This section lists the MIBs used for lawful intercept processing.
Due to its sensitive nature, the Cisco lawful intercept MIBs are only available in software images that support the Lawful
Intercept feature. To access the Cisco IOS MIB Locator page, go to:
http://mibs.cloudapps.cisco.com/ITDIT/MIBS/servlet/index.
CISCO-TAP2-MIB
The CISCO-TAP2-MIB contains SNMP management objects that control lawful intercepts. The mediation device uses the MIB to configure
and run lawful intercepts on targets whose traffic passes through the device.
The CISCO-TAP2-MIB contains several tables that provide information for lawful intercepts that are running on the device:
-
cTap2MediationTable: Contains information about each mediation device that is currently running lawful intercept on the device.
Each table entry provides information that the device uses to communicate with the mediation device, for example, the device’s
address, the interfaces to send intercepted traffic over, and the protocol to use to transmit the intercepted traffic.
-
cTap2StreamTable: Contains information used to identify the traffic to intercept. Each table entry contains a pointer to a
filter that is used to identify the traffic stream associated with the target of a lawful intercept. Traffic that matches
the filter is intercepted, copied, and sent to the corresponding mediation device application (cTap2MediationContentId).
The cTap2StreamTable table also contains counts of the number of packets that were intercepted, and counts of dropped packets
that should have been intercepted, but were not.
-
cTap2DebugTable: Contains debug information for troubleshooting lawful intercept errors.
The CISCO-TAP2-MIB also contains several SNMP notifications for lawful intercept events. For detailed descriptions of MIB
objects, see corresponding MIBs.
CISCO-TAP2-MIB Processing
The administration function (running on the mediation device) issues SNMPv3 set and get requests to the device’s CISCO-TAP2-MIB
to set up and initiate a lawful intercept. To do this, the administration function performs the following actions:
-
Creates a cTap2MediationTable entry to define how the device is to communicate with the mediation device executing the intercept.
Note
|
The cTap2MediationNewIndex object provides a unique index for the mediation table entry.
|
-
Creates an entry in the cTap2StreamTable to identify the traffic stream to intercept.
-
Sets cTap2StreamInterceptEnable to true(1) to start the intercept. The device intercepts traffic in the stream until the intercept
expires (cTap2MediationTimeout).
CISCO-IP-TAP-MIB
The CISCO-IP-TAP-MIB contains the SNMP management objects to configure and execute lawful intercepts on IPv4 traffic streams
that flow through the device. This MIB is an extension of the CISCO-TAP2-MIB.
You can use the CISCO-IP-TAP-MIB to configure lawful intercept on a device to intercept IPv4 packets with values that match
a combination of one or more of the following fields:
CISCO-IP-TAP-MIB Processing
When data is intercepted, two streams are created. One stream is for packets that originate from the target IP address to
any other IP address using any port. The second stream is created for packets that are routed to the target IP address from
any other address using any port. For VoIP, two streams are created, one for RTP packets from the target and the second stream
for the RTP packets to target using the specific source and destination IP addresses and ports specified in the SDP information
used to set up the RTP stream.