Cisco Cisco IOS Software Release 12.4(22)XR
163
Cisco Packet Data Serving Node Release 5.5 for Cisco IOS Release 12.4(22)XR9
OL-19026-02
Lawful Intercept Processing
•
If neither of the CLID feature or the cdma pdsn nai non-unique command needs to be enabled,
then the already existing NAI type TAP needs to be removed before enabling this feature. After
enabling this feature, any modification of the existing TAP is not allowed.
then the already existing NAI type TAP needs to be removed before enabling this feature. After
enabling this feature, any modification of the existing TAP is not allowed.
•
The provisioning of TAP with IMSI type will fail if the IMSI length is other than 10 if the IMSI MIN
Equivalence feature is enabled. If this feature needs to be enabled, then the already existing TAP
needs to be removed first before enabling this feature
Equivalence feature is enabled. If this feature needs to be enabled, then the already existing TAP
needs to be removed first before enabling this feature
•
Each Mobility Stream should have a unique subscriber id, (cmtapStreamSubscriberID). For
example, the following case is invalid due to identical subscriber ids: a MDN based TAP with the
subscriber id 123456789110001 and an Imsi based TAP with the subscriber id 23456789110001.
example, the following case is invalid due to identical subscriber ids: a MDN based TAP with the
subscriber id 123456789110001 and an Imsi based TAP with the subscriber id 23456789110001.
•
Li max capacity limitation:
–
The maximum number of MD entries is 200.
–
The maximum number of Generic Stream entries is 20000.
–
The maximum number of Mobility Stream entries is 20000.
•
As per the lawful intercept requirement, traffic TAP support should be there for at least 0.25% of
subscribers.So the maximum number of subscribers to be enabled with tapping per TCOP in PDSN
is 0.25% of 35000 = 0.0025 * 35000 = 87.5 (88). If the user and tap association goes beyond the
supported value, i,e 88 per TCOP, it may impact the performance of the box.
subscribers.So the maximum number of subscribers to be enabled with tapping per TCOP in PDSN
is 0.25% of 35000 = 0.0025 * 35000 = 87.5 (88). If the user and tap association goes beyond the
supported value, i,e 88 per TCOP, it may impact the performance of the box.
Creating a Restricted SNMP View of Lawful Intercept MIBs
To create and assign users to an SNMP view that includes the Cisco lawful intercept MIBs, perform the
following procedure at the CLI, in global configuration mode with level-15 access rights. For command
examples, see the
following procedure at the CLI, in global configuration mode with level-15 access rights. For command
examples, see the
Note
The command syntax in the following steps includes only those keywords required to perform
each task. For details on command syntax, see the documents listed in the previous section
(
each task. For details on command syntax, see the documents listed in the previous section
(
).
Step 1
Make sure that SNMPv3 is configured on the PDSN. For instructions, see the documents listed in the
.
Step 2
Create an SNMP view that includes the CISCO-TAP2-MIB (where view_name
is the name of the view
to create for the MIB). This MIB is required for both regular and broadband lawful intercept.
Router(config)# snmp-server view view_name ciscoTap2MIB included
Step 3
Add the following MIB to the SNMP view to configure support for wiretaps on mobility gateway streams
(where view_name
(where view_name
is the name of the view you created in Step
).
Router(config)# snmp-server view view_name ciscoMobilityTapMIB included
Step 4
Create an SNMP user group (groupname) that has access to the lawful intercept MIB view and define
the group’s access rights to the view.
the group’s access rights to the view.
Router(config)# snmp-server group groupname v3 auth read view_name write view_name
notify
notify-view
Step 5
Add users to the user group you just created (where username is the user, groupname is the user group,
and auth_password is the authentication password):
and auth_password is the authentication password):
Router(config)# snmp-server user username groupname v3 auth md5 auth_password