Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
Packet Data Interworking Function Overview
Features and Functionality - Licensed Enhanced Feature Support ▀
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
3GPP TS 33.107 V6.2.0 (2004-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful interception architecture and functions (Release 6)
Technical Directive: Requirements for implementing statutory telecommunications interception measures (TR
TKÜ), Version 4.0
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of a particular target. The
target is identified by information such as their Mobile Station Integrated Services Digital Network (MSISDN) number,
or their International Mobile Subscriber Identification (IMSI) number.
target is identified by information such as their Mobile Station Integrated Services Digital Network (MSISDN) number,
or their International Mobile Subscriber Identification (IMSI) number.
Once the target has been identified, the system, functioning as either a GGSN or HA, serves as an Access Function (AF)
and performs monitoring for both new PDP contexts or PDP contexts that are already in progress. While monitoring, the
system intercepts and duplicates Content of Communication (CC) and/or Intercept Related Information (IRI) and
forwards it to a Delivery Function (DF) over an extensible, proprietary interface. Note that when a target establishes
multiple, simultaneous PDP contexts, the system intercepts CC and IRI for each of them. The DF, in turn, delivers the
intercepted content to one or more Collection Functions (CFs).
and performs monitoring for both new PDP contexts or PDP contexts that are already in progress. While monitoring, the
system intercepts and duplicates Content of Communication (CC) and/or Intercept Related Information (IRI) and
forwards it to a Delivery Function (DF) over an extensible, proprietary interface. Note that when a target establishes
multiple, simultaneous PDP contexts, the system intercepts CC and IRI for each of them. The DF, in turn, delivers the
intercepted content to one or more Collection Functions (CFs).
Diameter Authentication Failure Handling
Diameter EAP failure handling defines error handling for both Session Termination Requests and for EAP Requests.
Specific actions (continue, retry-and-terminate, or terminate) can be associated with each possible result-code. EAP
failure handling is flexible enough that wide ranges of result codes can be defined with the same action, or actions can
be bound on a per-result-code basis.
failure handling is flexible enough that wide ranges of result codes can be defined with the same action, or actions can
be bound on a per-result-code basis.
A failure does not necessarily mean a summary termination of a call.
The following configuration:
configures result codes 5001, 5002, 5004 and 5005 to mean the session could continue regardless of the error,
and
configures result code 5003 to mean terminate the session immediately.
In this scenario, the PDIF receives the DEA from an HSS with the failure code 5003 to terminate the IKE setup for the
session. The PDIF sends the IKE_AUTH Response containing a Notify Payload with the type as AUTH_FAILED plus
the EAP payload if one was received in the DEA.
session. The PDIF sends the IKE_AUTH Response containing a Notify Payload with the type as AUTH_FAILED plus
the EAP payload if one was received in the DEA.
When the PDIF received the last DEA message with AVPs that are not in the dictionary, and with the M-bit set to 1, the
PDIF disconnects the session.
PDIF disconnects the session.
Important:
Refer to Configuring Diameter Authentication Failure Handling in the AAA Interface Administration
and Reference and the Command Line Interface Reference for more information.