Manualshelf

HP-UX Mobile IPv4 A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software
71727374757677787980
%QPHKIWTKPICPF#FOKPKUVGTKPI*QOGCPF(QTGKIP#IGPVU
%QPHKIWTKPIC*QOG#IGPV
Chapter 6
55
Step 4: Configure Security Information about Non-AAA Mobile
Nodes and Route Optimization (configure node)
If you have non-AAA Mobile Node clients, use the mipconfig configure node
command to configure security information about non-AAA Mobile Nodes. The Home
Agent will use this information to authenticate Registration Requests from non-AAA
Mobile Nodes.
In addition, use the configure node command to configure security information for
Correspondent Nodes that will use route optimization. The Home Agents and
Correspondent Nodes will use this information to authenticate route optimization
messages.
Use the following configure node command syntax:
c[onfigure] n[ode] ip_addr -spi spi [-algo algorithm] -key key
Where:
ip_addr is the IP address of the non-AAA Mobile Node or Correspondent Node using
route optimization.
spi is the Security Parameters Index (SPI), a number used to identify the Security
Association (SA) between the Home Agent and the Mobile Node or Correspondent Node.
The SPI does not have to be unique on the Home Agent, and must match the SPI
configured on the Mobile Node or Correspondent Node.
Acceptable Values: 256 to 2147483647 (integer).
algorithm is the cryptographic algorithm mipd uses to authenticate the messages
exchanged with the Mobile Node or Correspondent Node. This must match the algorithm
used by the Mobile Node or Correspondent Node.
Acceptable Values: md5 (keyed Message Digest 5, MD5) or hmac-md5 (Hashed Message
Authentication Code with MD5). Keyed MD5 is considered vulnerable to attack by the
cryptographic community. HP recommends that you use MD5 only if the Mobile Node
does not support HMAC-MD5. If you do not specify the algo option, mipconfig will use
hmac-md5.
key is the cryptographic key used by the authentication algorithm. The key must match
the key configured on the Mobile Node or Correspondent Node.
Acceptable Values:
r[andom]: mipconfig will generate and display a random key for you.
a 128-bit key specified as a sequence of 16 two-digit hexadecimal values separated by
spaces.
Examples:
mipconfig> configure node 15.3.3.3 -spi 1025 -key r
mipconfig> configure node 15.2.2.2 -spi 1024 -algo md5 -key 11 22 \
33 44 55 66 77 88 99 00 11 22 33 44 55 66
You can also omit all options and mipconfig will prompt you for each option value. For
more information on the configure node command, refer to “configure node” on
page 130.