HP-UX Mobile IPv4 A.03.01 Administrator’s Guide HP-UX 11i v2, HP-UX 11i v3 Manufacturing Part Number: 5992-2922 December 2007 © Copyright 2007 Hewlett-Packard Development Company, L.P.
Legal Notices Copyright 2001-2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Contents 1. Product Overview Base Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Home Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Care of Address, Home Agent and Foreign Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Foreign Agent Care-of Address. . . . . .
Contents Home Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Foreign Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Combined Home and Foreign Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4.
Contents Manually Starting mipd Using mipadmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying the Home and Foreign Agent Daemon (mipd) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Stopping the Home and Foreign Agent Daemon (mipd) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually Stopping mipd Using mipadmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Underlying Network . . . . . . . .
Contents Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . configure interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax . . . . . . . . . . . . . . . . . . . . . . . . .
Contents list node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . overview. . . . . . . . . . . . . . . . . . . . .
Contents Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . list interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax . . . . . . . . . . . . . . . . . . . . . . .
Contents Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example . . . . . . . . . . . . . . . . . . . . . . . .
Contents Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . stop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Parameters . . . . . . . . . . . . . . . . . .
Contents B. Product Files Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Executables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Startup and Shutdown Scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Files . . . . . . . .
Figures Figure 1-1. Data Path for Foreign Agent Care-of Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Figure 1-2. Data Path for Co-located Care-of Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 1-3. Return Data Path without Reverse Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 1-4. Return Data Path for Reverse Tunnelling with Direct Delivery Style . . . . . . . . . . . . . . 7 Figure 1-5.
Figures xiv
Preface: About this Document This document describes how to install, configure, and troubleshoot HP-UX Mobile IPv4. The document printing date and part number indicate the document’s current edition. The printing date will change when a new edition is printed. Minor changes may be made at reprint without changing the printing date. The document part number will change when extensive changes are made. Document updates may be issued between editions to correct errors or document product changes.
Chapter 8 Verifying and Troubleshooting Use this chapter to learn about troubleshooting tools, verification procedures and common problems. This chapter also contains troubleshooting checklists and a list of information to include when reporting problems. Chapter 9 mipconfig and miproconfig Use this chapter to learn about using mipconfig and miproconfig configuration utilities, and get reference information for mipconfig and miproconfig commands.
Related Documents Additional information about Mobile IPv4 can be found at www.docs.hp.com in the internet and security solutions collection under Mobile IPv4 at: http://www.docs.hp.com/hpux/internet/index.html#Mobile%20IPv4 Information about the HP-UX Mobile AAA Server can be found within www.docs.hp.com in the internet and security solutions collection under HP-UX Mobile AAA Server (Diameter) at: http://www.docs.hp.com/hpux/internet/index.
xviii
1 Chapter 1 Product Overview 1
2TQFWEV 1XGTXKGY This chapter provides an overview of the functionality provided by the HP-UX Mobile IPv4 product. Mobile IPv4 provides transparent routing of IP packets to a mobile IP device, such as a portable computer, regardless of the mobile node’s point of attachment to the network. Mobile IPv4 allows a mobile node to move from one wireless access point or base station with no disruption in network connectivity.
2TQFWEV 1XGTXKGY $CUG (WPEVKQPCNKV[ Base Functionality This section describes the features included in the Base Functionality for the HP-UX Mobile IPv4 product. It also provides an overview of Mobile IPv4 technology. Home Address In most IP networks, the IP routers require nodes to use IP addresses that are topologically correct: all nodes attached to the same physical subnetwork or LAN segment must have the same IP network or subnetwork address prefix.
2TQFWEV 1XGTXKGY $CUG (WPEVKQPCNKV[ Figure 1-1 shows the data flow from a Correspondent Node to a Mobile Node using a Foreign Agent Care-of Address. Figure 1-1 Data Path for Foreign Agent Care-of Address Note that the data transmission between the Foreign Agent and the Mobile Node must bypass the normal IP routing mechanism since the Mobile Node’s home address is not topologically correct for the foreign network.
2TQFWEV 1XGTXKGY $CUG (WPEVKQPCNKV[ Co-located Care-of Address as the destination (b). The Mobile Node receives the packet and removes the outer header to process the original header with the Correspondent Node’s source address. Figure 1-2 Data Path for Co-located Care-of Address Agent Advertisements Home Agents and Foreign Agents advertise their availability and Mobile IPv4 operating parameters by periodically transmitting Agent Advertisement messages, usually using the IP broadcast address (255.255.
2TQFWEV 1XGTXKGY $CUG (WPEVKQPCNKV[ After the Home Agent authenticates the Registration Request, it sends a Registration Reply message to the Mobile Node. The Registration Reply also includes a lifetime for the registration, which can be fixed or infinite. Proxy ARP After a Mobile Node registers a care-of address with its Home Agent, the Home Agent sends a proxy ARP message to bind its link-level address to the Mobile Node’s home address.
2TQFWEV 1XGTXKGY $CUG (WPEVKQPCNKV[ Direct Delivery Style Figure 1-4 shows the data path and a high-level representation of the IP packet structure and addresses for Direct Delivery Style. With the Direct Delivery Style, the Mobile Node node sends the packet without encapsulation, with its home address as the source and the Correspondent Node’s address as the destination (a).
2TQFWEV 1XGTXKGY ### 5WRRQTV AAA Support HP-UX Mobile IPv4 supports the use of AAA (Authentication, Authorization, and Accounting) servers using the Diameter protocol to authenticate Mobile Nodes and authorize access. In a Mobile IPv4 environment, remote nodes and users may visit other networks and domains. Administrators in the networks being visited may want to use AAA to restrict or grant access to local resources.
2TQFWEV 1XGTXKGY ### 5WRRQTV 3. The Foreign Agent takes the Registration Request, with the authentication value and challenge value, and includes it in a Diameter AA-Mobile Node Request (AMR) that it sends to the AAA Foreign Agent Server (AAAF). 4. The AAAF passes the AMR to the appropriate AAAH, based on the Mobile Node NAI. 5. The AAAH verifies the Mobile Node.
2TQFWEV 1XGTXKGY ### 5WRRQTV AAA Mobile Node Authentication with Co-located Care-of Addresses When a AAA Mobile Node uses Co-located Agent Care-of Addresses (CCOAs), HP-UX Mobile IPv4 uses the procedure listed below for the initial registration. This procedure is also shown in Figure 1-7. 1. The Mobile Node sends the Registration Request directly to the Home Agent.
2TQFWEV 1XGTXKGY ### 5WRRQTV The above entities use the dynamic keys to authenticate any messages between them after the initial registration. For example, the keys are used to authenticate messages sent between the Mobile IPv4 entities during a re-registration procedure when finite-lifetime registrations are used and a lifetime expires. The Mobile Node will use its Mobile Node - Foreign Agent key to calculate a challenge response for the challenge in the Foreign Agent’s Advertisement.
2TQFWEV 1XGTXKGY ### 5WRRQTV Dynamic Home Agent Allocation with Static Home Address In this scenario, the Mobile Node does not know its Home Agent address, but it does know its home address and home network subnet broadcast address. The Mobile Node sends a Registration Request with the Home Agent Address field set to its home network subnet broadcast address or 255.255.255.255.
2TQFWEV 1XGTXKGY 4QWVG 1RVKOK\CVKQP Route Optimization Route Optimization improves data transmission rates between the Correspondent Node and Mobile Node. Normally, packets from the Correspondent Node to the Mobile Node are sent to the Home Agent (and through the Mobile Node’s home network). When Route Optimization is used, the Home Agent sends an authenticated message to the Correspondent Node with the Mobile Node’s current Care-of Address.
2TQFWEV 1XGTXKGY 4QWVG 1RVKOK\CVKQP 14 Chapter 1
2 Chapter 2 Product Specifications 15
2TQFWEV 5RGEKHKECVKQPU This chapter contains information about system requirements, software requirements, external dependencies, standards compliance, product contents and product capacity.
2TQFWEV 5RGEKHKECVKQPU 5[UVGO 4GSWKTGOGPVU System Requirements The HP-UX Mobile IPv4 product can run on either 32-bit or 64-bit PA-RISC HP-UX servers. This product requires the following system resources: • Disk space: ~2.0 Mbytes. • Memory: ~3.0 Mbytes. • At least one IP ethernet network interface on the systems that will be Home Agents or Foreign Agents. Home Agent and Foreign Agent functionality is not supported on non-ethernet network interfaces.
2TQFWEV 5RGEKHKECVKQPU 5QHVYCTG 4GSWKTGOGPVU CPF 4GUVTKEVKQPU Software Requirements and Restrictions HP-UX Mobile IPv4 requires the following prerequisite software: • HP-UX 11i v2 or HP-UX 11i v3 • PHNE_28089 or later HP-UX 11i ARPA Transport patch. • PHNE_28388 or later HP-UX 11i DLPI patch. • PHNE_28444 or later HP-UX 11i netfmt patch. This patch is optional. This patch is not required to install or operate the product. This patch allows netfmt to format Mobile IPv4 packets.
2TQFWEV 5RGEKHKECVKQPU 'ZVGTPCN 4GSWKTGOGPVU CPF 4GUVTKEVKQPU External Requirements and Restrictions The HP-UX Mobile IPv4 product has been tested with the following AAA Diameter server product: • Chapter 2 HP-UX Mobile AAA Server (T1428BA Version A.01.00.04.03). This product is available at no cost from http://www.software.hp.com.
2TQFWEV 5RGEKHKECVKQPU %CRCEKV[ +PHQTOCVKQP Capacity Information For the Mobility Agent (mipd) • Maximum number of nodes (Mobile Nodes and/or Correspondent Nodes) = 1024 • Maximum number of Mobile IP interfaces = 16 • Maximum number of Care-of Addresses per interface = 8 • Maximum number of Router Addresses per interface = 8 • Maximum number of concurrent AAA sessions = 1024 • Maximum number of AAA Node keys (Home Agent - Mobile Node keys or Foreign Agent - Mobile Node keys) = 1024 • Maximum n
2TQFWEV 5RGEKHKECVKQPU 2TQFWEV 5WRRQTV Product Support Support for this product is provided under HP-UX standard support agreement. The following provision differs from the terms and conditions in the HP-UX support agreement: HP provides support only for the most recently released version of HP-UX Mobile IPv4. HP-UX Mobile IPv4 implements IETF drafts or specifications, and those specifications become Internet Standards over time.
2TQFWEV 5RGEKHKECVKQPU 2TQFWEV %QPVGPVU Product Contents This product is bundled as the following file set: • MobileIPv4.MIPV4-ALL This product contains the following components: • Mobility Agent (mipd) daemon (Home Agent, Foreign Agent or combined Home Agent and Foreign Agent) • Mobile IPv4 Route Optimization daemon (miprod) • Mobile IPv4 tools — mipconfig Configures the HP-UX system to be a Mobile IPv4 Home Agent, Foreign Agent, or combined Home Agent and Foreign Agent.
2TQFWEV 5RGEKHKECVKQPU 5VCPFCTFU Standards This product supports the following IETF RFC standards and drafts: Table 2-1 IETF RFC or Draft RFC 3344 IP Mobility Support for IPv4 Comments • Dynamic Home Agent Discovery is supported only when used with AAA. • Only IP-in-IP encapsulation is supported. GRE (Generic Routing Encapsulation) and minimal encapsulation are not supported. • Only Timestamps are supported for replay protection (nonce replay protection is not supported).
2TQFWEV 5RGEKHKECVKQPU 5VCPFCTFU Table 2-1 (Continued) IETF RFC or Draft AAA Registration Keys for Mobile IP, Draft 10: draft-ietf-mobileip-aaa-key-10.txt Comments • Draft 10 supersedes and is compatible with Draft 8 of this document. • The key type values for Generalized Key Request/Reply Extensions are not defined in this draft. The HP-UX Mobile IPv4 product uses the key type values defined in Generalized Key Distribution Extensions for Mobile IP, Draft 0 (draft-ietf-mobileip-gen-key-00).
3 Chapter 3 Assigning Home Agents and Foreign Agents 25
#UUKIPKPI *QOG #IGPVU CPF (QTGKIP #IGPVU This chapter provides information about assigning Home Agents and Foreign Agents.
#UUKIPKPI *QOG #IGPVU CPF (QTGKIP #IGPVU 4GSWKTGOGPVU CPF 4GUVTKEVKQPU Requirements and Restrictions You can configure an HP-UX system to be the following types of Mobile IPv4 nodes: • Home Agent, a router node that tracks the location of Mobile Nodes as they are attached to, or visiting Foreign networks. • Foreign Agent, a router node that hosts Mobile Nodes when they are attached to or visiting Foreign networks.
#UUKIPKPI *QOG #IGPVU CPF (QTGKIP #IGPVU 4GSWKTGOGPVU CPF 4GUVTKEVKQPU • An Agent with AAA Mobile Node clients can be a Home Agent or a Foreign Agent, but not both. For example, if the local node has AAA Mobile Node clients, you cannot configure one interface for Home Agent services and another interface for Foreign Agent services. In addition, you cannot configure an interface for combined Home and Foreign Agent services. • The Mobile Nodes must be configured on a Mobile AAA server.
#UUKIPKPI *QOG #IGPVU CPF (QTGKIP #IGPVU 'ZCORNGU Examples This section provides examples of Home Agent and Foreign Agent assignments. Home Agents To use Mobile IPv4, you must configure at least one Home Agent on each subnet (or network if you are not using subnets) that will host Mobile Nodes. In other words, you must have one Home Agent with the same network address as the network address that you assign to the Mobile Nodes.
#UUKIPKPI *QOG #IGPVU CPF (QTGKIP #IGPVU 'ZCORNGU You do not need a Foreign Agent on a subnet if all the Mobile Nodes that visit it use co-located Care-of Addresses. With co-located Care-of Addresses, the Mobile Node uses a protocol such as DHCP (Dynamic Host Configuration Protocol) to determine a unique IP address to use while attached to the foreign network. In this example, you want the above Mobile Nodes to be able to visit (or attach to) the subnet 16.1.
4 Chapter 4 Installation 31
+PUVCNNCVKQP This chapter describes how to install HP Mobile IPv4. HP does not support Instant Ignition for this product. This chapter contains the following sections: NOTE 32 • “Step 1: Installation and Configuration Prerequisites” on page 33 • “Step 2: Retrieve HP Mobile IPv4 software” on page 34 • “Step 3: Install HP Mobile IPv4 software” on page 35 • “Step 4: Verify the Installation” on page 36 This installation does not require a system reboot.
+PUVCNNCVKQP 5VGR +PUVCNNCVKQP CPF %QPHKIWTCVKQP 2TGTGSWKUKVGU Step 1: Installation and Configuration Prerequisites 1. Check that the operating system has been upgraded to HP-UX version 11i. To obtain OS information, execute the command: uname -a To obtain patch information, execute the command: swlist -i or what /stand/vmunix | grep PHNE 2. Verify that all dependent HP-UX patches have been installed: • PHNE_28089 or later HP-UX 11i ARPPA Transport patch. • PHNE_28388 or later HP-UX 11i DLPI patch.
+PUVCNNCVKQP 5VGR 4GVTKGXG *2 /QDKNG +2X UQHVYCTG Step 2: Retrieve HP Mobile IPv4 software 1. Log onto HP’s Software Depot at the following URL: software.hp.com 2. Click on “internet and security solutions.” 3. Locate the Mobile IPv4 product and click “RECEIVE FOR FREE.” 4. Follow the on-screen prompts to enter your registration information and download the Mobile IPv4 product software. Save the depot file to a local file, such as /tmp/mipv4.depot.
+PUVCNNCVKQP 5VGR +PUVCNN *2 /QDKNG +2X UQHVYCTG Step 3: Install HP Mobile IPv4 software Follow the steps below to load the HP Mobile IPv4 product using the HP-UX swinstall utility. 1. Log in as root. 2. Run the swinstall utility using the command: swinstall -s depot_source where depot_source is the name of the depot file, such as /tmp/mipv4.depot. Select the bundle T1298AA (HP-UX Mobile IPv4). The estimated loading time is 3 minutes.
+PUVCNNCVKQP 5VGR 8GTKH[ VJG +PUVCNNCVKQP Step 4: Verify the Installation When the installation is complete, check the following log files for errors: /var/adm/sw/swinstall.log /var/adm/sw/swagent.log Verify the Mobile IPv4 product installation by checking the files listed below. For a complete list of files installed with the product and file permission, owner and group information, refer to Appendix B, “Product Files,” on page 223.
5 Chapter 5 Configuring External AAA Components 37
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU This chapter describes the information you must configure on AAA Diameter servers to use them with HP-UX Mobile IPv4, including specific configuration procedures for HP-UX Mobile AAA servers.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTKPI *QOG #IGPV +PHQTOCVKQP QP ### *QOG #IGPV ###* 5GTXGTU Configuring Home Agent Information on AAA Home Agent (AAAH) Servers The Mobile AAA server on which a Mobile Node is configured is known as its AAA Home Agent server (AAAH). You must configure information about a Mobile Node’s Home Agent on the Mobile Node’s AAAH.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTKPI *QOG #IGPV +PHQTOCVKQP QP ### *QOG #IGPV ###* 5GTXGTU Configuring the AAAH You configure information about the Home Agent as a “Peer” on the HP-UX Mobile AAA server that you want to act as the AAAH. Use the HP-UX Mobile AAA Server Manager to configure the Home Agent information, as described below.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTKPI *QOG #IGPV +PHQTOCVKQP QP ### *QOG #IGPV ###* 5GTXGTU NOTE If you enter an address in this field, you must then enter all IP addresses for the Home Agent. Configuring an entry in this field causes the Mobile AAA server to not use gethostbyname() to resolve information about the Home Agent. For more information about the HP-UX Mobile AAA Server manager, refer to HP-UX Mobile AAA Server A.01.00 Administrator’s Guide.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTKPI (QTGKIP #IGPV +PHQTOCVKQP QP ### (QTGKIP #IGPV ###( 5GTXGTU Configuring Foreign Agent Information on AAA Foreign Agent (AAAF) Servers When a AAA Mobile Node uses a Foreign Agent Care-of Address, the Foreign Agent must also have a relationship configured with a Mobile AAA server. This AAA server is known as a AAA Foreign Agent server (AAAF).
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTKPI (QTGKIP #IGPV +PHQTOCVKQP QP ### (QTGKIP #IGPV ###( 5GTXGTU 2. Go to the main frame of the HTML page. Select the Mobile AAA server that you want to configure as the AAAF below the prompt Which HP-UX Mobile AAA Server do you wish to pull the configuration from. 3. Select New Peer. 4. Complete the Peer Attributes fields as follows: FQDN Enter the Fully-Qualified Domain Name of the Foreign Agent.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTKPI 2GGT 4GNCVKQPUJKRU DGVYGGP ###* CPF ###( 5GTXGTU Configuring Peer Relationships between AAAH and AAAF Servers The AAAH and AAAF must have a peer relationship configured between them in the AAA infrastructure Configuring AAAH and AAAF Peer Relationships on HP-UX Mobile AAA Servers On HP-UX Mobile AAA servers, you configure information about the peer AAAH or AAAF as a “Diameter Server” peer.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTKPI 2GGT 4GNCVKQPUJKRU DGVYGGP ###* CPF ###( 5GTXGTU IP Address Configure this according to the Mobile AAA Server product documentation. For more information about the HP-UX Mobile AAA Server manager, refer to HP-UX Mobile AAA Server A.01.00 Administrator’s Guide.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTG /QDKNG 0QFGU QP ###* 5GTXGTU Configure Mobile Nodes on AAAH Servers Mobile Nodes are configured as “users” on AAA servers. Configure information about Mobile Node users according to the following restrictions: • The authorization lifetime and the key lifetime must match. • The replay protection mode must be timestamps. Configuring Mobile Nodes on HP-UX Mobile AAA Servers Mobile Node users are configured under realms on HP-UX Mobile AAA servers.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTG /QDKNG 0QFGU QP ###* 5GTXGTU Select Timestamps. Additional Reply Attributes Configure this according to the Mobile AAA Server product documentation and the Mobile Node configuration. SPI Groups Configure this according to the Mobile AAA Server product documentation and the Mobile Node configuration. For more information about the HP-UX Mobile AAA Server manager, refer to HP-UX Mobile AAA Server A.01.00 Administrator’s Guide.
%QPHKIWTKPI 'ZVGTPCN ### %QORQPGPVU %QPHKIWTG /QDKNG 0QFGU QP ###* 5GTXGTU 48 Chapter 5
6 Chapter 6 Configuring and Administering Home and Foreign Agents 49
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU This chapter provides information about configuring, starting and verifying the HP Mobile IPv4 software on Home and Foreign Agents. It also contains information about managing Dynamic Home Address Pools for AAA Mobile Nodes.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C *QOG #IGPV Configuring a Home Agent The recommended steps for configuring a Home Agent are listed below. Refer to Appendix A, “Configuration Examples,” on page 201 for example configuration sessions and files. Step 1. Start mipconfig to create a configuration file for mipd, the HP-UX Mobile IPv4 daemon for Home Agents and Foreign Agents.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C *QOG #IGPV Step 1: Start mipconfig Before you start mipconfig, the LAN interfaces that you want to use for Mobile IPv4 should already be configured for IP service using the HP-UX ifconfig command. This allows mipconfig to read the interface IP addresses and other information and configure many of the Mobile IPv4 parameters with default values.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C *QOG #IGPV Step 2: Configure AAA Information (configure global) If the Home Agent has AAA Mobile Node clients, you must configure AAA information using the mipconfig configure global command.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C *QOG #IGPV Step 3: Configure Home Agent Services (configure interface) Use the mipconfig configure interface command to configure Home Agent services for one or more network interfaces. In most cases, you can use the default values for the operating parameters and you only need to specify the interface and Home Agent services.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C *QOG #IGPV Step 4: Configure Security Information about Non-AAA Mobile Nodes and Route Optimization (configure node) If you have non-AAA Mobile Node clients, use the mipconfig configure node command to configure security information about non-AAA Mobile Nodes. The Home Agent will use this information to authenticate Registration Requests from non-AAA Mobile Nodes.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C *QOG #IGPV Step 5: Configure IP Address Pools for Dynamic Home Addresses (configure pool) If you have AAA Mobile Node clients and you want to support dynamic home address allocation, configure a pool of dynamic home addresses for each interface on which you will support this feature.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C *QOG #IGPV Step 6: Write Configuration File and Exit (write, exit) After you have entered all configuration information, use the mipconfig write command to write the data to a configuration file: w[rite] [filename] If you do not specify filename, mipconfig will prompt you for a file name and present the current working file as a default. By default, this will be the default configuration file for the mipd daemon, /var/adm/mip/mipd.conf.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C (QTGKIP #IGPV Configuring a Foreign Agent The recommended steps for configuring a Foreign Agent are listed below. Refer to Appendix A, “Configuration Examples,” on page 201 for example configuration sessions and files. Step 1. Start mipconfig to create a configuration file for mipd, the HP-UX Mobile IPv4 daemon for Home Agents and Foreign Agents. Step 2.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C (QTGKIP #IGPV Step 1: Start mipconfig Before you start mipconfig, the LAN interfaces that you want to use for Mobile IPv4 should already be configured for IP service using the HP-UX ifconfig command. This allows mipconfig to read the interface IP addresses and other information and configure many of the Mobile IPv4 parameters with default values.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C (QTGKIP #IGPV Step 2: Configure AAA Information (configure global) If the Foreign Agent will host AAA Mobile Node clients, you must configure AAA information using the mipconfig configure global command.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C (QTGKIP #IGPV Step 3: Configure Foreign Agent Services (configure interface) Use the mipconfig configure interface command to configure Foreign Agent services for one or more network interfaces. In most cases, you can use the default values for the operating parameters and you only need to specify the interface and Foreign Agent services.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C (QTGKIP #IGPV Step 4: (Optional) Configure Care of Addresses (configure coa) You do not need to configure Care-of Addresses for systems with only one interface. The mipconfig utility will configure the IP address of a Foreign Agent interface as the Care-of Address if you do not explicitly configure a Care-of Address.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C (QTGKIP #IGPV Step 5: (Optional) Configure Router Addresses (configure router) In most topologies, you do not need to configure any router addresses. When a Mobile Node attaches to a foreign network, it must determine the IP routers in the foreign network so that it can route IP packets to addresses outside of the foreign network. One way to do this is to use any router addresses that the Foreign Agents send in the Agent Advertisements.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C (QTGKIP #IGPV Step 6: Write Configuration File and Exit (write, exit) After you have entered all configuration information, use the mipconfig write command to write the data to a configuration file: w[rite] [filename] If you do not specify filename, mipconfig will prompt you for a file name and present the current working file as a default. By default, this will be the default configuration file for the mipd daemon, /var/adm/mip/mipd.conf.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C %QODKPGF *QOG CPF (QTGKIP #IGPV Configuring a Combined Home and Foreign Agent A combined Home and Foreign Agent is a node that provides both Home Agent and Foreign Agent services. NOTE A combined Home and Foreign Agent cannot service AAA Mobile Nodes. If the node will support Route Optimization, you must also configure information about Correspondent Nodes. Step 1.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU %QPHKIWTKPI C %QODKPGF *QOG CPF (QTGKIP #IGPV After you create the configuration file, start the mipd daemon, as described in “Starting the Home and Foreign Agent Daemon (mipd)” on page 67.Verify that mipd is running, as described in “Verifying the Home and Foreign Agent Daemon (mipd)” on page 68.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU 5VCTVKPI VJG *QOG CPF (QTGKIP #IGPV &CGOQP OKRF Starting the Home and Foreign Agent Daemon (mipd) The mipd daemon provides Home Agent and Foreign Agent services. There are two ways to start mipd: • Automatically, at system startup time • Manually, using the mipadmin utility In most cases, you will want mipd to automatically start at system startup time. Automatically Starting mipd at System Startup The /etc/rc.config.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU 8GTKH[KPI VJG *QOG CPF (QTGKIP #IGPV &CGOQP OKRF Verifying the Home and Foreign Agent Daemon (mipd) Use the mipadmin -status command to verify that the mipd daemon is running. The output will show whether or not mipd is running and other general statistics. To verify the Home Agent or Foreign Agent functionality, refer to “Verification Procedures” on page 92.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU 5VQRRKPI VJG *QOG CPF (QTGKIP #IGPV &CGOQP OKRF Stopping the Home and Foreign Agent Daemon (mipd) There are two ways to stop mipd: • Automatically, at system shutdown time. The HP-UX Mobile IPv4 product installs a script that the system executes at system shutdown time.
%QPHKIWTKPI CPF #FOKPKUVGTKPI *QOG CPF (QTGKIP #IGPVU /CPCIKPI &[PCOKE *QOG #FFTGUU 2QQNU Managing Dynamic Home Address Pools The Mobile IPv4 protocol suite has no provision for a Mobile Node to return a dynamically allocated home address to the Home Agent. The mipd daemon does not retain information about dynamic home addresses allocated by previous instances of the daemon. If you are using dynamic home address allocation, you must manually remove dynamically allocated addresses from the address pool.
7 Chapter 7 Configuring and Administering Route Optimization 71
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP When Route Optimization is used, the Home Agent sends a notification message to the Correspondent Node (the node sending packets to the Mobile Node) with the Mobile Node’s Care-of Address. This enables the Correspondent Node to send packets directly to the Mobile Node’s Care-of Address. The notification message is cryptographically authenticated using a key that you must configure on the Correspondent Node and the Home Agent.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP 4QWVG 1RVKOK\CVKQP 4GSWKTGOGPVU Route Optimization Requirements To use Route Optimization, your topology must meet the following requirements: NOTE Chapter 7 • The Home Agent must be an HP-UX system running the Mobile IPv4 daemon, mipd. • The Correspondent Node must be an HP-UX system running the Mobile IPv4 Route Optimization daemon, miprod. A system cannot run the mipd daemon and the miprod daemon.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP %QPHKIWTKPI 4QWVG 1RVKOK\CVKQP Configuring Route Optimization The recommended steps for configuring Route Optimization are listed below. Note that Step 1 is performed on the Home Agents, and Steps 2 - 5 are performed on the Correspondent Node. Refer to Appendix A, “Configuration Examples,” on page 201 for example configuration sessions and files. Step 1.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP %QPHKIWTKPI 4QWVG 1RVKOK\CVKQP Step 1: On the Home Agent, Configure Security Information about the Correspondent Node On the Home Agent, use the mipconfig configure node command to configure security information about the Correspondent Node. The information you configure on the Home Agent must match what you will configure on the Correspondent Node.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP %QPHKIWTKPI 4QWVG 1RVKOK\CVKQP Step 2: On the Correspondent Node, Start miproconfig Before you start miproconfig on the Correspondent Node, the LAN interfaces that you want to use for route optimization should already be configured for IP service using the HP-UX ifconfig command. This allows miproconfig to read the interface IP addresses and other information and configure many of the Mobile IPv4 parameters with default values.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP %QPHKIWTKPI 4QWVG 1RVKOK\CVKQP Step 3: On the Correspondent Node, Configure Security Information about Home Agents (configure ha) On the Correspondent Node, use the miproconfig configure ha command to configure security information about Home Agents. The Correspondent Node will use this information to authenticate messages from the Home Agent. The information you configure on the Correspondent Node must match what you configured on the Home Agent.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP %QPHKIWTKPI 4QWVG 1RVKOK\CVKQP Step 4: (Optional) On the Correspondent Node, Configure IP Addresses (configure interface) On the Correspondent Node, you can optionally use the miproconfig configure interface command to explicitly configure the IP interface address that the route optimization daemon (miprod) will use as the source address for route optimization tunnels (tunnels to the Mobile Nodes’ Care-of Addresses).
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP %QPHKIWTKPI 4QWVG 1RVKOK\CVKQP Step 5: Write Configuration File and Exit (write, exit) After you have entered all configuration information, use the miproconfig write command to write the data to a configuration file: w[rite] [filename] If you do not specify filename, miproconfig will prompt you for a file name and present the current working file as a default.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP 5VCTVKPI VJG 4QWVG 1RVKOK\CVKQP &CGOQP OKRTQF Starting the Route Optimization Daemon (miprod) The miprod daemon provides Route Optimization services on Correspondent Nodes. There are two ways to start miprod: • Automatically, at system startup time • Manually, using the mipadmin utility In most cases, you will want miprod to automatically start at system startup time. Automatically Starting miprod at System Startup The /etc/rc.config.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP 8GTKH[KPI VJG 4QWVG 1RVKOK\CVKQP &CGOQP OKRTQF Verifying the Route Optimization Daemon (miprod) Use the mipadmin -status command to verify that the miprod daemon is running. The output will show whether or not miprod is running and statistics. To verify the Route Optimization functionality, refer to “Verify Route Optimization” on page 93.
%QPHKIWTKPI CPF #FOKPKUVGTKPI 4QWVG 1RVKOK\CVKQP 5VQRRKPI VJG 4QWVG 1RVKOK\CVKQP &CGOQP OKRTQF Stopping the Route Optimization Daemon (miprod) There are two ways to stop miprod: • Automatically, at system shutdown time. The HP-UX Mobile IPv4 product installs a script that the system executes at system shutdown time. You do not have to configure anything to use this feature.
8 Chapter 8 Verifying and Troubleshooting 83
8GTKH[KPI CPF 6TQWDNGUJQQVKPI This chapter provides information about verifying and troubleshooting HP-UX Mobile IPv4.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 8GTKHKECVKQP CPF 6TQWDNGUJQQVKPI 6QQNU 1XGTXKGY Verification and Troubleshooting Tools Overview You can use the following tools to verify and troubleshoot HP-UX Mobile IPv4: • mipadmin The mipadmin utility reports status and version information, statistics and protocol information, such as Mobile Node Care-of Addresses (bindings), visiting Mobile Nodes, and tunnels. It also manages event log levels, extracts Mobile IPv4 event log messages from syslog.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI OKRCFOKP mipadmin The mipadmin utility queries the HP-UX Mobile IPv4 daemon (mipd or miprod) for information about current operating parameters. You can also run mipadmin when no HP-UX Mobile IPv4 daemon is running and extract HP-UX Mobile IPv4 log entries from the syslog file. The mipadmin utility also starts and stops the HP-UX Mobile IPv4 daemon (mipd or miprod).
8GTKH[KPI CPF 6TQWDNGUJQQVKPI OKRCFOKP Table 8-1 mipadmin Troubleshooting Options (Continued) Task Chapter 8 mipadmin option On Home or Foreign Agents: Report information about sessions with the AAA server -se[ssions] [-v] On Home Agents with Dynamic Address Allocation: report information about dynamic address pool, including allocated addresses -d[ynamicaddr] On Home Agents or Correspondent Nodes with Route Optimization: report route optimization information -r[oinfo] Report or change event log
8GTKH[KPI CPF 6TQWDNGUJQQVKPI U[UNQI 'XGPV .QIIKPI syslog Event Logging The HP-UX Mobile IPv4 daemons mipd and miprod send event log messages to the HP-UX syslog utility. You can use mipadmin options to manage log levels and extract Mobile IPv4 event log messages from syslog. For information on configuring operating parameters for the syslog utility (such as the log file name), refer to the syslogd (1M) man page. Log Levels HP-UX Mobile IPv4 has four event log levels.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI U[UNQI 'XGPV .QIIKPI The mipadmin utility will extract syslog entries logged by the mipd or miprod daemon according the following rules: 1. If you specify mipd or ma, mipadmin will display entries logged by the most recent instance of mipd. If you specify miprod or cn, mipadmin will display entries logged by the most recent instance of miprod. 2.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI PGVVN CPF PGVHOV 2CEMGV 6TCEKPI CPF (QTOCVVKPI nettl and netfmt Packet Tracing and Formatting You can trace Mobile IPv4 protocol packets using nettl (network tracing utility). The netfmt (network trace formatting) utility formats the Mobile IPv4 protocol packets and present the packets in human-readable form, with protocol information labeled. For more information on nettl and netfmt, refer to the nettl (1M) and netfmt (1M) man pages.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI PGVVN CPF PGVHOV 2CEMGV 6TCEKPI CPF (QTOCVVKPI Formatting Mobile IPv4 Packets Use netfmt to format the nettl trace files. Specify the -N (“nice”) option so that netfmt will format the Mobile IPv4 protocol packets and label the protocol fields. (The -N option does not format AAA protocol packets. The netfmt utility shows AAA packet contents as hexadecimal values.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 8GTKHKECVKQP 2TQEGFWTGU Verification Procedures This section contains the following verification procedures for HP-UX Mobile IPv4:.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 8GTKHKECVKQP 2TQEGFWTGU ______________________________ MOBILITY BINDINGS ________________________ MN Home Address: 15.15.15.3 Interface: lan3 Tunnel Name: v4tu0:1 Home Agent Address: 15.15.15.4 Care-of Address: 10.10.10.2 Lifetime Remaining (secs): 49 Verify De-Registration You may also want to verify that the Home Agent properly handles the Mobile Node’s de-registration after the Mobile Node attaches to the home network. 1. Attach a Mobile Node to its home network. 2.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 8GTKHKECVKQP 2TQEGFWTGU 4. On the Correspondent Node, use the mipadmin -tunnel command to display the tunnel that the Correspondent Node uses to encapsulate the original IP packet (addressed to the Mobile Node) in an IP packet addressed to the Care-of Address (the Tunnel End Point). In the example below, when the Correspondent Node sends a packet to the Mobile Node, it will first build an IP packet as follows: Source Address: 15.15.15.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 8GTKHKECVKQP 2TQEGFWTGU Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 15.1.1.1.65240 15.2.2.2.1812 ESTABLISHED Use the mipadmin -sessions command to verify the mipd sessions with the AAA server. The Home Agent and AAA Home Agent Server (AAAH) establish a AAA session for each AAA Mobile Node client registered with the Home Agent.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Common Problems This section contains information about the following common HP-UX Mobile IPv4 problems: • “Daemon Will Not Run” on page 96 • “Mobile Node Registration and De-registration Problems” on page 98 • “Routing Problems - Deleted Mobile IPv4 Routes” on page 107 Daemon Will Not Run The mipd or miprod daemon will not start (the mipadmin -start command returns an error) or the mipadmin -status command returns the following error: mipadmin: No Mobile
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Chapter 8 • ping • traceroute • ifconfig • netstat -in, netstat -rn • lanadmin 97
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Mobile Node Registration and De-registration Problems If the Mobile Node is not registering, check for entries in the syslog file (the default file is /var/adm/syslog/syslog.log) with the Mobile Node’s address on the Home Agent. If you are using Foreign Agent Care-of Addresses, also check the syslog file on the Foreign Agent.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Home or Foreign Agent Cannot Get the Mobile Node’s Link Address (failed to get link addr) If a Mobile Node is not registering with a Foreign Agent or if the Mobile Node is not de-registering when it returns to its home network, check the Foreign Agent’s syslog file (for registration problems) or the Home Agent’s syslog file (for de-registration problems).
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Mobile Nodes with Incorrect IP Address or SPI (authentication failed due to unknown MN) On the Home Agent, syslog entries similar to the one below may indicate that you have configured an incorrect IP address or SPI for non-AAA Mobile Nodes: Dec 30 15:12:21 ERROR: (11.11.11.4) HA: authentication failed due to unknown MN Solution Compare the configuration for the Mobile Node on the Home Agent with the configuration on the Mobile Node.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Non-AAA Authentication Errors on the Home Agent (Bad MN-HA authenticator) On the Home Agent, syslog entries similar to the one below indicate authentication errors for non-AAA Mobile Nodes: Mar 20 17:05:55 WARN: Bad MN-HA authenticator from MN(192.15.15.3) Mar 20 17:05:55 ERROR: HA: authentication failed from MN (192.15.15.3) Solution Compare the security configuration for the Mobile Node on the Home Agent with the configuration on the Mobile Node.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU AAA Authentication Errors (HME_AUTH_FAIL, FOR_AUTH_FAIL) If a AAA Mobile Node fails the authentication check on the AAA Home Agent Server (AAAH), the AAAH will send the Home Agent an error indication. The Home Agent will log warning event messages similar to the messages below: Feb 3 15:38:14 hpindhqo mipd[15897]: WARN: HA: Non-Success return code (4001: Result-Code: Authentication process failed) in AMA for MN (linux2@home.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU AAA Registration Fails because IP Name or Address Resolution Fails (gethostbyname() failed, gethostbyaddr() failed) For AAA Mobile Node registration, the Home Agent and Foreign Agent use a Home Agent - Foreign Agent security key. The agents store and retrieve this key using the peer agent’s hostname, and use gethostbyaddr() to resolve the source IP address from incoming packets to a hostname.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU • The Home Agent must be able to resolve the Foreign Agent’s AAA FQDN to an IP address using gethostbyname(). If the Foreign Agent has multiple IP addresses, all addresses must resolve to the same hostname. • The Home Agent must be able to resolve the Foreign Agent’s IP address from incoming packets to the Foreign Agent’s AAA FQDN using gethostbyaddr().
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU AAA Registration Fails because of AAA Key Extension Type or Subtype Mismatch (Unrecognized extension, Unrecognized subtype) The IETF is still defining AAA type and subtype values for AAA Generalized Key Request/Reply message extensions. A AAA Mobile Node client may use type or subtype values that do not match the values used by HP-UX Mobile IPv4.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Mobile Node is not Attempting to Register or De-register If the Foreign Agent’s Agent Advertisements are not acceptable or available to the Mobile Node, the Mobile Node will not register with the Foreign Agent. Similarly, if the Home Agent’s Agent Advertisements are not acceptable to the Mobile Node, the Mobile Node will not de-register when it returns to its home network.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU Routing Problems - Deleted Mobile IPv4 Routes If the Mobile Node is registered but you cannot send packets between the Correspondent Node and the Mobile Node (users report connection timeouts or host unreachable errors), the gated daemon on the Home or Foreign Agent may have deleted the Mobile IPv4 route entries. This problem occurs if you start or re-start the gated daemon after the HP-UX Mobile IPv4 daemon has started.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI %QOOQP 2TQDNGOU 3.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 6TQWDNGUJQQVKPI %JGEMNKUVU Troubleshooting Checklists This section contains the following checklists of items to check on the HP-UX Mobile IPv4 components.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 6TQWDNGUJQQVKPI %JGEMNKUVU • mipadmin -se[ssions] Verify session with the AAA server. • mipadmin -stat[us] Verify status and registration statistics for the Foreign Agent. • mipadmin -logev[ents] Displays syslog events for the Foreign Agent. • netstat -rn Displays route table entries. Check for host route entries to the Mobile Node.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 4GRQTVKPI 2TQDNGOU Reporting Problems Provide the following information when reporting problems to HP: • A description of the problem and any error messages. • A description of the network topology, with IP addresses, subnet masks and interface names. • Output from the mipadmin options listed in the “Troubleshooting Checklists” on page 109. • ndd output on Foreign Agent, Home Agent and Correspondent Node: 1. ndd /dev/ip ip_iptun_status 2. ndd /dev/ip ip_ipif_status 3.
8GTKH[KPI CPF 6TQWDNGUJQQVKPI 4GRQTVKPI 2TQDNGOU 1. The output from /etc/ping to the Mobile Node from Foreign Agent, Home Agent and Correspondent Node. 2. IP nettl traces on the Foreign Agent, Home Agent and Correspondent Node. • If you are having problems with AAA, add the following information: 1. The output from /etc/ping from the Home Agent to the AAAH, from the Foreign Agent to the AAAF, and between the AAAH and AAAF. 2. IP nettl traces on the Home Agent and Foreign Agent. 3.
9 Chapter 9 mipconfig and miproconfig 113
OKREQPHKI CPF OKRTQEQPHKI This chapter provides information about mipconfig and miproconfig. mipconfig is the the HP-UX Mobile IPv4 utility for configuring Home and Foreign Agents. miproconfig is the HP-UX Mobile IPv4 utility for configuring Correspondent Nodes for Route Optimization.
OKREQPHKI CPF OKRTQEQPHKI 7UKPI OKREQPHKI CPF OKRTQEQPHKI Using mipconfig and miproconfig This section contains information about using mipconfig, the HP-UX Mobile IPv4 utility for configuring Home and Foreign Agents and about using miproconfig, the HP-UX Mobile IPv4 utility for configuring Correspondent Nodes that support Route Optimization.
OKREQPHKI CPF OKRTQEQPHKI 7UKPI OKREQPHKI CPF OKRTQEQPHKI You can abbreviate the command name. For example, to get syntax and parameter information for the configure interface (c i) command, you can type: help -v c i mipconfig and miproconfig Default Parameter Values For some parameters, mipconfig and miproconfig will enter a default value in the configuration file if you do not specify a value in the command line.
OKREQPHKI CPF OKRTQEQPHKI 7UKPI OKREQPHKI CPF OKRTQEQPHKI For example, the user entered the following mipconfig configure node command on two lines by using the continuation character: mipconfig> configure node 15.15.15.3 -spi 1024 -key 11 22 33 44 55 66 77\ 88 99 00 11 22 33 44 55 66 Exiting a command character (control-c) You can exit from a mipconfig or miproconfig command by entering control-c. mipconfig or miproconfig will delete any previous information typed for the command.
OKREQPHKI CPF OKRTQEQPHKI 7UKPI OKREQPHKI CPF OKRTQEQPHKI Services provided on the interface: HA: Home agent services only FA: Foreign agent services only HA/FA, HA-FA, FAHA or FA-HA: Provide both HA and FA services. Input is required. : : Expert Mode If you enter a command and specify any optional parameters, mipconfig or miproconfig will operate in expert mode and not prompt you for any other parameters for that command.
OKREQPHKI CPF OKRTQEQPHKI 7UKPI OKREQPHKI CPF OKRTQEQPHKI NOTE: replay protection for Mobile/Correspondent node 15.1.1.1 has been set to timestamp : : Executed 4 Commands from my_mipconf The user writes the configuration information and exits mipconfig: mipconfig> w Configuration file name (/var/adm/mip/mipd.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG mipconfig Command reference Table 9-1 lists and briefly describes the mipconfig commands. Each command and its parameters are described in subsequent sections. For step-by-step instructions on configuring Home Agents, Foreign Agents, and configuring Correspondent Nodes for Route Optimization, refer to Chapter 6, “Configuring and Administering Home and Foreign Agents,” on page 49.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG Table 9-1 mipconfig Commands (Continued) Command Chapter 9 Description list global List global operating parameter configuration data, including AAA parameters. list interface List Mobile IPv4 interface configuration data. list node List configuration data about Mobile Node clients and about Correspondent Nodes using Route Optimization. overview Provides an overview on how to configure HP-UX Mobile IPv4.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG ? The ? (question mark) command provides online help information about mipconfig commands. Syntax ? [-v command_name [command_name...]] Parameters command_name Name of mipconfig command. The mipconfig utility will display the syntax and brief description of the command. If you specify the -v (verbose) option, mipconfig will print a description of the command parameters.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG configure coa Use the configure coa command on Foreign Agents to configure Care-of Addresses to advertise to Mobile Nodes in Agent Advertisements. Configuring a Care-of Address is optional. If you do not explicitly configure a Care-of Address using the configure coa command, mipconfig will configure the address for the Foreign Agent interface as the Care-of Address.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG configure file The configure file command specifies a file containing mipconfig commands for batch processing. Each mipconfig command in the file must start on a new line. The mipconfig commands can update existing data in a configuration file or create a new configuration file. Syntactically incorrect commands in the file will not affect the successful execution of the correct ones.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG configure global The configure global command configures or updates global Mobile IPv4 information Syntax c[onfigure] g[lobal] [-ht hold_time] [-icmp icmp_code] [-af aaa_fqdn] [-mf ma_fqdn] [-ap aaa_port] Parameters hold_time Time period for which Foreign Agent should retain Registration Requests that have not received replies. The value is in seconds, and can be a floating decimal value.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG ma_fqdn Fully-Qualified Domain Name (FQDN) of the local host (Mobility Agent). This entry is required for Home or Foreign Agents with AAA Mobile Node clients.The FQDN must match what is configured on the AAA server for the Home or Foreign Agent. Acceptable Values: A Fully-Qualified Domain Name that can be resolved on the local host using gethostbyname(). mipconfig Default: None. mipd Daemon Default: None.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG configure interface The configure interface command configures the local node to be a Home Agent, Foreign Agent or a combined Home and Foreign Agent by configuring Mobile IPv4 service(s) for a LAN interface. You can use the configure interface command multiple times to configure Mobile IPv4 services on multiple LAN interfaces. NOTE An Agent with AAA Mobile Node clients can be a Home Agent or Foreign Agent, but not both.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG primary_address_netmask Network mask used in the subnet Acceptable Values: Network mask in dotted-decimal notation. mipconfig Default: Network mask that is currently used by the interface. mipd Daemon Default: None. advertisement_address IP address to which Agent Advertisements are sent. Acceptable Values: 255.255.255.255 (limited broadcast address) 224.0.0.1 (multicast address for all systems on this interface) mipconfig Default: 255.255.255.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG mipd Daemon Default: 1800 seconds (30 minutes) maximum_registration_lifetime Maximum registration time. The Foreign Agent will reject Mobile Node Registration Requests that request longer lifetimes. A Mobile Node may request to re-new its registration before the registration expires. Acceptable Values: 1 - 2147483647. mipconfig Default: None. If you do not specify a value, the mipd daemon will use its own default value.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG configure node Use the configure node command on Home Agents to configure information about non-AAA Mobile Node clients, or about Correspondent Nodes that will use route optimization. You do not have to use this command if the local node is only a Foreign Agent, or a Home Agent with only AAA Mobile Node clients and no Mobile Node clients that will use Route Optimization.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG key 128-bit security key mipd uses to authenticate messages from the Mobile Node or Correspondent Node. Ideally, each entry should have a distinct key. This key must match the key configured on the Mobile Node or Correspondent Node. Acceptable Values: 128 bits, entered as a series of 16, two-digit hexadecimal values, separated by spaces. Alternatively, you can specify random, and mipconfig will generate a key for you and display it on stdout.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG configure pool Use the configure pool command on Home Agents with AAA Mobile Node clients that will use dynamic home address assignment. The configure pool command configures a pool of IP addresses that the Home Agent will assign to AAA Mobile Nodes that request a home address. NOTE The Mobile IPv4 protocol suite has no provision for a Mobile Node to return a dynamically allocated home address to the Home Agent.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG configure router Use the configure router command on Foreign Agents to configure router information that the Foreign Agent will advertise to Mobile Nodes in Agent Advertisements. You can configure up to eight (8) routers for each Foreign Agent interface.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG delete all The delete all command deletes all configuration information that has been entered during a mipconfig session and any information in an open configuration file. The mipconfig utility will ask you to confirm that you want to delete the information.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG delete coa The delete coa command deletes one or more Care-of Addresses configured for a Foreign Agent interface. Syntax d[elete] c[oa] [interface_name] [fa_care-of_address]...] [fa_care-of_address Parameters interface_name Name of the interface with Foreign Agent services configured. fa_care-of_address Foreign Agent Care-of Address to delete.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG delete global The delete global command deletes all the Mobile IPv4 global parameters, including AAA information. The mipconfig utility will ask you to confirm that you want to delete the information.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG delete interface The delete interface command deletes Mobile IPv4 configuration information about one or more interfaces. Syntax d[elete] i[nterface] [interface_name [interface_name]...] Parameters interface_name Name of the interface. If you do not specify an interface_name, mipconfig will ask if you want to delete information about all Mobile IPv4 interfaces.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG delete node The delete node command deletes configuration information about one or more Mobile Nodes or Correspondent Nodes. Syntax d[elete] n[ode] [ip_addr [ip_addr] ...] Parameters ip_addr 138 IP address of the Mobile Node or Correspondent Node. If you do not specify an ip_addr, mipconfig will ask if you want to delete information about all nodes (all Mobile Nodes and/or Correspondent Nodes).
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG delete router The delete router command deletes one or more router addresses for the specified interface. Syntax d[elete] r[outer] [interface_name] [router_ip_address [router_ip_address] ...] Parameters interface_name Name of the interface router_ip_address Router IP address to delete. If you do not enter a router_ip_address, mipconfig will ask if you want delete all router addresses configured for the specified interface.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG exit The exit command terminates the mipconfig session. Syntax exit [-f] Notes If you try to exit and there is data from the current session that has not been written to a file, mipconfig will print an error message and not terminate: mipconfig> exit There is unsaved data. Use the 'write' command to save data, or 'quit -f' or 'exit -f' to exit without saving data.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG help The help command provides online help information about mipconfig commands. Syntax help [-v command_name [command_name...]] Parameters command_name Name of mipconfig command. The mipconfig utility will display the syntax and brief description of the command. If you specify the -v (verbose) option, mipconfig will print a description of the command parameters.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG list all The list all command lists all data configured during the current session and provides a snapshot of the configuration file that would be created if the current session was written to a file.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG list global The list global command lists global configuration data, including data configured during the current mipconfig session.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG list interface The list interface command lists all configuration data for Mobile IPv4 interfaces, including interface data configured during the current mipconfig session. Syntax l[ist] i[nterface] [interface_name [interface_name] ...] Parameters interface_name Name of the interface. If you do not specify an interface_name, mipconfig will ask if you want display information about all Mobile IPv4 interfaces.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG list node The list node command lists all configuration data for Mobile Nodes and Correspondent Nodes, including node data configured during the current mipconfig session. Syntax l[is]t n[ode] [ip_addr [ip_addr]...] Parameters ip_addr Chapter 9 IP address of the Mobile Node or Correspondent Node. If you do not specify an ip_addr, mipconfig will ask if you want to display information about all nodes.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG overview The overview command provides an overview of how to configure Home Agents and Foreign Agents.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG poll interface The poll interface command lists the name, primary address, and netmasks of all interfaces configured on the system (ifconfig UP, not POINTOPOINT or LOOPBACK). You can use the output from this command to help you configure valid router addresses and Care-of Addresses.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG refreshscr The refreshscr command clears the session screen display (similar to the HP-UX clear command).
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG quit The quit command terminates the mipconfig session. Syntax quit [-f] Notes If you try to exit and there is data from the current session that has not been written to a file, mipconfig will print an error message and not terminate: mipconfig> quit There is unsaved data. Use the 'write' command to save data, or 'quit -f' or 'exit -f' to exit without saving data.
OKREQPHKI CPF OKRTQEQPHKI OKREQPHKI %QOOCPF TGHGTGPEG write The write command writes data configured during the current mipconfig session to a configuration file. Syntax w[rite] [filename] Parameters filename Name of the file to which mipconfig will write the data. If filename does not exist, mipconfig will create the file. If filename already exists, mipconfig will ask if you want to overwrite the existing contents.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG miproconfig Command Reference Table 9-2 lists and briefly describes the miproconfig commands. Each command and its parameters are described in subsequent sections. For step-by-step instructions on configuring Route Optimization, refer to Chapter 7, “Configuring and Administering Route Optimization,” on page 71. Table 9-2 miproconfig Commands Command Chapter 9 Description ? (question mark) Provides online help.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG ? The ? (question mark) command provides online help information about miproconfig commands. Syntax ? [-v command_name [command_name...]] Parameters command_name Name of miproconfig command. The miproconfig utility will display the syntax and brief description of the command. If you specify the -v (verbose) option, miproconfig will print a description of the command parameters.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG configure file The configure file command specifies a file containing mipconfig commands for batch processing. Each miproconfig command in the file must start on a new line. The miproconfig commands can update existing data in a configuration file or create a new configuration file. Syntactically incorrect commands in the file will not affect the successful execution of the correct ones.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG configure ha Use the configure ha command to configure security information about Home Agents. The security information must match the security information configured about the local node on the Home Agent using the mipconfig configure node command.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG miproconfig Default: None. You must specify a value. miprod Default: None.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG configure interface The configure interface command configures the IP interface address that the route optimization daemon (miprod) will use as the source address for route optimization tunnels (tunnels to the Mobile Nodes’ Care-of Addresses). If you do not configure an IP address interface, miprod will use the IP address configured for the local system’s hostname (the IP address returned by gethostbyname() for the name that gethostname() returns).
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG delete all The delete all command deletes all configuration information that has been entered during a miproconfig session and any information in an open configuration file. The miproconfig utility will ask you to confirm that you want to delete the information.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG delete ha The delete ha command deletes configuration information about one or more Home Agents. Syntax d[elete] h[a] [ip_addr [ip_addr] ...] Parameters ip_addr 158 IP address of the Home Agent. If you do not specify an ip_addr, miproconfig will ask if you want to delete information about all Home Agents.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG delete interface The delete interface command deletes Mobile IPv4 configuration information about one or more interfaces. Syntax d[elete] i[nterface] [interface_name [interface_name]...] Parameters interface_name Name of the interface. If you do not specify an interface_name, miproconfig will ask if you want to delete information about all Mobile IPv4 interfaces.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG exit The exit command terminates the miproconfig session. Syntax exit [-f] Notes If you try to exit and there is data from the current session that has not been written to a file, miproconfig will print an error message and not terminate: miproconfig> exit There is unsaved data. Use the 'write' command to save data, or 'quit -f' or 'exit -f' to exit without saving data.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG help The help command provides online help information about miproconfig commands. Syntax help [-v command_name [command_name...]] Parameters command_name Name of miproconfig command. The miproconfig utility will display the syntax and brief description of the command. If you specify the -v (verbose) option, miproconfig will print a description of the command parameters.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG list all The list all command lists all data configured during the current session and provides a snapshot of the configuration file that would be created if the current session was written to a file.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG list ha The list node command lists all configuration data for Home Agents, including node data configured during the current miproconfig session. Syntax l[ist] n[ode] [ip_addr [ip_addr]... ] Parameters ip_addr Chapter 9 IP address of the Home Agent. If you do not specify an ip_addr, miproconfig will ask if you want to display information about all Home Agents.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG list interface The list interface command lists all configuration data for Mobile IPv4 interfaces, including interface data configured during the current miproconfig session. Syntax l[ist] i[nterface] [interface_name [interface_name] ...] Parameters interface_name Name of the interface. If you do not specify an interface_name, miproconfig will ask if you want display information about all Mobile IPv4 interfaces.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG overview The overview command provides an overview of how to configure Home Agents and Foreign Agents.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG poll interface The poll interface command lists the name, primary address, and netmasks of all interfaces configured on the system (ifconfig UP, not POINTOPOINT or LOOPBACK). You can use the output from this command to help you configure valid router addresses and Care-of Addresses.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG refreshscr The refreshscr command clears the session screen display (similar to the HP-UX clear command).
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG quit The quit command terminates the miproconfig session. Syntax quit [-f] Notes If you try to exit and there is data from the current session that has not been written to a file, miproconfig will print an error message and not terminate: miproconfig> quit There is unsaved data. Use the 'write' command to save data, or 'quit -f' or 'exit -f' to exit without saving data.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG write The write command writes data configured during the current miproconfig session to a configuration file. Syntax w[rite] [filename] Parameters filename Name of the file to which miproconfig will write the data. If filename does not exist, miproconfig will create the file. If filename already exists, miproconfig will ask if you want to overwrite the existing contents.
OKREQPHKI CPF OKRTQEQPHKI OKRTQEQPHKI %QOOCPF 4GHGTGPEG 170 Chapter 9
10 Chapter 10 mipadmin 171
OKRCFOKP The mipadmin utility starts and stops the HP-UX Mobile IPv4 daemons, and queries the daemons for status and operating parameters. You can also use mipadmin to manage HP-UX Mobile IPv4 event logging.
OKRCFOKP 7UKPI OKRCFOKP Using mipadmin This section contains general information about using mipadmin. Requirements The mipadmin utility has two run-time requirements: • You must have superuser capability to run mipadmin. • The directory /var/adm/mip must exist. The mipadmin utility uses a domain socket (admin_ipc_socket) in this directory to communicate with the HP-UX Mobile IPv4 daemon (mipd or miprod). Command Line Options or Interactive Session You can run mipadmin with command-line options.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG mipadmin Options Reference Table 10-1 lists and briefly describes the mipconfig options. Each option and its parameters are described in subsequent sections. Table 10-1 mipadmin Options Option 174 Description -? [option ...
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG Table 10-1 mipadmin Options (Continued) Option Chapter 10 Description -sto[p] Stops the mipd or miprod daemon.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG ? The ? (question mark) option provides online help information about mipadmin options. Syntax ? [option_name [option_name...]] Parameters option_name Name of mipadmin option. The mipadmin utility will display the syntax and brief description of the option. If you do not specify option_name, mipadmin will list all the options. Description The ? (question mark) option displays online help information about mipadmin options. It is equivalent to the help option.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG advertisements The advertisements option queries mipd and displays the contents of the Agent Advertisements sent by Home and Foreign Agents. Syntax -a[dvertisements] [-v] Parameters Verbose option. -v Description This option applies only to Home or Foreign Agents. The mipadmin utility will display information about Agent Advertisements for each interface configured for Home or Foreign Agent services.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG — B: indicates the Foreign Agent is busy and cannot accept Registration Requests from additional Mobile Nodes. — H: the agent offers Home Agent services on the link used to send this advertisement. — F: the agent offers Foreign Agent services on the link used to send this advertisement. — T: the agent support Reverse Tunneling. This flag is always set. — CARE-OF ADDRESSES: The number of Care-of Addresses advertised, followed by a list of Care-of Addresses.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG ADVERTISEMENT EXTENSION Type: 16 Registration Lifetime (secs): 180 Length: 14 Flags: F T CARE-OF ADDRESSES (1) 10.10.10.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG bindings The bindings option queries mipd and displays binding information about Mobile Nodes (information that binds the Mobile Node to its Care-of Address) on Home or Foreign Agents. Syntax -b[indings] -v Parameters Verbose option. -v Description This option applies only to Home or Foreign Agents. The mipadmin utility displays the following information about each Mobile Node: • MN Home Address: the Mobile Node’s Home Address.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG configuration The configuration option queries the mipd or miprod daemon and displays the active configuration parameters (the configuration parameters that the daemon is currently using). Syntax -c[onfiguration] -g[lobal] -n[odes] -i[nterface] -a[ll] Parameters -g[lobal] Display only the global configuration data. -n[odes] On a Home Agent, display only the configuration entries for Mobile Nodes or Correspondent Nodes.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG __________________________________ INTERFACES __________________________ NAME: lan1 Primary Address: 11.11.11.2 Advert Address: 255.255.255.255 Advert Lifetime (secs): 1800 ROUTERS (1) IP Address: 11.11.11.2 Preference: 1 Service(s): HA FA Primary Netmask: 255.0.0.0 Advert Interval (secs): 1.0 Max Reg Lifetime (secs): 300 Netmask: 255.0.0.0 CARE-OF ADDRESSES (1) 120.120.120.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG dynamicaddr The dynamicaddr option queries mipd and displays information about the dynamic address pool for AAA Mobile Node clients on the Home Agent. Syntax -d[ynamicaddr] Parameters None. Description This option applies only to mipd. The mipadmin utility displays the following information about each entry in a Home Agent’s dynamic address pool: • IP address.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG exit The exit option ends an interactive mipadmin session. Syntax e[xit] Parameters None. Description The exit option ends an interactive mipadmin session. It is equivalent to the quit option.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG help The help option provides online help information about mipadmin options. Syntax help [option_name [option_name...]] Parameters option_name Name of mipadmin option. The mipadmin utility will display the syntax and brief description of the option. If you do not specify option_name, mipadmin will list all the options. Description The help option displays online help information about mipadmin options. It is equivalent to the ? (question mark) option.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG logevents The logevents option extracts HP-UX Mobile IPv4 entries from the syslog file. Syntax -loge[vents] [mipd | ma | miprod | cn] [-l[evel] level ...] Parameters mipd Display syslog entries logged by the most recent instance of mipd. ma Display syslog entries logged by the most recent instance of mipd. miprod Display syslog entries logged by the most recent instance of miprod. cn Display syslog entries logged by the most recent instance of miprod.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG loglevel The loglevel option sets or displays the HP-UX Mobile IPv4 event log level. Syntax -logl[evel] [-l[evel] a[lert] | e[rror] | w[arn] i[nfo]] Parameters -level Set the log level to the specified level. If you do not specify -level, mipadmin will display the current log level. HP-UX Mobile IPv4 has four event log levels. They are listed below in order, from highest level to lowest.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG quit The quit option ends an interactive mipadmin session. Syntax q[uit] Parameters None. Description The quit option ends an interactive mipadmin session.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG roinfo The roinfo option queries mipd or miprod and displays route optimization information on Home Agents and Correspondent Nodes using route optimization. Syntax -ro[info] -v Parameters Verbose option. This option is valid only on Home Agents. -v Description On Home Agents, mipadmin displays the following information for each route optimization entry: • MN Home Address: the Mobile Node’s Home Address. • Care-of Address: the Mobile Node’s current Care-of Address.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG • SPI: SPI (Security Parameters Index) that identifies the security association between the Correspondent Node and the Home Agent. Examples An example from a Home Agent is shown below: mipadmin> -ro -v ________________________ ROUTE OPTIMIZATION INFORMATION ________________ MN Home Address: 120.120.120.4 Correspondent Node: 13.13.13.100 2003 ID: 0x3e3edf3e:49c11513 Binding Update Message Status: Care-of Address: 12.12.12.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG sessions The sessions option queries mipd and displays information about AAA sessions. This option is valid only on Home Agents and Foreign Agents. Syntax se[ssions] [-v] Parameters Verbose option. -v Description A Home or Foreign Agent will have one AAA session with the corresponding AAA Home Agent Server (AAAH) or AAA Foreign Agent Server (AAAF) for each AAA Mobile Node it is serving.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG start The start option starts the mipd or miprod daemon. Syntax -star[t] [mipd | ma | miprod | cn] [-file configuration_file] Parameters mipd Start the mipd daemon, the daemon for mobility agents (Home or Foreign Agents). ma Start the mipd daemon, the daemon for mobility agents (Home or Foreign Agents). miprod Start the miprod daemon, the route optimization daemon for Correspondent Nodes.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG for miproconfig. If the interface is not configured for IP or the address does not match, miproconfig will display information messages, and continue processing the configuration file. Link Shutdown and Restart If mipadmin is starting mipd, it will shutdown the LAN interfaces configured for Mobile IPv4 and restart them with NOFASTPATH enabled as part of the startup process.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG status The status option queries mipd or miprod and displays general information and statistics about Home Agents, Foreign Agents or Correspondent Nodes. Syntax -stat[us] -r Parameters Reset option. Resets the statistical counters to 0. -r Description The output displays General Info and statistics. General Info displays the services offered and the time the daemon started.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG • Number of Binding Update Authentication Failures: Number of Binding Update Messages that the Correspondent Node rejected because of authentication failures (mis-matched SPI, security algorithm or incorrect authentication values). These failures may indicate that the Correspondent Node and the Home Agent have mis-matched security parameters configured.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG stop The stop option stops the currently running HP-UX Mobile IPv4 daemon (mip or miprod). Syntax sto[p] Parameters None. Description If mipadmin is stopping the mipd daemon, mipadmin first queries the daemon for a list of LAN interfaces configured for Mobile IPv4. The mipadmin utility will shutdown these links and restart them with NOFASTPATH disabled when it stops mipd. The mipadmin utility will print a warning message and ask you to verify that you want to stop mipd.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG tunnels The tunnels option queries mipd or miprod and displays information about Mobile IPv4 tunnel interfaces. Syntax t[unnels] [-v] Parameters Verbose option. -v Description The Mobile IPv4 tunnel interfaces are virtual interfaces that Mobile IPv4 uses when it needs to encapsulate (or tunnel) an IP packet in a second IP packet with a different IP source or destination address.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG • Flags: flags that indicate operation options. Possible values are: — Notify Forwards: this flag is always set for tunnels on Home Agents. It indicates that the Home Agent will attempt to send a Binding Update (for Route Optimization) to the Correspondent Nodes. — Any Inbound Ok: this flag is always set for tunnels on Foreign Agents.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG version The version option displays version information for the mipd or miprod daemon. Syntax -ve[rsion] Parameters None Description The mipadmin utility queries the mipd or miprod daemon for version information. Example mipadmin> -ver $ MobileIPv4/9000 Version A.02.
OKRCFOKP OKRCFOKP 1RVKQPU 4GHGTGPEG visitors The visitors option queries mipd and displays information about the Mobile Nodes visiting a Foreign Agent. Syntax -vi[sitors] [-v] Parameters Verbose option. -v Description The mipadmin utility displays the following information about each Mobile Node: • MN Home Address: the Mobile Node’s Home Address. • Home Agent Address: the Mobile Node’s Home Agent’s address. • Lifetime Remaining: the lifetime remaining for the binding, in seconds.
A Appendix A Configuration Examples 201
%QPHKIWTCVKQP 'ZCORNGU This appendix contains examples of mipconfig and miproconfig configuration sessions and sample configuration files.
%QPHKIWTCVKQP 'ZCORNGU OKREQPHKI CPF OKRTQEQPHKI 'ZCORNGU mipconfig and miproconfig Examples This section contains sample mipconfig and miproconfig sessions for three simple topologies: • Non-AAA topology • AAA topology • Route Optimization topology Non-AAA Example This section contains the mipconfig sessions for the Home Agent and Foreign Agent shown in Figure A-1. Figure A-1 Non-AAA Topology Home Agent mipconfig Session # mipconfig Creating /var/adm/mip/mipd.
%QPHKIWTCVKQP 'ZCORNGU OKREQPHKI CPF OKRTQEQPHKI 'ZCORNGU Foreign Agent mipconfig Session # mipconfig Creating /var/adm/mip/mipd.conf mipconfig> conf interf lan0 -s fa mipconfig> write NOTE: primary address 10.10.10.1 has been automatically configured as care-of address interface for lan0 Configuration file name (/var/adm/mip/mipd.conf): mipconfig> quit AAA Example This section contains the mipconfig sessions for the Home Agent and Foreign Agent shown in Figure A-2.
%QPHKIWTCVKQP 'ZCORNGU OKREQPHKI CPF OKRTQEQPHKI 'ZCORNGU Foreign Agent mipconfig Session # /mipconfig Creating ‘/var/adm/mip/mipd.conf’ mipconfig> configure global -af littleaaa.foreign.net -mf biz.foreign.net NOTE: AAA-mode configured. mipd cannot be configured to provide both HA and FA services mipconfig> configure interface lan0 -s fa mipconfig> write NOTE: primary address 10.10.10.1 has been automatically configured as a Care-of Address for interface lan0 Configuration file name (/var/adm/mip/mipd.
%QPHKIWTCVKQP 'ZCORNGU OKREQPHKI CPF OKRTQEQPHKI 'ZCORNGU has been set to timestamps mipconfig> write Configuration file name (/var/adm/mip/mipd.conf): mipconfig> quit Foreign Agent mipconfig Session # mipconfig Creating /var/adm/mip/mipd.conf mipconfig> conf interf lan0 -s fa mipconfig> write NOTE: primary address 10.10.10.1 has been automatically configured as care-of address interface for lan0 Configuration file name (/var/adm/mip/mipd.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU Example Configuration Files This section contains example configuration files for three simple topologies: • Non-AAA topology • AAA topology • Route Optimization topology Non-AAA Example This section contains configuration file for the following topology: • Home Agent Addresses: — 11.11.11.2 (lan1) — 120.120.120.2 (lan2) • Mobile Node Addresses: — 11.11.11.4 — 120.120.120.4 • Correspondent Node Address: — 13.13.13.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU 11 11 11 11 11 120.120.120.4: 1234 md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11.11.11.4: 1234 hmac-md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 } section ether { # Information for interface that offers Mobility Agent services. # Name of the interface interface: lan1 # Primary address of the interface.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU # Primary address of the interface.This address serves two purposes: # 1) as the Home Agent address (if HA service is offered above) # 2) as the source address that Agent Advertisement messages will # have on # both the HA and FA agents primary-addr: 120.120.120.2 # Netmask assoicated with the primary address primary-addr-netmask: 255.0.0.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU section keys { # List of authentication keys between Home Agents and # Mobile/Correspondent Nodes. } section ether { # Information for interface that offers Mobility Agent services. # Name of the interface interface: lan1 # Primary address of the interface.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU section ether { # Information for interface that offers Mobility Agent services. # Name of the interface interface: lan2 # Primary address of the interface.This address serves two purposes: # 1) as the Home Agent address (if HA service is offered above) # 2) as the source address that Agent Advertisement messages will # have on # both the HA and FA agents primary-addr: 12.13.0.2 # Netmask assoicated with the primary address primary-addr-netmask: 255.255.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU AAA Example This section contains configuration file for the following topology: • Home Agent: hpindhqo.home.com Addresses: — 11.11.11.2 (lan1) — 120.120.120.2 (lan2) • AAA Home Agent Server (AAAH): hpindwqt.home.com • Non-AAA Mobile Node Addresses: — 11.11.11.4 — 120.120.120.4 • AAA Mobile Node Dynamic Address Pool: 11.11.11.150 - 11.11.11.151 • Correspondent Node Address: — 13.13.13.100 • Foreign Agent: hpindhqq.foreign.com Addresses: — 12.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU # List of authentication keys between Home Agents and # Mobile/Correspondent Nodes. 13.13.13.100: 600 md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 120.120.120.4: 1234 md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11.11.11.4: 1234 hmac-md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 } section ether { # Information for interface that offers Mobility Agent services.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU } section ether { # Information for interface that offers Mobility Agent services. # Name of the interface interface: lan2 # Primary address of the interface.This address serves two purposes: # 1) as the Home Agent address (if HA service is offered above) # 2) as the source address that Agent Advertisement messages will # have on # both the HA and FA agents primary-addr: 120.120.120.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU Foreign Agent Configuration File # File: /var/adm/mip/mipd.conf # Author: mipconfig # Last Update: Mon Feb 10 13:56:05 2003 # Configuration File for the Mobile IPv4 Mobility Agent daemon # (mipd). section main { # FQDN of mipd’s AAA server aaa-fqdn: hpindwrl.foreign.com # FQDN of mipd ma-fqdn: hpindhqq.foreign.com } section keys { # List of authentication keys between Home Agents and # Mobile/Correspondent Nodes.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU # Address to which agent advertisement messages are sent advert-address: 255.255.255.255 # Interval (secs) between two consecutive agent advertisement # messages advert-interval: 5.00 # Lifetime (secs) of the ICMP Router Advertisement router-lifetime: 60 # Maximum Registration Lifetime (secs) advertised max-reg-lifetime: 180 # Care-of Address(es) advertised careof: 12.12.12.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU # messages advert-interval: 5.00 # Lifetime (secs) of the ICMP Router Advertisement router-lifetime: 60 # Maximum Registration Lifetime (secs) advertised max-reg-lifetime: 180 # Care-of Address(es) advertised careof: 12.13.0.2 } Route Optimization Example This section contains configuration file for the following topology: • Home Agent Addresses: — 11.11.11.2 (lan1) — 120.120.120.2 (lan2) • Correspondent Node Address: — 13.13.13.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU 11 11 11 11 11 120.120.120.4: 1234 md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11.11.11.4: 1235 hmac-md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 } section ether { # Information for interface that offers Mobility Agent services. # Name of the interface interface: lan1 # Primary address of the interface.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU # Primary address of the interface.This address serves two purposes: # 1) as the Home Agent address (if HA service is offered above) # 2) as the source address that Agent Advertisement messages will # have on both the HA and FA agents primary-addr: 120.120.120.2 # Netmask assoicated with the primary address primary-addr-netmask: 255.0.0.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG %QPHKIWTCVKQP (KNGU 120.120.120.2: 600 hmac-md5 tstamp 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 } section ether { # Information for interface that is the source of of all tunnels created # by the daemon. # Name of the interface interface: lan1 # Primary address of the interface that constitutes the the source # of all tunnels created by daemon primary-addr: 11.11.11.
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG ###-G[6[RGU EQPH (KNG Example AAAKeyTypes.conf File When the mipd daemon starts, it reads AAA key type and subtype definitions from the /var/adm/mip/AAAKeyTypes.conf file. This file contains type and subtype definitions from the following IETF documents: • Type values: Generalized Key Distribution Extensions for Mobile IP, Draft 0 (draft-ietf-mobileip-gen-key-00). • Subtype values: AAA Registration Keys for Mobile IP, Draft 10 (draft-ietf-mobileip-aaa-key-10).
%QPHKIWTCVKQP 'ZCORNGU 'ZCORNG ###-G[6[RGU EQPH (KNG # MN-FA Key Request From AAA subtype of the Generalized MN-FA Key # Request Extension. The default value for this field is 7. mn-fa-key-req-subtype: 7 # Type code of the Generalized MN-FA Key Reply Extension. The # default value is 41. mn-fa-key-reply-type: 41 # MN-FA Key Reply From AAA subtype of the Generalized MN-FA Key # Reply Extension. The default value for this field is 7. mn-fa-key-reply-subtype: 7 } # # End of File.
B Product Files This appendix lists the files installed for the HP-UX Mobile IPv4 product.
2TQFWEV (KNGU (KNGU Files The HP-UX Mobile IPv4 product installs the following files: Executables /usr/sbin/mipd /usr/sbin/miprod /usr/sbin/mipadmin /usr/sbin/mipconfig /usr/sbin/miproconfig (soft-link to /usr/sbin/mipconfig) Permissions 500 500 500 500 500 Owner root root root root root Group bin bin bin bin bin Startup and Shutdown Scripts /sbin/init.d/mipagd /sbin/rc2.d/S527mipd (soft-link to /sbin/init.d/mipagd) /sbin/rc1.d/K473mipd (soft-link to /sbin/init.
2TQFWEV (KNGU (KNGU Example Configuration Files Permissions /usr/examples/mipv4/AAA_FA_mipd.conf 600 /usr/examples/mipv4/Non-AAA_FA_mipd.conf 600 /usr/examples/mipv4/AAA_HA_mipd.conf 600 /usr/examples/mipv4/Non-AAA_HA_mipd.conf 600 /usr/examples/mipv4/miprod.conf 600 /usr/examples/mipv4/AAAKeyTypes.conf 600 Owner root root root root root root Group sys sys sys sys sys sys IETF Draft Documents Permissions /opt/mipv4/share/doc/draft-ietf-aaa-diameter-08.
2TQFWEV (KNGU (KNGU 226 Appendix B
Glossary AAA A framework to provide Authentication, Authorization and Accounting services throughout a network. Correspondent Node A peer with which a Mobile Node is communicating. A Correspondent Node may be either mobile or stationary. AAA Foreign Agent Server The AAA server for the Foreign Agent. AAA Home Agent Server The AAA server on which a Mobile Node is configured.
)NQUUCT[ OKRTQF miprod The HP-UX Mobile IPv4 daemon that provides Route Optimization services on a Correspondent Node. Route optimization The Correspondent Node forms a tunnel with the Mobile Node’s Care-of Address so that packets from the Correspondent Node to the Mobile Node bypass the Home Agent. MN See Mobile Node. Mobile Node A host that may change its network attachment point from one network or subnetwork to another.
Index Symbols ? mipadmin option syntax, 176, 185 mipconfig command syntax, 122 miproconfig command syntax, 152 deleting router addresses, 139 Agent Solicitation defined, 5 AMA (AA-Mobile Node Answer), 9 AMR (AA-Mobile Node Request), 9 ARP how used, 6 authentication failed due to unknown MN, A AAA defined, 8 dynamic key generation, 10 features, 8 Mobile Node Authentication, 8 port number configuring, 126 registration with Co-located Care-of Address, 10 registration with Foreign Agent Care-of Address, 8 req
Index No AAA distributed FA-HA security association, 103 unrecognized extension, 105 unrecognized subtype, 105 configuration mipadmin option syntax, 181 configure coa mipconfig syntax, 123 on Foreign Agent, 62 configure file syntax, 124, 153 configure global on Home Agent, 53 syntax, 125 configure ha on Correspondent Node, 77 syntax, 154 configure interface mipconfig command syntax, 127 miproconfig syntax, 156 miproconfig command syntax, 156 on Correspondent Node, 78 on Foreign Agent, 61 on Home Agent, 54 s
Index miproconfig session, 206 exit mipadmin option syntax, 184 mipconfig command syntax, 140 miproconfig command syntax, 160 exiting a command (mipconfig and miproconfig), 117 F FA See Foreign Agent FA COA See Foreign Agent Care-of Addresses failed to get link addr, 99 files product files with permission, owner and group, 224 FOR_AUTH_FAIL, 102 Foreign Agent configuring service, 127 configuring the Fully-Qualified Domain Name, 60 defined, 3 how to configure, 58–64 requirements and restrictions, 27 troubles
Index configuring, 131, 155 configuring on Correspondent Node, 77 configuring on Home Agent, 55 L line continuation character (mipconfig and miproconfig), 116 list all mipconfig command syntax, 162 syntax, 142 list global syntax, 143 list ha miproconfig command syntax, 163 list interface mipconfig command syntax, 144 miproconfig command syntax, 164 list node syntax, 145 log levels, 88 logevents mipadmin syntax, 186 loglevel mipadmin option syntax, 187 M MD5 configuring, 130 configuring on Correspondent Node
Index configure ha command, 154 configure interface command, 156 default parameter values, 116 default values, 116 delete ha command, 158 delete interface command, 159 deleting a parameter, 117 example session, 206 exit command, 160 exiting a command, 117 expert mode, 118 help command, 161 line continuation character, 116 list ha command, 163 list interface command, 164 novice mode, 117 online help, 115 overview command, 115, 165 quit command, 168 special characters, 116 syntax, 151 write command, 169 mipro
Index Registration Request defined, 5 hold time, 125 reverse tunneling defined, 6 direct delivery style, 7 encapsulating delivery style, 7 verifying, 94 RFC compliance, 23 roinfo mipadmin option syntax, 189 route optimization defined, 13 how to configure, 74–79 requirements, 28, 73 tunnel, 13 verifying, 93 router deleting, 139 router address configuring, 133 how to configure, 63 router netmask configuring, 133 router preference configuring, 133 syntax, 196 system requirements, 17 S security algorithm conf
Index 235