To Next Page

To Previous Page

JUNOSe 7.2.x Policy Management Configuration Guide

150 ! Overview

! CLI-based interface-specific mirroring—Can be useful in small networks

with few E-series routers and in static environments where a user typically

logs on to the same router through the same interface.

! CLI-based user-specific mirroring—Is useful in B-RAS environments, in

which users log in and log out frequently.

! RADIUS-based user-specific mirroring—Is triggered when needed, either

user-initiated when the specified user logs on, or RADIUS-initiated when the

user is already logged in. RADIUS-based mirroring also provides an excellent

solution for B-RAS networks, for example to troubleshoot traffic problems

related to mobile users.

CLI-based user-specific and RADIUS-based user-specific mirroring are also useful to

mirror L2TP traffic at the L2TP access concentrator (LAC). If the L2TP network

server (LNS) and the LAC belong to different service providers, mirroring at the LAC

enables mirroring to take place close to the user’s domain.

Packet Mirroring Terms

Ta b l e 2 3 defines terms used in this discussion of packet mirroring.

Table 23: Packet Mirroring Terminology

Term Meaning

Analyzer device Device that receives the mirrored traffic from the E-series router.

Also called the mediation device.

Analyzer port IP interface in analyzer mode on the E-series router that is used to

direct mirrored traffic to the analyzer device.

CLI access class Security level that grants access to specific CLI commands.

Mirrored interface Statically or dynamically configured interface on which traffic is

being mirrored.

Mirrored user User whose traffic is being mirrored.

Requesting authority Group that is authorized to request or conduct packet mirroring.

Salt encryption Random string of data used to modify a password hash.

Secure policy Policies created with a mirror action and that contain information

about where to forward mirrored traffic.

Trigger RADIUS attribute that identifies a user whose traffic is to be

mirrored. Packet mirroring starts when a trigger is detected.

An E-series router supports a maximum of 100 mirror trigger rules.

Juniper E Series Configuration Guide

Other manuals for Juniper E Series