Radius-Based Mirroring Procedure; Configuring The Radius Server; Disabling Radius-Based Mirroring - Juniper E320 Configuration Manual

Junose internet software for e-series routing platforms

Hide thumbs Also See for E320:

Hardware manual (144 pages)

Manual (83 pages)

Datasheet (6 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

page of 212

/ 212
Contents
Table of Contents
Bookmarks

Table of Contents

JUNOSe 7.2.x Policy Management Configuration Guide

RADIUS-Based Mirroring Procedure

168

Configuring RADIUS-Based Mirroring

Table 31: RADIUS-Based Mirroring During Session Start

Step

Description

The user logs on to an E-series router, requesting authentication by the RADIUS server.

A trigger in the logon request starts the packet mirroring session.

The RADIUS server authenticates the user and sends packet mirroring VSAs and any

other configured VSAs to the router.

The router creates a secure policy based on the VSAs and starts mirroring the user's

traffic.

The router sends the user's original traffic to its intended destination.

The router sends the mirrored traffic to analyzer device.

The analyzer device provides information for the requesting individual.

Table 32

indicates the sequence of steps for a packet mirroring operation that is

configured for a currently running session.

Table 32: RADIUS-Based Mirroring of Currently Running Session

Step

Description

The user logs on to the E-series router; no mirroring action is configured.

Packet mirroring is enabled on the RADIUS server.

The RADIUS server sends change-of-authorization messages containing packet

mirroring VSAs to the router.

The router creates a secure policy based on the VSAs and starts mirroring the user's

traffic.

The router sends the user's original traffic to its intended destination.

The router sends mirrored traffic to the analyzer device.

The analyzer device provides information for the requesting individual.

To configure the RADIUS-based packet mirroring environment, you must

coordinate the mirroring operations of three devices in the network: the RADIUS

server, the E-series router, and the analyzer device. The configuration of the RADIUS

server and the analyzer device is described in this section for reference only. The

actual configuration procedures depend on the policies and guidelines established

by the responsible organizations.

Configuring the RADIUS Server

Table 29

lists the VSAs that are included for both types of RADIUS-based

mirroring—user-initiated (when the user logs on to start a new session), and

RADIUS-initiated (when the user is already logged in).

Disabling RADIUS-Based Mirroring

To disable mirroring, you include the RADIUS attribute (for example,

Acct-Session-ID) and set the Mirror-Action attribute to 0 in the mirrored user's

RADIUS record.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Erx-710 Erx-310 Erx-1440 Erx-1410 Erx-705

Radius-Based Mirroring Procedure; Configuring The Radius Server; Disabling Radius-Based Mirroring - Juniper E320 Configuration Manual

RADIUS-Based Mirroring Procedure

Configuring the RADIUS Server

Disabling RADIUS-Based Mirroring

Hide quick links:

Related Manuals for Juniper E320

Related Content for Juniper E320

This manual is also suitable for:

Table of Contents