Руководство По Устранению Ошибки для Cisco Cisco Packet Data Gateway (PDG)
GGSN and Mobile IP Service in a Single System Configuration Example
Using the System as Both a GGSN/FA and an HA ▀
Cisco ASR 5000 Series Gateway GPRS Support Node Administration Guide ▄
OL-22944-01
Required Information
Description
Mobile node re-registration
requirements
requirements
Specifies how the system should handle authentication for mobile node re-registrations.
The FA service can be configured to always require authentication or not. If not, the initial
registration and de-registration will still be handled normally.
registration and de-registration will still be handled normally.
HA service Configuration
HA service name
This is an identification string between 1 and 63 characters (alpha and/or numeric) by which the HA
service will be recognized by the system.
service will be recognized by the system.
Multiple names are needed if multiple HA services will be used.
HA services are configured in the destination context.
HA services are configured in the destination context.
UDP port number for
Mobile IP traffic
Mobile IP traffic
Specifies the port used by the HA service and the FA for communications. The UDP port number
can be any integer value between 1 and 65535. The default value is 434.
can be any integer value between 1 and 65535. The default value is 434.
Mobile node re-registration
requirements
requirements
Specifies how the system should handle authentication for mobile node re-registrations.The HA
service can be configured as follows:
service can be configured as follows:
Always require authentication
Never require authentication
NOTE: The initial registration and de-registration will still be handled normally)
Never look for mn-aaa extension
Not require authentication but will authenticate if mn-aaa extension present.
FA-to-HA Security
Parameter Index
Information
Parameter Index
Information
FA IP address: The HA service allows the creation of a security profile that can be associated with
a particular FA.
a particular FA.
This specifies the IP address of the FA that the HA service will be communicating with.
Multiple FA addresses are needed if the HA will be communicating with multiple FAs.
Multiple FA addresses are needed if the HA will be communicating with multiple FAs.
Index: Specifies the shared SPI between the HA service and a particular FA. The SPI can be
configured to any integer value between 256 and 4294967295.
configured to any integer value between 256 and 4294967295.
Multiple SPIs can be configured if the HA service is to communicate with multiple FAs.
Secret: Specifies the shared SPI secret between the HA service and the FA. The secret can be
between 1 and 127 characters (alpha and/or numeric).
between 1 and 127 characters (alpha and/or numeric).
An SPI secret is required for each SPI configured.
Hash-algorithm: Specifies the algorithm used to hash the SPI and SPI secret. The possible
algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The
default algorithm is hmac-md5.
algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The
default algorithm is hmac-md5.
A hash-algorithm is required for each SPI configured.
Mobile Node Security
Parameter Index
Information
Parameter Index
Information
Index: Specifies the shared SPI between the HA service and a particular FA. The SPI can be
configured to any integer value between 256 and 4294967295.
configured to any integer value between 256 and 4294967295.
Multiple SPIs can be configured if the HA service is to communicate with multiple FAs.
Secret: Specifies the shared SPI secret between the HA service and the FA. The secret can be
between 1 and 127 characters (alpha and/or numeric).
between 1 and 127 characters (alpha and/or numeric).
An SPI secret is required for each SPI configured.
Hash-algorithm: Specifies the algorithm used to hash the SPI and SPI secret. The possible
algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The
default algorithm is hmac-md5.
algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The
default algorithm is hmac-md5.
A hash-algorithm is required for each SPI configured.