Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

RADIUS-Initiated Traffic Mirroring Process for Logged-In Subscribers

Figure 1 shows the process for a RADIUS-initiated subscriber mirroring operation that is initiated after the subscriber has logged in.

Figure 1: RADIUS-Initiated Subscriber Secure Policy Model After LoginRADIUS-Initiated Subscriber Secure Policy Model After Login
  1

The subscriber logs in, requesting authentication by the RADIUS server. The RADIUS server authenticates the subscriber (no mirroring activity occurs).

  6

The IAP sends the original subscriber traffic to its intended destination.

  2

The LEA sends provisioning information for a subscriber whose traffic is to be mirrored over the HI-1 interface to the mediation device.

  7

As subscriber-related events occur, the IAP sends the events in SNMP traps over the INI-2 interface to the mediation device.

  3

The mediation device sends the provisioning information over the INI-1 interface to the RADIUS server.

  8

The mediation device provides events over the HI-2 interface to the LEA.

  4

The RADIUS server sends a CoA message containing the mirroring-related RADIUS attributes and VSAs to the IAP (the router).

  9

The IAP encapsulates the mirrored subscriber content in a packet header and sends it to the mediation device over the INI-3 interface. The IAP uses the destination IP address that it received in the Access-Accept messaged from the RADIUS server.

  5

The RADIUS CoA message initiates the mirroring operation. The IAP creates the subscriber secure policy based on the mirroring VSAs and immediately begins mirroring subscriber traffic.

10

The mediation device sends mirrored content over the HI-3 interface to the LEA.