Configuring Triggers For Cli-Based Mirroring - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

JunosE 11.3.x Policy Management Configuration Guide

Configuring Triggers for CLI-Based Mirroring

226
mirror analyzer-ip-address
mirror disable
mirror disable
secure ip classifier-list
secure ipv6 classifier-list
secure ip policy-list
secure ipv6 policy-list
secure l2tp policy-list
In user-specific packet mirroring, you use triggers to identify the user whose traffic you
want to mirror and to start the mirroring session. The triggers are similar to the RADIUS
attributes used in RADIUS-based mirroring. However, for CLI-based mirroring, AAA can
use any supported authentication method, including RADIUS.
NOTE: An E Series router supports a maximum of 100 mirror trigger rules.
Attributes associated with users are examined in the following order of priority to find a
match. When a match is found, examination stops.
Account session ID
1.
Calling station ID
2.
Username and virtual router ID
3.
IP address and virtual router ID
4.
Nas-Port-Id
5.
You specify the triggers with the mirror command, except that the virtual router associated
with username or IP address is taken from the VR context from which you issue the
command.
The following considerations apply to trigger rules:
A new trigger rule is not applied to matching connected subscribers if any of the
subscribers is mirrored by another rule.
CLI-initiated mirroring per account session ID creates a rule that continues to exist after
the subscriber logs out.
RADIUS CoA messages affect only currently connected subscribers; they do not create
persistent rules.
Copyright © 2010, Juniper Networks, Inc.