Operate and maintain
Documents under this category provide functional descriptions and procedures for configuring, operating, and maintaining the cMAG-c.
- Control Plane Function
  This guide describes the control plane function (CPF) for control and user plane separation (CUPS) solutions. The CPF is based on the packet forwarding control protocol (PFCP) interface as defined in 3GPP TS 29.244 for mobile 4G CUPS and 5G.
  - Getting started
    Find general information about this guide.
  - cMAG-c configuration quick start
    The quick start steps configure the main components required to prepare the cMAG-c for subscriber management.
  - Session management
    Get a general overview of the session functionality and the address assignment protocols, and details on the IPoE and PPPoE fixed access session types.
    - PFCP session
    - General session functionality
      Get a high-level overview of the PFCP protocol and general session related functionality including grouping sessions for a subscriber, QoS, service selection, session state, and lawful intercept.
    - Lawful intercept
      The lawful intercept (LI) solution is implemented on the cMAG-c and on the user plane (UP). The cMAG-c and the UP share a private key to allow decryption of LI PFCP IEs. This topic describes the LI implementation, the content of LI notifications, and how to configure LI on the cMAG-c.
      - LI solution for wireline application
        Understand the tools to use and guidelines to follow when configuring cMAG-c LI for wireline applications.
    - Fixed access sessions
      Learn about the key identifiers for fixed access sessions, IBCP tunnels, MAG-u selection, limits on the number of sessions, and the IPoE setup flows.
    - Address assignment protocols
      A cMAG-c solution supports various address assignment protocols per session type.
  - Address assignment
    The cMAG-c supports various address assignment options, including local address assignment via ODSA, local static address assignment via authentication database, AAA-based address assignment, non-provisioned address assignment, and external DHCPv4 and DHCPv6 server address assignment.
  - Authentication
    Configure authentication for a new cMAG-c session, including the RADIUS authentication profile. Learn about the BNG EP and ADB lookup process.
  - Accounting and charging
    Learn about the statistics collection from the MAG-u, time-based and volume-based charging, RADIUS accounting configuration, and buffering of the RADIUS accounting messages for later retransmission.
  - Python support
    Customize the cMAG-c behavior by applying user-defined Python scripts to inspect and modify control protocol packets.
  - MAG-u resiliency
    The Nokia cMAG-c supports a cMAG-c-driven MAG-u resiliency scheme. Learn about this resiliency scheme, the resiliency handling, and deployment use cases.
  - cMAG-c management
    The cMAG-c management features are built on top of SR Linux management with some exceptions and differences from SR Linux.
  - Control Plane Function Guide PDF
- SR OS User Plane Function

Lawful intercept

The lawful intercept (LI) solution is implemented on the cMAG-c and on the user plane (UP). The cMAG-c and the UP share a private key to allow decryption of LI PFCP IEs. This topic describes the LI implementation, the content of LI notifications, and how to configure LI on the cMAG-c.

LI is a legally sanctioned, official access to private communications. To provide intercepted private communications to law enforcement officials, a service provider or network operator collects communication of a private subscriber or organization using an LI security process.

LI typically consists of the following interfaces, irrespective of the access technology:

administrative interface – supports LI target provisioning
information-related interface – provides event information related to subscribers
contents-of-communications interface – sends mirrored packets to the LI gateway (LIG)

The Nokia CUPS architecture supports administrative and information-related interfaces on the cMAG-c and the contents-of-communication interface on each MAG-u.

The cMAG-c provides a centralized location to provision all LI targets, and instructs the UP to perform LI for specific target subscribers by sending encrypted LI PFCP IEs through the Sx interface. The cMAG-c and the UP share a private key to allow decryption of LI PFCP IEs.

To allow the LI target to remain anonymous, every subscriber PFCP session includes encrypted LI PFCP IEs.

LI solution for wireline application

Understand the tools to use and guidelines to follow when configuring cMAG-c LI for wireline applications.

For wireline (BNG) applications, the following criteria apply for the cMAG-c LI:

Perform all target provisioning for LI on the cMAG-c through SSH CLI.
The cMAG-c sends log events related to LI targets on syslog.
Each MAG-u can be configured to send mirrored traffic according to the mirror destination type: SAP, SDP, or IP-UDP SHIM.

Use the following command on the cMAG-c to configure LI targets.

lawful-intercept targets

For wireline subscribers, use the following command to configure the target source. The name (ID) must match the subscriber ID returned from RADIUS, which is VSA Alc-Subsc-ID-Str [11].

lawful-interface targets subscriber

Other parameters including the intercept direction, mirror-instance-name on the UP, intercept ID, and session ID can also be configured.

July 11, 2025