user manual
6-10
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 6 Configuring Proxy Mobile IP
Introduction to Mobility in IP
When a client device associates to an access point and the access point determines that the client is
visiting from another network, the access point performs a longest-match lookup on its subnet map table
and obtains the home agent address for the visiting client. When the access point has the home agent
address, it can proceed to the registration step.
Registration
The access point is configured with the mobility security association of all potential visiting clients with
their corresponding home agents. You can enter the mobility security association information locally on
the access point or on a RADIUS server on your network, and access points with proxy Mobile IP
enabled can access it there.
As an access point on a network with a local home agent, the access point registers mobile nodes with
the home agent prior to any roaming taking place. Mobile nodes must be listed by IP address (or address
range) in the access point and the home agent along with security information stored either locally, on a
AAA server, or both.
On the foreign network, the access point uses the security association information, the visiting client’s
IP address, and the information that it learns from the foreign agent advertisements to form a Mobile IP
registration request on behalf of the visiting client. It sends the registration request to the visiting client’s
home agent through the foreign agent. The foreign agent checks the validity of the registration request,
which includes verifying that the requested lifetime does not exceed its limitations and that the requested
tunnel encapsulation is available. If the registration request is valid, the foreign agent relays the request
to the home agent.
The home agent checks the validity of the registration request, which includes authentication of the
visiting client. If the registration request is valid, the home agent creates a mobility binding (an
association of the visiting client with its care-of address), a tunnel to the care-of address, and a routing
entry for forwarding packets to the home address through the tunnel.
The home agent then sends a registration reply to the access point hosting the visiting client through the
foreign agent (because the registration request was received through the foreign agent). The foreign
agent verifies the validity of the registration reply, including ensuring that an associated registration
request exists in its pending list. If the registration reply is valid, the foreign agent adds the visiting client
to its visitor list, establishes a tunnel to the home agent, and creates a routing entry for forwarding
packets to the home address. It then relays the registration reply to the visiting client.
Finally, the access point checks the validity of the registration reply. If the registration reply specifies
that the registration is accepted, the access point is able to confirm that the mobility agents are aware of
the visiting client's roaming. Subsequently, the access point intercepts all packets from the visiting client
and sends them to the foreign agent.
The access point reregisters on behalf of the visiting client before its registration lifetime expires. The
home agent and foreign agent update their mobility binding and visitor entry, respectively, during
reregistration.
A successful Mobile IP registration by the access point on behalf of the visiting client sets up the routing
mechanism for transporting packets to and from the visiting client as it roams.
Tunneling
The visiting client sends packets using its home IP address, effectively maintaining the appearance that
it is always on its home network. Even while the visiting client is roaming on foreign networks, its
movements are transparent to correspondent nodes (other devices with which the visiting client
communicates).