Configuring SBC For Lawful Interception

Overview

The SBC Core platforms support Lawful Intercept (LI) functionality using one of the following solutions:

• Centralized PSX solution consisting of an external PSX, a third-party Intercept Server (IS), and RAMP
• SBC ERE solution consisting of the ERE, a third-party Intercept Server and EMA

The SBC works in conjunction with the Intercept Server as well as the ERE and EMA (or an external PSX and RAMP) to provide call data and call content to law enforcement agencies for calls involving identified intercept subjects. When it receives matching LI criteria in a policy response from the ERE (or PSX), the SBC routes the call as directed and additionally reports call events to the Intercept Server. It also sends media stream (call content) to an IP address provided by the Intercept Server.

The SBC supports four types of LI:

• Default LI
• IMS LI
• PCSI LI
• PacketCable 2.0 LI
  
  

The following table describes the Call Data Channel (CDC) configuration information required to distinguish between Default LI, IMS LI, and PCSI (P-Com.Session-Info) LI, and PacketCable 2.0 LI. It also lists the types of LI supported on different platforms:

LI Types and Supported Platforms

MultiExcerpt named RAMP support of MCLI was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro

The admin must first create a user "calea" on the SBC before attempting LI provisioning.

Creating CALEA Users Through CLI

Create a CALEA User

1. Log on as admin user.

2. Create a CALEA user, by executing the following command:

   % set oam localAuth user calea group Calea
   commit

   
   You will see a system-generated password. Use this password when you log on to CALEA user for the first time.

View the CALEA User Status From CLI

View the CALEA user status, by executing the following command:

> show status oam localAuth userStatus
userStatus admin {
    currentStatus Enabled;
    userId        3000;
}
userStatus calea {
    currentStatus Enabled;
    userId        3329;
}
[ok]

Create Secondary CALEA Users From CLI to Support Multi-Country LI

The SBC is enhanced to support multiple CALEA users to align with RAMP. This allows "calea" users from different countries to push their targets to the respective X1 interfaces.

Start

1. Create the primary calea user "calea" as admin user.
   
   Example

   set oam localAuth user calea group Calea

2. Login as the 'calea' user and create the secondary calea users ("calea1," "calea2," etc.). All secondary users will belong to the same group "Calea."
   
   Example

   set oam localAuth user calea1 group Calea
   set oam localAuth user calea2 group Calea
   commit

For additional feature functionality, refer to Multi-Country LI for VoLTE IMS.

Creating CALEA Users Through EMA

Create a CALEA User

1. Log in to the EMA GUI.
2. Select Administration > Users and Application Management > User and Session Management.
3. Click New User. The Create User panel appears.
   

4. Select Calea from the Role drop-down menu.
   

   
   

    

5. Configure the other fields in the Create User panel.

6. Click Save.
   The CALEA user saves with a temporary password, which appears in the Create User panel. Record the temporary password.
   

   
   

    

7. Click the check mark icon.
   
8. Select Admin > Log Out to logout. 
9. A prompt to confirm the logout appears. Click Yes.
   
10. Log into the EMA GUI as the CALEA user with the temporary password.
    

11. A prompt to create a new password appears. Enter and confirm the new password.

12. Click Sign In.

Create Secondary CALEA Users From EMA to Support Multi-Country LI

Create CALEA Users

MultiExcerpt named Create CALEA users with EMA was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro

Edit CALEA Users

MultiExcerpt named Edit CALEA users with EMA was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro