How are most operators planning on handling lawful data intercepts in the US since CALEA is forcing us to handle that? Is per subscriber VLAN’s the only realistic method for ensuring that subscriber traffic must travel to the network core so it can be seen by a probe? If so, how tough is that to manage for large systems?
BTW, for those not familiar with the acronym soup du jour,
http://www.askcalea.net/
The current prevailing interpretation of the new CALEA rules are that you are not required to trap data that doesn’t leave your network. Check out http://www.merit.edu/resources/calea/ and in particular the pieces on how they met the requirements.
Thanks for the info, but that doesn’t apply to service providers 
However, in the meantime I have been able to find some things that do work. (Many thanks to Mike Dorman)
Running 8.1 or higher and enabling “SM isolation” will let you prevent traffic hairpinning on an AP and VLAN’ing the CMM lets you force all traffic upstream so it can be heard by a probe.