In this section:
The SBC Core platforms support Lawful Intercept (LI) functionality using one of the following solutions: The SBC works in conjunction with the Intercept Server as well as the ERE and EMA (or an external PSX and RAMP) to provide call data and call content to law enforcement agencies for calls involving identified intercept subjects. When it receives matching LI criteria in a policy response from the ERE (or PSX), the SBC routes the call as directed and additionally reports call events to the Intercept Server. It also sends media stream (call content) to an IP address provided by the Intercept Server. The SBC supports four types of LI: In order to intercept media packets, ensure RAMP is either the same or a higher version as that of the SBC and PSX platforms. The following table describes the Call Data Channel (CDC) configuration information required to distinguish between Default LI, IMS LI, and PCSI (P-Com.Session-Info) LI, and PacketCable 2.0 LI. It also lists the types of LI supported on different platforms: LI Types and Supported Platforms Supported Audio,Video and T140LI Type CDC Configuration Platforms Routing Policy LI Interface Streams Supported Intercept Standard Vendor Id D-SBC SBC SWe/SBC 7000 External PSX ERE X1 X2 X3 D-SBC SBC SWe/SBC 7000 Legacy LI (default) PacketCable, PacketCablePlusEtsi None/Utimaco/Verint Supported Supported Supported SOAP UDP Audio Only Audio only PCSI LI PacketCable Ss8 Supported Supported Supported Not Supported TLS Not Supported Audio, Video and T140 IMS LI 3gpp/etsi Verint/utimaco/none/GroupTwoThousand Supported Supported Supported Supported SOAP Audio Only All Streams PacketCable 2.0 PacketcableVTwo none/atos Not Supported Supported Supported Supported SOAP Not Supported Audio, Video
The SBC CNe does not support multiple Mediation Servers. However, this feature is supported with a single mediation server.
The RAMP supports the Df Group Name field to differentiate the targets from different regions in the X1 interface.
Each country has its own Law Enforcement Agency (LEA) and provisions the targets independently. CALEA deployments share a single RAMP and PSX Primaries. If multiple PSX primaries exist, the RAMP distributes the LI information to all of them.
The admin must first create a user "calea" on the SBC before attempting LI provisioning. Create a CALEA user, by executing the following command: View the CALEA user status, by executing the following command:Creating CALEA Users Through CLI
Create a CALEA User
% set oam localAuth user calea group Calea
commit
You will see a system-generated password. Use this password when you log on to CALEA user for the first time.View the CALEA User Status From CLI
> show status oam localAuth userStatus
userStatus admin {
currentStatus Enabled;
userId 3000;
}
userStatus calea {
currentStatus Enabled;
userId 3329;
}
[ok]
Modified: for 12.1.2
The SBC is enhanced to support multiple CALEA users to align with RAMP. This allows "calea" users from different countries to push their targets to the respective X1 interfaces. Startset oam localAuth user calea group Calea
set oam localAuth user calea1 group Calea
set oam localAuth user calea2 group Calea
commit
For additional feature functionality, refer to Multi-Country LI for VoLTE IMS.
You do not need to create a CALEA user for RAMP registered D-SBC setups.
Select Calea from the Role drop-down menu.
Click Save.
The CALEA user saves with a temporary password, which appears in the Create User panel. Record the temporary password.
A prompt to create a new password appears. Enter and confirm the new password.
Click Sign In.
Modified: for 12.1.2
In the User field, enter a username for the new calea user you are creating.
The following user-naming rules apply:
Usernames can contain a maximum of 23 characters.
The following names are not allowed:
tty disk kmem dialout fax voice cdrom floppy tape sudo audio dip src utmp video sasl plugdev staff users nogroup i2c dba operator |
Click Save. A temporary password is provided for the user to initially log in and create a new password.
The access permission, role, and account-related information can be modified for an existing user. You cannot edit the name of the user, but you can modify the following settings. See Create a 'calea' User above for descriptions of the options.