Lawful Intercept Commands


Note

  • Starting with Cisco IOS XR Release 6.6.25, all commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 560 Series Routers.

  • Starting with Cisco IOS XR Release 6.3.2, all commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 540 Series Router.

  • References to releases before Cisco IOS XR Release 6.3.2 apply to only the Cisco NCS 5500 Series Router.

  • Cisco IOS XR Software Release 7.0.1 specific updates are not applicable for the following variants of Cisco NCS 540 Series Routers:

    • N540-28Z4C-SYS-A

    • N540-28Z4C-SYS-D

    • N540X-16Z4G8Q2C-A

    • N540X-16Z4G8Q2C-D

    • N540X-16Z8Q2C-D

    • N540-12Z20G-SYS-A

    • N540-12Z20G-SYS-D

    • N540X-12Z16G-SYS-A

    • N540X-12Z16G-SYS-D

This module describes the commands used to configure Lawful intercept.


Note

All commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 540 Series Router that is introduced from Cisco IOS XR Release 6.3.2. References to earlier releases in Command History tables apply to only the Cisco NCS 5500 Series Router.

lawful-intercept disable

To disable the Lawful Intercept (LI) feature, use the lawful-intercept disable command. To re-enable the LI feature, use the no form of this command.

lawful-intercept disable

no lawful-intercept disable

Syntax Description

This command has no keywords or arguments.

Command Default

LI feature is enabled by default only if the LI package is installed.

Command Modes

Global configuration

Command History

Release

Modification

Release 5.2.1

This command is introduced.

Usage Guidelines

If you disable lawful intercept, all Mediation Devices and associated TAPs are deleted.

To enable this command, you must install and activate the ncs5500-li.rpm.

Task ID

Task ID

Operations

li

read, write

Examples

This example shows how to configure the lawful-intercept disable command: 

Router(config)# lawful-intercept disable

request consent-token

To request for a consent-token to activate or deactivate features on the router, use the request consent-token command in the XR EXEC mode

request consent-token { accept-response | generate-challenge | terminate-auth } { lawful-intercept | secure-ztp } { enable | disable }

Syntax Description

accept-response

Request to accept the response string from the network vendor
generate-challenge

Request to generate a challenge string which can be sent to the network vendor to request for consent.
terminate-auth

Request to terminate the authorization to renable the feature.
lawful-intercept

Specifies the Lawful Intercept feature.
secure-ztp

Specifies the Secure ZTP feature.
enable

Request to enable the feature.
disable

Request to disable the feature.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 7.5.1

Command options for lawful-intercept enable and disable was introduced.

Release 7.3.1

This command was introduced.

Usage Guidelines

If you disable lawful intercept, all Mediation Devices and associated TAPs are deleted.

To use consent-token, you must install and activate the LI-control package ncs5500-lictrl-1.0.0.0-rxyz.x86_64.rpm.

Task ID

Task ID

Operations

li

read, write

Examples

The following example shows how to generate a challenge to enable lawful-intercept with the request consent-token command: 


Router# request consent-token generate-challenge lawful-intercept enable
+--------------------------------------+
   Node location: node0_RP0_CPU0 
+--------------------------------------+
Challenge string:
pAoP8QAAAQYBAAQAAAAFAgAEAAAABQMACAAAAAAAAAAABAAQFAf7N2FWTaq3Du+bixEyUQUAB
AAA//8GAAxJT1MtWFItU1ctQ1QHAAxJT1MtWFItU1ctQ1QIAAdOQzU1LVJQCQALRk9DMjMxNTRNWVk=

The following example shows how to accept the response string provided by the network vendor's Signing Servers for enabling lawful-intercept. Execute the below command and when prompted, enter the response string from the network vendor in the router console. 


Router# request consent-token accept-response lawful-intercept enable
***************************************************************
Please enter challenge response string for node location node0_RP0_CPU0
***************************************************************
JkVs2AAAAQYBAAQAAAAFAgAEAAAABQMBYm9vZnY3ZUIraXpiY01ESWw1eGZ4TUlJbnZ4MUVQU2VNV
jJsL21uZFlLMXRpeUg5cGNHd1B5VEZHWk53YUVrZmoNCnZHdWpBaU1tNWtUb2VNM2ZYUURYeW5LQVdnR
VZvMXpveitkMlVvNm1xaXBMTlpwZ3YxSWpMdUZyY3VDb3R0bSsNClByRUp2WEZBd3ArUFJrT042cW4vc
3BPWm9JNjFDY2RZSW1Lc1VJOUpRbHNMdExOZE9FZk1DaW80OEQrdUZTa1cNClhLbWhkNEk0bE5IaFplSD
laUVdLVmlYTWIwdDhNemhmR0dRTzFzRVlHaWNtZVhJWnoxaEZ4N1BVb1NVdFFIbjANCktaK0hFZ0YxaUU
3YzVPdTV0bEJ4MmVHWjVxcWJ6YnBjVmFVTWxQZCtlRTEvWHlzYVAzL01kZTZYTDZGSVhlN2ENClc1Zzg0Z
E1kbWNSRCtZSUZ3Vk5yeWc9PQ==
 
+--------------------------------------+
   Node location: node0_RP0_CPU0 
+--------------------------------------+
Error code: 0

An output of Error code: 0 means the router has enabled LI functionality without any errors.