Cisco Cisco IOS Software Release 12.4(22)XR
161
Cisco Packet Data Serving Node Release 5.5 for Cisco IOS Release 12.4(22)XR9
OL-19026-02
Lawful Intercept Processing
5.
When the lawful intercept expires or is explicitly removed, the router stops intercepting the target’s
traffic.
traffic.
Lawful Intercept MIBs
To perform lawful intercept, the PDSN uses the following MIBs:
•
CISCO-TAP2-MIB—The CISCO-TAP2-MIB contains SNMP management objects that control
lawful intercepts on the router. The mediation device uses the MIB to configure and run lawful
intercepts on targets whose traffic passes through the router. The MIB is bundled with Cisco
software images that support lawful intercept.
lawful intercepts on the router. The mediation device uses the MIB to configure and run lawful
intercepts on targets whose traffic passes through the router. The MIB is bundled with Cisco
software images that support lawful intercept.
The CISCO-TAP2-MIB contains several tables that provide information for lawful intercepts that
are running on the router:
are running on the router:
–
cTap2MediationTable—Contains information about each mediation device that is currently
running a lawful intercept on the router. Each table entry provides information that the router
uses to communicate with the mediation device (for example, the device’s address, the
interfaces to send intercepted traffic over, and the protocol to transmit the intercepted traffic).
running a lawful intercept on the router. Each table entry provides information that the router
uses to communicate with the mediation device (for example, the device’s address, the
interfaces to send intercepted traffic over, and the protocol to transmit the intercepted traffic).
–
cTap2StreamTable—Contains information used to identify the traffic to intercept. Each table
entry contains a pointer to a filter that is used to identify the traffic stream associated with the
target of a lawful intercept. Traffic that matches the filter is intercepted, copied, and sent to the
corresponding mediation device application (cTap2MediationContentId).
entry contains a pointer to a filter that is used to identify the traffic stream associated with the
target of a lawful intercept. Traffic that matches the filter is intercepted, copied, and sent to the
corresponding mediation device application (cTap2MediationContentId).
–
cTap2DebugTable—Contains debug information for troubleshooting lawful intercept errors.
–
CTap2DebugUserEntry--lists information of all the users configured in the system who are
given permission by different Mediation Devices to access Lawful Intercept CLIs
given permission by different Mediation Devices to access Lawful Intercept CLIs
The CISCO-TAP2-MIB also contains several SNMP notifications for lawful intercept events. For
detailed descriptions of MIB objects, see the MIB itself.
detailed descriptions of MIB objects, see the MIB itself.
•
CISCO-MOBILITY-TAP-MIB—The CISCO-MOBILITY-TAP-MIB contains the SNMP
management objects to configure and execute wiretaps on mobility gateway traffic.
management objects to configure and execute wiretaps on mobility gateway traffic.
The CISCO-MOBILITY-TAP-MIB contains the cmtapStreamTable (the Mobility Stream table) that
lists the data streams to be intercepted. The same data stream might be required by multiple taps.
This table essentially provides options for packet selection, only some of which might be used. For
example, if all of the traffic to or from a subscriber is to be intercepted, an entry listing would be
configured listing the SubscriberID along with the SubscriberIDType corresponding to the stream
to be intercepted. (More details can be found in CISCO-MOBILITY-TAP-MIB.)
lists the data streams to be intercepted. The same data stream might be required by multiple taps.
This table essentially provides options for packet selection, only some of which might be used. For
example, if all of the traffic to or from a subscriber is to be intercepted, an entry listing would be
configured listing the SubscriberID along with the SubscriberIDType corresponding to the stream
to be intercepted. (More details can be found in CISCO-MOBILITY-TAP-MIB.)
Steps to Setup Lawful Intercept
The admin function (running on the mediation device) issues SNMPv3 set and get requests to the
router’s CISCO-TAP2-MIB to set up and initiate a lawful intercept. To do this, the admin function
performs the following actions:
router’s CISCO-TAP2-MIB to set up and initiate a lawful intercept. To do this, the admin function
performs the following actions:
a.
Creates a cTap2MediationTable entry to define how the router is to communicate with the mediation
device executing the intercept.
device executing the intercept.
Note
The cTap2MediationNewIndex object provides a unique index for the mediation table entry.
b.
Creates an entry in the cTap2StreamTable to identify the traffic stream to intercept.