HP-UX Mobile IPv4 A.03.01 Administrator's Guide
OKREQPHKICPFOKRTQEQPHKI
OKRTQEQPHKI%QOOCPF4GHGTGPEG
Chapter 9
154
configure ha
Use the configure ha command to configure security information about Home Agents.
The security information must match the security information configured about the local
node on the Home Agent using the mipconfig configure node command.
Multi-Homed Home Agent
If the Home Agent is multi-homed (it has multiple IP addresses), you must configure
security information for each IP address on the Home Agent by repeating the configure
ha command for each address. Each instance of the command for the same Home Agent
must have the same security parameters (SPI, security algorithm and key).
Syntax
c[onfigure] h[a] [ip_addr] [-spi spi] [-algo algorithm]
[-key key | random]
Parameters
ip_addr IP address of the Home Agent.
Acceptable Values: IP address in dotted-decimal notation.
miproconfig Default: None. If you do not specify a value,
miprpconfig will operate in novice mode.
miprod Default: None.
spi Security Parameters Index (SPI) that identifies the Security
Association (SA) between the miprod daemon on the local system and
the mipd daemon on the Home Agent. This must match the SPI
configured on the Home Agent.
Acceptable Values: 256 - 2147483647 (integer).
miproconfig Default: None. You must specify a value.
miprod Default: None.
algorithm Security algorithm miprod uses to authenticate messages from the
Home Agent. This must match the algorithm configured on the Home
Agent.
Keyed MD5 is considered vulnerable to attack by the cryptographic
community. HP recommends that you use HMAC-MD5.
Acceptable Values: md5 or hmac-md5.
miproconfig Default: hmac-md5
miprod Default: None.
key 128-bit security key miprod uses to authenticate messages from the
Home Agent. Ideally, each entry should have a distinct key. This key
must match the key configured on the Home Agent.
Acceptable Values: 128 bits, entered as a series of 16, two-digit
hexadecimal values, separated by spaces. Alternatively, you can specify
random and miproconfig will generate a key for you and display it on
stdout.