Configuring RADIUS-Based Mirroring ! 169
Chapter 6: Packet Mirroring
You can also use the mirror disable CLI commands to disable RADIUS-based
mirroring. You must use the version of the mirror disable command that
corresponds to the RADIUS attribute that was used to identify the user. For example,
if you used the RADIUS Calling-Station-ID attribute to create the mirroring session,
you must use the mirror disable calling-station-id command to disable the
session.
Configuring the Analyzer Device
The analyzer device must be configured to receive the mirrored traffic from the
E-series router’s analyzer port.
Configuring the E-series Router: Start Mirroring When User Logs On
To configure the router to support RADIUS-based mirroring that starts when the
user logs on:
1. Configure RADIUS server authentication information in the router. See JUNOSe
Broadband Access Configuration Guide, Chapter 1, Configuring Remote Access for
information.
2. Ensure that the analyzer port is configured to send the mirrored traffic to the
analyzer device.
(Optional) For increased security, create an IPSec tunnel between the analyzer
port and the analyzer device.
Configuring the E-series Router: Mirror User Who Is Already Logged On
To configure the router to support RADIUS-initiated mirroring when the user is
already logged in:
1. Specify the RADIUS server that sends change-of-authorization messages to the
router.
2. Specify the UDP port used to communicate with the RADIUS server.
3. Configure the key used when communicating with the RADIUS server.
4. Enable the router to receive change-of-authorization messages from the
RADIUS server.
5. Ensure that the analyzer port is configured to send the mirrored traffic to the
analyzer device.
(Optional) For increased security, create an IPSec tunnel between the analyzer
port and the analyzer device.
For
NOTE: All RADIUS-based mirroring sessions that start when a user logs on are
considered to use the Acct-Session-ID attribute. Therefore, you must use the
mirror disable acct-session-id command to disable these sessions. For
RADIUS-based sessions of a user that is already logged in, you use the mirror
disable command with the same keyword you used to configure the session.
To Next Page
Loading...
Need help?
General
