Proxy Mobile IPv6 Local Mobility Anchor

Local Mobility Anchor (LMA) acts as the home agent for a mobile node (MN) in a Proxy Mobile IPv6 domain, which is the network where the mobility management of an MN is handled using the Proxy Mobile IPv6 (PMIPv6) protocol. LMA is the topological anchor point for the MN’s home network prefix(es) and is the entity that manages the MN’s binding state. This module explains how to configure LMA.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Proxy Mobile IPv6 LMA

You must configure the IPv4 and IPv6 address pool for LMA to assign IPv4 or IPv6 addresses.

Information About Proxy Mobile IPv6 Support for LMA Functionality

Proxy Mobile IPv6 Overview

Proxy Mobile IPv6 (PMIPv6) provides network-based IP Mobility management to a mobile node (MN), without requiring the participation of the MN in any IP mobility-related signaling. The mobility entities in the network track the movements of the MN, initiate the mobility signaling, and set up the required routing state.

The major functional entities of PMIPv6 are Mobile Access Gateways (MAGs), Local Mobility Anchors (LMAs), and MNs.

Mobile Access Gateways

Mobile Access Gateway (MAG) performs mobility-related signaling on behalf of the mobile nodes (MN) attached to its access links. MAG is the access router for the MN; that is, MAG is the first-hop router in the localized mobility management infrastructure.

MAG performs the following functions:

  • Obtains an IP address from Local Mobility Anchor (LMA) and assigns it to MN.

  • Retains the IP address of an MN when the MN roams across MAGs.

  • Tunnels traffic from MN to LMA.

Local Mobility Anchor

Local Mobility Anchor (LMA) is the home agent for a mobile node (MN) in a Proxy Mobile IPv6 (PMIPv6) domain. It is the topological anchor point for MN home network prefixes and manages the binding state of an MN. An LMA has the functional capabilities of a home agent as defined in the Mobile IPv6 base specification (RFC 3775) along with the capabilities required for supporting the PMIPv6 protocol.


Note

Use the dynamic mag learning command to enable LMA to accept Proxy Mobile IPv6 (PMIPv6) signaling messages from any Mobile Access Gateway (MAG) that is not configured locally.


Mobile Node

Mobile node (MN) is an IP host and the mobility of the MN is managed by a network. MN can be an IPv4-only node, an IPv6-only node, or a dual-stack node, which is a node with IPv4 and IPv6 protocol stacks. MN is not required to participate in any IP mobility-related signaling for achieving mobility for an IP address or a prefix that is obtained in the Proxy Mobile IPv6 (PMIPv6) domain.

VRF-Aware LMA

The VRF Aware LMA feature is an enhancement that enables VRF awareness support on Local Mobility Anchor (LMA). This feature includes the following capabilities:
  • Awareness of multiple customers belonging to different VRFs.
  • Peer with multiple mobile operators for transport towards the Customer Premises Equipment (CPE) or Mobile Access Gateway (MAG) devices in separate peering or transport VRFs.

AAA Server Attributes for Proxy Mobile IPv6

If an authentication, authorization, and accounting (AAA) server is available, a Mobile Access Gateway (MAG) obtains the profile information of the Proxy Mobile IPv6 (PMIPv6) domain and the mobile node (MN) from the server during the configuration and call-flow time, respectively.

The following are the AAA attributes required for configuring the PMIPv6 domain and the MN are:

  • PMIPv6 domain-specific AAA attributes:
    • cisco-mpc-protocol-interface
    • lma-identifier
    • mag-identifier
    • mag-v4-address
    • mag-v6-address
    • pmip6-domain-identifier
    • pmip6-timestamp-window
    • pmip6-replay-protection
    • pmip6-spi-key
    • pmip6-spi-value
  • MN-specific AAA attributes:
    • home-lma
    • home-lma-ipv6-address
    • mn-nai
    • home-lma-ipv4-address
    • mn-apn
    • Mobile-Node-Identifier
    • mn-network
    • mn-service
    • multihomed

How to Configure Proxy Mobile IPv6 LMA

Configuring a Proxy Mobile IPv6 Domain by Using the Configuration from the AAA Server

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ipv6 mobile pmipv6-domain domain-name load-aaa
  4. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ipv6 mobile pmipv6-domain domain-name load-aaa

Example:


Device(config)# ipv6 mobile pmipv6-domain D1 load-aaa

Creates a PMIPv6 domain and configures it by using the configuration from the AAA server.

Step 4

end

Example:


Device(config)# end

Exits global configuration mode and returns to privileged EXEC mode.

Configuring a Minimum Configuration for a Domain When an AAA Server Is Not Available

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ipv6 mobile pmipv6-domain domain-name
  4. mag mag-id
  5. ipv4-address ipv4-address
  6. ipv6-address ipv6-address
  7. exit
  8. Repeat Steps 4 to 7 to configure the second MAG.
  9. nai [user ]@ realm
  10. network network-name
  11. service {dual | ipv4 | ipv6 }
  12. exit
  13. Repeat Steps 8 to 12 to configure the second MN.
  14. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ipv6 mobile pmipv6-domain domain-name

Example:


Device(config)# ipv6 mobile pmipv6-domain dn1

Creates the PMIP domain and enters PMIP domain configuration mode.

Step 4

mag mag-id

Example:


Device(config-ipv6-pmipv6-domain)# mag mag1

Configures a MAG within the PMIP domain and enters PMIP domain MAG configuration mode.

Step 5

ipv4-address ipv4-address

Example:


Device(config-ipv6-pmipv6-domain-mag)# ipv4-address 192.0.2.254

Configures an IPv4 address for the MAG within the PMIP domain.

Step 6

ipv6-address ipv6-address

Example:


Device(config-ipv6-pmipv6-domain-mag)# ipv6-address 2001:DB8::1

Configures an IPv6 address for the MAG within the PMIP domain.

Step 7

exit

Example:


Device(config-ipv6-pmipv6-domain-mag)# exit

Exits PMIP domain MAG configuration mode and returns to PMIP domain configuration mode.

Step 8

Repeat Steps 4 to 7 to configure the second MAG.

Step 9

nai [user ]@ realm

Example:


Device(config-ipv6-pmipv6-domain)# nai example1@example.com

Configures a network access identifier (NAI) for the MN within the PMIP domain and enters PMIP domain MN configuration mode.

Step 10

network network-name

Example:


Device(config-ipv6-pmipv6-domain-mn)# network network1

Associates a network name with the LMA under which an IPv4 or IPv6 pool can be enabled.

Step 11

service {dual | ipv4 | ipv6 }

Example:


Device(config-ipv6-pmipv6-domain-mn)# service ipv4

Configures the service provided to the MN within the PMIP domain.

Step 12

exit

Example:


Device(config-ipv6-pmipv6-domain-mn)# exit

Exits PMIP domain MN configuration mode and returns to PMIP domain configuration mode.

Step 13

Repeat Steps 8 to 12 to configure the second MN.

Step 14

end

Example:


Device(config-ipv6-pmipv6-domain)# end

Exits PMIP domain configuration mode and returns to privileged EXEC mode.

Configuring a Detailed Configuration for a Domain When the AAA Server Is Not Available

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ipv6 mobile pmipv6-domain domain-name
  4. fixed-link-local-address ipv6-address
  5. fixed-link-layer-address hardware-address
  6. replay-protection timestamp [window seconds ]
  7. auth-option spi {spi-hex-value | decimal spi-decimal-value } key {ascii ascii-string | hex hex-string }
  8. encap {gre-ipv4 | ipv6-in-ipv6 }
  9. local-routing-mag
  10. mag mag-id
  11. ipv4-address ipv4-address
  12. ipv6-address ipv6-address
  13. exit
  14. Repeat Steps 10 to 13 to configure each MAG.
  15. mag mag-id
  16. ipv4-address ipv4-address
  17. ipv6-address ipv6-address
  18. exit
  19. mn-profile-load-aaa
  20. nai [user ]@realm
  21. lma lma-id
  22. service {dual | ipv4 | ipv6 }
  23. network network-name
  24. Repeat Steps 22 and 23 to configure each MN.
  25. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ipv6 mobile pmipv6-domain domain-name

Example:


Device(config)# ipv6 mobile pmipv6-domain dn1

Creates a PMIP domain and enters PMIPv6 domain configuration mode.

Step 4

fixed-link-local-address ipv6-address

Example:


Router(config-ipv6-pmipv6-domain)# fixed-link-local-address FE80::CE00:BFF:FEFC:0

Configures a fixed link-local address for the MAG-enabled interface toward the MN.

Step 5

fixed-link-layer-address hardware-address

Example:


Router(config-ipv6-pmipv6-domain)# fixed-link-layer-address aaaa.bbbb.cccc

Configures a fixed link layer address (Layer 2 address) for the MAG-enabled interface toward the MN.

Step 6

replay-protection timestamp [window seconds ]

Example:


Device(config-ipv6-pmipv6-domain)# replay-protection timestamp window 200

Configures the replay protection mechanism within the PMIP domain.

Step 7

auth-option spi {spi-hex-value | decimal spi-decimal-value } key {ascii ascii-string | hex hex-string }

Example:


Device(config-ipv6-pmipv6-domain)# auth-option spi 67 key ascii key1

Configures authentication for the PMIP domain.

Step 8

encap {gre-ipv4 | ipv6-in-ipv6 }

Example:


Device(config-ipv6-pmipv6-domain)# encap gre-ipv4

Configures the tunnel encapsulation mode type between the MAG and the LMA.

Step 9

local-routing-mag

Example:


Device(config-ipv6-pmipv6-domain)# local-routing-mag

Enables local routing for the MAG.

Step 10

mag mag-id

Example:


Device(config-ipv6-pmipv6-domain)# mag mag1

Configures MAG within the PMIP domain and enters PMIP domain MAG configuration mode.

Step 11

ipv4-address ipv4-address

Example:


Device(config-ipv6-pmipv6-domain-mag)# ipv4-address 192.0.2.254

Configures an IPv4 address for the MAG.

Step 12

ipv6-address ipv6-address

Example:


Device(config-ipv6-pmipv6-domain-mag)# ipv6-address 2001:0DB8:2:3::1

Configures an IPv6 address for the MAG.

Step 13

exit

Example:


Device(config-ipv6-pmipv6-domain-mag)# exit

Exits PMIP domain MAG configuration mode and returns to PMIP domain configuration mode.

Step 14

Repeat Steps 10 to 13 to configure each MAG.

Step 15

mag mag-id

Example:


Device(config-ipv6-pmipv6-domain)# mag mag1

Configures a MAG within the PMIP domain and enters PMIP domain MAG configuration mode.

Step 16

ipv4-address ipv4-address

Example:


Device(config-ipv6-pmipv6-domain-mag)# ipv4-address 192.0.2.254

Configures an IPv4 address for the MAG.

Step 17

ipv6-address ipv6-address

Example:


Device(config-ipv6-pmipv6-domain-mag)# ipv6-address 2001:0DB8:2:4::2

Configures an IPv6 address for the MAG.

Step 18

exit

Example:


Device(config-ipv6-pmipv6-domain-mag)# exit

Exits PMIP domain MAG configuration mode and returns to PMIP domain configuration mode.

Step 19

mn-profile-load-aaa

Example:


Device(config-ipv6-pmipv6-domain)# mn-profile-load-aaa

(Optional) Loads the profile configuration from the AAA server to the MN within the PMIP domain.

Note 

Steps 20 to 24 need not be executed if the MN is configured using the configuration from the AAA server. You can use the specific command to override the configuration for the specific MN parameter.

Step 20

nai [user ]@realm

Example:


Device(config-ipv6-pmipv6-domain)# nai example1@example.com

Configures the NAI for the MN within the PMIP domain and enters PMIP domain MN configuration mode.

Step 21

lma lma-id

Example:


Device(config-ipv6-pmipv6-domain-mn)# lma lma1

Configures the LMA for the MN.

Step 22

service {dual | ipv4 | ipv6 }

Example:


Device(config-ipv6-pmipv6-domain-mn)# service ipv4

Configures the service provided to the MN within the PMIP domain.

Step 23

network network-name

Example:


Device(config-ipv6-pmipv6-domain-mn)# network network1

Associates a network name with the LMA under which an IPv4 or IPv6 pool can be enabled.

Step 24

Repeat Steps 22 and 23 to configure each MN.

Step 25

end

Example:


Device(config-ipv6-pmipv6-domain-mn)# end

Exits PMIP domain MN configuration mode and returns to privileged EXEC mode.

Configuring a Minimum Configuration for an LMA

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip local pool pool-name low-ip-address high-ip-address
  4. ipv6 local pool pool-name prefix/prefix-length assigned-length
  5. ipv6 unicast-routing
  6. ipv6 mobile pmipv6-lma lma-id domain domain-name
  7. address ipv6 ipv6-address
  8. network network1
  9. pool ipv4 pool-name pfxlen number
  10. pool ipv6 pool-name pfxlen number
  11. exit
  12. default profile profile-name
  13. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip local pool pool-name low-ip-address high-ip-address

Example:


Device(config)# ip local pool v4pool 172.16.23.1 172.16.23.10

Creates a local pool of IPv4 addresses.

Step 4

ipv6 local pool pool-name prefix/prefix-length assigned-length

Example:


Device(config)# ipv6 local pool v6pool 2001:0DB8::/29 64

Creates a local pool of IPv6 addresses.

Step 5

ipv6 unicast-routing

Example:


Device(config)# ipv6 unicast-routing

Enables IPv6 routing.

Step 6

ipv6 mobile pmipv6-lma lma-id domain domain-name

Example:


Device(config)# ipv6 mobile pmipv6-lma lma1 domain dn1

Enables the LMA service on the router, configures the PMIP domain for the LMA, and enters LMA configuration mode.

Step 7

address ipv6 ipv6-address

Example:


Device(config-ipv6-pmipv6-lma)# address ipv6 2001:DB8::1

Configures an IPv6 address for the LMA.

Step 8

network network1

Example:


Device(config-ipv6-pmipv6-lma)# network network1

Associates a network, on which an IPv4 or IPv6 pool is configured, with the LMA, and enters LMA-network configuration mode.

Step 9

pool ipv4 pool-name pfxlen number

Example:


Device(config-ipv6-pmipv6lma-network)# pool ipv4 v4pool pfxlen 24

Specifies the name of the IPv4 address pool from which a home address is allocated to an MN subscriber.

Step 10

pool ipv6 pool-name pfxlen number

Example:


Device(config-ipv6-pmipv6lma-network)# pool ipv6 v6pool pfxlen 24

Specifies the name of the IPv6 address pool from which a home address is allocated to the MN subscriber.

Step 11

exit

Example:


Device(config-ipv6-pmipv6lma-network)# exit

Exits the LMA-network configuration mode and enters LMA configuration mode.

Step 12

default profile profile-name

Example:


Device(config-ipv6-pmipv6-lma)# default profile profile1

Enables the default profile for the MN.

Step 13

end

Example:


Device(config-ipv6-pmipv6-lma)# end

Exits LMA configuration mode and enters privileged EXEC mode.

Configuring a Detailed Configuration for an LMA

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip local pool pool-name low-ip-address high-ip-address
  4. ipv6 local pool pool-name prefix/prefix-length assigned-length
  5. ipv6 mobile pmipv6-lma lma-id domain domain-name
  6. enable aaa accounting
  7. network network-name
  8. pool ipv4 pool-name pfxlen number
  9. pool ipv6 pool-name pfxlen number
  10. exit
  11. default profile profile1
  12. address ipv4 ipv4-address
  13. address ipv6 ipv6-address
  14. bce maximum number
  15. bce lifetime seconds
  16. bce refresh-time seconds
  17. bce delete-wait-time seconds
  18. replay-protection timestamp [window seconds ]
  19. bri delay min milliseconds
  20. bri delay max milliseconds
  21. bri retries number
  22. mag mag-id domain-name
  23. auth-option spi {spi-hex-value | decimal spi-decimal-value } key {ascii | hex } hex-string
  24. ipv4-address ipv4-address
  25. ipv6-address ipv6-address
  26. encap {gre-ipv4 | ipv6-in-ipv6 }
  27. end
  28. show ipv6 mobile pmipv6 lma lma1 globals

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip local pool pool-name low-ip-address high-ip-address

Example:


Device(config)# ip local pool v4pool 172.16.23.1 172.16.23.10

Creates a local pool of IPv4 addresses.

Step 4

ipv6 local pool pool-name prefix/prefix-length assigned-length

Example:


Device(config)# ipv6 local pool v6pool 2001:0DB8::/29 64

Creates a local pool of IPv6 addresses.

Step 5

ipv6 mobile pmipv6-lma lma-id domain domain-name

Example:


Device(config)# ipv6 mobile pmipv6-lma lma1 domain dn1

Enables the LMA service on a device, configures the PMIP domain for the LMA, and enters LMA configuration mode.

Step 6

enable aaa accounting

Example:


Device(config-ipv6-pmipv6-lma)# enable aaa accounting

Enables AAA accounting for MN sessions.

Step 7

network network-name

Example:


Device(config-ipv6-pmipv6-lma)# network network1

Configures a network name with the LMA under which an IPv4 or IPv6 pool is to be enabled and enters LMA-network configuration mode.

Step 8

pool ipv4 pool-name pfxlen number

Example:


Device(config-ipv6-pmipv6lma-network)# pool ipv4 v4pool pfxlen 24

Specifies the name of the IPv4 address pool from which a home address is allocated to an MN subscriber.

Step 9

pool ipv6 pool-name pfxlen number

Example:


Device(config-ipv6-pmipv6lma-network)# pool ipv6 v6pool pfxlen 24

Specifies the name of the IPv6 address pool from which a home address is allocated to an MN subscriber.

Step 10

exit

Example:


Device(config-ipv6-pmipv6lma-network)# exit

Exits LMA-network configuration mode and enters LMA configuration mode.

Step 11

default profile profile1

Example:


Device(config-ipv6-pmipv6-lma)# default profile profile1

Enables the default profile for the MN.

Step 12

address ipv4 ipv4-address

Example:


Device(config-ipv6-pmipv6-lma)# address ipv4 192.0.2.1

Configures an IPv4 address for the LMA.

Step 13

address ipv6 ipv6-address

Example:


Device(config-ipv6-pmipv6-lma)# address ipv6 2001:DB8::1

Configures an IPv6 address for the LMA.

Step 14

bce maximum number

Example:


Device(config-ipv6-pmipv6-lma)# bce maximum 200

Specifies the maximum number of Binding Cache Entries (BCE) that is allowed for the LMA on the MN.

Step 15

bce lifetime seconds

Example:


Device(config-ipv6-pmipv6-lma)# bce lifetime 5000

Specifies the maximum lifetime of a BCE on a MN.

Step 16

bce refresh-time seconds

Example:


Device(config-ipv6-pmipv6-lma)# bce refresh-time 2000

Specifies the time to refresh the BCE of an MN.

Step 17

bce delete-wait-time seconds

Example:


Device(config-ipv6-pmipv6-lma)# bce delete-wait-time 2000

Specify the minimum amount of time in seconds the LMA must wait before it deletes a BCE on receiving the notification from the MAG.

Step 18

replay-protection timestamp [window seconds ]

Example:


Device(config-ipv6-pmipv6-lma)# replay-protection timestamp window 200

Configures the replay protection mechanism within the PMIP domain.

Step 19

bri delay min milliseconds

Example:


Device(config-ipv6-pmipv6-lma)# bri delay min 500

Specifies the minimum time for which an LMA should wait before transmitting the Binding Revocation Indication (BRI) message.

Step 20

bri delay max milliseconds

Example:


Device(config-ipv6-pmipv6-lma)# bri delay max 4500

Specifies the maximum time for which an LMA should wait for the Binding Revocation Acknowledgment (BRA) message before retransmitting the BRI message.

Step 21

bri retries number

Example:


Device(config-ipv6-pmipv6-lma)# bri retries 6

Specifies the maximum number of times an LMA should retransmit a BRI message until a BRA is received.

Step 22

mag mag-id domain-name

Example:


Device(config-ipv6-pmipv6-lma)# mag mag3 dn1

Configures the MAG for the LMA and enters LMA-MAG configuration mode.

Step 23

auth-option spi {spi-hex-value | decimal spi-decimal-value } key {ascii | hex } hex-string

Example:


Device(config-ipv6-pmipv6lma-mag)# auth-option spi decimal 258 key hex FFFFF

Configures authentication for the LMA within the MAG.

Step 24

ipv4-address ipv4-address

Example:


Device(config-ipv6-pmipv6mag-lma)# ipv4-address 192.0.2.254

Configures an IPv4 address for the LMA within the MAG.

Note 

Repeat the ipv4-address ipv4-address to configure as many IPv4 addresses as required.

Step 25

ipv6-address ipv6-address

Example:


Device(config-ipv6-pmipv6mag-lma)# ipv6-address 2001:0DB8:2:5::1

Configures an IPv6 address for the LMA within the MAG.

Note 

Repeat the ipv6-address ipv6-address to configure as many IPv6 addresses as required.

Step 26

encap {gre-ipv4 | ipv6-in-ipv6 }

Example:


Device(config-ipv6-pmipv6mag-lma)# encap gre-ipv4

Configures a tunnel encapsulation mode type between the MAG and the LMA.

Step 27

end

Example:


Device(config-ipv6-pmipv6mag-lma)# end

Exits LMA-MAG configuration mode and returns to privileged EXEC mode.

Step 28

show ipv6 mobile pmipv6 lma lma1 globals

Example:


Device# show ipv6 mobile pmipv6 lma lma1 globals

(Optional) Displays LMA global configuration details.

Example

The following is sample output from the show ipv6 mobile lma globals command:


Device# show ipv6 mobile pmipv6 lma lma1 globals
 
---------------------------------------------------
Domain  : D1

LMA Identifier                          :lma1
        AAA Accounting                  : Disabled
        Default MN Profile              : profile1
        Network                         : network1
        IPv4 Pool Name                  : v4
        Prefix Length                   : 24
        IPv6 Pool Name																		: v6pool
        Prefix Length                   : 48
        Max. HNPs                       : 1
        Max Bindings                    : 128000
        AuthOption                      : disabled
        RegistrationLifeTime            : 3600 (sec)
        DeleteTime                      : 10000 (msec)
        CreateTime                      : 1500 (msec)
        BRI InitDelayTime               : 1000 (msec)
        BRI MaxDelayTime                : 2000 (msec)
        BRI MaxRetries                  : 1
        BRI EncapType                   : IPV6_IN_IPV6
        Fixed Link address is           : enabled
        Fixed Link address              : aaaa.aaaa.aaaa
        Fixed Link Local address is     : enabled
        Fixed Link local address        : 0xFE800000 0x0 0x0 0x2
        RefreshTime                     : 300 (sec)
        Refresh RetxInit time           : 1000 (msec)
        Refresh RetxMax time            : 32000 (msec)
        Timestamp option                : enabled
        Validity Window                 : 10

Peer :  mag1
        Max. HNPs                       : 1
        Max Bindings                    : 128000
        AuthOption                      : disabled
        RegistrationLifeTime            : 3600 (sec)
        DeleteTime                      : 10000 (msec)
        CreateTime                      : 1500 (msec)
        BRI InitDelayTime               : 1000 (msec)
        BRI MaxDelayTime                : 2000 (msec)
        BRI MaxRetries                  : 1
        BRI EncapType                   : IPV6_IN_IPV6
        Fixed Link address is           : enabled
        Fixed Link address              : aaaa.aaaa.aaaa
        Fixed Link Local address is     : enabled
        Fixed Link local address        : 0xFE800000 0x0 0x0 0x2
        RefreshTime                     : 300 (sec)
        Refresh RetxInit time           : 1000 (msec)
        Refresh RetxMax time            : 32000 (msec)
        Timestamp option                : enabled
        Validity Window                 : 10

Peer :  mag0
        Max. HNPs                       : 1
        Max Bindings                    : 128000
        AuthOption                      : disabled
        RegistrationLifeTime            : 3600 (sec)
        DeleteTime                      : 10000 (msec)
        CreateTime                      : 1500 (msec)
        BRI InitDelayTime               : 1000 (msec)
        BRI MaxDelayTime                : 2000 (msec)
        BRI MaxRetries                  : 1
        BRI EncapType                   : GRE in IPV4
        Fixed Link address is           : enabled
        Fixed Link address              : aaaa.aaaa.aaaa
        Fixed Link Local address is     : enabled
        Fixed Link local address        : 0xFE800000 0x0 0x0 0x2
        RefreshTime                     : 300 (sec)
        Refresh RetxInit time           : 1000 (msec)
        Refresh RetxMax time            : 32000 (msec)
        Timestamp option                : enabled
        Validity Window                 : 10

Troubleshooting Tips

You can use the following commands to troubleshoot the LMA configuration:

  • debug ipv6 mobile lma event

  • debug ipv6 mobile lma info

  • show ipv6 pmipv6 lma bindings info

  • show ipv6 pmipv6 lma globals

  • show ipv6 pmipv6 lma tunnel

Configuring VRF-Aware LMA

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ipv6 mobile pmipv6-lma lma-identifier domain domain-name
  4. hnp maximum number
  5. heartbeat interval interval-values retries retries-values
  6. bce maximum number
  7. bce lifetime seconds
  8. bce delete-wait-time milliseconds
  9. replay-protection timestamp window seconds
  10. bri delay min milliseconds
  11. bri retries count
  12. dynamic mag learning
  13. dscp control-plane dscp-value
  14. mobility-service mobile-local-loop
  15. customer customer-name vrf vrf-name
  16. auth-option spi hex-value key ascii hex-value
  17. heartbeat interval interval-value retries retries-value
  18. network unauthorized
  19. transport [ vrf vrf-name ]
  20. address ipv6 ipv6-address
  21. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:
Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

ipv6 mobile pmipv6-lma lma-identifier domain domain-name

Example:

Device(config)# ipv6 mobile pmipv6-lma lma1 domain dn1

Enables the Local Mobility Anchor (LMA) service on the device, configures the PMIPv6 domain for the LMA, and enters LMA configuration mode.

Step 4

hnp maximum number

Example:
Device (config-pmipv6-lma)# hnp maximum 2

Configures the maximum number of home network prefixes (HNP) that a mobile node can possess.

Step 5

heartbeat interval interval-values retries retries-values

Example:

Device (config-pmipv6-lma)# heartbeat interval 300 retries 3 

Configures heartbeat detection between MAG and LMA.

Step 6

bce maximum number

Example:

Device (config-pmipv6-lma)# bce maximum 2500

Configures the maximum number of binding cache entries (BCEs) or bindings that the LMA can support.

Step 7

bce lifetime seconds

Example:

Device (config-pmipv6-lma)# bce lifetime 2500

Specifies the maximum lifetime of a BCE on a mobile node.

Step 8

bce delete-wait-time milliseconds

Example:

Device (config-pmipv6-lma)# bce delete-wait-time 2000

Configures the minimum amount of time in seconds the LMA must wait before it deletes a BCE on receiving the notification from the MAG.

Step 9

replay-protection timestamp window seconds

Example:

Device (config-pmipv6-lma)# replay-protection timestamp window 200

Configures the replay protection mechanism within the PMIP domain.

Step 10

bri delay min milliseconds

Example:

Device (config-pmipv6-lma)# bri delay min 500

Configures the minimum time for which an LMA should wait before transmitting the Binding Revocation Indication (BRI) message.

Step 11

bri retries count

Example:
Device(config-pmipv6-lma)# bri retries 6

Configures the maximum number of times an LMA should retransmit a BRI message until a Binding Revocation Acknowledgment (BRA) is received.

Step 12

dynamic mag learning

Example:

Device(config-pmipv6-lma)# dynamic mag learning
Enables the LMA to accept PMIPv6 signaling messages from any MAG that is not locally configured.
Step 13

dscp control-plane dscp-value

Example:
Device(config-pmipv6-lma)# dscp control-plane 50
Configures the value of Differentiated Services Code Point (DSCP) in the outgoing PMIPv6 control plane messages.
Step 14

mobility-service mobile-local-loop

Example:
Device (config-pmipv6-lma)# mobility-service mobile-local-loop 

Configures Mobile Loop Local (MLL) service on the LMA and enters the PMIPv6 LMA MLL configuration mode.

Step 15

customer customer-name vrf vrf-name

Example:
Device (config-pmipv6-lma-mll)# customer cust1 vrf vrf1 

Configures the name and the VRF of a customer and enters the PMIPv6 LMA MLL Customer configuration mode.

Note 

You should have already configured the VRF by the name vrf1 in the device.

Step 16

auth-option spi hex-value key ascii hex-value

Example:

Device (config-pmipv6-lma-mll-cust)# auth-option spi 87E key ascii key1

Configures customer-specific authentication for the LMA within the MLL.

Step 17

heartbeat interval interval-value retries retries-value

Example:

Device (config-pmipv6-lma-mll-cust)# heartbeat interval 300 retries 10 

Configures the heartbeat detection.

Step 18

network unauthorized

Example:

Device (config-pmipv6-lma-mll-cust)# network unauthorized

Configures customer-specific unauthorized network.

Step 19

transport [ vrf vrf-name ]

Example:

Device (config-pmipv6-lma-mll-cust)# transport vrf transport_vrf

Configures customer-specific transport options in an LMA within a MLL and enters PMIPv6 LMA MLL Customer Transport configuration mode.

Note 

If the transport is in global VRF, then the vrf and vrf-name keyword-argument pair can be omitted in this command.

Step 20

address ipv6 ipv6-address

Example:
Device (config-pmipv6-lma-mll-cust-tpt)# address ipv6 2001:DB8::1

Configures customer-specific LMA IP address. There can only be two instances of addresses, one for IPv4 and one for IPv6.

Step 21

end

Example:
Device (config-pmipv6-lma-mll-cust-tpt)# end

Exits the PMIPv6 LMA MLL Customer Transport configuration mode and returns to privileged EXEC mode.

Configuration Examples for Proxy Mobile IPv6 Support for LMA Functionality

Example: Configuring a Proxy Mobile IPv6 Domain by Using the Configuration from the AAA Server

The following example shows how to configure the PMIPv6 domain by using the AAA server configuration:


Device# configure terminal
Device(config)# ipv6 mobile pmipv6-domain D1 load-aaa

The following example shows how to configure the PMIPv6 domain by using the configuration from the AAA server and how to override the configuration for specific PMIPv6 domain parameters:


Device# configure terminal
Device(config)# ipv6 mobile pmipv6-domain D11 load-aaa
Device(config)# ipv6 mobile pmipv6-domain D11
Device(config-ipv6-pmipv6-domain)# gre-ipv4
Device(config-ipv6-pmipv6-domain)# auth-option spi 67 key ascii key1

Example: Configuring a Minimum Configuration for a Domain When the Configuration from the AAA Server Is Not Available

The following example shows how to configure a minimum configuration for a domain when the AAA server configuration is not available:


Device# configure terminal
Device(config)# ipv6 mobile pmipv6-domain D2
Device(config-ipv6-pmipv6-domain)# replay-protection timestamp window 200
Device(config-ipv6-pmipv6-domain)# auth-option spi 100 key ascii hi
Device(config-ipv6-pmipv6-domain)# encap ipv6-in-ipv6
!
Device(config-ipv6-pmipv6-domain)# lma lma1
Device(config-ipv6-pmipv6-domain-lma)# ipv4-address 10.1.1.1
Device(config-ipv6-pmipv6-domain-lma)# ipv6-address 2001:0DB8:2:3::1
Device(config-ipv6-pmipv6-domain-lma)# exit
!
Device(config-ipv6-pmipv6-domain)# mag mag1
Device(config-ipv6-pmipv6-domain-mag)# ipv4-address 10.1.3.1
Device(config-ipv6-pmipv6-domain-mag)# ipv6-address 2001:0DB8:2:5::1
Device(config-ipv6-pmipv6-domain-mag)# exit
!
Device(config-ipv6-pmipv6-domain)# nai example@example.com
Device(config-ipv6-pmipv6-domain-mn)# lma lma1
Device(config-ipv6-pmipv6-domain-mn)# int att GigabitETHERNET l2-addr 02c7.f800.0422
Device(config-ipv6-pmipv6-domain-mn)# gre-encap-key up 1234
Device(config-ipv6-pmipv6-domain-mn)# gre-encap-key down 5678
Device(config-ipv6-pmipv6-domain-mn)# service ipv4
Device(config-ipv6-pmipv6-domain-mn)# network-name example1
Device(config-ipv6-pmipv6-domain-mn)# end

Example: Configuring an LMA

The following example shows the minimum configuration required to enable LMA:


Device# configure terminal
Device(config)# ipv6 mobile pmipv6-domain D2
!
Device(config-ipv6-pmipv6-domain)# lma lma1
Device(config-ipv6-pmipv6-domain-lma)# ipv4-address 10.1.1.1
Device(config-ipv6-pmipv6-domain-lma)# ipv6-address 2001:0DB8:2:3::1
Device(config-ipv6-pmipv6-domain-lma)# exit
!
Device(config-ipv6-pmipv6-domain)# lma lma2
Device(config-ipv6-pmipv6-domain-lma)# ipv4-address 10.2.1.1
Device(config-ipv6-pmipv6-domain-lma)# ipv6-address 2001:0DB8:2:4::1
Device(config-ipv6-pmipv6-domain-lma)# exit
!
Device(config-ipv6-pmipv6-domain)# nai example1@example.com
Device(config-ipv6-pmipv6-domain-mn)# network-name example1
Device(config-ipv6-pmipv6-domain-mn)# exit
!
Device(config-ipv6-pmipv6-domain)# nai example2@example.com
Device(config-ipv6-pmipv6-domain-mn)# network-name example1
Device(config-ipv6-pmipv6-domain-mn)# exit
!
Device(config)# ipv6 mobile pmipv6-lma lma1 domain D2
Device(config-ipv6-pmipv6-lma)# address ipv6 2001:DB8:0:0:E000::F
Device(config-ipv6-pmipv6-lma)# address ipv4 10.2.1.1
Device(config-ipv6-pmipv6-domain-mn)# network-name example1
Device(config-ipv6-pmipv6lma-network)# pool ipv4 v4pool pfxlen number
Device(config-ipv6-pmipv6lma-network)# pool ipv6 v6pool pfxlen number
Device(config-ipv6-pmipv6lma-network)# exit
Device(config-ipv6-pmipv6-lma)# default profile example2@example.com
 
Device(ipv6-mag-config)# exit

Example: Configuring VRF-Aware LMA

Device# configure
Device (config)# ipv6 mobile pmipv6-lma lma1 domain example.com
Device (config-pmipv6-lma)# hnp maximum 2
Device (config-pmipv6-lma)# heartbeat interval 300 retries 3 
Device (config-pmipv6-lma)# bce maximum 2500
Device (config-pmipv6-lma)# bce lifetime 2500
Device (config-pmipv6-lma)# bce delete-wait-time 2000
Device (config-pmipv6-lma)# replay-protection timestamp window 200
Device (config-pmipv6-lma)# bri delay min 500
Device(config-pmipv6-lma)# bri retries 6
Device(config-pmipv6-lma)# dynamic mag learning
Device(config-pmipv6-lma)# dscp control-plane 50
Device (config-pmipv6-lma)# mobility-service mobile-local-loop 
Device (config-pmipv6-lma-mll)# customer cust1 vrf vrf1 
Device (config-pmipv6-lma-mll-cust)# auth-option spi 87E key ascii key1
Device (config-pmipv6-lma-mll-cust)# heartbeat interval 300 retries 10 
Device (config-pmipv6-lma-mll-cust)# network unauthorized 
Device (config-pmipv6-lma-mll-cust)# transport vrf transport_vrf
Device (config-pmipv6-lma-mll-cust-tpt)# address ipv6 2001:DB8::1
Device (config-pmipv6-lma-mll-cust-tpt)# end

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

IP mobility commands

Cisco IOS IP Mobility Command Reference

Standards and RFCs

Standard/RFC

Title

RFC 3775

Mobility Support in IPv6

RFC 5213

Proxy Mobile IPv6

RFC 5844

IPv4 Support for Proxy Mobile IPv6

RFC 5845

Generic Routing Encapsulation (GRE) Key Option for Proxy Mobile IPv6

RFC 5846

Binding Revocation for IPv6 Mobility

MIBs

MIB

MIBs Link

None

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Proxy Mobile IPv6 Local Mobility Anchor

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Proxy Mobile IPv6 Local Mobility Anchor

Feature Name

Releases

Feature Information

Proxy Mobile IPv6 Local Mobility Anchor

15.5(2)T

Local Mobility Anchor (LMA) acts as the home agent for a mobile node (MN) in a Proxy Mobile IPv6 domain, which is the network where the mobility management of an MN is handled using the Proxy Mobile IPv6 (PMIPv6) protocol. LMA is the topological anchor point for the MN's home network prefix(es) and is the entity that manages the MN's binding state. This module explains how to configure LMA.