Manualshelf

Mobile IPv4 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
71727374757677787980
Configuring and Administering Home and Foreign Agents
Configuring a Home Agent
Chapter 6
55
Step 4: Configure Security Information about Non-AAA Mobile
Nodes and Route Optimization (configure node)
If you have non-AAA Mobile Node clients, use the mipconfig configure node
command to configure security information about non-AAA Mobile Nodes. The Home
Agent will use this information to authenticate Registration Requests from non-AAA
Mobile Nodes.
In addition, use the configure node command to configure security information for
Correspondent Nodes that will use route optimization. The Home Agents and
Correspondent Nodes will use this information to authenticate route optimization
messages.
Use the following configure node command syntax:
c[onfigure] n[ode]
ip_addr
-spi
spi
[-algo
algorithm
] -key
key
Where:
ip_addr
is the IP address of the non-AAA Mobile Node or Correspondent Node using
route optimization.
spi
is the Security Parameters Index (SPI), a number used to identify the Security
Association (SA) between the Home Agent and the Mobile Node or Correspondent Node.
The SPI does not have to be unique on the Home Agent, and must match the SPI
configured on the Mobile Node or Correspondent Node.
Acceptable Values: 256 to 2147483647 (integer).
algorithm
is the cryptographic algorithm mipd uses to authenticate the messages
exchanged with the MobileNode or Correspondent Node. This must match the algorithm
used by the Mobile Node or Correspondent Node.
Acceptable Values: md5 (keyed Message Digest 5, MD5) or hmac-md5 (Hashed Message
Authentication Code with MD5). Keyed MD5 is considered vulnerable to attack by the
cryptographic community. HP recommends that you use MD5 only if the Mobile Node
does not support HMAC-MD5. If you do not specify the algo option, mipconfig will use
hmac-md5.
key
is the cryptographic key used by the authentication algorithm. The key must match
the key configured on the Mobile Node or Correspondent Node.
Acceptable Values:
r[andom]: mipconfig will generate and display a random key for you.
a 128-bit key specified as a sequence of 16 two-digit hexadecimal values separated by
spaces.
Examples:
mipconfig> configure node 15.3.3.3 -spi 1025 -key r
mipconfig> configure node 15.2.2.2 -spi 1024 -algo md5 -key 11 22 \
33 44 55 66 77 88 99 00 11 22 33 44 55 66
You can also omit all options and mipconfig will prompt you for each option value. For
more information on the configure node command, refer to “configure node” on
page 130.