Lawful Intercept Account
The Lawful Intercept account can log in to a session and execute lawful
intercept commands on the switch. The commands provide for configuration consists
of dynamic ACLs and a mirror-to port to direct traffic to a separate device for
analysis. The lawful intercept login session, session-related events, and the ACLs
and mirror instance are not visible to, or modifiable by, any other user
(administrative or otherwise).
No lawful intercept configuration is saved in the configuration file, and
it must be reconfigured in the case of a system reboot.
Other important feature information:
- An administrative user can create and delete a single
local account having the lawful intercept privilege and user privileges, but
not administrative privileges, and can set its initial password.
- The lawful intercept user is required to change the
password (for the single lawful intercept-privileged account) upon logging
in for the first time.
- The password for the lawful intercept account can only be
changed by the lawful intercept user and cannot be changed by an
administrative user.
- The show accounts command displays the
existence of the lawful intercept account, but does not display any related
statistics.
- The show configuration command does not
display the lawful intercept account.
- The show session {{detail}
{sessID}} {history}
command does not display any lawful intercept user information. The EMS
events normally associated with logging in and out are suppressed, and do
not occur relative to logging in and out of the lawful intercept
account.
- The EMS events normally
associated with the enable cli config-logging command are suppressed, and do not occur relative to a
lawful intercept user session.
- The lawful intercept user can create and delete
non-permanent dynamic ACLs with the mirror action only. The lawful intercept
user cannot create or delete any other ACLs.
- The show access-list command does not
display any Lawful Intercept user-created ACLs to a non-lawful intercept
user.
- The lawful intercept user-created ACLs are not accessible
for any use by a non-lawful intercept user (specifically through the
configure access-list add or configure
access-list delete commands).
- The lawful intercept user can only create or delete one
(non-permanent) mirror instance with which to bind the lawful intercept
user-created ACLs and specify the mirror-to port.