Cisco Cisco IOS Software Release 12.2(33)XNE
2-23
Cisco 10000 Series Router Lawful Intercept Configuration Guide
OL-3426-03
Chapter 2 Configuring Lawful Intercept Support
Configuration Notes
Configuration Notes
For the router to communicate with the mediation device to execute a lawful intercept, the following
configuration requirements must be met:
configuration requirements must be met:
•
The domain name for both the router and the mediation device must be registered in the Domain
Name System (DNS).
Name System (DNS).
•
In DNS, the router IP address is typically the address of the FastEthernet0/0/0 interface on the router.
•
The mediation device must have an access function (AF) and an access function provisioning
interface (AFPI).
interface (AFPI).
•
You must add the mediation device to the SNMP user group that has access to the
CISCO-TAP2-MIB view. Specify the username of the mediation device as the user to add to the
group.
CISCO-TAP2-MIB view. Specify the username of the mediation device as the user to add to the
group.
When you add the mediation device as a CISCO-TAP2-MIB user, you can include the mediation
device’s authorization password if you want. The password must be at least eight characters in
length.
device’s authorization password if you want. The password must be at least eight characters in
length.
Accessing the Lawful Intercept MIBs
Due to its sensitive nature, the Cisco Lawful Intercept MIBs are only available in software images that
support the lawful intercept feature. These MIBs are not accessible through the Network Management
Software MIBs Support page (
support the lawful intercept feature. These MIBs are not accessible through the Network Management
Software MIBs Support page (
).
Restricting Access to the Lawful Intercept MIBs
Only the mediation device and users who need to know about lawful intercepts should be allowed to
access the Lawful Intercept MIBs. To restrict access to these MIBs, you must:
access the Lawful Intercept MIBs. To restrict access to these MIBs, you must:
1.
Create a view that includes the Cisco Lawful Intercept MIBs.
2.
Create an SNMP user group that has read and write access to the view. Only users assigned to this
user group can access information in the MIBs.
user group can access information in the MIBs.
3.
Add users to the Cisco Lawful Intercept user groups to define who can access the MIBs and any
information related to lawful intercepts. Be sure to add the mediation device as a user in this group;
otherwise, the router cannot perform lawful intercepts.
information related to lawful intercepts. Be sure to add the mediation device as a user in this group;
otherwise, the router cannot perform lawful intercepts.
Note
Access to the CISCO-TAP2-MIB view should be restricted to the mediation device and to
system administrators who need to be aware of lawful intercepts on the router. To access the
MIB, users must have level-15 access rights on the router.
system administrators who need to be aware of lawful intercepts on the router. To access the
MIB, users must have level-15 access rights on the router.
Configuring SNMPv3
To perform the following procedures, SNMPv3 must be configured on the router. For information about
how to configure SNMPv3, and for detailed information about the commands described in the sections
that follow, see the following Cisco documents:
how to configure SNMPv3, and for detailed information about the commands described in the sections
that follow, see the following Cisco documents: