Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Configuring Lawful-Intercept between SBR Carrier and ERX Device

During a lawful intercept request, the ERX device records the username as a case-sensitive string. SBR Carrier converts the username to an upper case format (all capitals) and saves it in the database. When a lawful intercept request is sent, the request is rejected by the ERX device because the username retrieved from the database is in upper case format.

To make the ERX device interoperate with SBR Carrier for lawful intercept, you need to configure the following procedures to retain the case sensitivity of the original username received from the ERX device:

  1. Create a duplicate entry in the radius.dic file for storing the Original-User-Name.

    Example:

    ATTRIBUTE   Original-User-Name  1   string  r
    ATTRIBUTE   User-Name                     1   string  c
    ATTRIBUTE   User-Password             2   string  c
  2. Update the [AuthRequest] section of the sessionTable.ini file to map the username to the FunkOuterUserName attribute.

    Example:

    [AuthRequest]
    FunkOuterUserName = User-Name
    
  3. Map the FunkOuterUserName attribute to the Original-User-Name in the dbc_mapping.xml file.

    Example:

    <attributeMapping field="Sbr_NasIpv4Address"        attribute="NAS-IP-Address">
    <queryAttribute name="NAS-IP-Address"/>
    </attributeMapping>
    <attributeMapping field="FunkOuterUserName"    attribute="Original-User-Name">
    </attributeMapping>
    </dbcMapping>
    
  4. Update the InterceptOn section in the deviceModels.xml file by setting the requiredAttribute as the Original-User-Name for the ERX device.

    Note: In the case of InterceptOn, the following attributes need to be configured:

    • Original-User-Name
    • Acct-Session-Id
    • Unisphere-Med-Ip-Address
    • Unisphere-LI-Action

    In the case of InterceptOff, the following attributes need to be configured:

    • Acct-Session-Id
    • Unisphere-LI-Action

The following is a sample deviceModels.xml file for ERX device:

</controlledDeviceModel>
<controlledDeviceModel id="Juniper-ERX 10.2" vendor="Juniper" model="Juniper-ERX 10.2" dictionary="juniper">
 <radiusPorts>
  <!--specifies default port -->
  <radiusPort name="RFC3576" port="1700"/>
 </radiusPorts>
 <actions>
  <action name="query">
   <localSessionQuery description="return local session data"/>
  </action>
  <action name="disconnect">
   <radiusRequest description="ERX Packet of Disconnect" code="DM" portName="RFC3576">
    <attributes>
     <requiredAttribute name="Acct-Session-Id"/>
    </attributes>
    <onSuccess>
     <!--this device does not send Stop when you knock someone off -->
     <sessionStop description="Simulated Session Stop"/>
    </onSuccess>
    <onFailure>
     <!--assume bad session record -->
     <sessionStop description="Cleaning Session Database"/>
    </onFailure>
    <onTimeout/>
   </radiusRequest>
  </action>
  <action name="interceptOn" description="Mirror all IP traffic to specified device">
   <radiusRequest code="CoA" portName="RFC3576">
    <attributes>
     <requiredAttribute name="Original-User-Name"/>
     <requiredAttribute name="Acct-Session-Id"/>
     <requiredAttribute name="Unisphere-Med-Ip-Address"/>
     <overrideAttribute name="Unisphere-LI-Action" value="1"/>
    </attributes>
   </radiusRequest>
  </action>
  <action name="interceptOff" description="Stop mirroring IP traffic to specified device">
   <radiusRequest code="CoA" portName="RFC3576">
    <attributes>
     <requiredAttribute name="Acct-Session-Id"/>
     <overrideAttribute name="Unisphere-LI-Action" value="0"/>
    </attributes>
   </radiusRequest>
  </action>
 </actions>
</controlledDeviceModel>

Note: You must to restart SBR Carrier to make these changes into effect.

Modified: 2017-09-27