Lawful Intercept; Table 35: Lawful Intercept (Description) - Alcatel-Lucent 7750 Reference Manual

Lawful Intercept

Table 35: Lawful Intercept (description)

Attribute ID Attribute Name
26-6527-122 Alc-LI-Action
26-6527-123 Alc-LI-Destination
26-6527-124 Alc-LI-FC
26-6527-125 Alc-LI-Direction
26-6527-137 Alc-Authentication-
Policy-Name
26-6527-138 Alc-LI-Intercept-Id
7750 SR RADIUS Attributes Reference Guide
Defines the traffic mirroring action start-mirroring 'enable' or stop-mirroring
'disable'. The Alc-LI-Action 'no-action' specifies that the router does not
perform any traffic mirroring-related action. This setting can provide
additional security by confusing unauthorized users who attempt to access
traffic mirroring communication between the router and the RADIUS server.
The CoA-only 'clear-dest-service' Alc-LI-Action creates the ability to delete
all li-source entries from the mirror service defined via the Alc-LI-Destination
service-id. A 'clear-dest-service' action requires an additional [26-6527-137]
Alc-Authentication-Policy-Name if the CoA server is configured in the
authentication policy. Values outside the Limits are treated as a setup failure.
Specifies the <service-id> that holds the mirror details (configure mirror
mirror-dest <service-id>). Values above the Limits or unreferenced are
treated as a setup failure.
Defines which Forwarding Class(es) (FC's) have to be mirrored (example:
Alc-LI-FC=ef). Attribute needs to be repeated for each FC's that needs to be
mirrored. Values above the Limits are treated as a setup failure and all FC's
will be mirrored if attribute is omitted. Additional Attributes above the Limits
are silently ignored.
Defines if ingress, egress or both traffic directions needs to be mirrored. Both
directions are mirrored if Attribute is omitted. Values above the Limits are
treated as a setup failure.
Used when clearing all radius li triggered sources from a mirror destination
via CoA ([26-6527-122 Alc-LI-Action = 'clear-dest-service'). The policy
defined in this attribute is used to authenticate the CoA and refers to
configure subscriber-mgmt authentication-policy <name>. The attribute is
mandatory if the RADIUS CoA server is configured in the authentication
policy (config>subscr-mgmt>auth-plcy>radius-auth-server). The attribute
is ignored if the RADIUS CoA server is configured in the radius-server
context of the routing instance (config>router>radius-server or
config>service>vprn>radius-server). Values above the Limits or
unreferenced policies are treated as a setup failure.
Specifies the intercept-id to be placed in the LI-Shim header and only
applicable if the mirror-dest (as specified by the Alc-LI-Destination) is
configured with routable encap that contains the LI-Shim. A zero can be
returned in CoA or RADIUS Accept or the value of 0 is used if this VSA is
not present at all. The length of the attribute changes if the CLI parameter
direction-bit (dir-bit) under the mirror-dest layer-3-encap is enabled or not
(see limits).
RADIUS Attributes Reference
Description
Page 117