Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual page 266

JunosE 11.3.x Policy Management Configuration Guide
Scenario 1: When
Configurations Use the
Same Identification
Criteria
242
Username associated with the virtual router where the subscriber logs in
4.
NAS port ID
5.
A RADIUS log-in configuration always implicitly uses the Acct-Session-ID to identify
the subscriber. This trigger has the highest priority of the five possible identification
methods. For this reason, when a subscriber logs in, an existing RADIUS login
configuration always takes effect over other packet mirroring configurations.
A RADIUS CoA configuration affects only subscribers that are currently logged in. It
does not create persistent rules. Subscribers that log in after the CoA request goes out
are not mirrored by the configuration.
If a subscriber that is mirrored by a RADIUS CoA configuration subsequently logs out
and then logs back in, that subscriber is no longer mirrored by the configuration.
However, that subscriber might now be mirrored by an existing RADIUS login or
CLI-based configuration.
A CLI-based configuration creates persistent rules. The configuration affects subscribers
that are logged in when the configuration is created, and subscribers that log in
thereafter.
You can create a new configuration or modify an existing configuration to override a
configuration that is currently mirroring subscribers. You must use the same subscriber
selection criteria that were used by the current configuration. The overriding
configuration can be either CLI-based or a RADIUS CoA configuration; it does not have
to match the configuration source used by the current configuration.
When a CLI-based or RADIUS CoA configuration identifies a targeted subscriber group,
all members of the group are examined to determine whether any of these members
is already mirrored using a different identification method. If that is the case, none of
the group members is mirrored by the new configuration.
Deletion of a CLI rule has no effect on subscribers that are currently being mirrored.
They continue to be mirrored as before the deletion. These subscribers are not
reevaluated against any remaining identification criteria when a CLI rule is deleted.
When mirroring is disabled by RADIUS CoA, subscribers that were being mirrored are
not evaluated against an existing CLI configuration.
Consider the following scenarios.
Currently logged-in subscribers are not being mirrored. These subscribers include 20
1.
subscribers with the username joe@example.com. Their subscriber access is through
virtual router boston1.
You create a RADIUS CoA (RADIUS-initiated) configuration that targets subscribers
2.
that match joe@example.com logging in through virtual router boston1.
Mirroring begins for all 20 of these subscribers.
3.
Ten more subscribers with the username joe@example.com log in through VR boston1.
4.
None of these new subscribers is mirrored because the RADIUS CoA configuration
makes no persistent rules.
Copyright © 2010, Juniper Networks, Inc.