Overview

The SBC Core platforms support Lawful Intercept (LI) functionality using one of the following solutions:

  • Centralized PSX solution consisting of an external PSX, a third-party Intercept Server (IS), and RAMP
  • SBC ERE solution consisting of the ERE, a third-party Intercept Server and EMA

The SBC works in conjunction with the Intercept Server as well as the ERE and EMA (or an external PSX and RAMP) to provide call data and call content to law enforcement agencies for calls involving identified intercept subjects. When it receives matching LI criteria in a policy response from the ERE (or PSX), the SBC routes the call as directed and additionally reports call events to the Intercept Server. It also sends media stream (call content) to an IP address provided by the Intercept Server.

The SBC supports four types of LI:

  • Default LI
  • IMS LI
  • PCSI LI
  • PacketCable 2.0 LI

In order to intercept media packets, ensure RAMP is either the same or a higher version as that of the SBC and PSX platforms. 


The following table describes the Call Data Channel (CDC) configuration information required to distinguish between Default LI, IMS LI, and PCSI (P-Com.Session-Info) LI, and PacketCable 2.0 LI. It also lists the types of LI supported on different platforms:

Table 1: LI Types and Supported Platforms

LI TypeCDC ConfigurationPlatformsRouting PolicyLI InterfaceStreams Supported
Intercept StandardVendor IdD-SBCSBC SWe/SBC 7000External PSXEREX1X2X3D-SBCSBC SWe/SBC 7000
Legacy LI (default)PacketCable, PacketCablePlusEtsiNone/Utimaco/Verint

Supported

SupportedSupportedSupportedSOAP
  • RADIUS
  • RADIUS over IPsec
UDPAudio OnlyAudio only
PCSI LIPacketCableSs8SupportedSupportedSupportedNot SupportedTLSNot Supported
  • TCP
  • TCP over IPsec

Audio,Video and T140

Audio, Video and T140
IMS LI3gpp/etsiVerint/utimaco/none/GroupTwoThousandSupportedSupportedSupportedSupportedSOAP
  • DSR
  • DSR over IPsec
  • UDP
  • UDP over IPsec
  • TCP
  • TCP over IPsec
Audio OnlyAll Streams
PacketCable 2.0PacketcableVTwonone/atos Not SupportedSupportedSupportedSupportedSOAP
  • Diameter
  • Diameter over IPsec
  • UDP
  • UDP over IPsec
Not SupportedAudio, Video


User "calea" must be created on SBC before attempting LI provisioning.

Creating the CALEA User through CLI

  1. Log on as admin user.
  2. Create a CALEA user, by executing the following command:

    % set oam localAuth user calea group Calea
    commit


    You will see a system-generated password. Use this password when you log on to CALEA user for the first time.

Creating the CALEA User through EMA

Note

You do not need to create a CALEA user for RAMP registered D-SBC setups.

  1. Log into the EMA GUI.
  2. Select Administration > Users and Application Management > User and Session Management.
  3. Click New User. The Create User panel appears.
  4. Select Calea from the Role drop-down menu.
    Figure 1: Create CALEA User




  5. Configure the other fields in the Create User panel.
  6. Click Save.
    The CALEA user saves with a temporary password, which appears in the Create User panel. Record the temporary password.
    Figure 2: Temporary Password Example




  7. Click the check mark icon.
  8. Select Admin > Log Out to logout. 
  9. A prompt to confirm the logout appears. Click Yes.
  10. Log into the EMA GUI as the CALEA user with the temporary password.
  11. A prompt to create a new password appears. Enter and confirm a new password.
    Figure 3: Enter New Password Example


  12. Click Sign In.

View the CALEA user status

View the CALEA user status, by executing the following command:

> show status oam localAuth userStatus
userStatus admin {
    currentStatus Enabled;
    userId        3000;
}
userStatus calea {
    currentStatus Enabled;
    userId        3329;
}
[ok]