IP Mobility: Mobile Networks Configuration Guide, Cisco IOS Release 15M&T
Cisco Mobile Networks
Downloads: This chapterpdf (PDF - 1.49MB) The complete bookPDF (PDF - 4.5MB) | The complete bookePub (ePub - 826.0KB) | Feedback

Cisco Mobile Networks

Contents

Cisco Mobile Networks

Feature History

Release

Modification

12.2(4)T

This feature was introduced.

12.2(4)T3

Support for this feature was introduced for the Cisco 7500 series.

12.2(13)T

Support for dynamic networks was introduced.

This feature module describes the Cisco Mobile Networks feature. It includes the following sections:

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Feature Overview

The Cisco Mobile Networks feature enables a mobile router and its subnets to be mobile and maintain all IP connectivity, transparent to the IP hosts connecting through this mobile router.

Mobile IP, as defined in standard RFC 3344, provides the architecture that enables the mobile router to connect back to its home network. Mobile IP allows a device to roam while appearing to a user to be at its home network. Such a device is called a mobile node. A mobile node is a node--for example, a personal digital assistant, a laptop computer, or a data-ready cellular phone--that can change its point of attachment from one network or subnet to another. This mobile node can travel from link to link and maintain ongoing communications while using the same IP address. There is no need for any changes to applications because the solution is at the network layer, which provides the transparent network mobility.

The Cisco Mobile Networks feature comprises three components--the mobile router (MR), home agent (HA), and foreign agent (FA). The figure below shows the three components and their relationships within the mobile network.

Figure 1. Cisco Mobile Network Components and Relationships

The mobile router functions similarly to the mobile node with one key difference--the mobile router allows entire networks to roam. For example, an airplane with a mobile router can fly around the world while passengers stay connected to the Internet. This communication is accomplished by Mobile IP aware routers tunneling packets, which are destined to hosts on the mobile networks, to the location where the mobile router is visiting. The mobile router then forwards the packets to the destination device.

These destination devices can be mobile nodes running mobile IP client software or nodes without the software. The mobile router eliminates the need for a mobile IP client. In fact, the nodes on the mobile network are not aware of any IP mobility at all. The mobile router "hides" the IP roaming from the local IP nodes so that the local nodes appear to be directly attached to the home network. See the Mobile Router section later in this document for more details on how the mobile router operates.

A home agent is a router on the home network of the mobile router that provides the anchoring point for the mobile networks. The home agent maintains an association between the home IP address of the mobile router and its care-of address , which is the current location of the mobile router on a foreign or visited network. The home agent is responsible for keeping track of where the mobile router roams and tunneling packets to the current location of the mobile network. The home agent also injects the mobile networks into its forwarding table. See the Home Agent section later in this document for more details on how the home agent operates.

A foreign agent is a router on a foreign network that assists the mobile router in informing its home agent of its current care-of address. It functions as the point of attachment to the mobile router, delivering packets from the home agent to the mobile router. The foreign agent is a fixed router with a direct logical connection to the mobile router. The mobile router and foreign agent need not be connected directly by a physical wireless link. For example, if the mobile router is roaming, the connection between the foreign agent and mobile router occurs on interfaces that are not on the same subnet. This feature does not add any new functionality to the foreign agent component.

Previously, this feature was a static network implementation that supported stub routers only. Cisco IOS Release 12.2(13)T introduces dynamic network support, which means that the mobile router dynamically registers its mobile networks to the home agent, which reduces the amount of configuration required at the home agent. For example, if a home agent supports 2000 mobile routers, the home agent does not need 2000 configurations but only a range of home IP addresses to use for the mobile routers.

This feature implements additional features in the Mobile IP MIB (RFC2006-MIB) to support Cisco Mobile Networks. Prior to this release, mobile node groups in the RFC2006-MIB were not supported.

Cisco IOS Release 12.2(4)T implements mobile node MIB groups from the RFC2006-MIB for the monitoring and management of Cisco Mobile Network activity. Data from managed objects is returned through the use of the show commands described in this document, or can be retrieved from a Network Management System using SNMP.

Primary Components of Cisco Mobile Networks

The Cisco Mobile Networks feature introduces the mobile router and adds new functionality to the home agent component as described in the following sections:

The figure below shows how packets are routed within the mobile network. The following sections provide more detail on how this routing is accomplished.

Figure 2. Routing Within the Cisco Mobile Network

Mobile Router

Deployed on a mobile platform (such as a car, plane, train, or emergency medical services vehicle), the mobile router functions as a roaming router that provides connectivity for its mobile network. A device connected to the mobile router need not be a mobile node because the mobile router is providing the roaming capabilities.

The mobile router process has three main phases described in the following sections:

Agent Discovery

During the agent discovery phase, home agents and foreign agents advertise their presence on their attached links by periodically multicasting or broadcasting messages called agent advertisements . Agent advertisements are ICMP Router Discovery Protocol (IRDP) messages that convey Mobile IP information. The advertisement contains the IRDP lifetime, which is the number of seconds the agent is considered valid. The advertisement also contains the care-of address, the point of attachment on the foreign network, as well as registration lifetime allowed and supported services such as generic routing encapsulation (GRE), and reverse tunnel.

Agent discovery occurs through periodic advertisements by agents or solicitations by the mobile router.

For periodic advertisements, the mobile router knows that the agent is up as long as it hears the advertisements from the agent. When the mobile router hears the agent advertisements, it keeps track of the agent in an agent table. When the IRDP lifetime expires, the agent is considered disconnected (for example, interface down, out of range, or agent down) and the mobile router removes the agent from its agent table.

Rather than wait for agent advertisements, a mobile router can send an agent solicitation. This solicitation forces any agents on the link to immediately send an agent advertisement.

The mobile router receives these advertisements on its interfaces that are configured for roaming and determines if it is connected to its home network or a foreign network. When the mobile router hears an agent advertisement and detects that it has moved outside of its home network, it begins registration, which is the second phase of the process.

Registration

The mobile router is configured with its home address, the IP address or addresses of its home agents, and the mobility security association of its home agent. There is a shared key between the mobile router and the home agent for authentication, as discussed in the Security for Mobile Networks section later in this document. The mobile router uses this information along with the information that it learns from the foreign agent advertisements to form a registration request.

The mobile router prefers to register with a particular agent based on the received interface. If more than one interface receives agent advertisements, the one with the highest roaming priority value is preferred. In the case that multiple interfaces have the same priority, the highest bandwidth is preferred. If interfaces have the same bandwidth, the highest interface IP address is preferred.

After determining this preferred path, the mobile router informs the home agent of its current care-of address by sending a registration request. Because the mobile router is attached to a foreign network, the registration request is sent first to the foreign agent.

When the mobile router powers down or determines that it is reconnected to its home link, it deregisters by sending a deregistration request to the home agent.

A successful registration sets up the routing mechanism for transporting packets to and from the mobile networks as the mobile router roams, which is the third phase of the process.

Routing

During the routing or tunneling phase, packets arrive at the home agent. The home agent performs two encapsulations of the packets and tunnels them to the foreign agent. The foreign agent performs one decapsulation and forwards the packets to the mobile router, which performs another decapsulation. The mobile router then forwards the original packets to the IP devices on the mobile networks.

By default, packets from devices on the mobile network arrive at the mobile router, which forwards them to the foreign agent, which routes them normally.

The mobile networks can be statically configured or dynamically registered on the home agent. As the mobile router moves from one foreign agent to another, the mobile router continuously reconfigures the default gateway definition to point to its new path. Although the mobile router can register through different foreign agents, the most recently contacted foreign agent provides the active connection.

A reverse tunnel is when the mobile router tunnels packets to the foreign agent and home agent. In this case, packets from devices arrive at the mobile router, which encapsulates them and then sends them to the foreign agent, which encapsulates the packets and forwards them to the home agent. The home agent decapsulates both encapsulations and routes the original packets.

Home Agent

The home agent provides the anchoring point for the mobile networks. The home agent process has two main phases described in the following sections:

Registration

After receiving the registration request originated from the mobile router, the home agent checks the validity of the registration request, which includes authentication of the mobile router. If the registration request is valid, the home agent sends a registration reply to the mobile router through the foreign agent.

The home agent also creates a mobility binding table that maps the home IP address of the mobile router to the current care-of address of the mobile router. An entry in this table is called a mobility binding . The main purpose of registration is to create, modify, or delete the mobility binding of a mobile router (or mobile node) at its home agent.

The home agent processes registration requests from the mobile router in the same way that it does with the mobile node. The only difference is that an additional tunnel is created to the mobile router. Thus, packets destined to the mobile networks are encapsulated twice, as discussed in the Routing section that follows. The home agent injects the mobile networks, which are statically defined or dynamically registered, into its forwarding table. This allows routing protocols configured on the home agent to redistribute these mobile routes.

Routing

The home agent advertises reachability to the mobile networks on the mobile router, thereby attracting packets that are destined for them. When a device on the Internet, called a correspondent node, sends a packet to the node on the mobile network, the packet is routed to the home agent. The home agent creates tunnels in the following two areas:

  • Between the home agent and foreign agent care-of address
  • Between the home agent and mobile router

The home agent encapsulates the original packet from the correspondent node twice. The packet arrives at the foreign agent, which decapsulates the HA and FA care-of address tunnel header and forwards the packet to the mobile router, which performs another decapsulation (HA and MR tunnel header) to deliver the packet to the destination node on the mobile network. To the rest of the network, the destination node appears to be located at the home agent; however, it exists physically on the mobile network of the mobile router. See the figure above for a graphical representation of how these packets are routed.

Security for Mobile Networks

The home agent of the mobile router is configured with the home IP address of the mobile router and the mobile networks of the mobile router. The message digest algorithm 5 (MD5) hex key is a 128-bit key also defined here. MD5 is an algorithm that takes the registration message and a key to compute the smaller chunk of data called a message digest . The mobile router and home agent both have a copy of the key, called a symmetric key , and authenticate each other by comparing the results of the computation. If both keys yield the same result, nothing in the packet has changed during transit.

Mobile IP also supports the hash-based message authentication code (HMAC-MD5), which is the default authentication algorithm as of Cisco IOS Release 12.2(13)T.

Replay protection uses the identification field in the registration messages as a timestamp and sequence number. The home agent returns its time stamp to synchronize the mobile router for registration.

Cisco IOS software allows the mobility keys to be stored on an authentication, authorization, and accounting (AAA) server that can be accessed using TACACS+ or RADIUS protocols. Mobile IP in Cisco IOS software also contains registration filters, enabling companies to restrict who is allowed to register.

For more information on security in a Mobile IP environment, refer to the "Configuring Mobile IP" chapter of the Cisco IOS IP Configuration Guide , Release 12.2.

Cisco Mobile Networks Redundancy

The Cisco Mobile Networks feature uses the Hot Standby Router Protocol (HSRP) to provide a full redundancy capability for the mobile router.

HSRP is a protocol developed by Cisco that provides network redundancy in a way that ensures that user traffic will immediately and transparently recover from failures. An HSRP group comprises two or more routers that share an IP address and a MAC (Layer 2) address and act as a single virtual router. For example, your Mobile IP topology can include one or more standby home agents that the rest of the topology views as a single virtual home agent.

You must define certain HSRP group attributes on the interfaces of the mobile routers so that Mobile IP can implement the redundancy. The mobile routers are aware of the HSRP states and assume the active or standby role as needed. For more information on mobile router redundancy, see the Enabling Mobile Router Redundancy task later in this document. For more information on home agent redundancy, which is a Cisco proprietary feature that runs on top of HSRP, refer to the "Configuring Mobile IP" chapter of the Cisco IOS IP Configuration Guide , Release 12.2.

HSRP need not be configured on the foreign agent. Foreign agent redundancy is achieved by overlapping wireless coverage.

Benefits

Mobility Solution at the Network Layer

With the mobile router deployed in a moving vehicle, repeated reconfiguration of the various devices attached to that router as the vehicle travels is no longer necessary. Because the mobile router operates at the network layer and is independent of the physical layer, it operates transparently over cellular, satellite, and other wireless or fixed media.

Always-On Connection to the Internet

This feature supports an always-on connection to the Internet, providing access to current and changing information. For example, aircraft pilots can access the latest weather updates while flying and EMS vehicles can be in communication with emergency room technicians while on the way to the hospital.

Versatile

Any IP-enabled device can be connected to the mobile router LAN ports and achieve mobility. Applications that are not specifically designed for mobility can be accessed and deployed.

Dynamic Mobile Networks

The dynamic network enables dynamic registration of mobile networks, which results in minimal configuration on the home agent making administration and set up easier. When configured for dynamic registration, the mobile router tells the home agent which networks are configured in each registration request. The home agent dynamically adds these networks to the forwarding table and there is no need to statically define the networks on the home agent.

Preferred Path

By using the preferred path, a network designer can specify the primary link, based upon bandwidth or priority, to reduce costs or to use a specific carrier.

Standards-Based Solution

Mobile IP complies with official protocol standards of the Internet.

Mobile IP MIB Support

Support for mobile node MIB groups in the Mobile IP MIB allows the monitoring of Mobile Network activity using the Cisco IOS command line interface or SNMP. For further details, refer to the RFC2006-MIB.my file, available through Cisco.com at ftp://ftp.cisco.com/pub/mibs/v2/, and RFC 2006, The Definitions of Managed Objects for IP Mobility Support using SMIv2 .

Related Features and Technologies

Mobile IP is documented in the Cisco IOS IP Configuration Guide. Mobile IP configuration commands are documented in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services .

Related Documents

  • Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services , Release 12.2
  • Cisco IOS IP Configuration Guide, Release 12.2
  • Cisco Mobile Networks--Asymmetric Link Support , Release 12.2(13)T

Supported Platforms

  • Cisco 2500 series
  • Cisco 2600 series
  • Cisco 3620 router
  • Cisco 3640 router
  • Cisco 3660 router
  • Cisco 7200 series
  • Cisco 7500 series (Cisco IOS Release 12.2(4)T2 and later releases)

Supported Standards MIBs and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

  • RFC2006-MIB
  • CISCO-MOBILE-IP-MIB

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http:/​/​tools.cisco.com/​ITDIT/​MIBS/​servlet/​inde x

If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:

http:/​/​www.cisco.com/​public/​sw-center/​netmgmt/​cmtk/​mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http:/​/​www.cisco.com/​register

RFCs

  • RFC 2003, IP Encapsulation within IP
  • RFC 2005, Applicability Statement for IP Mobility Support
  • RFC 2006, The Definitions of Managed Objects for IP Mobility Support
  • RFC 3024, Reverse Tunneling for Mobile IP, revised
  • RFC 3344, IP Mobility Support for IPv4

Prerequisites

To configure home agent functionality on your router, you need to determine IP addresses or subnets for which you want to allow roaming service. If you intend to support roaming on virtual networks, you need to identify the subnets for which you will allow this service and place these virtual networks appropriately on the home agent. It is possible to enable home agent functionality for a physical or virtual subnet. In the case of virtual subnets, you must define the virtual networks on the router using the ip mobile virtual-network global configuration command.

Configuration Tasks

Enabling Home Agent Services

You can configure a home agent with both dynamically registered and statically configured mobile networks. However, a statically configured mobile network will always take precedence over dynamic registrations of the same network.

To enable home agent services on the router, use the following commands beginning in global configuration mode:

SUMMARY STEPS

    1.    Router(config)# router mobile

    2.    Router(config-router)# exit

    3.    Router(config)# ip mobile home-agent[address ip-address][broadcast] [care-of-access acl] [lifetime number] [replay seconds] [reverse-tunnel-off] [roam-access acl] [suppress-unreachable]

    4.    Router(config)# ip mobile virtual-network net mask[address address]

    5.    Router(config-router)# router protocol

    6.    Router(config)# redistribute mobile[metric metric-value] [metric-type type-value]

    7.    Router(config-router)# exit

    8.    Router(config)# ip mobile host lower [upper] {interface name| virtual-network net mask} [lifetime number]

    9.    Router(config)# ip mobile mobile-networks lower [upper]

    10.    Router(mobile-networks)# description string

    11.    Router(mobile-networks)# network net mask

    12.    Router(mobile-networks)# register

    13.    Router(mobile-networks)# exit

    14.    Router(config)# ip mobile secure host address {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string


DETAILED STEPS
     Command or ActionPurpose
    Step 1 Router(config)# router mobile 

    Enables Mobile IP on the router.

     
    Step 2 Router(config-router)# exit 

    Returns to global configuration mode.

     
    Step 3 Router(config)# ip mobile home-agent[address ip-address][broadcast] [care-of-access acl] [lifetime number] [replay seconds] [reverse-tunnel-off] [roam-access acl] [suppress-unreachable]

    Example:
    
    
            
     

    Enables home agent service.

     
    Step 4 Router(config)# ip mobile virtual-network net mask[address address] 

    Defines a virtual network. Specifies that the home network is a virtual network, which means that the mobile router is not physically attached to the home agent. Adds the network to the home agent’s forwarding table so that routing protocols can redistribute the subnet.

    If not using virtual networks, go to step 8.

     
    Step 5 Router(config-router)# router protocol 

    Configures a routing protocol.

     
    Step 6 Router(config)# redistribute mobile[metric metric-value] [metric-type type-value] 

    Enables redistribution of a virtual network into routing protocols.

     
    Step 7 Router(config-router)# exit 

    Returns to global configuration mode.

     
    Step 8 Router(config)# ip mobile host lower [upper] {interface name| virtual-network net mask} [lifetime number] 

    Configures the mobile router as a mobile host. The IP address is in the home network.

    The interface name option configures a physical connection from the home agent to the mobile router.

     
    Step 9 Router(config)# ip mobile mobile-networks lower [upper]  

    Configures mobile networks for the mobile host and enters mobile networks configuration mode. The upper range can be used only with dynamically registered networks and allows you to configure multiple mobile routers at once.

    The range must match the range configured in the ip mobile host command.

     
    Step 10 Router(mobile-networks)# description string 

    (Optional) Adds a description to a mobile router configuration.

     
    Step 11 Router(mobile-networks)# network net mask 

    (Optional) Configures a network that is attached to the mobile router as a mobile network. Use this command to statically configure networks.

     
    Step 12 Router(mobile-networks)# register 

    (Optional) Dynamically registers the mobile networks with the home agent. The home agent learns about the mobile networks through this registration process. When the mobile router registers its mobile networks on the home agent, the home agent looks up the mobile network configuration and verifies that the register command is configured before adding forwarding entries to the mobile networks.

    If the register command is not configured, the home agent will reject an attempt by the mobile router to dynamically register its mobile networks.

     
    Step 13 Router(mobile-networks)# exit 

    Exits mobile networks configuration mode.

     
    Step 14 Router(config)# ip mobile secure host address {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string 

    Sets up mobile host security associations. This is the security association the mobile router uses when sending in a registration request. The SPI and key between the home agent and mobile router are known. The address is the home IP address of the mobile router.

     

    Enabling Foreign Agent Services

    There are no changes to the foreign agent configuration with the introduction of dynamic network support.

    To start a foreign agent providing default services, use the following commands beginning in global configuration mode:

    SUMMARY STEPS

      1.    Router(config)# router mobile

      2.    Router(config-router)# exit

      3.    Router(config)# ip mobile foreign-agent care-of interface

      4.    Router(config)# interface type number

      5.    Router(config-if)# ip address ip-address mask

      6.    Router(config-if)# ip irdp

      7.    Router(config-if)# ip irdp maxadvertinterval seconds

      8.    Router(config-if)# ip irdp minadvertinterval seconds

      9.    Router(config-if)# ip irdp holdtime seconds

      10.    Router(config-if)# ip mobile foreign-service


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 Router(config)# router mobile 

      Enables Mobile IP on the router.

       
      Step 2 Router(config-router)# exit 

      Returns to global configuration mode.

       
      Step 3 Router(config)# ip mobile foreign-agent care-of interface 

      Enables foreign agent services when at least one care-of address is configured. This is the foreign network termination point of the tunnel between the foreign agent and home agent. The care-of address is the IP address of the interface. The interface, whether physical or loopback, need not be the same as the visited interface.

       
      Step 4 Router(config)# interface type number 

      Configures an interface and enters interface configuration mode.

       
      Step 5 Router(config-if)# ip address ip-address mask 

      Sets a primary IP address of the interface.

       
      Step 6 Router(config-if)# ip irdp 

      Enables IRDP processing on an interface.

       
      Step 7 Router(config-if)# ip irdp maxadvertinterval seconds 

      (Optional) Specifies maximum interval in seconds between advertisements.

       
      Step 8 Router(config-if)# ip irdp minadvertinterval seconds 

      (Optional) Specifies minimum interval in seconds between advertisements.

       
      Step 9 Router(config-if)# ip irdp holdtime seconds

      Example:
      
      
              
       

      (Optional) Length of time in seconds that advertisements are held valid. Default is three times the maxadvertintervalperiod.

       
      Step 10 Router(config-if)# ip mobile foreign-service 

      Enables foreign agent service on an interface. This will also append Mobile IP information such as care-of address, lifetime, and service flags to the advertisement.

       

      Enabling Mobile Router Services

      To enable mobile router services, use the following commands beginning in global configuration mode:

      SUMMARY STEPS

        1.    Router(config)# router mobile

        2.    Router(config-router)# exit

        3.    Router(config)# ip mobile router

        4.    Router(mobile-router)# address address mask

        5.    Router(mobile-router)# home-agent ip-address

        6.    Router(mobile-router)# mobile-network interface

        7.    Router(mobile-router)# register {extend expire seconds retry number interval seconds| lifetime seconds | retransmit initial milliseconds maximum milliseconds retry number}

        8.    Router(mobile-router)# reverse-tunnel

        9.    Router(mobile-router)# exit

        10.    Router(config)# ip mobile secure home-agent address {inbound-spi spi-in outbound-spi spi-out| spi spi} key hex string

        11.    Router(config)# interface type number

        12.    Router(config-if)# ip address ip-address mask

        13.    Router(config-if)# ip mobile router-service {hold-down seconds | roam [priority value] | solicit [interval seconds] [retransmit initial min maximum seconds retry number]}


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 Router(config)# router mobile 

        Enables Mobile IP on the router.

         
        Step 2 Router(config-router)# exit 

        Returns to global configuration mode.

         
        Step 3 Router(config)# ip mobile router 

        Enables the mobile router and enters mobile router configuration mode.

         
        Step 4 Router(mobile-router)# address address mask 

        Sets the home IP address and network mask of the mobile router.

         
        Step 5 Router(mobile-router)# home-agent ip-address 

        Specifies the home agent that the mobile router uses during registration.

         
        Step 6 Router(mobile-router)# mobile-network interface 

        (Optional) Specifies the mobile router interface that is connected to the dynamic mobile network. There can be more than one mobile network configured on a mobile router. The mobile router’s registrations will contain these mobile networks.

         
        Step 7 Router(mobile-router)# register {extend expire seconds retry number interval seconds| lifetime seconds | retransmit initial milliseconds maximum milliseconds retry number} 

        (Optional) Controls the registration parameters of the mobile router.

         
        Step 8 Router(mobile-router)# reverse-tunnel 

        (Optional) Enables the reverse tunnel function.

         
        Step 9 Router(mobile-router)# exit 

        Exits mobile router configuration mode.

         
        Step 10 Router(config)# ip mobile secure home-agent address {inbound-spi spi-in outbound-spi spi-out| spi spi} key hex string 

        Sets up home agent security associations. The SPI and key between the mobile router and home agent are known. The address is the home IP address of the home agent.

         
        Step 11 Router(config)# interface type number 

        Configures an interface and enters interface configuration mode.

         
        Step 12 Router(config-if)# ip address ip-address mask 

        Sets a primary IP address of the interface.

         
        Step 13 Router(config-if)# ip mobile router-service {hold-down seconds | roam [priority value] | solicit [interval seconds] [retransmit initial min maximum seconds retry number]} 

        Enables mobile router service, such as roaming, on an interface.

         

        Enabling Mobile Router Redundancy

        To enable mobile router redundancy, use the following commands beginning in interface configuration mode. You need not configure HSRP on both the mobile router’s roaming interface and the interface attached to the physical mobile networks. If one of the interfaces is configured with HSRP, and the standby track command is configured on the other interface, the redundancy mechanism will work. See the Cisco Mobile Network Redundancy Example section for a configuration example.

        SUMMARY STEPS

          1.    Router(config-if)# standby[group-number] ip[ip-address[secondary]]

          2.    Router(config-if)# standby priority priority

          3.    Router(config-if)# standby preempt

          4.    Router(config-if)# standby name group-name

          5.    Router(config-if)# standby[group-number] track interface-type interface-number[interface-priority]

          6.    Router(config-if)# exit

          7.    Router(config)# ip mobile router

          8.    Router(mobile-router)# redundancy group name


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 Router(config-if)# standby[group-number] ip[ip-address[secondary]] 

          Enables the HSRP.

           
          Step 2 Router(config-if)# standby priority priority 

          Sets the Hot Standby priority used in choosing the active router.

           
          Step 3 Router(config-if)# standby preempt 

          Configures the router to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router.

           
          Step 4 Router(config-if)# standby name group-name 

          Configures the name of the standby group.

           
          Step 5 Router(config-if)# standby[group-number] track interface-type interface-number[interface-priority] 

          Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces. The interface-priority argument specifies the amount by which the Hot Standby priority for the router is decremented (or incremented) when the interface goes down (or comes back up). The default value is 10.

           
          Step 6 Router(config-if)# exit 

          Exits interface configuration mode.

           
          Step 7 Router(config)# ip mobile router 

          Enables the mobile router.

           
          Step 8 Router(mobile-router)# redundancy group name 

          Configures fault tolerance for the mobile router. The name argument must match the name specified in the standby name group-name command.

           

          Verifying Home Agent Configuration

          To verify the home agent configuration, use the following commands in privileged EXEC mode, as needed:

          Command

          Purpose

          Router# show ip mobile mobile-networks [address]

          Displays a list of mobile networks associated with the mobile router.

          Router# show ip mobile host [address]

          Displays mobile node information.

          Router# show ip mobile secure host [address]

          Displays the mobility security associations for the mobile host.

          Verifying Foreign Agent Configuration

          To verify the foreign agent configuration, use the following commands in privileged EXEC mode, as needed:

          Command

          Purpose

          Router# show ip mobile global

          Displays global information for mobile agents.

          Router# show ip mobile interface 

          Displays advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes.

          Verifying Mobile Router Configuration

          To verify the mobile router configuration, use the following commands in privileged EXEC mode as needed:

          Command

          Purpose

          Router# show ip mobile router

          Displays configuration information and monitoring statistics about the mobile router.

          Router# show ip mobile router traffic

          Displays the counters that the mobile router maintains.

          Verifying Mobile Router Redundancy

          To verify that mobile router redundancy is configured correctly on the router, use the following commands in privileged EXEC mode, as needed:

          Command

          Purpose

          Router# show ip mobile router

          Displays configuration information and monitoring statistics about the mobile router.

          Router# show ip mobile router traffic

          Displays the counters that the mobile router maintains.

          Router# show standby

          Displays HSRP information.

          Troubleshooting Tips

          • Adjust the agent advertisement interval value on the foreign agent using the ip irdp maxadvertinterval seconds interface configuration command. Begin by setting the timer to 10 seconds and adjust as needed.
          • Before you can ping a subnet on the mobile router, the mobile router must be registered with the home agent and the mobile network (subnet) must be statically configured or dynamically registered on the home agent.
          • Use extended pings for roaming interfaces. The pings from the mobile router need to have the home address of the mobile router as the source address in the extended ping. Standard pings will have the source address of the roaming interface as the source address, which is not routeable from the standpoint of the rest of the network unless the roaming interfaces are statically configured on the home agent.
          • Redistribute mobile subnets on the home agent so that return traffic can be sent back to the mobile router. Most routing protocols require that default metrics be configured for redistribution.
          • Establish a return route from the foreign agent to the home agent.
          • Avoid placing any routers behind the mobile router because the mobile router functions as a stub router.
          • A statically configured mobile network takes precedence over the same dynamically registered mobile network.
          • A mobile network can be configured or registered by only one mobile router at a time.

          Monitoring and Maintaining the Mobile Router

          To monitor and maintain the mobile router, use the following commands in privileged EXEC mode, as needed:

          Command

          Purpose

          Router# clear ip mobile router agent

          Deletes learned agents and the corresponding care-of address of the foreign agent from the mobile router agent table.

          Router# clear ip mobile router registration

          Deletes registration entries from the mobile router registration table.

          Router# clear ip mobile router traffic

          Clears the counters that the mobile router maintains.

          Router# show ip mobile router

          Displays configuration information and monitoring statistics about the mobile router.

          Router# show ip mobile router agent

          Displays information about the agents for the mobile router.

          Router# show ip mobile router interface

          Displays information about the interface that the mobile router is using for roaming.

          Router# show ip mobile router registration

          Displays the pending and accepted registrations of the mobile router.

          Router# show ip mobile router traffic

          Displays counters that the mobile router maintains.

          Router# debug ip mobile router [detail]

          Displays debug messages for the mobile router.

          Configuration Examples

          In the following examples, a home agent provides service for three mobile routers. Each mobile router has a satellite link and wireless LAN link when roaming. Each is allocated a network that can be partitioned further.

          The mobile networks on the mobile routers are both statically configured and dynamically registered on the home agent while the mobile routers roam via foreign agents.

          See the figure below for an example topology.

          Figure 3. Topology Showing Home Agent Supporting Three Mobile Routers

          Home Agent Example

          In the following example, a home agent provides service for three mobile routers. Note that the home agent will advertise reachability to the virtual networks.

          interface Loopback 0
           ip address 1.1.1.1 255.255.255.255
          router mobile
          !
          ! Virtual network advertised by HA is the home network of the MR
          ip mobile virtual-network 10.1.0.0 255.255.0.0
          ip mobile host 10.1.0.1 virtual-network 10.1.0.0 255.255.0.0
          ip mobile host 10.1.0.2 virtual-network 10.1.0.0 255.255.0.0
          ip mobile host 10.1.0.3 10.1.0.10 virtual-network 10.1.0.0 255.255.0.0 aaa load-sa
          !
          ! Associated host address that informs HA that 10.1.0.1 is actually an MR
          ip mobile mobile-networks 10.1.0.1 
          ! Static config of MR's mobile networks
           description jet
           network 172.6.1.0 255.255.255.0
           network 172.6.2.0 255.255.255.0
          !
          ! Associated host address that informs HA that 10.1.0.2 is actually an MR
          ip mobile mobile-networks 10.1.0.2
          ! One static mobile network; MR may also dynamically register mobile nets 
           description ship
           network 172.7.1.0 255.255.255.0
           register
          !
          ! Range of hosts that are MRs
          ip mobile mobile-networks 10.1.0.3 10.1.0.10
          ! All can dynamically register their mobile networks
           register
          !
          ip mobile secure host 10.1.0.1 spi 101 key hex 12345678123456781234567812345678
          ip mobile secure host 10.1.0.2 spi 102 key hex 23456781234567812345678123456781

          Foreign Agent Example

          In the following example, the foreign agent is providing service on serial interface 0:

          router mobile
          ip mobile foreign-agent care-of serial0
          !
          interface serial0
           ip irdp
           ip irdp maxadvertinterval 4
           ip irdp minadvertinterval 3
           ip irdp holdtime 12
           ip mobile foreign-service

          Mobile Router Example

          In the following example, three mobile routers provide services for the mobile networks:

          Mobile Router 1

          interface loopback0
          ! MR home address
           ip address 10.1.0.1 255.255.255.255
          !
          interface serial 0
          ! MR roaming interface 
           ip address 172.21.58.253 255.255.255.252
           ip mobile router-service roam
          interface ethernet 0
          ! MR roaming interface
           ip address 172.21.58.249 255.255.255.252
           ip mobile router-service roam
          interface ethernet 1
           ip address 172.6.1.1 255.255.255.0
          interface ethernet 2
           ip address 172.6.2.1 255.255.255.0 
          !
          !
          router mobile
          ip mobile router
           address 10.1.0.1 255.255.0.0
           home-agent 1.1.1.1
          ip mobile secure home-agent 1.1.1.1 spi 101 key hex 12345678123456781234567812345678

          Mobile Router 2

          interface loopback0
          ! MR home address
           ip address 10.1.0.2 255.255.255.255
          !
          interface serial 0
          ! MR roaming interface 
           ip address 172.21.58.245 255.255.255.252
           ip mobile router-service roam 
          interface ethernet 0
          ! MR roaming interface
           ip address 172.21.58.241 255.255.255.252
           ip mobile router-service roam
          interface ethernet 1
           ip address 172.7.1.1 255.255.255.0
          interface ethernet 2
           ip address 172.7.2.1 255.255.255.0
          !
          !
          router mobile
          ip mobile router 
           address 10.1.0.2 255.255.0.0
           home-agent 1.1.1.1
           mobile-network ethernet 2
          ip mobile secure home-agent 1.1.1.1 spi 102 key hex 23456781234567812345678123456781

          Mobile Router 3

          interface loopback0
          ! MR home address
           ip address 10.1.0.3 255.255.255.255
          !
          interface serial 0
          ! MR roaming interface 
           ip address 172.21.58.237 255.255.255.252
           ip mobile router-service roam 
          interface ethernet 0
          ! MR roaming interface
           ip address 172.21.58.233 255.255.255.252
           ip mobile router-service roam
          interface ethernet 1
           ip address 172.8.1.1 255.255.255.0
          interface ethernet 2
           ip address 172.8.2.1 255.255.255.0
          !
          !
          router mobile
          ip mobile router 
           address 10.1.0.3 255.255.0.0
           home-agent 1.1.1.1
           mobile-network ethernet 1
           mobile-network ethernet 2
          ip mobile secure home-agent 1.1.1.1 spi 103 key hex 45678234567812312345678123456781
          !

          Cisco Mobile Network Redundancy Example

          There can be three levels of redundancy for the Cisco Mobile Network: home agent redundancy, foreign agent redundancy, and mobile router redundancy.

          In the home agent example, two home agents provide redundancy for the home agent component. If one home agent fails, the standby home agent immediately becomes active so that no packets are lost. HSRP is configured on the home agents, along with HSRP attributes such as the HSRP group name. Thus, the rest of the topology treats the home agents as a single virtual home agent and any fail-over is transparent.

          The mobile networks also are defined on the home agent so that the home agent knows to inject these networks into the routing table when the mobile router is registered.

          In the foreign agent example, two routers provide foreign agent services. No specific redundancy feature needs to be configured on foreign agents; overlapping wireless coverage provides the redundancy.

          The mobile routers use HSRP to provide redundancy, and their group name is associated to the HSRP group name. The mobile routers are aware of the HSRP states. When HSRP is in the active state, the mobile router is active. If HSRP is in the nonactive state, the mobile router is passive. When an active mobile router fails, the standby mobile router becomes active and sends out solicitations out its roaming interfaces to learn about foreign agents and register.

          See the figure below for an example topology of a redundant network where two mobile routers are connected to each other on a LAN with HSRP enabled.

          Figure 4. Topology Showing Cisco Mobile Networks Redundancy

          Home Agent 1 (HA1) Configuration

          interface Ethernet1/1 
           ip address 100.100.100.3 255.255.255.0 
           ip irdp 
           ip irdp maxadvertinterval 10 
           ip irdp minadvertinterval 7 
           ip irdp holdtime 30 
           duplex half 
           standby ip 100.100.100.1 
           standby priority 100 
           standby preempt delay sync 60
          !HSRP group name
           standby name HA_HSRP2 
          ! 
          router mobile 
          ! 
          router rip 
           version 2 
           redistribute mobile 
           network 100.0.0.0 
           default-metric 1 
          ! 
          ip classless 
          ip mobile home-agent 
          ! Maps to HSRP group name 
          ip mobile home-agent redundancy HA_HSRP2 virtual-network address 100.100.100.1
          ip mobile virtual-network 70.70.70.0 255.255.255.0 
          ip mobile host 70.70.70.70 virtual-network 70.70.70.0 255.255.255.0
          ip mobile mobile-networks 70.70.70.70
           description san jose jet
          ! Mobile Networks
           network 20.20.20.0 255.255.255.0
           network 10.10.10.0 255.255.255.0
          ip mobile secure host 70.70.70.70 spi 100 key hex 12345678123456781234567812345678 
          ip mobile secure home-agent 100.100.100.2 spi 300 key hex 12345678123496781234567812345678

          Home Agent 2 (HA2) Configuration

          interface Ethernet1/1 
           ip address 100.100.100.2 255.255.255.0 
           ip irdp 
           ip irdp maxadvertinterval 10 
           ip irdp minadvertinterval 7 
           ip irdp holdtime 30 
           standby ip 100.100.100.1 
           standby priority 95 
           standby preempt delay sync 60 
          ! HSRP group name
           standby name HA_HSRP2 
          ! 
          router mobile 
          ! 
          router rip 
           version 2 
           redistribute mobile 
           network 100.0.0.0 
           default-metric 1 
          ! 
          ip classless 
          ip mobile home-agent 
          !Maps to HSRP group name
          ip mobile home-agent redundancy HA_HSRP2 virtual-network address 100.100.100.1
          ip mobile virtual-network 70.70.70.0 255.255.255.0 
          ip mobile host 70.70.70.70 virtual-network 70.70.70.0 255.255.255.0 
          ip mobile mobile-networks 70.70.70.70 
           description san jose jet
          !Mobile Networks
           network 20.20.20.0 255.255.255.0
           network 10.10.10.0 255.255.255.0
          ip mobile secure host 70.70.70.70 spi 100 key hex 12345678123456781234567812345678 
          ip mobile secure home-agent 100.100.100.1 spi 300 key hex 12345978123456781234567812345678

          Foreign Agent 1 (FA1) Configuration

          interface Ethernet0 
           ip address 171.69.68.2 255.255.255.0
           media-type 10BaseT 
          ! 
          interface Ethernet1 
           ip address 80.80.80.1 255.255.255.0 
           ip irdp 
           ip irdp maxadvertinterval 10 
           ip irdp minadvertinterval 7 
           ip irdp holdtime 30 
           ip mobile foreign-service 
           media-type 10BaseT 
          ! 
          router mobile 
          ! 
          router rip 
           version 2 
           network 80.0.0.0 
           network 100.0.0.0 
          ! 
          ip classless 
          no ip http server 
          ip mobile foreign-agent care-of Ethernet1 

          Foreign Agent 2 (FA2) Configuration

          interface Ethernet1 
           ip address 171.69.68.1 255.255.255.0
           media-type 10BaseT 
          ! 
          interface Ethernet2 
           ip address 80.80.80.2 255.255.255.0 
           ip irdp 
           ip irdp maxadvertinterval 10 
           ip irdp minadvertinterval 7 
           ip irdp holdtime 30 
           ip mobile foreign-service 
           media-type 10BaseT 
          ! 
          router mobile 
          ! 
          router rip 
           version 2 
           network 80.0.0.0 
           network 100.0.0.0 
          ! 
          ip classless 
          no ip http server 
          ip mobile foreign-agent care-of Ethernet2 

          Mobile Router 1 Configuration

          interface Ethernet5/2 
          ! MR roaming interface 
           ip address 70.70.70.4 255.255.255.0 
           ip mobile router-service roam 
          ! Configure redundancy for mobile router using HSRP
           standby ip 70.70.70.70 
           standby priority 105 
           
          standby preempt 
           standby name MR_HSRP2 
           standby track Ethernet5/4 
          ! 
          interface Ethernet5/4 
          ! Interface to Mobile Network 
           ip address 20.20.20.2 255.255.255.0 
          ! 
          router mobile 
          ! 
          router rip 
           version 2 
           passive-interface Ethernet5/2 
           network 20.0.0.0 
           network 70.0.0.0 
          ! 
          ip classless 
          no ip http server 
          ip mobile secure home-agent 100.100.100.100 spi 100 key hex 12345678123456781234567812345678 
          ip mobile router 
          ! Maps to HSRP group name
           redundancy group MR_HSRP2 
          ! Using roaming interface hot address as MR address 
           address 70.70.70.70 255.255.255.0 
           home-agent 100.100.100.1 

          Mobile Router 2 Configuration

          interface Ethernet1/2 
          ! MR roaming interface 
           ip address 70.70.70.3 255.255.255.0 
           ip mobile router-service roam 
          ! Configure redundancy for mobile router using HSRP
           standby ip 70.70.70.70 
           standby priority 100 
           standby preempt 
           standby name MR_HSRP2 
           standby track Ethernet1/4 
          ! 
          interface Ethernet1/4 
          ! Interface to Mobile Network 
          ip address 20.20.20.1 255.255.255.0 
          ! 
          router mobile 
          ! 
          router rip 
           version 2 
           passive-interface Ethernet1/2 
           network 20.0.0.0 
           network 70.0.0.0 
          ! 
          ip classless 
          no ip http server 
          ip mobile secure home-agent 100.100.100.100 spi 100 key hex 12345678123456781234567812345678 
          ip mobile router 
          ! Maps to HSRP group name
           redundancy group MR_HSRP2 
          ! Using roaming interface hot address as MR address 
           address 70.70.70.70 255.255.255.0 
           home-agent 100.100.100.1

          Command Reference

          The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS IP Mobility Command Reference at http://www.cisco.com/en/US/docs/ios/ipmobility/command/reference/imo_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http:/​/​tools.cisco.com/​Support/​CLILookup or to the Cisco IOS Master Commands List .

          • address (mobile router)
          • clear ip mobile router agent
          • clear ip mobile router registration
          • clear ip mobile router traffic
          • debug ip mobile
          • debug ip mobile router
          • description (mobile networks)
          • home-agent
          • ip mobile mobile-networks
          • ip mobile router
          • ip mobile router-service
          • mobile-network
          • network (mobile networks)
          • redundancy group
          • register (mobile networks)
          • register (mobile router)
          • reverse-tunnel
          • show ip mobile binding
          • show ip mobile host
          • show ip mobile mobile-networks
          • show ip mobile router
          • show ip mobile router agent
          • show ip mobile router interface
          • show ip mobile router registration
          • show ip mobile router traffic

          Glossary

          agent advertisement --An advertisement message constructed by an attachment of a special extension to a ICMP Router Discovery Protocol (IRDP).

          agent discovery --The method by which a mobile node or mobile router determines whether it is currently connected to its home network or a foreign network and detects whether it has moved and the way it has moved. It is the mechanism by which mobile nodes or mobile routers query and discover mobility agents. Agent discovery is an extension to ICMP Router Discovery Protocol (IRDP) (RFC 1256), which includes a mechanism to advertise mobility services to potential users.

          agent solicitation --A request for an agent advertisement sent by the mobile node or mobile router.

          care-of address --The termination point of the tunnel to a mobile node or mobile router. This can be a collocated care-of address, by which the mobile node or mobile router acquires a local address and detunnels its own packets, or a foreign agent care-of address, by which a foreign agent detunnels packets and forwards them to the mobile node or mobile router.

          correspondent node --A peer with which a mobile node is communicating. A correspondent node may be either stationary or mobile.

          foreign agent --A router on the visited network of a foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the home agent of the mobile node. For packets sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.

          foreign network --Any network other than the home network of the mobile node.

          home address --An IP address that is assigned for an extended time to a mobile node. It remains unchanged regardless of where the node is attached to the Internet.

          home agent --A router on a home network of the mobile node or that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding .

          home network --The network, possibly virtual, whose network prefix equals the network prefix of the home address of a mobile node.

          link --A facility or medium over which nodes communicate at the link layer. A link underlies the network layer.

          link-layer address --The address used to identify an endpoint of some communication over a physical link. Typically, the link-layer address is a MAC address of an interface.

          mobility agent --A home agent or a foreign agent.

          mobility binding --The association of a home address with a care-of address and the remaining lifetime.

          mobile network --A network that moves with the mobile router. A mobile network is a collection of hosts and routes that are fixed with respect to each other but are mobile, as a unit, with respect to the rest of the Internet.

          mobile node --A host or router that changes its point of attachment from one network or subnet to another. A mobile node may change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its home IP address, assuming that link-layer connectivity to a point of attachment is available.

          mobile router --A mobile node that is a router. It provides for the mobility of one or more entire networks moving together, perhaps on an airplane, a ship, a train, an automobile, a bicycle, or a kayak. The nodes connected to a network served by the mobile router may themselves be fixed nodes or mobile nodes or routers.

          mobility security association --A collection of security contexts between a pair of nodes that may be applied to Mobile IP protocol messages exchanged between them. Each context indicates an authentication algorithm and mode, a secret (a shared key or appropriate public/private key pair), and a style of replay protection in use.

          MTU --maximum transmission unit. Maximum packet size, in bytes, that a particular interface can handle.

          node --A host or router.

          registration --The process by which the mobile node is associated with a care-of address on the home agent while it is away from home. Registration may happen directly from the mobile node to the home agent or through a foreign agent.

          roaming interface --An interface used by the mobile router to detect foreign agents and home agents while roaming. Registration and traffic occur on the interface.

          SPI --security parameter index. The index identifying a security context between a pair of nodes. On the home agent, the SPI identifies which shared secret to use to compute the md5 hash value.

          tunnel --The path followed by a packet while it is encapsulated from the home agent to the mobile node. The model is that, while it is encapsulated, a packet is routed to a knowledgeable decapsulating agent, which decapsulates the datagram and then correctly delivers it to its ultimate destination.

          virtual network --A network with no physical instantiation beyond a router (with a physical network interface on another network). The router (a home agent, for example) generally advertises reachability to the virtual network using conventional routing protocols.

          visited network --A network other than the home network of a mobile node, to which the mobile node is currently connected.

          visitor list --The list of mobile nodes visiting a foreign agent.