Making a Router a Mobile Node

Problem

You want to configure a router to act as a Mobile Node.

Solution

The configuration required to make a router act as a Mobile Node must specify the Home Agent and match its authentication parameters:

RouterMobile#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterMobile(config)#router mobile
RouterMobile(config-router)#exit
RouterMobile(config)#ip mobile secure home-agent 192.168.9.1 spi 100 key ascii cookbook
RouterMobile(config)#ip mobile router
RouterMobile(mobile-router)#address 192.168.10.112 255.255.255.0
RouterMobile(mobile-router)#home-agent 192.168.9.1
RouterMobile(mobile-router)#exit
RouterMobile(config)#interface FastEthernet0/0
RouterMobile(config-if)#ip address 192.168.10.112 255.255.255.0
RouterMobile(config-if)#ip irdp
RouterMobile(config-if)#ip mobile router-service roam
RouterMobile(config-if)#ip mobile router-service solicit
RouterMobile(config-if)#exit
RouterMobile(config)#end
RouterMobile#

 

Discussion

Starting in IOS Version 12.2(4)T, Cisco introduced the ability for a router to act as a Mobile Node. This may sound somewhat strange because routers don't generally get up and roam around the network. But, in fact, it makes a great deal of sense to have this capability. For example, in the Introduction to this chapter we mentioned the idea of putting a mobile network on a train. In this example, users on the train can connect to a local network segment and let the router handle the task of roaming from one subnet to the next as it passes a series of access points along the track. This kind of scenario was even noted in the original IP Mobility RFC.

As we previously saw in Recipes 24.2 and 24.3, the first thing you must do is to enable the IP Mobility feature set:

RouterMobile(config)#router mobile
RouterMobile(config-router)#exit

Next we define the authentication key to allow this Mobile Node to connect to the Home Agent that we defined back in Recipe 24.2:

RouterMobile(config)#ip mobile secure home-agent 192.168.9.1 spi 100 key ascii cookbook

Note that the SPI values and keys must match, and the IP address must be the Home Agent address specified in the ip mobile home-agent address command on the Home router.

Then we must configure the information that the Mobile Node needs to register with the Foreign and Home Agents:

RouterMobile(config)#ip mobile router
RouterMobile(mobile-router)#address 192.168.10.112 255.255.255.0
RouterMobile(mobile-router)#home-agent 192.168.9.1

And, finally, we configure the interface that this router will use to connect to the Foreign Agent router:

RouterMobile(config)#interface FastEthernet0/0
RouterMobile(config-if)#ip address 192.168.10.112 255.255.255.0
RouterMobile(config-if)#ip irdp
RouterMobile(config-if)#ip mobile router-service roam
RouterMobile(config-if)#ip mobile router-service solicit

Note that we have had to configure IRDP here, just as we did in Recipe 24.3. This allows the Mobile Node to solicit the Foreign Agent for its address. We have also configure two ip mobile router-service commands to identify that this is the roaming interface and to allow this router to use IRDP to solicit for a Foreign Agent on this interface.

Since this is a router, you could then configure a local interface that will support the users who roam with the router, such as the commuters in the train car mentioned earlier:

RouterMobile(config)#interface FastEthernet0/1
RouterMobile(config-if)#ip address 192.168.20.1 255.255.255.0

Once the tunnels are established, the router will learn about all foreign networks via the Foreign Agent:

RouterMobile#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.110.1 to network 0.0.0.0

 192.168.110.0/32 is subnetted, 1 subnets
M 192.168.110.1 [3/1] via 192.168.110.1, 00:24:14, FastEthernet0/0
 192.168.9.0/32 is subnetted, 1 subnets
M 192.168.9.1 [3/1] via 192.168.110.1, 00:24:14, FastEthernet0/0
C 192.168.10.0/24 is directly connected, FastEthernet0/0
C 192.168.20.0/24 is directly connected, Loopback0
M* 0.0.0.0/0 [3/1] via 192.168.110.1, 00:24:14, FastEthernet0/0
RouterMobile#

We note in passing that the Home Agent does not, by default, learn about other subnets that the Mobile Router might be supporting. So users on these subnets will have connectivity problems with this minimal configuration. Perhaps the most reliable solution to this problem is to configure iBGP peer relationships between the Mobile Routers and the Home Agent and redistribute this routing information into the IGP. Please refer to Chapter 9 for more information on BGP.

Authenticating with the Foreign Agent

The configurations shown in this recipe and Recipes 24.2 and 24.3 will in principle allow the Mobile Node to use any Foreign Node. However, sometimes this is not desirable. For added security, you can configure the Foreign Node to require an additional layer of authentication between the Mobile Node and itself.

To do this, you would configure the Mobile Node to authenticate with the Foreign Agent as follows:

RouterMobile(config)#ip mobile secure foreign-agent 192.168.110.1 spi 200 key ascii oreilly

And you would configure the same SPI and key values on the Foreign Agent router:

RouterForeign(config)#ip mobile secure visitor 192.168.10.112 spi 200 key ascii oreilly

Note that if you are going to use this sort of authentication, you must set up authentication on the Mobile node for every possible Foreign Agent that it would connect to, and you must configure the Foreign Agents for every possible Mobile Node that will connect to them. This is unfortunately complicated by the fact that the Mobile Node can't communicate with an AAA server, so all of these keys must be configured manually on at least the Mobile Node.

See Also

Recipe 24.2; Recipe 24.3; Chapter 9


Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net