Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 176

Prerequisites for Implementing Lawful Intercept
Lawful intercept implementation also requires that the following prerequisites are met:
Provisioned router—The Cisco CRS-1 router must have already been provisioned. For
•
information, see Cisco IOS XR Getting Started Guide.
Tip
Understanding of SNMP Server commands in Cisco IOS XR software—Simple Network
•
Management Protocol, version 3 (SNMP v3), which is the basis for lawful intercept enablement, is
configured using commands described in the module SNMP Server Commands on
Cisco IOS XR Software in Cisco IOS XR System Management Command Reference. To implement
lawful intercept, you must understand how the SNMP server functions. For this reason, carefully
review the information described in the module Implementing SNMP on Cisco IOS XR Software in
Cisco IOS XR System Management Configuration Guide.
Lawful intercept must be explicitly disabled—It is automatically enabled on a provisioned router.
•
However, you should not disable LI if there is an active TAP in progress, because this deletes the
TAP.
Management plane configured to enable SNMPv3—Allows the management plane to accept
•
SNMP commands, so that they go to the interface (preferably, a loopback) on the router. This allows
the mediation device to communicate with a physical interface.
• VACM views enabled for SNMP server—View-based access control model (VACM) views must
be enabled on the router.
• Provisioned mediation device—For detailed information, see the vendor documentation associated
with your mediation device. For a list of mediation device equipment suppliers preferred by Cisco,
see http://www.cisco.com/wwl/regaffairs/lawful_intercept/index.html.
VoIP surveillance-specific requirements:
•
–
–
–
Data session surveillance-specific requirements:
•
–
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-170
Provisioning a loopback interface has advantages over other interface types for the purpose of
lawful intercept TAPs.
Lawful-intercept-enabled call agent—A lawful-intercept-enabled call agent must support
interfaces for communications with the mediation device (MD) to provide signaling information
for the target of interest to the MD. The MD extracts the source and destination IP addresses
and Real-Time Protocol (RTP) port numbers from the Session Description Protocol (SDP)
signaling information for the target of interest. It uses these to form an SNMPv3 SET, which is
sent to the router acting as the content Intercept Access Point (IAP) to provision the intercept
for the target of interest.
The mediation device uses the CISCO-TAP2-MIB to set up the communications between the
router acting as the content IAP and the MD.
The MD uses the CISCO-IP-TAP-MIB to set up the filter for the IP addresses and port numbers
to be intercepted and derived from the SDP.
Routers to be used for calls by the target number that have been provisioned for this purpose
through the MD
MD that has been provisioned with the target number to be intercepted
Routers to be used by the data target that have been provisioned for this purpose through the MD
Implementing Lawful Intercept on Cisco IOS XR Software
OL-20382-01