Wireless PMIPv6 (MAG on WLC) Flow with WLC Debugs and Captures
Available Languages
Contents
Introduction
This document describes the key terminologies involved and the client connectivity process flow for a PMIPv6 enabled WLAN on the Wireless LAN Controller (WLC).
Contributed by Chetan Pissay, Cisco TAC Engineer.
Background Information
Proxy Mobile IPv6 or PMIPv6 or PMIP is a network-based mobility solution for a wireless client. This implies that the client can potentially roam between LTE and WiFi as well as Inter-Controller WLAN Roaming and even seamlessly perform Inter-Vendor WLAN roaming.
The client retains the same IP address, gateway address, DHCP server, and a single anchor point. The major difference for a wireless client connecting to a WLAN configured for PMIPv6 from that of regular WLANs is how DHCP and client traffic is handled.
Terminologies
- The Local Mobility Anchor (LMA) will be the anchor point which assigns and maintains the IP address of the client and handles client traffic routing. The LMA is usually an ASR5K or ASR1K router.
- The Mobile Access Gateway (MAG) plays the role of mediator, it will perform mobility management on behalf of the wireless client and also handle the actual DHCP transaction. This will form a bi-directional tunnel with the LMA to receive and forward client traffic. This tunnel is a static GRE tunnel and UDP port 5436 is used as both source and destination ports.
In this case, the MAG will be the Wireless Controller. However, we can also have the MAG as a Flexconnect AP as well.
-
The client is referred to as Mobile Node (MN) and it's IP address as Home Address (HOA).
-
Network Access Identifier (NAI) is a unique identifier for the client which can be used to route traffic destined to it, instead of using an IP address.
This will be of the form of mac-address@realm.
- NAI realm is usually in the form of a domain name such as cisco.com. This will be used to identify what "network" the client should belong to. In Wireless terms, this substitutes for the dynamic interface which maps the required VLAN onto the client.
This is configured on the WLAN and will also determine which LMA the MAG will form the bi-directional tunnel with.
For further information on IP Mobility terms, refer to https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mob_ip/configuration/15-mt/mob-ip-15-mt-book/imo-nai-haa.html
Flow
-
A PMIP client will complete 802.11 Association and any Layer 2 Authentication configured on the WLAN.
*apfMsConnTask_2: Jun 18 14:50:40.023: [PA] 00:23:c2:db:29:2d 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_2: Jun 18 14:50:40.023: [PA] 00:23:c2:db:29:2d 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2) - Once L2 Authentication is complete, before advancing the client to the next stage, the MAG will inform the LMA about this client and request for an IP address for it. In technical terms, the MAG will send a Proxy Binding Update(PBU) to the LMA. The LMA will reply back with a Proxy Binding Acknowledgement(PBA).
-
The WLC will then act as a DHCP server for the client and perform the DHCP transactions with it based on the information it has received from the LMA.
Enabling DHCP proxy is not necessary, however enabling it would mean the client will see the virtual interface IP of the WLC as the DHCP server address. In this example, the DHCP proxy was enabled.
PMIPv6 Events Breakdown with WLC Debugs and Packet Captures
Components Used
MAG: WLC 3504 running 8.8.120.0
LMA: ASR1K running 3.13.10S
AP: AIR-CAP3802-D-K9
WLC IP: 10.106.35.111
Virtual Interface IP: 192.0.2.1
Router IP: 10.106.37.40
Client IP (Received via DHCP): 192.168.5.44
Debug Commands Used
(Cisco Controller) >debug client <mac-addr>
(Cisco Controller) >debug proxy-mobility all enable
Packet captures taken at WLC uplink port.
First, as soon as the client completes L2 Authentication, an L2 Attach trigger is seen on the MAG
---------Truncated----------
*PMIPV6_Thread_2: Jun 18 14:50:40.023: [PA]
[PMIPV6_MAG_EVENT]: Trigger request received (L2 Attach trigger) from (0023.c2db.292d)
*PMIPV6_Thread_2: Jun 18 14:50:40.023: [PA]
[PMIPV6_MAG_EVENT]: Event received New MN intf attached in state: NULL, new state: INIT
---------Truncated----------
The PMIP Binding Update message for the client is prepared with the nai visible in the log.
---------Truncated----------
*PMIPV6_Thread_2: Jun 18 14:50:40.023: [PA]
[PMIPV6_MAG_INFO]: PBU message nai(0023.c2db.292d@ciscotacbangalore.com), nai len: 15, hoa(0), att(4) llid(0023.c2db.292d) , ll len: 16 seqNo:9465
---------Truncated----------
The binding update request packet is sent by the MAG to the LMA
---------Truncated----------
*PMIPV6_Thread_2: Jun 18 14:50:40.023: [PA]
[PMIPV6_MM] Sending UDP Packet, src: 0x0a6a236f, dst: 0x0a6a2528, sport: 5436, dport:5436
---------Truncated----------
0x0a6a236f = IP Address of MAG
0x0a6a2528 = IP Address of LMA
The request for client IP and default router address is seen here:
---------Truncated----------
*PMIPV6_Thread_2: Jun 18 14:50:40.023: [PA]
[PMIPV6_MM] V4HOAREQ option included len 6 val 0
*PMIPV6_Thread_2: Jun 18 14:50:40.023: [PA]
[PMIPV6_MM] V4DFT_RTR option included len 6 val 0
*PMIPV6_Thread_2: Jun 18 14:50:40.023: [PA]
[PMIPV6_MAG_EVENT]: PBU message sent
---------Truncated----------
The response is received as a Binding Update Ack along with the IP address to be assigned to the client and default router address.
---------Truncated----------
*PMIPV6_Thread_0: Jun 18 14:50:40.026: [PA]
[PMIPV6_MM] NAI option received len 15
*PMIPV6_Thread_0: Jun 18 14:50:40.026: [PA]
[PMIPV6_MM] V4HOAREPLY option received len 6 val 3232236844
---------Truncated----------
3232236844 = IP address of MN returned by LMA from the IP Pool in Decimal.
---------Truncated----------
*PMIPV6_Thread_0: Jun 18 14:50:40.026: [PA]
[PMIPV6_MM] V4DFT_RTR option received len 6 val 3232236801
---------Truncated----------
3232236801 = Default router address in Decimal
MAG Binding state is changed to Active.
---------Truncated----------
*PMIPV6_Thread_2: Jun 18 14:50:40.026: [PA]
[PMIPV6_MAG_EVENT]: Event received PBA accept in state: INIT, new state: ACTIVE
*PMIPV6_Thread_2: Jun 18 14:50:40.026: [PA]
[PMIPv6_MM] L2 Attach Status: Success
---------Truncated----------
This will follow the client state changing to DHCP_REQD and regular DHCP logs are seen. DHCP packet transaction will only be between the WLC and the client as the WLC has already received the IP address, subnet mask and router address to include in the DHCP Offer/Ack packets.
---------Truncated----------
*apfMsConnTask_2: Jun 18 14:50:40.023: [PA] 00:23:c2:db:29:2d 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*DHCP Socket Task: Jun 18 14:50:40.235: [PA] 00:23:c2:db:29:2d DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Jun 18 14:50:40.236: [PA] 00:23:c2:db:29:2d DHCP transmitting DHCP OFFER (2)
*DHCP Socket Task: Jun 18 14:50:41.072: [PA] 00:23:c2:db:29:2d DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Jun 18 14:50:41.074: [PA] 00:23:c2:db:29:2d DHCP transmitting DHCP ACK (5)
---------Truncated----------
Verify
Use this section in order to confirm that your configuration works properly.
Client status can be confirmed with these outputs on the WLC:
(Cisco Controller) >show pmipv6 mag binding
[Binding][MN]: Domain: D1, Nai: 0023.c2db.292d@ciscotacbangalore.com
[Binding][MN]: State: ACTIVE
[Binding][MN]: Interface: Management
[Binding][MN]: Hoa: 0xc0a8052c, att: 3, llid: 0023.c2db.292d
[Binding][MN][LMA]: Id: LMA1
[Binding][MN][LMA]: lifetime: 3600
[Binding][MN][GREKEY]: Upstream: 100, Downstream: 1
(Cisco Controller) >show client detail 00:23:c2:db:29:2d
---------Truncated----------
Client Type...................................... PMIPv6
PMIPv6 State..................................... Complete
PMIPv6 MAG location.............................. WLC
---------Truncated----------
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)