CALEA

Revised: July 2010, OL-23040-01

Introduction

This chapter explains how to provision BTS interfaces to support the Communications Assistance for Law Enforcement Act (CALEA). The BTS supports two architectures, Cisco Service Independent Intercept (SII) and PacketCable.

CALEA Administrators

Electronic surveillance server (ESS) commands require users with high privilege levels. Use workgroups to manage those users. Table 4-1 has steps to provision the workgroup and example CLI commands with required tokens.

Table 4-1 CALEA Administrator Provisioning 

 
Task
Description and CLI Command

Step 1 

Adding workgroups. 

change command-table noun=ess; verb=add; 
work-groups=<Workgroup Name>;

Step 2 

Assigning users to workgroups. 

change user name=<someUser>; work-groups=<Workgroup Name>;

CALEA on Networks

Table 4-2 has steps to provision CALEA on (Service Independent Interception) SII and PacketCable networks example CLI commands with required tokens.

Table 4-2 CALEA Provisioning 

 
Task
Description and CLI Command

Step 1 

Adding Call Agent Profile entries. 

add call-agent-profile id=<CAid>; cms-id=1234; feid=4321;

 
        
 Note CMS-ID=xxxx, FEID=xxxx are mandatory settings for CALEA. 
 		 
      
 
      
 
       
 Step 2  
 		 
       
 Provisioning Electronic Surveillance Server tables. 
 		 
       
 This table identifies the Delivery Function (DF) server to the BTS. 
  
        
 
         
add ess cdc-df-address = <IP address of DF CDC 
application>;

 
        
 
        
 
         
cdc-df-port = < Destination Port for call-data info >;

 
        
 
        
 
         
ccc-df-address = <IP address of DF CCC application >;

 
        
 
        
 
         
ccc-df-port = < Destination Port for call-content info >;

 
        
 
        
 
         
em-protocol-major=< 11 or 15 (default) >; 
em-protocol-minor=<00 (default) to 99>

 
        
 
        
 
         
 
        
 Note CCC_IP_ADDRESS and CCC_IP_PORT are required when the CALEA feature is used in a multiple CMS environment. The values of CCC_IP_ADDRESS and CCC_IP_PORT provide the CMS with information about the IP address and port to which duplicate call-content streams should be sent if the BTS 10200 receives a call-content surveillance request from the CMS. If these tokens are not provisioned, the BTS 10200 uses the information received in the laes-content parameter of the SIP P-DCS-LAES header. 
 		 
      
 
      
 
       
 Step 3  
 		 
       
 Provisioning Aggregation tables and Media Gateway tables. 
 		 
       
 These steps are necessary if an aggregation router (CMTS) supports CALEA, and CALEA is enabled on it. 
 
  a. Provisioning Aggregation tables. 
  
        
 
         
change aggr id=<er1>; es-supp=y; es-event-supp=y;

 
        
 
        
 
         
 
        
  b. Ensuring the CMTS is identified by the aggr-id token in the Media Gateway table. 
  
        
 
         
show mgw id=<mgw id for the MTA>;

 
        
 
        
 
         
 
        
  c. If there is no valid value displayed for aggr-id, enter it using the following command: 
  
        
 
         
change mgw id=<mgw id>; aggr-id=<Aggregation router 
(CMTS) ID>

 
        
 
        
 
         
 
        
  d. Repeat Steps b and c to verify aggr-id on all MTAs (MGWs) connected to the CMTS (aggregation router). 
 
        
 
          
        
 
        
 
 Note CALEA must be enabled on each TGW and aggregation router used for CALEA. See TGW and aggregation router vendor documentation. 
 
        
 
      
 
      
 
       
 Step 4  
 		 
       
 Ensuring BTS functionality matches that at the other end 
 		 
       
  a. Set the ES-SUPP flag in the Aggregation Profile table, which the Aggregation (aggr) table points to for a specific Aggregation record, only if the Cable Modem Termination System (CMTS) supports CALEA requirements. 
 
  b. Set the ENABLE_P_DCS_LAES_HEADER flag in the Softswitch Trunk Group Profile table only if the BTS can send P-DCS-LAES header on the soft-switch trunk group for this profile. 
 
  c. Set the SEND_LAES_IN_RESPONSE flag in the Softswitch Trunk Group Profile table only if the BTS can send P-DCS-LAES header in SIP 18X or 200 OK messages on the soft-switch trunk group for this profile. 
 
  d. Set the ENABLE_ES_EVENTS and ENABLE_SIP_TRIGGER flag in the Softswitch Trunk Group Profile only if the soft-switch trunk group for this profile is connected to an Application Server.