[c-nsp] Tapping a PPPoVPDN and/or PPPoE subscriber session the ASR1000
Frank Bulk
frnkblk at iname.com
Wed Sep 10 00:26:28 EDT 2014
You haven't mentioned what kind of budget you have, but the first and third
options are worth pursuing. If you don't like what the LI feature set can
do on the ASR then it's really just the SPAN option, but you can use a
product from a vendor like Gigamon to slim the traffic volume down to your
data capture device.
Frank
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Christian Schmit
Sent: Tuesday, September 09, 2014 8:46 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Tapping a PPPoVPDN and/or PPPoE subscriber session the
ASR1000
Hi,
Legal authorities require that upon request we provide them with pcap
files of a PPPoVPDN or PPPoE subscriber session we terminate on ASR1000
devices.
I need to limit the captured data to a specific subscriber/IP address.
So far I looked into:
- SPAN: on the ASR1000 SPAN does not seem to offer the possibility to
apply an IP access list to the SPAN session
- EPC: EPC can only collect data until the buffer is full which is by far
to small if a session needs to be captured/monitored over weeks
- LI feature: For using the lawful intercept (LI) feature of the ASR a
mediation device is required which we do not have
Any hints will be appreciated.
thanks,
Christian
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list