Problem
You want to configure a router to act as a Mobile Node.
Solution
The configuration required to make a router act as a Mobile Node must specify the Home Agent and match its authentication parameters:
RouterMobile#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RouterMobile(config)#router mobile RouterMobile(config-router)#exit RouterMobile(config)#ip mobile secure home-agent 192.168.9.1 spi 100 key ascii cookbook RouterMobile(config)#ip mobile router RouterMobile(mobile-router)#address 192.168.10.112 255.255.255.0 RouterMobile(mobile-router)#home-agent 192.168.9.1 RouterMobile(mobile-router)#exit RouterMobile(config)#interface FastEthernet0/0 RouterMobile(config-if)#ip address 192.168.10.112 255.255.255.0 RouterMobile(config-if)#ip irdp RouterMobile(config-if)#ip mobile router-service roam RouterMobile(config-if)#ip mobile router-service solicit RouterMobile(config-if)#exit RouterMobile(config)#end RouterMobile#
Discussion
Starting in IOS Version 12.2(4)T, Cisco introduced the ability for a router to act as a Mobile Node. This may sound somewhat strange because routers don't generally get up and roam around the network. But, in fact, it makes a great deal of sense to have this capability. For example, in the Introduction to this chapter we mentioned the idea of putting a mobile network on a train. In this example, users on the train can connect to a local network segment and let the router handle the task of roaming from one subnet to the next as it passes a series of access points along the track. This kind of scenario was even noted in the original IP Mobility RFC.
As we previously saw in Recipes 24.2 and 24.3, the first thing you must do is to enable the IP Mobility feature set:
RouterMobile(config)#router mobile RouterMobile(config-router)#exit
Next we define the authentication key to allow this Mobile Node to connect to the Home Agent that we defined back in Recipe 24.2:
RouterMobile(config)#ip mobile secure home-agent 192.168.9.1 spi 100 key ascii cookbook
Note that the SPI values and keys must match, and the IP address must be the Home Agent address specified in the ip mobile home-agent address command on the Home router.
Then we must configure the information that the Mobile Node needs to register with the Foreign and Home Agents:
RouterMobile(config)#ip mobile router RouterMobile(mobile-router)#address 192.168.10.112 255.255.255.0 RouterMobile(mobile-router)#home-agent 192.168.9.1
And, finally, we configure the interface that this router will use to connect to the Foreign Agent router:
RouterMobile(config)#interface FastEthernet0/0 RouterMobile(config-if)#ip address 192.168.10.112 255.255.255.0 RouterMobile(config-if)#ip irdp RouterMobile(config-if)#ip mobile router-service roam RouterMobile(config-if)#ip mobile router-service solicit
Note that we have had to configure IRDP here, just as we did in Recipe 24.3. This allows the Mobile Node to solicit the Foreign Agent for its address. We have also configure two ip mobile router-service commands to identify that this is the roaming interface and to allow this router to use IRDP to solicit for a Foreign Agent on this interface.
Since this is a router, you could then configure a local interface that will support the users who roam with the router, such as the commuters in the train car mentioned earlier:
RouterMobile(config)#interface FastEthernet0/1 RouterMobile(config-if)#ip address 192.168.20.1 255.255.255.0
Once the tunnels are established, the router will learn about all foreign networks via the Foreign Agent:
RouterMobile#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 192.168.110.1 to network 0.0.0.0 192.168.110.0/32 is subnetted, 1 subnets M 192.168.110.1 [3/1] via 192.168.110.1, 00:24:14, FastEthernet0/0 192.168.9.0/32 is subnetted, 1 subnets M 192.168.9.1 [3/1] via 192.168.110.1, 00:24:14, FastEthernet0/0 C 192.168.10.0/24 is directly connected, FastEthernet0/0 C 192.168.20.0/24 is directly connected, Loopback0 M* 0.0.0.0/0 [3/1] via 192.168.110.1, 00:24:14, FastEthernet0/0 RouterMobile#
We note in passing that the Home Agent does not, by default, learn about other subnets that the Mobile Router might be supporting. So users on these subnets will have connectivity problems with this minimal configuration. Perhaps the most reliable solution to this problem is to configure iBGP peer relationships between the Mobile Routers and the Home Agent and redistribute this routing information into the IGP. Please refer to Chapter 9 for more information on BGP.
Authenticating with the Foreign Agent
The configurations shown in this recipe and Recipes 24.2 and 24.3 will in principle allow the Mobile Node to use any Foreign Node. However, sometimes this is not desirable. For added security, you can configure the Foreign Node to require an additional layer of authentication between the Mobile Node and itself.
To do this, you would configure the Mobile Node to authenticate with the Foreign Agent as follows:
RouterMobile(config)#ip mobile secure foreign-agent 192.168.110.1 spi 200 key ascii oreilly
And you would configure the same SPI and key values on the Foreign Agent router:
RouterForeign(config)#ip mobile secure visitor 192.168.10.112 spi 200 key ascii oreilly
Note that if you are going to use this sort of authentication, you must set up authentication on the Mobile node for every possible Foreign Agent that it would connect to, and you must configure the Foreign Agents for every possible Mobile Node that will connect to them. This is unfortunately complicated by the fact that the Mobile Node can't communicate with an AAA server, so all of these keys must be configured manually on at least the Mobile Node.
See Also
Recipe 24.2; Recipe 24.3; Chapter 9
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index