IP Mobility: Mobile IP Configuration Guide, Cisco IOS Release 15M&T
Mobile IP Generic NAI Support and Home Address Allocation
Download this chapter
Mobile IP Generic NAI Support and Home Address AllocationMobile IP Generic NAI Support and Home Address Allocation
Download the complete book
IP Mobility: Mobile IP Configuration Guide, Cisco IOS Release 15M&TIP Mobility: Mobile IP Configuration Guide, Cisco IOS Release 15M&T (PDF - 1 MB)
 Feedback

Contents

Mobile IP Generic NAI Support and Home Address Allocation

Last Updated: December 2, 2012

The Mobile IP--Generic NAI Support and Home Address Allocation feature allows a mobile node to be identified by using a network access identifier (NAI) instead of an IP address (home address). The NAI is a character string that can be a unique identifier (username@realm) or a group identifier (realm). Additionally, this feature allows you to configure the home agent to allocate addresses to mobile nodes either statically or dynamically. Home address allocation can be from address pools configured locally on the home agent, through either Dynamic Host Configuration Protocol (DHCP) server access, or from the authentication, authorization, and accounting (AAA) server.

Feature Specifications for Mobile IP--Generic NAI Support and Home Address Allocation

Feature History

Release

Modification

12.2(13)T

This feature was introduced.

Supported Platforms

Refer to Feature Navigator.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About Generic NAI Support and Home Address Allocation

NAI Overview

Authentication, Authorization, and Accounting (AAA) servers are used within the Internet to provide authentication and authorization services for dial-up computers. AAA servers identify clients using the NAI. The NAI is a character string in the format of an e-mail address as either user or user@realm but it need not be a valid e-mail address or a fully qualified domain name. The NAI can be used either in a specific or generic form. The specific form, which must contain the user portion and may contain the @realm portion, identifies a single user. The generic form allows all users in a given realm or without a realm to be configured on a single command line. Each user still needs a unique security association, but these associations can be stored on a AAA server.

The original purpose of the NAI was to support roaming between dialup ISPs. With the NAI, each ISP need not have all the accounts for all of its roaming partners in a single RADIUS database. RADIUS servers can proxy requests to remote servers for each realm.

These services are also valuable for mobile nodes using Mobile IP when the nodes are attempting to connect to foreign domains with AAA servers. The Mobile IP--Generic NAI Support and Home Address Allocation feature introduces a method for the mobile node to identify itself by including the NAI along with the Mobile IP registration request.

RFC 2794, Mobile IP Network Access Identifier Extension for IPv4 , defines a mobile node NAI extension of type 131 to the Mobile IP registration messages. This extension must appear in the registration request before the mobile-home authentication extension (MHAE) and mobile-foreign authentication extension (MFAE). The home agent authenticates the mobile node and allocates an IP address. For static IP address allocation, the mobility binding is identified in the home agent as a flow {NAI, IP address} and for dynamic address assignment the mobility binding is identified by the NAI only.

Home Address Allocation

The home agent allocates a home address to the mobile node based on the NAI received during Mobile IP registration. The IP addresses can be statically or dynamically allocated to the mobile node. In addition, multiple static IP addresses can be allocated to the same NAI. The home agent will not permit simultaneous registrations for different NAIs with the same IP address, whether it is statically or dynamically allocated.

Static IP Addresses

Static IP addresses must be configured on the mobile node. The home agent supports static IP addresses that might be public IP addresses, or addresses in a private domain.


Note
Use of private addresses for Mobile IP services requires reverse tunneling between the foreign agent and the home agent.

The mobile user proposes the configured/available address as a nonzero home address in the registration request message. The home agent can accept this address or return another address in the registration reply message. The home agent can authorize the IP address by accessing the AAA server or DHCP server. The AAA server may return the name of a local pool, or a single IP address. On successful Mobile IP registration, Mobile IP based services are made available to the user.

Local Authorization

A static address can be authorized on a per-mobile node or per-realm basis. Per-mobile node configurations require a specific NAI in the form of user or user@realm to be defined on the home agent and allow up to five addresses or a pool per NAI. Per-realm configurations require that a generic NAI be in the form of @realm and only allows address allocation from a local pool.

AAA Authorization

The number of mobile nodes that can be configured is limited because of NVRAM on the router. So, as an option, you can also store the authorized addresses or local pool name in a AAA server. Each user must have either the static-addr-pool attribute or the static-pool-def attribute configured in the AAA server. Unlike the static address configuration on the command line, the static-addr-pool attribute is not limited in the number of addresses. See the Configuration Examples for Generic NAI Support and Home Address Allocation section in this document for AAA configuration examples.

Static IP Address Configuration Priority

If the configuration exists locally as well as on the AAA server, the AAA configuration takes precedence over the local pool of addresses. The priority is given in the following order:

  1. AAA addresses
  2. AAA pool name
  3. Local mobile node static addresses
  4. Local pool

In cases where the static addresses list is retrieved from the AAA server but all the addresses are already in use by other mobile nodes, the next priority addressing mechanism is used.

Dynamic IP Addresses

A mobile node can request a dynamically allocated IP address by proposing an all-zero home address in the registration request message. The home agent allocates a home address and returns it to the mobile node in the registration reply message.

A fixed address is a dynamically assigned address that is always the same.

The home address can be allocated from a AAA server, a DHCP server, or configured locally through the command line interface (CLI). You can also define a local pool for address allocation on a AAA server or through the CLI.

DHCP

Optionally, Mobile IP uses the existing Cisco IOS DHCP proxy client to allocate dynamic home addresses by a DHCP server. The NAI is sent in the DHCP client-id option and can be used to provide dynamic DNS services.

AAA

Dynamic IP addressing from a AAA server allows support for fixed and or per session addressing for mobile nodes without the task of maintaining addressing at the mobile node or home agent. The AAA server can return either a specific address, a local pool name, or a DHCP server address.

Dynamic IP Address Configuration Priority

If the configuration exists locally as well as on the AAA server, the AAA configuration takes precedence over the local pool of addresses. The priority is given in the following order:

  1. AAA address
  2. AAA pool
  3. Local mobile node address
  4. Local pool

DHCP pool

Address Allocation for Same NAI with Multiple Static Addresses

The home agent supports multiple Mobile IP registrations for the same NAI with different static addresses through static address configuration on the command line or by configuring static-ip-address pool (s) at the AAA server or DHCP server. When the home agent receives a registration request message from the mobile user, the home agent accesses the AAA for authentication, and possibly for assignment of an IP address.

A single mobile user can use multiple static IP addresses either on the same IP device or multiple IP devices, while maintaining only one AAA record and security association. The ISP can then bill the user based on the NAI, independent of which IP device was used.

How Registrations Are Processed for the Same NAI

When the same NAI is used for registration from two different mobile IP devices, the behavior is as follows:

  • If static address allocation is used in both cases, they are considered independent cases.
  • If dynamic address allocation is used in both cases, the second registration replaces the first.
  • If static is used for the first registration, and dynamic for the second, the dynamic address allocation replaces the static address allocation.
  • If dynamic is used for the first registration, and static for the second, they are considered independent cases.

Additionally, two flows originating from the same mobile node using the same NAI, but two different home agents, are viewed as independent cases.

Benefits of Generic NAI Support and Home Address Allocation

  • Provides a mechanism to identify users based on the NAI
  • Supports static and dynamic IP address allocation
  • Optimizes the use of IP addresses by reusing them

How to Configure Generic NAI Support and Home Address Allocation

Configuring the Home Agent

Perform one of the following tasks in this section, depending on whether you want to configure static IP addresses or dynamic IP addresses.

SUMMARY STEPS

1.    enable

2.    configure {terminal | memory | network}

3.    ip local pool {named-address-pool| default} {first-ip-address[last-ip-address]}

4.    ip mobile host {lower [upper] | nai string [static-address {addr1 [addr2] [addr3] [addr4] [addr5] | local-pool name}] } {interface name | virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number]

5.    ip mobile secure host {lower[upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5| hmac-md5} mode prefix-suffix]


DETAILED STEPS
 Command or ActionPurpose
Step 1
enable


Example:

Router> enable

 

Enables higher privilege levels, such as privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure {terminal | memory | network}


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ip local pool {named-address-pool| default} {first-ip-address[last-ip-address]}


Example:

Router(config)# ip local pool static-user-pool 172.21.58.3 172.21.58.254

 

(Optional) Configures a local pool of IP addresses.

  • An NAI configured in the form of @realm can only be allocated addresses from a local pool.
 
Step 4
ip mobile host {lower [upper] | nai string [static-address {addr1 [addr2] [addr3] [addr4] [addr5] | local-pool name}] } {interface name | virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number]


Example:

Router(config)# ip mobile host nai joe@staticuser.com local-pool static-user-pool interface FastEthernet0/0



Example:

Router(config)# ip mobile host nai joe static-address 172.21.58.3 172.21.58.4 interface FastEthernet0/0



Example:

Router(config)# ip mobile host nai joe@staticuser.com interface FastEthernet0/0 aaa

 

Configures the mobile host or mobile node group.

  • In the first example, a local pool named static-user-pool is used for static address allocation.
  • In the second example, multiple static addresses are configured and are associated with the same NAI. This configuration allows a single user to use multiple static IP addresses either on the same IP device or multiple IP devices, while maintaining only one AAA record and security association. Note that this option can only be used when the nai string is not a realm.
  • In the third example, the mobile host stores its authorized address in a AAA server. The appropriate attributes must be configured on the AAA server.
 
Step 5
ip mobile secure host {lower[upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5| hmac-md5} mode prefix-suffix]


Example:

Router(config)# ip mobile secure host nai user@staticuser.com spi 100 key hex 123456781234567812345678123245678

 

Specifies the mobility security associations for the mobile host. This step is optional only if you specify the aaa keyword in the ip mobile host command.

 

Dynamic IP Addresses

This section describes how to configure the home agent to allocate dynamic IP addresses to mobile nodes.


Note
  • The current implementation does not allow DHCP to be used with virtual networks.
  • Local pool allocation cannot be used with the home agent redundancy feature.
SUMMARY STEPS

1.    enable

2.    configure {terminal | memory | network}

3.    ip local pool {named-address-pool| default} {first-ip-address[last-ip-address]}

4.    ip mobile host nai string [address {addr | pool {local name | dhcp-proxy-client[dhcp-server addr]}] {interface name| virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number]

5.    ip mobile secure host {lower[upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5| hmac-md5} mode prefix-suffix]


DETAILED STEPS
 Command or ActionPurpose
Step 1
enable


Example:

Router> enable

 

Enables higher privilege levels, such as privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure {terminal | memory | network}


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ip local pool {named-address-pool| default} {first-ip-address[last-ip-address]}


Example:

Router(config)# ip local pool my-pool 172.21.58.5 172.21.58.250

 

(Optional) Configures a local pool of IP addresses.

 
Step 4
ip mobile host nai string [address {addr | pool {local name | dhcp-proxy-client[dhcp-server addr]}] {interface name| virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number]


Example:

Router(config)#ip mobile host nai jane@cisco.com address pool local my-pool interface FastEthernet0/0



Example:

Router(config)#ip mobile host nai jane@cisco.com address pool local my-pool virtual-network 10.2.0.0 255.255.0.0 aaa



Example:

Router(config)# ip mobile host nai jane@cisco.com address pool dhcp-proxy-client dhcp-server 10.1.2.3 interface FastEthernet 0/0

 

Configures the mobile host or mobile node group.

  • In the first example, a local pool named my-pool is used for dynamic address allocation.
  • In the second example, the user name is sent to the AAA server. If no address allocation information comes back from the AAA server, the home agent will assign an available address from the pool named my-pool.
  • In the third example, a DHCP proxy client specifies that a DHCP server, located at 10.1.2.3, will allocate dynamic home addresses.
 
Step 5
ip mobile secure host {lower[upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5| hmac-md5} mode prefix-suffix]


Example:

Router(config)# ip mobile secure host nai jane@cisco.com spi 100 key hex 123456781234567812345678123245678

 

Specifies the mobility security associations for the mobile host. Optional only if you specify the aaa keyword in the ip mobile host command.

 

Configuring AAA in the Mobile IP Environment

Access control is the way you manage who has user access to the network server and what services the users are allowed to use. AAA network security services provide the primary framework through which you set up access control on your router or access server. See the Configuration Examples for Generic NAI Support and Home Address Allocation in this document for example AAA configurations.

SUMMARY STEPS

1.    enable

2.    configure {terminal | memory | network}

3.    aaa new-model

4.    aaa authentication login {default | list-name} method1 [method2...]

5.    aaa authorization ipmobile {tacacs+| radius}

6.    aaa session-id [common| unique]


DETAILED STEPS
 Command or ActionPurpose
Step 1
enable


Example:

Router> enable

 

Enables higher privilege levels, such as privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure {terminal | memory | network}


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
aaa new-model


Example:

Router(config)# aaa new-model

 

Enables AAA access control.

 
Step 4
aaa authentication login {default | list-name} method1 [method2...]


Example:

Router(config)# aaa authentication login default enable

 

Sets AAA authentication at login.

 
Step 5
aaa authorization ipmobile {tacacs+| radius}


Example:

Router(config)# aaa authorization ipmobile radius

 

Specifies which AAA protocol to be used by Mobile IP.

 
Step 6
aaa session-id [common| unique]


Example:

Router(config)# aaa session-id common

 

Ensures that the same session ID will be used for each AAA accounting service type within a call.

 

Configuring RADIUS in the Mobile IP Environment

Remote Authentication Dial-in User Service (RADIUS) is a method for defining the exchange of AAA information in the network. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a RADIUS server that contains all user authentication and network server access information.

SUMMARY STEPS

1.    enable

2.    configure {terminal | memory | network}

3.    radius-server host {hostname | ip-address}[auth-port port-number] [acct-port port-number]

4.    radius-server retransmit retries

5.    radius-server key {0 string |7 string | string}


DETAILED STEPS
 Command or ActionPurpose
Step 1
enable


Example:

Router> enable

 

Enables higher privilege levels, such as privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure {terminal | memory | network}


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
radius-server host {hostname | ip-address}[auth-port port-number] [acct-port port-number]


Example:

Router(config)# radius-server host 128.107.162.173 auth-port 1645 acct-port 1646

 

Specifies a RADIUS server host.

 
Step 4
radius-server retransmit retries


Example:

Router(config)# radius-server retransmit 3

 

Specifies the number of times the Cisco IOS software searches the list of RADIUS server hosts before giving up.

 
Step 5
radius-server key {0 string |7 string | string}


Example:

Router(config)# radius-server key cisco

 

Sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon.

 

Verifying Generic NAI Support and Home Address Allocation

To verify generic NAI support and home address allocation, use the following commands in privileged EXEC mode, as needed:

SUMMARY STEPS

1.    show ip mobile binding nai string

2.    show ip mobile host nai string

3.    show ip mobile visitor nai string


DETAILED STEPS
 Command or ActionPurpose
Step 1
show ip mobile binding nai string


Example:

Router# show ip mobile binding nai jane@cisco.com

 

Displays the mobility binding table.

 
Step 2
show ip mobile host nai string


Example:

Router# show ip mobile host nai jane@cisco.com

 

Displays mobile node information.

 
Step 3
show ip mobile visitor nai string


Example:

Router# show ip mobile visitor nai jane@cisco.com

 

Displays the visitor list on the foreign agent.

 

Output Examples

This section provides the following output examples:

Sample Output for the show ip mobile binding Command

In this example, output information about all current mobility bindings is displayed using the show ip mobile bindingEXEC command:

Router> show ip mobile binding nai jane@cisco.com
Mobility Binding List:
jane@cisco.com (Bindings 1): 
    Home Addr 25.2.2.1
    Care-of Addr 68.0.0.31, Src Addr 68.0.0.31, 
    Lifetime granted 02:46:40 (10000), remaining 02:46:32
    Flags Sbdmgvt, Identification B750FAC4.C28F56A8, 
    Tunnel2 src 1.1.1.1.dest 2.2.2.1 reverse-allowed
    Routing Options - (B)Broadcast
Sample Output for the show ip mobile host Command

In this example, mobile host counters and information is displayed using the show ip mobile hostEXEC command:

Router> show ip mobile host nai jane@cisco.com
jane@cisco.com:
    Dynamic address from local pool dynamic-pool
    Allowed lifetime 00:03:20 (200/default)
    Roaming status -registered-, Home link on virtual network 25.0.0.0/8
    Bindings 25.2.2.1
    Accepted 2, Last time 04/13/02 19:04:28
    Overall service time 00:04:42
    Denied 0, Last time -never-
    Last code '-never- (0)'
    Total violations 0
    Tunnel to MN - pkts 0, bytes 0
    Reverse tunnel from MN - pkts 0, bytes 0
Sample Output for the show ip mobile visitor Command

In this example, the visitor list on the foreign agent is displayed using the show ip mobile visitorEXEC command:

Router> show ip mobile visitor nai jane@cisco.com
Security Associations (algorithm,mode,replay)
Mobile Visitor List:
jane@cisco.com
    Home addr 25.2.2.2
    Interface Ethernet3/2, MAC addr 0060.837b.95ec
    IP src 0.0.0.0, dest 2.2.2.1, UDP src port 434
    HA addr 1.1.1.1, Identification B7510E60.64436B38
    Lifetime 00:03:20 (200) Remaining 00:02:57
    Tunnel2 src 2.2.2.1, dest 1.1.1.1, reverse-allowed
    Routing Options - (B) Broadcast

Configuration Examples for Generic NAI Support and Home Address Allocation

Static Home Addressing Using NAI Examples

The following example configures a local pool of static addresses to be used in assigning IP addresses to mobile nodes in the cisco.com domain:

router mobile
!
ip local pool mobilenodes 172.21.58.3 172.21.58.250
ip mobile host nai @cisco.com static-address local-pool mobilenodes
ip mobile secure host nai @cisco.com spi 100 key hex 123456781234567812345678123245678
!


  










Dynamic Home Addressing Using NAI Examples



    

The following is an example of dynamic addressing using a local pool:


    
router mobile
!
ip local pool my-pool 10.1.2.3 10.1.2.5
ip mobile host nai jane@cisco.com address pool local my-pool virtual-network 10.0.0.0 255.255.255.0
ip mobile secure host nai jane@cisco.com spi 100 key hex 123456781234567812345678123245678


    


    

The following is an example of dynamic addressing using a DHCP server specified by the DHCP proxy client:


    
router mobile
!
ip mobile host nai jane@cisco.com address pool dhcp-proxy-client dhcp-server 10.1.2.3 interface FastEthernet 0/0
ip mobile secure host nai jane@cisco.com spi 100 key hex 123456781234567812345678123245678



  










Home Agent Using NAI AAA Server Example



    

In the following static configuration, the home agent can use a AAA server to store either the authorized addresses or local pool name. For the mobile node to request a static address, either the static-addr-pool attribute or the static-pool-def attribute must be configured on the AAA server.


    
Home Agent

      
      

The following example shows how the home agent is configured to use the AAA server:


      
aaa new-model
aaa authorization ipmobile radius
!
ip local pool mobilenodes 10.0.0.5 10.0.0.10
ip mobile host nai user@staticuser.com interface FastEthernet0/0 aaa
ip mobile host nai @static.com interface FastEthernet0/0 aaa


      


    


    
Radius Attributes

      
      
Cisco-AVPair = "mobileip:static-addr-pool=10.0.0.1 10.0.0.2 10.0.0.3"
Cisco-AVPair = "mobileip:static-pool-def=mobilenodes"


    


  










AAA and Local Configuration Example



    

You can also configure some addressing details on the home agent and some on the AAA server. In the following example, a set of authorized static addresses for a mobile node are configured on the AAA server and the dynamic addresses are configured locally on the home agent.


    
Home Agent

      
      
ip mobile host nai @cisco.com address pool local mobilenodes interface ethernet2/1 aaa


    


    
Radius Attribute

      
      
Cisco-AVPair = "mobileip:static-addr-pool=10.2.0.1 10.2.0.2 10.0.0.3"


    


  












Additional References


 
	 
 
		
 For additional information related to generic NAI support and home address assignment, refer to the following sections:
		

 
	 

 
	 
Related Documents
 
		 
		

 
			  
			  
			  
				
 
				   
					 
 Related Topic
					 

 
				  		
 
				   
					 
 Document Title
					 

 
				  		
 
				

 
			 
 
			  
				
 
				   
					 
 Mobile IP configuration tasks
					 

 
				  		
 
				   
					 
 "Configuring Mobile IP" chapter in theCisco IOS IP Configuration Guide, 
						 Release 12.2
					 

 
				  		
 
				

 
				
 
				   
					 
 Mobile IP commands: complete command syntax, command mode, defaults, usage guidelines, and examples
					 

 
				  		
 
				   
					 
 "Mobile IP Commands" chapter in theCisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, 
						 Release 12.2
					 

 
				  		
 
				

 
				
 
				   
					 
 AAA configuration tasks
					 

 
				  		
 
				   
					 
 
						Cisco IOS Security Configuration Guide, 
						 Release 12.2
					 

 
				  		
 
				

 
				
 
				   
					 
 AAA commands: complete command syntax, command mode, defaults, usage guidelines, and examples
					 

 
				  		
 
				   
					 
 
						Cisco IOS Security Command Reference, 
						 Release 12.2
					 

 
				  		
 
				

 
			 
 
		  



 
	 

 
	 
Standards
 
		 
		

 
			  
			  
			  
				
 
				   
					 
 Standards
					 

 
				  		
 
				   
					 
 Title
					 

 
				  		
 
				

 
			 
 
			  
				
 
				   
					 
 No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
					 

 
				  		
 
				   
					 
 --
					 

 
				  		
 
				

 
			 
 
		  



 
	 

 
	 
MIBs
 
		 
		

 
			  
			  
			  
				
 
				   
					 
 MIBs1
					 

 
				  		
 
				   
					 
 MIBs Link
					 

 
				  		
 
				

 
			 
 
			  
				
 
				   
					 
     
						
  •  CISCO-MOBILE-IP MIB
						
    • 
 
					 

 
				  		
 
				   
					 
 To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
					 

 
					 
 http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml 
					 

 
				  		
 
				

 
			 
 
		  




1  Not all supported MIBs are listed.
 
		
 To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
		

 
		
 
		  http://tools.cisco.com/ITDIT/MIBS/servlet/index 
		

 
		
 If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
		

 
		
 
		  http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml 
		

 
		
 To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
		

 
		
 
		  http://www.cisco.com/register 
		

 
	 

 
	 
RFCs
 
		 
		

 
			  
			  
			  
				
 
				   
					 
 RFCs2
					 

 
				  		
 
				   
					 
 Title
					 

 
				  		
 
				

 
			 
 
			  
				
 
				   
					 
 RFC 2486
					 

 
				  		
 
				   
					 
 
						The Network Access Identifier 
					 

 
				  		
 
				

 
				
 
				   
					 
 RFC 2794
					 

 
				  		
 
				   
					 
 
						Mobile IP Network Access Identifier Extension for IPv4 
					 

 
				  		
 
				

 
				
 
				   
					 
 RFC 3220
					 

 
				  		
 
				   
					 
 
						IP Mobility Support for IPv4 
					 

 
				  		
 
				

 
			 
 
		  




2  Not all supported RFCs are listed.
 
	 

 
	 
Technical Assistance
 
		 
		

 
			  
			  
			  
				
 
				   
					 
 Description
					 

 
				  		
 
				   
					 
 Link
					 

 
				  		
 
				

 
			 
 
			  
				
 
				   
					 
 Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and lots more. Registered Cisco.com users can log in from this page to access even more content.
					 

 
				  		
 
				   
					 
 
						http://www.cisco.com/public/support/tac/home.shtml 
					 

 
				  		
 
				

 
			 
 
		  



 
	 

 
  










Command Reference


 
	 
 The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the 
		Cisco IOS IP Mobility Command Reference at http://www.cisco.com/en/US/docs/ios/ipmobility/command/reference/imo_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at 
		http://tools.cisco.com/Support/CLILookup or to the 
		Cisco IOS Master Commands List . 
	 

 
	 
     
		
  •  
		   
			 clear 
			 ip 
			 mobile 
			 binding 
		   
		
    • 
 
		
  •  
		   
			 clear 
			 ip 
			 mobile 
			 host-counters 
		   
		
    • 
 
		
  •  
		   
			 clear 
			 ip 
			 mobile 
			 secure 
		   
		
    • 
 
		
  •  
		   
			 clear 
			 ip 
			 mobile 
			 visitor 
		   
		
    • 
 
		
  •  
		   
			 ip 
			 mobile 
			 home-agent 
		   
		
    • 
 
		
  •  
		   
			 ip 
			 mobile 
			 home-agent 
			 reject-static-address 
		   
		
    • 
 
		
  •  
		   
			 ip 
			 mobile 
			 host 
		   
		
    • 
 
		
  •  
		   
			 ip 
			 mobile 
			 secure 
		   
		
    • 
 
		
  •  
		   
			 show 
			 ip 
			 mobile 
			 binding 
		   
		
    • 
 
		
  •  
		   
			 show 
			 ip 
			 mobile 
			 globals 
		   
		
    • 
 
		
  •  
		   
			 show 
			 ip 
			 mobile 
			 host 
		   
		
    • 
 
		
  •  
		   
			 show 
			 ip 
			 mobile 
			 secure 
		   
		
    • 
 
		
  •  
		   
			 show 
			 ip 
			 mobile 
			 violation 
		   
		
    • 
 
		
  •  
		   
			 show 
			 ip 
			 mobile 
			 visitor 
		   
		
    • 
 
	 

 
  










Glossary



    

      
        home
        agent
      --A router on a home network of the mobile node or that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding.


    

      
        flow
      --In the context of this document, a flow is the set of {NAI, IP Address}. The flow allows a single NAI to be associated with one or multiple IP addresses, for example, {NAI, ipaddr1}, {NAI, ipaddr2}, and so on. 


    

      
        foreign
        agent
      --A router on the visited network of a foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the Home Agent of the mobile node. For packets sent by a mobile node, the Foreign Agent may serve as a default router for registered mobile nodes.


    

      
        mobility
        binding
      --The association of a home address with a care-of address and the remaining lifetime.


    

      
        NAI
      --Network Access Identifier. The user ID submitted by the mobile node during registration to identify the user for authentication. The NAI may help route the registration request to the right home agent.


    

Note

Refer to the Internetworking Terms and Acronyms 
for terms not included in this glossary.


  










 


 
	 
 
		
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: 
		  www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 
		

 
		
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. 
		

 
	 

 
  













































































© 2012 Cisco Systems, Inc. All rights reserved.