Configuring Mobile IP

Mobile IP Configuration Task List

 

Command

 

Purpose

Step 7

 

 

 

Router(config)# ip

mobile host lower [upper]

Specifies mobile nodes (on a virtual network) and

 

virtual-network net mask [aaa [load-sa]]

where their security associations are stored.1

Step 8

 

 

 

Router(config)# ip

mobile host lower [upper]

Specifies mobile nodes on an interface and where

 

{interface name}

 

their security associations are stored. Omit this step if

 

 

 

no mobile nodes are on the interface.

Step 9

 

 

 

Router(config)# ip

mobile secure host lower-address

Sets up mobile host security associations. Omit this

 

[upper-address]{inbound-spi spi-inoutbound-spi

step if using AAA.

 

spi-out spi spi}

key hex string

 

Step 10

 

 

 

Router(config)# ip

mobile secure foreign-agent

(Optional) Sets up foreign agent security

 

address {inbound-spi spi-inoutbound-spi spi-out

associations. Omit this step unless you have security

 

spi spi} key hex string

associations with remote foreign agents.

 

 

 

 

 

 

 

1.By default, security associations are expected to be configured locally; however, the security association configuration can be offloaded to an AAA server.

Enabling Foreign Agent Services

Foreign agent services need to be enabled on a router attached to any subnet into which a mobile node may be roaming. Therefore, you need to configure foreign agent functionality on routers connected to conference room or lab subnets, for example. For administrators that want to utilize roaming between wireless LANs, foreign agent functionality would be configured on routers connected to each base station. In this case it is conceivable that both home agent and foreign agent functionality will be enabled on some of the routers connected to these wireless LANs.

To start a foreign agent providing default services, use the following commands beginning in global configuration mode:

 

Command

Purpose

Step 1

 

 

Router(config)# router mobile

Enables Mobile IP on the router.

Step 2

 

 

Router(config-router)# exit

Returns to global configuration mode.

Step 3

 

 

Router(config)# ip mobile foreign-agent care-of

Sets up care-of addresses advertised to all foreign

 

interface

agent-enabled interfaces.

Step 4

 

 

Router(config-if)#ip mobile foreign-service

Enables foreign agent service on the interface.

Step 5

 

 

Router(config)# ip mobile secure home-agent

(Optional) Sets up home agent security association. Omit

 

address {inbound-spi spi-inoutbound-spi spi-out

steps 4 and 5 unless you have security association with

 

spi spi} key hex string

remote home agents or visitors.

 

 

Step 6

 

 

Router(config)# ip mobile secure visitor address

(Optional) Sets up visitor security association.

 

{inbound-spi spi-inoutbound-spi spi-outspi

 

 

spi} key hex string [replay timestamp]

 

 

 

 

Configuring AAA in the Mobile IP Environment

To configure AAA in the Mobile IP environment, use the following commands in global configuration mode:

Cisco IOS IP Configuration Guide

IPC-168

Page 213 Page 215
Page 214
Image 214
Cisco Systems 78-11741-02 manual Enabling Foreign Agent Services, Configuring AAA in the Mobile IP Environment, IPC-168
Page 213 Page 215
Top Page Image Contents