C H A P T E R 4 Using Service Manager Cisco Mobile Wireless Home Agent is the anchor point for mobile terminals for which mobile or proxy mobile services are provided. The Home Agent maintains mobile user registrations and tunnels packets that are destined for the mobile node to the PDSN or FA. The Home Agent supports reverse tunneling, and can securely tunnel packets to the PDSN by using IPSec.
Chapter 4 Using Service Manager Service Manager Tasks Service Manager Tasks You can use the Service Manager tab to perform these tasks: Table 4-1 Home Agent Service Manager Tasks Option Task Topic Select Group Select a device group Selecting an HA Device Group, page 4-3 Display Config Display HA configuration commands of a device Sync Report Displaying an HA Configuration, page 4-5 Check the latest status of the master Checking Device Status, page 4-7 device and other devices in a group, from R
Chapter 4 Using Service Manager Selecting an HA Device Group Selecting an HA Device Group Before you enable service-activation, you must categorize device entities into a logical group. After you select a group, you can download the service-activation configurations to all the devices in the group. Note All devices in the group must be fully managed and monitored by Resource Manager Essentials (RME). To select a HA device group: Step 1 Choose HA Service Manger > Service Manager > Select Group.
Chapter 4 Using Service Manager Selecting an HA Device Group Step 5 Enter your CiscoWorks password, then click Connect. If you check the Fetch Config check box, this task will take a few minutes to complete. The time depends on the number of devices in the selected group and the size of the configuration. A task status window indicates progress. Step 6 A confirmation window appears, and confirms that this HA device group is selected.
Chapter 4 Using Service Manager Displaying an HA Configuration Displaying an HA Configuration You can view the HA-specific configurations commands of specified devices in the selected group by using the HA Configuration Viewer. To display an HA-specific configuration: Step 1 Choose a device group (Choose Service Manager > Select Group). For more information, see Selecting an HA Device Group, page 4-3. Step 2 Choose Service Manager > Display Config. The Display Config window appears.
Chapter 4 Using Service Manager Generating Sync Reports The HA Config Viewer window displays: Step 4 • Left pane—Displays all the configlets that the configuration comprises. Click any folder to expand the tree and display descendant configlets. Choose any configlet to see the required commands. • Right pane—Displays all the configuration commands corresponding to each configlet in alphanumeric order. Click Close to exit the HA Config Viewer.
Chapter 4 Using Service Manager Generating Sync Reports Using Sync Report Dashboard The Sync Report Dashboard provides the latest status of the master device and other devices in a group, from RME or DCR. It also polls all the devices in the group and creates a Diff report. Checking Device Status When you launch the Sync Report Dashboard, the latest status of the master device from RME or DCR appears automatically.
Chapter 4 Using Service Manager Generating Sync Reports The Sync Report Dashboard window contains: Field Description Master Device Displays the master device of the selected group. Master Device Status Current status of the master device at time T1, where T1 is the time you launch Sync Report Dashboard. A (–) appears by default, which indicates that there are no errors. An appropriate message appears if there are any errors. Report Lists the devices in the group and the color-coded Diff status.
Chapter 4 Using Service Manager Generating Sync Reports Step 5 Click Show Diff to see a detailed comparison. The Sync Report Config Diff Viewer appears. (See Figure 4-4 on page 4-9.
Chapter 4 Using Service Manager Generating Sync Reports Table 4-2 Color Key to the Sync Report Dashboard Color Meaning Green No difference exists. The configlets of the master and selected devices are the same. The Show Diff button will be disabled. Yellow A difference exists. The configlets of the master and selected devices are dissimilar. Click Show Diff to see a detailed comparison. Note The Show Diff button is enabled only for devices shown in yellow. Red The device is not reachable.
Chapter 4 Using Service Manager Generating Sync Reports Comparing the Configurations of Two Devices To display the differences in HA-specific configurations between any two devices of the group: Step 1 Choose Service Manager > Sync Report > Compare Config. The Sync Report window appears. Step 2 Choose the devices that you want to compare from the drop-down lists for Device1 and Device2. Step 3 Click Compare. The Sync Report Config Diff Viewer appears. (See Figure 4-4 on page 4-9.
Chapter 4 Using Service Manager Activating Services on HA Devices Activating Services on HA Devices You can use the HA Service Manager to manage and activate services on the Home Agent devices in the selected device groups.
Chapter 4 Using Service Manager Activating Services on HA Devices Step 4 From the Local IP Pool dialog box, you can: • Click Execute without selecting a group to create a new local IP pool. • Choose a pool and: – Click Execute to modify its configuration. – Click List to see its current configuration. – Click Delete. to delete it. You can also delete one or more pools at the same time. When you select one or more pools, the Execute and List buttons will be disabled.
Chapter 4 Using Service Manager Activating Services on HA Devices Field Description Cache-Size (Optional) Specify the number of IP address entries on the free list that the system checks before assigning a new IP address. The range is from 0 to 100, and the default is 20. Local IP Pool Group (Optional) Specify a pool group to associate it with the local IP address pool. You can associate an IP address pool with only one group.
Chapter 4 Using Service Manager Activating Services on HA Devices Viewing Job Details You can learn more about any job by viewing its details. The Job Details window appears (Figure 4-5 on page 4-15), and displays the day, date, and time details in the header at the top of the report. The Job ID and the Status appear in the header of the report.
Chapter 4 Using Service Manager Activating Services on HA Devices The left pane contains: • Job Details—Expand this folder to display Execution Summary and Device Details for the scheduled job. • Execution Summary—Click this folder to view the following information for the job. – Execution Summary—Displays the status, start time, and end time of the job.
Chapter 4 Using Service Manager Activating Services on HA Devices Working With Virtual Networks You can support mobility of a Mobile Node (MN) beyond the bounds of a physical home network by defining virtual networks on the Home Agent. The virtual network acts like a home network when you associate a mobile node with it. When using virtual networks, the MN is always considered roaming; it can never be attached to its home network.
Chapter 4 Using Service Manager Activating Services on HA Devices Configuring Virtual Networks If you intend to support roaming for mobile devices without having a physical home location, you must identify the subnets for which to allow this service and place these virtual networks appropriately within your network on the HA. You can configure virtual networks using a Virtual Network wizard. To launch the Virtual Network wizard: Step 1 Choose a device group (Choose Service Manager > Select Group).
Chapter 4 Using Service Manager Activating Services on HA Devices Step 7 Perform one of these actions: • Click Finish to complete the configuration. HA SM schedules a new job. A notification message displays the Job ID. After the job completes, you can view the details of the job in the Job Details window. See Viewing Job Details, page 4-15, for more information on the job details. • Click Cancel to exit the wizard. • Click Back to edit the configuration.
Chapter 4 Using Service Manager Activating Services on HA Devices The Home Address Assignment–With NAI dialog box displays a list of all the hosts, which are configured with an NAI, in the selected group. It contains: Field Description NAI String Specifies the network access identifier. The NAI can be a unique identifier (username@realm) or a group identifier (realm). Home Link Specifies either: • Interface to which the mobile node belongs. • Virtual network in which the mobile node resides.
Chapter 4 Using Service Manager Activating Services on HA Devices The first window of the Home Address Assignment–With NAI wizard contains: Field Description Mobile Station Identifier NAI String Network access identifier. The NAI can be a unique identifier (username@realm) or a group identifier (@realm). Mobile Node IP Address Authorized Static Address You can assign static or dynamic home addresses.
Chapter 4 Using Service Manager Activating Services on HA Devices Field Description Security Associations on AAA (Optional) When you check this check box, the Home Agent retrieves security associations from a AAA (TACACS+ or RADIUS) server. Download Security Associations (Optional) Check this check box to download security associations from an AAA server. Cache Security Associations (Optional) Check this check box to store security associations in memory after retrieval.
Chapter 4 Using Service Manager Activating Services on HA Devices • Click Close to close this window. If you do not save the batch file, a message prompts you to save it. Click OK to save and Cancel to exit the window. Step 6 Perform one of these actions: • Click Finish to complete the configuration. HA SM schedules a new job. A notification message displays the Job ID. After the job completes, you can view the details of the job in the Job Details window.
Chapter 4 Using Service Manager Activating Services on HA Devices – Click List to see its current configuration. – Click Delete to delete it. You can also delete one or more hosts at the same time. When you select one or more hosts, the Execute and List buttons will be disabled. For more information, see Configuring Home Addresses Without NAI, page 4-24.
Chapter 4 Using Service Manager Activating Services on HA Devices Field Description Interface Click the Interface radio button to specify the interface to which the mobile node belongs. Click Fetch to select an interface from a list. A popup appears with a list of interface types. Choose an interface type and click Select. Virtual Network Address Click the Virtual Network radio button to specify the virtual network in which the mobile node resides.
Chapter 4 Using Service Manager Activating Services on HA Devices Step 7 Perform one of these actions: • Click Finish to complete the configuration. HA SM schedules a new job. A notification message displays the Job ID. After the job completes, you can view the details of the job in the Job Details window. See Viewing Job Details, page 4-15, for more information on the job details. • Click Cancel to exit the wizard. • Click Back to edit the configuration.
Chapter 4 Using Service Manager Activating Services on HA Devices The Home Agent Security Associations dialog box displays a list of configured security associations for the mobile node, Home Agent, or Foreign Agent, in the selected group. It contains: Field Description Peer Type Specifies the peer type. It can be one of the following: • Host • Home Agent • Foreign Agent Peer Identity Specifies the NAI string or the home IP address of the mobile node.
Chapter 4 Using Service Manager Activating Services on HA Devices The first window of the Security Associations wizard contains: Field Description Peer Type Choose a peer type from the drop-down list. It can be one of the following: • Host • Home Agent • Foreign Agent Mobile Node Identity Click the IP Address or Host NAI String radio button to specify the NAI string or the home IP address of the mobile node.
Chapter 4 Using Service Manager Activating Services on HA Devices Field Description Replay Time Stamp Specify the replay protection time stamp (in seconds) to protect the registration packets from replay attacks. The time stamp validates the incoming packets to ensure that they are not being replayed by a hacker. The time stamp allows the sender and receiver to be synchronized. The range is from 1 to 255.
Chapter 4 Using Service Manager Activating Services on HA Devices • Click Cancel to exit the wizard. • Click Back to edit the configuration. VRF Support on HA Mobile nodes can share a common IP address across different realms on the same Home Agent. This feature is based on the Multi-VPN Routing and Forwarding (VRF) Customer Edge (CE) network architecture to support multiple VPNs (and, therefore, multiple customers) per Customer Edge (CE) device.
Chapter 4 Using Service Manager Activating Services on HA Devices When you select one or more VRF configurations, the Execute and List buttons will be disabled. For more information, see Configuring VRF Support on HA Devices, page 4-31. Configuring VRF Support on HA Devices You can configure VRF support on home agent devices by using the Home Agent VRF Configuration wizard. To launch the Home Agent VRF Configuration wizard: Step 1 Choose a device group (Choose Service Manager > Select Group).
Chapter 4 Using Service Manager Activating Services on HA Devices Click any column heading to sort the list. Step 4 Enter the information and click Next. The HA-VRF Configurations window displays the generated configuration commands. Step 5 Click Add To Batch to execute the configuration in a batch mode if you do not want to download them immediately. The Batch Mode window appears. You must leave the Batch Mode window open to add multiple service-activation commands to the same batch.
Chapter 4 Using Service Manager Activating Services on HA Devices VRF Definition Dialog Box Field Descriptions When you click Define in the VRF for Realm pane, the VRF Definition dialog box appears. You can use this dialog box to configure a new VRF routing table from this dialog box. It displays: Field Description VRF Info Instance Name Specifies a unique name by which to identify the VRF for a specific group. Description Describes the VRF.
Chapter 4 Using Service Manager Activating Services on HA Devices Hot-Lining You use the Hot-lining feature to monitor upstream user traffic by using two different scenarios: active and new session. When Hot-lining is active for a particular user, the upstream IP packets from the mobile are re-directed to the redirect server that is configured for this particular realm. This is achieved by changing the IP packet destination address to the redirect server address.
Chapter 4 Using Service Manager Activating Services on HA Devices Enabling Hot-Lining You can configure hot-lining on home agent devices by using the Hot Lining wizard. To launch the Hot Lining wizard: Step 1 Choose a device group (Choose Service Manager > Select Group). See Selecting an HA Device Group, page 4-3. Step 2 Choose HA Service Manager > Service Activation > Hot Lining. The Hot Lining dialog box displays a list of Hot-lining configured realms, in the selected device group.
Chapter 4 Using Service Manager Managing Batch Configurations • Click Cancel to exit the wizard. • Click Back to edit the configuration. Managing Batch Configurations You can use HA Service Manager to apply multiple service-activation configurations to the device by using batch mode. You can save the generated configuration commands and download them later. Use the Batch Config function to manage batch configurations. You can display, start, or delete the batch configurations.
Chapter 4 Using Service Manager Managing Batch Configurations Starting a Batch Configuration To start a batch job: Step 1 Choose Service Manager > Batch Config. In the Batch Config window, select a batch configuration from the list. The Batch Config display appears. Step 2 Click Open to display the contents of the job file. Step 3 Click Download. .
Chapter 4 Using Service Manager Managing Batch Configurations User Guide for Cisco Home Agent Service Manager 4-38 OL-6918-01
