JUNOSe 9.1.x IP Services Configuration Guide > Configuring the Mobile IP Home Agent > Monitoring the Mobile IP Home Agent

Monitoring the Mobile IP Home Agent

Use the commands described in this section to set a statistics baseline, remove the binding table, and verify the configuration of the Mobile IP home agent on a virtual router.

baseline ip mobile home-agent

• Use to set a statistics baseline for a specified Mobile IP home agent.
• Example

host1#baseline ip mobile home-agent

• There is no no version.

clear ip mobile binding

• Use to remove the binding table in the specified virtual router or a specified binding by the mobile node home address or NAI.
• Example

host1#clear ip mobile binding nai john@yahoo.com 

• There is no no version.

show ip mobile binding

• Use to display the binding table information of the home agent in the virtual router.
• Field descriptions

• MN-NAI—Network access identifier of the mobile node in user@realm, @realm, or @ format
• AAA-NAI—Network access identifier returned from the AAA server in user@realm, @realm, or @ format
• Home IP address—IP address of the mobile node
• Home agent address—IP address of the home agent
• Care-of-address—IP address of the foreign agent care-of address or co-located care-of address
• Lifetime granted—Interval, in hh:mm:sec format, granted during registration before which the registration request exceeds the home agent configured time
• Lifetime remaining—Remaining interval, in hh:mm:sec format, at which the registration request exceeds the home agent configured time
• Tunnel—Configuration information provided while setting up the tunnel between the foreign agent and the home agent
• Reverse tunnel—Whether reverse tunneling is enabled or disabled

• Example

host1#show ip mobile binding 

     MN-NAI:  jr@zoom.com

     AAA-NAI: user@zoom.com

     Home IP address:  55.0.0.5  

     Home agent address:  66.0.0.5  

     Care-of-address:  72.1.1.15

     Lifetime granted :  10:00:00 (36000 seconds)

     Lifetime remaining :  01:46:32 

     Tunnel:   Source  66.0.0.5,  Destination 72.1.1.15,  Encapsulation GRE

     Reverse tunnel: enabled

show ip mobile home-agent

• Use to display the configuration information of the home agent in the virtual router.
• Field descriptions

• Access list name—Name of the access control list applied to the care-of address that restricts access for foreign agents or networks
• Registration lifetime (in seconds)—Number of seconds before which the registration requests are established
• Replay protection time (in seconds)—Number of seconds before which a registration request can exceed the home agent configured time value
• Reverse tunnel—Whether reverse tunneling is enabled or disabled

• Example

host1#show ip mobile home-agent 

Home Agent Parameters

Access list name                        ---

Registration lifetime   (in seconds)    36000

Replay protection time  (in seconds)    7

Reverse tunnel                          enabled

show ip mobile host

• Use to display configuration of all or specified mobile nodes or domain users.
• Field descriptions

• MN-NAI—Network access identifier of the mobile node in user@realm, @realm, or @ format
• Home IP address—IP address of the mobile node
• Lifetime—Number of seconds the registration request is active for a mobile node
• Care-Of-Access—Name of the ACL applied to the care-of address to restrict network roaming
• Aaa-Configured—Whether AAA server is configured or not

• Example 1

host1#show ip mobile host 

                    Home

    MN-NAI        IP address     Lifetime   Care-Of-Access   Aaa-Configured

--------------   -------------   --------   --------------   --------------

@warner.com           ---           36000   ---                    no

@yahoo.com            ---             ---   ---                   yes

pj@juniper.net        ---             100   ---                    no

pm@juniper.net        ---             500   ---                    no

• Example 2

host1#show ip mobile host nai @warner.com

              Home IP

  MN-NAI      address   Lifetime   Care-Of-Access   Aaa-Configured

-----------   -------   --------   --------------   --------------

@warner.com     ---        36000   ---                    no

show ip mobile profile

• Use to display the interface profile name associated with the home agent.
• Field descriptions

• Mobile IP profile is—Name of the interface profile name associated with the home agent

• Example

host1#show ip mobile profile 

Mobile IP profile is: mobileIpProfile

show ip mobile secure foreign-agent

• Use to display the security associations configured for all foreign agents on the virtual router.
• Field descriptions

• IP address—IP address of foreign agent
• SPI—Security parameter index (SPI) key for authenticating registration requests
• Algorithm—Algorithm (hmac-md5 or keyed-md5) for authenticating Mobile IP messages
• Replay—Interval, in seconds, before which the registration request exceeds the home agent configured time
• Key—128-bit hexadecimal number for authenticating the security association.

• Example

host1#show ip mobile secure foreign-agent

IP address        SPI         Algorithm   Replay     Key

----------   --------------   ---------   ------   -------

10.10.10.1   628 ( 0x274 )    hmac-md5    ---      secret

20.20.20.1   628 ( 0x274 )    hmac-md5    255      secret

30.30.30.1   628 ( 0x274 )    hmac-md5    255      secret

show ip mobile secure host

• Use to display the security associations configured on all mobile node hosts in the virtual router.
• Field descriptions

• MN-NAI—Network access identifier of the mobile node in user@realm, @realm, or @ format
• Home IP address—IP address of the mobile node host
• SPI—Security parameter index (SPI) key for authenticating registration requests
• Algorithm—Algorithm (hmac-md5 or keyed-md5) for authenticating Mobile IP messages
• Replay—Interval, in seconds, before which the registration request exceeds the home agent configured time
• Key—128-bit hexadecimal number for authenticating the security association

• Example

host1#show ip mobile secure host 

              Home IP

  MN-NAI      address        SPI         Algorithm   Replay   Key

-----------   -------   --------------   ---------   ------   ----

@warner.com     ---     288 ( 0x120 )    hmac-md5    255      time

show ip mobile traffic

• Use to display protocol statistics for the Mobile IP home agent traffic, including advertisements, solicitations, registrations, registration errors, and security violations.
• To display baseline-relative statistics for the Mobile IP home agent traffic, use the optional delta keyword.
• Field descriptions

• Registration requests—Total number of registration requests, de-registration requests, and accepted registration requests for mobile nodes

• Register—Number of registration requests received by the home agent
• Deregister—Number of de-registration requests received by the home agent
• Accept—Number of registration requests accepted by the home agent

• Registration rejects—Total number of and reasons for unsuccessful responses to registration requests

• Denied—Number of registration requests denied by the home agent
• Unspecified—Number of registration requests rejected for an unspecified reason, such as an internal communication failure
• Unknown HA—Number of registration requests rejected because of an unknown home agent address, or because the specified home agent address is not serviced by this home agent
• Administratively prohibited—Number of registration requests prohibited for administrative reasons, such as the broadcast or B bit being set without the corresponding D bit, or a denial by the registration filters
• No Resources—Number of registration requests rejected due to insufficient resources, such as a full binding table, an inability to create a tunnel, or an inability of the IP subscriber management application to create a dynamic subscriber interface
• Authentication failed MN—Number of registration requests rejected because the mobile node failed authentication
• FA—Number of registration requests rejected because the foreign agent failed authentication
• Bad identification—Number of registration requests rejected because the registration ID field is out of range
• Bad request form—Number of registration requests rejected because of a malformed request
• Unavailable encapsulation—Number of registration requests rejected because of unsupported encapsulation
• No reverse tunnel—Number of registration requests rejected because reverse tunneling is disabled

• Example

host1#show ip mobile traffic 

Home Agent Registrations:

    Registration requests:

        Register: 0

        Deregister: 0

        Accept: 0

    Registration rejects:

        Denied: 0

        Unspecified: 0

        Unknown HA: 0

        Administratively prohibited: 0

        No Resources: 0

        Authentication failed MN: 0

        FA: 0

        Bad identification: 0

        Bad request form: 0

        Unavailable encapsulation: 0

        No reverse tunnel: 0

show license mobile-ip home-agent

• Use to display the license key for the home agent.
• Field descriptions

• Mobile IP license is—Mobile IP license key associated with the home agent and the maximum number of users allowed by this license

• Example

host1#show license mobile-ip home-agent 

Mobile IP license is PcZJ93Mt17 which allows 48000 users