Technical Documentation
New
RADIUS Attributes Used for Packet Mirroring
Table 1 and Table 2 list the packet mirroring triggers. The triggers are RADIUS attributes that identify a user whose traffic is to be mirrored. A packet mirroring session starts when the router receives a RADIUS packet that contains mirroring attributes and then applies the mirroring configuration to the appropriate interface. For example, packet mirroring starts when a logon request occurs that contains a specified User-Name attribute.
The triggers also enable RADIUS-initiated mirroring to start when the user is already logged in.
Table 1: RADIUS Attributes Used as Packet Mirroring Triggers (Vendor ID 4874)
Standard Number | Attribute Name | Order of Preference |
|---|---|---|
[1] | User-Name | 4 |
[8] | Framed-IP-Address | 3 |
[26-1] | Virtual-Router | Used with Framed-IP-Address and User-Name |
[31] | Calling-Station-ID | 2 |
[44] | Acct-Session-ID | 1 |
[87] | Nas-Port-ID | 5 |
[26–159] | DHCP- Option-82 | 6 |
Table 2: RADIUS Attributes Used as Packet Mirroring Triggers (Vendor ID 3561)
Standard Number | Attribute Name | Order of Preference |
|---|---|---|
[26-1] | Agent-Circuit-ID | 7 |
[26-2] | Agent-Remote-ID | 8 |
You add the trigger to the RADIUS record of the user whose traffic will be mirrored. In addition, you must include the RADIUS VSAs listed in Table 3 in the mirrored user’s RADIUS record.
 | Note: For IP mirroring, you must include both VSA 26-59 and VSA 26-61, or you must omit both of these VSAs. If you use only one of these VSAs, the configuration fails. |
Table 3: RADIUS-Based Mirroring Attributes
Standard Number | Attribute Name | Setting |
|---|---|---|
[26-58] | LI-Action | 0 = disable mirroring |
[26-59] | Med-Dev-Handle | String (not null-terminated) |
[26-60] | Med-IP-Address | IP address of analyzer device |
[26-61] | Med-Port-Number | UDP port number of monitoring application in analyzer device |
An LI-Action setting of 2 specifies that the router does not perform any packet mirroring–related configuration. This setting can provide additional security by confusing unauthorized users who attempt to access packet mirroring communication between the router and the RADIUS server.
