Cisco Cisco IOS Software Release 12.2(27)SBC
1-15
Cisco 10000 Series Router Lawful Intercept Configuration Guide
OL-3426-03
Chapter 1 Lawful Intercept Overview
Information About Lawful Intercept
•
In Cisco IOS Release 12.2(31)SB2 and later releases, lawful intercepts are supported when Routed
Bridged Encapsulation (RBE) is configured on the router (RFC 1483).
Bridged Encapsulation (RBE) is configured on the router (RFC 1483).
Layer 2 and Layer 3 Taps
The Lawful Intercept feature supports Layer 2 and Layer 3 taps.
•
Layer 2 taps—Session-based taps that intercept all traffic to and from the session regardless of its
Layer 3 content. Layer 2 taps are configured via SNMPv3 provisioning and RADIUS-based lawful
intercepts. Layer 2 taps use the CISCO-TAP2-MIB and CISCO-USER-CONNECTION-TAP-MIB.
Layer 3 content. Layer 2 taps are configured via SNMPv3 provisioning and RADIUS-based lawful
intercepts. Layer 2 taps use the CISCO-TAP2-MIB and CISCO-USER-CONNECTION-TAP-MIB.
•
Layer 3 taps—Intercepts at the IP layer that are accessible via SNMPv3 provisioning. Layer 3 taps
use the CISCO-TAP2-MIB and CISCO-IP-TAP-MIB.
use the CISCO-TAP2-MIB and CISCO-IP-TAP-MIB.
For additional information on Layer 2 and Layer 3 taps, refer to
.
SNMPv3 Provisioning Lawful Intercept
SNMPv3 provisioning lawful intercept requests are initiated by the mediation device via SNMPv3
messages, and all traffic data going to or from a given IP address or session is passed to a mediation
device. SNMPv3 provisioning uses the following lawful intercept MIBs:
messages, and all traffic data going to or from a given IP address or session is passed to a mediation
device. SNMPv3 provisioning uses the following lawful intercept MIBs:
•
CISCO-TAP2-MIB
•
CISCO-IP-TAP-MIB
•
CISCO-USER-CONNECTION-TAP-MIB
RADIUS-Based Lawful Intercept
A RADIUS-based lawful intercept solution enables intercept requests to be sent (via Access-Accept
packets or CoA-Request packets) to the NAS or to the LAC from the RADIUS server. All traffic data
going to or from a PPP or L2TP session is passed to a mediation device. Another advantage of
RADIUS-based lawful intercept is the synchronicity of the solution—the tap is set with Access-Accept
packets so that all target traffic is intercepted.
packets or CoA-Request packets) to the NAS or to the LAC from the RADIUS server. All traffic data
going to or from a PPP or L2TP session is passed to a mediation device. Another advantage of
RADIUS-based lawful intercept is the synchronicity of the solution—the tap is set with Access-Accept
packets so that all target traffic is intercepted.
For more information about RADIUS-Based Lawful Intercept, see the
located at the following URL:
CALEA for Voice
The Communications Assistance for Law Enforcement Act (CALEA) for Voice feature allows the lawful
interception of voice conversations that are running on voice over IP (VoIP). Although the Cisco 10000
series router is not a voice gateway device, VoIP packets traverse the router at the edge of the service
provider’s network. CALEA for Voice is one component of a complete lawful intercept solution,
consisting of external monitoring and non-Cisco management devices.
interception of voice conversations that are running on voice over IP (VoIP). Although the Cisco 10000
series router is not a voice gateway device, VoIP packets traverse the router at the edge of the service
provider’s network. CALEA for Voice is one component of a complete lawful intercept solution,
consisting of external monitoring and non-Cisco management devices.
When an approved government agency determines that a telephone conversation is interesting, CALEA
for Voice copies the IP packets comprising the conversation and sends the duplicate packets to the
appropriate monitoring device for further analysis. Neither the network administrator nor the calling
parties is aware that packets are being copied or that the call is being snooped.
for Voice copies the IP packets comprising the conversation and sends the duplicate packets to the
appropriate monitoring device for further analysis. Neither the network administrator nor the calling
parties is aware that packets are being copied or that the call is being snooped.