|
|
This chapter explains the function and syntax of the Mobile IP commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Cisco IOS IP and IP Routing Command Reference, Release 12.1.
To authorize Mobile IP to retrieve security associations from the AAA server using TACACS+ or RADIUS, use the aaa authorization ipmobile global configuration command. Use the no form of this command to remove authorization.
aaa authorization ipmobile {tacacs+ | radius}
Syntax Description
tacacs+ Use TACACS+. radius Use RADIUS.
To remove mobility bindings, use the clear ip mobile binding EXEC command.
clear ip mobile binding [addr]
Syntax Description
addr (Optional) IP address. If not specified, mobility bindings will be removed for all addresses.
To clear and retrieve remote security associations, use the clear ip mobile secure EXEC command.
clear ip mobile secure {host lower [upper] | empty | all} [load]
Syntax Description
host Mobile node host. lower IP address of mobile node. Can be used alone, or as lower end of a range of addresses. upper (Optional) Upper end of range of IP addresses. empty Load in only mobile nodes without security associations. Must be used with the load keyword. all Clear all mobile nodes. load (Optional) Reload the security association from the AAA server after security association has been cleared.
To clear counters, use the clear ip mobile traffic EXEC command.
clear ip mobile trafficSyntax Description
This command has no arguments or keywords.
To remove visitor information, use the clear ip mobile visitor EXEC command.
clear ip mobile visitor [addr]
Syntax Description
addr (Optional) IP address. If not specified, visitor information will be removed for all addresses.
To enable foreign agent service, use the ip mobile foreign-agent global configuration command. To disable this service, use the no form of this command.
ip mobile foreign-agent [care-of interface | reg-wait seconds]
Syntax Description
care-of interface (Optional) IP address of interface. Sets the care-of address on the foreign agent. Multiple care-of addresses can be configured. reg-wait seconds (Optional) Pending registration expires after the specified number of seconds if no reply is received. Range is 5 to 600. Default is 15.
To enable foreign agent service on an interface if care-of address(es) is configured, use the ip mobile foreign-service interface configuration command. To disable this service, use the no form
of this command.
Syntax Description
home-access acl (Optional) Controls which home agent addresses mobile nodes can be used to register. The access list can be a string or number from 1 to 99. limit num (Optional) Number of visitors allowed on interface. The Busy (B) bit will be advertised when the number of registered visitors reach this limit. Range is 1 to 1000. Default is no limit. registration-required (Optional) Solicits registration from the mobile node even if it uses co-located care-of addresses. The Registration required (R) bit will be advertised.
To enable and control home agent services on the router, use the ip mobile home-agent global configuration command. Use the no form of this command to disable these services.
ip mobile home-agent [broadcast] [care-of-access acl] [lifetime num] [replay sec] [reverse-tunnel-off] [roam-access acl] [suppress-unreachable]
Syntax Description
broadcast (Optional) Enables broadcast datagram routing. By default, broadcasting is disabled. care-of-access acl (Optional) Controls which care-of addresses (in registration request) are permitted by the home agent. By default, all care-of addresses are permitted. The access list can be a string or number from 1 to 99. lifetime num (Optional) Specifies the global registration lifetime for mobile node. Note that this can be overridden by the individual mobile node configuration. Range is 3 to 65535 (infinity). Default is 36000 seconds (10 hours). Registrations requesting lifetime greater than this value will still be accepted, but using this lifetime value. replay sec (Optional) Sets replay protection timestamp value. Registration received within this time is valid. reverse-tunnel-off (Optional) Disables support of reverse tunnel by the home agent. By default, reverse tunnel support is enabled. roam-access acl (Optional) Controls which mobile nodes are permitted/denied to roam. By default, all specified mobile nodes can roam. suppress-unreachable (Optional) Disables sending ICMP Unreachable to source when mobile node on virtual network is not registered, or when a packet came in from a tunnel interface created by the home agent (in the case of a reverse tunnel). By default, ICMP Unreachable is sent.
To configure the mobile host or mobile node group, use the ip mobile host global configuration command.
ip mobile host lower [upper] {interface name | virtual-network net mask} [aaa [load-sa]] [care-of-access acl] [lifetime num]
Syntax Description
lower [upper] Range of mobile host or mobile node group IP addresses. interface name Mobile node belongs to specified interface. virtual-network net mask The wireless mobile node resides in the virtual network created using the ip mobile network command. aaa (Optional) Retrieve security associations from AAA (TACACS+ or RADIUS) server. load-sa (Optional) Store security associations in memory after retrieval. care-of-access acl (Optional) Access list. This can be a string or number from 1 to 99. Controls where mobile nodes roam---the acceptable care-of addresses. lifetime num (Optional) Lifetime in seconds. The lifetime for each mobile node (group) can be set to override the global value. Range is 3 to 65535.
To append the prefix-length extension to the advertisement, use the ip mobile prefix-length interface configuration command. To restore the default, use the no form of this command.
ip mobile prefix-lengthSyntax Description
This command has no arguments or keywords.
To set the registration lifetime value advertised, use the ip mobile registration-lifetime interface configuration command.
ip mobile registration-lifetime sec
Syntax Description
sec Lifetime in seconds. Range is 3 to 65535 (infinity).
To specify the mobility security associations for mobile host, visitor, home agent, and foreign agent, use the ip mobile secure global configuration command. To remove the mobility security associations, use the no form of this command.
ip mobile secure {host | visitor | home-agent | foreign-agent} addr {inbound-spi spi-in outbound-spi spi-out | spi spi} key string [replay timestamp [num] algorithm md5 mode prefix-suffix]
Syntax Description
host Mobile host's security association on the home agent. visitor Mobile visitor's security association on the foreign agent. home-agent Remote home agent's security association on the foreign agent. foreign-agent Remote foreign agent's security association on the home agent. addr IP address of host, visitor or mobility agent. inbound-spi spi-in Security parameter index used for authenticating inbound registration packets. Range is 0x100 to 0xffffffff. outbound-spi spi-out Security parameter index used for calculating the authenticator in outbound registration packets. Range is 0x100 to 0xffffffff. spi spi Bidirectional SPI. Range is 0x100 to 0xffffffff. key string ASCII string. No spaces are allowed. replay (Optional) Replay protection used on registration packets. timestamp (Optional) Used to validate incoming packets to ensure that they are not being "replayed" by a spoofer using timestamp method. num (Optional) Number of seconds. Registration is valid if received within the specified time. This means sender and receiver are in time sync (NTP can be used). algorithm (Optional) Algorithm used to authenticate messages during registration. md5 (Optional) Message Digest 5. mode (Optional) Mode used to authenticate during registration. prefix-suffix (Optional) The key is used to wrap the registration information for authentication (for example, key registration information key) to calculate the message digest.
To specify the settings of tunnels created by Mobile IP, use the ip mobile tunnel interface configuration command.
ip mobile tunnel {route-cache | path-mtu-discovery [age-timer {minutes | infinite}]}
Syntax Description
route-cache Sets tunnels to default or process switching mode. path-mtu-discovery Specifies when to expire the tunnel MTU if set by Path MTU Discovery. age-timer minutes (Optional) Time interval (in minutes) after which the tunnel re-estimates the Path MTU. infinite Turns off the age timer.
To insert a virtual network for non-homed mobile nodes in the routing table, use the ip mobile virtual-network global configuration command. To remove a virtual network from the routing table, use the no form of this command.
ip mobile virtual-network addr mask
Syntax Description
addr IP address of virtual network. mask Network mask associated with the IP address of the virtual network.
To enable Mobile IP on the router, use the router mobile global configuration command. To disable Mobile IP, use the no form of this command.
router mobileSyntax Description
This command has no arguments or keywords.
To display the mobility binding table, use the show ip mobile binding EXEC command.
show ip mobile binding [addr]
Syntax Description
addr (Optional) IP address of mobile node.
To display global information for Mobile Agents, use the show ip mobile globals EXEC command.
show ip mobile globalsSyntax Description
This command has no arguments or keywords.
To display mobile node information, use the show ip mobile host EXEC command.
show ip mobile host [addr | interface int | network addr | group]
Syntax Description
addr (Optional) IP address of specific mobile node. If not specified, information for all mobile nodes is displayed. interface int (Optional) All mobile nodes whose home network is on this interface. network addr (Optional) All mobile nodes residing on this network or virtual network. group (Optional) All mobile node groups configured using the ip mobile host command.
To display advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes, use the show ip mobile interface EXEC command.
show ip mobile interface [interface]
Syntax Description
interface (Optional) IP address of mobile node. If not specified, all interfaces are shown.
To display the mobility security associations for mobile host, mobile visitor, foreign agent, or home agent, use the show ip mobile secure EXEC command.
show ip mobile secure {host | visitor | foreign-agent | home-agent} addr
Syntax Description
host Mobile host's security association on the home agent. visitor Mobile visitor's security association on the foreign agent. foreign-agent Remote foreign agent's security association on the home agent. home-agent Remote home agent's security association on the foreign agent. addr IP address.
To display protocol counters, use the show ip mobile traffic EXEC command.
show ip mobile trafficSyntax Description
This command has no arguments or keywords.
To display active tunnels, use the show ip mobile tunnel EXEC command.
show ip mobile tunnel [interface]
Syntax Description
interface (Optional) Displays a particular tunnel interface. The argument interface is tunnel x.
To display information about security violations, use the show ip mobile violation EXEC command.
show ip mobile violation [addr]
Syntax Description
addr (Optional) Display violations from a specific IP address.
To display the table containing the foreign agent's visitor list, use the show ip mobile visitor EXEC command.
show ip mobile visitor [pending] [addr]
Syntax Description
pending (Optional) Pending registration table. addr (Optional) IP address.
![]()
![]()
![]()
![]()
![]()
![]()
![]()
Posted: Wed Jul 26 14:05:30 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.