Lawful Intercept Account

The Lawful Intercept account can log in to a session and execute lawful intercept commands on the switch. The commands provide for configuration consists of dynamic ACLs and a mirror-to port to direct traffic to a separate device for analysis. The lawful intercept login session, session-related events, and the ACLs and mirror instance are not visible to, or modifiable by, any other user (administrative or otherwise).

No lawful intercept configuration is saved in the configuration file, and it must be reconfigured in the case of a system reboot.

Other important feature information:

• An administrative user can create and delete a single local account having the lawful intercept privilege and user privileges, but not administrative privileges, and can set its initial password.
• The lawful intercept user is required to change the password (for the single lawful intercept-privileged account) upon logging in for the first time.
• The password for the lawful intercept account can only be changed by the lawful intercept user and cannot be changed by an administrative user.
• The show accounts command displays the existence of the lawful intercept account, but does not display any related statistics.
• The show configuration command does not display the lawful intercept account.
• The show session {{detail} {sessID}} {history} command does not display any lawful intercept user information. The EMS events normally associated with logging in and out are suppressed, and do not occur relative to logging in and out of the lawful intercept account.
• The EMS events normally associated with the enable cli config-logging command are suppressed, and do not occur relative to a lawful intercept user session.
• The lawful intercept user can create and delete non-permanent dynamic ACLs with the mirror action only. The lawful intercept user cannot create or delete any other ACLs.
• The show access-list command does not display any Lawful Intercept user-created ACLs to a non-lawful intercept user.
• The lawful intercept user-created ACLs are not accessible for any use by a non-lawful intercept user (specifically through the configure access-list add or configure access-list delete commands).
• The lawful intercept user can only create or delete one (non-permanent) mirror instance with which to bind the lawful intercept user-created ACLs and specify the mirror-to port.