Cisco IOS IP Command Reference, Volume 4 of 4: IP Mobility, Release 12.3
IP Mobility Commands: M through T
Download this chapter
IP Mobility Commands: M through TIP Mobility Commands: M through T
Download the complete book
Book-level PDF: Cisco IOS IP Command Reference, Volume 4 of 4: IP Mobility, Release 12.3 Book-level PDF: Cisco IOS IP Command Reference, Volume 4 of 4: IP Mobility, Release 12.3 (PDF - 1 MB)
give_us_feedback

Table Of Contents

mobile-network

network (mobile networks)

redundancy group

register (mobile networks)

register (mobile router)

reverse-tunnel

router mobile

show ip mobile binding

show ip mobile globals

show ip mobile host

show ip mobile interface

show ip mobile mobile-networks

show ip mobile router agent

show ip mobile router

show ip mobile router interface

show ip mobile router registration

show ip mobile router traffic

show ip mobile secure

show ip mobile traffic

show ip mobile tunnel

show ip mobile violation

show ip mobile visitor

show ip mobile vpn-realm

snmp-server enable traps ipmobile

template tunnel (mobile networks)

template tunnel (mobile router)


mobile-network

To specify the mobile router interface that is connected to the dynamic mobile network, use the mobile-network command in mobile router configuration mode. To disassociate the networks from the mobile router, use the no form of this command.

mobile-network interface

no mobile-network interface

Syntax Description

interface

Mobile router interface that is connected to the dynamic network.


Defaults

No default behavior or values.

Command Modes

Mobile router configuration

Command History

Release
Modification

12.2(13)T

This command was introduced.


Usage Guidelines

The IP address and mask of the interface are added to the registration request to notify the home agent of the mobile networks. Once the home agent acknowledges the mobile network, the mobile router will no longer add the mobile network information in subsequent requests.

Examples

The following example shows how to enable mobile router services. In this example, the mobile router located at 10.0.0.3 is dynamically registering the primary interface address on Ethernet interface 3/2: 

router mobile

ip mobile router

 address 10.0.0.3 255.0.0.0

 home-agent 10.0.0.4

 !specifies the Mobile Router interface connected to the mobile network

 mobile-network Ethernet3/2

 register lifetime 120

Related Commands

Command
Description

register (mobile networks)

Dynamically registers the mobile networks with the home agent.


network (mobile networks)

To specify a list of mobile networks for a mobile router, use the network command in mobile networks configuration mode. To remove an entry, use the no form of this command.

network net mask

no network net mask

Syntax Description

net

IP address of the directly connected networks.

mask

Network mask.


Defaults

No networks are specified.

Command Modes

Mobile networks configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.


Usage Guidelines

When the mobile router is registered, the home agent injects the mobile networks into its routing table.

Examples

The following configuration example shows how to associate the mobile router address, 10.1.1.10, with the mobile networks:

Mobile Router Configuration: 

ip mobile router

  address 10.1.1.10 255.255.255.0

  home-agent 10.1.1.20

ip mobile secure home-agent 10.1.1.20 spi 100 key hex 12345678123456781234567812345678

Home Agent Configuration: 

! mobile host is mobile router address

ip mobile host 10.1.1.10 virtual-network 10.0.0.0 255.0.0.0

! associates mobile router address with mobile networks

ip mobile mobile-networks 10.1.1.10

  description jet

  network 172.6.1.0 255.255.255.0

ip mobile secure host 10.1.1.10 spi 100 key hex 12345678123456781234567812345678

Related Commands

Command
Description

show ip mobile mobile-networks

Displays a list of mobile networks associated with the mobile router.


redundancy group

To configure fault tolerance for the mobile router, use the redundancy group command in mobile router configuration mode. To disable this functionality, use the no form of this command.

redundancy group name

no redundancy group name

Syntax Description

name

Name of the mobile router group.


Defaults

No default behavior or values.

Command Modes

Mobile router configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.


Usage Guidelines

The redundancy group command provides fault tolerance by selecting one mobile router in the redundancy group name argument to provide connectivity for the mobile networks. This mobile router is in the active state. The other mobile routers are passive and wait until the active mobile router fails before a new active mobile router is selected. Only the active mobile router registers and sets up proper routing for the mobile networks. The redundancy state is either active or passive.

Examples

The following example selects the mobile router in the sanjose group, to provide fault tolerance: 

ip mobile router

 redundancy group sanjose

 address 10.1.1.10 255.255.255.0

 home-agent 10.1.1.20

 register lifetime 600

Related Commands

Command
Description

standby name

Configures the name of the standby group, which is associated with the mobile router.


register (mobile networks)

To dynamically register the mobile networks with the home agent, use the register command in mobile networks configuration mode. To disable the registration, use the no form of this command.

register

no register

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Mobile networks configuration

Command History

Release
Modification

12.2(13)T

This command was introduced.


Usage Guidelines

When the mobile router registers its mobile networks on the home agent, the home agent looks up the mobile network configuration and verifies that the register command is configured before adding forwarding entries into the home agent forwarding table for the mobile router. If the mobile router is not configured properly, the home agent will reject the request with error code 129.

It is possible to have both statically configured mobile networks and dynamically registered mobile networks. However, static mobile network configurations take precedence over dynamic mobile network registrations. For example, if a mobile router tries to dynamically add (or delete) a mobile network and that network is already statically configured for that mobile router or any other mobile router, then the dynamic mobile network is ignored and an error message is generated.

Similarly, if a mobile router has dynamically added a mobile network, an attempt by another mobile router to dynamically add or delete the same mobile network is ignored and an error message is generated.

Examples

In the following example, the mobile router is configured to dynamically register its mobile networks with the home agent: 

router mobile

 ip mobile home-agent

 ip mobile host 10.20.30.4 interface Ethernet 1

!Associated host address that informs HA that 10.20.30.4 is actually an MR

 ip mobile mobile-networks 10.20.30.4

  register

ip mobile secure host 10.20.30.4 spi 100 key hex 12345678123456781234567812345678

Related Commands

Command
Description

ip mobile host

Configures the mobile host or mobile node group.

mobile-network

Specifies the mobile router interface that is connected to the dynamic mobile network.


register (mobile router)

To control the registration parameters of the mobile router, use the register command in mobile router configuration mode. To return the registration parameters to their default settings, use the no form of this command.

register {extend expire seconds retry number interval seconds | lifetime seconds | retransmit initial milliseconds maximum milliseconds retry number}

no register {extend expire seconds retry number interval seconds | lifetime seconds | retransmit initial milliseconds maximum milliseconds retry number}

Syntax Description

extend

Re-registers before the lifetime expires.

expire seconds

Time (in seconds) in which to send a registration request before expiration. The range is from 1 to 3600; the default is 120.

retry number

Number of times the mobile router retries sending a registration request if no reply is received. The range is from 0 to 10; the default is 3. A value of 0 means no retry. The mobile router stops sending registration requests after the maximum number of retries is attempted.

interval seconds

Time (in seconds) that the mobile router waits before sending another registration request if no reply is received. The range is from 1 to 3600; the default is 10.

lifetime seconds

Requested lifetime (in seconds) of each registration. The smallest value between the configured lifetime and the foreign agent advertised registration lifetime is used. The range is from 3 to 65534; default is 65534 (infinity). This default ensures that the advertised lifetime is used, excluding infinity.

retransmit initial milliseconds

Wait period (in milliseconds) before sending a retransmission the first time no reply is received from the foreign agent. The range is from 10 to 10000 milliseconds (10 seconds); the default is 1000 milliseconds (1 second).

maximum milliseconds retry number

Maximum wait period (in milliseconds) before retransmission of a registration request. The range is 10 to 10000 milliseconds (10 seconds); the default is 5000 milliseconds (5 seconds). Each successive retransmission timeout period is twice the previous period, as long as it is less than the maximum value. Retransmission stops after the maximum number of retries.


Defaults

expire seconds: 120 seconds
retry number: Three retries
interval seconds: 10 seconds
lifetime seconds: 65534 seconds
retransmit initial milliseconds: 1000 milliseconds (1 second)
maximum milliseconds: 5000 milliseconds (5 seconds)

Command Modes

Mobile router configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.


Usage Guidelines

The register lifetime seconds command configures the lifetime that the mobile router requests in a registration request. The home agent also has lifetimes that are set. If the registration request from a mobile router has a greater lifetime than the registration reply from the home agent, the lifetime set on the home agent will be used for the registration. If the registration request lifetime from the mobile router is less than the registration reply from the home agent, the lifetime set on the mobile router will be used. Thus, the smaller lifetime between the home agent and mobile router is used for registration.

Examples

The following example specifies a registration lifetime of 600 seconds: 

ip mobile router

 address 10.1.1.10 255.255.255.0

 home-agent 10.1.1.20

 register lifetime 600

Related Commands

Command
Description

show ip mobile router

Displays configuration information and monitoring statistics about the mobile router.

show ip mobile router registration

Displays the pending and accepted registrations of the mobile router.


reverse-tunnel

To enable the reverse tunnel function on the mobile router, use the reverse-tunnel command in mobile router configuration mode. To disable the reverse tunnel function, use the no form of this command.

reverse-tunnel

no reverse-tunnel

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Mobile router configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.


Examples

The following example configures reverse tunneling on the mobile router: 

ip mobile router 
 address 10.1.1.2 255.0.0.0

 home-agent 10.1.1.1

 register extend expire 10 retry 2 interval 2

 reverse-tunnel

Related Commands

Command
Description

show ip mobile router

Displays configuration information and monitoring statistics about the mobile router.

show ip mobile router registration

Displays the pending and accepted registrations of the mobile router.

show ip mobile tunnel

Displays active tunnels.


router mobile

To enable Mobile IP on the router, use the router mobile command in global configuration mode. To disable Mobile IP, use the no form of this command.

router mobile

no router mobile

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.


Usage Guidelines

This command must be used in order to run Mobile IP on the router, as either a home agent or a foreign agent. The process is started, and counters begin. Disabling Mobile IP removes all related configuration commands, both global and interface.

Examples

The following example enables Mobile IP: 

router mobile

Related Commands

Command
Description

show ip mobile globals

Displays global information for mobile agents.

show ip protocols

Displays the parameters and current state of the active routing protocol process.

show processes

Displays information about the active processes.


show ip mobile binding

To display the mobility binding table, use the show ip mobile binding EXEC command.

show ip mobile binding [home-agent ip-address | nai string | summary]

Syntax Description

home-agent ip-address

(Optional) IP address of mobile node.

nai string

(Optional) Network access identifier (NAI).

summary

(Optional) Total number of bindings in the table.


Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.0(2)T

The home-agent keyword and address argument were added.

12.1(2)T

The summary keyword was added.

12.2(2)XC

The nai keyword was added.

12.2(13)T

This command was enhanced to display the service options field and to include information about the mobile networks registered on the home agent.


Usage Guidelines

The home agent updates the mobility binding table in response to registration events from mobile nodes. If the address argument is specified, bindings are shown for only that mobile node.

Examples

The following is sample output from the show ip mobile binding command: 

Router# show ip mobile binding


Mobility Binding List:

Total 1

20.0.0.1: 

    Care-of Addr 68.0.0.31, Src Addr 68.0.0.31, 

    Lifetime granted 02:46:40 (10000), remaining 02:46:32

    Flags SbdmGvt, Identification B750FAC4.C28F56A8, 

    Tunnel100 src 66.0.0.5 dest 68.0.0.31 reverse-allowed

    Routing Options - (G)GRE

    Service Options:

      NAT detect

The following is sample output from the show ip mobile binding command when mobile networks are configured or registered on the home agent: 

Router# show ip mobile binding


Mobility Binding List:

Total 1

20.0.4.1:

  Care-of Addr 45.0.0.5, Src Addr 45.0.0.5

  Lifetime granted 00:02:00 (120), remaining 00:01:56

  Flags sbDmgvT, Identification B7A262C5.DE43E6F4

  Tunnel0 src 46.0.0.3 dest 45.0.0.5 reverse-allowed

  MR Tunnel1 src 46.0.0.3 dest 20.0.4.1 reverse-allowed

  Routing Options - (D)Direct-to-MN (T)Reverse-tunnel

  Mobile Networks: 54.0.0.0/255.255.255.0(S)

                   44.0.0.0/255.255.255.0 (D)

                   46.0.0.0/255.0.0.0(D)

Table 9 describes the significant fields shown in the display.

Table 9 show ip mobile binding Field Descriptions 

Field
Description

Total

Total number of mobility bindings.

20.0.4.1

Home IP address of the mobile node. The NAI is displayed if configured.

Care-of Addr

Care-of address of the mobile node.

Src Addr

IP source address of the registration request as received by the home agent. Will be either the collocated care-of address of a mobile node or an address on the foreign agent.

Lifetime granted

The lifetime granted to the mobile node for this registration. Number of seconds in parentheses.

Lifetime remaining

The time remaining until the registration is expired. It has the same initial value as lifetime granted, and is counted down by the home agent.

Flags

Services requested by mobile node. The mobile node requests these services by setting bits in the registration request. Uppercase characters denote bit set.

Identification

Identification used in that binding by the mobile node. This field has two purposes: unique identifier for each request, and replay protection.

Tunnel

The tunnel used by the mobile node is characterized by the source and destination addresses, and reverse-allowed or reverse-off for reverse tunnel. Reverse The default encapsulation is IPIP. The mobile node can request GRE.

Routing Options

Routing options identify the services the home agent is currently providing. The mobile node must request these services in its registration request by setting the services flag (see Flags field description). For example, the V bit may have been requested by the mobile node (shown in the Flags field), but the home agent will not provide such service. Possible options are B (broadcast), D (direct-to-mobile node), G (GRE), and T (reverse-tunnel).

Mobile Networks

Mobile networks configured or registered on the home agent. D denotes dynamic (registered) mobile networks and S denotes static (configured) mobile networks.

Service Options

Service options configured.

NAT detect

NAT detect, which indicates that the mobile node is registering from behind a NAT-enabled router.


show ip mobile globals

To display global information for mobile agents, use the show ip mobile globals command in EXEC mode.

show ip mobile globals

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(13)T

This command was enhanced to display the NAT detect field and strip realm domain field.

12.2(15)T

This command was enhanced to display the home agent accounting field.


Usage Guidelines

This command shows the services provided by the home agent or foreign agent. Note the deviation from RFC 2006: the foreign agent will not display busy or registration required information. Both are handled on a per-interface basis (see the show ip mobile interface command), not at the global foreign agent level.

Examples

The following is sample output from the show ip mobile globals command: 

Router# show ip mobile globals


IP Mobility global information:


Home Agent


    Registration lifetime: 10:00:00 (36000 secs)

    Broadcast enabled

    Replay protection time: 7 secs

    Reverse tunnel enabled

    ICMP Unreachable enabled

    Strip realm enabled

    NAT detect disabled

    HA Accounting enabled using method list: mylist

    Address 1.1.1.1

    Virtual networks

        20.0.0.0/8


Foreign Agent is not enabled, no care-of address


Mobility Agent


0 interfaces providing service

Encapsulations supported: IPIP and GRE

Tunnel fast switching enabled

Discovered tunnel MTU aged out after 1:00:00


Table 10 describes the significant fields shown in the display.

Table 10 show ip mobile globals Field Descriptions 

Field
Description
Home Agent
 

Registration lifetime

Default lifetime for all mobile nodes. Number of seconds given in parentheses.

Roaming access list

Determines which mobile nodes are allowed to roam. Displayed if defined.

Care-of access list

Determines which care-of addresses are allowed to be accepted. Displayed if defined.

Broadcast

Broadcast enabled or disabled.

Reverse tunnel

Reverse tunnel enabled or disabled.

ICMP Unreachable

Sends ICMP unreachable messages, which are enabled or disabled for the virtual network.

Strip realm

Strip realm enabled or disabled.

NAT detect

NAT detect enabled or disabled. If NAT detect is enabled, the home agent can detecting a registration request that has traversed a NAT-enabled device and can apply a tunnel to reach the Mobile IP client

HA Accounting

Home agent accounting enabled or disabled.

Address

Home agent address.

Virtual networks

Lists virtual networks serviced by the home agent. Displayed if defined.

Foreign Agent
 

Care-of addresses advertised

Lists care-of addresses (interface is up or down). Displayed if defined.

up, interface-only, transmit-only

Up status is displayed if the foreign agent is configured to function in an asymmetric link environment.

Mobility Agent
 

Number of interfaces providing service

See the show ip mobile interface command for more information on advertising. Agent advertisements are sent when IRDP is enabled.

Encapsulations supported

IPIP and GRE.

Tunnel fast switching

Tunnel fast switching is enabled or disabled.

Discovered tunnel MTU

Aged out after amount of time (in hh:mm:ss).


show ip mobile host

To display mobile node information, use the show ip mobile host EXEC command.

show ip mobile host [address | interface interface | network address | nai string | group | summary]

Syntax Description

address

(Optional) IP address of specific mobile node. If not specified, information for all mobile nodes is displayed.

interface interface

(Optional) Displays all mobile nodes whose home network is on this interface.

network address

(Optional) Displays all mobile nodes residing on this network or virtual network.

nai string

(Optional) Network access identifier.

group

(Optional) Displays all mobile node groups configured using the ip mobile host command.

summary

(Optional) Displays all values in the table.


Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(2)XC

The nai keyword was added.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.


Examples

The following is sample output from the show ip mobile host command: 

Router# show ip mobile host


10.34.253.147:

   Allowed lifetime 10:00:00 (36000/default)

   Roam status -Registered-, Home link on virtual network 10.34.253.128 /26

   Accepted 2082, Last time 02/13/03 01:03:24

   Overall service time 1w0d

   Denied 32, Last time 01/03/03 21:13:43

   Last code 'registration id mismatch (133)'

   Total violations 32

   Tunnel to MN - pkts 0, bytes 0

   Reverse tunnel from MN - pkts 0, bytes 0

The following is sample output from the show ip mobile host nai string command: 

Router# show ip mobile host nai jane@cisco.com


jane@cisco.com

   Allowed lifetime 10:00:00 (36000/default)

   Roam status -Registered-, Home link on interface Loopback0

   Bindings 10.34.253.205

   Accepted 3705, Last time 02/13/03 01:02:37

   Overall service time 6d05h

   Denied 4918, Last time 01/30/03 20:59:14

   Last code 'administratively prohibited (129)'

   Total violations 262

   Tunnel to MN - pkts 0, bytes 0

   Reverse tunnel from MN - pkts 0, bytes 0

Table 11 describes the significant fields shown in the display.

Table 11 show ip mobile host Field Descriptions 

Field
Description

IP address

Home IP address of the mobile node. The network access identifier (NAI) is displayed if configured.

Allowed lifetime

Allowed lifetime (in hh:mm:ss) of the mobile node. By default, it is set to the global lifetime (ip mobile home-agent lifetime command). Setting this lifetime will override global value.

Roaming status

When the mobile node is registered, the roaming status is - Registered - ; otherwise, it is - Unregistered -. Use the show ip mobile binding command for more information when the user is registered.

Home link

Interface or virtual network.

Accepted

Total number of service requests for the mobile node accepted by the home agent.

Last time

The time at which the most recent registration request was accepted by the home agent for this mobile node.

Overall service time

Overall service time that has accumulated for the mobile node since the router has booted or cleared.

Denied

Total number of service requests for the mobile node denied by the home agent (sum of all registrations denied with Code 128 through Code 159).

Last time

The time at which the most recent registration request was denied by the home agent for this mobile node.

Last code

The code indicating the reason why the most recent registration request for this mobile node was rejected by the home agent.

Total violations

Total number of security violations.

Tunnel to mobile node

Number of packets and bytes tunneled to mobile node.

Reverse tunnel from mobile node

Number of packets and bytes reverse tunneled from mobile node.

NAI string

NAI associated with the mobile node.

Bindings

Addresses currently assigned to the NAI.


The following is sample output from the show ip mobile host group command for groups configured with the ip mobile host command: 

Router# show ip mobile host group


20.0.0.1 - 20.0.0.20: 

    Home link on virtual network 20.0.0.0 /8, Care-of ACL -none-

    Security associations on router, Allowed lifetime 10:00:00 (36000/default)

Table 12 describes the significant fields shown in the display.

Table 12 show ip mobile host group Field Descriptions 

Field
Description

IP address

Mobile host IP address or grouping of addresses.

Home link

Interface or virtual network.

Care-of ACL

Care-of address access list.

Security association

Router or AAA server.

Allowed lifetime

Allowed lifetime for mobile host or group.


Related Commands

Command
Description

clear ip mobile host-counters

Clears the mobile node counters.

show ip mobile binding

Displays the mobility binding table.


show ip mobile interface

To display advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes, use the show ip mobile interface EXEC command.

show ip mobile interface [interface]

Syntax Description

interface

(Optional) IP address of mobile node. If not specified, all interfaces are shown.


Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.


Examples

The following is sample output from the show ip mobile interface command: 

Router# show ip mobile interface


IP Mobility interface information:

IRDP disabled

Interface Ethernet3:

    Prefix Length not advertised

    Lifetime is 36000 seconds

    Home Agent service provided

Table 13 describes the significant fields shown in the display.

Table 13 show ip mobile interface Field Descriptions 

Field
Description

Interface

Name of the interface.

IRDP

IRDP (includes agent advertisement) enabled or disabled. IRDP must be enabled for an advertisement to be sent out. Use the ip irdp command to enable IRDP.

Prefix Length

Prefix-length extension to be included or not in the advertisement.

Lifetime

Advertised registration lifetime.

Home Agent service provided

Displayed if home agent service is enabled on the interface.

Foreign Agent service provided

Displayed if foreign agent service is enabled on the interface.

Registration required

Foreign agent requires registration even from those mobile nodes that have acquired their own collocated care-of address.

Busy

Foreign agent is busy for this interface.

Home Agent access list

Which home agent is allowed.

Maximum number of visitors allowed

Displayed if defined.

Current number of visitors

Number of visitors on the interface.


Related Commands

Command
Description

description (mobile networks)

Enables foreign agent service.

ip mobile host

Configures the mobile host or mobile node group.

ip mobile prefix-length

Appends the prefix-length extension to the advertisement.

show ip irdp

Displays IRDP values.


show ip mobile mobile-networks

To display a list of mobile networks associated with the mobile router, use the show ip mobile mobile-networks command in EXEC mode.

show ip mobile mobile-networks [address]

Syntax Description

address

(Optional) Address of a specific mobile router. If not specified, information for all mobile networks is displayed.


Defaults

No default behavior or values.

Command Modes

EXEC

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(13)T

This command was enhanced to display information about the dynamically registered mobile networks.


Usage Guidelines

The home agent maintains a list of static and dynamic mobile networks associated with mobile routers.

Examples

The following is sample output from the show ip mobile mobile-networks command: 

Router# show ip mobile mobile-networks

Mobile Networks:

MR 20.0.4.1:

Dynamic registration

    Configured:54.0.0.0/255.255.255.0

    Registered:44.0.0.0/255.255.255.0

               46.0.0.0/255.0.0.0

               12.0.0.0/255.255.255.0

Table 14 describes the significant fields in the display.

Table 14 show ip mobile mobile-networks Field Descriptions 

Field
Description

MR IP address

IP address of the mobile router

Dynamic Registration

Configured for dynamic registration of mobile networks.

Configured

Mobile networks statically configured on the home agent.

Registered

Mobile networks dynamically registered on the home agent.


Related Commands

Command
Description

ip mobile mobile-networks

Associates one or more networks with a mobile router configured as a mobile host and enters mobile networks configuration mode.


show ip mobile router agent

To display information about the agents for the mobile router, use the show ip mobile router agent command in privileged EXEC mode.

show ip mobile router agent

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(15)T

This command was enhanced to display information about the retry interval used in static collocated care-of address (CCoA) processing.


Usage Guidelines

This command displays a list containing information on all foreign agents currently discovered on the mobile router. This list also displays information about each interface configured for static CCoA. An interface must be "up" to be displayed on the list.

You can use the clear ip mobile router agent command to clear foreign agent care-of addresses (CoAs) but not static CCoAs. CCoAs cannot be cleared.

Examples

The following is sample output from the show ip mobile router agent command when a static CCoA is configured on a mobile router interface: 

Router# show ip mobile router agent


Mobile Router Agents:


Foreign agent 45.0.0.2:

  Care-of address 42.0.0.2

  Interface Ethernet1, MAC 0030.9492.6627

  Agent advertisement seq 56649, Flags rbhFmGvt, Lifetime 36000

  IRDP advertisement lifetime 30, Remaining 29

  Last received 02/13/02 17:55:48

  First heard 02/13/02 11:21:46


Collocated Care-of address 11.0.0.1: 

  Interface Serial0

  Registration retry interval 60

  Next CCoA reg attempt in 00:00:55 seconds

Table 15 describes the significant fields shown in the display.

Table 15 show ip mobile router agent Field Descriptions 

Field
Description

Home or Foreign Agent

IP address of the home agent or foreign agent.

Care-of address

Attachment point in the foreign network.

Interface

Interface on which the agent was learned.

MAC

MAC address of the learned agent.

Agent advertisement seq/Flags/Lifetime

Agent advertisement sequence number, flags, and lifetime (in seconds). The sequence number can be used to detect reboot by the agent. The flags are services provided by the agent. The lifetime is the limit advertised by the agent.

IRDP advertisement lifetime/Remaining

The IRDP advertisement lifetime is the interval in which this foreign agent will provide service. When lifetime expires, the foreign agent is disconnected from the mobile router. The remaining field shows the time before expiration.

Last received

Date and time when advertisement was received.

First heard

Date and time when the agent was first heard. This is useful information in determining which agent to use when multiple learned agents are heard by the mobile router.

Collocated Care-of address

Collocated care-of address configured on the mobile router interface.

Interface

Mobile router interface.

Default gateway

The next-hop IP address for registration packets. Upon successful registration, this address will be used as the default gateway and default route. This field is only displayed if the IP address is fixed (static) on an Ethernet interface.

Registration retry interval

The interval that the mobile router waits before sending another registration request if a registration request failed.

Next CCoA reg attempt in 00:00:55 seconds

If the interval timer is running, the time remaining (in seconds) until the next registration attempt.


Related Commands

Command
Description

clear ip mobile router agent

Deletes learned agents and the corresponding care-of address of the foreign agent from the mobile router agent table.


show ip mobile router

To display configuration information and monitoring statistics about the mobile router, use the show ip mobile router command in privileged EXEC mode.

show ip mobile router

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(13)T

This command was enhanced to display information about the mobile network interfaces.

12.2(15)T

This command was enhanced to display information about collocated care-of addresses (CCoAs).


Usage Guidelines

The display includes the mobile router configuration information such as the home address and network mask, home agent, and registration settings, and operational information such as status, tunnel interface, active foreign agent, and care-of address.

Examples

The following is sample output from the show ip mobile router command: 

Router# show ip mobile router


Mobile Router

  Enabled 05/30/02 11:16:03

  Last redundancy state transition 05/30/02 11:15:01


Configuration:

  Home Address 20.0.4.1 Mask 255.255.255.0

  Home Agent 46.0.0.3 Priority 100 (best) (current)

  Registration lifetime 120 sec

  Retransmit Init 1000, Max 5000 msec, Limit 3

  Extend Expire 120, Retry 3, Interval 10

  Redundancy group AlwaysUp (active)

  Mobile Networks:Ethernet5 (200.0.0.0/255.255.255.248) 

    Ethernet2 (46.0.0.0/255.0.0.0) 

    Ethernet3 (44.0.0.0/255.255.255.0)


Monitor:

  Status -Registered-

  Active foreign agent 11.0.0.2, Care-of 11.0.0.2

  On interface Serial0

  Tunnel0

The following is sample output from the show ip mobile router command when a mobile router is registered using a CCoA: 

Router# show ip mobile router


Mobile Router

  Enabled 02/12/02 18:29:13

  Last redundancy state transition NEVER

Configuration:

  Home Address 20.0.4.1 Mask 255.255.255.0

  Home Agent 46.0.0.3 Priority 100 (best)

  Registration lifetime 120 sec

  Retransmit Init 1000, Max 5000 msec, Limit 3

  Extend Expire 120, Retry 3, Interval 10

Monitor:

  Status -Registered-

  Using Collocated Care-of Address 44.0.0.1 

  On interface Ethernet1

  Tunnel0

Table 16 describes the significant fields shown in the display.

Table 16 show ip mobile router Field Descriptions 

Field
Description

Enabled

Date and time (in hh:mm:ss) when the mobile router was enabled.

Last redundancy state transition

Date and time (in hh:mm:ss) when the mobile router redundancy state changed.

Home Address/Mask

Home IP address of the mobile router, including the network mask.

Home Agent

Home agent that the mobile router registers with. The mobile router registers only to the home agent with the highest priority when multiple addresses are configured.

Registration lifetime

Registration lifetime (in seconds) granted by the home agent for the mobile router.

Retransmit Init/Max/Limit

Registration request retransmission settings. When registration requests are not responded to, the mobile router will resend. Displays the initial and maximum transmission timers and the limit on the number of retries allowed.

Extend Expire/
Retry /Interval

Extend registration lifetime. After the mobile router has registered, reregister before lifetime expires. Retry is the number of times between intervals.

Redundancy group

Name of redundancy group used to provide mobile router redundancy. Mobile router is either "active" or "passive." If redundancy is enabled or disabled, this information is displayed or absent, respectively. Active means the mobile router is functioning fully, and passive means the mobile router is idle.

Mobile Networks

Mobile networks associated to the mobile router.

Reverse tunnel required

If reverse tunnel is enabled or disabled, this information is displayed or absent, respectively.

Status

Indication of the state of the mobile router. Options are:

Home—connected to home network

Registered—registered on foreign network

Pending—sent registration and waiting for reply

Isolated—mobile router has heard an agent advertisement but is isolated from the network

Unknown—cannot determine status

Active Foreign Agent/Care-of

Foreign agent and care-of address used by the registered mobile router.

Using Collocated Care-of Address

Displayed if a mobile router is registered using a CCoA.

On interface

Mobile router registered on this interface.

Tunnel

Tunnel number between mobile router and home agent.


Related Commands

Command
Description

ip mobile router

Enables the mobile router and enters mobile router configuration mode


show ip mobile router interface

To display information about the interfaces configured for roaming, use the show ip mobile router interface command in privileged EXEC mode.

show ip mobile router interface

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(15)T

This command was enhanced to display information about collocated care-of addresses (CCoAs).


Usage Guidelines

The mobile router uses the interfaces for roaming, discovering foreign agents, and registering its location on the foreign network.

Use this command to display information about roaming interfaces. If the interface is configured for collocated care-of address (CCoA), the CCoA (IP address) is displayed. If it is not configured for CCoA, "none" is displayed. The interface can be up or down.

Examples

The following is sample output from the show ip mobile router interface command: 

Router# show ip mobile router interface


Mobile Router Interfaces:


Listed in order of preference.


Ethernet1:

  Priority 100, Bandwidth 10000, Address 45.0.0.20

  Periodic solicitation disabled, Interval 600 sec

  Retransmit Init 1000, Max 5000 msec, Limit 3

  Current 5000, Remaining 0 msec, Count 7

  Hold down 0 sec

  Routing disallowed

  Collocated CoA 45.0.0.20 

Serial0:

  Priority 100, Bandwidth 1544, Address 11.0.0.1

  Periodic solicitation disabled, Interval 600 sec

  Retransmit Init 1000, Max 5000 msec, Limit 3

  Current 0, Remaining 0 msec, Count 0

  Hold down 0 sec

  Routing disallowed

  Collocated CoA none

Table 17 describes the significant fields shown in the display.

Table 17 show ip mobile router interface Field Descriptions 

Field
Description

Priority

Interface priority. Comparison to decide the preferred interface to register by the mobile router. The interface with the highest priority is used to send registrations.

Bandwidth

Interface bandwidth. When multiple interfaces have the highest priority, the highest bandwidth is the preferred choice.

Address

Interface IP address. If priority and bandwidth are the same among roaming interfaces, the highest address is preferred by the mobile router.

Periodic solicitation

Send solicitations periodically (enabled) or wait for periodic advertisements (disabled).

Interval

Period of time (in seconds) to wait before sending the next periodic solicitation.

Retransmit Init/Max/Limit

Solicitation retry settings. Displays the initial and maximum transmission timers and the limit on the number of retries allowed.

Current/ Remaining

Current retransmission interval and remaining time before it expires.

Count

Retransmission count.

Hold down

Period of time (in seconds) to wait before registering to a learned agent.

Routing

Routing is disallowed when the mobile router is roaming and allowed when the mobile router is home.

Collocated CoA

IP address displayed if the interface is configured for CCoA; otherwise none is displayed. The CCoA is displayed if configured, even if the interface is down.


Related Commands

Command
Description

ip mobile router-service

Enables mobile router service on an interface.

ip mobile router-service collocated

Enables static CCoA processing on a mobile router interface.


show ip mobile router registration

To display pending and/or accepted registrations of the mobile router, use the show ip mobile router registration command in privileged EXEC mode.

show ip mobile router registration

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(13)T

This command was enhanced to display new extensions in the registration request.

12.2(15)T

This command was enhanced to display collocated care-of addresses (CCoAs) if configured.


Examples

The following is sample output from the show ip mobile router registration command: 

Router# show ip mobile router registration


Mobile Router Registrations:


Foreign Agent 44.0.0.1:

  Registration accepted 01/15/01 10:04:01, On Ethernet2/2

  Care-of addr 41.0.0.1, HA addr 49.0.0.3, Home addr 49.0.0.5

  Lifetime requested 01:00:00 (3600), Granted 00:30:00 (1800)

  Remaining 00:20:13

  Flags sbdmgvt, Identification BE0D49E5.5E1C56E4

  Register next time 00:18:13

  Extensions

    Mobile Network 44.0.0.0/8

    MN-HA Authentication SPI 100

The following is sample output from the show ip mobile router registration command if a mobile router interface is configured with a CCoA: 

Home agent 4.4.4.3:

  Registration accepted 01/01/02 10:24:46, On Ethernet5/3

  Collocated care-of addr 3.3.3.2, HA addr 4.4.4.3, Home addr 4.4.4.2

  Lifetime requested 00:01:30 (90), Granted 00:01:30 (90)

  Remaining 00:01:08

  Flags sbDmg-T-, Identification BFDC0CEE.C7A75D64

  Register next time 00:00:23

  Extensions:

    Mobile Network 95.95.95.0/24

    MN-HA Authentication SPI 100

Table 18 describes the significant fields shown in the display.

Table 18 show ip mobile router registration Field Descriptions 

Field
Description

Home or Foreign Agent

IP address of the home agent or foreign agent.

Registration accepted

Date and time (in hh:mm:ss) when registration was accepted.

On

Which interface registration occurred on.

Care-of addr/Collocated care-of addr

Attachment point in the foreign network. The collocated care-of address is displayed if configured.

HA addr

IP address of the home agent.

Home addr

Home IP address.

Lifetime requested

Requested lifetime of registration.

Granted

Registration lifetime granted by the home agent.

Remaining

Remaining time before registration expires.

Flags

Flags in the registration reply.

Identification

Identification in the registration reply.

Register next time

Remaining time before the mobile router sends the next registration request.

Extensions

New extensions added to the registration request.

Mobile Network

Mobile network connected to mobile router.

MN-HA Authentication

Mobile node and home agent authentication. Indicates the SPI number.


Related Commands

Command
Description

register (mobile router)

Controls the registration parameters of the mobile router.


show ip mobile router traffic

To display the counters that the mobile router maintains, use the show ip mobile router traffic command in privileged EXEC mode.

show ip mobile router traffic [since bootup]

Syntax Description

since bootup

(Optional) Displays counters since the mobile router process started, regardless of how many times the counters were cleared.


Defaults

Displays counters since the counters were last cleared.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2(4)T

This command was introduced.


Usage Guidelines

The mobile router maintains counters for agent discovery, registration, movement, and services.

Examples

The following is sample output from the show ip mobile router traffic command: 

Router# show ip mobile router traffic


Mobile Router Counters:


Agent Discovery:

  Solicitations sent 90, advertisements received 17

  Agent reboots detected 0

Registrations:

  Register 70, Deregister 0 requests sent

  Register 70, Deregister 0 replies received

  Requests accepted 68, denied 1 by HA 1 /FA 0

  Denied due to mismatched ID 1

  Authentication failed for HA 0/FA 0

  Invalid extensions 0, ignored 0

  Invalid home address 0, ID 0

  Unknown HA 0/FA 0

  Gratuitous ARPs sent 0

Movement:

  Came up on HA 0, on FA 1

  Moved HA to FA 0, FA to FA 0, FA to HA 0

  Better interface detected 0 source 46.0.0.5 dest 49.0.0.3

Tunnel Traffic:

  Packets received 188105, sent 0

  Bytes received 142691351, sent 0

Services:

  Redundancy state active 2, passive 1

Table 19 describes the significant fields shown in the display.

Table 19 show ip mobile router traffic Field Descriptions 

Field
Description

Agent Discovery

Counters categorized for discovering agents.

Solicitations sent

Total number of solicitations sent by the mobile router.

Advertisements received

Total number of advertisements received by the mobile router.

Agent reboots detected

Total number of agent reboots detected by the mobile router through the sequence number of the advertisement.

Registrations

Counters categorized for registration.

Register / Deregister requests sent

Total number of registration and deregistration requests sent by the mobile router.

Register / Deregister replies received

Total number of registration and deregistration replies received by the mobile router.

Requests accepted

Total number of registration requests accepted by the home agent of the mobile router (Code 0 and Code 1).

denied by HA/FA

Total number of registration requests denied by the home agent of the mobile router (sum of Code 128 through Code 191) and visited foreign agent (sum of Codes 64 through Code 127).

Denied due to mismatched ID

Total number of registration requests denied by the home agent due to identification mismatch. This means that the mobile router needs to synchronize its clock with the home agent in its request. A mobile router will adjust its time in the identification field to match the home agent's time for subsequent requests.

Authentication failed for HA/FA

Total number of authentication failures.

Invalid extensions

Total number of registration replies dropped by the mobile router due to both poorly formed extensions and unrecognized extensions with extension number in the range from 0 to 127.

Invalid ignored

Total number of registration replies that contained one or more unrecognized extensions in the range from 128 to 255 that were ignored by the mobile router.

Invalid home address

Total number of replies with an invalid home address.

Invalid ID

Total number of replies with an invalid Identification field.

Unknown HA/FA

Total number of replies with unknown home agents or foreign agents.

Gratuitous ARPs sent

Total number of Gratuitous ARPs sent by the mobile router in order to clear out any stale ARP entries in the ARP caches of nodes on the home network.

Movement

Counters categorized for movement.

Came up on HA/on FA

Number of times the mobile router came up on its home network or some foreign network.

Moved HA to FA / FA to FA / FA to HA

Number of times that the mobile router moved between its home network and the foreign network, and among foreign networks.

Better interface detected

Number of times a better interface was detected.

Tunnel Traffic

Counters categorized for tunnel traffic while the mobile router is roaming.

Packets received / sent

Number of packets received and sent by the mobile router.

Bytes received / sent

Number of bytes received and sent by the mobile router.

Services:

Mobile router services.

Redundancy state active <2>, passive <1>

Number of times the mobile router changes between active and passive states, which occurs when a redundancy state change is detected.


Related Commands

Command
Description

clear ip mobile router traffic

Clears the counters that the mobile router maintains.


show ip mobile secure

To display the mobility security associations for the mobile host, mobile visitor, foreign agent, home agent, or proxy Mobile IP host use the show ip mobile secure EXEC command.

show ip mobile secure {host | visitor | foreign-agent | home-agent | summary} {address | nai string}

Syntax Description

host

Displays security association of the mobile host on the home agent.

visitor

Displays security association of the mobile visitor on the foreign agent.

foreign-agent

Displays security association of the remote foreign agents on the home agent.

home-agent

Displays security association of the remote home agent on the foreign agent.

summary

Displays number of security associations in table.

address

IP address.

nai string

Network access identifier.


Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(2)XC

The nai keyword was added.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.


Usage Guidelines

Multiple security associations can exist for each entity.

Examples

The following is sample output from the show ip mobile secure command: 

Router# show ip mobile secure 


Security Associations (algorithm,mode,replay protection,key):

20.0.0.6

    SPI 300,  MD5, Prefix-suffix, Timestamp +/- 7,

    Key 00112233445566778899001122334455

Table 20 describes the significant fields shown in the display.

Table 20 show ip mobile secure Field Descriptions 

Field
Description

IP address

IP address. The network access identifier (NAI) is displayed if configured.

In/Out SPI

The SPI is the 4-byte opaque index within the Mobility Security Association that selects the specific security parameters to be used to authenticate the peer. Allows either "SPI" or "In/Out SPI." The latter specifies an inbound and outbound SPI pair. If an inbound SPI is received, then outbound SPI will be used when a response is sent.

MD5

Message Digest 5 authentication algorithm. HMAC-MD5 displayed if configured.

Prefix-suffix

Authentication mode.

Timestamp

Replay protection method.

Key

The shared secret key for the security associations, in hexadecimal format.


show ip mobile traffic

To display protocol counters, use the show ip mobile traffic EXEC command.

show ip mobile traffic

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(13)T

This command was enhanced to display successful registration requests with NAT detect and to display information about foreign agent reverse tunnels and foreign agent challenge and response extensions.


Usage Guidelines

Counters can be reset to zero using the clear ip mobile traffic command, which also allows you to undo the reset.

Examples

The following is sample output from the show ip mobile traffic command: 

Router# show ip mobile traffic


IP Mobility traffic:

Advertisements:

    Solicitations received 0

    Advertisements sent 0, response to solicitation 0

Home Agent Registrations:

    Register 0, Deregister 0 requests

    Register 0, Deregister 0 replied

    Accepted 0, No simultaneous bindings 0

    Denied 0, Ignored 0 

    Unspecified 0, Unknown HA 0

    Administrative prohibited 0, No resource 0

    Authentication failed MN 0, FA 0

    Bad identification 0, Bad request form 0

    Unavailable encap 0, reverse tunnel 0

    Reverse tunnel mandatory 0

    Binding updates received 0, sent 0 total 0 fail 0

    Binding update acks received 0, sent 0 

    Binding info request received 0, sent 0 total 0 fail 0

    Binding info reply received 0 drop 0, sent 0 total 0 fail 0

    Binding info reply acks received 0 drop 0, sent 0

    Gratuitous 0, Proxy 0 ARPs sent

    Total incoming requests using NAT detect 1

Foreign Agent Registrations:

    Request in 0,

    Forwarded 0, Denied 0, Ignored 0

    Unspecified 0, HA unreachable 0

    Administrative prohibited 0, No resource 0

    Bad lifetime 0, Bad request form 0

    Unavailable encapsulation 0, Compression 0

    Unavailable reverse tunnel 0

    Reverse tunnel mandatory

    Replies in 0

    Forwarded 0, Bad 0, Ignored 0

    Authentication failed MN 0, HA 0

    Received challenge/gen. authentication extension, feature not enabled 0

    Route Optimization Binding Updates received 0, acks sent 0 neg acks sent 0

    Unknown challenge 1, Missing challenge 0, Stale challenge 0

Table 21 describes the significant fields shown in the display.

Table 21 show ip mobile traffic Field Descriptions 

Field
Description

Solicitations received

Total number of solicitations received by the mobility agent.

Advertisements sent

Total number of advertisements sent by the mobility agent.

response to solicitation

Total number of advertisements sent by the mobility agent in response to mobile node solicitations.

Home Agent
 

Register requests

Total number of registration requests received by the home agent.

Deregister requests

Total number of registration requests received by the home agent with a lifetime of zero (requests to deregister).

Register replied

Total number of registration replies sent by the home agent.

Deregister replied

Total number of registration replies sent by the home agent in response to requests to deregister.

Accepted

Total number of registration requests accepted by the home agent (Code 0).

No simultaneous bindings

Total number of registration requests accepted by the home agent—simultaneous mobility bindings unsupported (Code 1).

Denied

Total number of registration requests denied by the home agent.

Ignored

Total number of registration requests ignored by the home agent.

Unspecified

Total number of registration requests denied by the home agent—reason unspecified (Code 128).

Unknown HA

Total number of registration requests denied by the home agent—unknown home agent address (Code 136).

Administrative prohibited

Total number of registration requests denied by the home agent—administratively prohibited (Code 129).

No resource

Total number of registration requests denied by the home agent—insufficient resources (Code 130).

Authentication failed MN

Total number of registration requests denied by the home agent—mobile node failed authentication (Code 131).

Authentication failed FA

Total number of registration requests denied by the home agent—foreign agent failed authentication (Code 132).

Bad identification

Total number of registration requests denied by the home agent—identification mismatch (Code 133).

Bad request form

Total number of registration requests denied by the home agent—poorly formed request (Code 134).

Unavailable encap

Total number of registration requests denied by the home agent—unavailable encapsulation (Code 139).

Reverse tunnel mandatory

Total number of registration requests denied by the home agent—reverse tunnel is mandatory and the "T" bit is not set (Code 138).

Unavailable reverse tunnel

Total number of registration requests denied by the home agent—reverse tunnel unavailable (Code 137).

Binding updates

A Mobile IP standby message sent from the active router to the standby router when a registration request comes into the active router.

Binding update acks

A Mobile IP standby message sent from the standby router to the active router to acknowledge the reception of a binding update.

Binding info request

A Mobile IP standby message sent from a router coming up from reboot/or a down interface. The message is a request to the current active router to send the entire Mobile IP binding table.

Binding info reply

A reply from the active router to the standby router that has part or all of the binding table (depending on size).

Binding info reply acks

An acknowledge message from the standby router to the active router that it has received the binding info reply.

Gratuitous ARP

Total number of gratuitous ARPs sent by the home agent on behalf of mobile nodes.

Proxy ARPs sent

Total number of proxy ARPs sent by the home agent on behalf of mobile nodes.

Total incoming registration requests...

Total number incoming registration requests using NAT detect.

Foreign Agent
 

Request in

Total number of registration requests received by the foreign agent.

Forwarded

Total number of registration requests relayed to the home agent by the foreign agent.

Denied

Total number of registration requests denied by the foreign agent.

Ignored

Total number of registration requests ignored by the foreign agent.

Unspecified

Total number of registration requests denied by the foreign agent—reason unspecified (Code 64).

HA unreachable

Total number of registration requests denied by the foreign agent—home agent unreachable (Codes 80-95).

Administrative prohibited

Total number of registration requests denied by the foreign agent— administratively prohibited (Code 65).

No resource

Total number of registration requests denied by the home agent—insufficient resources (Code 66).

Bad lifetime

Total number of registration requests denied by the foreign agent—requested lifetime too long (Code 69).

Bad request form

Total number of registration requests denied by the home agent—poorly formed request (Code 70).

Unavailable encapsulation

Total number of registration requests denied by the home agent—unavailable encapsulation (Code 72).

Unavailable compression

Total number of registration requests denied by the foreign agent—requested Van Jacobson header compression unavailable (Code 73).

Unavailable reverse tunnel

Total number of registration requests denied by the home agent—reverse tunnel unavailable (Code 74).

Reverse tunnel mandatory

Total number of registration requests denied by the foreign agent—reverse tunnel is mandatory and the "T" bit is not set (Code 75).

Replies in

Total number of well-formed registration replies received by the foreign agent.

Forwarded

Total number of valid registration replies relayed to the mobile node by the foreign agent.

Bad

Total number of registration replies denied by the foreign agent—poorly formed reply (Code 71).

Ignored

Total number of registration replies ignored by the foreign agent.

Authentication failed MN

Total number of registration requests denied by the home agent—mobile node failed authentication (Code 67).

Authentication failed HA

Total number of registration replies denied by the foreign agent—home agent failed authentication (Code 68).

Received challenge/gen. authentication extension, feature not enabled

Total number of registration requests dropped by the foreign agent—received challenge/generalized-authentication extension in registration request but Mobile IP foreign agent challenge/response extension is not enabled.

Unknown challenge

Total number of registration requests denied by the foreign agent—unknown challenge (Code 104).

Missing Challenge

Total number of registration requests denied by the foreign agent—missing challenge (Code 105).

Stale Challenge

Total number of registration requests denied by the foreign agent—stale challenge (Code 106).


show ip mobile tunnel

To display active tunnels, use the show ip mobile tunnel command in EXEC mode.

show ip mobile tunnel [interface]

Syntax Description

interface

(Optional) Displays a particular tunnel interface. The interface argument is tunnel x.


Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(13)T

The output was enhanced to display route maps configured on the home agent.

12.2(15)T

The output was enhanced to display tunnel templates for multicast configured on the home agent or mobile router.


Usage Guidelines

This command displays active tunnels created by Mobile IP. When no more users are on the tunnel, the tunnel is released.

Examples

The following is sample output from the show ip mobile tunnel command: 

Router# show ip mobile tunnel


Mobile Tunnels:

Tunnel0:

    src 68.0.0.32, dest 68.0.0.48

    encap IP/IP, mode reverse-allowed, tunnel-users 1

    IP MTU 1480 bytes

    HA created, fast switching enabled, ICMP unreachable enabled

    0 packets input, 0 bytes, 0 drops

    1591241 packets output, 1209738478 bytes

    Route Map is: MoIPMap

Running template configuration for this tunnel:

ip pim sparse-dense-mode

Table 22 describes the significant fields shown in the display.

Table 22 show ip mobile tunnel Field Descriptions 

Field
Description

src

Tunnel source IP address.

dest

Tunnel destination IP address.

encap

Tunnel encapsulation type.

mode

Either reverse-allowed or reverse-off for reverse tunnel mode.

tunnel-users

Number of users on the tunnel.

HA created

Entity that created the tunnel. This field can be one of three values: HA created, FA created, or MR created.

fast switching

Enabled or disabled.

ICMP unreachable

Enabled or disabled.

packets input

Number of packets in.

bytes

Number of bytes in.

0 drops

Number of packets dropped. Packets are dropped when there are no visitors to send to after the foreign agent deencapsulates incoming packets. This prevents loops because the foreign agent will otherwise route the deencapsulated packets back to the home agent.

packets output

Number of packets output.

bytes

Number of bytes output.

Route Map is

Name of the route map.

Running template configuration

If tunnel templates for multicast are enabled or disabled, this information is displayed or absent, respectively.


Related Commands

Command
Description

show ip mobile binding

Displays the mobility binding table.

show ip mobile host

Displays mobile node information.

show ip mobile visitor

Displays the table of the visitor list of the foreign agent.


show ip mobile violation

To display information about security violations, use the show ip mobile violation EXEC command.

show ip mobile violation [address | nai string]

Syntax Description

address

(Optional) Displays violations from a specific IP address.

nai string

(Optional) Network access identifier.


Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(2)XC

The nai keyword and associated parameters were added.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.


Usage Guidelines

The most recent violation is saved for all the mobile nodes. A circular log holds up to 50 unknown requesters, which are the violators without security associations. The oldest violations will be purged to make room for new unknown requesters when the log limit is reached.

Security violation messages are logged at the informational level (see the logging global configuration command). When logging is enabled to include this severity level, violation history can be displayed using the show logging command.

Examples

The following is sample output from the show ip mobile violation command: 

Router# show ip mobile violation

Security Violation Log:

Mobile Hosts:

20.0.0.1:

    Violations: 1, Last time: 06/18/97 01:16:47

    SPI: 300, Identification: B751B581.77FD0E40

    Error Code: MN failed authentication (131), Reason: Bad authenticator (2)

Table 23 describes significant fields shown in the display.

Table 23 show ip mobile violation Field Descriptions 

Field
Description

IP address

IP address of the violator. The network access identifier (NAI) is displayed if configured.

Violations

Total number of security violations for this peer.

Last time

Time of the most recent security violation for this peer.

SPI

SPI of the most recent security violation for this peer. If the security violation is due to an identification mismatch, then this is the SPI from the mobile-home authentication extension. If the security violation is due to an invalid authenticator, then this is the SPI from the offending authentication extension. In all other cases, it should be set to zero.

Identification

Identification used in request or reply of the most recent security violation for this peer.

Error Code

Error code in request or reply.

Reason Codes

Reason for the most recent security violation for this peer. Possible reasons are:

(1) No mobility security association

(2) Bad authenticator

(3) Bad identifier

(4) Bad SPI

(5) Missing security extension

(6) Other


show ip mobile visitor

To display the table containing the visitor list of the foreign agent, use the show ip mobile visitor EXEC command.

show ip mobile visitor [[pending] [address | summary] | nai string]

Syntax Description

pending

(Optional) Displays the pending registration table.

address

(Optional) IP address.

summary

(Optional) Displays all values in the table.

nai string

(Optional) Network access identifier (NAI).


Command Modes

EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.

12.2(2)XC

The nai keyword was added.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.


Usage Guidelines

The foreign agent updates the table containing the visitor list of the foreign agent in response to registration events from mobile nodes.

Examples

The following is sample output from the show ip mobile visitor command: 

Router# show ip mobile visitor

Mobile Visitor List:

Total 1

20.0.0.1:

    Interface Ethernet1/2, MAC addr 0060.837b.95ec

    IP src 20.0.0.1, dest 67.0.0.31, UDP src port 434

    HA addr 66.0.0.5, Identification B7510E60.64436B38

    Lifetime 08:20:00 (30000) Remaining 08:19:16

    Tunnel100 src 68.0.0.31, dest 66.0.0.5, reverse-allowed

    Routing Options - (T)Reverse-tunnel

Table 24 describes the significant fields shown in the display.

Table 24 show ip mobile visitor Field Descriptions 

Field
Description

Total

1

IP address

Home IP address of a visitor. The NAI is displayed if configured.

Interface

Name of the interface.

MAC addr

MAC address of the visitor.

IP src

Source IP address the registration request of a visitor.

IP dest

Destination IP address of the registration request of a visitor. When a foreign agent sends a reply to a visitor, the IP source address is set to this address, unless it is multicast or broadcast, in which case it is set to IP address of the output interface.

UDP src port

Source UDP port of registration request of the visitor.

HA addr

Home agent IP address for that visiting mobile node.

Identification

Identification used in that registration by the mobile node.

Lifetime

The lifetime granted to the mobile node for this registration.

Remaining

The number of seconds remaining until the registration is expired. It has the same initial value as in the Lifetime field, and is counted down by the foreign agent.

Tunnel

The tunnel used by the mobile node is characterized by the source and destination addresses, and reverse-allowed or reverse-off for reverse tunnel. The default is IPIP encapsulation, otherwise GRE will be displayed in the Routing Options field.

Routing Options

Routing options list all foreign agent-accepted services, based on registration flags sent by the mobile node. Possible options are:

(S) Mult-binding (Cisco home agent does not support)

(B) Broadcast

(D) Direct-to-mobile node

(M) MinIP (not supported on home agent)

(G) GRE

(T) Reverse-tunnel


show ip mobile vpn-realm

To display virtual private network (VPN) realms configured for Mobile IP, use the show ip mobile vpn-realm command in EXEC mode.

show ip mobile vpn-realm

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

EXEC

Command History

Release
Modification

12.2(13)T

This command was introduced.


Usage Guidelines

Use this command to display VPN realms configured by the ip mobile vpn-realm command.

Examples

The following example output shows which VPN realms and corresponding sequence numbers are configured for Mobile IP: 

Router# show ip mobile vpn-realm


IP Mobile VPN realm(s):

    Sequence number: 20      Realm: company1

    Sequence number: 10      Realm: company2

Related Commands

Command
Description

ip mobile vpn-realm

Defines VPN realms to be used in home agent policy routing.


snmp-server enable traps ipmobile

To enable Simple Network Management Protocol (SNMP) security notifications for Mobile IP, use the snmp-server enable traps ipmobile command in global configuration mode. To disable SNMP notifications for Mobile IP, use the no form of this command.

snmp-server enable traps ipmobile

no snmp-server enable traps ipmobile

Syntax Description

This command has no arguments or keywords.

Defaults

SNMP notifications are disabled by default.

Command Modes

Global configuration

Command History

Release
Modification

12.2(2)T

This command was introduced.


Usage Guidelines

SNMP Mobile IP notifications can be sent as traps or inform requests. This command enables both traps and inform requests. This command enables Mobile IP Authentication Failure notifications. This notification is defined in RFC2006-MIB.my as the mipAuthFailure notification type {mipMIBNotifications 1}. This notification, when enabled, is triggered when there is an authentication failure for the Mobile IP entity during validation of the mobile registration request or reply.

For a complete description of this notification and additional MIB functions, see the RFC2006-MIB.my file, available on Cisco.com at http://www.cisco.com/public/mibs/v2/.

The snmp-server enable traps ipmobile command is used in conjunction with the snmp-server host command. Use the snmp-server host global configuration command to specify which host or hosts receive SNMP notifications. To send SNMP notifications, you must configure at least one snmp-server host command.

Examples

The following example enables the router to send Mobile IP informs to the host at the address myhost.cisco.com using the community string defined as public: 

snmp-server enable traps ipmobile

snmp-server host myhost.cisco.com informs version 2c public

Related Commands

Command
Description

snmp-server host

Specifies the recipient of an SNMP notification operation.

snmp-server trap-source

Specifies the interface from which an SNMP trap should originate.


template tunnel (mobile networks)

To apply a tunnel template to tunnels brought up at the home agent, use the template tunnel command in mobile networks configuration mode. To remove the tunnel template, use the no form of this command.

template tunnel interface-number

no template tunnel interface-number

Syntax Description

interface-number

Tunnel interface number.


Defaults

No default behavior or values

Command Modes

Mobile networks configuration

Command History

Release
Modification

12.2(15)T

This command was introduced.


Usage Guidelines

This command allows the configuration of multicast on statically created tunnels to be applied to dynamic tunnels brought up on the home agent.

Examples

The following example shows the template tunnel applied at the home agent: 

! Tunnel template to be applied to mobile networks

interface tunnel 100 

 ip pim sparse-mode 

!

! Select tunnel template to apply during registraton

ip mobile mobile-networks 10.1.0.1 

 template tunnel 100

Related Commands

Command
Description

template tunnel (mobile router)

Applies a tunnel template to tunnels brought up at the mobile router.


template tunnel (mobile router)

To apply a tunnel template to tunnels brought up at the mobile router, use the template tunnel command in mobile router configuration mode. To remove the tunnel template, use the no form of this command.

template tunnel interface-number

no template tunnel interface-number

Syntax Description

interface-number

Tunnel interface number.


Defaults

No default behavior or values

Command Modes

Mobile router configuration

Command History

Release
Modification

12.2(15)T

This command was introduced.


Usage Guidelines

This command allows the configuration of multicast on statically created tunnels to be applied to dynamic tunnels brought up on the mobile router.

Examples

The following example shows the template tunnel applied at the mobile router: 

! Tunnel template to be applied to mobile networks

interface tunnel100 

 ip pim sparse-mode 

!

! Select tunnel template to apply during registration

ip mobile router 

 template tunnel100

Related Commands

Command
Description

template tunnel (mobile networks)

Applies a tunnel template to tunnels brought up at the home agent.