User's Manual Part 2



50JadeOSUserManual

Twoconfigurationcommandsinconfigmode:

firewall cp-bandwidth-contract <service type> <pps number | traffic

limit>

firewall sp-bandwidth-contract <service type> <pps number | traffic

limit>

Forexample:

Toconfiguretheratelimitofsessioncreationis50000persecond:

(JadeOS) (config)#firewall sp-bandwidth-contract session pps 50000

Toconfiguretheratelimitofnewonlineuseris700persecond:

(JadeOS) (config)#firewall sp-bandwidth-contract user pps 700

ToconfiguretherateofreceivingDHCPmessageis2000persecond:

(JadeOS) (config)#firewall cp-bandwidth-contract dhcp pps 2000

ToconfiguretherateofreceivingARPmessageis2000persecond:

(JadeOS) (config)#firewall cp-bandwidth-contract arp pps 2000

To configure the rate of re ceiving unicast message that failed authentication is

10Mbps:

(JadeOS) (config)#firewall cp-bandwidth-contract untrusted-ucast 10 0

7.5ConfiguringLawfulIn tercept

LawfulinterceptisaprocessthatenablesaLawEnforcementAgency(LEA)toper‐

formelectronicsurveillanceonanindividual(atarget)asauthorizedbyajudicialor

administrativeorder.Tofacilitatethelawfulinterceptprocess,certainlegislationand

regulationsrequireserviceproviders(SPs)andInternetserviceproviders(ISPs)to

implementtheirnetworkstoexplicitlysupportauthorizedelectronicsurveillance.

Thesurveillanceisperformedthroughtheuseofwiretapsontraditionaltelecommu‐

nicationsandInternetservicesinvoice,data,andmultiservicenetworks.TheLEAde‐

liversarequestforawiretaptothetarget'sserviceprovider,whoisresponsiblefor

interceptingdatacommunicationtoandfromtheindividual.Theserviceprovider

usesthetarget'sIPaddressorsessiontodeterminewhichofitsedgeroutershandles

thetarget'straffic(datacommunication).Theserviceprovidertheninterceptsthe

target'strafficasitpassesthroughtherouter,andsendsacopyoftheintercepted

traffictotheLEAwithoutthetarget'sknowledge.

ConfigurationSteps：

Step1TocreateLIG(LIgateway),andspecifytheencapsulationwayoftrafficsent

toLIG,usethefollowingcommandinLImode:

lig add <li-gateway-name> [mirror|udp][interface|id]

Step2ToaddLIrule,andspecifyLIname(basedonACL,IP,MAC,networksegment)

andLIGwhichreceivestheLItraffic,usethefollowingcommand: