Client Data Tunneling

Proxy Mobile IPv6

Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that supports a mobile node by acting as the proxy for the mobile node in an IP mobility-related signaling scenario. The mobility entities in the network track the movements of the mobile node, initiate mobility signaling, and set up the required routing state.

The main functional entities are the Local Mobility Anchor (LMA) and Mobile Access Gateway (MAG). The LMA maintains the reachability state of the mobile node and is the topological anchor point for the IP address of the mobile node. The MAG performs mobility management on behalf of a mobile node. The MAG resides on the access link where the mobile node is anchored. The Cisco Wireless LAN Controller (WLC) implements the MAG functionality.

In the Cisco 5508 WLC, Cisco WiSM2, and Cisco 8510 WLCs, PMIPv6 MAG support for integration with LMA such as Cisco ASR 5000 Series in cellular data networks.

For PMIPv6 clients, Cisco WLC supports both central web authentication and local web authentication.

PMIPv6 is supported for clients with 802.1X authentication. After the 802.1X authentication is complete, a Cisco AP starts PMIPv6 signaling for the corresponding client.

MAG on AP is supported on FlexConnect mode APs in a locally switched WLAN. For PMIPv6 clients, all the data traffic from clients is tunneled to the LMA in the Generic Routing Encapsulation (GRE) tunnel established between the MAG and the LMA. Similarly, all the packets received from the LMA in the GRE tunnel are routed to the wireless client.

After the 802.1X authentication is complete, the Cisco AP starts PMIPv6 signaling for the client. In a MAG-on-AP scenario, the Cisco AP starts PMIPv6 signaling. In a MAG-on-WLC scenario, the Cisco WLC starts PMIPv6 signaling.

Fast Roaming with Central Association

Fast roaming is supported when central association is enabled on WLANs. When central association is enabled, all key cachings occur on the Cisco WLC. When a PMIPv6 client roams from one AP to another on the same mobility domain, the Cisco WLC sends the PMIPv6 parameters of the client to a new AP in PMIPv6 tunnel payload to start PMIPv6 signaling. Also, the Cisco WLC sends the PMIPv6 tunnel payload to the old AP to tear down the Generic Routing Encapsulation (GRE) tunnel for the client with the LMA. Fast roaming is supported in both intra-Cisco WLC and inter-Cisco WLC roaming scenarios and mobility messages are added to send PMIPv6 parameters from one Cisco WLC to another during roaming.

Client roaming from third-party MAG to Cisco AP-MAG is similar to a new client joining; a client roaming away from a Cisco AP-MAG to a third-party MAG is similar to a client leaving, and therefore, requires no special handling.

With Cisco APs in FlexConnect mode, all reassociation requests from clients are handled by the Cisco APs themselves. However, if central association is enabled, all reassociation requests are handled by the Cisco WLC.

Dynamic AAA Attributes

The dynamic AAA attributes that are supported are listed below:

Type Attribute Value Description Cisco WLC Behavior
89 Chargeable-User-Identity String Chargeable User Identity RFC-4372 If present, the attribute is copied into the MSCB and used in accounting reports; no other usage.
26/104 15/13 3GPP-Charging-Characteristics String Rules for producing charging information If present, the attribute is copied to the MSCB and passed to the L2 attach triggers to the MAG. The attribute is used to send to the local mobility anchor (LMA) as an option in the proxy binding update (PBU).
26/9/1 Cisco-Service-Selection String Service Identifier (APN) If present, the attribute overrides the locally configured APN.
26/9/1 Cisco-Mobile-Node-Identifier String Mobile Node Identifier If present, the attribute is used for the network access identifier (NAI).
26/9/1 Cisco-MSISDN String Mobile Subscriber ISDN Number If present, the attribute is used to pass to MAG code with a new parameter in the L2 attach trigger.
26/9/1 Cisco-MPC-Protocol-Interface ENUM: "none" "PMIPv6" "GTPv1" "PMIPv4" Mobile Node Service Type Only IPv4 and simple IP clients are supported.
26/9/1 Cisco-URL-REDIRECT String HTTP URL of the Captive Portal Existing attribute used for web authentication; no changes required.
26/9/1 Cisco-URL-REDIRECT-ACL String Specific Redirect Rule Existing attribute used for web authentication; no changes required.
26/9/1 Cisco-Home-LMA-IPv4-Address IP Address Mobile node's Home LMA IPv4 address If present, this attribute is used as the LMA for the client.
Note 
The GRE tunnel creation is still static.

PMIPv6 AAA Attributes

The PMIPv6 AAA attributes that are supported are listed below:

Type Attribute Value Description Cisco WLC Behavior
89 Chargeable-User-Identity String Chargeable User Identity RFC-4372 If present, the attribute is copied into the MSCB and used in accounting reports; no other usage.
26/104 15/13 3GPP-Charging-Characteristics String Rules for producing charging information If present, the attribute is copied to the MSCB and passed to the L2 attach triggers to the MAG. The attribute is used to send to the local mobility anchor (LMA) as an option in the proxy binding update (PBU).
26/9/1

mn-network

String Service Identifier (APN) If present, the attribute overrides the locally configured APN (Mandatory)
26/9/1 mn-nai String Mobile Node Identifier If present, the attribute is used for the network access identifier (NAI).
26/9/1 cisco-msisdn String Mobile Subscriber ISDN Number If present, the attribute is used to pass to MAG code with a new parameter in the L2 attach trigger.
26/9/1 cisco-mpc-protocol-interface ENUM: "None" "PMIPv6" Mobile Node Service Type Only PMIPv6 clients are supported. (Mandatory)
26/9/1 home-lma-ipv4-address IPv4 Address Mobile node's Home LMA IPv4 address If present, this attribute is used as the LMA for the client. The LMA should also be configured in WLC (Mandatory).
Note 
The GRE tunnel creation is still static.

26/9/1

mn-service

ENUM: "IPv4" Type of client

Only IPv4 is supported.

Restrictions on Proxy Mobile IPv6

  • IPv6/dual stack clients are not supported. Only IPv4 is supported with PMIPv6.

  • You must enable DHCP Proxy before you can connect to a PMIPv6-enabled WLAN.

  • PMIPv6 is not supported on local switching WLANs with FlexConnect mode APs. PMIPv6 MAG on AP is supported only when AP is in FlexConnect mode and WLAN is configured for FlexConnect Local Switching. If the WLAN is configured for Central Switching, MAG on Cisco WLC is used.

  • PMIPv6 on FlexConnect ACL with local switching is not supported.

  • MAG on AP is not supported for clients in a centrally switched WLAN.

Configuring Proxy Mobile IPv6 (GUI)

Procedure


Step 1

Choose Controller > PMIPv6 > General. The PMIPv6 Generalwindow is displayed.

Step 2

Enter the values for the following parameters:

  • Domain Name—Name of the PMIPv6 domain. The domain name can be up to 127 case-sensitive, alphanumeric characters.

  • MAG Name—Name of the MAG.

  • MAG APN—Access Point Name (APN) if you have subscribed to a MAG.

    MAG can be configured for one of the following roles:
    • 3gpp—Specifies the role as 3GPP (Third Generation Partnership Project standard)
    • lte—Specifies the role as Long Term Evolution (LTE) standard
    • wimax—Specifies the role as WiMax
    • wlan—Specifies the role as WLAN

    By default, the MAG role is WLAN. However, for lightweight access points, the MAG role should be configured as 3GPP. If the MAG role is 3GPP, it is mandatory to specify an APN for the MAG.

  • Maximum Bindings Allowed—Maximum number of binding updates that the Cisco WLC can send to the MAG. The valid range is between 0 and 40000.

  • Binding Lifetime—Lifetime, in seconds, of the binding entries in the Cisco WLC. The valid range is between 10 and 65535. The default value is 3600. The binding lifetime should be a multiple of 4.

  • Binding Refresh Time—Refresh time, in seconds, of the binding entries in the Cisco WLC. The valid range is between 4 and 65535 seconds. The default value is 300 seconds. The binding refresh time should be a multiple of 4.

  • Binding Initial Retry Timeout—Initial timeout, in milliseconds, between the Proxy Binding Updates (PBUs) when the Cisco WLC does not receive the Proxy Binding Acknowledgments (PBAs). The valid range is between 100 and 65535. The default value is 1000.

  • Binding Maximum Retry Timeout—Maximum timeout between the PBUs when the Cisco WLC does not receive the PBAs. The valid range is between 100 and 65535. The default value is 32000.

  • Replay Protection Timestamp—Maximum amount of time, in milliseconds, difference between the timestamp in the received PBA and the current time of the day. The valid range is between 1 and 255. The default value is 7.

  • Minimum BRI Retransmit Timeout—Minimum amount of time, in milliseconds, that the Cisco WLC waits for before retransmitting the BRI message. The valid range is between 500 and 65535. The default value is 1000.

  • Maximum BRI Retransmit Timeout—Maximum amount of time, in milliseconds, that the Cisco WLC waits for before retransmitting the Binding Revocation Indication (BRI) message. The valid range is between 500 and 65535. The default value is 2000.

  • BRI Retries—Maximum number of times that the Cisco WLC retransmits the BRI message before receiving the Binding Revocation Acknowledgment (BRA) message. The valid range is between 1 to 10. The default value is 1.

Step 3

Click Apply.

Note 

To clear your configuration, click Clear Domain.

Step 4

To create the LMA, follow these steps:

  1. Choose Controller > PMIPv6 > LMA and click New.

  2. Enter the values for the following parameters:

    • Member Name—Name of the LMA connected to the Cisco WLC.

    • Member IP Address—IP address of the LMA connected to the Cisco WLC.

  3. Click Apply.

Step 5

To create a PMIPv6 profile, follow these steps:

  1. Choose Controller > PMIPv6 > Profiles and click New.

  2. In the PMIPv6 Profile > New window, enter the values for the following parameters:

    • Profile Name—Name of the profile.

    • Network Access Identifier—Name of the Network Access Identifier (NAI) associated with the profile.

    • LMA Name—Name of the LMA to which the profile is associated.

    • Access Point Node—Name of the access point node; APN identifies a particular routing domain for user traffic.

  3. Click Apply.

Step 6

To configure PMIPv6 parameters for a WLAN, follow these steps:

  1. Choose WLANs > WLAN ID. The WLANs > Edit window is displayed.

  2. Click the Advanced tab.

  3. Under PMIP, from the PMIP Mobility Type drop-down list, choose the mobility type from the following options:

    • None—Configures the WLAN with simple IP

    • PMIPv6—Configures the WLAN with only PMIPv6

  4. From the PMIP Profile drop-down list, choose the PMIP profile for the WLAN.

  5. In the PMIP Realm field, enter the default realm for the WLAN.

  6. Click Apply.

Step 7

Click Save Configuration.


Configuring Proxy Mobile IPv6 (CLI)

Procedure


Step 1

Configure a PMIPv6 domain name by entering this command:

config pmipv6 domain domain-name

Note 

This command also enables the MAG functionality on the Cisco Wireless Controller (WLC).

Step 2

Configure MAG by using these commands:

  • Configure the maximum binding update entries that are allowed by entering this command:

    config pmipv6 mag binding maximum units

  • Configure the binding entry lifetime by entering this command:

    config pmipv6 mag lifetime units

  • Configure the binding refresh interval by entering this command:

    config pmipv6 mag refresh-time units

  • Configure the initial timeout between PBUs if PBA does not arrive by entering this command:

    config pmipv6 mag init-retx-time units

  • Configure the maximum initial timeout between PBUs if PBA does not arrive by entering this command:

    config pmipv6 mag max-retx-time units

  • Configure the replay protection mechanism by entering this command:

    config pmipv6 mag replay-protection {timestamp window units | sequence-no | mobile-node-timestamp}

  • Configure the minimum or maximum amount of time, in seconds, that the MAG should wait for before it retransmits the binding revocation indication (BRI) message by entering this command:

    config pmipv6 mag bri delay {min | max} units

  • Configure the maximum number of times the MAG should retransmit the BRI message before it receives the binding revocation acknowledgment (BRA) message by entering this command:

    config pmipv6 mag bri retries units

  • Configure the list of LMAs for the MAG by entering this command:

    config pmipv6 mag lma lma-name ipv4-address ip-address

  • Add an APN for a MAG by entering this command:

    config pmipv6 mag apn apn-name

    A MAG can be configured for one of the different roles:
    • 3gpp—Specifies the role as 3GPP (Third Generation Partnership Project standard)
    • lte—Specifies the role as Long Term Evolution (LTE) standard
    • wimax—Specifies the role as WiMax
    • wlan—Specifies the role as WLAN
    Note 

    By default, the MAG role is WLAN. However, for the lightweight access points, the MAG role should be configured as 3GPP. If the MAG role is 3GPP, it is mandatory to specify an APN for the MAG.

  • Delete an APN by entering this command:

    config pmipv6 delete mag apn apn-name

Step 3

Add a profile to a PMIPv6 domain by entering this command:

config pmipv6 add profile profile-name nai {user@realm | @realm | *} lma lma-name apn apn-name

Note 

nai stands for network access identifier, while apn stands for access point name.

Step 4

Delete a PMIPv6 entity by entering this command:

config pmipv6 delete {domain domain-name | lma lma-name | profile profile-name nai {user@realm | @realm | *}}

Step 5

Configure the PMIPv6 parameters for the WLAN by using these commands:

  • Configure the default realm for the WLAN by entering this command:

    config wlan pmipv6 default-realm {realm-name | none} wlan-id

  • Configure the mobility type for a WLAN or for all WLANs by entering this command:

    config wlan pmipv6 mobility-type {enable | disable} {wlan-id | all}

  • Configure the profile name for a PMIPv6 WLAN by entering this command:

    config wlan pmipv6 profile-name {none | name} wlan-id

Step 6

Save your changes by entering this command:

save config
Step 7

See the PMIPv6 configuration details by using the following show commands:

  • See the details of a profile of a PMIPv6 domain by entering this command:

    show pmipv6 domain domain-name profile profile-name

  • See a summary of all the PMIPv6 profiles by entering this command:

    show pmipv6 profile summary

  • See global information about the PMIPv6 for a MAG by entering this command:

    show pmipv6 mag globals

  • See information about MAG bindings for LMA or NAI by entering this command:

    show pmipv6 mag bindings {lma lma-name | nai nai-name}

  • See statistical information about MAG by entering this command:

    show pmipv6 mag stats domain domain-name peer peer-name

  • See information about PMIPv6 for all clients by entering this command:

    show client summary

  • See information about PMIPv6 for a client by entering this command:

    show client details client-mac-address

  • See information about PMIPv6 for a WLAN by entering this command:

    show wlan wlan-id