Proxy Mobile IP implementation on Cisco Aironet products is intended to
provide Mobile IP functionality on behalf of the roaming mobile devices
. Proxy Mobile IP
has four main phases
. It
supports mobility in the IP infrastructure, allowing users to keep the same IP
address and maintain ongoing applications while roaming between IP networks.
The roaming individual could continue communication without sessions or
connections being dropped. This Proxy Mobile IP functionality is provided
without the need for any Mobile IP-capable software running on the devices.
Mixing Proxy Mobile IP configuration on VLANs is not supported at this time.
From the Services > Proxy Mobile IP page, Proxy Mobile IP can
be enabled only if the device is not in repeater mode
. Enable Proxy
Mobile IP on all interfaces and enable at least one SSID. If proxy Mobile IP is
disabled, the entire Proxy Mobile IP configuration is cleared, including the
security parameter index (SPI) and key entries.
An authoritative access point (AAP) must be specified in order to use the
Proxy Mobile IP feature. These AAPs keep track of the home agent information on
all of the mobile devices. They keep the latest subnet map table, which maps
client IP addresses to home agent addresses. This information is needed to
activate the Proxy Mobile IP functionality.
An AP sends packets with the
subnet and home agent information to the AAP. The AAP distributes this
information (in the form of a table) to all the access points participating in
the PMIP network. By having this information local, the AP can do a faster
lookup for the home agent information when a foreign mobile device roams into
the network. If an AP is unreachable during this update process, the AAP
retries. If the retry fails, the next configured AAP is tried. It is important
to have more than one AAP in the system so the subnet map table information is
not lost if an AAP goes down. To rebuild the subnet table, either reboot all
the access points or clear the subnet map table from each one.
From the
SA Binding page, a security association must be specified for the mobile
device in order to use Proxy Mobile IP
,
. The security
association can be specified locally on the AP with this screen or can be
specified externally on the RADIUS server.
All potential mobile devices
and their corresponding home agents must have security associations. The
security association can be configured locally using this page or through an
authentication, authorization, and accounting (AAA) server (configured on the
Security/Server Manager screen). Security associations are used to
authenticate the mobile client in Proxy Mobile IP messages to the home agent.
If the AAA server is configured with the SA bindings, nothing must be
configured on this page. If the SA bindings are configured locally, enter
security association information for either one IP or a range of IP addresses
on this page.
Each AP keeps a subnet table that consists of a list of
home agent IP addresses and their subnet masks. When a mobile device associates
to an AP and has roamed into a foreign network, the AP performs a lookup on the
subnet map table. The AP proceeds with the registration process.
From
the Proxy Mobile IP > Subnet Table page, click Refresh if the subnet
table displayed appears out of date
.
The Home
Agent field indicates the router on the home network serving as the anchor
point for communication with the AP. It transports packets from a device on the
Internet to the roaming mobile device. The mobility binding and visitor entry
of the home agent is updated during re-registration. If registration is denied,
the AP makes the necessary adjustments and attempts to register again. For
example, if the registration is denied because of time mismatch, and the home
agent sent back its time stamp for synchronization, the AP adjusts the time
stamp in future registration requests. The Mask field indicates the subnet mask
to identify the subnetwork so the IP address can be recognized by the LAN.
Proxy Mobile IP can be monitored from the Proxy Mobile IP Statistics
page
.