| Attribute ID | Attribute name | Description |
|---|---|---|
|
26.6527.122 |
Alc-LI-Action |
Defines the traffic mirroring action start-mirroring 'enable' or stop-mirroring 'disable'. The Alc-LI-Action 'no-action' specifies that the router does not perform any traffic mirroring-related action. This setting can provide additional security by confusing unauthorized users who attempt to access traffic mirroring communication between the router and the RADIUS server. The CoA-only 'clear-dest-service' Alc-LI-Action creates the ability to delete all li-source entries from the mirror service defined using the Alc-LI-Destination service-id. A 'clear-dest-service' action requires an additional [26.6527.137] Alc-Authentication-Policy-Name if the CoA server is configured in the authentication policy. Values outside the Limits are treated as a setup failure. |
|
26.6527.123 |
Alc-LI-Destination |
Defines the LI destination which could be either the mirror destination service ID or the IP destination.
Note - The VSA Alc-LI-Action = 4 (clear-dest-service) can be used to delete the auto-generated mirror destination service identified by three parameters: ip-dst, udp-dst and routing instance. These parameters can be specified in the Alc-LI-Destination VSA. Missing parameters are obtained from the active radius mirror destination template (configure li radius mirror-dest-template name). All mirror destination services with any ip-src, udp-src, and direction-bit are deleted. A LI admin user can also clear the mirror destination service created from Radius with following CLI command: clear li radius mirror-dest svc-id. |
|
26.6527.124 |
Alc-LI-FC |
Defines which Forwarding Classes (FCs) should be mirrored (for example: Alc-LI-FC=ef). Attribute needs to be repeated for each FC that needs to be mirrored. Values above the Limits are treated as a setup failure and all FCs are mirrored if attribute is omitted. Additional attributes above the limits are silently ignored. |
|
26.6527.125 |
Alc-LI-Direction |
Defines if ingress, egress or both traffic directions needs to be mirrored. Both directions are mirrored if Attribute is omitted. Values above the Limits are treated as a setup failure. |
|
26.6527.137 |
Alc-Authentication-Policy-Name |
Used when clearing all RADIUS LI-triggered sources from a mirror destination using CoA ([26.6527.122] Alc-LI-Action = 'clear-dest-service'). The policy defined in this attribute is used to authenticate the CoA and refers to configure subscriber-mgmt authentication-policy name. The attribute is mandatory if the RADIUS CoA server is configured in the authentication policy (configure subscriber-mgmt authentication-policy name radius-authentication-server). The attribute is ignored if the RADIUS CoA server is configured in the radius-server context of the routing instance (configure router | service vprn service-id radius-server). Values above the Limits or unreferenced policies are treated as a setup failure. |
|
26.6527.138 |
Alc-LI-Intercept-Id |
Specifies the intercept-id to be placed in the LI-Shim header and only applicable if the mirror-dest (as specified by the [26.6527.123] Alc-LI-Destination attribute) is configured with routable encap that contains the LI-Shim (configure mirror mirror-dest service-id encap layer-3-encap ip-udp-shim). A zero can be returned in CoA or RADIUS Accept or the value of 0 is used if this VSA is not present at all. The length of the attribute changes if the CLI parameter direction-bit (dir-bit) under the mirror-dest service-id encap layer-3-encap is enabled. |
|
26.6527.139 |
Alc-LI-Session-Id |
Specifies the session-id to be placed in the LI-Shim header and only applicable if the mirror-dest (as specified by the [26.6527.123] Alc-LI-Destination attribute) is configured with routable encap that contains the LI-Shim (configure mirror mirror-dest service-id encap layer-3-encap ip-udp-shim). A zero can be returned in CoA or RADIUS Accept or the value of 0 is used if this VSA is not present at all. |
|
26.6527.243 |
Alc-LI-Use-Outside-Ip |
Defines if Lawful Intercept should be performed before or after NAT on a l2-aware NAT subscriber. If set to true (1), the lawful intercepted traffic contains the subscriber outside public IP address. If set to false (2), the lawful intercepted traffic contains the subscriber inside private IP address. |
| Attribute ID | Attribute name | Type | Limits | SR OS format |
|---|---|---|---|---|
|
26.6527.122 |
Alc-LI-Action |
integer |
[1 to 4] |
1=no-action, 2=enable, 3=disable, 4=clear-dest-service Note - Alc-LI-Action=clear-dest-service together with Alc-Authentication-Policy-Name attribute are only applicable in CoA For example: Alc-LI-Action = enable |
|
26.6527.123 |
Alc-LI-Destination |
string |
32 chars |
|
|
26.6527.124 |
Alc-LI-FC |
integer |
[0 to 7] values 8 attributes |
0=be, 1=l2, 2=af, 3=l1, 4=h2, 5=ef, 6=h1, 7=nc For example: # mirror forwarding class be, af and ef Alc-LI-FC += be Alc-LI-FC += af Alc-LI-FC += ef |
|
26.6527.125 |
Alc-LI-Direction |
integer |
[1 to 2] |
1=ingress, 2=egress For example: Alc-LI-Direction = ingress |
|
26.6527.137 |
Alc-Authentication-Policy-Name |
string |
32 chars |
For example: Alc-Authentication-Policy-Name = MyAuthenticationPolicy |
|
26.6527.138 |
Alc-LI-Intercept-Id |
integer |
29b with dir-bit 30b without dir-bit |
29b = [0 to 536870911] 30b = [0 to 1073741823] For example: Alc-LI-Intercept-Id = 1234 |
|
26.6527.139 |
Alc-LI-Session-Id |
integer |
[0 to 4294967295] ID |
For example: Alc-LI-Session-Id = 8888 |
|
26.6527.243 |
Alc-LI-Use-Outside-Ip |
integer |
[1 to 2] |
1=true, 2=false For example: Alc-LI-User-Outside-IP = 1 |
| Attribute ID | Attribute name | Access Request | Access Accept | CoA request | Encrypted |
|---|---|---|---|---|---|
|
26.6527.122 |
Alc-LI-Action |
0 |
1 |
1 |
✓ |
|
26.6527.123 |
Alc-LI-Destination |
0 |
1 |
1 |
✓ |
|
26.6527.124 |
Alc-LI-FC |
0 |
0+ |
0+ |
✓ |
|
26.6527.125 |
Alc-LI-Direction |
0 |
0-1 |
0-1 |
✓ |
|
26.6527.137 |
Alc-Authentication-Policy-Name |
0 |
0 |
0-1 |
|
|
26.6527.138 |
Alc-LI-Intercept-Id |
0 |
0-1 |
0-1 |
✓ |
|
26.6527.139 |
Alc-LI-Session-Id |
0 |
0-1 |
0-1 |
✓ |
|
26.6527.243 |
Alc-LI-Use-Outside-Ip |
0 |
0-1 |
0-1 |
✓ |