Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

RADIUS-Initiated Subscriber Secure Policy Overview

RADIUS-initiated mirroring creates secure policies based on RADIUS VSAs and uses RADIUS attributes to identify the subscriber whose traffic is to be mirrored. Mirroring is initiated without regard to the subscriber location, router, interface, or type of traffic.

Starting Junos OS Release 23.4R1, you can configure static framed-routes towards subscriber in the BNG router itself as an alternative for RADIUS framed routes.

A pre-existing configuration is used to add the routes to the routing table. The routes are hidden until the subscriber with configured subscriber IP comes up.

The mirroring operation can be initiated by RADIUS messages as follows:

  • Subscriber login—Mirroring starts when the subscriber logs in and the router receives the trigger in a RADIUS Access-Accept message. Using triggers in RADIUS Access-Accept messages enables you to mirror per-subscriber traffic without regard to how often the subscriber logs in or out, or which router or interface the subscriber uses.

  • In-session—Mirroring starts when the router receives the trigger in a RADIUS change of authorization request (CoA-Request) message. Using triggers in CoA-Request messages enables you to immediately mirror traffic of a subscriber who is already logged in.