Cisco Systems 78-11741-02 Enabling Foreign Agent Services, Configuring AAA in the Mobile IP Environment

Configuring Mobile IP

Mobile IP Configuration Task List

IPC-168

Cisco IOS IP Configuration Guide

Enabling Foreign Agent Services

Foreign agent services need to be enabled on a router attached to any subnet into which a mobile node

may be roaming. Therefore, you need to configure foreign agent functionality on routers connected to

conference room or lab subnets, for example. For administrators that want to utilize roaming between

wireless LANs, foreign agent functionality would be configured on routers connected to each base

station. In this case it is conceivable that both home agent and foreign agent functionality will be enabled

on some of the routers connected to these wireless LANs.

To start a foreign agent providing default services, use the following commands beginning in global

configuration mode:

Configuring AAA in the Mobile IP Environment

To configure AAA in the Mobile IP environment, use the following commands in global configuration

mode:

Step7 Router(config)# ip mobile host lower [upper]

virtual-network net mask [aaa [load-sa]]

Specifies mobile nodes (on a virtual network) and

where their security associations are stored.1

Step8 Router(config)# ip mobile host lower [upper]

{interface name}

Specifies mobile nodes on an interface and where

their security associations are stored. Omit this step if

no mobile nodes are on the interface.

Step9 Router(config)# ip mobile secure host lower-address

[upper-address]{inbound-spi spi-in outbound-spi

spi-out | spi spi} key hex string

Sets up mobile host security associations. Omit this

step if using AAA.

Step10 Router(config)# ip mobile secure foreign-agent

address {inbound-spi spi-in outbound-spi spi-out |

spi spi} key hex string

(Optional) Sets up foreign agent security

associations. Omit this step unless you have security

associations with remote foreign agents.

1. By default, security associations are expected to be configured locally; however, the security association configuration can be offloaded to an

AAA server.

Command Purpose

Step1 Router(config)# router mobile Enables Mobile IP on the router.

Step2 Router(config-router)# exit Returns to global configuration mode.

Step3 Router(config)# ip mobile foreign-agent care-of

interface

Sets up care-of addresses advertised to all foreign

agent-enabled interfaces.

Step4 Router(config-if)# ip mobile foreign-service Enables foreign agent service on the interface.

Step5 Router(config)# ip mobile secure home-agent

address {inbound-spi spi-in outbound-spi spi-out

| spi spi} key hex string

(Optional) Sets up home agent security association. Omit

steps 4 and 5 unless you have security association with

remote home agents or visitors.

Step6 Router(config)# ip mobile secure visitor address

{inbound-spi spi-in outbound-spi spi-out | spi

spi} key hex string [replay timestamp]

(Optional) Sets up visitor security association.