1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE...
  6. Configuration manual

Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual page 254

Software for e series broadband services routers policy management configuration guide
Hide thumbs Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04:
Table of Contents

Advertisement

JunosE 11.3.x Policy Management Configuration Guide
host1# show mirror subscribers
Subscriber ID
------------------
lac:jwbooth@isptheatre.com
x:12000004:circuit id:45.y:12000004:remote id:89
x:12000001:pppoe agent circuit id:47
79:3a:02:00:00:02:3a:72:65:6d:6f:74:65:20:69:64:3a:35 agent-remote-id
230
Configure the secure policy that forwards the mirrored traffic to the analyzer device.
3.
The classifier-group command uses the default classifier list, which is indicated by
the asterisk character (*).
For L2TP subscribers:
host1(config)#secure l2tp policy-list l2tp_toMirrorHQ
host1(config-policy-list)#classifier-group *
host1(config-policy-list-classifier-group)#mirror analyzer-ip-address 192.168.99.2
analyzer-virtual-router default analyzer-udp-port 6500 mirror-identifier 1
session-identifier 1
For DHCP and PPP subscribers:
host1(config)#secure ip policy-list secure-ipv4-policy
host1(config-policy-list)#classifier-group *
host1(config-policy-list-classifier-group)#mirror analyzer-ip-address 19.0.0.2
analyzer-virtual-router default analyzer-udp-port 2500 mirror-identifier 1
session-identifier 1
Configure packet mirroring for the subscriber and associate the secure policy with the
4.
user.
For L2TP subscribers:
host1(config)#virtual-router lac
host1:lac(config)#mirror username jwbooth@isptheatre.com l2tp secure-policy-list
l2tp_toMirrorHQ
For DHCP and PPP subscribers:
host1(config)#mirror dhcp-option-82 agent-circuit-id "x:12000004:circuit id:45"
agent-remote-id "y:12000004:remote id:89" ip secure-policy-list
secure-ipv4-policy
host1(config)#mirror agent-circuit-id "x:12000001:pppoe agent circuit id:47" ip
secure-policy-list secure-ipv4-policy
host1(config)#mirror agent-remote-id hex
79:3a:02:00:00:02:3a:72:65:6d:6f:74:65:20:69:64:3a:35 ip secure-policy-list
secure-ipv4-policy
Now, when the subscriber logs in , the packet mirroring session starts and the
subscriber's replicated traffic is sent to the remote analyzer device.
Verify the packet-mirroring configuration.
5.
Verify the configuration of the secure policy.
6.
host1# show secure policy-list
ID
Secure
Method
Policy Type
----------
-----------
username
l2tp
dhcp-option-82
IP
agent-circuit-id IP
IP
Policy Table
Copyright © 2010, Juniper Networks, Inc.
Secure
Mirrored
Policy List
Sessions
----------------
--------
l2tp_toMirrorHQ
1
secure-ipv4-policy 1
secure-ipv4-policy 1
secure-ipv4-policy 1

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

Related Products for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

This manual is also suitable for:

Junose 11.3

Table of Contents