Cisco Cisco Packet Data Gateway (PDG)
System Security
Encrypted SNMP Community Strings ▀
ASR 5500 System Administration Guide, StarOS Release 18 ▄
107
Encrypted SNMP Community Strings
Simple Network Management Protocol (SNMP) uses community strings as passwords for network elements. Although
these community strings are sent in clear-text in the SNMP PDUs, the values can be encrypted in the configuration file.
these community strings are sent in clear-text in the SNMP PDUs, the values can be encrypted in the configuration file.
The snmp community encrypted name command enables the encryption of SNMP community strings. For additional
information, see the Global Configuration Mode Commands chapter in the Command Line Interface Reference.
information, see the Global Configuration Mode Commands chapter in the Command Line Interface Reference.
Lawful Intercept Restrictions
This section describes some of the security features associated with the provisioning of Lawful Intercept (LI). For
additional information, refer to the Lawful Intercept Configuration Guide.
additional information, refer to the Lawful Intercept Configuration Guide.
LI Server Addresses
An external authenticating agent (such as RADIUS or Diameter) sends a list of LI server addresses as part of access-
accept. For any intercept that was already installed or will be installed for that subscriber, a security check is performed
to match the LI server address with any of the LI-addresses that were received from the authenticating agent. Only those
addresses that pass this criteria will get the intercepted information for that subscriber.
accept. For any intercept that was already installed or will be installed for that subscriber, a security check is performed
to match the LI server address with any of the LI-addresses that were received from the authenticating agent. Only those
addresses that pass this criteria will get the intercepted information for that subscriber.
While configuring a campon trigger, the user will not be required to enter the destination LI server addresses. When a
matching call for that campon trigger is detected, a security check is done with the list received from the authentication
agent. The LI-related information is only forwarded if a matching address is found.
matching call for that campon trigger is detected, a security check is done with the list received from the authentication
agent. The LI-related information is only forwarded if a matching address is found.
When an active-only intercept is configured, if a matching call is found, a security check is made for the LI address
received from the authentication agent and the intercept configuration will be rejected.
received from the authentication agent and the intercept configuration will be rejected.
If no information related to LI server addresses is received for that subscriber, LI server addresses will not be restricted.
Important:
A maximum of five LI server addresses are supported via an authenticating agent.
Modifying Intercepts
One LI administrator can access and/or modify the intercepts created by another LI administrator. Whenever an
intercept is added, removed or modified, an event log is displayed across LI administrators about the change. An SNMP
trap is also generated.
intercept is added, removed or modified, an event log is displayed across LI administrators about the change. An SNMP
trap is also generated.