Building the Baseline Topology 83
As with all security context, the HA-MN security context must be indexed with an SPI. The SPI
in IOS is specified as a hexadecimal value. Finally, the key, algorithm, and mode must be
specified. You can specify keys as an ASCII value or a hexadecimal value. To avoid errors,
hexadecimal keys are recommended because the use of ASCII keys is not standardized. A
complete HA-MN security association is as follows:
ip mobile secure host 192.168.100.10 spi 100 key hex
1234567890abcdef1234567890abcdef algorithm hmac-md5
Home Agent Final Configuration
Example 4-3 shows the final configuration of a router serving as a Home Agent. The Home
Agent supports Mobile Nodes (192.168.100.10 through 192.168.100.20) residing on virtual
network 192.168.100.0. The only Mobile Node configured with a security association is
192.168.100.10, and thus, it is the only Mobile Node allowed to register and roam.
Foreign Agent Configuration
The FA configuration used in this lab is simple and represents the most common
implementation. Complex FA configurations are typically only used in mobile Internet service
provider deployments of Mobile IP. A basic FA configuration requires the definition of the
Care-of Address (CoA) and activation of roaming interfaces.
Recall that for any Mobile IP entity, the IOS Mobile IP process must be started before any
Mobile IP commands can be accepted on the router. Again, this is accomplished with the router
mobile command.
Example 4-3 Home Agent Final Configuration
hostname HA
!
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
!
router mobile
!
router ospf 1
redistribute mobile subnets
network 192.168.0.0 0.0.255.255 area 1
!
ip mobile home-agent
ip mobile virtual-network 192.168.100.0 255.255.255.0
ip mobile host 192.168.100.10 192.168.100.20 virtual-network 192.168.100.0
255.255.255.0
ip mobile secure host 192.168.100.10 spi 100 key hex
1234567890abcdef1234567890abcdef algorithm hmac-md5
!
end
84 Chapter 4: IOS Mobile IP in the Lab
FA functionality is enabled with a single global statement that also specifies the interface
to be used
as the CoA. In the following example command, Ethernet interface 1/0 is configured with FA
functionality:
ip mobile foreign-agent care-of Ethernet1/0
When the FA service has been enabled on the router, each interface that can accept Mobile
Nodes needs to be configured. The interface-level command is as follows:
ip mobile foreign-service
Finally, because Mobile IP agent advertisements are part of Internet Control Message Protocol
(ICMP) Router Discovery Protocol (IRDP) advertisements, IRDP must be configured. The
default timers for IRDP are long and do not facilitate timely handovers unless solicitation is
used. In Example 4-4, the timers have been lowered because no link state triggers exist. Three
relevant values exist for IRDP configuration: maxadvertinterval, minadvertinterval, and
holdtime. If the min and max values are used together, a random value in between the two is
generated for each advertisement. The holdtime should typically be three times the maximum
to ensure that the agent is truly gone and not just experiencing a brief packet loss. Configuration
values for IRDP timers are in seconds. Note that the advertisement timers can also be adjusted
on the Home Agent with similar IRDP commands. Unless specified through configuration
commands, the default IRDP values are a maximum interval of 5 minutes and a holdtime of 15
minutes.
Examples 4-4 and 4-5 show the configuration of routers serving as FAs. In Example 4-4, the FA
allows Mobile Nodes to roam on interface E1/0 with FA–Care-of Agent (FA-CoA) 192.168.5.1.
In Example 4-5, the FA allows Mobile Nodes to roam on interface E1/0 with FA-CoA
192.168.6.1. In both examples, the IRDP agent advertisement timers are adjusted.
Example 4-4 FA1 Final Configuration
hostname FA1
!
interface Ethernet0/0
ip address 192.168.3.2 255.255.255.0
!
interface Ethernet1/0
ip address 192.168.5.1 255.255.255.0
ip irdp
ip irdp maxadvertinterval 4
ip irdp minadvertinterval 3
ip irdp holdtime 9
ip mobile foreign-service
!
router mobile
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 1
!
ip mobile foreign-agent care-of Ethernet1/0
!
end
Get Mobile IP Technology and Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
