Provisioning Guide
Chapter 6 - CALEA Provisioning
Download this chapter
Chapter 6 - CALEA ProvisioningChapter 6 - CALEA Provisioning
Download the complete book
Provisioning Guide - Book Length PDFProvisioning Guide - Book Length PDF (PDF - 6 MB)
 Feedback

Table Of Contents

CALEA Provisioning

Create a Workgroup to Manage Access to ESS Commands

Service Independent Interception Provisioning

Release 5.0 Electronic Surveillance Provisioning

Create a Workgroup to Manage Access to ESS Commands

Provision the ESS Table

ESS Table Provisioning Example

Verify Aggregation Table and Softswitch Trunk Group Profile Table Provisioning


CALEA Provisioning

Revised: May 31, 2010, OL-12777-12

The Cisco BTS 10200 Softswitch provides interfaces for transmission of data used in conjunction with the Communications Assistance for Law Enforcement Act (CALEA). This chapter explains how to provision these interfaces on the Cisco BTS 10200 Softswitch and contains the following sections:

Create a Workgroup to Manage Access to ESS Commands

Service Independent Interception Provisioning

Release 5.0 Electronic Surveillance Provisioning

The Cisco BTS 10200 Softswitch provides support for CALEA using two different industry-developed architectures: PacketCable, and the Cisco Service Independent Intercept (SII).

Note For a general description of the Cisco BTS 10200 Softswitch implementation for CALEA support, refer to the Cisco BTS 10200 Softswitch System Description.

Create a Workgroup to Manage Access to ESS Commands

Any user with a high enough command privilege level can execute electronic surveillance server (ESS) commands. However, access can be more easily controlled through a workgroup.

To set up a workgroup, execute the following commands.

Step 1 Start a session with SSH, and log in to the EMS.

Step 2 Create a workgroup for the ESS command. 

change command-table noun=ess; verb=add; work-groups=<Workgroup Name>;

Step 3 Add this workgroup to the user using the following command. This permits the user to access the ESS commands. 

change user name=<someUser>; work-groups=<Workgroup Name>;

Service Independent Interception Provisioning

Perform the following steps to set up CALEA on the Cisco BTS 10200 Softswitch in an SII network. Command examples are provided but may not replicate your specific network conditions.

Step 1 Enable SII using the Call Agent Profile table. You need user class privileges to perform this command. 

add call-agent-profile id=<CAid>; cms-id=1234; feid=4321;

Note CMS-ID=xxxx, FEID=xxxx are mandatory settings for CALEA.

Step 2 Provision the Electronic Surveillance Server table. This table identifies the Delivery Function (DF) server to the Cisco BTS 10200 Softswitch. 

add ess cdc-df-address=<IPaddress>; cdc-df-port=<port#>;

The CALEA feature is now available for use.

Step 3 If an aggregation router (CMTS) supports CALEA, and CALEA is enabled on the aggregation router, provision the Aggregation table and Media Gateway table as follows:

a. Provision the Aggregation table. 

change aggr id=<er1>; es-supp=y; es-event-supp=y;

b. To display the current settings in the MGW table for each MTA, enter the following command: 

show mgw id=<mgw id for the MTA>;

c. Verify that the display from the show command in Step b. indicates that the aggregation router (CMTS) is properly identified by the aggr-id token in the Media Gateway table. If there is no valid value displayed for aggr-id, you must enter it using the following command: 

change mgw id=<mgw id>; aggr-id=<Aggregation router (CMTS) ID>

d. Repeat Steps b and c as necessary to verify/enter the aggr-id on all MTAs (MGWs) connected to the CMTS (aggregation router).

Note CALEA must be enabled on every TGW and aggregation router used for CALEA. Consult your TGW and aggregation router vendor documentation for instructions.

Release 5.0 Electronic Surveillance Provisioning

Perform the following steps to set up CALEA on Release 5.0 of the Cisco BTS 10200 Softswitch in a PacketCable network. Command examples are provided but might not replicate your specific network conditions.

This section explains how to perform the following tasks:

Create a Workgroup to Manage Access to ESS Commands

Provision the ESS Table

Verify Aggregation Table and Softswitch Trunk Group Profile Table

Note These tasks include examples of CLI commands that illustrate how to provision the specific feature. Most of these tables have additional tokens that are not included in the examples. For a complete list of all CLI tables and tokens, see the Cisco BTS 10200 Softswitch Command Line Interface Reference Guide.

Create a Workgroup to Manage Access to ESS Commands

Any user with sufficient privilege can execute electronic surveillance server (ESS) commands. However, access can be more easily controlled using a workgroup.

To set up a workgroup, complete the following steps.

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

ssh -l Calea@priemsXXX

Start a session with SSH, and log in to the EMS.

Step 2 

change command-table noun=ess; verb=add; work-groups=<Workgroup Name>;

Create a workgroup for the ESS command.

Step 3 

change user name=<someUser>; work-groups=<Workgroup Name>;

Add this workgroup to the user using the following command. This permits the user to access the ESS commands.

Provision the ESS Table

For Cisco BTS 10200, Release 5.0, the ESS table includes four new optional tokens:

CCC_IP_ADDRESS

CCC_IP_PORT

EM-PROTOCOL-VERSION-MAJOR

EM-PROTOCOL-VERSION-MINOR

Note CCC_IP_ADDRESS and CCC_IP_PORT are required when the CALEA feature is used in a multiple CMS environment. The values of CCC_IP_ADDRESS and CCC_IP_PORT provide the CMS with information about the IP address and port to which duplicate call-content streams should be sent if the BTS 10200 receives a call-content surveillance request from the CMS. If these tokens are not provisioned, the BTS 10200 uses the information received in the laes-content parameter of the SIP P-DCS-LAES header.

Note For Release 5.0, the PROTOCOL-VERSION token that was available in previous releases of the ESS table is deprecated.

ESS Table Provisioning Example

The following command example shows how to provision the new ESS table tokens for the CALEA feature in BTS 10200, Release 5.0.

DETAILED STEPS

Table 6-1 ESS Table Provisioning

Command or Action
Purpose 
add ess cdc-df-address = <IP address of 
DF CDC application >; 
cdc-df-port = < Destination Port for 
call-data info >; 
ccc-df-address = <IP address of DF CCC 
application >; 
ccc-df-port = < Destination Port for 
call-content info >; 
em-protocol-major=< 11 or 15 (default) 
>; em-protocol-minor=<00 (default) to 
99>

Provision the new ESS table tokens for the CALEA feature in BTS 10200, Release 5.0.This identifies the Delivery Function (DF) server to the Cisco BTS 10200 Softswitch.


Verify Aggregation Table and Softswitch Trunk Group Profile Table Provisioning

Verify that the ES-SUPP tokens in the Aggregation-Profile (aggr-profile) table and Softswitch Trunk Group Profile (softsw-tg-profile) table are set to correspond with the functionality supported at the other end.

The ES-SUPP flag in the Aggregation Profile table, which the Aggregation (aggr) table points to for a specific Aggregation record, should be set only if the Cable Modem Termination System (CMTS) supports CALEA requirements.

The ENABLE_P_DCS_LAES_HEADER flag in the Softswitch Trunk Group Profile table should be set if the BTS10200 is allowed to send P-DCS-LAES header on the soft-switch trunk group associated with this profile.

The SEND_LAES_IN_RESPONSE flag in the Softswitch Trunk Group Profile table should be set if the BTS10200 is allowed to send P-DCS-LAES header in SIP 18X or 200 OK messages on the soft-switch trunk group associated with this profile.

The ENABLE_ES_EVENTS and ENABLE_SIP_TRIGGER flag in the Softswitch Trunk Group Profile table should be set if the soft-switch trunk group associated with this profile is connected to an Application Server.