Cisco Cisco IOS Software Release 12.2(27)SBC
RADIUS-Based Lawful Intercept
How to Configure RADIUS-Based Lawful Intercept
7
Cisco IOS Security Configuration Guide
Step 7
radius-server attribute 44
include-in-access-req
Example:
Router(config)# radius-server attribute 44
include-in-access-req
(Optional) Sends RADIUS attribute 44 (Accounting
Session ID) in access request packets before user
authentication (including requests for preauthentication.
Session ID) in access request packets before user
authentication (including requests for preauthentication.
Note
We recommend that you enter this command to
obtain attribute 44 from the Access-Request packet;
otherwise, you will have to wait for the accounting
packets to be received before you can determine the
value of attribute 44.
obtain attribute 44 from the Access-Request packet;
otherwise, you will have to wait for the accounting
packets to be received before you can determine the
value of attribute 44.
Step 8
radius-server host
{hostname | ip-address}
[auth-port port-number][acct-port port-number]
[timeout seconds][retransmit retries][key
string][alias {hostname | ip-address}]
Example:
Router(config)# radius-server host host1
(Optional) Specifies a RADIUS server host.
Step 9
aaa server radius dynamic-author
Example:
Router(config)# aaa server radius
dynamic-author
Configures a device (such as an Intelligent Service Gateway
[ISG]) as an AAA server to facilitate interaction with an
external policy server and enters dynamic authorization
local server configuration mode.
[ISG]) as an AAA server to facilitate interaction with an
external policy server and enters dynamic authorization
local server configuration mode.
Note
This command is optional if taps are always started
when a session starts. The command is required for
starting and stopping taps on existing sessions by
using CoA-Requests.
when a session starts. The command is required for
starting and stopping taps on existing sessions by
using CoA-Requests.
Step 10
client
ip-address
Example:
Router(config-locsvr-da-radius)# client
10.0.0.2
(Optional) Specifies a RADIUS client from which a device
will accept CoA-Request packets.
will accept CoA-Request packets.
Step 11
server-key
[0 | 7] word
Example:
Router(config-locsvr-da-radius)# server-key
cisco
(Optional) Configures the RADIUS key to be shared
between a device and RADIUS clients.
between a device and RADIUS clients.
Step 12
port
port-number
Example:
Router(config-locsvr-da-radius)# port 1600
(Optional) Specifies a RADIUS client from which a device
will accept CoA-Request packets.
will accept CoA-Request packets.
Step 13
exit
Example:
Router(config-locsvr-da-radius)# exit
Exits dynamic authorization local server configuration
mode and returns to global configuration mode.
mode and returns to global configuration mode.
Command or Action
Purpose