- Configuring Mobile IP
- Mobile IP MIB Support for SNMP
- Mobile IP NAT Detect
- Mobile IP Support for Foreign Agent Reverse Tunneling
- Mobile IP Challenge and Response Extensions
- Mobile IP Generic NAI Support and Home Address Allocation
- Mobile IP Home Agent Policy Routing
- Mobile IP Home Agent Accounting
- Mobile IP Dynamic Security Association and Key Distribution
- Mobile IP Support for RFC 3519 NAT Traversal
- Mobile IPv6 High Availability
- IPv6 ACL Extensions for Mobile IPv6
- Mobile IPv6 Home Agent
- IPv6 NEMO
- Index
Contents
- Mobile IP Home Agent Accounting
- Finding Feature Information
- Prerequisites for Mobile IP Home Agent Accounting
- Information About Mobile IP Home Agent Accounting
- Service Selection Gateway
- Feature Design of Home Agent Accounting
- Message Types
- Message Formats
- Benefits of Home Agent Accounting
- How to Configure Mobile IP Home Agent Accounting
- Configuring AAA
- Configuring RADIUS
- Enabling Home Agent Accounting
- Troubleshooting Tips
- Configuration Examples for Mobile IP Home Agent Accounting
- Home Agent Accounting Example
- Additional References
- Command Reference
- Glossary
Mobile IP Home Agent Accounting
In Cisco IOS Mobile IP, the home agent keeps track of the location of the mobile node as it roams away from its home network and forwards all traffic destined to the mobile node to its new location on the Internet. The Mobile IP--Home Agent Accounting feature allows the home agent to generate the following three new accounting messages that are forwarded to the authentication, authorization, and accounting (AAA) server or the Service Selection Gateway (SSG):
The SSG can act as the proxy server for the AAA server and acknowledge the accounting messages sent by the home agent. The accounting records generated by the home agent can be stored on the AAA server and be used by Internet service providers (ISPs) for billing, capacity planning, and operations.
Feature Specifications for the Mobile IP: Home Agent Accounting Feature
|
Feature History |
|
|---|---|
|
Release |
Modification |
|
12.2(15)T |
This feature was introduced. |
|
Supported Platforms |
|
|
For platform supported in Cisco IOS Release 12.2(15)T consult Cisco Feature Navigator. |
- Finding Feature Information
- Prerequisites for Mobile IP Home Agent Accounting
- Information About Mobile IP Home Agent Accounting
- How to Configure Mobile IP Home Agent Accounting
- Configuration Examples for Mobile IP Home Agent Accounting
- Additional References
- Command Reference
- Glossary
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Mobile IP Home Agent Accounting
Because home agent accounting generates messages for the AAA server, the network should have a reachable AAA server or SSG.
Information About Mobile IP Home Agent Accounting
Service Selection Gateway
The SSG is a switching solution for service providers that offer intranet, extranet, and Internet connections to subscribers using broadband access technology such as digital subscriber lines (DSL), cable modems, or wireless to allow simultaneous access to network services.
The SSG communicates with the AAA management network where RADIUS, Dynamic Host Configuration Protocol (DHCP), and Simple Network Management Protocol (SNMP) servers reside and with the ISP network, which may connect to the Internet, corporate networks, and value-added services.
SSG is designed and deployed such that all network traffic passes through it.
Feature Design of Home Agent Accounting
The SSG collects all the statistics information because all network traffic passes through it. However, it does not have the Mobile IP session information that the home agent maintains. The session information tracks how long a mobile node session lasts.
 Note | This feature was developed for the SSG to act as the proxy server for the AAA. However, this feature works equally well without the SSG and any standard AAA server can accept home agent accounting messages. |
For each mobile node, the home agent sends this session information to the SSG in the form of messages, which are described in the following sections. The SSG forwards the messages to the AAA server as shown in the figure below.
Message Types
The following messages are sent from the home agent to the SSG or AAA server:
Accounting Start
The home agent sends an Accounting Start message to the SSG/AAA when a mobile node successfully registers for the first time. This indicates the start of a new Mobile IP session for a mobile node.
In the case of a redundant home agent, a standby home agent will send an Accounting Start message only when it becomes active and does not have any bindings. This allows the SSG to maintain host objects for mobile nodes on the failed home agent.
Accounting Update
The home agent generates an Accounting Update message when the mobile node changes its point of attachment (POA) in the mobile network. For a Mobile IP session, this corresponds to a successful re-registration from a mobile node when it changes its care-of address (CoA). The CoA is the current location of the mobile node on the foreign network.
Accounting Stop
The home agent sends an Accounting Stop message to indicate that the Mobile IP session has ended. This occurs when the lifetime of the mobile node expires, when the mobile node sends a successful deregisration request, or when the home agent is unconfigured by a network administrator.
Message Formats
All the messages contain only the following information:
Network access identifier (NAI). This field is the name of the mobile node. The NAI is a character string that can be a unique identifier (username@realm) or a group identifier (realm).
Network access server (NAS) IP. This field is the IP address of the accounting node. The home agent is the accounting node, so this field contains the home agent address.
Framed IP address. This field is the IP address of the mobile node. Typically, the home agent will allocate an IP address to a mobile node after successful registration.
Point of attachment (POA). This field indicates the POA for the mobile node on the network. For a Mobile IP session, this is the care-of address of the mobile node.
The message format is shown in the table below, including the RADIUS attribute number, which is transparent to the Mobile IP--Home Agent Accounting feature.
|
RADIUS Attribute Number |
Attribute |
Description |
|---|---|---|
|
1 |
NAI/User-Name |
Mobile node user name. |
|
4 |
NAS IP Address |
Accounting node IP address |
|
8 |
Framed IP Address |
IP address of the mobile node. |
|
66 |
Tunnel-Client-Endpoint |
This attribute is used to indicate POA/CoA address, because there is no CoA attribute. This choice of attribute works because the Mobile IP tunnel terminates on the CoA/POA and qualifies as Tunnel-Client-Endpoint. |
|
40, 2 |
Acct_status_type |
Indicates the accounting Start/Stop/Update for the service. |
Benefits of Home Agent Accounting
The Mobile IP--Home Agent Accounting feature allows ISPs to bill consumers based on the usage of the service. The accounting information is stored on a AAA server database and used by billing software to charge for service usage for each mobile node. The ISPs can use this accounting information for billing, capacity planning, and operations.
How to Configure Mobile IP Home Agent Accounting
Configuring AAA
Access control is the way you manage who has user access to the network server and what services the users are allowed to use. AAA network security services provide the primary framework through which you set up access control on your router or access server.
1.
enable
2.
configure
terminal
3.
aaa
new-model
4.
aaa
accounting
network
{default | list-name} start-stop group group-name
5.
aaa
accounting
update
newinfo
DETAILED STEPS
Configuring RADIUS
RADIUS is a method for defining the exchange of AAA information in the network. In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a RADIUS server that contains all user authentication and network server access information.
1.
enable
2.
configure
terminal
3.
radius-server
host
{hostname | ip-address}[auth-port port-number] [acct-port port-number]
4.
radius-server
retransmit
retries
5.
radius-server
key
{0 string |7 string | string}
6.
radius-server
attribute
44
include-in-access-req
DETAILED STEPS
Enabling Home Agent Accounting
To enable home agent accounting, use the following commands:
1.
enable
2.
configure
terminal
3.
ip
mobile
home-agent
accounting
{default |
list-name}
4.
ip
mobile
home-agent
address
ip-address
5.
ip
mobile
host
{lower[upper] |
nai
string} {interface
name}
6.
ip
mobile
secure
{host {lower-address[upper-address]|
nai
string}
spi
spi
key
hex
string
algorithm {md5 |
hmac-md5}
mode
prefix-suffix
7.
end
8.
show
ip
mobile
globals
DETAILED STEPS
Examples
The following sample output shows the home agent accounting status:
Router# show ip mobile globals
IP Mobility global information:
Home Agent
Registration lifetime: INFINITE
Broadcast enabled
Replay protection time: 10 secs
Reverse tunnel enabled
ICMP Unreachable enabled
Strip realm disabled
NAT detect disabled
HA Accounting enabled using method list: mylist
Address 10.3.3.1
Foreign Agent is not enabled, no care-of address
Mobility Agent
1 interfaces providing service
Encapsulations supported: IPIP and GRE
Tunnel fast switching enabled
Discovered tunnel MTU aged out after 1:00:00
Troubleshooting Tips
In the event that home agent accounting is not operating correctly, use the following debug commands in privileged EXEC mode to determine where the problem may exist:
debug aaa accounting
debug radius
debug ip mobile
See the Cisco IOS Debug Command Reference publication for information about these commands.
Configuration Examples for Mobile IP Home Agent Accounting
Home Agent Accounting Example
In the following example, an accounting method list called mylist is created for network accounting. The accounting method list, mylist , is applied at the home agent, which enables home agent accounting.
! aaa new-model ! ! aaa accounting mylist start-stop group radius aaa accounting update newinfo ! ! ip mobile home-agent accounting mylist address 10.3.3.1 ip mobile host 10.3.3.2 10.3.3.5 interface Ethernet2/2 ip mobile secure host 10.3.3.2 spi 1000 key hex 123456781234567812345678123245678 algorithm md5 mode prefix-suffix ! ! radius-server host 128.107.162.173 auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server key cisco
Additional References
For additional information related to Mobile IP--Home Agent Accounting feature, refer to the following references:
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Mobile IP configuration tasks |
"Configuring Mobile IP" chapter in theCisco IOS IP Configuration Guide, Release 12.2 |
|
Mobile IP commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
"Mobile IP Commands" chapter in theCisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2T |
|
AAA configuration tasks |
Cisco IOS Security Configuration Guide, Release 12.2 |
|
AAA commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
Cisco IOS Security Command Reference, Release 12.2T |
|
RADIUS configuration tasks |
Cisco IOS Security Configuration Guide, Release 12.2 |
|
RADIUS commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
Cisco IOS Security Command Reference, Release 12.2T |
|
SSG configuration tasks and commands |
"Service Selection Gateway " feature document, Release 12.2(8)T |
Standards
|
Standards |
Title |
|---|---|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIBs
|
MIBs |
MIBs Link |
|---|---|
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
RFCs
|
RFCs |
Title |
|---|---|
|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. |
-- |
Technical Assistance
|
Description |
Link |
|---|---|
|
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and lots more. Registered Cisco.com users can log in from this page to access even more content. |
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS IP Mobility Command Reference at http://www.cisco.com/en/US/docs/ios/ipmobility/command/reference/imo_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List .
Glossary
care-of address --The termination point of the tunnel to a mobile node or mobile router. This can be a collocated care-of address, by which the mobile node or mobile router acquires a local address and detunnels its own packets, or a foreign agent care-of address, by which a foreign agent detunnels packets and forwards them to the mobile node or mobile router. The care-of address is included in the Mobile IP registration request and is used by the home agent to forward packets to the mobile node in its current location.
foreign agent --A router on the visited network of a foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the home agent of the mobile node. For packets sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.
home agent --A router on a home network of the mobile node or that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding.
mobile node --A host or router that changes its point of attachment from one network or subnet to another. A mobile node may change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its home IP address, assuming that link-layer connectivity to a point of attachment is available.
NAI --Network access identifier. The user ID submitted by the mobile node during registration to identify the user for authentication. The NAI may help route the registration request to the correct home agent.
Note | Refer to the Internetworking Terms and Acronyms for terms not included in this glossary. |