Cisco Systems 78-11741-02 Home Agent Using AAA Server Example

Configuring Mobile IP

Mobile IP Configuration Examples

IPC-177

Cisco IOS IP Configuration Guide

! The next ten lines specify security associations for mobile hosts

! on virtual network 10.0.0.0

ip mobile secure host 10.0.0.1 spi 100 key hex 12345678123456781234567812345678

ip mobile secure host 10.0.0.2 spi 200 key hex 87654321876543218765432187654321

ip mobile secure host 10.0.0.3 spi 300 key hex 31323334353637383930313233343536

ip mobile secure host 10.0.0.4 spi 100 key hex 45678332353637383930313233343536

ip mobile secure host 10.0.0.5 spi 200 key hex 33343536313233343536373839303132

ip mobile secure host 10.0.0.6 spi 300 key hex 73839303313233343536313233343536

ip mobile secure host 10.0.0.7 spi 100 key hex 83930313233343536313233343536373

ip mobile secure host 10.0.0.8 spi 200 key hex 43536373839313233330313233343536

ip mobile secure host 10.0.0.9 spi 300 key hex 23334353631323334353637383930313

ip mobile secure host 10.0.0.10 spi 100 key hex 63738393132333435330313233343536

! The next five lines specify security associations for mobile hosts

! on Ethernet1

ip mobile secure host 11.0.0.1 spi 100 key hex 73839303313233343536313233343536

ip mobile secure host 11.0.0.2 spi 200 key hex 83930313233343536313233343536373

ip mobile secure host 11.0.0.3 spi 300 key hex 43536373839313233330313233343536

ip mobile secure host 11.0.0.4 spi 100 key hex 23334353631323334353637383930313

ip mobile secure host 11.0.0.5 spi 200 key hex 63738393132333435330313233343536

! Deny access for this host

access-list 1 deny 11.0.0.5

! Deny access to anyone on network 13.0.0.0 trying to register

access-list 2 deny 13.0.0.0

Home Agent Using AAA Server Example

In the following AAA server configuration, the home agent can use a AAA server for storing security

associations. Mobile IP has been authorized using a RADIUS server to retrieve the security association

information, which is used by the home agent to authenticate registrations. This format can be imported

into a CiscoSecure server.

user = 20.0.0.1 {

service = mobileip {

set spi#0 = “spi 100 key hex 12345678123456781234567812345678”

}

user = 20.0.0.2 {

service = mobileip {

set spi#0 = “spi 100 key hex 12345678123456781234567812345678”

}

user = 20.0.0.3 {

service = mobileip {

set spi#0 = “spi 100 key hex 12345678123456781234567812345678”

}

Cisco Systems 78-11741-02 Home Agent Using AAA Server Example

IPC-177

In the following AAA server configuration, the home agent can use a AAA server for storing security

associations. Mobile IP has been authorized using a RADIUS server to retrieve the security association

information, which is used by the home agent to authenticate registrations. This format can be imported

into a CiscoSecure server.

In the example above, the user is the mobile node’s IP address. The syntax for the security association

is spi#num = "string", where string is the rest of the ip mobile secure {host | visitor | home-agent |

foreign-age nt} key hex string command.

The following example shows how the home agent is configured to use the AAA server: