- Overview of the Cisco Mobile Wireless Home Agent
- Planning to Configure the Home Agent
- Single IP Infrastructure
- Assigning a Home Address on the Home Agent
- User Authentication and Authorization
- Home Agent Security
- Home Agent Redundancy
- Configuring Load Balancing on the Home Agent
- Terminating IP Registrations
- Dynamic Domain Name Server Updates
- Per User Packet Filtering
- Home Agent Accounting
- Multi-VPN Routing and Forwarding on the Home Agent
- Home Agent Quality of Service
- Monitoring User Traffic
- Other Configuration Tasks
- Network Management, MIBs, and SNMP on the Home Agent
- Glossary
Network Management, MIBs, and SNMP on the Home Agent
This chapter contains information pertaining to various aspects of Network Management on the Cisco Mobile Wireless Home Agent.
This chapter includes the following sections:
•Operating and Maintaining the Cisco Mobile Wireless Home Agent
•SNMP, MIBs and Network Management
•Monitoring and Maintaining the HA
Operating and Maintaining the Cisco Mobile Wireless Home Agent
This section describes configuration details, statistics, and MIBs supported by the Home Agent. A definitive description of each Mobile IP command can be found at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipras_r/1rfmobip.htm
The Home Agent can be managed using either the Cisco IOS CLI or using Cisco Works for Mobile Wireless.
Cisco's Mobile Wireless Home Agent has the following configurable parameters:
•Managing user profiles (local users)
•Configuring IP pools locally
•Configuring security associations with communicating nodes
•Configuring ingress/egress filtering
•Configuring mobile binding updates
•Configuring routing information
Statistics
The Mobile Wireless Home Agent maintains statistics on a global basis for the following parameters:
•Advertisements, received and sent
•Registrations, requests and replies
•Registrations, accepted and denied
•Bindings
•Binding Updates
•Gratuitous and Proxy ARPs
•Route Optimization Binding Updates
The Mobile Wireless Home Agent maintains statistics on a per FA-HA tunnel basis for the following parameters:
•Source and Destination IP address of the tunnel
•Tunnel Type, IPinIP or GRE
•Reverse Tunneling allowed
•Number of Users using that tunnel
•Traffic sent on the tunnel, packets and bytes
•Traffic received on the tunnel, packets and bytes
The Mobile Wireless Home Agent maintains statistics per Host, identified by NAI or Home IP Address, for the following parameters:
•Lifetime
•Session duration
•Traffic transmitted to the host, packets and bytes
•Traffic received from the host on the reverse tunnel, packets and bytes
Note The statistics can be cleared from the CLI. The MIB counters are not cleared.
Tunnel Stats via SNMP
In HA Release 5.1, a new command option is introduced under the show ip mobile tunnel command to display entries of the form HA-FA IP pair, along with the number of session users, and packets/bytes statistics.
The command looks like this: show ip mobile tunnel brief
Additionally, a new MIB table "cmiHaRegTunnelStatsTable" is added to the CISCO-MOBILE-IP-MIB, and each entry in the stats table contains information shown in the new command option that is introduced.
This feature is applicable only to IP/IP and GRE/IP tunnels.
Here is a sample output for reference:
show ip mobile tunnel brief
Mobile Tunnels:
Total mobile ip tunnels 6
SrcAddr DestAddr Encap Users Data Interval PktRt In/Out BitRt In/Out Pkts In/Out Bytes In/Out
86.6.6.30 10.109.1.82 IP/IP 2 5 minute 0/0 0/0 0/0 0/0
86.6.6.30 10.109.1.83 IP/IP 1 5 minute 0/0 0/0 0/0 0/0
86.6.6.30 10.109.1.81 IP/IP 2 5 minute 0/0 0/0 0/0 0/0
86.6.6.6 10.109.1.62 IP/IP 2 5 minute 0/0 0/0 0/0 0/0
86.6.6.6 10.109.1.63 IP/IP 1 5 minute 0/0 0/0 0/0 0/0
86.6.6.6 10.109.1.61 IP/IP 2 5 minute 0/0 0/0 0/0 0/0
SNMP, MIBs and Network Management
The HA implements SNMPv2 as specified in the suite of protocols: RFC 1901 to RFC 1908. The Home Agent supports the MIB defined in The Definitions of Managed Objects for IP Mobility Support UsingSMIv2, RFC 2006, October 1995. An additional Cisco MIB, CISCO- MOBILE-IP-MIB provides enhanced management capabilities. The RADIUS MIB, as defined in RADIUS Authentication Client MIB, RFC 2618, June 1999. A full list of MIBs that are supported on the Cisco 7600 series platform can be found at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Session counters maintained in the MIB cannot be reset using SNMP or the Cisco IOS CLI. Home Agent CPU and Memory Utilization counters are accessible using the CISCO-PROCESS-MIB.
Release 3.0 adds a Home Agent Version MIB Object.
SNMPv3 is supported.
HA Release 5.0 MIB Enhancements
In HA Release 5.0, the CISCO-MOBILE-IP-MIB has the MAC address added as a per binding variable. The RADIUS-CLIENT-AUTHENTICATION-MIB contains entries for timeout on AAA access. The trap is added in the CISCO-RADIUS-MIB. The new CISCO-SLB-DFP-MIB is added.
For more information about MIBs, please refer to the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
CLI for IP-LOCAL-POOL-MIB
Cisco Mobile Wireless Home Agent Release 3.0 enhanced the CISCO-IP-LOCAL-POOL-MIB to generate traps when pool utilization reached a low threshold or high threshold in percentage. Objects "cIpLocalPoolPercentAddrThldLo" and "cIpLocalPoolPercentAddrThldHi" are defined for the high and low threshold watermark, respectively.
When the percentage of used addresses in an IP local pool equals or exceeds the high threshold, a "cilpPercentAddrUsedHiNotif" notification is generated. Once the notification is generated, it is disarmed and will not be generated again until the number of used addresses falls below the value indicated by "cIpLocalPoolPercentAddrThldLo".
When the percentage of used addresses in an IP local pool falls below the low threshold, a "cilpPercentAddrUsedLoNotif" notification will be generated. Once the notification is generated, it is disarmed and will not be generated again until the number of used addresses equals or exceeds the value indicated by "cIpLocalPoolPercentAddrThldHi".
The Cisco IOS 12.3(11)YX5 release implements new variables to the ip local pool command to configure the low and high threshold.
The command syntax is as follows:
ip local pool {default | poolname} [low-ip-address [high-ip-address]] [group group-name] [cache-size size] [threshold low-threshold high-threshold]
The low-threshold argument is the low threshold to generate pool utilization traps, and high threshold argument is the high threshold to generate pool utilization traps.
Additionally, two additional varbinds will be seen in cilpPercentAddrUsedHiNotif notification:
–cIpLocalPoolChildIndex : IP Pool Name
–cIpLocalPoolPercentAddrThldHi: High IP Local Pool threshold percentage value
And two additional varbinds will be seen in cilpPercentAddrUsedLoNotif notification:
–cIpLocalPoolChildIndex : IP Pool Name
–cIpLocalPoolPercentAddrThldLo: : Low IP Local Pool threshold percentage value
Note The CISCO-IP-LOCAL-MIB file has not been changed as per the SNMP SMIv2 standard.
Restrictions
The following restrictions apply to the IP Local Pool Threshold Trap:
•The IP Local Pool name can be up to 240 ASCII characters long (depending on the parameters used).
•SNMP Trap names are limited to a maximum of 48 characters in length because the SNMP MIB only supports names that are up to 48 characters long.
•No Trap is generated if the Pool Name is longer than 48 characters.
How to Configure IP Overlapping Address Pools
This section contains the following procedure:
•Configuring and Verifying a Local Pool Group
Configuring and Verifying a Local Pool Group
This section contains the steps necessary to configure a local pool group and verify that it exists.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip local pool {default | poolname} [low-ip-address [high-ip-address]] [group group-name] [cache-size size] [threshold low-threshold high-threshold]
4. show ip local pool [poolname | [group group-name]]
Detailed Steps
Conditional Debugging
The HA supports conditional debugging based on NAI, as well as conditional debugging based on the MN's Home address. Only AAA and Mobile IP components will support conditional debugging.
From the CLI, it is possible to trace activity of all or a particular user identified by NAI. Monitoring the activity of a particular user, called conditional debugging, will display the user activity related to Mobile IP messages and the RADIUS messages.
Starting in Release 3.0, an option is provided to display the condition (username/IMSI), along with each debug statement. This helps to match a debug statement to its condition. To enable this feature, use the following command:
ip mobile home-agent debug include username
The following MobileIP debugs are supported for conditional debugging:
•debug ip mobile
•debug ip mobile host
The following AAA debugs are supported for conditional debugging:
•debug aaa authentication
•debug aaa authorization
•debug aaa accounting
•debug aaa ipc
•debug aaa attr
•debug aaa id
•debug aaa subsys
The following RADIUS debugs are supported for conditional debugging:
•debug radius
•debug radius accounting
•debug radius authentication
•debug radius retransmit
•debug radius failover
•debug radius brief
Monitoring and Maintaining the HA
To monitor and maintain the HA, use the following commands in privileged EXEC mode: