User Security Configuration Guide, Cisco IOS XE Release 3S
LI Support for IPoE Sessions
Downloads: This chapterpdf (PDF - 1.17MB) The complete bookPDF (PDF - 3.06MB) | The complete bookePub (ePub - 361.0KB) | Feedback

LI Support for IPoE Sessions

The LI Support for IPoE Sessions feature extends support for provisioning lawful intercept (LI) to IP over Ethernet (IPoE) sessions in accordance with RFC 2866. This document describes RADIUS-based LI for IPoE. See the “Lawful Intercept Architecture” module for information on LI architecture and components and for configuration tasks and examples.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for LI Support for IPoE Sessions

The following restrictions apply to RADIUS-based LI for IPoE sessions:

  • You cannot use Access-Accept packets to start TAP for a RADIUS proxy session when the LI parameters are encrypted.
  • The aaa intercept command must be configured to accept attribute value pairs (AVPs) associated with RADIUS-based LI. The frequency of change of authentication (CoA) requests to start, stop, or no-action, should not exceed a rate of 1 per 10 minutes.
  • Intercepted traffic from different users is sent to the same mediation device (MD). You must use a unique stream ID (made up of the first four digits of the eight-digit intercept ID) for each MD.
  • The format of intercepted packets captured using RADIUS-based LI include the L2 header; this is different from the format of SNMP-based LI.
  • Per-flow tapping is not supported through RADIUS-based LI; it is supported with SNMP-based LI.

Additional References for LI Support for IPoE Sessions

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

Configuring SNMP support

Configuring SNMP Support

Security commands

Cisco IOS Security Command Reference

Standards

Standard

Title

PacketCable™ Control Point Discovery Interface Specification

PacketCable Control Point Discovery Interface Specification (PKT-SP-CPD-I02-061013)

MIBs

MIB

MIBs Link

  • CISCO-IP-TAP-MIB
  • CISCO-TAP2-MIB
  • CISCO-802-TAP-MIB
  • CISCO-USER-CONNECTION-TAP-MIB

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http:/​/​www.cisco.com/​go/​mibs

RFCs

RFC

Title

RFC 2866

RADIUS Accounting

Technical Assistance

Description Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http:/​/​www.cisco.com/​support

Feature Information for LI Support for IPoE Sessions

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Table 1 Feature Information for LI Support for IPoE Sessions

Feature Name

Releases

Feature Information

LI Support for IPoE Sessions

Cisco IOS XE Release 3.10S

Extends support for provisioning LI to IPoE sessions in accordance with RFC 2866.