|
Table Of Contents
Basic Home Agent and Foreign Agent Configurations
Home Agent and Foreign Agent Configuration
Enabling Foreign Agent Mobile IP and Services
Monitoring and Maintaining Mobile IP
Verifying Home Agent Configuration
Verifying Foreign Agent Configuration
Clearing Mobile Access Router Statistics
Setup Router Configuration Utility
Using Setup After First-Time Startup
Basic Home Agent and Foreign Agent Configurations
This chapter describes:
• Home Agent and Foreign Agent Configuration
• Monitoring and Maintaining Mobile IP
• Setup Router Configuration Utility
Home Agent and Foreign Agent Configuration
To enable Mobile IP services on your network, you must determine which home agents will facilitate the tunneling for selected IP address, and where these devices or router will be allowed to roam. The areas, or subnets, into which the hosts are allowed to roam determine where foreign agent services need to be set up.
Configure your foreign agent routers:
Enabling Foreign Agent Mobile IP and Services
Verifying Foreign Agent Configuration
Configure your home agent routers:
Verifying Home Agent Configuration
Note For a complete description of the Mobile IP commands, refer to the "Mobile IP Commands" chapter of the Cisco IOS IP and IP Routing Command Reference publication.
Enabling Foreign Agent Mobile IP and Services
To start a foreign agent providing default services, use the following commands beginning in global configuration mode:
Example of a Foreign Agent Router Configuration
In the following example, the foreign agent is providing service on a serial interface:
router mobile
ip mobile foreign-agent care-of serial1/0
!
interface serial1/0
ip address
ip irdp
ip irdp maxadvertinterval 10
ip irdp minadvertinterval 7
ip irdp holdtime 30
ip mobile foreign-service
Enabling Home Agent Mobile IP
Home agent functionality is useful within an enterprise network to allow users to retain an IP address while they move their laptop PCs from their desktops into conference rooms or labs or common areas. It is especially beneficial in environments where wireless LANs are used because the tunneling of datagrams hides the movement of the host and thus allows seamless transition between base stations. To support the mobility of users beyond the bounds of the enterprise network, home agent functionality can be enabled for virtual subnets on the DMZ or periphery of the network to communicate with external foreign agents.
To enable Mobile IP on a home agent router, enter the following commands:
Command PurposeStep 1
Router(config)#router mobile
Enables Mobile IP on the router.
Step 2
Router(config)#ip mobile home-agent
Enables Home Agent Service.
Step 3
Router(config)#ip mobile virtual-network net mask [address address]
Adds virtual network to routing table. If not using a virtual network, go to Step 6.
Step 4
Router(config)# router protocol
Configures a routing protocol.
Step 5
Router(config)# redistribute mobile
Enables redistribution of a virtual network into routing protocols.
Step 6
Router(config)# ip mobile host lower [upper] [interface name | virtual-network] net mask [lifetime number]
Configures the mobile access router as the mobile host. The IP address is in the home network.
The interface name option configures a physical connection from the home agent to the mobile access router.
Step 7
Router(config)# ip mobile mobile-networks ip-address
Configures mobile networks on the mobile host and enters mobile networks configuration mode.
Step 8
Router(mobile-networks)# description string
(Optional) Adds a description to a mobile access router configuration.
Step 9
Router(mobile-networks)# network net mask
Specifies a list of networks for the mobile access router routing process.
Step 10
Router(mobile-networks)# exit
Exits mobile networks configuration mode.
Step 11
Router(config)# ip mobile secure host address {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string
Sets up mobile host security associations. The SPI and key between the Home Agent and mobile access router are known. The address is the home IP address of the mobile access router.
Example of a Home Agent Configuration
In the following example, the home agent has five mobile hosts on interface Ethernet1 (network 11.0.0.0) and ten on virtual network 10.0.0.0. There are two mobile node groups. Each mobile host has one security association. The home agent has an access-list to disable roaming capability by mobile host 11.0.0.5.
The 11.0.0.0 group has a lifetime of 1 hour (3600 secs). The 10.0.0.0 group cannot roam in areas where the network is 13.0.0.0.
router mobile
!
! Define which hosts are permitted to roam
ip mobile home-agent broadcast roam-access 1
!
! Define a virtual network
ip mobile network 10.0.0.0 255.0.0.0
!
! Define which hosts are on the virtual network, and the care-of access list
ip mobile host 10.0.0.1 10.0.0.10 virtual-network 10.0.0.0 255.0.0.0 care-of-access 2
!
! Define which hosts are on Ethernet 1, with lifetime of one hour
ip mobile host 11.0.0.1 11.0.0.5 interface Ethernet1 lifetime 3600
!
! The next ten lines specify security associations for mobile hosts
! on virtual network 10.0.0.0
!
ip mobile secure host 10.0.0.1 spi 100 key hex 12345678123456781234567812345678
ip mobile secure host 10.0.0.2 spi 200 key hex 87654321876543218765432187654321
ip mobile secure host 10.0.0.3 spi 300 key hex 31323334353637383930313233343536
ip mobile secure host 10.0.0.4 spi 100 key hex 45678332353637383930313233343536
ip mobile secure host 10.0.0.5 spi 200 key hex 33343536313233343536373839303132
ip mobile secure host 10.0.0.6 spi 300 key hex 73839303313233343536313233343536
ip mobile secure host 10.0.0.7 spi 100 key hex 83930313233343536313233343536373
ip mobile secure host 10.0.0.8 spi 200 key hex 43536373839313233330313233343536
ip mobile secure host 10.0.0.9 spi 300 key hex 23334353631323334353637383930313
ip mobile secure host 10.0.0.10 spi 100 key hex 63738393132333435330313233343536
!
! The next five lines specify security associations for mobile hosts
! on Ethernet1
!
ip mobile secure host 11.0.0.1 spi 100 key hex 73839303313233343536313233343536
ip mobile secure host 11.0.0.2 spi 200 key hex 83930313233343536313233343536373
ip mobile secure host 11.0.0.3 spi 300 key hex 43536373839313233330313233343536
ip mobile secure host 11.0.0.4 spi 100 key hex 23334353631323334353637383930313
ip mobile secure host 11.0.0.5 spi 200 key hex 63738393132333435330313233343536
!
! Deny access for this host
access-list 1 deny 11.0.0.5
!
! Deny access to anyone on network 13.0.0.0 trying to register
access-list 2 deny 13.0.0.0
Monitoring and Maintaining Mobile IP
To monitor and maintain Mobile IP, use any of the following EXEC commands:
Command PurposeRouter# show ip mobile binding
Displays mobility bindings (home agent only).
Router# show ip mobile tunnel
Displays active tunnels.
Router# show ip mobile visitor
Displays visitor bindings (foreign agent only).
Router# show ip route mobile
Displays Mobile IP routes.
Router# show ip mobile traffic
Displays protocol statistics.
Router# show ip mobile violation
Displays information about security violations.
Router# debug ip mobile advertise
Displays advertisement information.1
Router# debug ip mobile host
Displays mobility events.
1 Make sure IRDP is running on the interface.
Verifying Home Agent Configuration
To verify the home agent configuration, use the following commands in privileged EXEC mode, as needed:
Verifying Foreign Agent Configuration
To verify the foreign agent configuration, use the following commands in privileged EXEC mode, as needed:
Clearing Mobile Access Router Statistics
To clear the mobile access router statistics, use the following commands in privileged EXEC mode:
Shutting Down Mobile IP
To shut down Mobile IP, use the following commands in global configuration mode:
Setup Router Configuration Utility
Setup (also known as the System Configuration Dialog) is an interactive CLI mode that guides you through first-time configuration by prompting you for the details needed to start your router functioning in the network. While Setup mode is a quick and easy way to perform first-time configuration of a router, you can also use it after first-time startup to perform basic configuration changes.
Before using Setup, you should have the following information so that you can configure the system properly:
•Which interfaces you want to configure
•Which routing protocols you wish to enable
•Whether the router is to perform bridging
•Network addresses for the protocols being configured
•Password strategy for your environment
Note Refer to the documentation for your particular hardware platform for information on how you should use Setup for first-time startup. For a complete description of the setup command, refer to the "Using the Setup Configuration Tool" chapter in the Release 12.2 Cisco IOS Configuration Fundamentals Command Reference. To locate documentation of other commands that appear in this chapter, use the Cisco IOS Command Reference Master Index or search online.
Using Setup After First-Time Startup
The CLI allows you to make very detailed changes to your system configuration. However, some major configuration changes do not require the granularity provided by the CLI. You can use Setup to configure general characteristics of the system. For example, you might want to use Setup to add a protocol suite, to make major addressing scheme changes, or to configure a newly installed interface. Although you can use the configuration modes available though the CLI to make these changes, the Setup mode provides you with a high-level view of the configuration and guides you through the configuration process.
If you are not familiar with Cisco products and the CLI, Setup is a particularly valuable tool because it prompts you for the specific information required to configure your system.
Note If you use Setup to modify a configuration because you have added to or modified the hardware, be sure to verify the physical connections using the show version EXEC command. Also, verify the logical port assignments using the show running-config EXEC command to ensure that you configure the proper port. Refer to the hardware documentation for your platform for details on physical and logical port assignments.
To enter Setup mode, use the following command in privileged EXEC mode:
When you enter the setup EXEC command after first-time startup, an interactive dialog called the System Configuration Dialog appears on the system console screen. The System Configuration Dialog guides you through the configuration process. It prompts you first for global parameters and then for interface parameters. The values shown in brackets next to each prompt reflect either the default settings or the last configured setting.
You must progress through the System Configuration Dialog until you come to the item that you intend to change. To accept default settings for items that you do not want to change, press the Return or Enter key. The default choice is indicated by square brackets (for example, [yes]) before the prompt colon (:).
To exit Setup and return to privileged EXEC mode without making changes and without progressing through the entire System Configuration Dialog, press Ctrl-C.
The facility also provides help text for each prompt. To access help text, press the question mark (?) key at a prompt.
When you complete your changes, the system will automatically display the configuration file that was created during the Setup session. It also asks you if you want to use this configuration. If you answer Yes, the configuration is saved to NVRAM as the startup configuration file. If you answer No, the configuration is not saved and the process begins again. There is no default for this prompt; you must answer either Yes or No.
In the following example Setup is used to configure interface serial 1/1 and to add ARAP and IP PPP support on the asynchronous interfaces. Note that prompts and the order in which they appear on the screen vary depending on the platform and the interfaces installed in the device.
Router# setup
--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Continue with configuration dialog? [yes]:
First, would you like to see the current interface summary? [yes]:
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.16.72.2 YES manual up up
Serial1/0 unassigned YES not set administratively down down
Serial1/1 172.16.72.2 YES not set up up
Serial1/2 unassigned YES not set administratively down down
Serial1/3 unassigned YES not set administratively down down
Configuring global parameters:
Enter host name [Router]:
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret [<Use current secret>]:
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password [ww]:
Enter virtual terminal password [ww]:
Configure SNMP Network Management? [yes]:
Community string [public]:
Configure DECnet? [no]:
Configure AppleTalk? [yes]:
Multizone networks? [no]: yes
Configure IPX? [yes]: no
Configure IP? [yes]:
Configure IGRP routing? [yes]:
Your IGRP autonomous system number [15]:
Configure Async lines? [yes]:
Async line speed [9600]: 57600
Configure for HW flow control? [yes]:
Configure for modems? [yes/no]: yes
Configure for default chat script? [yes]: no
Configure for Dial-in IP SLIP/PPP access? [no]: yes
Configure for Dynamic IP addresses? [yes]: no
Configure Default IP addresses? [no]: yes
Configure for TCP Header Compression? [yes]: no
Configure for routing updates on async links? [no]:
Configure for Async IPX? [yes]: no
Configure for Appletalk Remote Access? [yes]: no
Configuring interface parameters:
!
!...
!
The following configuration command script was created:
!
!...
Posted: Wed Nov 1 10:32:39 PST 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.