Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
24.  Administering Mobile IP (Task) Modifying the Mobile IP Configuration File How to Modify the Advertisements Section  Previous   Contents   Next 
   
 

How to Modify the GlobalSecurityParameters Section

  1. Become superuser on the system where you want to enable Mobile IP.

  2. On a command line, type the following command for each label that you want to modify in the GlobalSecurityParameters section.

    # mipagentconfig change <label> <value>

For example, if you are enabling home agent and foreign agent authentication, use the following command.

# mipagentconfig change HA-FAauth yes

The following example shows how you might change other parameters in the configuration file's GlobalSecurityParameters section.

Example 24-3 Changing Parameters in the GlobalSecurityParameters Section

# mipagentconfig change MaxClockSkew 200
# mipagentconfig change MN-FAauth yes
# mipagentconfig change Challenge yes
# mipagentconfig change KeyDistribution files

How to Modify the Pool Section

  1. Become superuser on the system where you want to enable Mobile IP.

  2. On a command line, type the following command for each label that you want to modify in the Pool section.

    # mipagentconfig change Pool Pool-identifier <label> <value>

For example, if you are changing the base address to 192.168.1.1 and size to 100 of Pool 10, use the following commands.

Example 24-4 Changing Parameters in the Pool Section

# mipagentconfig change Pool 10 BaseAddress 192.168.1.1
# mipagentconfig change Pool 10 Size 100

How to Modify the SPI Section

  1. Become superuser on the system where you want to enable Mobile IP.

  2. On a command line, type the following command for each label that you want to modify in the SPI section.

    # mipagentconfig change SPI SPI-identifier <label> <value>

For example, if you are changing the key for SPI 257 to 5af2aee39ff0b332, use the following command.

# mipagentconfig change SPI 257 Key 5af2aee39ff0b332

The following example shows how to change the ReplayMethod label in the configuration file's SPI section.

Example 24-5 Changing Parameters in the SPI Section

# mipagentconfig change SPI 257 ReplayMethod timestamps

How to Modify the Address Section

  1. Become superuser on the system where you want to enable Mobile IP.

  2. On a command line, type the following command for each label that you want to modify in the Address section.

    # mipagentconfig change addr [NAI | IPaddr | node-default] <label> <value>

    See "Address Section" for a description of the three configuration methods (NAI, IP address, and node-default).

For example, if you are changing the SPI of IP address 10.1.1.1 to 258, use the following command.

# mipagentconfig change addr 10.1.1.1 SPI 258

The following example shows how you can change other parameters that provided in the sample configuration file's Address section.

Example 24-6 Changing Parameters in the Address Section

# mipagentconfig change addr 10.1.1.1 Type agent
# mipagentconfig change addr 10.1.1.1 SPI 259
# mipagentconfig change addr mobilenode@abc.com Type node
# mipagentconfig change addr mobilenode@abc.com SPI 258
# mipagentconfig change addr mobilenode@abc.com Pool 2
# mipagentconfig change addr node-default SPI 259
# mipagentconfig change addr node-default Pool 3
# mipagentconfig change addr 10.68.30.36 Type agent
# mipagentconfig change addr 10.68.30.36 SPI 260
# mipagentconfig change IPsecRequest apply {auth_algs md5 sa shared}

How to Add or Delete Configuration File Parameters

  1. Become superuser on the system where you want to enable Mobile IP.

  2. On a command line, type the appropriate command for each label that you want to add or delete for the designated section.

    For the General section use the following:

    # mipagentconfig [add | delete] <label> <value>

    For the Advertisements section use the following:

    # mipagentconfig [add | delete] adv device-name <label> <value>

    Note - You can add an interface by typing the following:

    # mipagentconfig add adv device-name

    In this instance, default values are assigned to the interface (for both foreign agent and home agent).

    For the GlobalSecurityParameters section use the following:

    # mipagentconfig [add | delete] <label> <value>

    For the Pool section use the following:

    # mipagentconfig [add | delete] Pool Pool-identifier <label> <value>

    For the SPI section use the following:

    # mipagentconfig [add | delete] SPI SPI-identifier <label> <value>

    For the Address section use the following:

    # mipagentconfig [add | delete] addr [NAI | IPaddr | node-default] \
<label> <value>

Note - Do not create identical Advertisements, Pool, SPI, and Address sections.

For example, to create a new address pool, Pool 11, that has a base address of 192.167.1.1 and a size of 100, use the following commands.

Example 24-7 Adding a New Pool and Parameters

# mipagentconfig add Pool 11 BaseAddress 192.167.1.1 
# mipagentconfig add Pool 11 size 100

Or you might want to delete a particular security parameter. The following example shows you how to delete SPI 257.

Example 24-8 Deleting an SPI

# mipagentconfig delete SPI 257

How to Display Current Parameter Settings in the Configuration File

You can use the mipagentconfig get command to display current settings that are associated with parameter destinations.

  1. Become superuser on the system where you are enabling Mobile IP.

  2. On a command line, type the following command for each parameter for which you want to display settings.

    # mipagentconfig get [<parameter> | <label>]

For example, if you are displaying the advertisement settings for the le0 device, use the following command.

# mipagentconfig get adv le0

This command causes the following results to be displayed (for example).

[Advertisements le0]
   HomeAgent = yes
   ForeignAgent = yes

The following example shows the results of using the mipagentconfig get command with other parameter destinations.

Example 24-9 Using the mipagentconfig get Command

# mipagentconfig get MaxClockSkew
      [GlobalSecurityParameters]
         MaxClockSkew=300

# mipagentconfig get HA-FAauth
      [GlobalSecurityParameters]
         HA-FAauth=no

# mipagentconfig get MN-FAauth
      [GlobalSecurityParameters]
         MN-FAauth=no

# mipagentconfig get Challenge
      [GlobalSecurityParameters]
         Challenge=no

# mipagentconfig get Pool 10
      [Pool 10]
         BaseAddress=192.168.1.1
         Size=100

# mipagentconfig get SPI 257
      [SPI 257]
         Key=11111111111111111111111111111111
         ReplayMethod=none

# mipagentconfig get SPI 258
      [SPI 258]
         Key=15111111111111111111111111111111
         ReplayMethod=none

# mipagentconfig get addr 10.1.1.1
      [Address 10.1.1.1]
         SPI=258
         Type=agent

# mipagentconfig get addr 192.168.1.200
      [Address 192.168.1.200]
         SPI=257
         Type=node

# mipagentconfig get addr 10.1.1.1
      [Address 10.1.1.1]
         Type=agent
         SPI=258
         IPsecRequest = apply {auth_algs md5 sa shared}
         IPsecReply = permit {auth_algs md5}
         IPsecTunnel = apply {encr_algs 3des sa shared}
 		 
 
  Previous   Contents   Next