3.2.47. lawful-interception¶

Note

requires a specific license: Lawful Interception.

Lawful Interception configuration.

vsr running config# vrf <vrf> lawful-interception

enabled¶

Enable lawful interception.

vsr running config# vrf <vrf> lawful-interception
vsr running lawful-interception# enabled true|false

Default value: true

intercepted-vrf¶

The VRF list where lawful interception will look for its targets.

vsr running config# vrf <vrf> lawful-interception intercepted-vrf <leafref>

<leafref>

The VRF where we want to intercept traffic from.

control¶

X1 configuration to control lawful interception.

vsr running config# vrf <vrf> lawful-interception control

source-ipv4¶

The local IPv4 address used to join the ADMF (ADMinistration Function).

vsr running config# vrf <vrf> lawful-interception control
vsr running control# source-ipv4 SOURCE-IPV4

SOURCE-IPV4

An IPv4 address.

idle-probe-interval¶

unit: seconds

ADMF (ADMinistration Function) session idle time (TIME_P2) triggering a ReportNEIssue probe.

vsr running config# vrf <vrf> lawful-interception control
vsr running control# idle-probe-interval <1-65535>

Default value: 3600

idle-probe-timeout¶

unit: seconds

ADMF (ADMinistration Function) ReportNEIssue probe timeout (TIME_P1) triggering the release of all resources.

vsr running config# vrf <vrf> lawful-interception control
vsr running control# idle-probe-timeout <1-65535>

Default value: 60

port¶

The ADMF (ADMinistration Function) destination port to receive X1 messages. It is used in both the NE (Network Element) and ADMF.

vsr running config# vrf <vrf> lawful-interception control
vsr running control# port <uint16>

Default value: 443

identifier (mandatory)¶

NE (Network Element) Identifier for the X1 daemon (must match the certificate common name or subject altname).

vsr running config# vrf <vrf> lawful-interception control
vsr running control# identifier <string>

local-certificate (mandatory)¶

Certificate to use for authentication of the local peer.

vsr running config# vrf <vrf> lawful-interception control
vsr running control# local-certificate LOCAL-CERTIFICATE

LOCAL-CERTIFICATE

Certificate name.

trust¶

Define which CA certificates to trust.

vsr running config# vrf <vrf> lawful-interception control trust

certificate-store (mandatory)¶

List of CA certificate stores to trust.

vsr running config# vrf <vrf> lawful-interception control trust
vsr running trust# certificate-store CERTIFICATE-STORE

CERTIFICATE-STORE

CA certificate store name.

delivery¶

X2/X3 configuration, to deliver information or payloads for lawful interception.

vsr running config# vrf <vrf> lawful-interception delivery

source-ipv4¶

The local IPv4 address used to join the MDF (Mediation and Delivery Function).

vsr running config# vrf <vrf> lawful-interception delivery
vsr running delivery# source-ipv4 SOURCE-IPV4

SOURCE-IPV4

An IPv4 address.

keepalive-interval¶

unit: seconds

Time between keepalive probes (TIME_P1) destined to the MDF (Mediation and Delivery Function).

vsr running config# vrf <vrf> lawful-interception delivery
vsr running delivery# keepalive-interval <1-65535>

Default value: 60

keepalive-timeout¶

unit: seconds

Keepalive probe timeout (TIME_P2) triggering a reconnection attempt with the MDF (Mediation and Delivery Function).

vsr running config# vrf <vrf> lawful-interception delivery
vsr running delivery# keepalive-timeout <1-65535>

Default value: 180

vrf¶

The VRF used for lawful interception delivery.

vsr running config# vrf <vrf> lawful-interception delivery
vsr running delivery# vrf <leafref>

l3vrf¶

The L3VRF used for lawful interception delivery.

vsr running config# vrf <vrf> lawful-interception delivery
vsr running delivery# l3vrf L3VRF

`L3VRF` values	Description
`<l3vrf-name>`	The l3vrf name.
`default`	The default l3vrf.

local-certificate (mandatory)¶

Certificate to use for authentication of the local peer.

vsr running config# vrf <vrf> lawful-interception delivery
vsr running delivery# local-certificate LOCAL-CERTIFICATE

LOCAL-CERTIFICATE

Certificate name.

trust¶

Define which CA certificates to trust.

vsr running config# vrf <vrf> lawful-interception delivery trust

certificate-store (mandatory)¶

List of CA certificate stores to trust.

vsr running config# vrf <vrf> lawful-interception delivery trust
vsr running trust# certificate-store CERTIFICATE-STORE

CERTIFICATE-STORE

CA certificate store name.