Configure the LI user on the NFM-P

Create an LI user on the NFM-P.

1. Plan the NFM-P LI user account creation according to the requirements for LI user access to other NFM-P functional areas. See “User account and group management” in the NSP System Administrator Guide for more information.

2. Create an LI scope of command profile that has an assigned Lawful Interception Management role. See To create an LI scope of command profile on the NFM-P .

3. Create an LI user group that is associated with the new scope of command profile. See To create an LI user group on the NFM-P.

4. Create an LI user account and assign it to the new user group. See To create an LI user on the NFM-P .

5. Provide the login credentials for the LI user account to the authorized LI administrator or LI user.

6. The LI user must change their LI user account password so that it is unknown to the NFM-P admin user.

Configure TLS for LI users

Assign SNMPv3 access privileges to the LI user group created in Stage 1 to each NE that the LI function will be performed on. You must enable TLS for the user group. See To enable SNMPv3 management of a device .

Note: You cannot log in to the NFM-P as an LI user unless TLS is enabled for the LI user group.

NFM-P GUI access for LI users requires TLS between the NFM-P and the GUI clients. If TLS is disabled on the NFM-P XML API, TLS is also disabled for GUI access.

If TLS is disabled on the NFM-P XML API, enable TLS on the interface. The NFM-P section of the security chapter in the NSP Installation and Upgrade Guide describes how to enable TLS for NFM-P XML API clients.

Configure the LI user on the LI NE

Create an NE LI user on an NE where LI is being performed.

1. Create an NE LI user profile on the NE using a CLI. See To create an NE LI user profile on an NE using a CLI .

2. Create an NE LI user account on the NE that is associated with the LI user profile using a CLI. See To create an NE LI user account on an NE using a CLI .

3. Provide the login credentials for the LI NE user account to the NE LI user.

4. Configure NE LI user security on the NE such as the LI NE user account, password, and SNMP data encryption for the NE. See To configure NE LI user security .

5. Specify if the NE stores the LI source configuration locally or reconfigures the LI sources after a reboot. LI source configurations are saved on an NE when the polling policy for the NE specifies LI Local Save Allowed. See To configure polling for a 7250 IXR, 7450 ESS, 7705 SAR, 7750 SR, 7950 XRS, VSR, or Wavence SM .

Configure the LI NE mediation policies and LI filter policies

Perform the following steps to configure an LI security mediation policy and the appropriate LI filter policies on the NFM-P.

1. Log out of the NFM-P GUI if you are logged in as a non-LI user and log back in as an LI user.

2. Synchronize the global NE user configuration profile with the local LI NE user configuration profile which is required prior to creating the LI mediation policy. See To synchronize the global NFM-P NE LI user configuration profile with the local NE LI user configuration profile .

3. Create an LI mediation security policy that defines the network security model used when creating LI mirror objects. See To configure an LI security mediation policy .

4. Create an LI MAC filter policy if you need to define the source and destination LI MAC filter entries used to filter out traffic to non-LI users for LI mirror services. See To configure an LI MAC filter policy .

5. Create an LI IP or IPv6 filter policy if you need to define the source and destination LI IP or IPv6 filter entries used to filter out traffic to non-LI users for LI mirror services. See To configure an LI IP filter policy and To configure an LI IPv6 filter policy .

6. Create a Block Reservation policy if you need to define the block reservation attributes of LI filter entries such as the block start/stop-entries and the block size in the base IPv4/IPv6 ACL filter. See To configure a Block Reservation policy .

7. Configure the LI Filter Lock if you need to configure who can modify base IPv4 and MAC filters referenced by an LI source. See To configure the LI filter lock .

Use the NFM-P to enable LI discovery of an NE. See To enable NE discovery for LI .

Configure LI mirror services

Perform the following steps to configure LI mirror services. See the “Workflow to create a mirror service” in Chapter 93, Mirror services for any non-LI configuration tasks that are required to configure a mirror service.

1. Create a mirror service. See To create a mirror service .

2. To specify an LI MAC filter created in Stage 5 5 as the LI source, see To specify an LI MAC filter entry as an LI source .

3. To specify an LI IPv4 or IPv6 filter created in Stage 5 6 as the LI source, see To specify an LI IP filter entry as an LI source and To specify an LI IPv6 filter entry as an LI source .

4. To specify an LI subscriber or subscriber host as the LI source, see To specify an LI subscriber as an LI source .

5. To specify an LI WLAN distributed subscriber as the LI source, see To specify an LI WLAN distributed subscriber as an LI source .

6. To specify an LI Source Port as the LI source, see To specify an LI Source Port as an LI source.

7. To specify an LI SAP on a mirror site as the LI source, see To specify an LI SAP as an LI source .

8. To configure LI on a specific NAT subscriber, see To configure LI on a specific NAT subscriber .

9. To view LI mirrored subscriber host service information configured with a RADIUS server, see To view LI mirrored subscriber hosts configured with a RADIUS server .

Monitor LI user and system activity

View LI user and system logs to monitor LI activity. See the section on user activity logging in the NSP System Administrator Guide for more information about accessing user and system logs.