LI can be triggered for a DSM UE LI via CLI or RADIUS, and is performed post-NAT. Only routable encaps (IP/UDP/LI-shim) and IP-only mirror-dest are supported. A maximum of 2K DSM UEs per-chassis can be under LI simultaneously. LI mirror dest (service in which mirrored packets are injected) along with other required mirror information (mirror-dest type, encapsulation-type, ip-udp-shim, and encapsulation information, IP and UDP header information) is configurable. A DSM UE identified by its MAC address can be associated with the mirror destination (service in which mirrored packets for the host are injected) via the li-source command. For routable encapsulation (IP/UDP/LI-Shim), the session-id and transaction-id to be inserted in the LI-Shim are configured under li-source.
A:Dut-1>config>mirror# info
----------------------------------------------
mirror-dest 60000 type ip-only create
encap
layer-3-encap ip-udp-shim create
gateway create
ip src 1.1.1.1 dest 2.2.2.2
udp src 2048 dest 2049
exit
exit
exit
no shutdown
exit
----------------------------------------------
A:Dut-1>config>li# info
----------------------------------------------
li-source 60000
wlan-gw
dsm-subscriber mac 00:00:00:07:02:03
intercept-id 10000
session-id 20000
exit
exit
no shutdown
exit
LI can be enabled or disabled from RADIUS via inclusion of the Alc-LI-Action VSA in access-accept or COA. The Alc-LI-Destination VSA is required to indicate the mirror-dest service that the DSM UE under LI is associated with. The Intercept-Id and Session-Id for a DSM UE can be provided from RADIUS access-accept or COA via inclusion of Alc-LI-Intercept-Id and Alc-LI-Session-Id VSAs. These LI related VSAs are described in the 7450 ESS, 7750 SR, and VSR RADIUS Attributes Reference Guide.
Information for a specific li-source and its associated mirror-dest can be shown via CLI.