1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE...
  6. Configuration manual

Configuring Router To Mirror Users Already Logged In - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

Software for e series broadband services routers policy management configuration guide
Hide thumbs Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04:
Table of Contents

Advertisement

JunosE 11.3.x Policy Management Configuration Guide

Configuring Router to Mirror Users Already Logged In

238
Configure the analyzer interface to send the mirrored traffic to the analyzer device.
2.
host1(config)#interface fastEthernet 4/0
host1(config-if)#ip analyzer
Alternatively, for increased security, create the analyzer interface at one end of an
IPSec tunnel to the analyzer device.
host1(config)# interface tunnel ipsec:mirror3 transport-virtual-router default
host1(config-if)#ip analyzer
host1(config-if)#exit
host1(config)#ip route 192.168.99.2 255.255.255.255 tunnel ipsec:mirror3
When a mirroring operation is initiated for a user who is already logged in (RADIUS-initiated
mirroring), the RADIUS server uses change-of-authorization messages and passes the
required RADIUS attributes and the identifier of the currently running session to the
E Series router. The router uses this information to create the secure policy and attaches
it to the interface that is created for the user. The E Series router must be configured to
accept change-of-authorization messages from the RADIUS server.
Specify the RADIUS dynamic-request server that sends change-of-authorization
1.
messages to the router, and enter RADIUS configuration mode.
host1(config)#radius dynamic-request server 192.168.11.0
Specify the UDP port used to communicate with the RADIUS server.
2.
host1(config-radius)#udp-port 3799
Create the key used to communicate with the RADIUS server.
3.
host1(config-radius)#key mysecret
Configure the router to receive change-of-authorization messages from the RADIUS
4.
server.
host1(config-radius)#authorization change
host1(config-radius)#exit
host1(config)#exit
Verify your RADIUS-initiated mirroring configuration.
5.
host1#show radius dynamic-request servers
RADIUS Request Configuration
----------------------------
Udp
IP Address
Port
-------------
----
10.10.3.4
3799
Configure the analyzer interface to send the mirrored traffic to the analyzer device.
6.
host1(config)#interface fastEthernet 4/0
host1(config-if)#ip analyzer
Change
Of
Disconnect
Authorization
----------
-------------
enabled
enabled
Copyright © 2010, Juniper Networks, Inc.
Secret
------
mysecret

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

This manual is also suitable for:

Junose 11.3

Table of Contents