What does campus mobility mean?
Answer: Campus mobility refers to mobility within a single administrative domain. The main assumption in this model is that communication is within the campus (intranet), and no roaming exists across global Internet connectivity.
What is a AAA server? How does it help in a Mobile IP deployment?
Answer: A AAA server is a centralized database that can store and maintain security associations, and manage network function. It is helpful to incorporate a AAA server into the network architecture for scalability reasons. If a Home Agent is supporting hundreds or thousands of Mobile Nodes, these MN-HA security associations can be stored on the AAA server instead of the Home Agent, freeing memory on the Home Agent.
When using a AAA server in the home network, which of the following statements is true?
The Mobile Node shares a security association with the AAA server and not the Home Agent, and thus the AAA server authenticates the RRQ and informs the Home Agent whether the request should be accepted or denied.
The AAA server allows administrative functions to be streamlined.
The MHAEs are stored on the AAA server, and the Home Agent consults the AAA server to retrieve a security association upon receiving a RRQ.
The AAA server and Home Agent must share a security relationship.
Answer: b, c, and d. The AAA server is a centralized database that can store security associations and is efficient in streamlining administrative functions. The AAA server does not authenticate a Mobile Node per se, but rather it provides the requesting Home Agent with the security association through a AAA protocol, for example, RADIUS or TACACS+. Because the AAA server and Home Agent exchange critical information, they must share a security association.
What is RADIUS? Why is RADIUS recommended over TACACS+ for use in a Mobile IP deployment?
Answer: RADIUS is a AAA protocol that provides authentication and accounting services in a client/server model. RADIUS uses UDP as the transport mechanism and only encrypts the password portion of packets, with the remainder of the packet sent in the clear. Thus, RADIUS is considered lighter-weight than TACACS+.
Describe the Cisco IOS feature that mitigates the latency involved in processing a Mobile Node's RRQ when the Home Agent must consult the AAA server for the Mobile Node's security association.
Answer: Security association caching is a mechanism that allows the security association to be locally stored on the Home Agent after it has been retrieved from the AAA server. The next time the Home Agent has to authenticate the Mobile Node, it only needs to consult its local cache. Depending on configuration, the security association can either be deleted from cache automatically after a binding terminates or can be kept permanently on the Home Agent. The security associations can also be manually cleared.
What is ZeCC?
Answer: ZeCC stands for Zero Configuration Client. It is designed to provide dynamic MN-HA key generation by integrating with a commonly deployed authentication infrastructure.
What are the two Home Agent formations in the Cisco Home Agent Redundancy feature?
Answer: The two Home Agent formations in the Cisco Home Agent Redundancy feature are the active-standby formation and peer-peer formation.
Briefly describe the updating function in the Cisco Home Agent Redundancy feature.
Answer: When an RRQ is accepted by the active/peer Home Agent, the binding is updated/created on the standby/peer Home Agent. This process keeps the mobility binding table synchronized between the Home Agents. Note that an active Home Agent assumes the lead Home Agent role and receives all the RRQs from Mobile Nodes. It then updates the standby Home Agent with the necessary binding information. In the case of the peer configuration model, the peer Home Agents share the lead Home Agent role and either of them can receive the RRQs from the Mobile Nodes. They update each other accordingly.
Briefly describe the downloading function in the Cisco Home Agent Redundancy feature.
Answer: A Home Agent downloads the mobility binding table from the active/peer Home Agent immediately upon assuming the standby/peer Home Agent role. The standby/peer Home Agent ensures that it has downloaded the entire mobility binding table through a reliability mechanism. This process ensures that the standby/peer Home Agent has a copy of the current mobility binding table before providing backup Home Agent service.
Which of the following statements are true about the Cisco Home Agent Redundancy feature?
The active Home Agent and standby Home Agent both receive an incoming RRQ and set up the mobility binding. Only the active Home Agent responds with the RRP.
One of the Home Agents in the redundancy group receives the incoming RRQ and updates the standby Home Agent with the mobility binding.
All Home Agents in the redundancy group must share a security association.
The standby Home Agent keeps track of all active mobility bindings, but it only sets up the Mobile IP tunnels upon becoming the active Home Agent.
Answer: b and c. Only one Home Agent can receive an incoming RRQthe active Home Agent if the RRQ is addressed to the redundancy group address or either Home Agent if the RRQ is addressed to the loopback address configured similarly on all Home Agents in the redundancy group. The standby/peer Home Agent also sets up the Mobile IP tunnels upon being updated with mobility bindings.