Downloads |
Table Of Contents
Mobile IP—Home Agent Accounting
Prerequisites for Mobile IP—Home Agent Accounting
Information About Mobile IP—Home Agent Accounting
Feature Design of Home Agent Accounting
Benefits of Home Agent Accounting
How to Configure Mobile IP—Home Agent Accounting
Enabling Home Agent Accounting
Configuration Examples for Mobile IP—Home Agent Accounting
ip mobile home-agent accounting
Mobile IP—Home Agent Accounting
In Cisco IOS Mobile IP, the home agent keeps track of the location of the mobile node as it roams away from its home network and forwards all traffic destined to the mobile node to its new location on the Internet. The Mobile IP—Home Agent Accounting feature allows the home agent to generate the following three new accounting messages that are forwarded to the authentication, authorization, and accounting (AAA) server or the Service Selection Gateway (SSG):
•
Accounting Start
•
•
The SSG can act as the proxy server for the AAA server and acknowledge the accounting messages sent by the home agent. The accounting records generated by the home agent can be stored on the AAA server and be used by Internet service providers (ISPs) for billing, capacity planning, and operations.
Feature Specifications for the Mobile IP—Home Agent Accounting Feature
12.2(15)T
This feature was introduced.
For platform supported in Cisco IOS Release 12.2(15)T consult Cisco Feature Navigator.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
•
•
•
Prerequisites for Mobile IP—Home Agent Accounting
Because home agent accounting generates messages for the AAA server, the network should have a reachable AAA server or SSG.
Information About Mobile IP—Home Agent Accounting
Before you configure Mobile IP—Home Agent Accounting, you should understand the following concepts:
•
•
Service Selection Gateway
The SSG is a switching solution for service providers that offer intranet, extranet, and Internet connections to subscribers using broadband access technology such as digital subscriber lines (DSL), cable modems, or wireless to allow simultaneous access to network services.
The SSG communicates with the AAA management network where RADIUS, Dynamic Host Configuration Protocol (DHCP), and Simple Network Management Protocol (SNMP) servers reside and with the ISP network, which may connect to the Internet, corporate networks, and value-added services.
SSG is designed and deployed such that all network traffic passes through it.
Feature Design of Home Agent Accounting
The SSG collects all the statistics information because all network traffic passes through it. However, it does not have the Mobile IP session information that the home agent maintains. The session information tracks how long a mobile node session lasts.
Note
For each mobile node, the home agent sends this session information to the SSG in the form of messages, which are described in the following sections. The SSG forwards the messages to the AAA server as shown in Figure 1.
Figure 1 Topology for Home Agent Accounting with SSG and AAA Server
Message Types
The following messages are sent from the home agent to the SSG or AAA server:
Accounting Start
The home agent sends an Accounting Start message to the SSG/AAA when a mobile node successfully registers for the first time. This indicates the start of a new Mobile IP session for a mobile node.
In the case of a redundant home agent, a standby home agent will send an Accounting Start message only when it becomes active and does not have any bindings. This allows the SSG to maintain host objects for mobile nodes on the failed home agent.
Accounting Update
The home agent generates an Accounting Update message when the mobile node changes its point of attachment (POA) in the mobile network. For a Mobile IP session, this corresponds to a successful re-registration from a mobile node when it changes its care-of address (CoA). The CoA is the current location of the mobile node on the foreign network.
Accounting Stop
The home agent sends an Accounting Stop message to indicate that the Mobile IP session has ended. This occurs when the lifetime of the mobile node expires, when the mobile node sends a successful deregisration request, or when the home agent is unconfigured by a network administrator.
Message Formats
All the messages contain only the following information:
•
•
•
•
The message format is shown in Table 1, including the RADIUS attribute number, which is transparent to the Mobile IP—Home Agent Accounting feature.
Benefits of Home Agent Accounting
The Mobile IP—Home Agent Accounting feature allows ISPs to bill consumers based on the usage of the service. The accounting information is stored on a AAA server database and used by billing software to charge for service usage for each mobile node. The ISPs can use this accounting information for billing, capacity planning, and operations.
How to Configure Mobile IP—Home Agent Accounting
This section contains the following procedures:
•
•
•
Configuring AAA
Access control is the way you manage who has user access to the network server and what services the users are allowed to use. AAA network security services provide the primary framework through which you set up access control on your router or access server.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Configuring RADIUS
RADIUS is a method for defining the exchange of AAA information in the network. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a RADIUS server that contains all user authentication and network server access information.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Enabling Home Agent Accounting
To enable home agent accounting, use the following commands:
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Step 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
ip mobile home-agent accounting {default | list-name}
Example:Router(config)# ip mobile home-agent accounting mylist
Enables home agent accounting.
•
Step 4
ip mobile home-agent address ip-address
Example:Router(config)# ip mobile home-agent address 10.3.3.1
Enables and controls home agent services.
Step 5
ip mobile host {lower [upper] | nai string} {interface name}
Example:Router(config)# ip mobile host 10.3.3.2 10.3.3.5 interface ethernet2/2
Configures the mobile node or mobile host group.
Step 6
ip mobile secure {host {lower-address [upper-address] | nai string} spi spi key hex string algorithm {md5 | hmac-md5} mode prefix-suffix
Example:Router(config)# ip mobile secure host 10.3.3.2 spi 1000 key hex 123456781234567812345678123245678 algorithm md5 mode prefix-suffix
Specifies the mobility security associations for the mobile host.
Step 7
end
Example:Router(config)# end
Exits to privileged EXEC mode.
Step 8
show ip mobile globals
Example:Router# show ip mobile globalsDisplays global information for mobile agents.
•
Examples
The following sample output shows the home agent accounting status:
Router# show ip mobile globalsIP Mobility global information:Home AgentRegistration lifetime: INFINITEBroadcast enabledReplay protection time: 10 secsReverse tunnel enabledICMP Unreachable enabledStrip realm disabledNAT detect disabledHA Accounting enabled using method list: mylistAddress 10.3.3.1Foreign Agent is not enabled, no care-of addressMobility Agent1 interfaces providing serviceEncapsulations supported: IPIP and GRETunnel fast switching enabledDiscovered tunnel MTU aged out after 1:00:00Troubleshooting Tips
In the event that home agent accounting is not operating correctly, use the following debug commands in privileged EXEC mode to determine where the problem may exist:
•
•
•
See the Cisco IOS Debug Command Reference publication for information about these commands.
Configuration Examples for Mobile IP—Home Agent Accounting
This section provides the following configuration examples:
•
Home Agent Accounting Example
In the following example, an accounting method list called mylist is created for network accounting. The accounting method list, mylist, is applied at the home agent, which enables home agent accounting.
!aaa new-model!!aaa accounting mylist start-stop group radiusaaa accounting update newinfo!!ip mobile home-agent accounting mylist address 10.3.3.1ip mobile host 10.3.3.2 10.3.3.5 interface Ethernet2/2ip mobile secure host 10.3.3.2 spi 1000 key hex 123456781234567812345678123245678 algorithm md5 mode prefix-suffix!!radius-server host 128.107.162.173 auth-port 1645 acct-port 1646radius-server retransmit 3radius-server key ciscoAdditional References
For additional information related to Mobile IP—Home Agent Accounting feature, refer to the following references:
•
•
Related Documents
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
—
Technical Assistance
Command Reference
This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2T command reference publications.
•
ip mobile home-agent accounting
To enable home agent accounting services on the router, use the ip mobile home-agent accounting command in global configuration mode. To disable these services, use the no form of this command.
ip mobile home-agent accounting {default | list-name}
no ip mobile home-agent accounting {default | list-name}
Syntax Description
Defaults
The command is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
This command enables and controls home agent accounting services on the router. First, use the aaa accounting global configuration command to define the accounting method list. Next, apply the same accounting method list on the home agent using the ip mobile home-agent accounting global configuration command.
Examples
The following example enables home agent accounting for the list named mobile-list:
ip mobile home-agent accounting mobile-listRelated Commands
aaa accounting
Enables AAA accounting of requested services for billing or security purposes.
show ip mobile globals
To display global information for mobile agents, use the show ip mobile globals command in EXEC mode.
show ip mobile globals
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Usage Guidelines
This command shows the services provided by the home agent or foreign agent. Note the deviation from RFC 2006: the foreign agent will not display busy or registration required information. Both are handled on a per-interface basis (see the show ip mobile interface command), not at the global foreign agent level.
Examples
The following is sample output from the show ip mobile globals command:
Router# show ip mobile globalsIP Mobility global information:Home AgentRegistration lifetime: 10:00:00 (36000 secs)Broadcast enabledReplay protection time: 7 secsReverse tunnel enabledICMP Unreachable enabledStrip realm enabledNAT detect disabledHA Accounting enabled using method list: mylistAddress 1.1.1.1Virtual networks20.0.0.0/8Foreign Agent is not enabled, no care-of addressMobility Agent0 interfaces providing serviceEncapsulations supported: IPIP and GRETunnel fast switching enabledDiscovered tunnel MTU aged out after 1:00:00Table 2 describes the significant fields shown in the display.
Glossary
care-of address—The termination point of the tunnel to a mobile node or mobile router. This can be a collocated care-of address, by which the mobile node or mobile router acquires a local address and detunnels its own packets, or a foreign agent care-of address, by which a foreign agent detunnels packets and forwards them to the mobile node or mobile router. The care-of address is included in the Mobile IP registration request and is used by the home agent to forward packets to the mobile node in its current location.
foreign agent—A router on the visited network of a foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the home agent of the mobile node. For packets sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.
home agent—A router on a home network of the mobile node or that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding.
mobile node—A host or router that changes its point of attachment from one network or subnet to another. A mobile node may change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its home IP address, assuming that link-layer connectivity to a point of attachment is available.
NAI—Network access identifier. The user ID submitted by the mobile node during registration to identify the user for authentication. The NAI may help route the registration request to the correct home agent.
Note
