Related Documentation
Example: Using the Sample Packet-Mirroring Application
To use the sample packet-mirroring application:
- Download the SRC sample applications to your system from the Juniper Networks website:
- Locate the file that contains the service definition:
/SDK/scriptServices/packetMirroring/ldif/service.ldif - Import the sample service definition to the Juniper Networks
Database on the C Series Controller. To load the sample data into
the database, you can use an LDAP tool, such as ldapadd.
You can obtain ldapadd from the following website:
To load data into the Juniper Networks database, you need the IP address of the database and the database credentials. The default bind distinguished name (DN) for the database is cn=umcadmin, o=umc and the password is admin123.
- Copy the /lib/pm.jar file used by the script service to the /opt/UMC/sae /var/run directory on the C Series Controller.
- Modify the service substitutions for your environment.
You can make these substitutions by defining the parameter substitutions in the packetMirroring service (serviceName=packetMirroring, o=Services, o=umc) with the SRC CLI or by passing the values through the SAE core API.
For information about parameter substitutions, see Configuring Parameters for the Script Service for Packet Mirroring. For information about passing the values through the SAE core API, see Defining RADIUS Attributes for Dynamic Authorization Requests with the SAE Core API.
- Configure a subscription to the packetMirroring service
that is activated on login.
For information about subscriptions, see Subscriptions Overview.
- If you are modifying the sample application, copy the sae.jar and logger.jar files from the SKD/lib directory, and add the sae.jar and logger.jar files to the class path when you compile your application.
Example: Packet Mirroring for PPP Subscribers
When a PPP subscriber is subscribed to the packet-mirroring service, configure the service as an activate-on-login service at user connection time. After the subscriber has logged in through the SAE remote API, the packet-mirroring service can be subscribed to the PPP subscriber and activated. When the service is activated, a COA request is sent to the router running JunosE Software that includes the PPP subscriber’s accounting session ID to start packet mirroring for this subscriber.
Example: Packet Mirroring for DHCP Subscribers
When a DHCP subscriber is subscribed to the packet-mirroring service, configure the service as an activate-on-login service at user connection time. After the subscriber has logged in through the SAE remote API, the packet-mirroring service can be subscribed to the DHCP subscriber and activated. When the service is activated, a COA request is sent to the router running JunosE Software that includes the DHCP subscriber’s IP address and virtual router name for the router running JunosE Software to start packet mirroring for this subscriber.
Configuring DHCP Subscriber Sessions
You can use DHCP option 82 to identify the subscriber session. For example, if you set DHCP option 82 as the user login name, an external application can use this setting to search for the subscriber session. The following subscriber classification script illustrates this example:
->?sub?(interfaceName=<-dhcp[82].suboptions[1].string->)] loginType = “ ADDR” [<-retailerDN->??sub?(uniqueID=<-userName->)] retailerDN != “ “ & userName != “ “ [<-unauthenticatedUserDn->] loginType == "ADDR" loginType == "AUTHADDR"
Disabling RADIUS Authentication for DHCP Subscribers
Packet mirroring for DHCP subscribers does not involve RADIUS authentication, so you might have to configure authentication to grant all IP subscriber management interfaces access without authentication. For example, configure the router running JunosE Software with the following authentication:
You can still configure other subscribers to use RADIUS authentication. For example, configure the router running JunosE Software with the following authentication for PPP subscribers:
