Juniper routers can generate and send flow records to a management server. This feature allows the administrator to monitor all the traffic that flows through the router, giving him a better picture of the users’ behavior and also enabling every connection originated or destined to that particular autonomous system to be recorded for compliance requirements.
This article shows how to configure a Juniper router to authenticate users on a RADIUS server.
1. Configure the router with the RADIUS server information:
[edit system] set system radius-server 10.0.12.1 port 1812 set system radius-server 10.0.12.1 secret yourpassword set system radius-server 10.0.12.1 timeout 5 set system radius-server 10.0.12.1 retry 3 set system radius-server 10.0.12.1 source-address 192.168.120.4
In this case, the RADIUS server is with the IP address of 10.0.12.1, UDP port 1812.
This article explains how to add new Netflow listeners to Cacti. By default, Cacti is not able to show Netflow reports. So, to follow the steps in this article, the Flowview plugin have to be installed on Cacti.
1. Configure Cacti server to receive and store the netflow files adding the lines shown below, one line for each router:
vi /etc/flow-tools/flow-capture.conf -V 5 -w /var/flow/ABC-Router -n 275 -N 3 -E500M 0/0/3001 -V 5 -w /var/flow/DEF-Router -n 275 -N 3 -E500M 0/0/3002 -V 5 -w /var/flow/GHI-Router -n 275 -N 3 -E500M 0/0/3003 -V 5 -w /var/flow/JKL-Router -n 275 -N 3 -E500M 0/0/3004 -V 5 -w /var/flow/MNO-Router -n 275 -N 3 -E500M 0/0/3005 -V 5 -w /var/flow/PQR-Router -n 275 -N 3 -E500M 0/0/3006 -V 5 -w /var/flow/STU-Router -n 275 -N 3 -E500M 0/0/3007 -V 5 -w /var/flow/VWX-Router -n 275 -N 3 -E500M 0/0/3008 -V 5 -w /var/flow/XYZ-Router -n 275 -N 3 -E500M 0/0/3009