Cisco Cisco IOS Software Release 12.2(27)SBC

Errors are in the CoA-ACK packet attribute 101. Following are possible CoA-ACK settings that the 
Lawful Intercept feature can set:

401: Unsupported Attribute (There is a non-LI attribute, except for 44 which is allowed.)

402: Missing Attribute (One of the four LI attributes is missing.) 

404: Invalid Request (An LI attribute is malformed or duplicated.) 

501: Administratively Prohibited (AAA Intercept is not configured.) 

503: Session Context Not Found (Session does not exist.)

506: Resources Unavailable (Memory is low.) 

200: Success (There are no errors; the CoA-Request was accepted and acted on.) 

In each case, the RADIUS server must send CoA-Request packets (code 43) with the attributes identified 
in 

 plus the Acct-Session-ID attribute (attribute 44). Each of these attributes must be in the 

packet. 

The Acct-Session-ID attribute identifies the session that will be intercepted. The Acct-Session-ID 
attribute can be obtained from either the Access-Request packet or the Accounting-Stop packet by 
entering the radius-server attribute 44 include-in-access-req command. 

When a session is being tapped and the session terminates, the tap stops. The session does not start when 
the subscriber logs back in unless the Access-Accept indicates a start tap or a CoA-Request is sent to 
start the session. 

The frequency of CoA-Request packets should not exceed a rate of one request every 10 minutes.

This section contains the following procedure:

 (required)

To enable a RADIUS-Based Lawful Intercept solution on your router, perform the following steps. 

configure terminal

aaa intercept 

aaa authentication ppp {default | list-name} group radius 

aaa accounting network {default | list-name} start-stop group {radius | group-name}

radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] 
[timeout seconds] [retransmit retries] [key string] [alias {hostname | ip-address}]