-
Cisco IOS IP Mobility Configuration Guide, Release 12.4
-
Part 1: Mobile IP
-
Configuring Mobile IP
-
Mobile IP MIB Support for SNMP
-
Mobile IP—NAT Detect
-
Mobile IP—Support for Foreign Agent Reverse Tunneling
-
Mobile IP—Challenge/Response Extensions
-
Mobile IP—Generic NAI Support and Home Address Allocation
-
Mobile IP Home Agent Policy Routing
-
Mobile IP—Home Agent Accounting
-
Mobile IP Dynamic Security Association and Key Distribution
-
Mobile IP—Support for RFC 3519 NAT Traversal
-
-
Part 2: Mobile Networks
-
Cisco Mobile Networks
-
Cisco Mobile Networks—Asymmetric Link
-
Cisco Mobile Networks—Static Collocated Care-of Address
-
Cisco Mobile Networks—Priority HA Assignment
-
Cisco Mobile Networks—Tunnel Templates for Multicast
-
Mobile Networks Dynamic Collocated Care-of Address
-
Mobile Networks Deployment MIB
-
Mobile IP—Foreign Agent Local Routing to Mobile Networks
-
Mobile IP—Generic Routing Encapsulation for Cisco Mobile Networks
-
Mobile Router DHCP Support for Dynamic CCoA and Foreign Agent Processing
-
-
Part 1: Mobile IP
Table Of Contents
Mobile IP MIB Support for SNMP
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Configuring the Router to Send Mobile IP MIB Notifications
Verifying Mobile IP MIB Configuration
Monitoring and Maintaining Mobile IP MIBs
Mobile IP MIB Support for SNMP
This document describes the Mobile IP MIB Support for SNMP feature in Cisco IOS Release 12.2(2)T. It includes the following sections:
•
Supported Standards, MIBs, and RFCs
•
Feature Overview
The Mobile IP MIB Support for SNMP feature adds a MIB module that expands network monitoring and management capabilities of foreign agent (FA) and home agent (HA) Mobile IP entities. Mobile IP management using Simple Network Management Protocol (SNMP) is defined in two MIBs: the RFC2006-MIB and the CISCO-MOBILE-IP-MIB.
The RFC2006-MIB is a MIB module that uses the definitions defined in RFC 2006, The Definitions of Managed Objects for IP Mobility Support Using SMIv2. Beginning in Cisco IOS Release 12.2(1)T, RFC 2006 Set operations and an SNMP notification (trap) are supported. Set operations, performed from a network management system (NMS), allow you to use the RFC2006-MIB objects for starting and stopping the Mobile IP service, modifying and deleting security associations, modifying advertisement parameters, and configuring 'care-of addresses' for FAs. An SNMP notification for security violations can also be enabled on supported routing devices using the Cisco IOS software (see the "Configuration Tasks" section for details).
The CISCO-MOBILE-IP-MIB is a Cisco enterprise-specific extension to the RFC2006-MIB. The CISCO-MOBILE-IP-MIB allows you to monitor the total number of HA mobility bindings and the total number of FA visitor bindings using an NMS. These bindings are defined in the CISCO-MOBILE-IP-MIB as cmiHaRegTotalMobilityBindings and cmiFaRegTotalVisitors, respectively.
Benefits
The RFC2006-MIB defines a notification for Mobile IP entities (HA or FA) that can be sent to an NMS if there is a security violation. This notification can be used to identify the source of intrusions.
The RFC2006-MIB also defines a table (mipSecViolationTable) to log the security violations in the Mobile IP entities. This log can be retrieved from an NMS (using Get operations) and can be used to analyze the security violation instances in the system.
The CISCO-MOBILE-IP-MIB allows you to monitor the total number of HA mobility bindings. Customers can now obtain a snapshot of the current load in their HAs, which is important for gauging load at any time in the network and tracking usage for capacity planning.
Restrictions
The following restrictions exist for using Set operations on the following objects and tables in the RFC2006 MIB:
•
•
•
Table 1 Fixed Security Method for RFC2006-MIB mipSecAssocTable Objects
mipSecAlgorithmType
MD5
mipSecAlgorithmMod
prefixSuffix
mipSecReplayMethod
timestamps
When the mipSecKey object value is set with a Set operation, the value will be interpreted as an ASCII key if it contains printable ASCII values. Otherwise, the key will be interpreted as a hex string.
Because there is no rowStatus object in this table, deletion of rows in this table is achieved by setting the mipSecKey object to some special value. Existing security associations can be removed by setting the mipSecKey object to all zeros.
•
When the maAdvResponseSolicitationOnly object has a TRUE value, the maAdvMaxInterval, maAdvMinInterval, and maAdvMaxAdvLifetime objects of this table are not instantiated.
If the interface corresponding to a row is not up, the row will move to the notReady state.
•
If the interface corresponding to the care-of address (configured by a row of this table) is not up, then the status of the row will be notReady. Creating a new row that corresponds to an interface that is not up is not possible.
Related Features and Technologies
•
•
Related Documents
This feature adds support for RFC 2006 Set operations and security violation traps. For specifications, see RFC 2006, The Definitions of Managed Objects for IP Mobility Support Using SMIv2.
For information on configuring SNMP using Cisco IOS software, refer to the following documents:
•
•
For information on using SNMP MIB features, refer to the appropriate documentation for your network management system.
For information on configuring Mobile IP using Cisco IOS software, refer to the following documents:
•
•
Supported Platforms
Mobile IP support for SNMP functionality is available only in software images that support Mobile IP and SNMP. Supported platforms include the following:
•
•
•
•
•
•
•
Platform Support Through Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.
To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, e-mail the Contact Database Administration group at cdbadmin@cisco.com. If you want to establish an account on Cisco.com, go to http://www.cisco.com/register and follow the directions to establish an account.
Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator at the following URL:
http://www.cisco.com/go/fn
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
•
•
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
•
•
Prerequisites
The tasks in this document assume that you have configured SNMP and Mobile IP on your devices. Because this feature allows modification and deletion of security associations in the mipAssocTable through SNMP Set operations, use of SNMPv3 is strongly recommended.
Configuration Tasks
See the following sections for configuration tasks for the Mobile IP MIB Support for SNMP feature. Each task in the list is identified as either required or optional:
•
•
Configuring the Router to Send Mobile IP MIB Notifications
To configure the router to send Mobile IP traps or informs to a host, use the following commands in global configuration mode:
Note that Mobile IP notifications need not be enabled on a system to process simple Set or Get SNMP requests.
Verifying Mobile IP MIB Configuration
Use the more system:running-config or the show running-config command to verify that the desired snmp-server commands are in your configuration file.
Monitoring and Maintaining Mobile IP MIBs
The Mobile IP MIB Support for SNMP feature is designed to provide information to network management applications (typically graphical-user-interface programs running on an external NMS). Mobile IP MIB objects can be read by the NMS using SNMP Set, Get, Get-next, and Get-bulk operations. Traps or informs can also be sent to the NMS by enabling the "ipmobile" notification type as described in the "Configuration Tasks" section.
Configuration Examples
In the following example, Mobile IP security violation notifications are sent to the host myhost.cisco.com as informs. The community string is defined as private1.
snmp-server enable traps ipmobilesnmp-server host myhost.cisco.com informs version 3 auth private1Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS IP Mobility Command Reference at http://www.cisco.com/en/US/docs/ios/ipmobility/command/reference/imo_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.
New Command
•
Modified Command
•
Glossary
care-of address—An address used temporarily by a mobile node as a tunnel exit-point when the mobile node is connected to a foreign link.
foreign agent—A router on a visited network of a mobile node that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers datagrams to the mobile node that were tunneled by the home agent of the mobile node. For datagrams sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.
home agent—A router on the home network of a mobile node that tunnels packets to the mobile node while it is away from home. It keeps current location information for registered mobile nodes called a mobility binding.
inform—An SNMP trap message that includes a delivery confirmation request. See "trap."
MIB—Management Information Base. Database of network management information that is used and maintained by a network management protocol such as SNMP. The value of a MIB object can be changed or retrieved using SNMP commands, usually through a Network Management System (NMS). MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.
mobile node—A host or router that changes its point of attachment from one network or subnet to another. A mobile node may change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its home IP address, assuming link-layer connectivity to a point of attachment is available.
NMS—network management system. An application or suite of applications designed to monitor networks using SNMP. CiscoView is one example of an NMS.
SNMP—Simple Network Management Protocol. Management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security, typically through the use of an NMS.
SPI—security parameter index. The index identifying a security context between a pair of nodes.
trap—Message sent by an SNMP agent to a network management station, console, or terminal to indicate the occurrence of a significant event, such as a specifically defined condition or a threshold that was reached.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.
