Cisco Cisco IOS Software Release 12.2(33)SB
2-25
Cisco 10000 Series Router Lawful Intercept Configuration Guide
OL-3426-03
Chapter 2 Configuring Lawful Intercept Support
Enabling SNMP Notifications for Lawful Intercept
Configuration Example
The following commands show an example of how to enable the mediation device to access the Lawful
Intercept Tap MIBs. Note that the snmp-server group command format is for a router with a PRE2 card.
Intercept Tap MIBs. Note that the snmp-server group command format is for a router with a PRE2 card.
Router(config)# snmp-server view tapV cTap2MIB included
Router(config)# snmp-server group tapGrp v3 noauth read tapV write tapV notify tapV
Router(config)# snmp-server user ss8user tapGrp v3 auth md5 ss8passwd
Router(config)# snmp-server engineID local engineid-string
1.
Create a view (tapV) that includes the CISCO-TAP2-MIB.
2.
Create a user group (tapGrp) that has read, write, and notify access to MIBs in the tapV view.
3.
Add the mediation device (ss8user) to the user group, and specify MD5 authentication with a
password (ss8passwd).
password (ss8passwd).
4.
(Optional) Assign a 24-character SNMP engine ID to the router for administration purposes. If you
do not specify an engine ID, one is automatically generated. Note that changing an engine ID has
consequences for SNMP user passwords and community strings.
do not specify an engine ID, one is automatically generated. Note that changing an engine ID has
consequences for SNMP user passwords and community strings.
Enabling SNMP Notifications for Lawful Intercept
SNMP automatically generates notifications for lawful intercept events (see
). This is because
the default value of the cTap2MediationNotificationEnable object is true(1).
To configure the router to send lawful intercept notifications to the mediation device, issue the following
CLI commands in global-configuration mode with level-15 access rights (where
CLI commands in global-configuration mode with level-15 access rights (where
MD-ip-address
is the
IP address of the mediation device and
community-string
is the password-like community string to send
with the notification request):
Router(config)# snmp-server host MD-ip-address community-string udp-port 161 snmp
Router(config)# snmp-server enable traps snmp authentication linkup linkdown coldstart
warmstart
•
For lawful intercept, udp-port must be 161 and not 162 (the SNMP default).
•
The second command configures the router to send RFC 1157 notifications to the mediation device.
These notifications indicate authentication failures, link status (up or down), and router restarts.
These notifications indicate authentication failures, link status (up or down), and router restarts.
Table 2-2
SNMP Notifications for Lawful Intercept Events
Notification
Meaning
cTap2MIBActive
The router is ready to intercept packets for a traffic
stream configured in the CISCO-TAP2-MIB.
stream configured in the CISCO-TAP2-MIB.
cTap2MediationTimedOut
A lawful intercept was terminated (for example,
because cTap2MediationTimeout expired).
because cTap2MediationTimeout expired).
cTap2MediationDebug
Intervention is required for events related to
cTap2MediationTable entries.
cTap2MediationTable entries.
cTap2StreamDebug
Intervention is required for events related to
cTap2StreamTable entries.
cTap2StreamTable entries.
cTap2Switchover
A redundant, active route processor (RP) is going
into standby mode and the standby is the active RP.
into standby mode and the standby is the active RP.