RADIUS ATTRIBUTES REFERENCE GUIDE
RELEASE 14.0.R4
RADIUS Attributes Reference
Issue: 01 3HE 10793 AAAB TQZZA 01 139
2.2.13 Lawful Intercept
Table 45 Lawful Intercept (Description)
Attribute ID Attribute Name Description
26-6527-122 Alc-LI-Action Defines the traffic mirroring action start-mirroring 'enable' or stop-
mirroring 'disable'. The Alc-LI-Action 'no-action' specifies that the router
does not perform any traffic mirroring-related action. This setting can
provide additional security by confusing unauthorized users who
attempt to access traffic mirroring communication between the router
and the RADIUS server. The CoA-only 'clear-dest-service' Alc-LI-Action
creates the ability to delete all li-source entries from the mirror service
defined via the Alc-LI-Destination service-id. A 'clear-dest-service'
action requires an additional [26-6527-137] Alc-Authentication-Policy-
Name if the CoA server is configured in the authentication policy.
Values outside the Limits are treated as a setup failure.
26-6527-123 Alc-LI-Destination Specifies the service-id that holds the mirror details (configure mirror
mirror-dest service-id). Values above the Limits or unreferenced are
treated as a setup failure.
26-6527-124 Alc-LI-FC Defines which Forwarding Class(es) (FCs) have to be mirrored
(example: Alc-LI-FC=ef). Attribute needs to be repeated for each FC
that needs to be mirrored. Values above the Limits are treated as a
setup failure and all FCs will be mirrored if attribute is omitted. Additional
Attributes above the Limits are silently ignored.
26-6527-125 Alc-LI-Direction Defines if ingress, egress or both traffic directions needs to be mirrored.
Both directions are mirrored if Attribute is omitted. Values above the
Limits are treated as a setup failure.
26-6527-137 Alc-Authentication-
Policy-Name
Used when clearing all radius li triggered sources from a mirror
destination via CoA ([26-6527-122 Alc-LI-Action = 'clear-dest-service').
The policy defined in this attribute is used to authenticate the CoA and
refers to configure subscriber-mgmt authentication-policy name.
The attribute is mandatory if the RADIUS CoA server is configured in
the authentication policy (configure subscriber-mgmt
authentication-policy policy-name radius-authentication-server).
The attribute is ignored if the RADIUS CoA server is configured in the
radius-server context of the routing instance (configure router |
service vprn service-id radius-server). Values above the Limits or
unreferenced policies are treated as a setup failure.
To Next Page
Loading...
