| Skip Navigation Links | |
| Exit Print View | |
|
man pages section 1M: System Administration Commands Oracle Solaris 10 8/11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
man pages section 1M: System Administration Commands Oracle Solaris 10 8/11 Information Library |
- configure Mobility IP Agent
/sbin/mipagentconfig [-f configfile] command dest
[parameters]...The mipagentconfig utility is used to configure the Mobility IP Agent. mipagentconfig allows the user to change settings. The mipagentconfig user can also add and delete mobility clients, Pools, and SPIs in the mobility agent configuration file.
The following options are supported:
Use the specified configuration file instead of the system default, /etc/inet/mipagent.conf.
The command operand, as well as the parameters for each command are described below. See mipagent.conf(4) for the default values of the configuration operands that are described here.
This command adds advertisement parameters, security parameters, SPIs, or addresses to the configuration file, based on the destination dest.
Add the specified ipAddress with the specified SPI. To add an NAI address, you must specify the Pool.
Enable home and foreign agent functionality on the specified interface.
Add AdvLifetime to the specified device.
Add RegLifetime to the specified device.
Add AdvFrequency to the specified device.
Add initial unsolicited advertisement count. count should be a small integer.
Enable limited or unlimited unsolicited advertisements for foreign agent. Accepted values are:
Limit unsolicited advertisement to AdvInitCount initial advertisements.
Do not limit unsolicited advertisement. The advertisement should take place periodically at the frquency specified by AdvFrequency.
Add the HomeAgent flag to the specified device.
Add the ForeignAgent flag to the specified device.
Add the PrefixLengthExt flag to the specified device.
Add the NAIExt flag to the specified device.
Add the Challenge flag to the specified device.
Add the level of ReverseTunnel support that is indicated to the specified device. Possible values include:
Do not support ReverseTunnel as either a foreign agent or a home agent on this device. Does not advertise reverse tunneling nor accept a registration requesting reverse tunnel support on this device.
Do not support ReverseTunnel as either a foreign agent or a home agent on this device. Do not advertise reverse tunneling or accept a registration that requests reverse tunnel support on this device.
When the foreign agent processes a registration request received on this device, check to see if the mobile node requests that a reverse tunnel be set up to its home agent. If so, perform the necessary encapsulation of datagrams to the mobile node's home agent as described in RFC 3024. This means that a mobile node must see the agent advertising reverse tunnel support, so the reverse tunnel bit is advertised in the agent advertisement on this device.
When the home agent processes a registration request received on this device, check to see if the mobile node requests that a reverse tunnel be set up from its care-of address. If so, perform the necessary decapsulation as described in RFC 3024. This does not mean the home agent is advertising support of reverse tunneling on this device. Mobile nodes are only interested in the advertisement flags if mobile nodes are going to use foreign agent services. Moreover, reverse tunnels by definition originate at the care-of address. HA support is therefore only of interest to the owner of the care-of address.
Whenever the mobility agent is processing a registration request received on this device, check to see if the mobile node is requesting that a reverse tunnel be set up. If so, apply RFC 3024 as appropriate, either as an encapsulating foreign agent, or as a decapsulating home agent, depending on how this mobility agent is servicing the specific mobile node. As a result, the mobility agent advertises reverse tunnel support on this device.
Whenever the mobility agent is processing a registration request received on this device, check to see if the mobile node is requesting that a reverse tunnel be set up. If so, apply RFC 3024 as appropriate, either as an encapsulating foreign agent, or a decapsulating home agent, depending on how this mobility agent services the specific mobile node. As a result, the mobility agent advertises reverse tunnel support on this device.
Add the requirement that the ReverseTunnel flag be set in any registration request received on the indicated device. Possible values include:
Reverse tunneling is not required by the mipagent on this device.
Reverse tunneling is not required by the mipagent on this device.
The ReverseTunnel flag is required to be set in registration requests received by the foreign agent on this device.
The ReverseTunnel flag is required to be set in registration requests received by the home agent on this device.
The ReverseTunnel flag is required to be set in all registration requests received by either home and or foreign agents on this device.
The ReverseTunnel flag is required to be set in all registration requests received by either home and or foreign agents on this device.
Add the specified Pool with the specified start addresses and length.
Add the specified SPI with the given replay type and key. The replay type can have a value of none or timestamps.
Add the HA-FAAuth flag.
Add the MN-FAAuth flag.
Add the MaxClockSkew.
Add the KeyDistribution type. The only value for KeyDistribution that is supported at this time is file.
Depending on the destination dest, this command will change advertisement parameters, security parameters, SPIs, or addresses in the configuration file. Any of the above destinations are valid.
Depending on the destination dest, this command will delete advertisement parameters, security parameters, SPIs, or addresses from the configuration file. Any destination discussed above is valid.
Display all of the parameters associated with dest. Any destination discussed above is valid.
Example 1 Adding an SPI, a Pool, and a Mobile Node and Requiring Reverse Tunneling on a Device to the configfile
The following example adds an SPI, a Pool, a mobile node, and requires reverse tunneling for the foreign agent in the configfile. First, the SPI of 250 is added. Then, a Pool of 200 addresses starting at 192.168.168.1 is added. joe@mobile.com is added with an SPI of 250 and using Pool 1. Finally, reverse tunneling is required for the foreign agent on device eri0.
example# mipagentconfig add SPI 250 ReplayMethod none example# mipagentconfig add SPI 250 Key 00ff00ff00ff example# mipagentconfig add Pool 1 192.168.168.1 200 example# mipagentconfig add Address joe@mobile.com 250 1 example# mipagentconfig add adv eri0 reversetunnel fa example# mipagentconfig add adv eri0 reversetunnelrequired fa
Example 2 Adding Dynamic Interface Mobility Support on PPP Interfaces
The following example adds dynamic interface mobility support on PPP interfaces. Note that in some shells the backslash (\) escape character is required to bypass the expansion of the asterix (“*”) and pass the “*” character to mipagentconfig. The example also indicates that all the new PPP interfaces offer reverse tunnel service.
example# mipagentconfig add adv sppp\* reversetunnel yes example# mipagentconfig add adv sppp\* AdvLimitUnsolicited yes example# mipagentconfig add adv sppp\* AdvInitCount 3 example# mipagentconfig add adv sppp\* AdvFrequency 1
Example 3 Adding IPsec Policies to an Agent-Peer Entry
The following example adds IPsec policies to an existing mobility agent entry, then displays the configuration for the mobility agent peer. The backslash (\) character denotes a line continuation for the formatting of this example.
example# mipagentconfig add Address 192.168.10.1 \ IPsecRequest apply {auth_algs md5 sa shared}
example# mipagentconfig add Address 192.168.10.1 \ IPsecReply permit {auth_algs md5}
example# mipagentconfig add Address 192.168.10.1 \ IPsecTunnel permit {encr_auth_algs md5 encr_algs 3des}
example# mipagentconfig get Address 192.168.10.1
[Address 192.168.10.1]
Type = agent
SPI = 137
IPsecRequest = apply {auth_algs md5 sa shared}
IPsecReply = permit {auth_algs md5}
IPsecTunnel = \
permit {encr_auth_algs md5 encr_algs 3des}Example 4 Modifying an SPI
To modify the SPI associated with joe, first, use the command get to verify the existing settings, then change the SPI from 250 to 257.
example# mipagentconfig get Address joe@mobile.com Address: joe@mobile.com SPI: 250 Pool: 1 example# mipagentconfig change Address joe@mobile.com 257 1
Example 5 Deleting a Pool
Use the following example to delete Pool 3:
example# mipagentconfig delete Pool 3
Example 6 Using the mipagentconfig command
Use the following example to delete Pool 3:
example# mipagentconfig delete Pool 3
The following exit values are returned:
Successful completion
An error occurred
Configuration file for Mobile IP mobility agent
Sample configuration file for mobility agents
Sample configuration file for home agent functionality.
Sample configuration file for foreign agent functionality.
See attributes(5) for descriptions of the following attributes:
|
mipagent(1M), mipagent.conf(4), attributes(5)
Montenegro, G., editor. RFC 3024, Reverse Tunneling for Mobile IP, revised. The Internet Society. January, 2001.
Perkins, C. RFC 2002, IP Mobility Support. Network Working Group. October 1996.
|