Mobile IP
Destination context name
|
This is an
identification string between 1 and 79 characters (alpha and/or numeric) by
which the Mobile IP destination context will be recognized by the system.
Important:
For this
configuration, the destination context name should
not
match the domain name of a specific domain. It should,
however, match the name of the context in which the HA service is configured if
a separate system is used to provide HA functionality.
|
ICC
Interface Configuration
|
ICC
interface name
|
The
intra-context communication (ICC) interface is configured to allow FA and HA
services configured within the same context to communicate with each other.
The ICC
interface name is an identification string between 1 and 79 characters (alpha
and/or numeric) by which the interface will be recognized by the system.
Multiple
names are needed if multiple interfaces will be configured.
ICC
interface(s) are configured in the same destination context as the FA and HA
services.
|
IP address
and subnet
|
These will
be assigned to the ICC interface(s).
Multiple
addresses (at least one per service) on the same subnet will be needed to
assign to the same ICC interface.
|
Physical
port number
|
This
specifies the physical port to which the interface will be bound. Ports are
identified by the chassis slot number where the line card resides in, followed
by the number of the physical connector on the line card. For example, port
17/1 identifies connector number 1 on the card in slot 17.
A single
physical port can facilitate multiple interfaces.
|
Physical
port description
|
This is an
identification string between 1 and 79 characters (alpha and/or numeric) by
which the physical port will be recognized by the system.
Multiple
descriptions are needed if multiple ports will be used.
Physical
ports are configured within the destination context and are used to bind
logical ICC interfaces.
|
PDN
Interface Configuration
|
PDN
interface name
|
This is an
identification string between 1 and 79 characters (alpha and/or numeric) by
which the interface will be recognized by the system.
Multiple
names are needed if multiple interfaces will be configured.
PDN
interfaces are configured in the destination context.
|
IP address
and subnet
|
These will
be assigned to the PDN interface.
Multiple
addresses and/or subnets are needed if multiple interfaces will be configured.
|
Physical
port number
|
This
specifies the physical port to which the interface will be bound. Ports are
identified by the chassis slot number where the line card resides in, followed
by the number of the physical connector on the line card. For example, port
17/1 identifies connector number 1 on the card in slot 17.
A single
physical port can facilitate multiple interfaces.
|
Physical
port description(s)
|
This is an
identification string between 1 and 79 characters (alpha and/or numeric) by
which the physical port will be recognized by the system.
Multiple
descriptions will be needed if multiple ports will be used.
Physical
ports are configured within the destination context and are used to bind
logical PDN interfaces.
|
Gateway IP
address(es)
|
Used when
configuring static routes from the PDN interface(s) to a specific network.
|
IP Address
Pool Configuration (optional)
|
IP address
pool name(s)
|
If IP
address pools will be configured in the destination context(s), names or
identifiers will be needed for them. The pool name can be between 1 and 31
alpha and/or numeric characters and is case sensitive.
|
IP pool
addresses
|
An initial
address and a subnet, or a starting address and an ending address, are required
for each configured pool. The pool will then consist of every possible address
within the subnet , or all addresses from the starting address to the ending
address.
The pool can
be configured as public, private, or static.
|
FA Service
Configuration
|
FA service
name
|
This is an
identification string between 1 and 63 characters (alpha and/or numeric) by
which the FA service will be recognized by the system.
Multiple
names are needed if multiple FA services will be used.
FA services
are configured in the destination context.
|
UDP port
number for Mobile IP traffic
|
Specifies
the port used by the FA service and the HA for communications. The UDP port
number can be any integer value between 1 and 65535. The default value is 434.
|
Security
Parameter Index (indices) Information
|
HA IP address:
Specifies
the IP address of the HAs with which the FA service communicates. The FA
service allows the creation of a security profile that can be associated with a
particular HA.
|
Index:
Specifies
the shared SPI between the FA service and a particular HA. The SPI can be
configured to any integer value between 256 and 4294967295.
Multiple
SPIs can be configured if the FA service is to communicate with multiple HAs.
|
Secrets:
Specifies
the shared SPI secret between the FA service and the HA. The secret can be
between 1 and 127 characters (alpha and/or numeric).
An SPI
secret is required for each SPI configured.
|
Hash-algorithm:
Specifies
the algorithm used to hash the SPI and SPI secret. The possible algorithms that
can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default
is hmac-md5.
A
hash-algorithm is required for each SPI configured.
|
FA agent
advertisement lifetime
|
Specifies
the time (in seconds) that an FA agent advertisement remains valid in the
absence of further advertisements.
The time
can be configured to any integer value between 1 and 65535. The default is
9000.
|
Number of
allowable unanswered FA advertisements
|
Specifies
the number of unanswered agent advertisements that the FA service will allow
during call setup before it will reject the session.
The number
can be any integer value between 1 and 65535. The default is 5.
|
Maximum
mobile-requested registration lifetime allowed
|
Specifies
the longest registration lifetime that the FA service will allow in any
Registration Request message from the mobile node.
The
lifetime is expressed in seconds and can be configured between 1 and 65534. An
infinite registration lifetime can be configured by disabling the timer. The
default is 600 seconds.
|
Registration reply timeout
|
Specifies
the amount of time that the FA service will wait for a Registration Reply from
an HA.
The time
is measured in seconds and can be configured to any integer value between 1 and
65535. The default is 7.
|
Number of
simultaneous registrations
|
Specifies
the number of simultaneous Mobile IP sessions that will be supported for a
single subscriber.
The
maximum number of sessions is 3. The default is 1.
Important:
The
system will only support multiple Mobile IP sessions per subscriber if the
subscriber's mobile node has a static IP address.
|
Mobile
node re-registration requirements
|
Specifies
how the system should handle authentication for mobile node re-registrations.
The FA
service can be configured to always require authentication or not. If not, the
initial registration and de-registration will still be handled normally.
|
HA service
Configuration
|
HA service
name
|
This is an
identification string between 1 and 63 characters (alpha and/or numeric) by
which the HA service will be recognized by the system.
Multiple
names are needed if multiple HA services will be used.
HA
services are configured in the destination context.
|
UDP port
number for Mobile IP traffic
|
Specifies
the port used by the HA service and the FA for communications. The UDP port
number can be any integer value between 1 and 65535. The default value is 434.
|
Mobile
node re-registration requirements
|
Specifies
how the system should handle authentication for mobile node re-registrations.
The HA
service can be configured as follows:
-
Always
require authentication
-
Never
require authentication (NOTE:
the initial registration and de-registration will still
be handled normally)
-
Never
look for mn-aaa extension
-
Not
require authentication but will authenticate if mn-aaa extension present
|
FA-to-HA
Security Parameter Index Information
|
FA IP address:
The HA
service allows the creation of a security profile that can be associated with a
particular FA.
This
specifies the IP address of the FA that the HA service will be communicating
with.
Multiple
FA addresses are needed if the HA will be communicating with multiple FAs.
|
Index:
Specifies
the shared SPI between the HA service and a particular FA. The SPI can be
configured to any integer value between 256 and 4294967295.
Multiple
SPIs can be configured if the HA service is to communicate with multiple FAs.
|
Secret:
Specifies
the shared SPI secret between the HA service and the FA. The secret can be
between 1 and 127 characters (alpha and/or numeric).
An SPI
secret is required for each SPI configured.
|
Hash-algorithm:
Specifies
the algorithm used to hash the SPI and SPI secret. The possible algorithms that
can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default
algorithm is hmac-md5.
A
hash-algorithm is required for each SPI configured.
|
Mobile
Node Security Parameter Index Information
|
Index:
Specifies
the shared SPI between the HA service and the mobile node(s). The SPI can be
configured to any integer value between 256 and 4294967295.
Multiple
SPIs can be configured if the HA service is to communicate with multiple mobile
nodes.
|
Secret(s):
Specifies
the shared SPI secret between the HA service and the mobile node. The secret
can be between 1 and 127 characters (alpha and/or numeric).
An SPI
secret is required for each SPI configured.
|
Hash-algorithm:
Specifies
the algorithm used to hash the SPI and SPI secret. The possible algorithms that
can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default
algorithm is hmac-md5.
A
hash-algorithm is required for each SPI configured.
|
Replay-protection
process:
Specifies
how protection against replay-attacks is implemented. The possible processes
are nonce and timestamp. The default is timestamp with a tolerance of 60
seconds.
A
replay-protection process is required for each mobile node-to-HA SPI
configured.
|
Maximum
registration lifetime
|
Specifies
the longest registration lifetime that the HA service will allow in any
Registration Request message from the mobile node.
The time
is measured in seconds and can be configured to any integer value between 1 and
65535. An infinite registration lifetime can also be configured by disabling
the timer. The default is 600.
|
Maximum
number of simultaneous bindings
|
Specifies
the maximum number of "care-of" addresses that can simultaneously be bound for
the same user as identified by NAI and Home address.
The number
can be configured to any integer value between 1 and 5. The default is 3.
|
Default
Subscriber Configuration
|
"Default"
subscriber's IP context name
|
Specifies
the name of the egress context on the system that facilitates the PDN ports.
Important:
For this
configuration, the IP context name should be identical to the name of the
destination context.
|