@@ -165,7 +165,11 @@ intercept must be configured with the following parameters:
165165* Access type -- the technology used to provide the target with Internet
166166 access (e.g. DSL, Fiber, Wireless, etc).
167167* User -- the username assigned to that user within your AAA system. This is
168- required, even if the target is only using static IP addresses.
168+ required, even if the target is only using static IP addresses. For mobile
169+ intercepts, this should be either the MSISDN, IMSI, or IMEI of the target
170+ device.
171+ * Mobile Identifier -- (for mobile intercepts only) indicates whether the
172+ target is to be identified based on their MSISDN, IMSI, or IMEI.
169173
170174An IP intercept may also include ONE of the following parameters, which is
171175used to identify the intercept target.
@@ -177,6 +181,10 @@ used to identify the intercept target.
177181 traffic into the OpenLI collector(s), any mirrored traffic with an intercept
178182 ID that matches this value will be treated as belonging to this OpenLI IP
179183 intercept.
184+ * Cisco Mirror ID -- if you are using Cisco packet mirroring to feed
185+ intercepted traffic into an OpenLI collector, any mirrored traffic with
186+ an intercept ID that matches this value will be assumed to belong to this
187+ OpenLI IP intercept.
180188* Static IPs -- if the target has a static IP (range), you can use this
181189 parameter to tell OpenLI which IPs belong to the target.
182190
@@ -194,8 +202,11 @@ as the one that is receiving the mirrored packets.
194202For mobile IP intercepts, there are some slight differences. The Access type
195203must be set to "mobile" to tell OpenLI to detect IP sessions using mobile
196204session management protocols (such as GTP), instead of RADIUS. The User must
197- also be set to the target's phone number (MSISDN). The ALU Shim and JMirror
198- methods do not apply to mobile IP intercepts.
205+ also be set to either the MSISDN, IMSI, or IMEI of the device that is to be
206+ intercepted. You must use the "Mobile Identifier" parameter to tell OpenLI
207+ which type of identifier is described by the User field.
208+
209+ The vendor mirroring interception methods do not apply to mobile IP intercepts.
199210
200211#### Using the RADIUS Calling Station ID to Identify IP Intercept Targets
201212In a conventional RADIUS deployment, the identity of the subscriber can be
@@ -234,17 +245,25 @@ to or from your SIP and RADIUS servers.
234245SIP servers are defined using the sipservers option. Each SIP server that
235246you have in your network should be included as a list item within the
236247'sipservers' option. Failure to configure SIP servers will prevent OpenLI from
237- performing any VOIP intercepts. A SIP server is configured using two parameters:
248+ performing any VOIP intercepts. A SIP server is configured using the
249+ following parameters:
238250* ip -- the IP address of the SIP server
239- * port -- the port that the SIP server is listening on.
251+ * port_lower -- the lowest port number that the SIP server is listening on.
252+ * port_upper -- the highest port number that the SIP server is listening on.
240253
241254RADIUS servers are defined using the 'radiusservers' option. The configuration
242255works much the same as for SIP, except that most RADIUS deployments will need
243- TWO server entries: one for the auth service and one for the accounting service,
244- as these are usually listening on different ports. A RADIUS server entry is
245- configured using two parameters:
256+ to ensure that their port range covers both the auth service and the accounting
257+ service, as these are usually listening on different ports. A RADIUS server
258+ entry is configured using the same parameters as a SIP server, i.e. :
246259* ip -- the IP address of the RADIUS server
247- * port -- the port that the RADIUS server is communicating on.
260+ * port_lower -- the lowest port number that the RADIUS server is listening on.
261+ * port_upper -- the highest port number that the RADIUS server is listening on.
262+
263+ For SIP and RADIUS servers that are only listening on a single port, you may
264+ choose to omit ` port_lower ` and ` port_upper ` and instead provide the following
265+ parameter:
266+ * port -- the single port that the server is listening on.
248267
249268
250269### Email Servers
@@ -442,21 +461,28 @@ An IP intercept must contain the following key-value elements:
442461* ` liid ` -- the LIID
443462* ` authcountrycode ` -- the authorisation country code
444463* ` deliverycountrycode ` -- the delivery country code
445- * ` user ` -- the AAA username for the target
464+ * ` user ` -- the AAA username for the target, or the target
465+ identifier for mobile intercepts
446466* ` mediator ` -- the ID of the mediator which will forward the
447467 intercept
448468* ` agencyid ` -- the internal identifier of the agency that
449469 requested the intercept
450- * ` accesstype ` -- the access type providied to the user, will
451- default to 'undefined' if not set.
470+ * ` accesstype ` -- the access type provided to the user, will
471+ default to 'undefined' if not set
472+ * ` mobileident ` -- (required for mobile intercepts only) the type
473+ of identifier specified in the ` user ` element
452474
453475Valid access types are:
454476 'dialup', 'adsl', 'vdsl', 'fiber', 'wireless', 'lan', 'satellite', 'wimax',
455477 'cable', 'mobile' and 'wireless-other'.
456478
479+ Valid mobileident values are:
480+ 'imsi', 'msisdn', and 'imei'. If not specified, the default is ` msisdn ` .
481+
457482Note that setting the access type to 'mobile' will cause OpenLI to use GTPv2
458483traffic to identify the target's IP sessions, and the resulting ETSI records
459- will conform to the UMTS format (as opposed to the standard IP format).
484+ will conform to the UMTS format (as opposed to the standard IP format
485+ defined in ETSI TS 102 232-3).
460486
461487Optional key-value elements for an IP intercept are:
462488
0 commit comments