Cisco IOS Mobile Wireless Packet Data Serving Node Command Reference

debug cdma pdsn a10 gre

To display debug messages for A10 Generic Routing Encapsulation (GRE) interface errors, events, and packets, use the debug cdma pdsn a10 gre command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn a10 gre [errors | events | packets] [tunnel-key key]

no debug cdma pdsn a10 gre [errors | events | packets]

Syntax Description

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn a10 gre events tunnel-key command:

Router# debug cdma pdsn a10 gre events tunnel-key 1 

Router# show debug

CDMA:

  CDMA PDSN A10 GRE events debugging is on for tunnel key 1

PDSN#

*Mar  1 04:00:57.847:CDMA-GRE:CDMA-Ix1 (GRE/CDMA) created with src 5.0.0.2 dst 0.0.0.0

*Mar  1 04:00:57.847:CDMA-GRE:(in) found session 5.0.0.2-4.0.0.1-1

*Mar  1 04:00:59.863:CDMA-GRE:(in) found session 5.0.0.2-4.0.0.1-1

*Mar  1 04:00:59.863:CDMA-GRE:(in) found session 5.0.0.2-4.0.0.1-1

*Mar  1 04:01:01.879:CDMA-GRE:(in) found session 5.0.0.2-4.0.0.1-1

*Mar  1 04:01:01.879:CDMA-GRE:(in) found session 5.0.0.2-4.0.0.1-1

*Mar  1 04:01:03.899:CDMA-GRE:(in) found session 5.0.0.2-4.0.0.1-1

*Mar  1 04:01:03.899:CDMA-GRE:(in) found session 5.0.0.2-4.0.0.1-1

debug cdma pdsn a10 ppp

To display debug messages for A10 Point-to-Point protocol (PPP) interface errors, events, and packets, use the debug cdma pdsn a10 ppp command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn a10 ppp [errors | events | packets]

no debug cdma pdsn a10 ppp [errors | events | packets]

Syntax Description

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn a10 ppp command:

Router# debug cdma pdsn a10 ppp errors

CDMA PDSN A10 errors debugging is on

Router# debug cdma pdsn a10 ppp events 

CDMA PDSN A10 events debugging is on

Router# debug cdma pdsn a10 ppp packets 

CDMA PDSN A10 packet debugging is on

Router# show debug 

*Jan  1 00:13:09:CDMA-PPP:create_va tunnel=CDMA-Ix1 virtual-template 
template=Virtual-Template2 ip_enabled=1

*Jan  1 00:13:09:CDMA-PPP:create_va va=Virtual-Access1

*Jan  1 00:13:09:CDMA-PPP:clone va=Virtual-Access1 subif_state=1 hwidb->state=0

*Jan  1 00:13:09:          linestate=1 ppp_lineup=0

*Jan  1 00:13:09:%LINK-3-UPDOWN:Interface Virtual-Access1, changed state to up

*Jan  1 00:13:09:CDMA-PPP:clone va=Virtual-Access1 subif_state=1 hwidb->state=4

*Jan  1 00:13:09:          linestate=0 ppp_lineup=0

*Jan  1 00:13:09:*****OPEN AHDLC*****

debug cdma pdsn a11

To display debug messages for A11 interface errors, events, and packets, use the debug cdma pdsn a11 command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn a11 [errors | events | packets ] [mnid]

no debug cdma pdsn a11 [errors | events | packets ]

Syntax Description

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn a11 commands:

Router# debug cdma pdsn a11 errors

CDMA PDSN A11 errors debugging is on

Router# show debug

1d21h:CDMA-RP:(in) rp_msgs, code=1, status=0

1d21h:CDMA-RP:(enqueue req) type=1 homeagent=5.0.0.2 coaddr=4.0.0.1

1d21h:                   id=0xBEF750F0-0xBA53E0F lifetime=65535

1d21h:CDMA-RP:len=8, 00-00-00-00-00-00-00-F1 convert to 00000000000001

(14 digits), type=IMSI

1d21h:CDMA-RP:(req) process_rp_req, homeagent=5.0.0.2 coaddr=4.0.0.1

1d21h:               lifetime=65535 id=BEF750F0-BA53E0F

imsi=00000000000001

1d21h:CDMA-RP:(req) rp_req_create, 5.0.0.2-4.0.0.1-1 imsi=00000000000001

1d21h:CDMA-RP:(out) rp_reply session=5.0.0.2-4.0.0.1-1, lifetime=65535

1d21h:CDMA-RP:(out) setup_rp_out_msg, ha=5.0.0.2 coa=4.0.0.1 key=1

1d21h:%LINK-3-UPDOWN:Interface Virtual-Access2000, changed state to up

1d21h:CDMA-RP:ipmobile_visitor add/delete=1, mn=8.0.2.132, ha=7.0.0.2

1d21h:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access2000,

changed state to up

Router# debug cdma pdsn a11 packets events

Router# show debug

CDMA:

  CDMA PDSN A11 packet debugging is on for mnid 000000000000001

  CDMA PDSN A11 events debugging is on for mnid 000000000000001

Router#

*Mar  1 03:15:32.507:CDMA-RP:len=8, 01-00-00-00-00-00-00-10 convert to 000000000000001 (15 
digits), type=IMSI

*Mar  1 03:15:32.511:CDMA-RP:extension type=38, len=0

*Mar  1 03:15:32.511:CDMA-RP:extension type=38, len=0

*Mar  1 03:15:32.511:CDMA-RP:extension type=38, len=0

*Mar  1 03:15:32.511:CDMA-RP:extension type=32, len=20

*Mar  1 03:15:32.511:         00 00 01 00 EE 1F FC 43 0A 7D F9 36 29 C2 BA 28

*Mar  1 03:15:32.511:         5A 64 D5 9C

*Mar  1 03:15:32.511:CDMA-RP:(req) process_rp_req, homeagent=5.0.0.2 coaddr=4.0.0.1

*Mar  1 03:15:32.511:               lifetime=1800 id=AF3BFE55-69A109D IMSI=000000000000001

*Mar  1 03:15:32.511:CDMA-RP:(req) rp_req_create, ha=5.0.0.2, coa=4.0.0.1, key=1 
IMSI=000000000000001

*Mar  1 03:15:32.511:CDMA-RP:(out) rp_reply session=5.0.0.2-4.0.0.1-1, lifetime=1800

*Mar  1 03:15:32.511:CDMA-RP:(out) Setup RP out message, ha=5.0.0.2 coa=4.0.0.1 key=1

*Mar  1 03:15:38.555:CDMA-RP:simple ip visitor added, mn=9.2.0.1, ha=0.0.0.0

Router#

*Mar  1 03:15:54.755:CDMA-RP:len=8, 01-00-00-00-00-00-00-10 convert to 000000000000001 (15 
digits), type=IMSI

*Mar  1 03:15:54.755:CDMA-RP:extension type=38, len=0

*Mar  1 03:15:54.755:CDMA-RP:extension type=32, len=20

*Mar  1 03:15:54.755:         00 00 01 00 EA 9C C6 4C BA B9 F9 B6 DD C4 19 76

*Mar  1 03:15:54.755:         51 5A 56 45

*Mar  1 03:15:54.755:CDMA-RP:(req) process_rp_req, homeagent=5.0.0.2 coaddr=4.0.0.1

*Mar  1 03:15:54.755:               lifetime=0 id=AF3BFE6B-4616E475 IMSI=000000000000001

*Mar  1 03:15:54.755:CDMA-RP:(req) rp_req_lifetime_zero 5.0.0.2-4.0.0.1-1

*Mar  1 03:15:54.755:               IMSI=000000000000001

*Mar  1 03:15:54.755:CDMA-RP:(out) rp_reply session=5.0.0.2-4.0.0.1-1, lifetime=0

*Mar  1 03:15:54.755:CDMA-RP:(out) Setup RP out message, ha=5.0.0.2 coa=4.0.0.1 key=1

Router# debug cdma pdsn a11 event mnid 000000000000001

Router# show debug

CDMA:

  CDMA PDSN A11 events debugging is on for mnid 000000000000001

Router#

*Mar  1 03:09:34.339:CDMA-RP:len=8, 01-00-00-00-00-00-00-10 convert to 000000000000001 (15 
digits), type=IMSI

*Mar  1 03:09:34.339:CDMA-RP:(req) process_rp_req, homeagent=5.0.0.2 coaddr=4.0.0.1

*Mar  1 03:09:34.339:               lifetime=1800 id=AF3BFCEE-DC9FC751 
IMSI=000000000000001

*Mar  1 03:09:34.339:CDMA-RP:(req) rp_req_create, ha=5.0.0.2, coa=4.0.0.1, key=1 
IMSI=000000000000001

*Mar  1 03:09:34.339:CDMA-RP:(out) rp_reply session=5.0.0.2-4.0.0.1-1, lifetime=1800

*Mar  1 03:09:34.339:CDMA-RP:(out) Setup RP out message, ha=5.0.0.2 coa=4.0.0.1 key=1

*Mar  1 03:09:40.379:CDMA-RP:simple ip visitor added, mn=9.2.0.1, ha=0.0.0.0

Router#

close the session

Router#

*Mar  1 03:10:00.575:CDMA-RP:len=8, 01-00-00-00-00-00-00-10 convert to 000000000000001 (15 
digits), type=IMSI

*Mar  1 03:10:00.575:CDMA-RP:(req) process_rp_req, homeagent=5.0.0.2 coaddr=4.0.0.1

*Mar  1 03:10:00.575:               lifetime=0 id=AF3BFD09-18040319 IMSI=000000000000001

*Mar  1 03:10:00.575:CDMA-RP:(req) rp_req_lifetime_zero 5.0.0.2-4.0.0.1-1

*Mar  1 03:10:00.575:               IMSI=000000000000001

*Mar  1 03:10:00.575:CDMA-RP:(out) rp_reply session=5.0.0.2-4.0.0.1-1, lifetime=0

*Mar  1 03:10:00.575:CDMA-RP:(out) Setup RP out message, ha=5.0.0.2 coa=4.0.0.1 key=1

Router# debug cdma pdsn a11 packet mnid 000000000000001 

Router# show debug 

CDMA:

  CDMA PDSN A11 packet debugging is on for mnid 000000000000001

Router#

*Mar  1 03:13:37.803:CDMA-RP:extension type=38, len=0

*Mar  1 03:13:37.803:CDMA-RP:extension type=38, len=0

*Mar  1 03:13:37.803:CDMA-RP:extension type=38, len=0

*Mar  1 03:13:37.803:CDMA-RP:extension type=32, len=20

*Mar  1 03:13:37.803:         00 00 01 00 A8 5B 30 0D 4E 2B 83 FE 18 C6 9D C2

*Mar  1 03:13:37.803:         15 BF 5B 57

*Mar  1 03:13:51.575:CDMA-RP:extension type=38, len=0

*Mar  1 03:13:51.575:CDMA-RP:extension type=32, len=20

*Mar  1 03:13:51.575:         00 00 01 00 58 77 E5 59 67 B5 62 15 17 52 83 6D

*Mar  1 03:13:51.579:         DC 0A B0 5B

debug cdma pdsn accounting

To display debug messages for accounting events, use the debug cdma pdsn accounting command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn accounting

no cdma pdsn accounting

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn accounting command:

Router# debug cdma pdsn accounting 

CDMA PDSN accounting debugging is on

Router#

*Jan  1 00:15:32:CDMA/ACCT:null vaccess in session_start

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[9] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[44] len:[3] 01   Processing Y1

*Jan  1 00:15:32:CDMA/ACCT:    Setup airlink record received

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[12] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[41] len:[6] 00 00 00 02 CDMA/ACCT: 
Processing Y2

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[9] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[42] len:[3] 12 CDMA/ACCT: Processing Y3

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1F] len:[17] 30 30 30 30 30 30 30 30 
30 30 30 30 30 30 32      Processing A1

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[12] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[9] len:[6] 04 04 04 05   Processing D3

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[14] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[10] len:[8] 00 00 04 04 04 05   
Processing D4

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[9] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[44] len:[3] 02   Processing Y1

*Jan  1 00:15:32:CDMA/ACCT:    Start airlink record received

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[12] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[41] len:[6] 00 00 00 02 CDMA/ACCT: 
Processing Y2

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[9] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[42] len:[3] 13 CDMA/ACCT: Processing Y3

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[10] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[11] len:[4] 00 02   Processing E1

*Jan  1 00:15:32:CDMA/ACCT: Current Attribute type:0x[1A] len:[10] 

*Jan  1 00:15:32:CDMA/ACCT:    VSA Vid:5535 type:[12] len:[4] 00 F1   Processing F1

debug cdma pdsn accounting flow

To display debug messages for accounting flow, use the debug cdma pdsn accounting flow command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn accounting flow

no debug cdma pdsn accounting flow

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn accounting flow command:

Router# debug cdma pdsn accounting flow 

CDMA PDSN flow based accounting debugging is on

pdsn-6500#

01:59:40:CDMA-SM:cdma_pdsn_flow_acct_upstream sess id 1 flow type 0 bytes 100 addr 
20.20.20.1

01:59:40:CDMA-SM:cdma_pdsn_flow_acct_downstream sess id 1 flow type 0 bytes 100 addr 
20.20.20.1

debug cdma pdsn accounting time-of-day

To display the timer value, use the debug cdma pdsn accounting time-of-day command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn accounting time-of-day

no debug cdma pdsn accounting time-of-day

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn accounting time-of-day command:

Router# debug cdma pdsn accounting time-of-day 

CDMA PDSN accounting time-of-day debugging is on

Feb 15 19:13:23.634:CDMA-TOD:Current timer expiring in 22 seconds

Feb 15 19:13:24.194:%SYS-5-CONFIG_I:Configured from console by console

Router#

Feb 15 19:13:45.635:CDMA-TOD:Timer expired...Rearming timer

Feb 15 19:13:45.635:CDMA-TOD:Gathering session info

Feb 15 19:13:45.635:CDMA-TOD:Found 0 sessions 

debug cdma pdsn cluster

To display the error messages, event messages, and packets received, use the debug cdma pdsn cluster command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn cluster {message [error | events | packets] redundancy [error | events | packets ]}

no debug cdma pdsn cluster {message [error | events | packets] redundancy [error | events | packets ]}

Syntax Description

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Usage Guidelines

This debug is only allowed on PDSN c6-mz images, and helps to monitor prepaid information.

Examples

The following is sample output from the debug cdma pdsn cluster command:

Router# debug cdma pdsn cluster ?

  message     Debug PDSN cluster controller messages

  redundancy  Debug PDSN cluster controller redundancy

debug cdma pdsn ipv6

To display IPV6 error or event messages, use the debug cdma pdsn IPV6 command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn ipv6

no debug cdma pdsn ipv6

Syntax Description

There are no arguments or keywords for this command.

Defaults

No default behavior or values.

Command History

Usage Guidelines

The following example illustrates the debug cdma pdsn ipv6 command:

Router# debug cdma pdsn ipv6

debug cdma pdsn prepaid

To display debug messages about prepaid flow, use the debug cdma pdsn prepaid command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn prepaid

no debug cdma pdsn prepaid

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Usage Guidelines

This debug is only allowed on PDSN c6-mz images, and helps to monitor prepaid information.

Examples

The following is sample output from the debug cdma pdsn prepaid command:

Router# debug cdma pdsn prepaid

*Mar  1 00:09:38.391: CDMA-PREPAID:  Initialized the authorization request

*Mar  1 00:09:38.391: CDMA-PREPAID:   Added username into A-V list

*Mar  1 00:09:38.391: CDMA-PREPAID:   Added CLID into A-V list

*Mar  1 00:09:38.391: CDMA-PREPAID:   Added session id for prepaid

*Mar  1 00:09:38.391: CDMA-PREPAID:   Added correlation id into A-V list

*Mar  1 00:09:38.391: CDMA-PREPAID:   Added auth reason for prepaid into A-V list

*Mar  1 00:09:38.391: CDMA-PREPAID:   Added USER_ID for prepaid

*Mar  1 00:09:38.391: CDMA-PREPAID:   Added service id for prepaid

*Mar  1 00:09:38.391: CDMA-PREPAID:   Built prepaid VSAs

*Mar  1 00:09:38.391: CDMA-PREPAID:   Sent the request to AAA

*Mar  1 00:09:38.391: CDMA-PREPAID:   Auth_reason: CRB_RSP_PEND_INITIAL_QUOTA

*Mar  1 00:09:38.395: CDMA-PREPAID:   Received prepaid response: status 2

*Mar  1 00:09:38.395: CDMA-PREPAID:   AAA authorised parms being processed

*Mar  1 00:09:38.395: CDMA-PREPAID:   Attr in Grp Prof: crb-entity-type

*Mar  1 00:09:38.395: (0x4B000000) CDMA/PREPAID: AAA_AT_CRB_ENTITY_TYPE

*Mar  1 00:09:38.395: (0x4B000000) CDMA/PREPAID: entity type returns 1

*Mar  1 00:09:38.395: CDMA-PREPAID:   Attr in Grp Prof: crb-duration

*Mar  1 00:09:38.395: (0x4B000000) CDMA/PREPAID: AAA_AT_CRB_DURATION

*Mar  1 00:09:38.395: (0x4B000000) CDMA/PREPAID: duration returns 120

*Mar  1 00:09:38.395: CDMA-PREPAID:   Retrieved attributes successfully

*Mar  1 00:09:38.395: CDMA-PREPAID:   Reset duration to 120, mn 9.3.0.1

*Mar  1 00:09:38.395: CDMA-PREPAID: : Started duration timer for 120 sec

debug cdma pdsn qos

To display debug messages about quality of service features, use the debug cdma pdsn qos command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn qos

no debug cdma pdsn qos

Syntax Description

There are no arguments or keywords for this command.

Defaults

There are no default values for this command.

Command History

Examples

There are currently no sample outputs for this command.

debug cdma pdsn radius disconnect nai

To display debug messages about RADIUS disconnect functions, use the debug cdma pdsn radius disconnect nai command in Privileged EXEC mode. Use the no form of the command to disable debug messages.

debug cdma pdsn radius disconnect nai

no debug cdma pdsn radius disconnect nai

Syntax Description

There are no keywords or arguments for this command.

Defaults

There are no default values for this command.

Command Modes

EXEC mode

Command History

Examples

Here is sample output for the debug cdma pdsn radius disconnect nai command:

Jan 5 12:17:59.671: CDMA-POD: POD request received

Jan 5 12:17:59.671: CDMA-POD: NAI in POD request : mwtr-mip-sa2sp1-user1@ispxyz.com

Jan 5 12:17:59.671: CDMA-POD: IMSI in POD request : 00000000000201

Jan 5 12:17:59.671: CDMA-POD: Delete flow for NAI: mwtr-mip-sa2sp1-user1@ispxyz.com

Jan 5 12:17:59.671: CDMA-POD: Delete flow for NAI: mwtr-mip-sa2sp1-user1@ispxyz.com

debug cdma pdsn redundancy attributes

To debug the PDSN session redundancy attributes, use the debug cdma pdsn redundancy attributes command.

debug cdma pdsn redundancy attributes

Syntax Description

There are no keywords or arguments for this command.

Defaults

There are no default values for this command.

Command Modes

EXEC mode

Command History

debug cdma pdsn redundancy errors

To debug the PDSN-SR redundancy aspect of errors, use the debug cdma pdsn redundancy errors command.

debug cdma pdsn redundancy errors

Syntax Description

There are no keywords or arguments for this command.

Defaults

There are no default values for this command.

Command Modes

EXEC mode

Command History

debug cdma pdsn redundancy events

To debug events for PDSN session redundancy, use the debug cdma pdsn redundancy events command.

debug cdma pdsn redundancy events

Syntax Description

There are no keywords or arguments for this command.

Defaults

There are no default values for this command.

Command Modes

EXEC mode

Command History

debug cdma pdsn redundancy packets

To debug and collect any data pertaining to PDSN-SR, use the debug cdma pdsn redundancy packets command.

debug cdma pdsn redundancy packets

Syntax Description

There are no keywords or arguments for this command.

Defaults

There are no default values for this command.

Command Modes

EXEC mode

Command History

debug cdma pdsn resource-manager

To display debug messages that help you monitor the resource-manager information, use the debug cdma pdsn resource-manager command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn resource-manager [error | events]

no debug cdma pdsn resource-manager [error | events]

Syntax Description

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pds resource-manager command:

Router# debug cdma pdsn resource-manager 

   errors  CDMA PDSN resource manager errors

   events  CDMA PDSN resource manager events

debug cdma pdsn selection

To display debug messages for the intelligent Packet Data Serving Node (PDSN) selection feature, use the debug cdma pdsn selection command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn selection {errors | events | packets}

no debug cdma pdsn selection {errors | events | packets}

Syntax Description

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn selection command with the keyword events specified:

Router# debug cdma pdsn selection events 

CDMA PDSN selection events debugging is on

Router#

00:27:46: CDMA-PSL: Message(IN) pdsn 51.4.2.40 interface 70.4.2.40

00:27:46:                Keepalive 10

00:27:46:                Count 0

00:27:46:                Capacity 16000

00:27:46:                Weight 0

00:27:46:                Hostname 11 7206-PDSN-2

00:27:46: CDMA-PSL: Reset keepalive, pdsn 51.4.2.40 current 10 new 10

00:27:46: CDMA-PSL: Message processed, pdsn 51.4.2.40 tsize 0 pendings 0

00:27:47: CDMA-PSL: Send KEEPALIVE, len 32

00:27:47: CDMA-PSL: Message(OUT) dest 224.0.0.11

00:27:47:                Keepalive 10

00:27:47:                Count 1

00:27:47:                Capacity 16000

00:27:47:                Weight 0

00:27:47:                Hostname 11 7206-PDSN-1

00:27:47: CDMA-PSL: RRQ sent, s=70.4.1.40 (FastEthernet0/1), d=224.0.0.11

debug cdma pdsn service-selection

To display debug messages for service selection, use the debug cdma pdsn service-selection command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn service-selection

no debug cdma pdsn service-selection

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn service-selection command:

Router# debug cdma pdsn service-selection 

CDMA PDSN service provisioning debugging is on

Router#

1d02h:%LINK-3-UPDOWN:Interface Virtual-Access3, changed state to up

1d02h:Vi3 CDMA-SP:user_class=1, ms_ipaddr_req=1, apply_acl=0

1d02h:Vi3 CDMA-SP:Adding simple ip flow, user=bsip, mn=6.0.0.2,

1d02h:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access3,

changed state to up

debug cdma pdsn session

To display debug messages for Session Manager errors, events, and packets, use the debug cdma pdsn session command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug cdma pdsn session [errors | events ]

no debug cdma pdsn session [errors | events ]

Syntax Description

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command Modes

Privileged EXEC

Command History

Examples

The following is sample output from the debug cdma pdsn session command:

Router# debug cdma pdsn session events 

CDMA PDSN session events debugging is on

Router# debug cdma pdsn session errors 

CDMA PDSN session errors debugging is on

Router# show debug 

CDMA:

  CDMA PDSN session events debugging is on

  CDMA PDSN session errors debugging is on

Router#

*Jan  1 00:22:27:CDMA-SM:create_session 5.5.5.5-4.4.4.5-2

*Jan  1 00:22:27:CDMA-SM:create_tunnel 5.5.5.5-4.4.4.5

*Jan  1 00:22:27:%LINK-3-UPDOWN:Interface Virtual-Access1, changed state to up

*Jan  1 00:22:29:CDMA-SM:create_flow mn=0.0.0.0, ha=8.8.8.8 nai=l2tp2@cisco.com

*Jan  1 00:22:30:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access1, changed 
state to up

debug condition

To filter debugging output for certain debug commands on the basis of specified conditions, use the debug condition command in privileged EXEC mode. To remove the specified condition, use the no form of this command.

debug condition {called dial-string | caller dial-string | calling tid/imsi string | domain domain-name | ip ip-address | mac-address hexadecimal-MAC-address | portbundle ip ip-address bundle bundle-number | session-id session-number | username username | vcid vc-id}

no debug condition {condition-id | all}

Syntax Description

Defaults

All debugging messages for enabled protocol-specific debug commands are generated.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the debug condition command to restrict the debug output for some commands. If any debug condition commands are enabled, output is generated only for interfaces associated with the specified keyword. In addition, this command enables debugging output for conditional debugging events. Messages are displayed as different interfaces meet specific conditions.

If multiple debug condition commands are enabled, output is displayed if at least one condition matches. All the conditions do not need to match.

The no form of this command removes the debug condition specified by the condition identifier. The condition identifier is displayed after you use a debug condition command or in the output of the show debug condition command. If the last condition is removed, debugging output resumes for all interfaces. You will be asked for confirmation before removing the last condition or all conditions.

Not all debugging output is affected by the debug condition command. Some commands generate output whenever they are enabled, regardless of whether they meet any conditions.

The following components are supported for Intelligent Service Architecture (ISA) distributed conditional debugging:

•Authentication, authorization, and accounting (AAA) and RADIUS

•ATM components

•Feature Manager

•Policy Manager

•PPP

•PPP over Ethernet (PPPoE)

•Session Manager

•Virtual Private Dialup Network (VPDN)

Ensure that you enable TID/IMSI-based conditional debugging by entering debug condition calling before configuring debug gprs gtp and debug gprs charging. In addition, ensure that you disable the debug gprs gtp and debug gprs charging commands using the no debug all command before disabling conditional debugging using the no debug condition command. This will prevent a flood of debugging messages when you disable conditional debugging.

Examples

Example 1

In the following example, the router displays debugging messages only for interfaces that use a username of "user1". The condition identifier displayed after the command is entered identifies this particular condition.

Router# debug condition username user1 

Condition 1 set

Example 2

The following example specifies that the router should display debugging messages only for VC 1000:

Router# debug condition vcid 1000 

Condition 1 set

01:12:32: 1000 Debug: Condition 1, vcid 1000 triggered, count 1

01:12:32: 1000 Debug: Condition 1, vcid 1000 triggered, count 1

The following example enables other debugging commands. These debugging commands will only display information for VC 1000.

Router# debug mpls l2transport vc event 

AToM vc event debugging is on

Router# debug mpls l2transport vc fsm 

AToM vc fsm debugging is on

The following commands shut down the interface on which VC 1000 is established.

Router(config)# interface s3/1/0

Router(config-if)# shut 

The debugging output shows the change to the interface where VC 1000 is established.

01:15:59: AToM MGR [13.13.13.13, 1000]: Event local down, state changed from established 
to remote ready 

01:15:59: AToM MGR [13.13.13.13, 1000]: Local end down, vc is down 

01:15:59: AToM SMGR [13.13.13.13, 1000]: Processing imposition update, vc_handle 6227BCF0, 
update_action 0, remote_vc_label 18 

01:15:59: AToM SMGR [13.13.13.13, 1000]: Imposition Disabled 

01:15:59: AToM SMGR [13.13.13.13, 1000]: Processing disposition update, vc_handle 
6227BCF0, update_action 0, local_vc_label 755 

01:16:01:%LINK-5-CHANGED: Interface Serial3/1/0, changed state to administratively down

01:16:02:%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/1/0, changed state to 
down

Related Commands

debug ip mobile

To display IP mobility activities, use the debug ip mobile command in privileged EXEC mode.

debug ip mobile [advertise | host [access-list-number] | local-area | redundancy | udp-tunneling]

Syntax Description

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Usage Guidelines

Use the debug ip mobile redundancy command to troubleshoot redundancy problems.

No per-user debugging output is shown for mobile nodes using the network access identifier (NAI) for the debug ip mobile host command. Debugging of specific mobile nodes using an IP address is possible through the access list.

Examples

The following is sample output from the debug ip mobile command when foreign agent reverse tunneling is enabled:

MobileIP:MN 14.0.0.30 deleted from ReverseTunnelTable of Ethernet2/1(Entries 0)

The following is sample output from the debug ip mobile advertise command:

Router# debug ip mobile advertise

MobileIP: Agent advertisement sent out Ethernet1/2: type=16, len=10, seq=1, 
lifetime=36000, 

flags=0x1400(rbhFmGv-rsv-), 

Care-of address: 68.0.0.31 

Prefix Length ext: len=1 (8 )

FA Challenge value:769C808D

Table 1 describes the significant fields shown in the display.

The following is sample output from the debug ip mobile host command:

Router# debug ip mobile host

MobileIP: HA received registration for MN 20.0.0.6 on interface Ethernet1 using COA

68.0.0.31 HA 66.0.0.5 lifetime 30000 options sbdmgvT

MobileIP: Authenticated FA 68.0.0.31 using SPI 110 (MN 20.0.0.6)

MobileIP: Authenticated MN 20.0.0.6 using SPI 300

MobileIP: HA accepts registration from MN 20.0.0.6

MobileIP: Mobility binding for MN 20.0.0.6 updated

MobileIP: Roam timer started for MN 20.0.0.6, lifetime 30000

MobileIP: MH auth ext added (SPI 300) in reply to MN 20.0.0.6

MobileIP: HF auth ext added (SPI 220) in reply to MN 20.0.0.6

MobileIP: HA sent reply to MN 20.0.0.6

The following is sample output from the debug ip mobile redundancy command. In this example, the active home agent receives a registration request from mobile node 20.0.0.2 and sends a binding update to peer home agent 1.0.0.2:

MobileIP:MN 20.0.0.2 - sent BindUpd to HA 1.0.0.2 HAA 20.0.0.1

MobileIP:HA standby maint started - cnt 1

MobileIP:MN 20.0.0.2 - sent BindUpd id 3780410816 cnt 0 elapsed 0

adjust -0 to HA 1.0.0.2 in grp 1.0.0.10 HAA 20.0.0.1

In this example, the standby home agent receives a binding update for mobile node 20.0.0.2 sent by the active home agent:

MobileIP:MN 20.0.0.2 - HA rcv BindUpd from 1.0.0.3 HAA 20.0.0.1

The following is sample output from the debug ip mobile udp-tunneling command and displays the registration, authentication, and establishment of UDP tunneling of a mobile node (MN) with a foreign agent (FA):

Dec 31 12:34:25.707: UDP: rcvd src=10.10.10.10(434),dst=10.30.30.1(434), length=54

Dec 31 12:34:25.707: MobileIP: ParseRegExt type MHAE(32) addr 2000FEEC end 2000FF02

Dec 31 12:34:25.707: MobileIP: ParseRegExt skipping 10 to next

Dec 31 12:34:25.707: MobileIP: FA rcv registration for MN 10.10.10.10 on Ethernet2/2 using 
 COA 10.30.30.1 HA 10.10.10.100 lifetime 65535 options sbdmg-T-identification 
 C1BC0D4FB01AC0D8

Dec 31 12:34:25.707: MobileIP: Ethernet2/2 glean 10.10.10.10 accepted

Dec 31 12:34:25.707: MobileIP: Registration request byte count = 74

Dec 31 12:34:25.707: MobileIP: FA queued MN 10.10.10.10 in register table

Dec 31 12:34:25.707: MobileIP: Visitor registration timer started for MN 10.10.10.10, 
 lifetime 120

Dec 31 12:34:25.707: MobileIP:  Adding UDP Tunnel req extension

Dec 31 12:34:25.707: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:25.707: MobileIP: MN 10.10.10.10 FHAE added to HA 10.10.10.100 using SPI 1000

Dec 31 12:34:25.707: MobileIP: FA forwarded registration for MN 10.10.10.10 to HA 
 10.10.10.100

Dec 31 12:34:25.715: UDP: rcvd src=10.10.10.100(434), dst=10.30.30.1(434), length=94

Dec 31 12:34:25.715: MobileIP: ParseRegExt type NVSE(134) addr 20010B28 end 20010B6A

Dec 31 12:34:25.715: MobileIP: ParseRegExt type MN-config NVSE(14) subtype 1 (MN prefix 
 length) prefix length (24)

Dec 31 12:34:25.715: MobileIP: ParseRegExt skipping 12 to next

Dec 31 12:34:25.715: MobileIP: ParseRegExt type MHAE(32) addr 20010B36 end 20010B6A

Dec 31 12:34:25.715: MobileIP: ParseRegExt skipping 10 to next

Dec 31 12:34:25.715: MobileIP: ParseRegExt type UDPTUNREPE(44) addr 20010B4C end 20010B6A

Dec 31 12:34:25.715: Parsing UDP Tunnel Reply Extension - length 6

Dec 31 12:34:25.715: MobileIP: ParseRegExt skipping 6 to next

Dec 31 12:34:25.715: MobileIP: ParseRegExt type FHAE(34) addr 20010B54 end 20010B6A

Dec 31 12:34:25.715: MobileIP: ParseRegExt skipping 20 to next

Dec 31 12:34:25.715: MobileIP: FA rcv accept (0) reply for MN 10.10.10.10 on Ethernet2/3 
 using HA 10.10.10.100 lifetime 65535

Dec 31 12:34:25.719: MobileIP: Authenticating HA 10.10.10.100 using SPI 1000

Dec 31 12:34:25.719: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:25.719: MobileIP: Authenticated HA 10.10.10.100 using SPI 1000 and 16 byte 
 key

Dec 31 12:34:25.719: MobileIP: HA accepts UDP Tunneling

Dec 31 12:34:25.719: MobileIP: Update visitor table for MN 10.10.10.10

Dec 31 12:34:25.719: MobileIP: Enabling UDP Tunneling

Dec 31 12:34:25.719: MobileIP: Tunnel0 (MIPUDP/IP) created with src 10.30.30.1 dst 
 10.10.10.100

Dec 31 12:34:25.719: MobileIP: Setting up UDP Keep-Alive Timer for tunnel 10.30.30.1:0 - 
 10.10.10.100:0 with keep-alive 30

Dec 31 12:34:25.719: MobileIP: Starting the tunnel keep-alive timer

Dec 31 12:34:25.719: MobileIP: ARP entry for MN 10.10.10.10 using 10.10.10.10 inserted on 
 Ethernet2/2

Dec 31 12:34:25.719: MobileIP: FA route add 10.10.10.10 successful. Code = 0

Dec 31 12:34:25.719: MobileIP: MN 10.10.10.10 added to ReverseTunnelTable of Ethernet2/2 
 (Entries 1)

Dec 31 12:34:25.719: MobileIP: FA dequeued MN 10.10.10.10 from register table

Dec 31 12:34:25.719: MobileIP: MN 10.10.10.10 using 10.10.10.10 visiting on Ethernet2/2 
Dec 31 12:34:25.719: MobileIP: Reply in for MN 10.10.10.10 using 10.10.10.10, accepted

Dec 31 12:34:25.719: MobileIP: registration reply byte count = 84

Dec 31 12:34:25.719: MobileIP: FA forwarding reply to MN 10.10.10.10 (10.10.10.10 mac 
 0060.70ca.f021)

Dec 31 12:34:26.095: MobileIP: agent advertisement byte count = 48

Dec 31 12:34:26.095: MobileIP: Agent advertisement sent out Ethernet2/2: type=16, len=10, 
 seq=55, lifetime=65535, flags=0x1580(rbhFmG-TU),

Dec 31 12:34:26.095: Care-of address: 10.30.30.1

Dec 31 12:34:26.719: MobileIP: swif coming up Tunnel0

!

Dec 31 12:34:35.719: UDP: sent src=10.30.30.1(434), dst=10.10.10.100(434)

Dec 31 12:34:35.719: UDP: rcvd src=10.10.10.100(434), dst=10.30.30.1(434), length=32d0

The following is sample output from the debug ip mobile udp-tunneling command and displays the registration, authentication, and establishment of UDP tunneling of a MN with a home agent (HA):

Dec 31 12:34:26.167: MobileIP: ParseRegExt skipping 20 to next

Dec 31 12:34:26.167: MobileIP: ParseRegExt type UDPTUNREQE(144) addr 2001E762 end 2001E780

Dec 31 12:34:26.167: MobileIP: Parsing UDP Tunnel Request Extension - length 6

Dec 31 12:34:26.167: MobileIP: ParseRegExt skipping 6 to next

Dec 31 12:34:26.167: MobileIP: ParseRegExt type FHAE(34) addr 2001E76A end 2001E780

Dec 31 12:34:26.167: MobileIP: ParseRegExt skipping 20 to next

Dec 31 12:34:26.167: MobileIP: HA 167 rcv registration for MN 10.10.10.10 on Ethernet2/1 
 using HomeAddr 10.10.10.10 COA 10.30.30.1 HA 10.10.10.100 lifetime 65535 options 
 sbdmg-T-identification C1BC0D4FB01AC0D8

Dec 31 12:34:26.167: MobileIP: NAT detected SRC:10.10.10.50 COA: 10.30.30.1

Dec 31 12:34:26.167: MobileIP: UDP Tunnel Request accepted 10.10.10.50:434

Dec 31 12:34:26.167: MobileIP: Authenticating FA 10.30.30.1 using SPI 1000

Dec 31 12:34:26.167: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.167: MobileIP: Authentication algorithm MD5 and truncated key

Dec 31 12:34:26.167: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.167: MobileIP: Authenticated FA 10.30.30.1 using SPI 1000 and 16 byte key

Dec 31 12:34:26.167: MobileIP: Authenticating MN 10.10.10.10 using SPI 1000

Dec 31 12:34:26.167: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.167: MobileIP: Authentication algorithm MD5 and truncated key

Dec 31 12:34:26.167: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.167: MobileIP: Authenticated MN 10.10.10.10 using SPI 1000 and 16 byte key

Dec 31 12:34:26.167: MobileIP: Mobility binding for MN 10.10.10.10 created

Dec 31 12:34:26.167: MobileIP: NAT detected for MN 10.10.10.10. Terminating tunnel on 
 10.10.10.50

Dec 31 12:34:26.167: MobileIP: Tunnel0 (MIPUDP/IP) created with src 10.10.10.100 dst 
 10.10.10.50

Dec 31 12:34:26.167: MobileIP: Setting up UDP Keep-Alive Timer for tunnel 10.10.10.100:0 - 
 10.10.10.50:0 with keep-alive 30

Dec 31 12:34:26.167: MobileIP: Starting the tunnel keep-alive timer 

Dec 31 12:34:26.167: MobileIP: MN 10.10.10.10 Insert route for 10.10.10.10/255.255.255.255 
 via gateway 10.10.10.50 on Tunnel0

Dec 31 12:34:26.167: MobileIP: MN 10.10.10.10 is now roaming

Dec 31 12:34:26.171: MobileIP: Gratuitous ARPs sent for MN 10.10.10.10 MAC 0002.fca5.bc39

Dec 31 12:34:26.171: MobileIP: Mask for address is 24

Dec 31 12:34:26.171: MobileIP: HA accepts registration from MN 10.10.10.10

Dec 31 12:34:26.171: MobileIP: Dynamic and Static Network Extension Length 0 - 0

Dec 31 12:34:26.171: MobileIP: Composed mobile network extension length:0

Dec 31 12:34:26.171: MobileIP: Added prefix length vse in reply

Dec 31 12:34:26.171: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.171: MobileIP: MN 10.10.10.10 MHAE added to MN 10.10.10.10 using SPI 1000

Dec 31 12:34:26.171: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.171: MobileIP: MN 10.10.10.10 FHAE added to FA 10.10.10.50 using SPI 1000

Dec 31 12:34:26.171: MobileIP: MN 10.10.10.10 - HA sent reply to 10.10.10.50

Dec 31 12:34:26.171: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.171: MobileIP: MN 10.10.10.10 HHAE added to HA 10.10.10.3 using SPI 1000

Dec 31 12:34:26.175: MobileIP: ParseRegExt type CVSE(38) addr 2000128C end 200012AE

Dec 31 12:34:26.175: MobileIP: ParseRegExt type HA red. version CVSE(6)

Dec 31 12:34:26.175: MobileIP: ParseRegExt skipping 8 to next

Dec 31 12:34:26.175: MobileIP: ParseRegExt type HHAE(35) addr 20001298 end 200012AE

Dec 31 12:34:26.175: MobileIP: ParseRegExt skipping 20 to next

Dec 31 12:34:26.175: MobileIP: Authenticating HA 10.10.10.3 using SPI 1000

Dec 31 12:34:26.175: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.175: MobileIP: Authentication algorithm MD5 and truncated key

Dec 31 12:34:26.175: MobileIP: Authentication algorithm MD5 and 16 byte key

Dec 31 12:34:26.175: MobileIP: Authenticated HA 10.10.10.3 using SPI 1000 and 16 byte key

Dec 31 12:34:27.167: MobileIP: swif coming up Tunnel0d0

debug ip mobile cdma ipsec

To enable debugging on the IS835 IPsec feature, use the debug ip mobile cdma ipsec command in privileged EXEC mode. To disable debugging for this feature, use the no form of the command.

debug ip mobile cdma ipsec

no debug ip mobile cdma ipsec

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command History

Examples

The following example illustrates how to issue the debug ip mobile cdma ipsec command:

router# debug ip mobile csma ipsec

interface cdma-Ix

To define the virtual interface for the R-P tunnels, use the interface cdma-Ix command in global configuration mode. To disable the interface, use the no form of this command.

interface cdma-Ix1

no interface cdma-Ix1

Syntax Description

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Usage Guidelines

The only interface level command allowed on the virtual interface is the IP address configuration.

Examples

The following example defines the virtual interface for the R-P tunnel and configures the IP address:

interface cdma-Ix1

 ip address 1.1.1.1 255.255.0.0

Related Commands

ip mobile authentication ignore-spi

To enable the home agent or foreign agent to accept RFC-2002 based mobile nodes or foreign agents that don't include the security parameter index (SPI) in the authentication extension of the registration message, use the ip mobile authentication ignore-spi command in global configuration mode. To disable this functionality, use the no form of this command.

ip mobile authentication ignore-spi

no ip mobile authentication ignore-spi

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Global configuration.

Command History

Usage Guidelines

Cisco IOS software supports the Mobile-Home Authentication Extension (MHAE). All registration messages between a mobile and a home agent include a mandatory authentication extension.

In RFC 2002, the SPI field was not included to calculate the authenticator value in the authentication extension of the registration message. In RFC 3220 and 3344, the SPI field in the authentication extension is used as part of the data over which the authentication algorithm must be computed.

The command turns off authentication and allows an RFC-2002 based mobile node and foreign agent to register with the home agent even though the SPI field is not included in the authentication extension of the registration message. The foreign agent will accept both RFC 2002 and RFC 3220/3344 based visitors and the home agent will accept both RFC 2002 and RFC 3220/3344 based mobile nodes and foreign agents.

Examples

The following example allows the home agent to accept registration messages without the SPI in the authentication extension:

ip mobile authentication ignore-spi

ip mobile bindupdate

To enable a home agent to send a binding update message to a foreign agent, use the ip mobile bindupdate command in global configuration mode. To disable this functionality, use the no form of this command.

ip mobile bindupdate [acknowledge] [maximum seconds] [minimum seconds] [retry number]

no ip mobile bindupdate [acknowledge] [maximum seconds] [minimum seconds] [retry number]

Syntax Description

Defaults

maximum seconds: 10 seconds
minimum seconds: 1 second
retry number: 4 retries

Command Modes

Global configuration

Command History

Usage Guidelines

This command enables the home agent to send a binding update message to the previous foreign agent when the mobile node moves to a new care-of address. The binding update message informs the foreign agent that a mobile node has moved and it can reclaim resources associated with that mobile node such as a visitor entry or visitor route.

Typically, resources on the foreign agent are not reclaimed until the mobility binding lifetime expires for that mobile node. By using this command, the foreign agent does not have to wait to reclaim resources used by the mobile node when that mobile node is no longer associated with the foreign agent.

Without this command configured, when a mobile node moves from foreign agent 1 to foreign agent 2 or when the home agent removes the binding, foreign agent 1 does not know that the mobile node has moved and the resources on foreign agent 1 associated with the mobile node will not be cleared until the lifetime expires for the mobile node.

If the acknowledge keyword is specified, the home agent periodically retransmits a binding update message until it receives a binding acknowledgement from the foreign agent or until the number of retries is exceeded.

The home agent and foreign agent must share a security association. The binding update message from the home agent and the binding update acknowledgement from the foreign agent must contain a FHAE (Foreign-Home Authentication Extension). If the FHAE is not configured on the home agent with the ip mobile secure command, the home agent will not send a binding update message even if the ip mobile bindupdate command is configured.

Examples

The following example configures the home agent to wait a maximum of 8 seconds before retransmitting a binding update message to a foreign agent. The foreign agent must send an acknowledgement of this binding update message upon receipt.

ip mobile bindupdate acknowledge maximum 8 retry 3 

ip mobile secure foreign-agent 10.31.1.1 spi 100 key hex 23456781234567812345678123456781

The following example configures the security association on the foreign agent. Without the security association configured on the home agent and the foreign agent, the binding update message would not be sent or processed.

ip mobile secure home-agent 172.31.10.1 spi 100 key hex 23456781234567812345678123456781

ip mobile cdma imsi dynamic

To enable the PDSN to delete the first call session for dynamic home address cases (1x-RTT to EVDO handoff where IMSI changes during the handoff), and allow the new session to come up, use the ip mobile cdma imsi dynamic command in global configuration mode. Use the no form of the command to disable this feature.

ip mobile cdma imsi dynamic

no ip mobile cdma imsi dynamic

Syntax Description

There are no arguments or keywords for this command.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Examples

The following example illustrates how to issue the ip mobile cdma imsi dynamic command:

router(config)# ip mobile cdma imsi dynamic

ip mobile cdma ipsec

To enable IS835 IPSec security, use the ip mobile cdma ipsec command in global configuration mode. Use the no form of the command to disable this feature.

ip mobile cdma ipsec

no ip mobile cdma ipsec

Syntax Description

There are no arguments or keywords for this command.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Usage Guidelines

This command is only present in crypto images for the 7200, and non-crypto images for the MWAM.

Examples

The following example illustrates how to enable IS835 IPsec on the PDSN:

router# ip mobile cdma ipsec

ip mobile foreign-agent

To enable foreign agent service, use the ip mobile foreign-agent command in global configuration mode. To disable this service, use the no form of this command.

ip mobile foreign-agent [care-of interface {interface-only] [transmit-only] | reg-wait seconds | local-timezone | reverse-tunnel private-address}

no ip mobile foreign-agent {care-of interface [interface-only] [transmit-only] | reg-wait | local-timezone | reverse-tunnel private-address}

Syntax Description

Defaults

reg-wait seconds: 15

Command Modes

Global configuration

Command History

Usage Guidelines

This command enables foreign agent service when at least one care-of address is configured. When no care-of address exists, foreign agent service is disabled.

The foreign agent is responsible for relaying the registration request to the home agent, setting up a tunnel to the home agent, and forwarding packets to the mobile node. The show commands used to display relevant information are shown in parentheses in the following paragraph.

When a registration request comes in, the foreign agent will ignore requests when foreign agent service is not enabled on an interface or when no care-of address is advertised. If a security association exists for a visiting mobile node, the visitor is authenticated. The registration bitflag is handled as described in Table 2. The foreign agent checks the validity of the request. If successful, the foreign agent relays the request to the home agent, appending an FH authentication extension if a security association for the home agent exists. The pending registration timer of 15 seconds is started (show ip mobile visitor pending command). At most, five outstanding pending requests per mobile node are allowed. If a validity check fails, the foreign agent sends a reply with error code to the mobile node (reply codes are listed in Table 3). A security violation is logged when visiting mobile node authentication fails (show ip mobile violation command).

When a registration reply comes in, the home agent is authenticated (show ip mobile secure home-agent command) if a security association exists for the home agent (IP source address or home agent address in reply). The reply is relayed to the mobile node.

When registration is accepted, the foreign agent creates or updates the visitor table, which contains the expiration timer. If no binding existed before this registration, a virtual tunnel is created, a host route to the mobile node via the interface (of the incoming request) is added to the routing table (show ip route mobile command), and an ARP entry is added to avoid the sendingof ARP requests for the visiting mobile node. Visitor binding is removed (along with its associated host route, tunnel, and ARP entry) when the registration lifetime expires or deregistration is accepted.

When registration is denied, the foreign agent will remove the request from the pending registration table. The table and timers of the visitor will be unaffected.

When a packet destined for the mobile node arrives on the foreign agent, the foreign agent deencapsulates the packet and forwards it out its interface to the visiting mobile node, without sending ARP requests.

The care-of address must be advertised by the foreign agent. This adddress is used by the mobile node to register with the home agent. The foreign agent and home agent use this address as the source and destination point of tunnel, respectively. The foreign agent is not enabled until at least one care-of address is available. The foreign agent will advertise on interfaces configured with the ip mobile foreign-service command.

Only care-of addresses with interfaces that are up are considered available.

The interface-only and transmit-only keywords are used in an aysmmetric link environment, such as satellite communications, where separate uplinks and downlinks exist. The ip mobile foreign-agent care-of interface interface-only command enables the specified interface to advertise only its own address as the care-of address. All other care-of addresses are not advertised. Other foreign agent interfaces configured for foreign-service will not advertise interface-only care-of addresses. The ip mobile foreign-agent care-of interface transmit-only command informs Mobile IP that the interface acts as an uplink. Registration requests and replies received for this care-of address are treated as transmit-only. This interface will not hear any solicitations. Any care-of address can be configured with the interface-only keyword, but only serial interfaces can be configured with the transmit-only keyword.

Use the reverse-tunnel private-address keywords to force a mobile node with a private address to register with reverse tunnel. Private addresses are IP addresses in the following ranges:

•10.0.0.0 to 10.255.255.255 (10/8 prefix)

•172.16.0.0 to 172.31.255.255 (172.16/12 prefix)

•192.168.0.0 to 192.168.255.255 (192.168/16 prefix)

Table 2 lists mobile node registration request service bitflags.

Table 3 lists foreign agent reply codes.

Examples

The following example enables foreign agent service on Ethernet interface 1, advertising 10.0.0.1 as the care-of address:

ip mobile foreign-agent care-of Ethernet0

interface Ethernet0

 ip address 10.0.0.1 255.0.0.0

interface Ethernet1

 ip mobile foreign-service

The following example enables foreign agent service on serial interface 4, advertising 10.0.0.2 as the only care-of address. The uplink interface is configured as a transmit-only interface.

ip mobile foreign-agent care-of Serial4 interface-only transmit-only

interface Serial4

! Uplink interface

 ip address 10.0.0.2 255.255.255.0

 ip irdp

!

 ip mobile foreign-service

!

Related Commands

ip mobile foreign-service

To enable foreign agent service on if care-of addresses are configured, use the ip mobile foreign-service command in interface or global configuration mode. To disable this service, use the no form of this command.

ip mobile foreign-service [challenge [forward-mfce] [timeout value] [window number] | [home-access access-list] [limit number] [registration-required] [reverse-tunnel [mandatory]]

no ip mobile foreign-service [challenge [forward-mfce] [timeout value] [window number] | [home-access access-list | limit number | registration-required | reverse-tunnel]

Syntax Description

Defaults

Foreign agent service is not enabled.
There is no limit to the number of visitors allowed on an interface.
window number: 2
Foreign agent reverse tunneling is not enabled. When foreign agent reverse tunneling is enabled, it is not mandatory by default.

Command Modes

Interface and global configuration

Command History

Usage Guidelines

This command enables foreign agent service on the interface or all interfaces (global configuration). The foreign agent (F) bit will be set in the agent advertisement, which is appended to the IRDP router advertisement whenever the foreign agent or home agent service is enabled on the interface.

Note The Registration-required bit only tells the visiting mobile node to register even if the visiting mobile node is using a colocated care-of address. You must set up packet filters to enforce this. For example, you could deny packets destined for port 434 from the interface of this foreign agent.

When you use the reverse-tunnel keyword to enable foreign agent reverse tunneling on an interface, the reverse tunneling support (T) bit is set in the agent advertisement.

Cisco Express Forwarding (CEF) switching is currently not supported on a foreign agent when reverse tunneling is enabled. If reverse tunneling is enabled at the foreign agent, disable CEF on the foreign agent, using the no ip cef global configuration command. If the foreign agent does not support reverse tunneling, then there is no need to disable CEF at the global configuration level.

Table 4 lists the advertised bitflags.

Examples

The following example shows how to enable foreign agent service for up to 100 visitors:

interface Ethernet 0

 ip mobile foreign-service limit 100 registration-required

The following example shows how to enable foreign agent reverse tunneling:

interface ethernet 0

 ip mobile foreign-service reverse-tunnel

The following example shows how to configure foreign agent challenge parameters:

interface ethernet 0

 ip mobile foreign-service challenge window 2

Related Commands

ip mobile foreign-service revocation

To enable registration revocation support on the PDSN, use the ip mobile foreign-service revocation command in global configuration. To disable this feature, use the no form of the command.

ip mobile foreign-service revocation [timeout value] [retransmit value] [timestamp msec]

Syntax Description

Defaults

The default value for timeout is 3 seconds, and the default value for retransmit is 3 seconds.

Command Modes

Global configuration

Command History

Usage Guidelines

The Registration Revocation feature requires that all the foreign-service configurations should be done globally, and not under the virtual-template interface.

Examples

The following example illustrates the ip mobile foreign-service revocation command:

Router(config)#ip mobile foreign-service revocation timeout 6 retransmit 10

ip mobile prefix-length

To append the prefix-length extension to the advertisement, use the ip mobile prefix-length command in interface configuration mode. To restore the default, use the no form of this command.

ip mobile prefix-length

no ip mobile prefix-length

Syntax Description

This command has no arguments or keywords.

Defaults

The prefix-length extension is not appended.

Command Modes

Interface and Global configuration

Command History

Usage Guidelines

The prefix-length extension is used for movement detection. When a mobile node registered with one foreign agent receives an agent advertisement from another foreign agent, the mobile node uses the prefix-length extension to determine whether the advertisements arrived on the same network. The mobile node needs to register with the second foreign agent if it is on a different network. If the second foreign agent is on the same network, reregistration is not necessary.

Examples

The following example appends the prefix-length extension to agent advertisements sent by a foreign agent:

ip mobile prefix-length

Related Commands

ip mobile proxy-host

To locally configure the proxy Mobile IP attributes, use the ip mobile proxy-host command in global configuration mode. To remove the configuration, use the no form of this command.

ip mobile proxy-host nai username@realm [flags rrq-flags] [home-agent ip-address] [home-addr home-address] [lifetime seconds] [local-timezone]

no ip mobile proxy-host nai username@realm [flags rrq-flags] [home-agent ip-address] [home-addr home-address] [lifetime seconds] [local-timezone]

Syntax Description

Defaults

No security association is specified.

Command Modes

Global configuration

Command History

Usage Guidelines

This command is only available on PDSN platforms running specific PDSN code images; consult Feature Navigator for your Cisco IOS software release.

All proxy Mobile IP attributes can be retrieved from the AAA server. You can use this command to configure the attributes locally.

If only a realm is specified, the home address cannot be specified.

Examples

The following example configures the Mobile IP proxy host with an IP address of 10.3.3.1 and a lifetime value of 6000 seconds:

ip mobile proxy-host nai moiproxy1@cisco.com flags 40 home-agent 10.3.3.1 lifetime 6000

Related Commands

ip mobile registration-lifetime

To set the registration lifetime value advertised, use the ip mobile registration-lifetime command in interface or global configuration mode.

ip mobile registration-lifetime seconds

Syntax Description

Defaults

36000 seconds

Command Modes

Interface and global configuration

Command History

Usage Guidelines

This command allows an administrator to control the advertised lifetime on the interface. The foreign agent uses this command to control duration of registration. Visitors requesting longer lifetimes will be denied.

Examples

The following example sets the registration lifetime to 10 minutes on interface Ethernet 1 and 1 hour on interface Ethernet 2:

interface e1

 ip mobile registration-lifetime 600

interface e2

 ip mobile registration-lifetime 3600

Related Commands

ip mobile secure

To specify the mobility security associations for the mobile host, visitor, home agent, foreign agent, and proxy-host, use the ip mobile secure command in global configuration mode. To remove the mobility security associations, use the no form of this command.

ip mobile secure {aaa-download | host | visitor | home-agent | foreign-agent | proxy-host} {lower-address [upper-address] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5 | hmac-md5} mode prefix-suffix]

no ip mobile secure {aaa-download | host | visitor | home-agent | foreign-agent | proxy-host} {lower-address [upper-address] | nai string} {inbound-spi spi-in outbound-spi spi-out | spi spi} key hex string [replay timestamp [number] algorithm {md5 | hmac-md5} mode prefix-suffix]

Syntax Description

Defaults

No security association is specified.

Command Modes

Global configuration

Command History

Usage Guidelines

The security association consists of the entity address, SPI, key, replay protection method, authentication algorithm, and mode.

The SPI is the 4-byte index that selects the specific security parameters to be used to authenticate the peer. The security parameters consist of the authentication algorithm and mode, replay attack protection method, timeout, and IP address.

The HMAC-MD5 authentication algorithm is mandatory for mobile-home authentication (MHAE), mobile-foreign authentication (MFAE), and foreign-home authentication (FHAE)

On a home agent, the security association of the mobile host is mandatory for mobile host authentication. If desired, configure a foreign agent security association on your home agent. On a foreign agent, the security association of the visiting mobile host and security association of the home agent are optional. Multiple security associations for each entity can be configured.

If registration fails because the timestamp value is out of bounds, the time stamp of the home agent is returned so that the mobile node can reregister with the time-stamp value closer to that of the home agent, if desired.

The nai keyword is valid only for a host, visitor, and proxy host.

The proxy-host keyword is available only on PDSN platforms running specific PDSN code images; consult Feature Navigator for your Cisco IOS software release.

Note NTP is not required for operation but NTP can be used to synchronize time for all parties.

Examples

The following example shows mobile node 10.0.0.4, which has a key that is generated by the MD5 hash of the string:

ip mobile secure host 10.0.0.4 spi 100 key hex 12345678123456781234567812345678

Related Commands

ip mobile tunnel

To specify the settings of tunnels created by Mobile IP, use the ip mobile tunnel command in global configuration mode. To disable the setting of tunnels created by Mobile IP, use the no form of this command.

ip mobile tunnel {crypto map map-name | route-cache [cef] | path-mtu-discovery [age-timer {minutes | infinite}] | nat {inside | outside} | route-map map-tag}

no ip mobile tunnel {crypto map map-name | route-cache [cef] | path-mtu-discovery [age-timer {minutes | infinite}] | nat {inside | outside} | route-map map-tag}

Syntax DescriptionI

Defaults

Disabled.

If enabled, default value for the minutes argument is 10 minutes.

Command Modes

Global configuration

Command History

Usage Guidelines

Path MTU Discovery is used by end stations to find a packet size that does not need to be fragmented when being sent between the end stations. Tunnels must adjust their MTU to the smallest MTU interior to achieve this condition, as described in RFC 2003.

The discovered tunnel MTU should be aged out periodically to possibly recover from a case where suboptimum MTU existed at time of discovery. It is reset to the outgoing MTU of the interface.

The no ip mobile tunnel route-cache command disables fast switching and CEF switching (if CEF is enabled) on Mobile IP tunnels. The no ip mobile tunnel route-cache cef command disables CEF switching only.

CEF switching is currently not supported on a foreign agent when reverse tunneling is enabled. If reverse tunneling is enabled at the foreign agent, disable CEF on the foreign agent using the no ip cef global configuration command. If the foreign agent does not support reverse tunneling, there is no need to disable CEF at the global configuration level.

The crypto map map-name keyword and argument combination are available only on platforms running specific PDSN code images; consult Feature Navigator for your Cisco IOS software release.

Examples

The following example sets the discovered tunnel MTU to expire in 10 minutes (600 seconds):

ip mobile tunnel path-mtu-discovery age-timer 600

Related Commands

ppp authentication

To enable at least one PPP authentication protocol and to specify the order in which the protocols are selected on the interface, use the ppp authentication command in interface configuration mode. To disable this authentication, use the no form of this command.

ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time] [optional]

no ppp authentication

Syntax Description

Defaults

PPP authentication is not enabled.

Command Modes

Interface configuration

Command History

Usage Guidelines

When you enable Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or Extensible Authentication Protocol (EAP) authentication (or all three methods), the local router requires the remote device to prove its identity before allowing data traffic to flow. PAP authentication requires the remote device to send a name and a password, which is checked against a matching entry in the local username database or in the remote security server database. CHAP authentication sends a challenge message to the remote device. The remote device encrypts the challenge value with a shared secret and returns the encrypted value and its name to the local router in a Response message. The local router attempts to match the name of the remote device with an associated secret stored in the local username or remote security server database; it uses the stored secret to encrypt the original challenge and verify that the encrypted values match. EAP works much as CHAP does, except that identity request and response packets are exchanged when EAP starts.

You can enable CHAP, Microsoft CHAP (MS-CHAP), PAP, or EAP in any order. If you enable all four methods, the first method specified is requested during link negotiation. If the peer suggests using the second method, or refuses the first method, the second method is tried. Some remote devices support only one method. Base the order in which you specify methods on the ability of the remote device to correctly negotiate the appropriate method and on the level of data-line security you require. PAP usernames and passwords are sent as clear text strings, which can be intercepted and reused.

Caution If you use a list-name value that was not configured with the aaa authentication ppp command, you will disable PPP on this interface.

Table 5 lists the protocols used to negotiate PPP authentication.

Enabling or disabling PPP authentication does not affect the ability of the local router to authenticate itself to the remote device.

If you are using autoselect on a tty line, you can use the ppp authentication command to turn on PPP authentication for the corresponding interface.

MS-CHAP is the Microsoft version of CHAP. Like the standard version of CHAP, MS-CHAP is used for PPP authentication; authentication occurs between a personal computer using Microsoft Windows NT or Microsoft Windows 95 and a Cisco router or access server acting as a network access server.

To configure Cisco PDSN in compliance with the TIA/EIA/IS-835-B standard, you must configure the PDSN virtual template as follows:

ppp authentication chap pap optional

Examples

The following example configures virtual-template interface 4:

interface virtual-template 4

 ip unnumbered loopback0

 ppp authentication chap pap optional

The following example enables CHAP on asynchronous interface 4 and uses the authentication list MIS-access:

interface async 4

 encapsulation ppp

 ppp authentication chap MIS-access

The following example enables EAP on dialer interface 1:

interface dialer 1

 encapsulation ppp

 ppp authentication eap

Related Commands