Example: Using the Sample Packet-Mirroring Application
To use the sample packet-mirroring application provided:
The /SDK/scriptServices/packetMirroring/ldif/service.ldif file (in the SRC software distribution) is the sample service definition.
- Copy the /lib/pm.jar file used by the script service to the /var/run directory in the SAE installation directory (/opt/UMC/sae by default).
- Modify the service substitutions for your environment.
You can make these substitutions by defining the parameter substitutions in the packetMirroring service (serviceName=packetMirroring, o=Services, o=umc) with SDX Admin or by passing the values through the SAE core API.
For information about parameter substitutions, see Configuring the Script Service for Packet Mirroring. For information about passing the values through the SAE core API, see Defining RADIUS Attributes for Dynamic Authorization Requests with the API.
For more information about subscriptions, see SRC-PE Subscribers and Subscriptions Guide, Chapter 13, Configuring Subscribers and Subscriptions with SDX Admin.
If you are modifying the sample application, add the sae.jar and logger.jar files to the classpath when you compile your application. These two files can be found in the lib directory of the SAE installation directory.
Example: Packet Mirroring for PPP Subscribers
When a PPP subscriber is subscribed to the packet-mirroring service, the service should be configured as an activate-on-login service at user connection time. After the subscriber has logged in through the SAE remote API, the packet-mirroring service can be subscribed to the PPP subscriber and activated. When the service is activated, a CoA request is sent to the JUNOSe router that includes the PPP subscriber's accounting session ID to start packet mirroring for this subscriber.
Example: Packet Mirroring for DHCP Subscribers
When a DHCP subscriber is subscribed to the packet-mirroring service, the service should be configured as an activate-on-login service at user connection time. After the subscriber has logged in through the SAE remote API, the packet-mirroring service can be subscribed to the DHCP subscriber and activated. When the service is activated, a CoA request is sent to the JUNOSe router that includes the DHCP subscriber's IP address and virtual router name for the JUNOSe router to start packet mirroring for this subscriber.
Configuring DHCP Subscriber Sessions
You can use DHCP option 82 to identify the subscriber session. For example, if you set DHCP option 82 as the user login name, an external application can use this setting to search for the subscriber session. The following subscriber classification script illustrates this example:
[retailername=default,o=Users,o=UMC?loginName=<-dhcp[82].suboptions[1].string->? sub?(interfaceName=<-dhcp[82].suboptions[1].string->)]loginType = "ADDR"[<-retailerDN->??sub?(uniqueID=<-userName->)]retailerDN != ""& userName != ""[<-unauthenticatedUserDn->]loginType == "ADDR"loginType == "AUTHADDR"Disabling RADIUS Authentication for DHCP Subscribers
Packet mirroring for DHCP subscribers does not involve RADIUS authentication, so you might have to configure authentication to grant all IP subscriber management interfaces access without authentication. For example, configure the JUNOSe router with the following authentication:
aaa authentication ip default noneYou can still configure other subscribers to use RADIUS authentication. For example, configure the JUNOSe router with the following authentication for PPP subscribers:
aaa authentication ppp default radius