Navigation
Supported Platforms
RADIUS-Initiated Traffic Mirroring Process for Logged-In Subscribers
Figure 1 shows the process for a RADIUS-initiated subscriber mirroring operation that is initiated after the subscriber has logged in.
Figure 1: RADIUS-Initiated Subscriber Secure Policy Model After Login
1 — The subscriber logs in, requesting authentication by
the RADIUS server. The RADIUS server authenticates the subscriber
(no mirroring activity occurs). | 6 — The IAP sends the original subscriber traffic to its
intended destination. |
2 — The LEA sends provisioning information for a subscriber
whose traffic is to be mirrored over the HI-1 interface to the mediation
device. | 7 — As subscriber-related events occur, the IAP sends the
events in SNMP traps over the INI-2 interface to the mediation device. |
3 — The mediation device sends the provisioning information
over the INI-1 interface to the RADIUS server. | 8 — The mediation device provides events over the HI-2
interface to the LEA. |
4 — The RADIUS server sends a CoA message containing the
mirroring-related RADIUS attributes and VSAs to the IAP (the router). | 9 — The IAP encapsulates the mirrored subscriber content
in a packet header and sends it to the mediation device over the INI-3
interface. The IAP uses the destination IP address that it received
in the Access-Accept messaged from the RADIUS server. |
5 — The RADIUS CoA message initiates the mirroring operation.
The IAP creates the subscriber secure policy based on the mirroring
VSAs and immediately begins mirroring subscriber traffic. | 10 — The mediation device sends mirrored content over the
HI-3 interface to the LEA. |
