Creating and Configuring HA Services
HA services are configured within contexts and allow the system to function as an HA in the 3G wireless data network.
To create and configure an HA service:
Procedure
Step 1 |
Create and configure an HA service as described in the Creating and Configuring an HA Service section. |
||
Step 2 |
Verify your configuration as described in the Verifying HA Service Configuration section. |
||
Step 3 |
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration . For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.
|
Creating and Configuring an HA Service
Use the following example to configure HA services:
configure
context <ha_context_name>
ha-service <ha_service_name>
ip local-port <port_number>
authentication mn-aaa { allow-noauth | always | dereg-noauth | noauth | renew-and-dereg-noauth | renew-reg-noauth }
fa-ha-spi remote-address <fa_ip_address> spi-number <number> { encrypted secret <enc_secret> | secret <secret> } [ description <string> ] [ hash-algorithm { hmac-md5 | md5 | rfc2002-md5 } ]
mn-ha-spi spi-number <number> [ description <string> ] { encrypted secret <enc_secret> | secret <secret> } [ hash-algorithm { hmac-md5 | md5 | rfc2002-md5 } ] [ permit-any-hash-algorithm ] [ replay-protection { nonce | timestamp } [ timestamp-tolerance <tolerance> ]
reg-lifetime <lifetime>
simul-bindings <simul_bindings>
bind address <address> max-subscribers <max_subs>
end
Notes:
- <port_number> must be the UDP port for the Pi interfaces\' IP socket.
- A maximum of 2048 FA-HA Security Parameter Index (SPI) can be configured for each HA service.
- <lifetime> must the longest registration lifetime that the HA service allows in any Registration Request message from the mobile node. An infinite registration lifetime can be configured using the no reg-lifetime command.
- Option: To configure the HA service for controlling the negotiation and sending of the I-bit in revocation messages, in the HA Service Configuration Mode, enter the following comand. By default, HA will not send I-bit in revocation message. revocation negotiate-i-bit
- Use the bind address command to bind the service to the Pi interface and specify the maximum number of subscribers that can access the service. The hardware configuration and features installed can affect the maximum subscriber sessions that can be supported.
- Option: To set the maximum period of time to set up a session, in the HA Service Configuration Mode, enter the following command: setup-timeout <seconds>
- Create and bind additional HA services to any other interfaces as required.
Verifying HA Service Configuration
Verify that your HA services were created and configured properly by entering the following command:
show ha-service { name service_name | all }
Service name: ha1
Context: ha
Bind: Done Max Subscribers: 500000
Local IP Address: 192.168.4.10 Local IP Port: 434
Lifetime: 00h01m40s Simul Bindings: 3
Reverse Tunnel: Enabled
GRE Encapsulation with-key: Enabled Keyless GRE Encapsulation: Disabled
Optimize Tunnel Reassembly: Enabled Setup Timeout: 60 sec
Allow Priv Addr w/o Rev Tunnel: Disabled
WIMAX-3GPP2 Interworking: Disabled
SPI(s):
MNHA: Remote Addr: 0.0.0.0 Description:
Hash Algorithm: HMAC_MD5 SPI Num: 258
Replay Protection: Nonce Timestamp Tolerance: 100
Permit Any Hash Algorithm: Enabled
FAHA: Remote Addr: 195.20.20.6/32 Description:
Hash Algorithm: HMAC_MD5 SPI Num: 258
Replay Protection: Timestamp Timestamp Tolerance: 60
'S' Lifetime Skew: 00h00m10s
IPSEC AAA Context: aaa_context
GRE Sequence Numbers: Disabled GRE Sequence Mode: None
GRE Reorder Timeout: 100 msec
GRE Checksum: Disabled GRE Checksum Verification: Disabled
Registration Revocation: Disabled Reg-Revocation I Bit: Enabled
Reg-Revocation Max Retries: 3 Reg-Revocation Timeout: 3 (secs)
Reg-Rev Handoff old-FA: Enabled Reg-Rev Idle-Timeout: Enabled
Send NAI Extension in Reg-Revocation: Disabled
MIP NAT Traversal: Disabled Force UDP Tunnel: Enabled
Default Subscriber: None
Max Sessions: 500000
Service Status: Started
MN-AAA Auth Policy: Always
MN-HA Auth Policy: Always
IMSI Auth: Disabled
DMU Refresh Key: Disabled
AAA Distributed MIP Keys:Disabled
AAA accounting: Enabled
Idle Timeout Mode: Aggressive
Newcall Policy: None
Overload Policy: Reject (Reject code: Admin Prohibited)
NW-Reachability Policy: Reject (Reject code: Admin Prohibited)
Null-username Policy: Reject
BC Rsp Code for Nw Fail: 0xffff
IP Pool/Group:
Name: n/a
Destination Context: n/a