cc/td/doc/product/access/mar_3200
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Basic Home Agent and Foreign Agent Configurations

Home Agent and Foreign Agent Configuration

Enabling Foreign Agent Mobile IP and Services

Enabling Home Agent Mobile IP

Monitoring and Maintaining Mobile IP

Verifying Home Agent Configuration

Verifying Foreign Agent Configuration

Clearing Mobile Access Router Statistics

Shutting Down Mobile IP

Setup Router Configuration Utility

Using Setup After First-Time Startup


Basic Home Agent and Foreign Agent Configurations

This chapter describes:

Home Agent and Foreign Agent Configuration

Monitoring and Maintaining Mobile IP

Setup Router Configuration Utility

Home Agent and Foreign Agent Configuration

To enable Mobile IP services on your network, you must determine which home agents will facilitate the tunneling for selected IP address, and where these devices or router will be allowed to roam. The areas, or subnets, into which the hosts are allowed to roam determine where foreign agent services need to be set up.

Configure your foreign agent routers:

Enabling Foreign Agent Mobile IP and Services

Verifying Foreign Agent Configuration

Configure your home agent routers:

Enabling Home Agent Mobile IP

Verifying Home Agent Configuration

Note For a complete description of the Mobile IP commands, refer to the "Mobile IP Commands" chapter of the Cisco IOS IP and IP Routing Command Reference publication.

Enabling Foreign Agent Mobile IP and Services

To start a foreign agent providing default services, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# router mobile

Enables Mobile IP on the router.

Step 2 

Router(config)# ip mobile foreign-agent care-of interface

Enables foreign agent services when at least one care-of address is configured. This is the foreign network termination point of the tunnel between the foreign agent and home agent. The care-of address is the IP address of the interface. The interface, whether physical or loopback, need not be the same as the visited interface.

Step 3 

Router(config)# interface type number

Configures an interface and enters interface configuration mode.

Step 4 

Router(config-if)# ip address ip-address mask

Configures a primary IP address of the interface.

Step 5 

Router(config-if)# ip irdp

Enables ICMP Router Discovery Protocol (IRDP) processing on an interface.

Step 6 

Router(config-if)# ip irdp maxadvertinterval seconds

(Optional) Specifies maximum interval in seconds between advertisements.

Step 7 

Router(config-if)# ip irdp minadvertinterval seconds

(Optional) Specifies minimum interval in seconds between advertisements.

Step 8 

Router(config-if)# ip irdp holdtime seconds


(Optional) Length of time in seconds that advertisements are held valid. Default is three times the maxadvertinterval period.

Step 9 

Router(config-if)# ip mobile foreign-service

Enables foreign agent service on an interface. This will also append Mobile IP information such as care-of address, lifetime, and service flags to the advertisement.

Example of a Foreign Agent Router Configuration

In the following example, the foreign agent is providing service on a serial interface:

router mobile
ip mobile foreign-agent care-of serial1/0
!
interface serial1/0
 ip address
 ip irdp
 ip irdp maxadvertinterval 10
 ip irdp minadvertinterval 7
 ip irdp holdtime 30
 ip mobile foreign-service

Enabling Home Agent Mobile IP

Home agent functionality is useful within an enterprise network to allow users to retain an IP address while they move their laptop PCs from their desktops into conference rooms or labs or common areas. It is especially beneficial in environments where wireless LANs are used because the tunneling of datagrams hides the movement of the host and thus allows seamless transition between base stations. To support the mobility of users beyond the bounds of the enterprise network, home agent functionality can be enabled for virtual subnets on the DMZ or periphery of the network to communicate with external foreign agents.

To enable Mobile IP on a home agent router, enter the following commands:

 
Command
Purpose

Step 1 

Router(config)#router mobile

Enables Mobile IP on the router.

Step 2 

Router(config)#ip mobile home-agent

Enables Home Agent Service.

Step 3 

Router(config)#ip mobile virtual-network net mask [address address]

Adds virtual network to routing table. If not using a virtual network, go to Step 6.

Step 4 

Router(config)# router protocol

Configures a routing protocol.

Step 5 

Router(config)# redistribute mobile

Enables redistribution of a virtual network into routing protocols.

Step 6 

Router(config)# ip mobile host lower [upper] [interface name | virtual-network] net mask [lifetime number]

Configures the mobile access router as the mobile host. The IP address is in the home network.

The interface name option configures a physical connection from the home agent to the mobile access router.

Step 7 

Router(config)# ip mobile mobile-networks ip-address

Configures mobile networks on the mobile host and enters mobile networks configuration mode.

Step 8 

Router(mobile-networks)# description string

(Optional) Adds a description to a mobile access router configuration.

Step 9 

Router(mobile-networks)# network net mask

Specifies a list of networks for the mobile access router routing process.

Step 10 

Router(mobile-networks)# exit

Exits mobile networks configuration mode.

Step 11 

Router(config)# ip mobile secure host address {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string

Sets up mobile host security associations. The SPI and key between the Home Agent and mobile access router are known. The address is the home IP address of the mobile access router.

Example of a Home Agent Configuration

In the following example, the home agent has five mobile hosts on interface Ethernet1 (network 11.0.0.0) and ten on virtual network 10.0.0.0. There are two mobile node groups. Each mobile host has one security association. The home agent has an access-list to disable roaming capability by mobile host 11.0.0.5.

The 11.0.0.0 group has a lifetime of 1 hour (3600 secs). The 10.0.0.0 group cannot roam in areas where the network is 13.0.0.0.


router mobile
!
! Define which hosts are permitted to roam
ip mobile home-agent broadcast roam-access 1
!
! Define a virtual network
ip mobile network 10.0.0.0 255.0.0.0
!
! Define which hosts are on the virtual network, and the care-of access list
ip mobile host 10.0.0.1 10.0.0.10 virtual-network 10.0.0.0 255.0.0.0 care-of-access 2
!
! Define which hosts are on Ethernet 1, with lifetime of one hour
ip mobile host 11.0.0.1 11.0.0.5 interface Ethernet1 lifetime 3600
!
! The next ten lines specify security associations for mobile hosts
! on virtual network 10.0.0.0
!
ip mobile secure host 10.0.0.1 spi 100 key hex 12345678123456781234567812345678
ip mobile secure host 10.0.0.2 spi 200 key hex 87654321876543218765432187654321
ip mobile secure host 10.0.0.3 spi 300 key hex 31323334353637383930313233343536
ip mobile secure host 10.0.0.4 spi 100 key hex 45678332353637383930313233343536
ip mobile secure host 10.0.0.5 spi 200 key hex 33343536313233343536373839303132
ip mobile secure host 10.0.0.6 spi 300 key hex 73839303313233343536313233343536
ip mobile secure host 10.0.0.7 spi 100 key hex 83930313233343536313233343536373
ip mobile secure host 10.0.0.8 spi 200 key hex 43536373839313233330313233343536
ip mobile secure host 10.0.0.9 spi 300 key hex 23334353631323334353637383930313
ip mobile secure host 10.0.0.10 spi 100 key hex 63738393132333435330313233343536
!
! The next five lines specify security associations for mobile hosts
! on Ethernet1
!
ip mobile secure host 11.0.0.1 spi 100 key hex 73839303313233343536313233343536
ip mobile secure host 11.0.0.2 spi 200 key hex 83930313233343536313233343536373
ip mobile secure host 11.0.0.3 spi 300 key hex 43536373839313233330313233343536
ip mobile secure host 11.0.0.4 spi 100 key hex 23334353631323334353637383930313
ip mobile secure host 11.0.0.5 spi 200 key hex 63738393132333435330313233343536
!
! Deny access for this host
access-list 1 deny 11.0.0.5
!
! Deny access to anyone on network 13.0.0.0 trying to register
access-list 2 deny 13.0.0.0

Monitoring and Maintaining Mobile IP

To monitor and maintain Mobile IP, use any of the following EXEC commands:

Command
Purpose

Router# show ip mobile binding

Displays mobility bindings (home agent only).

Router# show ip mobile tunnel

Displays active tunnels.

Router# show ip mobile visitor

Displays visitor bindings (foreign agent only).

Router# show ip route mobile

Displays Mobile IP routes.

Router# show ip mobile traffic

Displays protocol statistics.

Router# show ip mobile violation

Displays information about security violations.

Router# debug ip mobile advertise

Displays advertisement information.1

Router# debug ip mobile host

Displays mobility events.

1 Make sure IRDP is running on the interface.


Verifying Home Agent Configuration

To verify the home agent configuration, use the following commands in privileged EXEC mode, as needed:

Command
Purpose

Router# show ip mobile mobile-networks [address]

Displays a list of mobile networks associated with the mobile access router.

Router# show ip mobile host [address]

Displays mobile node information.

Router# show ip mobile secure host [address]

Displays the mobility security associations for the mobile host.


Verifying Foreign Agent Configuration

To verify the foreign agent configuration, use the following commands in privileged EXEC mode, as needed:

Command
Purpose

Router# show ip mobile global

Displays global information for mobile agents.

Router# show ip mobile interface

Displays advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes.


Clearing Mobile Access Router Statistics

To clear the mobile access router statistics, use the following commands in privileged EXEC mode:

Command
Purpose

Router# clear ip mobile router agent

Deletes learned agents and the corresponding care-of address of the foreign agent from the mobile access router agent table.

Router# clear ip mobile router registration

Deletes registration entries from the mobile access router registration table.

Router# clear ip mobile router traffic

Clears the counters that the mobile access router maintains.


Shutting Down Mobile IP

To shut down Mobile IP, use the following commands in global configuration mode:

Command
Purpose

Router(config)# no ip mobile home-agent

Disables home agent services.

Router(config)# no ip mobile foreign-agent

Disables foreign agent services.

Router(config)# no router mobile

Stops Mobile IP process.


Setup Router Configuration Utility

Setup (also known as the System Configuration Dialog) is an interactive CLI mode that guides you through first-time configuration by prompting you for the details needed to start your router functioning in the network. While Setup mode is a quick and easy way to perform first-time configuration of a router, you can also use it after first-time startup to perform basic configuration changes.

Before using Setup, you should have the following information so that you can configure the system properly:

Which interfaces you want to configure

Which routing protocols you wish to enable

Whether the router is to perform bridging

Network addresses for the protocols being configured

Password strategy for your environment

Note Refer to the documentation for your particular hardware platform for information on how you should use Setup for first-time startup. For a complete description of the setup command, refer to the "Using the Setup Configuration Tool" chapter in the Release 12.2 Cisco IOS Configuration Fundamentals Command Reference. To locate documentation of other commands that appear in this chapter, use the Cisco IOS Command Reference Master Index or search online.

Using Setup After First-Time Startup

The CLI allows you to make very detailed changes to your system configuration. However, some major configuration changes do not require the granularity provided by the CLI. You can use Setup to configure general characteristics of the system. For example, you might want to use Setup to add a protocol suite, to make major addressing scheme changes, or to configure a newly installed interface. Although you can use the configuration modes available though the CLI to make these changes, the Setup mode provides you with a high-level view of the configuration and guides you through the configuration process.

If you are not familiar with Cisco products and the CLI, Setup is a particularly valuable tool because it prompts you for the specific information required to configure your system.

Note If you use Setup to modify a configuration because you have added to or modified the hardware, be sure to verify the physical connections using the show version EXEC command. Also, verify the logical port assignments using the show running-config EXEC command to ensure that you configure the proper port. Refer to the hardware documentation for your platform for details on physical and logical port assignments.

To enter Setup mode, use the following command in privileged EXEC mode:

Command
Purpose

Router# setup

Enters Setup mode.


When you enter the setup EXEC command after first-time startup, an interactive dialog called the System Configuration Dialog appears on the system console screen. The System Configuration Dialog guides you through the configuration process. It prompts you first for global parameters and then for interface parameters. The values shown in brackets next to each prompt reflect either the default settings or the last configured setting.

You must progress through the System Configuration Dialog until you come to the item that you intend to change. To accept default settings for items that you do not want to change, press the Return or Enter key. The default choice is indicated by square brackets (for example, [yes]) before the prompt colon (:).

To exit Setup and return to privileged EXEC mode without making changes and without progressing through the entire System Configuration Dialog, press Ctrl-C.

The facility also provides help text for each prompt. To access help text, press the question mark (?) key at a prompt.

When you complete your changes, the system will automatically display the configuration file that was created during the Setup session. It also asks you if you want to use this configuration. If you answer Yes, the configuration is saved to NVRAM as the startup configuration file. If you answer No, the configuration is not saved and the process begins again. There is no default for this prompt; you must answer either Yes or No.

In the following example Setup is used to configure interface serial 1/1 and to add ARAP and IP PPP support on the asynchronous interfaces. Note that prompts and the order in which they appear on the screen vary depending on the platform and the interfaces installed in the device.

Router# setup

         --- System Configuration Dialog ---

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Continue with configuration dialog? [yes]:

First, would you like to see the current interface summary? [yes]:

Interface          IP-Address      OK? Method    Status                Protocol
FastEthernet0/0    172.16.72.2    YES manual    up                     up      
Serial1/0          unassigned      YES not set   administratively down down   
Serial1/1          172.16.72.2    YES not set   up                     up   
Serial1/2          unassigned      YES not set   administratively down down   
Serial1/3          unassigned      YES not set   administratively down down   

Configuring global parameters:

Enter host name [Router]:

The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret [<Use current secret>]:

The enable password is used when there is no enable secret
and when using older software and some boot images.

Enter enable password [ww]:
Enter virtual terminal password [ww]:
Configure SNMP Network Management? [yes]:
    Community string [public]:
Configure DECnet? [no]:
Configure AppleTalk? [yes]:
    Multizone networks? [no]: yes
Configure IPX? [yes]: no
Configure IP? [yes]:
    Configure IGRP routing? [yes]:
      Your IGRP autonomous system number [15]:
Configure Async lines? [yes]:
    Async line speed [9600]: 57600
    Configure for HW flow control? [yes]:
    Configure for modems? [yes/no]: yes
      Configure for default chat script? [yes]: no
    Configure for Dial-in IP SLIP/PPP access? [no]: yes
      Configure for Dynamic IP addresses? [yes]: no
      Configure Default IP addresses? [no]: yes
      Configure for TCP Header Compression? [yes]: no
      Configure for routing updates on async links? [no]:
    Configure for Async IPX? [yes]: no
    Configure for Appletalk Remote Access? [yes]: no
Configuring interface parameters:
!
!...
!

The following configuration command script was created:
!
!...

hometocprevnextglossaryfeedbacksearchhelp

Posted: Wed Nov 1 10:32:39 PST 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.