines the router to which to send change-of-authorization messages. The RADIUS server sends change-of-authorization messages containing packet mirroring VSAs to the router. The router creates a secure policy based on the VSAs and starts mirroring the user’s traffic.
3	The router sends the user’s original traffic to its intended destination.
4	The router sends mirrored traffic to the analyzer device.
5	The analyzer device provides information for the requesting individual.

Choose Country

North America

Europe

Asia Pacific

Technical Documentation

Related Documentation

RADIUS-Based Mirroring Sequence of Events

Related Documentation

Published: 2012-03-27