Configuring CALEA Server Support on IAPs

LILawful Interception. LI refers to the procedure of obtaining communications network data by the Law Enforcement Agencies for the purpose of analysis or evidence. allows the Law Enforcement Agencies to perform an authorized electronic surveillance. Depending on the country of operation, the ISPs are required to support LI in their respective networks.

In the United States, Service Providers are required to ensure LI compliance based on CALEACommunications Assistance for Law Enforcement Act. To comply with the CALEA specifications and to allow lawful interception of Internet traffic by the law enforcement and intelligence agencies, the telecommunications carriers and manufacturers of telecommunications equipment are required to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities. specifications.

Aruba Central supports CALEA integration with an Instant Access Point (IAP) in a hierarchical and flat topology, mesh IAP network, the wired and wireless networks.

For more information on the communication and traffic flow from an IAP to CALEA server, see Aruba Instant User Guide.

To enable an IAP to communicate with the CALEA server, complete the following steps:

Creating a CALEA Profile

To create a CALEA profile, complete the following steps:

1. In the Network Operations app, set the filter to a group that contains at least one AP. The dashboard context for the group is displayed.
2. Under Manage, click Devices > Access Points.
3. Click the Config icon. The tabs to configure access points is displayed.
4. Click Show Advanced, and click Services tab. The Services page is displayed.
5. Click the CALEA accordion.

6. Specify the following parameters:

   • IP address— Specify the IP address of the CALEA server.
   • Encapsulation type— Specify the encapsulation type. The current release of Aruba Central supports GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. only.
   • GRE type— Specify the GRE type.
   • MTU— Specify a size for the MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. within the range of 68—1500. After GRE encapsulation, if packet length exceeds the configured MTU, IP fragmentation occurs. The default MTU size is 1500. fragmentation occurs. The default MTU size is 1500.
7. Click Save Settings.

Creating ACLs for CALEA Server Support

To create an access rule for CALEA, complete the following steps:

1. In the Network Operations app, use the filter to select a group or a device.

2. If you select a group, perform the following steps:

   1. Under Manage, click Devices > Access Points.
   2. Click the Config icon. The tabs to configure the group is displayed.
3. If you select a device, under Manage, click Devices.
4. Click Show Advanced, and click Security tab. The Security page is displayed.
5. Click the Roles accordion.
6. Under Access Rules for Selected Roles, click + icon. The New Rule window is displayed.
7. Set the Rule Type to CALEA.
8. Click Save.
9. Create a role assignment rule if required.
10. Click Save Settings.