Configuring Lawful-Intercept between SBR Carrier and ERX Device
During a lawful intercept request, the ERX device records the username as a case-sensitive string. SBR Carrier converts the username to an upper case format (all capitals) and saves it in the database. When a lawful intercept request is sent, the request is rejected by the ERX device because the username retrieved from the database is in upper case format.
To make the ERX device interoperate with SBR Carrier for lawful intercept, you need to configure the following procedures to retain the case sensitivity of the original username received from the ERX device:
- Create a duplicate entry in the radius.dic file for storing the Original-User-Name.
Example:
ATTRIBUTE Original-User-Name 1 string r ATTRIBUTE User-Name 1 string c ATTRIBUTE User-Password 2 string c
- Update the [AuthRequest] section of the
sessionTable.inifile to map the username to the FunkOuterUserName attribute.Example:
[AuthRequest] FunkOuterUserName = User-Name
- Map the FunkOuterUserName attribute to the Original-User-Name
in the dbc_mapping.xml file.
Example:
<attributeMapping field="Sbr_NasIpv4Address" attribute="NAS-IP-Address"> <queryAttribute name="NAS-IP-Address"/> </attributeMapping> <attributeMapping field="FunkOuterUserName" attribute="Original-User-Name"> </attributeMapping> </dbcMapping>
- Update the InterceptOn section in the
deviceModels.xmlfile by setting the requiredAttribute as the Original-User-Name for the ERX device.Note In the case of InterceptOn, the following attributes need to be configured:
Original-User-Name
Acct-Session-Id
Unisphere-Med-Ip-Address
Unisphere-LI-Action
In the case of InterceptOff, the following attributes need to be configured:
Acct-Session-Id
Unisphere-LI-Action
The following is a sample deviceModels.xml file for ERX device:
</controlledDeviceModel> <controlledDeviceModel id="Juniper-ERX 10.2" vendor="Juniper" model="Juniper-ERX 10.2" dictionary="juniper"> <radiusPorts> <!--specifies default port --> <radiusPort name="RFC3576" port="1700"/> </radiusPorts> <actions> <action name="query"> <localSessionQuery description="return local session data"/> </action> <action name="disconnect"> <radiusRequest description="ERX Packet of Disconnect" code="DM" portName="RFC3576"> <attributes> <requiredAttribute name="Acct-Session-Id"/> </attributes> <onSuccess> <!--this device does not send Stop when you knock someone off --> <sessionStop description="Simulated Session Stop"/> </onSuccess> <onFailure> <!--assume bad session record --> <sessionStop description="Cleaning Session Database"/> </onFailure> <onTimeout/> </radiusRequest> </action> <action name="interceptOn" description="Mirror all IP traffic to specified device"> <radiusRequest code="CoA" portName="RFC3576"> <attributes> <requiredAttribute name="Original-User-Name"/> <requiredAttribute name="Acct-Session-Id"/> <requiredAttribute name="Unisphere-Med-Ip-Address"/> <overrideAttribute name="Unisphere-LI-Action" value="1"/> </attributes> </radiusRequest> </action> <action name="interceptOff" description="Stop mirroring IP traffic to specified device"> <radiusRequest code="CoA" portName="RFC3576"> <attributes> <requiredAttribute name="Acct-Session-Id"/> <overrideAttribute name="Unisphere-LI-Action" value="0"/> </attributes> </radiusRequest> </action> </actions> </controlledDeviceModel>
You must to restart SBR Carrier to make these changes into effect.