You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Back to Table of Contents

Back to CLI Configure Mode

Back to Address Context - CLI

In this section:

Related articles:

Note

Not applicable to the SBC Software Edition.

When configuring LI through EMA/ERE, you must be 'Calea' user. See "Default Accounts and Passwords" for descriptions of users and permissions.


The

Unable to show "metadata-from": No such page "_space_variables"
provides Lawful Intercept (LI) support using one of two methods:

  • Using ERE with provisioning support from EMA (license required).
  • Using centralized PSX with provisioning support from EMS (license required).

The 

Unable to show "metadata-from": No such page "_space_variables"
supports up to 500 simultaneous LI sessions. 
Unable to show "metadata-from": No such page "_space_variables"
works in coordination with an Intercept Server (IS) to provide call data and call content to law enforcement agencies for calls involving identified intercept subjects. When it receives matching LI criteria in a policy response from ERE (or external PSX in centralized PSX solution), the 
Unable to show "metadata-from": No such page "_space_variables"
routes the call as directed and additionally reports call events to the IS.

The 

Unable to show "metadata-from": No such page "_space_variables"
also sends an RTP copy of the call's voice streams (call content) to an IP address provided by the IS. LI is configured by EMA (or EMS in centralized PSX solution). The target number is uploaded to LI table of ERE (or PSX, with the help of EMS).

You can configure the LI using only the default AddressContext.

See Lawful Intercept page for an in-depth explanation of LI functionality.

Note

The SBC 52x0 and SBC 7000 systems support creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.

(This ability does not apply to the SBC 51x0 and SBC 5400 systems which have only two physical media ports. IP interfaces from the two physical ports may be configured within the same IP Interface Groups without restriction.)

For complete details, refer to Configuring IP Interface Groups and Interfaces.

Command Syntax

As user 'Calea', use the following command syntax to configure LI.

% set addressContext <default> intercept 
   callDataChannel <callDataChannel> 
   nodeNumber <integer>

As user 'Calea', use the following command to establish the LI call data channel configuration:

Call Data Channel Syntax
% set addressContext <default> intercept callDataChannel <callDataChannel_name>
	TCPMediaTransport
		tcpMediaIpAddress <tcp media ip address>
		tcpMediaPort <0-65535>
	UDPMediaTransport
		udpMediaIpAddress <udp media ip address>
		udpMediaPort <0-65535>
	dsrTcpPort <0-65535>
	interceptStandard < etsi | packetcable | threeGpp>
	ipInterfaceGroupName <ipInterfaceGroup_Name> 
	mediationServer  (See "Mediation Server Syntax" below)
	kaTimer <kaTimer_name>
	liPolDipForRegdOodMsgs <disabled | enabled>
	mediaTypeIntercepted <default | multimedia>
	priIpAddress <value> 
	priMode <outofservice | standby> 
	priPort <priPort_name> 
	priState <disabled | enabled> 
	retries <value>
	rtcpInterception <disabled | enabled>
	secIpAddress <IP_Address> 
	secMode <active | outofservice | standby> 
	secState <disabled | enabled>
	vendorId <none | ss8 | utimaco | verint>

As user 'Calea', use the following command syntax to configure the Mediation Server.

Mediation Server Syntax
% set addressContext <addressContext name> intercept callDataChannel <CDC name> mediationServer <mediationServer name>
	media <tcp | udp>
	signaling
		dscpValue <0-63>
		ipAddress <IPv4/IPv6 address>
		mode <inService | outOfService>
		portNumber <0-65535>
		protocolType <tcp | udp>
		state <disabled | enabled> 

As user 'Calea', use the following command in System-level mode to retrieve the LI statistics:

> show status addressContext <addressContext name> intercept

Command Parameters

Intercept Parameters

Intercept Parameters

Parameter

Length/Range

Description

CallDataChannel

1-23

The user-configurable LI Call Data Control Channel name.

(See Call Data Channel Parameters table below for parameter details)

nodeNumber

0-9999999

The unique global node number to assign to the 

Unable to show "metadata-from": No such page "_space_variables"
which is used by the LI server for identification purposes.

Call Data Channel (CDC) Parameters

The parameter mediaTypeIntercepted must be set to "multimedia" in order to access TCPMediaTransport and UDPMediaTransport parameters.

Call Data Channel Parameters

Parameter

Length/Range

Description

TCPMediaTransport N/A

Specifies the media details of LI Server using TCP mode of transport.

  • tcpMediaIpAddress <ip address> – The LI Server's TCP media IP address where the media is sent.
  • tcpMediaPort <port #> – The LI Server's TCP port where the media is sent. (range: 0-65535)
UDPMediaTransport N/A

Specifies the media details of LI Server using UDP mode of transport.

  • udpMediaIpAddress <ip address> – The LI Server's UDP media IP address where the media is sent.
  • udpMediaPort <port #> – The LI Server's UDP port where the media is sent. (range: 0-65535)
dsrTcpPort  0-65535 <port#> – The LI Server's TCP port where DSR messages are sent. This value is set when mediaTypeIntercepted is set to multimedia.

interceptStandard

N/A

The Intercept Standard to use for this Call Data Channel.

  • etsi
  • packetcable (default)
  • threeGpp

ipInterfaceGroupName

0-23

<IPIG name> – Name of the IP interface group used to stream to the LI Server.

kaTimer

0-65535

<# seconds> (default = 5) – The keep-alive timer value, in seconds.

liPolDipForRegdOodMsgs N/A

 Use this flag to control the sending of the policy dip to PSX for registered user's Out-Of-Dialog messages.

  • disabled (default) – SBC does not send policy request to PSX for registered out-of-dialog requests (messages).
  • enabled – SBC sends policy request to PSX for registered out-of-dialog requests for interception.
mediationServer0-23

<name> – Name of the Mediation Server. Up to eight Mediation Servers are configurable for each CDC. See Mediation Server Parameters table below for parameter details.

The mediationServer parameter is only visible when interceptStandard and vendorId are configured for IMS LI (see table Configuring SBC for Different LI Flavors).

mediaTypeIntercepted N/A

Specifies the type of media interception.

  • default (default) – audio, fax

  • multimedia – audio, fax, clearmode streams in Encapsulation mode.

Direct Signaling Report (DSR) messages are also supported. DSR messages are signaling messages generated by SBC, when a call is intercepted. The DSR message contains extra information in the header along with the actual signaling message PDUs.

priIpAddress

N/A

The primary LI Server's IPv4 address where Call Data Channel messages are sent. (default = 0.0.0.0)

priMode

N/A

Mode of the primary server. Options are:

  • active (default)
  • outOfService
  • standby

priPort

0-65535

The primary LI Server's UDP port where Call Data Channel messages are sent. (default = 0)

pristate

N/A

Use this flag to enable/disable communication to the primary LI Server.

  • enabled (default)
  • disabled

retries

N/A

Number of retries before the LI Call Data Channel is considered as failed. (default = 3)

rtcpInterception

N/A

Enable this flag to intercept RTCP information for IMS LI.

  • disabled (default)
  • enabled

The rtcpInterception parameter is only visible when interceptStandard and vendorId are configured as IMS LI (see table Configuring SBC for Different LI Flavors).

secIpAddress

N/A

Secondary LI Server's IPv4 address where Call Data Channel messages are sent. (default = 0.0.0.0)

secMode

N/A

Mode of the secondary server. Options are:

  • active
  • outOfService (default)
  • standby

secState

N/A

Use this flag to enable/disable communication to secondary LI Server.

  • enabled (default)
  • disabled

vendorId

N/A

The vendor name of the LI server.

  • none (default)
  • ss8
  • utimaco
  • verint

Mediation Server Parameters

Mediation Server Parameters

ParameterDescriptions

media

Mediation server media properties.

  • tcp – Use TCP to transport mediation server details.
  • udp – Use UDP to transport mediation server details.

signaling

Mediation server signaling interception settings.

  • dscpValue – The DSCP value for intercepted signaling/media packets sent on this port. (range: 0-63 / default = 16)
  • ipAddress – The IPv4/IPv6 Address of the mediation server for media/signaling interception over TCP/UDP port.
  • mode – The operational mode of the signaling/media connection towards the mediation server.
    • inService
    • outOfService (default)
  • portNumber – The UDP/TCP port number of the mediation server for media/signaling interception. (range: 0-65536 / default = 0)
  • protocolType – The protocol used by the mediation server for signaling interception. This parameter applies to mediation server Signaling properties only.
    • tcp (default)
    • udp
  • state – The administrative state of the signaling/media connection towards the mediation server.
    • disabled (default)
    • enabled

The protocolType "udp" is not supported for Signaling interception in this release.

Configuring SBC for Different LI Flavors

The following table depicts the interceptStandard and verndorId configuration options to configure SBC for the the various LI flavors.

Configuring SBC for Different LI Flavors

Configuration Settings

 

LI Flavor

interceptStandardvendorId
packetcablenone/utimaco/verintLegacy LI (default)
packetcabless8SS8 LI
threeGpp/etsinone/utimaco/verintIMS LI

Command Examples

To configure intercept standard:

% set addressContext default intercept callDataChannel CDC interceptStandard etsi 

To configure the vendor ID:

% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint

To configure mediation server for media interception:

Mediation server’s ipInterfaceGroup must be different from other signaling ipInterface groups. This ensures that LI doesn't use signaling ipAddress to send intercepted traffic (media/signaling) towards Mediation Server.

% set addressContext default intercept callDataChannel CDC interceptStandard etsi vendorId verint mediationServer ms1 

To configure mediation server for media interception over TCP:

% set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp dscpValue 0 ipAddress 10.54.66.67 portNumber 7870
commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media tcp mode inService state enabled 
commit

To configure mediation server for media interception over UDP:

% set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp dscpValue 0 ipAddress 10.54.66.57 portNumber 7881
commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 media udp mode inService state enabled 
commit

To configure mediation server for signaling interception:

% set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling dscpValue 0 ipAddress 10.54.64.80 portNumber 7880 protocolType tcp
commit
% set addressContext default intercept callDataChannel CDC mediationServer ms1 signaling mode inService state enabled
commit

To configure RTCP interception:

% set addressContext default intercept callDataChannel CDC rtcpInterception enabled

 


 

  • No labels