Table Of Contents

Mobile IP—Generic NAI Support and Home Address Allocation

Contents

Information About Generic NAI Support and Home Address Allocation

NAI Overview

Home Address Allocation

Static IP Addresses

Dynamic IP Addresses

Address Allocation for Same NAI with Multiple Static Addresses

How Registrations Are Processed for the Same NAI

Benefits of Generic NAI Support and Home Address Allocation

How to Configure Generic NAI Support and Home Address Allocation

Configuring the Home Agent

Static IP Addresses

Dynamic IP Addresses

Configuring AAA in the Mobile IP Environment

Configuring RADIUS in the Mobile IP Environment

Verifying Generic NAI Support and Home Address Allocation

Output Examples

Configuration Examples for Generic NAI Support and Home Address Allocation

Static Home Addressing Using NAI Examples

Dynamic Home Addressing Using NAI Examples

Home Agent Using NAI AAA Server Example

AAA and Local Configuration Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

Glossary

Mobile IP—Generic NAI Support and Home Address Allocation

---

The Mobile IP—Generic NAI Support and Home Address Allocation feature allows a mobile node to be identified by using a network access identifier (NAI) instead of an IP address (home address). The NAI is a character string that can be a unique identifier (username@realm) or a group identifier (realm). Additionally, this feature allows you to configure the home agent to allocate addresses to mobile nodes either statically or dynamically. Home address allocation can be from address pools configured locally on the home agent, through either Dynamic Host Configuration Protocol (DHCP) server access, or from the authentication, authorization, and accounting (AAA) server.

Feature Specifications for Mobile IP—Generic NAI Support and Home Address Allocation

Feature History
Release	Modification
12.2(13)T	This feature was introduced.
Supported Platforms
Refer to Feature Navigator.

Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.

Contents

•Information About Generic NAI Support and Home Address Allocation

•How to Configure Generic NAI Support and Home Address Allocation

•Configuration Examples for Generic NAI Support and Home Address Allocation

•Additional References

•Command Reference

•Glossary

Information About Generic NAI Support and Home Address Allocation

To following sections describe concepts related to generic NAI support and home address allocation:

•NAI Overview

•Home Address Allocation

•Benefits of Generic NAI Support and Home Address Allocation

NAI Overview

Authentication, Authorization, and Accounting (AAA) servers are used within the Internet to provide authentication and authorization services for dial-up computers. AAA servers identify clients using the NAI. The NAI is a character string in the format of an e-mail address as either user or user@realm but it need not be a valid e-mail address or a fully qualified domain name. The NAI can be used either in a specific or generic form. The specific form, which must contain the user portion and may contain the @realm portion, identifies a single user. The generic form allows all users in a given realm or without a realm to be configured on a single command line. Each user still needs a unique security association, but these associations can be stored on a AAA server.

The original purpose of the NAI was to support roaming between dialup ISPs. With the NAI, each ISP need not have all the accounts for all of its roaming partners in a single RADIUS database. RADIUS servers can proxy requests to remote servers for each realm.

These services are also valuable for mobile nodes using Mobile IP when the nodes are attempting to connect to foreign domains with AAA servers. The Mobile IP—Generic NAI Support and Home Address Allocation feature introduces a method for the mobile node to identify itself by including the NAI along with the Mobile IP registration request.

RFC 2794, Mobile IP Network Access Identifier Extension for IPv4, defines a mobile node NAI extension of type 131 to the Mobile IP registration messages. This extension must appear in the registration request before the mobile-home authentication extension (MHAE) and mobile-foreign authentication extension (MFAE). The home agent authenticates the mobile node and allocates an IP address. For static IP address allocation, the mobility binding is identified in the home agent as a flow {NAI, IP address} and for dynamic address assignment the mobility binding is identified by the NAI only.

Home Address Allocation

The home agent allocates a home address to the mobile node based on the NAI received during Mobile IP registration. The IP addresses can be statically or dynamically allocated to the mobile node. In addition, multiple static IP addresses can be allocated to the same NAI. The home agent will not permit simultaneous registrations for different NAIs with the same IP address, whether it is statically or dynamically allocated.

Static IP Addresses

Static IP addresses must be configured on the mobile node. The home agent supports static IP addresses that might be public IP addresses, or addresses in a private domain.

---

Note Use of private addresses for Mobile IP services requires reverse tunneling between the foreign agent and the home agent.

---

The mobile user proposes the configured/available address as a nonzero home address in the registration request message. The home agent can accept this address or return another address in the registration reply message. The home agent can authorize the IP address by accessing the AAA server or DHCP server. The AAA server may return the name of a local pool, or a single IP address. On successful Mobile IP registration, Mobile IP based services are made available to the user.

Dynamic IP Addresses

A mobile node can request a dynamically allocated IP address by proposing an all-zero home address in the registration request message. The home agent allocates a home address and returns it to the mobile node in the registration reply message.

A fixed address is a dynamically assigned address that is always the same.

The home address can be allocated from a AAA server, a DHCP server, or configured locally through the command line interface (CLI). You can also define a local pool for address allocation on a AAA server or through the CLI.

Address Allocation for Same NAI with Multiple Static Addresses

The home agent supports multiple Mobile IP registrations for the same NAI with different static addresses through static address configuration on the command line or by configuring static-ip-address pool (s) at the AAA server or DHCP server. When the home agent receives a registration request message from the mobile user, the home agent accesses the AAA for authentication, and possibly for assignment of an IP address.

A single mobile user can use multiple static IP addresses either on the same IP device or multiple IP devices, while maintaining only one AAA record and security association. The ISP can then bill the user based on the NAI, independent of which IP device was used.

How Registrations Are Processed for the Same NAI

When the same NAI is used for registration from two different mobile IP devices, the behavior is as follows:

•If static address allocation is used in both cases, they are considered independent cases.

•If dynamic address allocation is used in both cases, the second registration replaces the first.

•If static is used for the first registration, and dynamic for the second, the dynamic address allocation replaces the static address allocation.

•If dynamic is used for the first registration, and static for the second, they are considered independent cases.

Additionally, two flows originating from the same mobile node using the same NAI, but two different home agents, are viewed as independent cases.

Benefits of Generic NAI Support and Home Address Allocation

•Provides a mechanism to identify users based on the NAI

•Supports static and dynamic IP address allocation

•Optimizes the use of IP addresses by reusing them

How to Configure Generic NAI Support and Home Address Allocation

•Configuring the Home Agent (required)

•Configuring AAA in the Mobile IP Environment (optional)

•Configuring RADIUS in the Mobile IP Environment (optional)

•Verifying Generic NAI Support and Home Address Allocation (optional)

Configuring the Home Agent

Perform one of the following tasks in this section, depending on whether you want to configure static IP addresses or dynamic IP addresses.

Static IP Addresses

This section describes how to configure the home agent to allocate static IP addresses.

Local Authorization

A static address can be authorized on a per-mobile node or per-realm basis. Per-mobile node configurations require a specific NAI in the form of user or user@realm to be defined on the home agent and allow up to five addresses or a pool per NAI. Per-realm configurations require that a generic NAI be in the form of @realm and only allows address allocation from a local pool.

AAA Authorization

The number of mobile nodes that can be configured is limited because of NVRAM on the router. So, as an option, you can also store the authorized addresses or local pool name in a AAA server. Each user must have either the static-addr-pool attribute or the static-pool-def attribute configured in the AAA server. Unlike the static address configuration on the command line, the static-addr-pool attribute is not limited in the number of addresses. See the "Configuration Examples for Generic NAI Support and Home Address Allocation" section in this document for AAA configuration examples.

Static IP Address Configuration Priority

If the configuration exists locally as well as on the AAA server, the AAA configuration takes precedence over the local pool of addresses. The priority is given in the following order:

1. AAA addresses

2. AAA pool name

3. Local mobile node static addresses

4. Local pool

In cases where the static addresses list is retrieved from the AAA server but all the addresses are already in use by other mobile nodes, the next priority addressing mechanism is used.

SUMMARY STEPS

1. enable

2. configure {terminal | memory | network}

3. ip local pool {named-address-pool | default} {first-ip-address [last-ip-address]}

4. ip mobile host {lower [upper] | nai string [static-address {addr1 [addr2] [addr3] [addr4] [addr5] | local-pool name}] } {interface name | virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number]

5. ip mobile secure host {lower [upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5 | hmac-md5} mode prefix-suffix]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables higher privilege levels, such as privileged EXEC mode. •Enter your password if prompted.
Step 2	configure {terminal | memory | network} Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip local pool {named-address-pool | default} {first-ip-address [last-ip-address]} Example: Router(config)# ip local pool static-user-pool 172.21.58.3 172.21.58.254	(Optional) Configures a local pool of IP addresses. •An NAI configured in the form of @realm can only be allocated addresses from a local pool.
Step 4	ip mobile host {lower [upper] | nai string [static-address {addr1 [addr2] [addr3] [addr4] [addr5] | local-pool name}] } {interface name | virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number] Example: Router(config)# ip mobile host nai joe@staticuser.com local-pool static-user-pool interface FastEthernet0/0 Example: Router(config)# ip mobile host nai joe static-address 172.21.58.3 172.21.58.4 interface FastEthernet0/0 Example: Router(config)# ip mobile host nai joe@staticuser.com interface FastEthernet0/0 aaa	Configures the mobile host or mobile node group. •In the first example, a local pool named static-user-pool is used for static address allocation. •In the second example, multiple static addresses are configured and are associated with the same NAI. This configuration allows a single user to use multiple static IP addresses either on the same IP device or multiple IP devices, while maintaining only one AAA record and security association. Note that this option can only be used when the nai string is not a realm. •In the third example, the mobile host stores its authorized address in a AAA server. The appropriate attributes must be configured on the AAA server.
Step 5	ip mobile secure host {lower [upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5 | hmac-md5} mode prefix-suffix] Example: Router(config)# ip mobile secure host nai user@staticuser.com spi 100 key hex 123456781234567812345678123245678	Specifies the mobility security associations for the mobile host. This step is optional only if you specify the aaa keyword in the ip mobile host command.

Dynamic IP Addresses

This section describes how to configure the home agent to allocate dynamic IP addresses to mobile nodes.

DHCP

Optionally, Mobile IP uses the existing Cisco IOS DHCP proxy client to allocate dynamic home addresses by a DHCP server. The NAI is sent in the DHCP client-id option and can be used to provide dynamic DNS services.

AAA

Dynamic IP addressing from a AAA server allows support for fixed and or per session addressing for mobile nodes without the task of maintaining addressing at the mobile node or home agent. The AAA server can return either a specific address, a local pool name, or a DHCP server address.

Dynamic IP Address Configuration Priority

If the configuration exists locally as well as on the AAA server, the AAA configuration takes precedence over the local pool of addresses. The priority is given in the following order:

1. AAA address

2. AAA pool

3. Local mobile node address

4. Local pool

5. DHCP pool

Restrictions

•The current implementation does not allow DHCP to be used with virtual networks.

•Local pool allocation cannot be used with the home agent redundancy feature.

SUMMARY STEPS

1. enable

2. configure {terminal | memory | network}

3. ip local pool {named-address-pool | default} {first-ip-address [last-ip-address]}

4. ip mobile host nai string [address {addr | pool {local name | dhcp-proxy-client [dhcp-server addr]}] {interface name | virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number]

5. ip mobile secure host {lower [upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5 | hmac-md5} mode prefix-suffix]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables higher privilege levels, such as privileged EXEC mode. •Enter your password if prompted.
Step 2	configure {terminal | memory | network} Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip local pool {named-address-pool | default} {first-ip-address [last-ip-address]} Example: Router(config)# ip local pool my-pool 172.21.58.5 172.21.58.250	(Optional) Configures a local pool of IP addresses.
Step 4	ip mobile host nai string [address {addr | pool {local name | dhcp-proxy-client [dhcp-server addr]}] {interface name | virtual-network network-address mask} [aaa [load-sa]] [care-of-access access-list] [lifetime number] Example: Router(config)#ip mobile host nai jane@cisco.com address pool local my-pool interface FastEthernet0/0 Example: Router(config)#ip mobile host nai jane@cisco.com address pool local my-pool virtual-network 10.2.0.0 255.255.0.0 aaa Example: Router(config)# ip mobile host nai jane@cisco.com address pool dhcp-proxy-client dhcp-server 10.1.2.3 interface FastEthernet 0/0	Configures the mobile host or mobile node group. •In the first example, a local pool named my-pool is used for dynamic address allocation. •In the second example, the user name is sent to the AAA server. If no address allocation information comes back from the AAA server, the home agent will assign an available address from the pool named my-pool. •In the third example, a DHCP proxy client specifies that a DHCP server, located at 10.1.2.3, will allocate dynamic home addresses.
Step 5	ip mobile secure host {lower [upper] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5 | hmac-md5} mode prefix-suffix] Example: Router(config)# ip mobile secure host nai jane@cisco.com spi 100 key hex 123456781234567812345678123245678	Specifies the mobility security associations for the mobile host. Optional only if you specify the aaa keyword in the ip mobile host command.

Configuring AAA in the Mobile IP Environment

Access control is the way you manage who has user access to the network server and what services the users are allowed to use. AAA network security services provide the primary framework through which you set up access control on your router or access server. See the "Configuration Examples for Generic NAI Support and Home Address Allocation" in this document for example AAA configurations.

SUMMARY STEPS

1. enable

2. configure {terminal | memory | network}

3. aaa new-model

4. aaa authentication login {default | list-name} method1 [method2...]

5. aaa authorization ipmobile {tacacs +| radius}

6. aaa session-id [common | unique]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables higher privilege levels, such as privileged EXEC mode. •Enter your password if prompted.
Step 2	configure {terminal | memory | network} Example: Router# configure terminal	Enters global configuration mode.
Step 3	aaa new-model Example: Router(config)# aaa new-model	Enables AAA access control.
Step 4	aaa authentication login {default | list-name} method1 [method2...] Example: Router(config)# aaa authentication login default enable	Sets AAA authentication at login.
Step 5	aaa authorization ipmobile {tacacs+ | radius} Example: Router(config)# aaa authorization ipmobile radius	Specifies which AAA protocol to be used by Mobile IP.
Step 6	aaa session-id [common | unique] Example: Router(config)# aaa session-id common	Ensures that the same session ID will be used for each AAA accounting service type within a call.

Configuring RADIUS in the Mobile IP Environment

Remote Authentication Dial-in User Service (RADIUS) is a method for defining the exchange of AAA information in the network. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a RADIUS server that contains all user authentication and network server access information.

SUMMARY STEPS

1. enable

2. configure {terminal | memory | network}

3. radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number]

4. radius-server retransmit retries

5. radius-server key {0 string | 7 string | string}

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables higher privilege levels, such as privileged EXEC mode. •Enter your password if prompted.
Step 2	configure {terminal | memory | network} Example: Router# configure terminal	Enters global configuration mode.
Step 3	radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] Example: Router(config)# radius-server host 128.107.162.173 auth-port 1645 acct-port 1646	Specifies a RADIUS server host.
Step 4	radius-server retransmit retries Example: Router(config)# radius-server retransmit 3	Specifies the number of times the Cisco IOS software searches the list of RADIUS server hosts before giving up.
Step 5	radius-server key {0 string | 7 string | string} Example: Router(config)# radius-server key cisco	Sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon.

Verifying Generic NAI Support and Home Address Allocation

To verify generic NAI support and home address allocation, use the following commands in privileged EXEC mode, as needed:

SUMMARY STEPS

1. show ip mobile binding nai string

2. show ip mobile host nai string

3. show ip mobile visitor nai string

DETAILED STEPS

	Command or Action	Purpose
Step 1	show ip mobile binding nai string Example: Router# show ip mobile binding nai jane@cisco.com	Displays the mobility binding table. •See the "Output Examples" section for an example.
Step 2	show ip mobile host nai string Example: Router# show ip mobile host nai jane@cisco.com	Displays mobile node information. •See the "Output Examples" section for an example.
Step 3	show ip mobile visitor nai string Example: Router# show ip mobile visitor nai jane@cisco.com	Displays the visitor list on the foreign agent. •See the "Output Examples" section for an example.

Output Examples

This section provides the following output examples:

•Sample Output for the show ip mobile binding Command

•Sample Output for the show ip mobile host Command

•Sample Output for the show ip mobile visitor Command

Sample Output for the show ip mobile binding Command

In this example, output information about all current mobility bindings is displayed using the show ip mobile binding EXEC command:

Router> show ip mobile binding nai jane@cisco.com

Mobility Binding List:

jane@cisco.com (Bindings 1): 

    Home Addr 25.2.2.1

    Care-of Addr 68.0.0.31, Src Addr 68.0.0.31, 

    Lifetime granted 02:46:40 (10000), remaining 02:46:32

    Flags Sbdmgvt, Identification B750FAC4.C28F56A8, 

    Tunnel2 src 1.1.1.1.dest 2.2.2.1 reverse-allowed

    Routing Options - (B)Broadcast

Sample Output for the show ip mobile host Command

In this example, mobile host counters and information is displayed using the show ip mobile host EXEC command:

Router> show ip mobile host nai jane@cisco.com

jane@cisco.com:

    Dynamic address from local pool dynamic-pool

    Allowed lifetime 00:03:20 (200/default)

    Roaming status -registered-, Home link on virtual network 25.0.0.0/8

    Bindings 25.2.2.1

    Accepted 2, Last time 04/13/02 19:04:28

    Overall service time 00:04:42

    Denied 0, Last time -never-

    Last code `-never- (0)'

    Total violations 0

    Tunnel to MN - pkts 0, bytes 0

    Reverse tunnel from MN - pkts 0, bytes 0

Sample Output for the show ip mobile visitor Command

In this example, the visitor list on the foreign agent is displayed using the show ip mobile visitor EXEC command:

Router> show ip mobile visitor nai jane@cisco.com

Security Associations (algorithm,mode,replay)

Mobile Visitor List:

jane@cisco.com

    Home addr 25.2.2.2

    Interface Ethernet3/2, MAC addr 0060.837b.95ec

    IP src 0.0.0.0, dest 2.2.2.1, UDP src port 434

    HA addr 1.1.1.1, Identification B7510E60.64436B38

    Lifetime 00:03:20 (200) Remaining 00:02:57

    Tunnel2 src 2.2.2.1, dest 1.1.1.1, reverse-allowed

    Routing Options - (B) Broadcast

Configuration Examples for Generic NAI Support and Home Address Allocation

This section provides the following configuration examples:

•Static Home Addressing Using NAI Examples

•Dynamic Home Addressing Using NAI Examples

•Home Agent Using NAI AAA Server Example

•AAA and Local Configuration Example

Static Home Addressing Using NAI Examples

The following example configures a local pool of static addresses to be used in assigning IP addresses to mobile nodes in the cisco.com domain:

router mobile

!

ip local pool mobilenodes 172.21.58.3 172.21.58.250

ip mobile host nai @cisco.com static-address local-pool mobilenodes

ip mobile secure host nai @cisco.com spi 100 key hex 123456781234567812345678123245678

!

Dynamic Home Addressing Using NAI Examples

The following is an example of dynamic addressing using a local pool:

router mobile

!

ip local pool my-pool 10.1.2.3 10.1.2.5

ip mobile host nai jane@cisco.com address pool local my-pool virtual-network 10.0.0.0 
255.255.255.0

ip mobile secure host nai jane@cisco.com spi 100 key hex 123456781234567812345678123245678

The following is an example of dynamic addressing using a DHCP server specified by the DHCP proxy client:

router mobile

!

ip mobile host nai jane@cisco.com address pool dhcp-proxy-client dhcp-server 10.1.2.3 
interface FastEthernet 0/0

ip mobile secure host nai jane@cisco.com spi 100 key hex 123456781234567812345678123245678

Home Agent Using NAI AAA Server Example

In the following static configuration, the home agent can use a AAA server to store either the authorized addresses or local pool name. For the mobile node to request a static address, either the static-addr-pool attribute or the static-pool-def attribute must be configured on the AAA server.

Home Agent

The following example shows how the home agent is configured to use the AAA server:

aaa new-model

aaa authorization ipmobile radius

!

ip local pool mobilenodes 10.0.0.5 10.0.0.10

ip mobile host nai user@staticuser.com interface FastEthernet0/0 aaa

ip mobile host nai @static.com interface FastEthernet0/0 aaa

Radius Attributes

Cisco-AVPair = "mobileip:static-addr-pool=10.0.0.1 10.0.0.2 10.0.0.3"

Cisco-AVPair = "mobileip:static-pool-def=mobilenodes"

AAA and Local Configuration Example

You can also configure some addressing details on the home agent and some on the AAA server. In the following example, a set of authorized static addresses for a mobile node are configured on the AAA server and the dynamic addresses are configured locally on the home agent.

Home Agent

ip mobile host nai @cisco.com address pool local mobilenodes interface ethernet2/1 aaa

Radius Attribute

Cisco-AVPair = "mobileip:static-addr-pool=10.2.0.1 10.2.0.2 10.0.0.3"

Additional References

For additional information related to generic NAI support and home address assignment, refer to the following sections:

•Related Documents

•Standards

•MIBs

•RFCs

•Technical Assistance

Related Documents

Related Topic	Document Title
Mobile IP configuration tasks	"Configuring Mobile IP" chapter in the Cisco IOS IP Configuration Guide, Release 12.2
Mobile IP commands: complete command syntax, command mode, defaults, usage guidelines, and examples	"Mobile IP Commands" chapter in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2
AAA configuration tasks	Cisco IOS Security Configuration Guide, Release 12.2
AAA commands: complete command syntax, command mode, defaults, usage guidelines, and examples	Cisco IOS Security Command Reference, Release 12.2

Standards

Standards	Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.	—

MIBs

MIBs1	MIBs Link
•CISCO-MOBILE-IP MIB	To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

1 Not all supported MIBs are listed.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco  MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco  MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

RFCs

RFCs1	Title
RFC 2486	The Network Access Identifier
RFC 2794	Mobile IP Network Access Identifier Extension for IPv4
RFC 3220	IP Mobility Support for IPv4

1 Not all supported RFCs are listed.

Technical Assistance

Description	Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and lots more. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/public/support/tac/home.shtml

Command Reference

The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS IP Mobility Command Reference at http://www.cisco.com/en/US/docs/ios/ipmobility/command/reference/imo_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.

•clear ip mobile binding

•clear ip mobile host-counters

•clear ip mobile secure

•clear ip mobile visitor

•ip mobile home-agent

•ip mobile home-agent reject-static-address

•ip mobile host

•ip mobile secure

•show ip mobile binding

•show ip mobile globals

•show ip mobile host

•show ip mobile secure

•show ip mobile violation

•show ip mobile visitor

Glossary

home agent—A router on a home network of the mobile node or that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding.

flow—In the context of this document, a flow is the set of {NAI, IP Address}. The flow allows a single NAI to be associated with one or multiple IP addresses, for example, {NAI, ipaddr1}, {NAI, ipaddr2}, and so on.

foreign agent—A router on the visited network of a foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the Home Agent of the mobile node. For packets sent by a mobile node, the Foreign Agent may serve as a default router for registered mobile nodes.

mobility binding—The association of a home address with a care-of address and the remaining lifetime.

NAI—Network Access Identifier. The user ID submitted by the mobile node during registration to identify the user for authentication. The NAI may help route the registration request to the right home agent.

---

Note Refer to the Internetworking Terms and Acronyms for terms not included in this glossary.

---

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.