li command reference

li hierarchy descriptions

This section provides the following Lawful Intercept hierarchy descriptions:

configure li command hierarchy


    configure
      — li
          — mobile-gateway
              — 3gpp-5g-release
              — 3gpp-release
              — allow-duplicate-msisdn-or-imei
              — custom-correlation-id-format
              — df-peer
              — fan-out
              — include-rai
              — iri
                  — gw-function-iri-mode
                  — iri-per-mb-request
                  — x2-iri-ice-type
              — li-x2
                  — li-x2-keep-alive-time-p1
                  — li-x2-keep-alive-time-p2
              — local-interface
              — nf-id-value
              — num-conn-retries
              — tls
              — x2-iri-cache-size
              — x2-iri-qos
              — x2-keep-alive-time
          — pfcp-li-shared-key
          — target
              — description
              — source

show li command hierarchy


    show
      — li
          — mobile-gateway
              — summary

li command descriptions

This section provides the following Lawfull Interception command descriptions:

configure li command descriptions

mobile-gateway

Syntax

mobile-gateway

Context

[Tree] configure li mobile-gateway

Description

Commands in this context configure Lawful Intercept (LI) functionality for the MAG-c.

3gpp-5g-release

Syntax

3gpp-5g-release release

Context

[Tree] configure li mobile-gateway 3gpp-5g-release

Description

This command configures the 3GPP release option used for the 5G LI interfaces.

The no form of this command reverts to the default (base release).

Parameters

release: Specifies the 3GPP release.; Values: rel-base | rel-16; Default: rel-base (release 15)

3gpp-release

Syntax

3gpp-release release

Context

[Tree] configure li mobile-gateway 3gpp-release

Description

This command configures the 3GPP release option used for LI interfaces.

The no form of this command reverts to the default (base release).

Parameters

release: Specifies the 3GPP release.; Values: rel-base | rel-13; Default: rel-base (release 11)

allow-duplicate-msisdn-or-imei

Syntax

[no] allow-duplicate-msisdn-or-imei

Context

[Tree] configure li mobile-gateway allow-duplicate-msisdn-or-imei

Description

This command enables LI support for duplicate MSISDN or IMEI.

The no form of this command disables LI support for duplicate MSISDN or IMEI.

custom-correlation-id-format

Syntax

custom-correlation-id-format {enable | disable}
no custom-correlation-id-format

Context

[Tree] configure li mobile-gateway custom-correlation-id-format

Description

This command facilitates sending the correlation ID with four octets charging ID (without including the gateway IP address). The correlation ID is included in IRI as well as in CC messages, so that the LIG can correlate IRI and CC messages.

The no form of this command reverts to default (disable).

Parameters

enable: Keyword to send the correlation ID with four octets charging identifier.

disable: Keyword to not send the correlation ID with four octets charging identifier.; Default: disable

df-peer

Syntax

df-peer df-peer-id df2-addr ip-address df2-port port [df2-tls-profile profile-name]
no df-peer df-peer-id

Context

[Tree] configure li mobile-gateway df-peer

Description

This command configures the DF peer of an LI gateway as DF2 (X2) only. It supports the following configuration options:

DF2 IP address and port
DF2 TLS profile

The no form of this command removes the DF peer information from the configuration.

Parameters

def-peer-id: Specifies the DF peer ID.; Values: 1 to 254

ip-address

Specifies the DF peer IP address where the X2 is sent.

Values:

IPv4 address – a.b.c.d
IPv6 address – x:x:x:x:x:x:x:x (eight 16-bit pieces) or x:x:x:x:x:x:d.d.d.d
where
x – [0..FFFF]H
d – [0..255]D

port

Specifies the DF port number (TCP/UDP port) where the X2 is sent.

Values: 1 to 65535

Default: 0

profile-name

Specifies the DF profile name, up to 32 characters.

Note:

The DF peers can use the same or different TLS client profiles.
To use a TLS profile, the TLS protocol must be enabled (using the tls command).
The TLS client profiles must be in the administratively disabled (no shutdown) state.

fan-out

Syntax

[no] fan-out

Context

[Tree] configure li mobile-gateway fan-out

Description

This command enables IRI and IRI+CC fan-out functionality for LI on the mobile gateway. Each target activation must be uniquely identified by the Lawful Interception Identifier (LIID) specified using the target command. A maximum of 10 target activations are supported for a UE. There could be, for example, 5 activations using IMSI, 3 activations using MSISDN, and 2 activations using IMEI. A maximum of 7 activations are supported using the same target type (for example, IMSI). Each activation must be deactivated separately using the same LIID used at the time of activation.

The no form of this command reverts to the default.

Default

no fan-out

include-rai

Syntax

[no] include-rai

Context

[Tree] configure li mobile-gateway include-rai

Description

This command supports the inclusion of the Routing Area Identifier (RAI) from the message level along with the ULI received from the SGSN, within the Location of the Target Information Element that is sent in the IRI messages to the LIG.

The no form of this command reverts to the default.

Default

no include-rai

iri

Syntax

Context

[Tree] configure li mobile-gateway iri

Description

Commands in this context configure LI IRI settings.

gw-function-iri-mode

Syntax

[no] gw-function-iri-mode

Context

[Tree] configure li mobile-gateway iri gw-function-iri-mode

Description

This command controls the IRI mode of generating events for a combined 4G SGW/PGW session on the MAG-c. For a combined session, by default, only MAG-c IRI events are generated. When this command is enabled, separate events are generated for the combined session from both the SGW and the PGW function.

The no form of this command reverts to the default (only PGW events are generated for the combined SGW/PGW session).

Default

no gw-function-iri-mode

iri-per-mb-request

Syntax

[no] iri-per-mb-request

Context

[Tree] configure li mobile-gateway iri iri-per-mb-request

Description

This command enables the additional MBReq event on a MAG-c acting as the SGW.

The no form of this command reverts to the default.

Default

no iri-per-mb-request

x2-iri-ice-type

Syntax

[no]x2-iri-ice-type

Context

[Tree] configure li mobile-gateway iri x2-iri-ice-type

Description

This command enables inclusion of the ICE-Type in GTP signaling-related IRI messages sent by the mobile gateway. Applicable gateway types include SGW, PGW, and combined SGW/PGW.

The no form of this command reverts to the default (ICE-Type is not included in GTP signaling

related IRI messages).

Default

no x2-iri-ice-type

li-x2

Syntax

li-x2

Context

[Tree] configure li mobile-gateway li-x2

Description

Commands in this context configure LI_X2 interface settings.

li-x2-keep-alive-time-p1

Syntax

li-x2-keep-alive-time-p1 x2-time-p1-value
no li-x2-keep-alive-time-p1

Context

[Tree] configure li mobile-gateway li-x2 li-x2-keep-alive-time-p1

Description

This command specifies the keep-alive time for the LI_X2 interface on the MAG-c acting as the SMF. The POI sends a keepalive PDU at least everyx2-time-p1-value seconds (the default is 60 seconds). If the POI does not receive a keep-alive Acknowledgment PDU within the number of seconds specified for x2-time-p2-value, it disconnects the connection and attempts to reconnect to the MDF while reporting an error through the X1 interface as defined in ETSI TS 103 221-1. The default x2-time-p2-value is 180 seconds and it can be modified using the li-x2-keep-alive-time-p2 command.

The no form of this command reverts to the default. If the timer is set to 0 value, the keep-alive mechanism is disabled.

Parameters

x2-time-p1-value: Specifies the keep-alive time, in seconds.; Values: 0 to 300; Default: 60

li-x2-keep-alive-time-p2

Syntax

li-x2-keep-alive-time-p2 x2-time-p2-value
no li-x2-keep-alive-time-p2

Context

[Tree] configure li mobile-gateway li-x2 li-x2-keep-alive-time-p2

Description

This command specifies the keep-alive time for the LI_X2 interface on the SMF. If the POI does not receive a keep-alive Acknowledgment PDU within the number of seconds specified for x2-time-p2-value (the default is 180 seconds), it disconnects the connection and attempts to reconnect to the MDF while reporting an error through the X1 interface as defined in ETSI TS 103 221-1.

The no form of this command reverts to the default. If the timer is set to 0 value, the keep-alive mechanism is disabled.

Parameters

x2-time-p2-value: Specifies the keep-alive time, in seconds.; Values: 0 to 1800; Default: 180

local-interface

Syntax

local-interface ip-address [router router-instance] [override-x2-interface x2-ip-address [x2-router x2-router-instance]]
no local-interface

Context

[Tree] configure li mobile-gateway local-interface

Description

This command configures the source IP address used by the xGW/GGSN for the LI interface. Specifying the override-x2-interface option enables each X2 interface to use a different VPRN context. When the override-x2-interface option is not specified, the X2 interfaces use the same IP address and VPRN context.

The no form of this command reverts to the default.

Default

no local-interface

Parameters

ip-address

Specifies the source IP address.

Values:

IPv4 address – a.b.c.d
IPv6 address – x:x:x:x:x:x:x:x (eight 16-bit pieces) or x:x:x:x:x:x:d.d.d.d
where
x – [0..FFFF]H
d – [0..255]D

router-instance

Specifies the router instance, up to 32 characters.

x2-ip-address

Specifies the source X2 IP address.

Values:

IPv4 address – a.b.c.d
IPv6 address – x:x:x:x:x:x:x:x (eight 16-bit pieces) or x:x:x:x:x:x:d.d.d.d
where
x – [0..FFFF]H
d – [0..255]D

x2-router-instance

Specifies the X2 router instance, up to 32 characters.

nf-id-value

Syntax

nf-id-value {uuid | ip-addr | ip-addr-hex-string}
no nf-id-value

Context

[Tree] configure li mobile-gateway nf-id-value

Description

This command specifies the NF identifier choice of uuid or ip-addr to use for IRI and CC messages over the LI_X1, LI_X2 and LI_X3 interfaces. The ip-addr option specifies to use the configured local source IP address for the LI_X1, LI_X2 and LI_X3 interfaces as the NF identifier in IRI and CC messages respectively.

The no form of this command reverts to the default (uuid).

Default

no nf-id-value

Parameters

uuid: Keyword indicates to use the UUID as the NF identifier in IRI and CC messages.

ip-addr: Keyword indicates to use the local source IP address configured for the LI_X1, LI_X2 and the LI_X3 interfaces as the NF identifiers in the IRI and CC messages respectively.; Default: disable

ip-addr-hex-string: Keyword indicates to use the local source IP address for the LI_X1, LI_X2 and the LI_X3 interfaces, encoded as a hex string (individual digits and the character '.' are converted to the hex form) as the NF identifiers for the IRI and CC messages respectively.; Default: uuid

num-conn-retries

Syntax

num-conn-retries num-of-retries
no num-conn-retries

Context

[Tree] configure li mobile-gateway num-conn-retries

Description

This command is used to specify the number of (TCP) connection retries to the LIG server, before it is deemed to be down.

The no form of this command reverts to the default.

Default

num-conn-retries 3

Parameters

num-of-retries: Specifies the number of retries.; Values: 1 to 10; Default: 3

tls

Syntax

[no] tls

Context

[Tree] configure li mobile-gateway tls

Description

This command enables the TLS protocol in the LI X2 and X3 interfaces. To enable the TLS protocol, make sure that following conditions apply:

a valid client TLS profile is configured and administratively enabled (not shutdown) in all DF peers
the X3 interface is using TCP as the transport option

The no form of this command reverts to the default.

Default

no tls

x2-iri-cache-size

Syntax

x2-iri-cache-size cache-size
no x2-iri-cache-size

Context

[Tree] configure li mobile-gateway x2-iri-cache-size

Description

This command is used to specify the size of the IRI buffer cache. (IRI messages buffered when connectivity to the LIG is down). Setting the cache size to a value of 0 disables buffering.

The no form of this command reverts to the default.

x2-iri-qos

Syntax

x2-iri-qos dscp {dscp-value | dscp-name}
no x2-iri-qos

Context

[Tree] configure li mobile-gateway x2-iri-qos

Description

This command specifies the DSCP to be set for IRI (Interception Related Information) messages sent to a LIG (Lawful Interception Gateway).

The no form of this command reverts to the default.

Parameters

dscp-value: Specifies the value of the DSCP to be set for IRI.; Values: 0 to 63
dscp-name: Specifies the name of the DSCP to be set for IRI.; Values: none | be | ef | cp1 | cp2 | cp3 | cp4 | cp5 | cp6 | cp7 | cp9 | cs1 | cs2 | cs3 | cs4 | cs5 | nc1 | nc2 | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cp11 | cp13 | cp15 | cp17 | cp19 | cp21 | cp23 | cp25 | cp27 | cp29 | cp31 | cp33 | cp35 | cp37 | cp39 | cp41 | cp42 | cp43 | cp44 | cp45 | cp47 | cp49 | cp50 | cp51 | cp52 | cp53 | cp54 | cp55 | cp57 | cp58 | cp59 | cp60 | cp61 | cp62 | cp63; Default: af41

x2-keep-alive-time

Syntax

x2-keep-alive-time keep-alive-time
no x2-keep-alive-time

Context

[Tree] configure li mobile-gateway x2-keep-alive-time

Description

This command configures the keep-alive time for the X2 interface. An LI message including a keep-alive parameter is sent to the LIG when no LI message has been sent for the configured amount of time (for example, five minutes), indicating to the LIG that the LI connection is still up.

The no form of this command reverts to the default. A value of 0 disables the keep-alive mechanism.

Parameters

keep-alive-time: Specifies the keep-alive time in minutes.; Values: 0 to 5; Default: 0

pfcp-li-shared-key

Syntax

pfcp-li-shared-key key-value
pfcp-li-shared-key key-value hash2
no pfcp-li-shared-key

Context

[Tree] configure li pfcp-li-shared-key

Description

This command configures the shared key used between the MAG-c and the UP over the Sx/N4 interface. The PFCP IEs are sent from the MAG-c to the SR OS UPs. This is used to encrypt the LI container IE at the MAG-c and decrypt the LI container IE at the UP.

The no form of this command reverts to the default.

Default

no pfcp-li-shared-key

Parameters

key-value: Specifies the shared-key value for the Sx/N4 interface, up to 128 characters.

hash2: Keyword to specify hash2.

target

Syntax

target name
no target

Context

[Tree] configure li target

Description

This command configures an LI target and commands in this context configure the target attributes.

Parameters

name: Specifies the target name, up to 32 characters.

description

Syntax

description description-string

Context

[Tree] configure li target description

Description

This command configures a description for the LI target.

Parameters

description-string: Specifies the target description, up to 80 characters.

source

Syntax

source
no source id
source id imsi imsi-number [ingress] [egress] [fc fc-name [fc-name… (up to 8 max)]] intercept-id intercept-id session-id session-id [iri-peer df-peer-id] [mirror-destination service-name]
source id subscriber name [ingress] [egress] [fc fc-name [fc-name...(up to 8 max)]] intercept-id intercept-id session-id session-id mirror-destination service-name

Context

[Tree] configure li target source

Description

This command configures activation and deactivation of subscriber LI. The MAG-c supports 4G, 5G, and BNG subscribers LI. Use the following keywords with this command:

If you are performing LI on a wireline (BNG) subscriber, use the subscriber keyword.
If you are performing LI on a wireless subscriber,, including both 4G and 5G, use the imsi keyword.

Note: Although the IRI peer ID is configurable, it is not supported. Nokia highly recommends that you do not configure the iri-peer option.

Parameters

id: Specifies a target source ID, or a name up to 64 characters; for example, if the target has 4 IMSIs. The imsi-number and the id parameters are mutually exclusive.; Value: 1 to 4

imsi-number: Specifies an IMSI value, up to 128 characters. The imsi-number and the id parameters are mutually exclusive.

name: Specifies the subscriber name, up to 64 characters.

ingress: Keyword to specify the ingress source.

egress: Keyword to specify the egress source.

fc-name: Specifies the FC type.; Values: be | l2 | af | l1 | h2 | ef | h1 | nc

intercept-id: Specifies the intercept ID.; Values: 1 to 1073741823

session-id: Specifies the session ID.; Values: 1 to 4294967295

df-peer-id: Although configurable, the DF peer ID for the IRI peer is not supported and should not be configured.; Values: 1 to 254

service-name: Specifies the service name, up to 64 characters.

show li command descriptions

mobile-gateway

Syntax

mobile-gateway

Context

[Tree] show li mobile-gateway

Description

Commands in this context display LI information.

summary

Syntax

summary

Context

[Tree] show li mobile-gateway summary

Description

This command displays a summary of the LI information.