mipagentconfig(1M)
NAME
mipagentconfig - configure Mobility IP Agent
SYNOPSIS
/sbin/mipagentconfig [-f configfile] command dest [parame-
ters...]
DESCRIPTION
The mipagentconfig utility is used to configure the Mobility
IP Agent. It allows the user to change settings and to add
and delete mobility clients, Pools, and SPIs in the mobility
agent configuration file.
OPTIONS
The following options are supported:
-f configfile
Use the specified configuration file instead of
the system default, /etc/inet/mipagent.conf.
OPERANDS
The command operand, as well as the parameters for each com-
mand are described below. See mipagent.conf(4) for the
default values of the configuration operands described here.
add Depending on the destination dest, this command will
add advertisement parameters, security parameters,
SPIs, or addresses to the configuration file.
add Address ipAddress attr_value
Add the specified ipAddress with the specified
SPI. To add an NAI address, you must specify the
Pool.
add adv device
Enable home and foreign agent functionality on
the specified interface.
add adv device AdvLifetime seconds
Add AdvLifetime to the specified device.
add adv device RegLifetime seconds
Add RegLifetime to the specified device.
add adv device AdvFrequency seconds
Add AdvFrequency to the specified device.
add adv device AdvInitCount count
Add initial unsolicited advertisement count.
count should be a small integer.
add adv device AdvLimitUnsolicited yes | no
Enable limited or unlimited unsolicited adver-
tisements for foreign agent. Accepted values
are:
yes Limit unsolicited advertisement to AdvIn-
itCount initial advertisements.
no Do not limit unsolicited advertisement.
The advertisement should take place
periodically at the frquency specified by
AdvFrequency.
add adv device HomeAgent yes | no
Add the HomeAgent flag to the specified device.
add adv device ForeignAgent yes | no
Add the ForeignAgent flag to the specified dev-
ice.
add adv device PrefixLengthExt yes | no
Add the PrefixLengthExt flag to the specified
device.
add adv device NAIExt yes | no
Add the NAIExt flag to the specified device.
add adv device Challenge yes | no
Add the Challenge flag to the specified device.
add adv device ReverseTunnel no | neither fa ha yes | both
Add the level of ReverseTunnel support indicated
to the specified device. Possible values
include:
no Do not support ReverseTunnel as either a
foreign agent or a home agent on this dev-
ice. Does not advertise reverse tunneling
nor accept a registration requesting
reverse tunnel support on this device.
neither
Do not support ReverseTunnel as either a
foreign agent or a home agent on this dev-
ice. Do not advertise reverse tunneling
nor accept a registration requesting
reverse tunnel support on this device.
fa When the foreign agent processes a regis-
tration request received on this device,
check to see if the mobile node requests
that a reverse tunnel be set up to its
home agent. If so, perform the necessary
encapsulation of datagrams to the mobile
node's home agent as described in RFC
2344. This means that a mobile node must
see the agent advertising reverse tunnel
support, so the reverse tunnel bit is
advertised in the agent advertisement on
this device.
ha When the home agent processes a registra-
tion request received on this device,
check to see if the mobile node requests
that a reverse tunnel be set up from its
care-of address. If so, perform the neces-
sary decapsulation as described in RFC
2344. This does not mean the home agent is
advertising support of reverse tunneling
on this device. Mobile nodes are only
interested in the advertisement flags if
they are going to use foreign agent ser-
vices. Moreover, reverse tunnels by defin-
ition originate at the care-of address,
and HA support is therefore only of
interest to the owner of the care-of
address.
yes Whenever the mobility agent is processing
a registration request received on this
device, check to see if the mobile node is
requesting a reverse tunnel be set up. If
so, apply RFC 2344 as appropriate, either
as an encapsulating foreign agent, or a
decapsulating home agent, depending on how
this mobility agent is servicing the
specific mobile node. As a result, the
mobility agent will be advertising reverse
tunnel support on this device.
both Whenever the mobility agent is processing
a registration request received on this
device, check to see if the mobile node is
requesting a reverse tunnel be set up. If
so, apply RFC 2344 as appropriate, either
as an encapsulating foreign agent, or a
decapsulating home agent, depending on how
this mobility agent is servicing the
specific mobile node. As a result, the
mobility agent will be advertising reverse
tunnel support on this device.
| both yes | both
add adv device ReverseTunnelRequired no | neither fa ha yes
Add the requirement that the ReverseTunnel flag
be set in any registration request received on
the indicated device. Possible values include:
no Reverse tunneling is not required by the
mipagent on this device.
neither
Reverse tunneling is not required by the
mipagent on this device.
fa The ReverseTunnel flag is required to be
set in registration requests received by
the foreign agent on this device.
ha The ReverseTunnel flag is required to be
set in registration requests received by
the home agent on this device.
yes The ReverseTunnel flag is required to be
set in all registration requests received
by either home and or foreign agents on
this device.
both The ReverseTunnel flag is required to be
set in all registration requests received
by either home and or foreign agents on
this device.
add Pool number startAddr length
Add the specified Pool with the specified start
addresses and length.
add SPI number replay Key
Add the specified SPI with the given replay type
and key. The replay type can have a value of
none or timestamps.
add HA-FAAuth yes | no
Add the HA-FAAuth flag.
add MN-FAAuth yes | no
Add the MN-FAAuth flag.
add MaxClockSkew seconds
Add the MaxClockSkew.
add KeyDistribution type
Add the KeyDistribution type. The only value for
KeyDistribution that is supported at this time
is file.
change
Depending on the destination dest, this command will
change advertisement parameters, security parameters,
SPIs, or addresses in the configuration file. Any of
the above destinations are valid.
delete
Depending on the destination dest, this command will
delete advertisement parameters, security parameters,
SPIs, or addresses from the configuration file. Any
destination discussed above is valid.
get Display all of the parameters associated with dest.
Any destination discussed above is valid.
EXAMPLES
Example 1: Adding an SPI, a Pool, and a Mobile Node and
Requiring Reverse Tunneling on a Device to the configfile
The following example adds an SPI, a Pool, a mobile node,
and requires reverse tunneling for the foreign agent in the
configfile. First, the SPI of 250 is added. Then, a Pool of
200 addresses starting at 192.168.168.1 is added.
joe@mobile.com is added with an SPI of 250 and using Pool 1.
Finally, reverse tunneling is required for the foreign agent
on device le0.
example# mipagentconfig add SPI 250 ReplayMethod none
example# mipagentconfig add SPI 250 Key 00ff00ff00ff
example# mipagentconfig add Pool 1 192.168.168.1 200
example# mipagentconfig add Address joe@mobile.com 250 1
example# mipagentconfig add le0 reversetunnel fa
example# mipagentconfig add le0 reversetunnelrequired fa
Example 2: Adding Dynamic Interface Mobility Support on PPP
Interfaces
The following example adds dynamic interface mobility sup-
port on PPP interfaces. The backslash (\) escape character
is used to type in device number *. The example also indi-
cates that all the new ppp interfaces offer reverse tunnel
service.
example# mipagentconfig add ppp reversetunnel yes
example# mipagentconfig add ppp AdvLimitUnsolicited yes
example# mipagentconfig add ppp AdvInitCount 3
example# mipagentconfig add ppp AdvFrequency 1
Example 3: Adding IPsec Policies to an Agent-Peer Entry
The following example adds IPsec policies to an existing
mobility agent entry, then displays the configuration for
the mobility agent peer. The backslash (\) character denotes
a line continuation for the formatting of this example.
example# mipagentconfig add Address 192.168.10.1 \
IPsecRequest apply {auth_algs md5 sa shared}
example# mipagentconfig add Address 192.168.10.1 \
IPsecReply permit {auth_algs md5}
example# mipagentconfig add Address 192.168.10.1 \
IPsecTunnel permit {encr_auth_algs md5 encr_algs 3des}
example# mipagentconfig get Address 192.168.10.1
[Address 192.168.10.1]
Type = agent
SPI = 137
IPsecRequest = apply {auth_algs md5 sa shared}
IPsecReply = permit {auth_algs md5}
IPsecTunnel = \
permit {encr_auth_algs md5 encr_algs 3des}
Example 4: Modifying an SPI
To modify the SPI associated with joe, first, use the com-
mand get to verify the existing settings, then change the
SPI from 250 to 257.
example# mipagentconfig get Address joe@mobile.com
Address: joe@mobile.com
SPI: 250
Pool: 1
example# mipagentconfig change Address joe@mobile.com 257 1
Example 5: Deleting a Pool
Use the following example to delete Pool 3:
example# mipagentconfig delete Pool 3
EXIT STATUS
The following exit values are returned:
0 Successful completion.
non-zero
An error occurred.
FILES
/etc/inet/mipagent.conf
Configuration file for Mobile IP mobility agent.
/etc/inet/mipagent.conf-sample
Sample configuration file for mobility agents.
/etc/inet/mipagent.conf.ha-sample
Sample configuration file for home agent functional-
ity.
/etc/inet/mipagent.conf.fa-sample
Sample configuration file for foreign agent func-
tionality.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWmipu |
|_____________________________|_____________________________|
SEE ALSO
mipagent(1M), mipagent.conf(4), attributes(5)
Montenegro, G., editor. RFC 2334, Reverse Tunneling for
Mobile IP. Network Working Group. May, 1998.
Perkins, C. RFC 2002, IP Mobility Support. Network Working
Group. October 1996.
Man(1) output converted with
man2html