[c-nsp] Tapping a PPPoVPDN and/or PPPoE subscriber session the ASR1000

Frank Bulk frnkblk at iname.com
Wed Sep 10 00:26:28 EDT 2014

You haven't mentioned what kind of budget you have, but the first and third
options are worth pursuing.  If you don't like what the LI feature set can
do on the ASR then it's really just the SPAN option, but you can use a
product from a vendor like Gigamon to slim the traffic volume down to your
data capture device.


-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Christian Schmit
Sent: Tuesday, September 09, 2014 8:46 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Tapping a PPPoVPDN and/or PPPoE subscriber session the

 Legal authorities require that upon request we provide them with pcap 
files of a PPPoVPDN or PPPoE subscriber session we terminate on ASR1000 
 I need to limit the captured data to a specific subscriber/IP address.
 So far I looked into:
 - SPAN: on the ASR1000 SPAN does not seem to offer the possibility to 
apply an IP access list to the SPAN session
 - EPC: EPC can only collect data until the buffer is full which is by far 
to small if a session needs to be captured/monitored over weeks
 - LI feature: For using the lawful intercept (LI) feature of the ASR a 
mediation device is required which we do not have
 Any hints will be appreciated.

cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list