mipagentconfig(1M) System Administration Commands mipagentconfig(1M)NAMEmipagentconfig - configure Mobility IP Agent
SYNOPSIS
/sbin/mipagentconfig [-f configfile] command dest [parameters...]
DESCRIPTION
The mipagentconfig utility is used to configure the Mobility IP Agent.
mipagentconfig allows the user to change settings. The mipagentconfig
user can also add and delete mobility clients, Pools, and SPIs in the
mobility agent configuration file.
OPTIONS
The following options are supported:
-f configfile
Use the specified configuration file instead of the system default,
/etc/inet/mipagent.conf.
OPERANDS
The command operand, as well as the parameters for each command are
described below. See mipagent.conf(4) for the default values of the
configuration operands that are described here.
add
This command adds advertisement parameters, security parameters,
SPIs, or addresses to the configuration file, based on the destina‐
tion dest.
add Address ipAddress attr_value
Add the specified ipAddress with the specified SPI. To add an
NAI address, you must specify the Pool.
add adv device
Enable home and foreign agent functionality on the specified
interface.
add adv device AdvLifetime seconds
Add AdvLifetime to the specified device.
add adv device RegLifetime seconds
Add RegLifetime to the specified device.
add adv device AdvFrequency seconds
Add AdvFrequency to the specified device.
add adv device AdvInitCount count
Add initial unsolicited advertisement count. count should be a
small integer.
add adv device AdvLimitUnsolicited yes | no
Enable limited or unlimited unsolicited advertisements for for‐
eign agent. Accepted values are:
yes
Limit unsolicited advertisement to AdvInitCount initial
advertisements.
no
Do not limit unsolicited advertisement. The advertisement
should take place periodically at the frquency specified by
AdvFrequency.
add adv device HomeAgent yes | no
Add the HomeAgent flag to the specified device.
add adv device ForeignAgent yes | no
Add the ForeignAgent flag to the specified device.
add adv device PrefixLengthExt yes | no
Add the PrefixLengthExt flag to the specified device.
add adv device NAIExt yes | no
Add the NAIExt flag to the specified device.
add adv device Challenge yes | no
Add the Challenge flag to the specified device.
add adv device ReverseTunnel no | neither fa ha yes | both
Add the level of ReverseTunnel support that is indicated to the
specified device. Possible values include:
no
Do not support ReverseTunnel as either a foreign agent or a
home agent on this device. Does not advertise reverse tun‐
neling nor accept a registration requesting reverse tunnel
support on this device.
neither
Do not support ReverseTunnel as either a foreign agent or a
home agent on this device. Do not advertise reverse tunnel‐
ing or accept a registration that requests reverse tunnel
support on this device.
fa
When the foreign agent processes a registration request
received on this device, check to see if the mobile node
requests that a reverse tunnel be set up to its home agent.
If so, perform the necessary encapsulation of datagrams to
the mobile node's home agent as described in RFC 3024. This
means that a mobile node must see the agent advertising
reverse tunnel support, so the reverse tunnel bit is adver‐
tised in the agent advertisement on this device.
ha
When the home agent processes a registration request
received on this device, check to see if the mobile node
requests that a reverse tunnel be set up from its care-of
address. If so, perform the necessary decapsulation as
described in RFC 3024. This does not mean the home agent is
advertising support of reverse tunneling on this device.
Mobile nodes are only interested in the advertisement flags
if mobile nodes are going to use foreign agent services.
Moreover, reverse tunnels by definition originate at the
care-of address. HA support is therefore only of interest
to the owner of the care-of address.
yes
Whenever the mobility agent is processing a registration
request received on this device, check to see if the mobile
node is requesting that a reverse tunnel be set up. If so,
apply RFC 3024 as appropriate, either as an encapsulating
foreign agent, or as a decapsulating home agent, depending
on how this mobility agent is servicing the specific mobile
node. As a result, the mobility agent advertises reverse
tunnel support on this device.
both
Whenever the mobility agent is processing a registration
request received on this device, check to see if the mobile
node is requesting that a reverse tunnel be set up. If so,
apply RFC 3024 as appropriate, either as an encapsulating
foreign agent, or a decapsulating home agent, depending on
how this mobility agent services the specific mobile node.
As a result, the mobility agent advertises reverse tunnel
support on this device.
add adv device ReverseTunnelRequired no | neither fa ha yes | both
yes | both
Add the requirement that the ReverseTunnel flag be set in any
registration request received on the indicated device. Possible
values include:
no
Reverse tunneling is not required by the mipagent on this
device.
neither
Reverse tunneling is not required by the mipagent on this
device.
fa
The ReverseTunnel flag is required to be set in registra‐
tion requests received by the foreign agent on this device.
ha
The ReverseTunnel flag is required to be set in registra‐
tion requests received by the home agent on this device.
yes
The ReverseTunnel flag is required to be set in all regis‐
tration requests received by either home and or foreign
agents on this device.
both
The ReverseTunnel flag is required to be set in all regis‐
tration requests received by either home and or foreign
agents on this device.
add Pool number startAddr length
Add the specified Pool with the specified start addresses and
length.
add SPI number replay Key
Add the specified SPI with the given replay type and key. The
replay type can have a value of none or timestamps.
add HA-FAAuth yes | no
Add the HA-FAAuth flag.
add MN-FAAuth yes | no
Add the MN-FAAuth flag.
add MaxClockSkew seconds
Add the MaxClockSkew.
add KeyDistribution type
Add the KeyDistribution type. The only value for KeyDistribu‐
tion that is supported at this time is file.
change
Depending on the destination dest, this command will change adver‐
tisement parameters, security parameters, SPIs, or addresses in the
configuration file. Any of the above destinations are valid.
delete
Depending on the destination dest, this command will delete adver‐
tisement parameters, security parameters, SPIs, or addresses from
the configuration file. Any destination discussed above is valid.
get
Display all of the parameters associated with dest. Any destination
discussed above is valid.
EXAMPLES
Example 1: Adding an SPI, a Pool, and a Mobile Node and Requiring
Reverse Tunneling on a Device to the configfile
The following example adds an SPI, a Pool, a mobile node, and requires
reverse tunneling for the foreign agent in the configfile. First, the
SPI of 250 is added. Then, a Pool of 200 addresses starting at
192.168.168.1 is added. joe@mobile.com is added with an SPI of 250 and
using Pool 1. Finally, reverse tunneling is required for the foreign
agent on device eri0.
example# mipagentconfig add SPI 250 ReplayMethod none
example# mipagentconfig add SPI 250 Key 00ff00ff00ff
example# mipagentconfig add Pool 1 192.168.168.1 200
example# mipagentconfig add Address joe@mobile.com 250 1
example# mipagentconfig add adv eri0 reversetunnel fa
example# mipagentconfig add adv eri0 reversetunnelrequired fa
Example 2: Adding Dynamic Interface Mobility Support on PPP Interfaces
The following example adds dynamic interface mobility support on PPP
interfaces. Note that in some shells the backslash (\) escape character
is required to bypass the expansion of the asterix ("*") and pass the
"*" character to mipagentconfig. The example also indicates that all
the new PPP interfaces offer reverse tunnel service.
example# mipagentconfig add adv sppp\* reversetunnel yes
example# mipagentconfig add adv sppp\* AdvLimitUnsolicited yes
example# mipagentconfig add adv sppp\* AdvInitCount 3
example# mipagentconfig add adv sppp\* AdvFrequency 1
Example 3: Adding IPsec Policies to an Agent-Peer Entry
The following example adds IPsec policies to an existing mobility agent
entry, then displays the configuration for the mobility agent peer. The
backslash (\) character denotes a line continuation for the formatting
of this example.
example# mipagentconfig add Address 192.168.10.1 \
IPsecRequest apply {auth_algs md5 sa shared}
example# mipagentconfig add Address 192.168.10.1 \
IPsecReply permit {auth_algs md5}
example# mipagentconfig add Address 192.168.10.1 \
IPsecTunnel permit {encr_auth_algs md5 encr_algs 3des}
example# mipagentconfig get Address 192.168.10.1
[Address 192.168.10.1]
Type = agent
SPI = 137
IPsecRequest = apply {auth_algs md5 sa shared}
IPsecReply = permit {auth_algs md5}
IPsecTunnel = \
permit {encr_auth_algs md5 encr_algs 3des}
Example 4: Modifying an SPI
To modify the SPI associated with joe, first, use the command get to
verify the existing settings, then change the SPI from 250 to 257.
example# mipagentconfig get Address joe@mobile.com
Address: joe@mobile.com
SPI: 250
Pool: 1
example# mipagentconfig change Address joe@mobile.com 257 1
Example 5: Deleting a Pool
Use the following example to delete Pool 3:
example# mipagentconfig delete Pool 3
Example 6: Using the mipagentconfig command
Use the following example to delete Pool 3:
example# mipagentconfig delete Pool 3
EXIT STATUS
The following exit values are returned:
0
Successful completion
non-zero
An error occurred
FILES
/etc/inet/mipagent.conf
Configuration file for Mobile IP mobility agent
/etc/inet/mipagent.conf-sample
Sample configuration file for mobility agents
/etc/inet/mipagent.conf.ha-sample
Sample configuration file for home agent functionality.
/etc/inet/mipagent.conf.fa-sample
Sample configuration file for foreign agent functionality.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWmipu │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOmipagent(1M), mipagent.conf(4), attributes(5)
Montenegro, G., editor. RFC 3024, Reverse Tunneling for Mobile IP,
revised. The Internet Society. January, 2001.
Perkins, C. RFC 2002, IP Mobility Support. Network Working Group. Octo‐
ber 1996.
SunOS 5.10 8 Oct 2003 mipagentconfig(1M)
