Manualshelf

User's Manual

ManualsBrandsSkspruce Technologies ManualsElectronicsIndoor Access Point
51525354555657585960
50JadeOSUserManual
For example:
To configure the rate limit of session creation is 50000 per second:
(JadeOS) (config)#firewall sp-bandwidth-contract session pps 50000
To configure the rate limit of new online user is 700 per second:
(JadeOS) (config)#firewall sp-bandwidth-contract user pps 700
To configure the rate of receiving DHCP message is 2000 per second:
(JadeOS) (config)#firewall cp-bandwidth-contract dhcp pps 2000
To configure the rate of receiving ARP message is 2000 per second:
(JadeOS) (config)#firewall cp-bandwidth-contract arp pps 2000
To configure the rate of receiving unicast message that failed authentication is
10Mbps:
(JadeOS) (config)#firewall cp-bandwidth-contract untrusted-ucast 10 0
7.5 Configuring Lawful Intercept
Lawful intercept is a process that enables a Law Enforcement Agency (LEA) to per-
form electronic surveillance on an individual (a target) as authorized by a judicial or
administrative order. To facilitate the lawful intercept process, certain legislation and
regulations require service providers (SPs) and Internet service providers (ISPs) to
implement their networks to explicitly support authorized electronic surveillance.
The surveillance is performed through the use of wiretaps on traditional telecommu-
nications and Internet services in voice, data, and multiservice networks. The LEA
delivers a request for a wiretap to the target's service provider, who is responsible for
intercepting data communication to and from the individual. The service provider uses
the target's IP address or session to determine which of its edge routers handles the
target's traffic (data communication). The service provider then intercepts the target's
traffic as it passes through the router, and sends a copy of the intercepted traffic to the
LEA without the target's knowledge.
Configuration Steps
Step 1 To create LIG (LI gateway), and specify the encapsulation way of traffic sent
to LIG, use the following command in LI mode:
lig add <li-gateway-name> [mirror|udp][interface|id]
Step 2 To add LI rule, and specify LI name (based on ACL, IP, MAC, network seg-
ment) and LIG which receives the LI traffic, use the following command:
rule [acl-filter | host-filter | mac-filter | net-filter] send <lig-name>
acl-filter add lawful intercept rule, intercept data streams
host-filter add lawful intercept rule, intercept host data streams
mac-filter add lawful intercept rule, intercept ethernet data streams
net-filter add lawful intercept rule, intercept host data streams